Educause Security Discussion mailing list archives
Re: Image SPAM Increase?
From: Gary Flynn <flynngn () JMU EDU>
Date: Wed, 19 Apr 2006 12:50:29 -0400
Gary Flynn wrote:
Ken Connelly wrote:Anything common about these messages that would help me find/identify them?The only thing I've seen so far is that the X-mailer header in all of them is Microsoft Outlook Express. Different versions though. I wonder if this could be a sign the senders are BOTS. Subject, return path, source IP address, image name, image file, all vary.
One more thing. The mail headers I've seen always indicate two hops to us. The sending IP address always seems to be a member of the same network as the interim hop. I haven't tried to verify yet but it would lead me to suspect they're sent by BOTS ( random clients -> clients' organizational mail servers -> target ). If so, I would assume something like SPF would be ineffective because the e-mail would be coming from valid organizational servers. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Image SPAM Increase? Joe St Sauver (Apr 19)
- <Possible follow-ups>
- Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Ken Connelly (Apr 19)
- Re: Image SPAM Increase? Dan Oachs (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Bruggeman, John (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Ken Connelly (Apr 19)
- Re: Image SPAM Increase? Dan Oachs (Apr 19)
- Re: Image SPAM Increase? Les LaCroix (Apr 19)
- Re: Image SPAM Increase? Graham Toal (Apr 19)
- Re: Image SPAM Increase? Mark Borrie (Apr 19)
- Re: Image SPAM Increase? Lee Weers (Apr 19)
(Thread continues...)