RE: CLEVER SPAM EMAIL
Ah, yes but there's a bit more to that one, IIRC: And yet, Baldric^WRobert, there are administrators out there who would not recognize a clever spam email if it painted itself purple and danced naked on top of a harpsichord, singing Clever Spam Emails are Here Again. (I knew I'd memorized Blackadder's Christmas Carol for some good reason - it's a holiday tradition in our house!) Roberta Freese Information Systems Services [EMAIL PROTECTED] No offense intended to anyone, just thought I'd share ... back to lurking _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: The great smtp mystery
I don't think it's a virus. It appears to be a spammer cleaning his lists by collecting bounces and/or replies. Last week he was sending thanks for lunch. http://groups.google.com/groups?q=++It+was+nice+to+talk+to+you+todayhl=ens a=Ntab=wg (first hit) http://groups.google.com/groups?hl=enq=thanks+for+lunch (noting the many hits in news.admin.net-abuse.sightings) Roberta Freese Information Systems Services City of Tallahassee 300 S. Adams St. Tallahassee, FL 32301 [EMAIL PROTECTED] -Original Message- From: Cook, David A. [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 11:55 AM To: Exchange Discussions Subject: RE: The great smtp mystery I've been dealing with this same thing. I'm with you and trying to figure out the motivation for the emails. They are not advertisements and contain no attachments. We have had at least 20 people receive the exact same email which is: Fred, It was nice to talk to you today I will send the proposal tonight. I'm blocking the sending domain because I don't like it but like yourself I'm trying to chase it down. Dave Cook Exchange Administrator Kutak Rock, LLP 402-231-8352 [EMAIL PROTECTED] -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 10:40 AM To: Exchange Discussions Subject: Re: The great smtp mystery Many mailers can be set up to recognize that a huge TO: and/or CC: list is spam. hotmail does this as does AOL. - Original Message - From: James Lavoie [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Friday, March 08, 2002 10:31 AM Subject: RE: The great smtp mystery Thanks. That would provide an explanation for how it happens. I can only guess as to what the motivation might be. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: The great smtp mystery
LOL! GO git 'im, Jim! Guess we'll need to ask for those full headers so we can tell folks where to start whacking away with their own shoes (if tracing help is needed) ... Roberta smart spammers need whacking as much or more than the dumb ones. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 4:11 PM To: Exchange Discussions Subject: RE: The great smtp mystery I didn't think spammers were smart enough to know how to clean their lists. I've had to clean spammer off my shoe several times. Jim Blunt -Original Message- From: Freese, Roberta [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 12:54 PM To: Exchange Discussions Subject: RE: The great smtp mystery I don't think it's a virus. It appears to be a spammer cleaning his lists by collecting bounces and/or replies. Last week he was sending thanks for lunch. http://groups.google.com/groups?q=++It+was+nice+to+talk+to+you+todayhl=ens a=Ntab=wg (first hit) http://groups.google.com/groups?hl=enq=thanks+for+lunch (noting the many hits in news.admin.net-abuse.sightings) Roberta Freese Information Systems Services City of Tallahassee 300 S. Adams St. Tallahassee, FL 32301 [EMAIL PROTECTED] -Original Message- From: Cook, David A. [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 11:55 AM To: Exchange Discussions Subject: RE: The great smtp mystery I've been dealing with this same thing. I'm with you and trying to figure out the motivation for the emails. They are not advertisements and contain no attachments. We have had at least 20 people receive the exact same email which is: Fred, It was nice to talk to you today I will send the proposal tonight. I'm blocking the sending domain because I don't like it but like yourself I'm trying to chase it down. Dave Cook Exchange Administrator Kutak Rock, LLP 402-231-8352 [EMAIL PROTECTED] -Original Message- From: Daniel Chenault [mailto:[EMAIL PROTECTED]] Sent: Friday, March 08, 2002 10:40 AM To: Exchange Discussions Subject: Re: The great smtp mystery Many mailers can be set up to recognize that a huge TO: and/or CC: list is spam. hotmail does this as does AOL. - Original Message - From: James Lavoie [EMAIL PROTECTED] To: Exchange Discussions [EMAIL PROTECTED] Sent: Friday, March 08, 2002 10:31 AM Subject: RE: The great smtp mystery Thanks. That would provide an explanation for how it happens. I can only guess as to what the motivation might be. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Find another vendor (was: Utility to save attachments)
