[Dshield] spam-maker program

John Draper lists at webcrunchers.com
Sun Mar 14 02:58:40 GMT 2004

On Mar 11, 2004, at 6:34 AM, Peter Stendahl-Juvonen wrote:

> list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on
> Thursday, March 11, 2004 1:46 AM UTC+2 on behalf of John Draper
> | No - not at all.  Only the header or enough information for the ISP 
> to
> | identify the infected host
> | which sent the spam.
> |
> | In our reporting system,  we default to sending just the header,  
> with
> | a tag message at the
> | bottom that gives the ISP an opportunity to select the full spam
> | message if they want it.
> |
> || Most of the spam "Originating IP"s that I get are in .cn or .kr.
> || Won't they just black hole their abuse line?
> |
> | The reports would go to the .kr or .cn's abuse Email,  whether or not
> | they act on it,
> | determines whether or not we CC our spam reports to THEIR upstream
> | providers.
> John et al.
> Jon R. Kibler posted a creditable "Stop bouncing viruses" form letter 
> to
> this list the other day.
> Wonder if you had and would like to share a form letter for reporting
> spam. Lacking fluent command of the English language, I would highly
> appreciate it.
> Also would be thankful for hints regarding what to include and what to
> exclude in the report, especially in order to minimize the risk of 
> being
> even more exposed to spam in the future.
> Thanks in advance.
> - Peter

Here is MY report template - and I'm up for suggestions on what else 
you think
it might want to contain.   So far,  I have Arabic,  Russian,  German,  
and spanish.

Here is English version....

To whom it may Concern,

   We have to inform you that we're receiving one or more spam mails 
from your IP block.  There could be more then one spam included in this 
which may have come to us since we last reported.  All of them are 
included in
this Email.   Each included message below is in it's raw form,  
including full
headers and not decoded,  because this is what most ISP's need to help 
track down the source.

   Due to the spread of trojans and viruses, most spam we get are coming 
infected hosts or machines from your users.  We request you educate 
your users
about the added responsibility they have,  and to be more careful not 
to open
attachments, and to keep their systems patched to avoid being hacked.

   If you prefer to receive only the mail headers, please be sure to 
inform us
so we can avoid sending unnecessarily lengthy messages.  If you prefer 
to receive
one spam sample per report,  please indicate so.


More information about the list mailing list