Educause Security Discussion mailing list archives
Re: AOL email concerns for nodak.edu (fwd)
From: Brian Smith-Sweeney <bsmithsweeney () NYU EDU>
Date: Thu, 28 Apr 2005 10:25:27 -0400
Dick Jacobson wrote:
Below is a letter supposedly from AOL telling us our domain is not playing nicely. Is anyone else seeing these ? I know we send our share for garbage from compromised computers, but most of the complaints regarding thos incidents include timestamps or email headers so they can be tracked. This email simply says we are being naughty (without any documentation) and they are going block us if we do not clean up our act. I am tempted to treat this as SPAM and submit a complaint to the origin (appears to be in the AOL domain but I have not torn into the headers too deeply). Anyone else seeing these ? If so, what have you done ? --
We've seen them as well. One of my coworkers contacted AOL and got us signing up for their spam report list, which I think Bryan mentioned in another post. We created a new email address for receiving these complaints and we have a script to process the mailbox, take a count of each offending IP in our domain and mail us a report. I ignore anything with a hit count < 5 which often can be false-positives. It gives us yet another way to find hosts being abused on the network. One of the downsides I've noticed is that you get an email any time the AOL user *reports* a message as spam, rather than when AOL receives it. So if you had a machine that was being abused but has since been taken down, you might continue to get spam reports for it for days or longer. I started including "date last seen" in our reports, which helps a bit. You also have to be prepared for that email address to get inundated with emails (it is, after all, one email per aol user click). Cheers, Brian -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Brian Smith-Sweeney Sr. Network Security Analyst ITS Technology Security Services, New York University bsmithsweeney () nyu edu http://www.nyu.edu/its/security ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- AOL email concerns for nodak.edu (fwd) Dick Jacobson (Apr 28)
- <Possible follow-ups>
- Re: AOL email concerns for nodak.edu (fwd) Lucas, Bryan (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Daniel Medina (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Larry Jennings (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Brian Smith-Sweeney (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Joe St Sauver (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Daniel Medina (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Mark T. Nardone (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Cal Frye (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Paul Russell (Apr 28)