0
smiles

spammers sending SoBig.F subject lines..

Recommended Posts

My Symantec SMTP gateway was stopping SoBig.F subject lines coming from spammers (i.e., blocked via DNSBL) at over 3 times the rate that I was seeing them from Joe user types. Further, I noticed that they were sending even more SoBig.F emails than they were spam.

So, why would spammers who make their living generating emails allow their servers to be compromised? They didn't. They are doing this on purpose………

Say that, as a spammer, you know one or more of the addresses in your database is to a spam trap - but you don't know which one. You generate LOTS of SoBig.F emails on purpose, using your database for the forged-from addresses. Now, JoeUser has his server or client antivirus filter setup to send a reply when it encounters a virus (which is a very BAD thing)
Dutifully, JoeUser's email server or client automatically sends a helpful note off to "SpamTrap," informing them that they are infected. Often these replies even extol how much smarter they are than "SpamTrap" because they caught it, but "SpamTrap" did not. Heck, let's even send an email to the postmaster at SpamBait's ISP, telling him / her how much better the BrandX filter is that JoeUser is.

The email server at SpamBait's ISP sees an email to SpamTrap and says "Ah hah, JoeUser's ISP must obviously be a spammer, so load his IP address into our DNSBL servers."
JoeUser now sends a legitimate email to SmartUser at IuseDNSBL.com and it, of course, bounces. JoeUser now calls SmartUser and asks why he was blacklisted.

I (SmartUser) find that DNSBL.SpamBait.com is saying half of my customers and suppliers are spammers. I have a business to run, so I turn off DNSBL on my gateway and - lo and behold - all of the spammers emails that were being blocked due to DNSBL are now--- allowed to come though. That is why spammers are using half their bandwidth to send SoBig.F. B|

SMiles;)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

0