Hotmail intelligence...

Martz · Mar 29, 2004

OK, so I have a e-mail gateway powered by linux which scans for virii and reduces spam for 150 workstations, 5 domain names and 6 remote sites. After we got swamped by viruses faking the send address, our system also sent out a warning to these senders alterting them that they may indeed have a virus.

I get an e-mail in reply to one of these warnings:

Before you accuse people of having a virus and sending you mail - learn how

these things work. Virii and spam often use fake addresses which is

extremely simple to do.

Post any complete message (including ALL headers) into www.spamcop.net to

find the ISP where mail originates and then write to [email protected]

I'm sick to death of receiving virii and spam and it's made worse by idiots

who don't know how the net works and then send mail to a place where it did

not originate.

So now it seems that I am personally responsible for all the virii and spam which ends up in her inbox.. well I'm not having that.. I replied with..

Thanks for your reply, it's nice to be called an idiot from a hotmail luser.

Because you have to say something eh? Can't just let these cheeky individuals get away with anything... she replied back:

I use hotmail for registrations to avoid virii and junk mail to my primary account - at least I can spell "user", and know how to use the net.

Ahh, so thats the problem! It's the idiots who fill the internet full of spam and nasty stuff (like me?) who are wasting other peoples time. And because I spelt luser (correctly IMO, since she is a luser) wrong I am even more unqualified to use the Internet.

dog · Mar 29, 2004

Bouncing virus _is_ useless martin, as most use spoofed return to headers all you are doing is spreading insecurity and wasting bandwidth(ie. spam)...

doh · Mar 29, 2004

clever user... she knows how to use "the net" :eek:

Martz · Mar 29, 2004

dog said:
Bouncing virus _is_ useless martin, as most use spoofed return to headers all you are doing is spreading insecurity and wasting bandwidth(ie. spam)...

Is useless perhaps, is spam - no. Spam is sending the same e-mail to lots of people at once, trying to sell a product etc or attract a website. Spam is not a warning about a virus. If anything, it should be a warning that someone you know is infested to fuck with a virii, and is distrubuting your e-mail addresses around the world because of their lack of security.

I've read and thought about the choice between warnings/no warnings. IMO, it is better to warn people with plain text e-mails rather than not to warn them at all, even if it is their infection. At least that way they do know that their address is being spoofed.

Martz · Mar 29, 2004

And "bouncing" implies that I am sending the original e-mail back to people, which im not. I am quarentining the e-mail and the virus, and sending a text based template to someone.

Also, it is part of the RFC to send NDR if delivery of an e-mail fails, not to make up my own standards and rules if a bunch of people decide that they don't like being warned about virii.

dog · Mar 29, 2004

Implying it is people they "know" who have virus is silly, as you well know virus will harvest email adresses from anywhere they can lay their fat filthy fingers on, so it's more than likely that the adress being spoofed, has no relation whatsoever to the person actually infected...

And yes I do believe you are causing more harm than good, by sending out these warnings, as I would think you well should know having to deal with end users on a daily basis. Most will simply panic, when recieving these notices, often enough with no valid reason. You are in essence acting just as silly as the people who by kneejerk reaction will forward any virus warning, no matter it's apparent value, causing more panic and less rational knowledge about virus and how to battle them.

Fine that you "have thought" about it, but doesn't it bother you in the least you are a very small minority in the security aware it-community? I would like you to convince me what the worth of these emails are?

It's not about not wanting to be warned of virus, it's about not wanting to be warned about someone elses virus and causing panic. Also I think you will find in the RFC that nowhere does it tell you to send NDR to spoofed adresses, so you are in effect _not_ breaking the RFC when you ignore spoofed emails...

And I do consider it spam, it's a waste of bandwidth directed at random users(spoofed adresses)...

Martz · Mar 29, 2004

Well I don't think I can change anyones opinion on this, I've read a lot about it on slashdot which has a very distinct seperation between people who believe that they should send alerts/reports and people who think they are a waste of time.

Nowhere does it say I should send a NDR for spoofed mail, I just always send an NDR or equivilent to any address I block. I know the address is sometimes spoofed (not all of the time, don't fall into the trap that all virii spoof addresses). Because of the fundamental way smtp works I can never verify if an address is spoofed or not. This is the problem with e-mail. If you cannot understand the concept that smtp does not gurantee delivery or who it was sent from. This needs to change to stop spam, not NDR. They do not contribute to any spam factors at all.

