On Saturday, August 23, 2003, 4:44:56 PM, Cyberspace Publishing commented: A spammer who is dishonest enough to steal a domain name and wants the email to get through is probably going to borrow names from fairly well-recognized domains. I mean, I see a lot that purports to come from ebay or microsoft. Big spam run today under one of our user's aliases.
I think spammers do that mostly because they think the reader is more likely to open and read the message when it appears to come from a well-known domain - rather that something.co.de, etc.
Also, most people aren't likely to 'blacklist' major domains such as AOL, MSN, Earthlink, etc. the way I do. ;-)
CP> You may get spams with yourdomain in the CP> "From:" field, but the same spam sent to me would have mydomain in CP> the address of the "From: field. At least, that has been my own CP> experience and observation.
No, I'm not talking about spams we get, I am talking about BOUNCES we get from spams that were sent out via open relays (apparent in the headers) with specific addresses taken from our domain. We get lots & lots of these, especially from AOL which apparently does not do any sort of reverse IP checking.
I should have clarified that. I was also referring to bounces as well as spam. However, my personal experience has been somewhat different from your own. I get very few bounces (though I do get some) with any of my own domains in the "From:" fields of the bounced messages.
CP> MailWasher composes the body of the message, adding a couple of CP> lines to the header of the original message, and then passes it CP> off to either the original sender's SMTP server for 'bouncing' or CP> to your own local SMTP server to do the 'bouncing. If the bounce CP> is bounced back, your SMTP server treats it appropriately and just CP> ignores it or deletes it - it doesn't go back into your mailbox.
You don't get it: I AM the SMTP server (administrator) -- if someone uses mailwasher to bounce back email to anyone on our system, I am going to have to see it and deal with it.
I do "get it" and understand. I am also the SMTP server (administrator) for the domains I monitor. I, too, have to look through and analyse any bounces I receive to see how they should be dealt with. Most of the time, it simply means deleting and ignoring them, but occasionally, it can point out a potential problem with an errant cgi script that I need to deal with immediately to resolve the problem.
Also, if the bounce has been generated by someone using MailWasher or something similar, then that in itself is a form of communication - the recipient is telling you that they aren't interested and don't want to receive it. If it is spam and done at the server level, it would still come back to you because your domain is in the "From:" field and a reverse lookup would resolve without error.
CP> Sure, it doesn't look *identical* to the bounce my server CP> sends out, but neither do the bounces I get from all the other CP> servers! In fact, they are *all* differently formatted - some CP> similar to what MailWasher sends while others look like they were CP> written by a computer novice.
But all the Mailwasher ones look alike, right? I mean, different ISP names, but always the same message.
I'm sure you could filter on the Mailwasher message the same way I am now filtering on language the virus-bouncers have.
Maybe so, but why would they waste their time doing so? As Dianne points out in another response on this subject, if the message is being bounced - either by the server or by MailWasher - it's not being read or even opened. It's being deleted without ever going to the recipient's hard disk. What's the point of continuing to send spam to someone that has made a very clear statement that they are not going to read anything from you. You can continue expending energy beating a dead horse, but the horse isn't going to care one way or another. The same with a spammer sending his rubbish to someone that has already added his address to their blacklist - they're never going to see it so it's nothing but a waste of time and energy on the spammer's part.
CP> If you collected 50 bounces from 50 different servers and one of CP> them was from MailWasher, I doubt that you, or anyone else, that CP> hadn't specifically researched and noted the exact format used by CP> MailWasher, would be able to pick it out of the lineup. :)
But any spammer that cares enough to read and act on the bounce messages HAS researched and noted the exact format of the Mailwasher bounce. It is their business - and what a Mailwasher bounce tells them is that the email address they used was good, because it got delivered. So for the unscrupulous spammers, a Mailwasher bounce is the same as an entry on a phony unsubscribe form -- it tells them that they got through.
As noted in my above response and Dianne's post, what's the point? The spammer should be intelligent enough to know his messages to that particular address will never be opened and never be read! Why keep a non-productive address in his list or sell it to some other spammer knowing that the same thing is going to happen to the buyer and that they may get bad references from the buyer for selling them lists of 'dead' addresses?
CP> It CP> even pointed out a fallacy in the article I wrote at the IMF CP> forum, that I'm now going to have to retract and post a more CP> accurate review - thanks for that! ;-)
I'd be curious as to what that fallacy was. :)
HaHaa!! That was in my "Am I Dumb Or Dumber?" article! I guess the latter was correct, after all! ;-)
Where I went wrong was in saying to use "MAILER-DAEMON" as the username part of the address entered into the 'bouncing' setup configuration.
What really should go there is the actual address one wants to appear as an "Unknown User" - MailWasher is smart enough already to add "MAILER-DAEMON" as the part before the '@' sign and domain name. Doing it the way I said was saying that "MAILER-DAEMON" was the "Unknown User"!!! Only by doing some test bounces to myself from my servers and from MailWasher with the same address did I discover what was actually happening! Thanks for making me dig a little deeper. Now if you could help be word a very embarassing apology, I'd be eternally grateful! :)
Best,
Abigail
And the Best back to you, Abigail! I love discussions with really knowledgeable people and you're one of my favorites. Even if I disagree with some points, I never fail to learn something new from such discussions! :)
Have a great weekend - what's left of it!
Tom
-------- L I F E T I M E W E B H O S T I N G ----------
1000MB of Web Space - 6000MB Monthly xfer - 100 sub-domains
50 MySQL databases - 500 FTP accounts - 500 POP3 accounts
Personal CGI-BIN Directory - Perl, PHP, CGI, Frontpage ext.
Control Panel - Shopping Cart - MUCH MORE! $249 ONETIME FEE!
http://www.lifetimewebhosting.com/cyberpub____ � The WDVL Discussion List from WDVL.COM � ____
To Join wdvltalk, Send An Email To: mailto:[EMAIL PROTECTED] Send Your Posts To: [EMAIL PROTECTED]
To set a personal password send an email to [EMAIL PROTECTED] with the words: "set WDVLTALK pw=yourpassword" in the body of the email.
To change subscription settings to the wdvltalk digest version:
http://wdvl.internet.com/WDVL/Forum/#sub
________________ http://www.wdvl.com _______________________
You are currently subscribed to wdvltalk as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