The Boulder Pledge: Under no circumstances will I ever purchase anything offered to me as the result of an unsolicited email message. Nor will I forward chain letters, petitions, mass mailings, or virus warnings to large numbers of others. This is my contribution to the survival of the online community. The Boulder Pledge is a simple part of the solution to the spam problem, devised by Roger Ebert (the Thumbs up! guy) at the Conference on World Affairs at the University of Colorado. He announced this pledge in his column in Yahoo! Internet Life's December 1996 issue. http://www.zdnet.com/yil/content/mag/9612/ebert9612.html (Note: this URL no longer works) C2C has harvested my address from this mailing list and spammed it 3 times. Roberta Freese Information Systems Services City of Tallahassee 300 S. Adams St. Tallahassee, FL 32301 [EMAIL PROTECTED] -Original Message- From: Huot, Denyse [mailto:[EMAIL PROTECTED]] Sent: Friday, February 08, 2002 9:18 AM To: Exchange Discussions Subject: RE: Utility to save attachments I was looking for a similar product, which someone pointed me to www.c2c.com and it is called Active Folders. It costs some bucks but I think it will do what you want. Hope this helps, Denyse -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 5:32 PM To: Exchange Discussions Subject: Anyone else get Spammed directly by this goon? Invitation to Subscribe You're invited to subscribe to Exchange Messaging News. snip Received: from [EMAIL PROTECTED] by mr-new.bhi-erc.com with qmail-scanner-0.94 (. Clean. Processed in 0.071276 secs); 05/02/2002 12:35:25 Received: from c2c.adsl.spfdma.crocker.net (HELO c2c.com) (205.246.6.99) by mr.bhi-erc.com with SMTP; 5 Feb 2002 20:35:25 - From: Jonathan Brown [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Exchange Messaging News Sender: Jonathan Brown [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Date: Tue, 5 Feb 2002 17:19:18 -0500 Reply-To: Jonathan Brown [EMAIL PROTECTED] Content-Transfer-Encoding: 8bit == snip -Original Message- From: Cebuly, John [mailto:[EMAIL PROTECTED]] Sent: Wednesday, February 06, 2002 9:11 AM To: Exchange Discussions Subject: RE: Anyone else get Spammed directly by this goon? I got one, addressed to the smtp address I use for this list - NOT the address I gave to vendors at MEC... _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Anyone else get Spammed directly by this goon?
Yes, got one yesterday evening. I wrote Jon to complain about his spam (again [1]) and I copied the abuse mailboxes at sprint.net [2] and at crocker.com. I got 2 apologies from Jon; the extra one is probably because either he reads the role accounts for crocker or whoever does read them is forwarding complaints to the spammer for listwashing. One apology stated that We got your name from a list swap with one of our partners. Ya, right. Whoever did the harvesting, this list is probably where we were harvested, as this is the ONLY Exchange list where I post. I only got the spam at my posting address, not the public folder's address for this list. His server's in the spamcop list now, too http://spamcop.net/w3m?action=checkblockip=205.246.6.99 as 2 people (not me, not yet anyway) have reported that mailing as spam at that site. Here's a lookup to see who's listing him as a spammer: http://www.openrbl.org/?i=205.246.6.99 Keep watching your inboxes; he may be batching them up to avoid clogging his adsl line, LOL. Roberta Freese Information Systems Services City of Tallahassee 300 S. Adams St. Tallahassee, FL 32301 [EMAIL PROTECTED] [1] C2C spammed me once before in 2000. I complained then, Jon Brown apologized and listwashed me. Our domain address is different now, which may be why I didn't get listwashed from their latest harvesting efforts, if they even bothered to keep a flamers list. I don't know where they harvested my address back then, but in retrospect, I bet it was this list. You can bet I'm not going to recommend their products here. [2] Sprint will do nothing, they need the $, so they support spammers. Headers: Received: from cotcontent.ci.tlh.fl.us (COTCONTENT [167.75.114.103]) by cotexchange2.ci.tlh.fl.us with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id 1AXG93ZM; Tue, 5 Feb 2002 17:09:49 -0500 Received: from c2c.com (c2c.adsl.spfdma.crocker.net [205.246.6.99]) by ns1.ci.tlh.fl.us (8.11.0/8.11.0) with SMTP id g15M9Rt25400 for [EMAIL PROTECTED]; Tue, 5 Feb 2002 17:09:27 -0500 Message-Id: [EMAIL PROTECTED] From: Jonathan Brown [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Exchange Messaging News Sender: Jonathan Brown [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Date: Tue, 5 Feb 2002 17:09:52 -0500 Reply-To: Jonathan Brown [EMAIL PROTECTED] Content-Transfer-Encoding: 8bit -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 5:32 PM To: Exchange Discussions Subject: Anyone else get Spammed directly by this goon? Invitation to Subscribe You're invited to subscribe to Exchange Messaging News. This printed newsletter contains user case studies, product announcement, and debate on issues pertinent to the Microsoft Exchange Administrator. The forthcoming issue covers Disaster Recovery Planning Procedures, Content Management - Why is this an issue?, Capacity Management Archiving for Exchange as well as how one law firm manages intellectual property protection and monitoring within Exchange. I'd like to include you in the mailing for the next issue. It's free. It's from C2C Systems. You'll receive your copy in about two weeks. All you need to do is provide me with the correct information below: Your Name Company Name Address Line 1 Address Line 2 City State Country Postal Code Pick One: [ ] Please send me the free newsletter. [ ] Please delete me from your database because I've got absolutely no interest in anything related