[CLUE-Tech] Mail Delivery (failure clue-tech@clue.denver.co.us)

Thu Jul 8 13:59:34 MDT 2004

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 12:44 PM 7/8/2004 -0600, Chris Schock wrote:

>Emails to "abuse@" addresses are rarely effective for two reasons:
>
>1) Automated systems and panicky people send so many messages that it's
>impossible to reply to them
>
>2) A lot of the times they are incorrect (for example someone faked the
>sending address)
>
>I'm of the opinion that automated complaining is a bad thing. I have no
>idea what kind of spam the rest of you get, but I get around a hundred a
>day and if I kicked off an automated complaint every time one arrived that
>was either a scam or virus the priorities of my complaints would rank
>right above whale doodie in the ocean to whoever received them - and
>that's if they even got read.
>
>It's somewhat sad to have to relegate emails with nasty payloads to being
>unimportant, but because they are so commonplace they just don't get much
>attention. We all have responsibilities to protect our own computers and
>shouldn't rely on the upstream to do it for us. When that happens, they
>turn into Big Brother.
>
>Does anyone else share this point of view?

I do kind of.

I run spamcop <http://www.spamcop.net> against my spam load, and get 
accurate places to send reports. It also helps them identify IPAs to list 
and therefor block.  I'd say that spamcop probably catches about 33% of my 
spam.  They don't let us report virus bounces though.

I proposed on nanae that virus detection packages that send warning 
messages to the forged address in the from line of a spam are getting to be 
a sufficient nuisance that it is time to start a dnsbl that lists them.  I 
suggested that the people who run rfc-ignorant would be the logical folks 
to maintain that db since teh procedures for adding people to that list 
pretty closely match the procedures for adding domains to their existing list.

I have some automated complaining configured in my procmail filters.  The 
first two only complain to the FTC and to the address my ISP uses to train 
our local filtering better.  The third one also complains to the abuse desk 
at the notorious Indian spamhaus of vsnl.net  You are quite right that 
automated complaints have no impact there, but manual complaints have no 
impact there either, since vsnl has no intent to shut down spammers.  That 
is why, right after the recipe designed to just catch and report CXO, I 
have one that routes all of 203/8 to dev/null without bothering to 
complain. Yet to have a false positive.

:0
*^X-Spam-Status
*^.*RCVD_IN_SORBS
{
    EXITCODE=77
    LOG = "DNSBL - "
    :0
    !uce at ftc.gov,spam at nilenet.com
}
:0
*^X-Spam-Status
*^.*NO_RDNS
{
    EXITCODE=77
    LOG = "NORDNS - "
    :0
    !uce at ftc.gov,spam at nilenet.com
}
# CXO Today 05.04.04
:0
*^Received.*203\.199\.89\.[0-9] |\
  ^From.*cxotoday.com
{
   EXITCODE=77
   LOG = "CXO - "
   :0
   !uce at ftc.gov,abuse at vsnl.com,abuse at vsnl.net
}

DNSBL - From Shari at edomex.com  Wed Jul  7 23:58:33 2004
  Subject: incest collection updated daily!.. tamale
   Folder: /usr/lib/sendmail -oi 
uce at ftc.gov,spam at nilenet.com               1785
CXO - From Newswire at cxotoday.com  Thu Jul  8 10:05:24 2004
  Subject: **JUNK**  P.C. Crashes Excise Duty On PCs; Trick Or Treat?
   Folder: /usr/lib/sendmail -oi 
uce at ftc.gov,abuse at vsnl.com,abuse at vsnl.n   34743
NORDNS - From Jobs at triad-corp.com  Thu Jul  8 11:25:47 2004
  Subject: ***SPAM*** Greetings from Triad Consultants
   Folder: /usr/lib/sendmail -oi 
uce at ftc.gov,spam at nilenet.com               7756
NORDNS - From Mcconnellriverside0440827 at charter.net  Thu Jul  8 11:52:41 2004
  Subject: ***SPAM*** hi
   Folder: /usr/lib/sendmail -oi 
uce at ftc.gov,spam at nilenet.com               2624

Charles Oriez     coriez at oriez.org
39  34' 34.4"N / 105 00' 06.3"W
**
"Drag God into politics, and you'll ruin his reputation in no time." - 
Molly Ivins

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
Comment: created 6/26/04 expire 6/25/05 stored MIT & PGP.COM

iQA/AwUBQO2npriLNnC0cMkdEQIgfACcCSngeqC62F4o3Pg4eVXJ+1vb/OQAoOU9
0QUXrUmnaFZZKaSiAyxl7JJ5
=3lNd
-----END PGP SIGNATURE-----