[Mimedefang] [OT] Nasty situation
nlindq at maei.ca
Wed Apr 9 19:08:01 EDT 2003
On 9 Apr 2003 at 17:44, David F. Skoll wrote:
> A spammer has recently sent out lots of really nasty XXX messages with
> the From: address set to some_random_user at roaringpenguin.com. I know
> this because I'm seeing the bounces.
> The original messages appear to have been relayed from all over the place --
> Philipines, the US, China, etc. Obviously, someone got a list of open
> relays or open proxies. :-(
> Anyone have practical tips on tracking the culprit down? Does anyone
> have any idea what my legal options are?
We had exactly this situation occur right around Christmastime.
Thousands of bounce messages from spam sent with the envelope sender
and From: set to nonexistent users at our domain. They'd even used
the hostname of our primary MX in their HELO, though of course the IP
addresses couldn't be forged--and they were from machines all over
the world, including Turkey, Singapore, USA, etc.
It lasted for three days, but ultimately we didn't pursue any action.
I did archive all the mail in the event that it could be used
someday, but I don't really know what legal options exist.
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.
More information about the MIMEDefang