Postfix, Amavis and Spam Assassin all send these sorts of receipts by default. Anti spam tutorials advise and show how to setup these systems to make people who do send virii unknowingly can be advised.

I don't see it as spam, as I am not spamming people. I am sendning out e-mail to people who have been spoofed. I do not receive hundreds of e-mails from systems which have received e-mail (apparently) from me which has spoofed, so I don't know how annyoying it can be directly. Spammers sell viagra, increase the size of your penis and give you free pr0n. They make money out of sending out these e-mails constantly, and to as many addresses as possible. I only send 1 e-mail to each person who (seemingly) sends me a virus. There is also a damn good chance that you know of the person who sent it to you, it's not completely random as the person who really send me the virus will have the spoofed address in their address book (i.e. have e-mailed them before!)

The bandwidth issues are very minimal, < 1kb per e-mail. Stupid/Silly? I disagree. It's defintetly not intelligent or a solution to a spam problem. The problem with spam is because of the way smtp works. The problem with virii is that users are fucking stupid and open them. Making people aware that e-mails travel in viruses is still #1 top priority for the majorty who use the net and cause the proliferatin of virii, and an alert can only help.

What I do feel though, is that it isn't spam. I haven't gained anything from sending the e-mail, or (personally) from the end user reading it. What you're saying, is that if someone sends me a virus (intentionally or not, spoofed or not) then I should not send them any e-mail back whatsoever. What if it's falsely identified? You send me an e-mail which my gateway detects (incorrectly) as a virus, you only assume I have received it, when I haven't at all. You are entitled to a alter/report/NDR to make you aware of this, and that is an RFC specific point.

And to underline the mentality.. how can someone "not know how to use the internet" be to do with sending an alert about a spoofed e-mail? This users does not know their arsehole from their earhole, let alone understand the conceptual failings of a 10+ year old MTA.

Gen76 · Mar 29, 2004

Now now boys behave

Just send out an email saying :"Next person who dubble clicks a nonepackaged file attatchment looses their job"
problem solved

Ice · Mar 29, 2004

www.iknowhowtousethe.net :rolleyes:

gen's solution is indeed the best

dog · Mar 29, 2004

Packaging? Fuck all help, zip files can be infected no problem, to the point where most scanners fail at detecting it, or you spend all ur cpu time going thru them...

Gen76 · Mar 29, 2004

Your just being a argumentative tit and u know it :p:

99.9% of virii come as exe files.

Humph · Mar 29, 2004

The word "Virii" does not exist.
The plural form of "Virus" is... "Virus".
A lot like the word "Sheep".

munkZ · Mar 29, 2004

http://dictionary.reference.com/search?q=viruses&r=67

Joko · Mar 30, 2004

munkz is right

Martz · Mar 30, 2004

Joko said:
munkz is right

typo

Humph · Mar 30, 2004

Martz said:
typo

dog · Mar 31, 2004

the norwegian git said:
Your just being a argumentative tit and u know it 99.9% of virii come as exe files.

W-rrrong, time to check a reallife mailscanner I think jenna, I will give you stats from mine at work when I get there, but I can already now tell you a lot comes in other fileformats...

Nina · Mar 31, 2004

Norton AntiVirus removed the attachment: party.zip.
The attachment was infected with the W32.Netsky.B@mm virus.

BBStr@nge · Apr 29, 2004

enuff techy twaddle - Martz find out where she lives and go stick your weener in her ear - and ask her how she likes that for a game of soldiers.

Martz · Apr 29, 2004

BBStr@nge said:
enuff techy twaddle - Martz find out where she lives and go stick your weener in her ear - and ask her how she likes that for a game of soldiers.

Aye, I did. A month ago. And she said she'd like to play a game with all the soliders next time. Slapper.

Search

Search

Hotmail intelligence...

Martz

dog

Make the pie higher!!!

doh

hodlike

Martz

Martz

dog

Make the pie higher!!!

Martz

Gen76

.

Ice

New Member

dog

Make the pie higher!!!

Gen76

.

Humph

<a href='http://en.wikipedia.org/wiki/Internet_tro

munkZ

New Member

Joko

Be Young. Be Foolish. But Be Happy!

Martz

Humph

<a href='http://en.wikipedia.org/wiki/Internet_tro

dog

Make the pie higher!!!

Nina

skandi

BBStr@nge

Sacred Cows Make the Best Hamburger

Martz