redbaron.paunix.org
Anti-spam Information
Excellent hosting provided by
SDF Public Access UNIX System
Don't Contribute to the Scourge of SPAM!
Spam exists and continues to grow because it is profitable.
Despite what you may think, people do buy things advertised
in spam emails. Otherwise, there would be no spam.
"Under no circumstances will I ever purchase anything offered to me
as the result of an unsolicited e-mail message. Nor will I forward
chain letters, petitions, mass mailings, or virus warnings to large
numbers of others. This is my contribution to the survival of the
online community."
- Roger Ebert
Due to the unpopularity (and in many places, illegality) of spam,
purveyors spend a large amount of effort to hide the true source
of their messages. One of the biggest vectors for spam distribution
is through hijacked PCs that can be controlled without the owner's
knowledge or consent. Trojans, worms, and other malicious software
often contain hooks that can be used by specialized spamming software
to blast out thousands of spam emails through these hijacked machines,
with the resulting messages appearing to have originated at those
machines. This is called unauthorized or third-party relaying.
How Spam Relaying Works
Relay Methods (DSBL.org)--
Covers: SMTP, Formmail, Proxies, Telnet, FTP, and trojans.
Look up an IP on multiple blocklist databases
openrbl.org
Use DNS-based Block Lists (DNSBLs)
If you run a mail server, you need to be using at least one DNSBL,
preferably several,
to filter your incoming mail.
If you are a service provider, routinely check these lists to police your
own network.
Use a method like this to track
DSBL listings in your own network.
You don't want to get reputation for being lax on security, or
(worse) hosting professional spammers.
- DSBL (open relays & proxies)
- Spamhaus SBL Direct sources (professional spammers and the network providers who harbor them)
- Spamhaus XBL Exploits (open relays & proxies)
- Spamhaus PBL Policy Block List (Non-MTA IP address ranges set by outbound mail policy)
- RFC Ignorant (sites
who think the rules of the Internet don't apply to THEM)
A combination of a vulnerable host list such as DSBL or Spamhaus XBL
with a list of professional spam operators like Spamhaus SBL provides
the maximum effect. Evaluate these and other DNSBLs for the best fit
with your organization's email policies.
Info on open mail relays
If you run your own mail server, make sure it can only be used
to send legitimate mail to or from your organization.
Info on open proxy servers
The bottom line for proxies is to make sure they are restricted
to your internal users.
However, many current viruses and worms covertly provide open proxies
on the hosts they infect.
These do not operate on standard TCP ports. In fact, they intentionally
change listening ports
periodically to avoid detection. You may want to periodically scan
your internal network
for unusual open ports.
Use a network scanner such as
nmap
along with a proxy detection tool like
Proxycheck
to locate covert proxies.
Most of all:
Make sure you are running up-to-date anti-virus software!
Despite what P.T. Barnum said, Don't Be A Sucker!
Links to information on scams, chain letters, hoaxes, and
computer security hysteria
- Advance Fee Fraud:
Information on AFF scams, also known as "Nigerian fraud"
or "419 schemes"
- Vmyths.com:
"Truth About Computer Security Hysteria"
- HoaxBusters:
Info on Hoaxes, Chain Letters, Malicious Code Warnings, and other Scams
- BreakTheChain.org:
"Common-sense evaluation of e-mail chain letters."
- Sophos:
Virus hoaxes and scares
The Semi-Official, Semi-Serious
ASCII Ribbon Campaign
/"\
\ /
X
/ \
Against gratuitous graphics
on the Web and HTML in email
This page is
Valid W3C HTML 3.2