> I have a question: Sorry for being off topic but this really bugs me.
>
> I am a new qmail administrator. Lets say I were running this list and I
> received this obvious spam, what would be the first step that I should
take
> if I were running the list? What are the next series of steps?
>
> I am willing to read and search the Internet for advice but would
appreciate
> the experts on this list's advice also. After all I am not really
> interested in what sendmail or exchange admins are doing I want the qmail
> users solutions.
>
> Would I be correct to forward this e-mail to [EMAIL PROTECTED] ? Would I
be
> correct to forward this e-mail to [EMAIL PROTECTED]?
When spam like this is received, if you take a look at the address it is
from, you will notice that it is a name<randomnumber>@hotmail.com what
these spammers do, is a way of avoiding obvious ways of spam detection.
They have a list of domains, excite.com is often used, and then use a
dictionary file or somethin to form the username, and follow it by a random
number. Chances are that the hotmail account does not exist so forwarding
it to [EMAIL PROTECTED] wont do much good (infact, at the beginning of the
email they say its fake). As for the other abuse address, if someone is
running an open relay, chances are their abuse department will be:
1) Very very busy
2) Not bothered at all
3) Not exist
So, theres not much you can do. You can check the website for info, and
then email them, but theyre likely to be uninterested.
Generally, some useful tools for stopping spam are http://abuse.net and
www.spamcop.net Spamcop will search through the headers, reverse resolve
IPs, check abuse.net records, check ORBS database and then generate abuse
reports and send them to absolutely anyone vaguely involved with the email.
Id recommend Spamcop, but many ISPs are not really interested until you
start to call them, but this is a lot of hassle, spamcop does the best job
you could do really.
You could, finally, install ORBS blocking on your server which could
eliminate spam, but i dont entirely agree, because it could also block some
genuine email (and has in my experience). But if you want to try it, there
are plenty of docs around, cant think where though, try qmail.org
Hope this was of some help, if anyone else has any ideas id like to hear
them!
daniel(@iv2.co.uk)
