Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: New e-mail attack using valid webmail accounts

From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Thu, 6 Mar 2008 08:47:57 -0500
I suppose with any criminal activity, they just find workarounds.  By
closing other doors such as SMTP, client side Trojans/worms/viruses,
shell accounts, etc. they have found yet another way.  Major e-mail
providers such as Yahoo and gMail most likely have the ability to
implement thresholds on their accounts to prevent repeated rapid server
side script execution by one user.  The non-SMTP attacks actually
benefit the spammers because the host organization's mail score on
systems such as SenderBase will be high, and the spam will not
immediately be blocked.

If anyone knows of any means to implement thresholds on accounts in
Microsoft Exchange please let me know.  There is no sense at letting
most accounts send more than a few dozen e-mails out each hour;
exceptions could be made for users that need to send more.  Thanks,

Matt

Matthew Jenkins
Network/Server Administrator
Fairmont State University
Visit us online at www.fairmontstate.edu


-----Original Message-----
From: John Ladwig [mailto:John.Ladwig () csu mnscu edu] 
Sent: Thursday, March 06, 2008 7:38 AM
To: Jenkins, Matthew; SECURITY () listserv educause edu
Subject: Re: [SECURITY] New e-mail attack using valid webmail accounts

A good cautionary tale, containing what seems like sound advice.  This
is not the first I've heard of increasing amounts of spam pressure via
non-SMTP injection methods.  The problem isn't limited to academic
sites, but has been noted in commercial webmail systems such as Yahoo
and gMail.  And not only to send spam, but to propagate malware.

Monitoring such as described below is just plain a good idea.

    -jml
Previous By Date Next
Previous By Thread Next

Current thread: