Educause Security Discussion mailing list archives

Re: AOL email concerns for nodak.edu (fwd)

From: Brian Smith-Sweeney <bsmithsweeney () NYU EDU>
Date: Thu, 28 Apr 2005 10:25:27 -0400

Dick Jacobson wrote:

Below is a letter supposedly from AOL telling us our domain is not playing
nicely.  Is anyone else seeing these ?

I know we send our share for garbage from compromised computers, but most
of the complaints regarding thos incidents include timestamps or email
headers so they can be tracked.  This email simply says we are being
naughty (without any documentation) and they are going block us if we do
not clean up our act.

I am tempted to treat this as SPAM and submit a complaint to the origin
(appears to be in the AOL domain but I have not torn into the headers too
deeply).

Anyone else seeing these ?  If so, what have you done ?

--

We've seen them as well. One of my coworkers contacted AOL and got us
signing up for their spam report list, which I think Bryan mentioned in
another post. We created a new email address for receiving these
complaints and we have a script to process the mailbox, take a count of
each offending IP in our domain and mail us a report. I ignore anything
with a hit count < 5 which often can be false-positives. It gives us yet
another way to find hosts being abused on the network.

One of the downsides I've noticed is that you get an email any time the
AOL user *reports* a message as spam, rather than when AOL receives it.
So if you had a machine that was being abused but has since been taken
down, you might continue to get spam reports for it for days or longer.
I started including "date last seen" in our reports, which helps a bit.
You also have to be prepared for that email address to get inundated
with emails (it is, after all, one email per aol user click).

Cheers,
Brian

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney      Sr. Network Security Analyst
ITS Technology Security Services, New York University
bsmithsweeney () nyu edu
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

AOL email concerns for nodak.edu (fwd) Dick Jacobson (Apr 28)
- <Possible follow-ups>
- Re: AOL email concerns for nodak.edu (fwd) Lucas, Bryan (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Daniel Medina (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Larry Jennings (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Brian Smith-Sweeney (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Joe St Sauver (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Daniel Medina (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Mark T. Nardone (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Valdis Kletnieks (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Cal Frye (Apr 28)
- Re: AOL email concerns for nodak.edu (fwd) Paul Russell (Apr 28)