[Dshield] Heavy Spam

Stasiniewicz, Adam stasinia at msoe.edu
Sun Feb 12 21:43:09 GMT 2006

First thing is to check the message headers.  Make sure that they are
not coming from a zombie machine within your network.  The worst
spammers I find are computers within my network that get infected.

Past that there is no easy way to find out.  But you can Google their
email address and see if it is posted on a lot of sites.  One way or the
other, you need to:
1. Train your users to use their work email for only work.  Don't use it
to sign up for any non-work related web forms.
2. Tell you website people to not post email address on any publicly
accessible website.  If they have to, make the address at least a bit
obscure (i.e. johndoe AT example DOT com instead of
johndoe at example.com).

Adam Stasiniewicz 
Computer and Communication Services Department 
Milwaukee School of Engineering 
MSCE: Messaging & Security 2003 

> -----Original Message-----
> From: list-bounces at lists.dshield.org [mailto:list-
> bounces at lists.dshield.org] On Behalf Of Arthur Neville
> Sent: Sunday, February 12, 2006 11:19 AM
> To: list at lists.dshield.org
> Subject: [Dshield] Heavy Spam
> Greetings...
>   Problem: Several users within our corporate network are receivers of
> heavy spam, daily
>   Solutions we have in place:  We have Symantec Mail Security enabled
> our admins have yet to fine tune it so it does not deny everything
> passes the wire, so we still get hammered.
>   Question: Any way to determine the extent that these users email
> has been compromised, or if any bots are active on our net, or if
> users themselves are being used as Zombies?????
>   I'm a App Specialist and quite frankly am just interested in
> explanations to the prob to offer to our Net and Sys Admins.....
>   Any help or if more info is needed just give me a more detailed
> and I will see if I can detail my response accordingly
>   Thank You
>   Arthur Neville
> ---------------------------------
>  Yahoo! Mail
>  Use Photomail to share photos without annoying attachments.
> _________________________________________
> Learn about Intrusion Detection in Depth from the comfort of your own
> couch:
> https://www.sans.org/athome/details.php?id=1341&d=1
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list

More information about the list mailing list