[Dshield] Exchange Open Relay

DigitalNation dshield at digitalnation.ca
Sat Mar 4 22:54:26 GMT 2006


Obviously there are un-intended victims in any situation where the potential
for false positive exists. Until you become one and find out why, it may be
hard to relate. 

I am not a fan of OoO replies, but customers want that ability. In a very
competitive marketplace you MUST offer the same bells and whistles as your
competitors and more if possible to flourish. By the same token, offering
some of those options may put you at risk for BL problems. That is the gist
of it from my seat on the bus.

Thanks for all your comments.

M. Mc.B





-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Abuse
Sent: Saturday, March 04, 2006 11:04 AM
To: General DShield Discussion List
Subject: Re: [Dshield] Exchange Open Relay


** Reply to message from "DigitalNation" <dshield at digitalnation.ca> on Fri,
3 Mar 2006 12:04:06 -0800

> We too, are very uneasy about this issue. After reading the SPAMCOP 
> info on auto-generated messages, we are very unsure about the 
> mentality of this issue. Out-of-office replies are now considered a 
> ubiquitous part of email services. If you stop offering this to your 
> email services clients they may just move to a provider who will offer 
> it.

Out-of-office messages are a real pain in the ass.  I get spam sent to me
using out-of-office messages.  Sometimes a mailing list will get swamped
with out-of-office messages until the offending person is unsubscribed from
the list.  Out-of-office should only be used internally within a company.
If you can not guarantee to not spam anyone using out-of-office then do not
use it to external sources.  If you can not guarantee to not send an
out-of-office message to a mailing list then do not use it to external
sources.


> I am also concerned about this whole zero-tolerance "spam trap" issue. 
> It bothers me that they do not look at each message received for it's 
> content or source to ensure they do not list a server due to auto-gen 
> messages. I would think there must be some easy way for them to really 
> filter out the false positives?

Can you filter all spam?  How do you expect them to filter all false
positives? And in this case sending spam even if it is via an out-of-office
message is still sending spam.  Since you think someone should look at spam
trap messages why don't you inspect the out-of-office messages (since there
will be a lot less of them going out of your server than what goes into a
spam trap) before they are sent, either filtered by a program or visually by
a person? _________________________________________
Learn about Intrusion Detection in Depth from the comfort of your own couch:
https://www.sans.org/athome/details.php?id=1341&d=1

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list