[Dshield] Exchange Open Relay

Stasiniewicz, Adam stasinia at msoe.edu
Sat Mar 4 21:00:27 GMT 2006


I have spoken to someone at Spamcop recently about this subject.  It is
my understanding that they will send you a warning email, but will not
actually blacklist you for bounces and out-of-office messages.  I
understand that spamcop feels that bounces and out-of-office messages
can end up as spam.  But they need to understand that out-of-office
messages and bounces, in some enterprise situation, are unavoidable.

Regards,
Adam Stasiniewicz  
Milwaukee School of Engineering 
MSCE: Messaging & Security 2003 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Christophe Rome
Sent: Friday, March 03, 2006 4:30 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Exchange Open Relay

--- DigitalNation <dshield at digitalnation.ca> wrote:

> *Example of how to get blacklisted and not be an
> open relay*
> 
> You can get on the DNSBL by having too many "out of
> office" responders in
> place. SPAMCOP advises that mail-admins turn off
> that feature....I know this
> because it happened to us last month.
> 
> ------------------
> M. McBride
> Security Admin
> DigitalNation
> Vancouver, Canada
>  
Hmm, I must say your message sent down some shivers
down my spine. Excuse me if the expression is not
correct but english is not my native language.

Anyway, after reading your message I checked SPAMCOP's
site and read the article entitled 'Why are
autoresponders bad?'.

http://www.spamcop.net/fom-serve/cache/329.html

I must say I'm pretty impressed. It appears our
mailservers currently risk of being blacklisted just
because we have some sort of auto responding
mechanisms enabled (out-of-office replies,
autoresponses from individual users, ...) or bounce
back undeliverable messages.

I would like to know the weight of this article.
Should I really care and start crafting an advice to
my users telling them we need to stop sending
out-of-offices to the outside (yes, we debated on this
before and they really hold on to it) and that we need
to stop bouncing undeliverables? 

Furthermore, in the case you still do want to send
bounces to the legitimate senders, SPAMCOP advises the
use of SPF or Domain Keys. Personally I don't think
the value of these mechanisms is pretty high for the
moment. I'm sure 90% of our legitimate email senders
don't have these systems in place.

Some reactions would be welcome... Who has configured
his mailsystems in accordance to the rules stated in
this article?

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
_________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own
couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list