[Dshield] spam-maker program
lists at webcrunchers.com
Sun Mar 14 02:58:40 GMT 2004
On Mar 11, 2004, at 6:34 AM, Peter Stendahl-Juvonen wrote:
> list-bounces at dshield.org <mailto:list-bounces at dshield.org> wrote on
> Thursday, March 11, 2004 1:46 AM UTC+2 on behalf of John Draper
> | No - not at all. Only the header or enough information for the ISP
> | identify the infected host
> | which sent the spam.
> | In our reporting system, we default to sending just the header,
> | a tag message at the
> | bottom that gives the ISP an opportunity to select the full spam
> | message if they want it.
> || Most of the spam "Originating IP"s that I get are in .cn or .kr.
> || Won't they just black hole their abuse line?
> | The reports would go to the .kr or .cn's abuse Email, whether or not
> | they act on it,
> | determines whether or not we CC our spam reports to THEIR upstream
> | providers.
> John et al.
> Jon R. Kibler posted a creditable "Stop bouncing viruses" form letter
> this list the other day.
> Wonder if you had and would like to share a form letter for reporting
> spam. Lacking fluent command of the English language, I would highly
> appreciate it.
> Also would be thankful for hints regarding what to include and what to
> exclude in the report, especially in order to minimize the risk of
> even more exposed to spam in the future.
> Thanks in advance.
> - Peter
Here is MY report template - and I'm up for suggestions on what else
it might want to contain. So far, I have Arabic, Russian, German,
Here is English version....
To whom it may Concern,
We have to inform you that we're receiving one or more spam mails
from your IP block. There could be more then one spam included in this
which may have come to us since we last reported. All of them are
this Email. Each included message below is in it's raw form,
headers and not decoded, because this is what most ISP's need to help
track down the source.
Due to the spread of trojans and viruses, most spam we get are coming
infected hosts or machines from your users. We request you educate
about the added responsibility they have, and to be more careful not
attachments, and to keep their systems patched to avoid being hacked.
If you prefer to receive only the mail headers, please be sure to
so we can avoid sending unnecessarily lengthy messages. If you prefer
one spam sample per report, please indicate so.
More information about the list