Spam drops off but it's only temporary

Discussion in 'Internet, Connectivity and Communications' started by UKDarkstar, Nov 13, 2008.

  1. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Apparently a big US co has been closed down and spam levels have dropped right off :

    http://news.bbc.co.uk/1/hi/technology/7725492.stm

    It'll all be back soon tho' they reckon :x
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  2. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    I'd noticed this in the last couple of days, its a shame but I guess at least its a nice little break :)
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  3. grim

    grim Gigabyte Poster

    1,345
    12
    89
    i've notived the opposite, maybe it's all going to me :(

    Grim
     
    Certifications: Bsc, 70-270, 70-290, 70-291, 70-293, 70-294, 70-298, 70-299, 70-620, 70-649, 70-680
    WIP: 70-646, 70-640
  4. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Haha, thats cool with me 8)
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  5. Jay_7

    Jay_7 Nibble Poster

    81
    4
    22
    I noticed an increase in the number of spam mails at the start of the week, but it's been quiet since. The biggest increase I've noticed is email that looks like it's actually our email addresses that's sending it. AV and Spyware scanners aren't picking anything up so I'm pretty sure we're clean. Is it possible for someone on a different network to "pretend" to be someone from our domain?
     
    Certifications: A+, N+, MCP
    WIP: CCNA 200-120
  6. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    yes. they can easily spoof the address.

    if ypu check the header info you may get more of a clue as to where it's coming from :D
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  7. Jay_7

    Jay_7 Nibble Poster

    81
    4
    22
    I take it there's little to nothing I could do about spoofed email addresses?
     
    Certifications: A+, N+, MCP
    WIP: CCNA 200-120
  8. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Stop it totally - unlikely.

    Limit it a bit - depends on how the email for your domain is setup and what access you have to it. If it's just one provided by your ISP then you would have to contact them and ask them if there's anything they can do. If you control your own domain then don't use a catch-all account, use specific addresses; that may help a bit.

    You could have a read here too.
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  9. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    I was reading a articles that believes that most spammers are only getting a 1 in 12million conversion rate in terms of sales :rolleyes:


    I agree catch alls are evil i have never used them on the servers i have looked after.
     
    Certifications: Loads
    WIP: Lots
  10. Jay_7

    Jay_7 Nibble Poster

    81
    4
    22
    Cheers for the link, I'll have a read at that later on. We have an SBS2K3 box with exchange configured. All mail goes through GFI MailEssentials.
     
    Certifications: A+, N+, MCP
    WIP: CCNA 200-120
  11. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    I would have thought you should be able to do something with that to block the problem mail
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  12. Jay_7

    Jay_7 Nibble Poster

    81
    4
    22
    Unfortunately it only appears to be able to block email addresses. As the spam that's causing the biggest problems are spoofed - the spam filter is seeing the emails as though they are genuine because they're from users within the network. If I apply any type of filter to it, genuine mail sent by the affected users will be affected as well as the spam emails.
     
    Certifications: A+, N+, MCP
    WIP: CCNA 200-120
  13. supernova

    supernova Gigabyte Poster

    1,422
    21
    80
    Thats a difficult one because a lot of people move around or use third party SMTP services, so things like reverse look up and IP verification aren't so useful.

    Global IP ban lists may help and Bayesian filters (train to detect trends of spam). Also software that use networked nodes that use the latter method but gather world wide data about current spam.

    You using the GFI Bayesian stuff?
     
    Certifications: Loads
    WIP: Lots
  14. greenbrucelee
    Highly Decorated Member Award

    greenbrucelee Zettabyte Poster

    14,292
    265
    329
    I have had none since Monday :)
     
    Certifications: A+, N+, MCDST, Security+, 70-270
    WIP: 70-620 or 70-680?
  15. Jay_7

    Jay_7 Nibble Poster

    81
    4
    22
    Yeah, using the Bayesian filter as well. I guess I could reset the Bayesian filter and it could pick up the trends again...
     
    Certifications: A+, N+, MCP
    WIP: CCNA 200-120
  16. Josiahb

    Josiahb Gigabyte Poster

    1,335
    40
    97
    They may only be getting a 1 in 12 million rate but thats for very little initial cost for the most part.
     
    Certifications: A+, Network+, MCDST, ACA – Mac Integration 10.10
  17. BosonMichael
    Honorary Member Highly Decorated Member Award 500 Likes Award

    BosonMichael Yottabyte Poster

    19,183
    500
    414
    ...and STILL make money hand over fist.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.