Educause Security Discussion mailing list archives
Re: Image SPAM Increase?
From: "Lucas, Bryan" <b.lucas () TCU EDU>
Date: Wed, 19 Apr 2006 16:35:41 -0500
http://www.sdsc.edu/~jeff/spam/Blacklists_Compared.html Depending on your mail volume, you may have to be selective how many lookups your gateway does. While the above link doesn't get into how aggressive each RBL is, it can help you identify those that are worthwhile. IMHO, this combination, especially when used in conjunction with a multi filtered product (ciphertrust, barracuda, Exchange IMF) produces excellent results: Spamhaus.org (sbl/xbl) Cbl.abuseat.org Dynablock.njabl.org List.dsbl.org Bl.spamcop.net Cn-kr.blackholes.us (only use if you don't need to interact with .CN or .KR) I have had mixed results with SORBS, RFC-ignorant, PSBL Surriel, and five-ten-sg.com. They are a bit too aggressive for most businesses. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 -----Original Message----- From: Lee Weers [mailto:weersl () CENTRAL EDU] Sent: Wednesday, April 19, 2006 4:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Image SPAM Increase? Have people used Not just another blacklist? http://www.njabl.org/ It is a blacklist site that maintains a list of DSL, cable modems, etc, to help prevent the botnet spamming. I know an ISP that is using and highly recommends it. I'd like to hear from more people though. -----Original Message----- From: Mark Borrie [mailto:mark.borrie () OTAGO AC NZ] Sent: Wednesday, April 19, 2006 4:01 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Image SPAM Increase? I started seeing these spam a few weeks ago and then they stopped getting through. We have used PureMessage for a couple of years and updates to rules are occur potentially every 5 minutes. We don't do any rule tuning. The main reason I think that these messages are no longer getting through is the blocker service that is part of PureMessage. A database of IPs known to send spam is maintained and we no longer accept smtp connections from these systems. Every IP I have checked to date appears to be a home/broadband system, i.e. part of a botnet. Legitimate attempts to send mail receive appropriate error messages so that we can sort out the issue. Mark On 19 Apr 2006 at 12:08, Gary Flynn wrote:
Over the past few weeks we've seen a slow increase in SPAM messages related to stock market advice. We're starting to see regular reports from our users of this new ( for us ) activity. The messages are composed: 1) entirely of images --or-- 2) Images prepended with gibberish Messages have been received from computers around the world and sources don't seem to repeat. Our email system is assigning them junkmail scores too low to keep them out of regular mailboxes. Anyone else seeing these? If not, do you know what is keeping you from seeing them? Anti-spam device or product? ORB list? SPF? Custom filter? How would any SPAM filter be able to deal with a message made up entirely of an image and sent from varying computers? Is it safe to assume there are no filters that have OCR capabilities :) What actions do you take and/or what recommendations do you offer to users when faced with an increase in unfilterable messages? thanks, -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
-- Mark Borrie Information Security Manager, Information Technology Services, University of Otago, Dunedin, N.Z. Ph +64 3 479-8395, Fax +64 3 479-5080, Mobile +64 27 609-6409
Current thread:
- Re: Image SPAM Increase?, (continued)
- Re: Image SPAM Increase? Bruggeman, John (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Gary Flynn (Apr 19)
- Re: Image SPAM Increase? Ken Connelly (Apr 19)
- Re: Image SPAM Increase? Dan Oachs (Apr 19)
- Re: Image SPAM Increase? Les LaCroix (Apr 19)
- Re: Image SPAM Increase? Graham Toal (Apr 19)
- Re: Image SPAM Increase? Mark Borrie (Apr 19)
- Re: Image SPAM Increase? Lee Weers (Apr 19)
- Re: Image SPAM Increase? Lucas, Bryan (Apr 19)
- Re: Image SPAM Increase? Dave Koontz (Apr 19)
- Re: Image SPAM Increase? unisog (Apr 19)
- Re: Image SPAM Increase? Robert Mozden (Apr 20)
- Re: Image SPAM Increase? Paul Russell (Apr 20)
- Re: Image SPAM Increase? Flagg, Martin D. (Apr 21)