[Dshield] Extreme increase in spam attempts... any one else seeing similar event?

Jim McCullough jim.mccullough at gmail.com
Sat Aug 18 03:32:28 GMT 2007


I do agree that the main problem is the MTA configuration.
Unfortunately, some of the cases are basic ignorance of the RFC's and
standards that exist.  I have seen this in alot of cases where one
person handles a server and tries to do the workload of 10 positions.
Some people have the ability to handle it and keep everything going
properly.  Most people dont, and that is where we have alot of the
backscatter problems.

Basically I see it as 3 different points, 1) ignorance ( in lack of
education/understanding - no disrespect intended for those who dont
know ), 2) laziness on not taking the time to fix the problem, and 3)
blatent dont give a !#$@$% about the world.

This is an issue I have delt with for about 9 years now.  And like
most people who handle dealing with filtering spam, it has become a
sore point.  Unfortunately, blocking out based on backscatter will not
solve the root cause of the issue.  It only temporarily masks the
symtoms, until some other poor domain gets nailed.

On 8/17/07, Abuse <abuse at what4now.com> wrote:
> ** Reply to message from "Jim McCullough" <jim.mccullough at gmail.com> on Fri, 17
> Aug 2007 20:02:08 -0400
>
> > Just as an afterthought, we previously discussed backscatter and to
> > prevent a repeat of the last thread with it.  I think this thread
> > should stay on its course and not go back down the MTA configuration
> > issue again.
>
> Why not?  The main problem of backscatter is badly configured MTAs.  I have
> seen on "this list" a few people claim that they can not configure their mail
> server properly for a variety of reasons none of which are valid.
>
> When I get backscatter to my personal email address they get reported to
> spamcop.  There is no reason for this crap.
> _________________________________________
> SANSFIRE 2007 July 25-August 2 in Washington, DC.  56 courses, SANS top
> instructors, and a great tools and solutions expo. Register today!
> http://www.sans.org/info/4651 (brochure code ISC)
>


-- 
Jim McCullough

"Just because the standard provides a cliff in front of you, you are
not necessarily required to jump off it."

    Norman Diamond


More information about the list mailing list