to Microsoft Exchange Server Administration. Received: from [EMAIL PROTECTED] by mr-new.bhi-erc.com with qmail-scanner-0.94 (. Clean. Processed in 0.071276 secs); 05/02/2002 12:35:25 Received: from c2c.adsl.spfdma.crocker.net (HELO c2c.com) (205.246.6.99) by mr.bhi-erc.com with SMTP; 5 Feb 2002 20:35:25 - From: Jonathan Brown [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Exchange Messaging News Sender: Jonathan Brown [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Date: Tue, 5 Feb 2002 17:19:18 -0500 Reply-To: Jonathan Brown [EMAIL PROTECTED] Content-Transfer-Encoding: 8bit == c2c.adsl.spfdma.crocker.net resolves to 205.246.6.99 Checking VISI.com Relay Stop List (RSL), Osirus Relays List (OSIRUS), Dorkslayers ORBS-clone (DORKS), Dorkslayers Zero Tolerance List (DORKZTL), Open Relay Database (ORDB), Arbitrary Blackhole List (ABL), DevNull (DEVNULL), Five Ten (FIVETEN), ORBZ Inputs (ORBZIN), ORBZ Outputs (ORBZOUT), SpamCop Blacklist (SPAMCOP), Intersil (INTERSIL), Extreme Blocking List (XBL), Compunet (COMPU), FloNetworks List (FLOWGO), Summit Blocking List (SBL), Spam Prevention Early Warning System (SPEWS), Blitzed Open Proxy Monitor (BOPM), Spamhaus Block List (SBL), 205.246.6.99 listed in FIVETEN(127.0.0.7) XBL(127.0.0.4) Five Ten (FIVETEN): added 2002-02-01;
RE: Email Forwarder
I've noticed that ISPs are starting to block outgoing port 25 connections except to their own mail servers. They are doing that for the same reason not leaving your mail server open relaying is a good idea, which is: spam prevention. In this case it is to prevent the other ISP customers, not your colleague necessarily, from connecting to any of the thousands of known open relays on the net or to make 'direct to MX' connections. They figure the main reason one would want to do that is to spam. My home ISP does this and I have not found it inconvenient. Your colleague's ISP should be providing mail relaying service and I should not think it would be difficult for him to use it? Some ISPs do refuse to relay even for customers if they change the return address to one that is not @ that ISP, though. My ISP does not do this, thank goodness. If you have to relay for him, I think the best advice is to use an authentication system as discussed. But not relaying is to me a better plan, much easier to support! Just my quick 2 cents. Roberta Freese City of Tallahassee [EMAIL PROTECTED] -Original Message- From: Ed Esgro [mailto:[EMAIL PROTECTED]] Sent: Monday, November 19, 2001 10:57 AM To: Exchange Discussions Subject: RE: Email Forwarder You got that right. I like your comments. I wish I knew the answers to your ISP question. However, all I know is my boss wants me to figure out a way to achieve this. I am really not in a position to question him, unless I find reason that this is a bad idea. I would like to provide him a solution as well as pit falls to the solution. Thanks Ben -Original Message- From: Benjamin Winzenz [mailto:[EMAIL PROTECTED]] Sent: Monday, November 19, 2001 10:53 AM To: Exchange Discussions Subject: RE: Email Forwarder If I read this right, he is asking you to allow him to send mail using your server, while he is dialed up to his ISP. Did I get that right? Confirm or correct me, and I and others can comment. If I am correct, he is asking you to allow him to relay. BAD Idea. What kind of ISP restricts individuals from sending mail out? Has he done something to earn that restriction? Ben Winzenz, MCSE Network/Systems Administrator Peregrine Systems, Inc. -Original Message- From: Ed Esgro [mailto:[EMAIL PROTECTED]] Sent: Monday, November 19, 2001 10:41 AM To: Exchange Discussions Subject:Email Forwarder I am not sure how to achieve this, so I was wondering if someone may point me in the right direction. I have a colleague that wishes to send out mail. His ISP however, is restricting him from sending mail out. He wants to know if he can send mail out from our email server, I guess sort of be a forwarder for him. Is this at all possible? If it is how can I actually do that? Or do I have to create an account for him and have him use pop3 settings etc.? Thank you all in advance for you much appreciated knowledge and feed back. BTW I have an exchange 5.5 sp4 server on NT 4.0 sp6a. Ed _ _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: cannot recieve from HOTMAIL
We had this problem earlier this year. MSN tech support figured this out for us, and I quote their reply to me, below: Hello Roberta, Thank you for writing to MSN Hotmail Hotmail and several other servers are unable to send to domains that list only an IP in the MX record of the DNS. This problem is easily resolved by adding a CNAME record to the DNS and listing the canonical name in the MX record. MSN Hotmail Customer Support Hope this helps! Roberta Freese Information Systems Services [EMAIL PROTECTED] -Original Message- From: Venkatna [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 04, 2001 11:20 AM To: Exchange Discussions Subject: RE: cannot recieve from HOTMAIL Delivery to the following recipients failed. [EMAIL PROTECTED] Reporting-MTA: dns;hotmail.com Received-From-MTA: dns;mail.hotmail.com Arrival-Date: Tue, 4 Sep 2001 08:12:55 -0700 Final-Recipient: rfc822;[EMAIL PROTECTED] Action: failed Status: 5.0.0 _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]