[Dshield] Exchange Open Relay

David Taylor ltr at isc.upenn.edu
Sat Mar 4 20:18:10 GMT 2006


Out-of-office should only be used internally within a company.  If you
can not guarantee to not spam anyone using out-of-office then do not use it
to
external sources.  If you can not guarantee to not send an out-of-office
message to a mailing list then do not use it to external sources.


I don't think there is a lot you can 'guarantee' on anything nowadays...

I don't agree with OoO messages being only used internally.  If I go on
vacation I need to let people know that I am Out of the Office.  Why is this
only supposed to be used for internal situations?  I don't understand that.
How can you get by this?  I have no idea.  If I go on vacation I do NOT want
other people on my team to access and mange my email while I am gone.  I do,
however, want to let people know that I am out of the office if they send me
an email.

I'm really pissed off at SPAMCOP for accepting out of office responses as
SPAM.  I think they are going a bit too far with this.

Just my thoughts.


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshield
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Abuse
Sent: Saturday, March 04, 2006 2:04 PM
To: General DShield Discussion List
Subject: Re: [Dshield] Exchange Open Relay


** Reply to message from "DigitalNation" <dshield at digitalnation.ca> on Fri,
3
Mar 2006 12:04:06 -0800

> We too, are very uneasy about this issue. After reading the SPAMCOP info
on
> auto-generated messages, we are very unsure about the mentality of this
> issue. Out-of-office replies are now considered a ubiquitous part of email
> services. If you stop offering this to your email services clients they
may
> just move to a provider who will offer it.

Out-of-office messages are a real pain in the ass.  I get spam sent to me
using
out-of-office messages.  Sometimes a mailing list will get swamped with
out-of-office messages until the offending person is unsubscribed from the
list.  Out-of-office should only be used internally within a company.  If
you
can not guarantee to not spam anyone using out-of-office then do not use it
to
external sources.  If you can not guarantee to not send an out-of-office
message to a mailing list then do not use it to external sources.


> I am also concerned about this whole zero-tolerance "spam trap" issue. It
> bothers me that they do not look at each message received for it's content
> or source to ensure they do not list a server due to auto-gen messages. I
> would think there must be some easy way for them to really filter out the
> false positives?

Can you filter all spam?  How do you expect them to filter all false
positives?
And in this case sending spam even if it is via an out-of-office message is
still sending spam.  Since you think someone should look at spam trap
messages
why don't you inspect the out-of-office messages (since there will be a lot
less of them going out of your server than what goes into a spam trap)
before
they are sent, either filtered by a program or visually by a person?
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list