[ale] more spammers

Bob Toxen transam at verysecurelinux.com
Tue Oct 2 17:16:25 EDT 2007


Yes, it is an escalating arms race between spammers and those who write
spam filters like me!

It now is common to send spam to an address with a sender claiming to
be from that organization.  Also, sometimes it appears that spammers
have intercepted legitimate emails and then claim to be the sender
to send spam to the recipient or vice versa.  My spam filter has quite
a few anti-spoofing filters including Sender Policy Framework (SPF).
EVERYONE should use SPF.  It would stop all those PayPal and bank
phishing emails and those claiming to be from well-known organizations
immediately!


I encourage all to browse:

     www.openspf.org/

and then add the easy-to-create SPF anti-spam DNS records to your
organization.  This will allow any spam filter that uses SPF (including
mine) to detect those falsely claiminging to be you and block that email
as spam.  (Be aware that if you send email claiming to be from your
organization from other locations such as your home ISP then you also
need to add that ISP's outgoing email servers' IPs to your
organization's SPF records.)

Bob Toxen
bob at verysecurelinux.com               [Please use for email to me]
http://www.verysecurelinux.com        [Network&Linux/Unix security consulting]
http://www.realworldlinuxsecurity.com [My book:"Real World Linux Security 2/e"]
Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
Quality spam and virus filters.

"Microsoft: Unsafe at any clock speed!"
   -- Bob Toxen 10/03/2002

On Tue, Oct 02, 2007 at 11:36:33AM +0000, James P. Kinney III wrote:
> FYI

> Last night I began receiving notice from ALE Mailman that messages I was
> sending were being held due to their size. 

> Example:
> Your mail to 'Ale' with the subject

>     Fw: DSC-00465.jpg

> Is being held until the list moderator can review it for approval.

> The reason it is being held:

>     Message body is too big: 369320 bytes with a limit of 40 KB

> The fun is I did not send them and all the one I _did_ send went through
> properly.

> So it appears either the spammers have become more sophisticated and are
> now relating real email address to real activities (that is somewhat
> unnerving) or they just got lucky on the list post .
> -- 
> James P. Kinney III          
> CEO & Director of Engineering 
> Local Net Solutions,LLC        
> 770-493-8244                    
> http://www.localnetsolutions.com

> GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
> <jkinney at localnetsolutions.com>
> Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7



More information about the Ale mailing list