[Dshield] spam-maker program

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Mar 11 14:34:30 GMT 2004


list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on
Thursday, March 11, 2004 1:46 AM UTC+2 on behalf of John Draper

| No - not at all.  Only the header or enough information for the ISP to
| identify the infected host
| which sent the spam.
| 
| In our reporting system,  we default to sending just the header,  with
| a tag message at the
| bottom that gives the ISP an opportunity to select the full spam
| message if they want it.
| 
|| Most of the spam "Originating IP"s that I get are in .cn or .kr.
|| Won't they just black hole their abuse line?
| 
| The reports would go to the .kr or .cn's abuse Email,  whether or not
| they act on it,
| determines whether or not we CC our spam reports to THEIR upstream
| providers.


John et al.

Jon R. Kibler posted a creditable "Stop bouncing viruses" form letter to
this list the other day.

Wonder if you had and would like to share a form letter for reporting
spam. Lacking fluent command of the English language, I would highly
appreciate it.

Also would be thankful for hints regarding what to include and what to
exclude in the report, especially in order to minimize the risk of being
even more exposed to spam in the future.

Thanks in advance.

- Peter


              "An ounce of action is worth a ton of theory."
         Friedrich Engels (1820-95); German social philosopher. 





More information about the list mailing list