Educause Security Discussion mailing list archives
Re: New e-mail attack using valid webmail accounts
From: "Jenkins, Matthew" <matthew.jenkins () FAIRMONTSTATE EDU>
Date: Thu, 6 Mar 2008 08:47:57 -0500
I suppose with any criminal activity, they just find workarounds. By closing other doors such as SMTP, client side Trojans/worms/viruses, shell accounts, etc. they have found yet another way. Major e-mail providers such as Yahoo and gMail most likely have the ability to implement thresholds on their accounts to prevent repeated rapid server side script execution by one user. The non-SMTP attacks actually benefit the spammers because the host organization's mail score on systems such as SenderBase will be high, and the spam will not immediately be blocked. If anyone knows of any means to implement thresholds on accounts in Microsoft Exchange please let me know. There is no sense at letting most accounts send more than a few dozen e-mails out each hour; exceptions could be made for users that need to send more. Thanks, Matt Matthew Jenkins Network/Server Administrator Fairmont State University Visit us online at www.fairmontstate.edu -----Original Message----- From: John Ladwig [mailto:John.Ladwig () csu mnscu edu] Sent: Thursday, March 06, 2008 7:38 AM To: Jenkins, Matthew; SECURITY () listserv educause edu Subject: Re: [SECURITY] New e-mail attack using valid webmail accounts A good cautionary tale, containing what seems like sound advice. This is not the first I've heard of increasing amounts of spam pressure via non-SMTP injection methods. The problem isn't limited to academic sites, but has been noted in commercial webmail systems such as Yahoo and gMail. And not only to send spam, but to propagate malware. Monitoring such as described below is just plain a good idea. -jml
Current thread:
- New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 05)
- <Possible follow-ups>
- Re: New e-mail attack using valid webmail accounts John Ladwig (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Bradley, Stephen W. Mr. (Mar 06)
- Re: New e-mail attack using valid webmail accounts Michael H. Martel (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 06)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jesse Thompson (Mar 07)
- Re: New e-mail attack using valid webmail accounts Bruggeman, John (Mar 07)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 10)
- Re: New e-mail attack using valid webmail accounts Jenkins, Matthew (Mar 10)
- Re: New e-mail attack using valid webmail accounts Zach Jansen (Mar 14)
(Thread continues...)