[unisog] cornell.edu blog being used for spam - and now virginia.edu as well
Michael Holstein
michael.holstein at csuohio.edu
Thu Nov 29 16:25:51 GMT 2007
> Depending on what is going on... 12 hours is almost no time at all.
> Put yourself into the situation.
>
If you have a *true* emergency (ie: you're getting hundreds of mbps of
traffic from somewhere, have active hacking going on, etc) then it's
best to use out-of-band contact, since the "normal" contact methods
might not work. Also, be sure your automated "responses" don't block any
reply you might get (case in point : yesterday WE had a spam problem,
and my replies to one complainant came back 550'd because they blocked a
/16 that included the legit/non-problem SMTP servers here).
Note that while we all hate SPAM, it rarely rises to the level of a true
"emergency".
Also .. consider that it's highly unlikely that you're the only person
that noticed .. chances are they have tons of abuse complaints (mostly
automatic) regarding the exact same incident, and it's hard to read each
one for the "real" address since the "reply-to" is often something like
do-not-reply at remotesite.edu
Use your INOC-DBA phone, call the site's main switchboard, or use the
many ISACs that exist. The ISAC route is very helpful when you have a
timezone or language problem.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
More information about the unisog
mailing list