[Mimedefang] [OT] Nasty situation

Nels Lindquist nlindq at maei.ca
Wed Apr 9 19:08:01 EDT 2003

On 9 Apr 2003 at 17:44, David F. Skoll wrote:

> A spammer has recently sent out lots of really nasty XXX messages with
> the From: address set to some_random_user at roaringpenguin.com.  I know
> this because I'm seeing the bounces.
> The original messages appear to have been relayed from all over the place --
> Philipines, the US, China, etc.  Obviously, someone got a list of open
> relays or open proxies. :-(
> Anyone have practical tips on tracking the culprit down?  Does anyone
> have any idea what my legal options are?

We had exactly this situation occur right around Christmastime.  
Thousands of bounce messages from spam sent with the envelope sender 
and From: set to nonexistent users at our domain.  They'd even used 
the hostname of our primary MX in their HELO, though of course the IP 
addresses couldn't be forged--and they were from machines all over 
the world, including Turkey, Singapore, USA, etc.

It lasted for three days, but ultimately we didn't pursue any action.

I did archive all the mail in the event that it could be used 
someday, but I don't really know what legal options exist.

Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

More information about the MIMEDefang mailing list