Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] thannyd earthlink.net

2009-04-06 13:20:46
Subject: Re: [Bacula-users] thannyd earthlink.net
From: Chris Hoogendyk <hoogendyk AT bio.umass DOT edu>
To: bacula-users <bacula-users AT lists.sourceforge DOT net>
Date: Mon, 06 Apr 2009 13:16:03 -0400 

Mike Holden wrote:
> Eric J. Wisti wrote:
>   
>> That still doesn't make the "Please verify" messages any more friendly.
>> What if someone forges my email address and sends you a spam. I get a
>> "Please verify" message, but I had nothing to do with the email that was
>> sent, other than being a victim of an email forgery. Now, I also get a
>> nice "Please Verify" message. These systems may have been a ok workaround
>> before, but now that spam is some 94% of email is spam, all it does is
>> increase the amount of "spam", and involve people who may not even be
>> connected with the emails you receive.
>>     
>
> Welcome to the 2009 internet mate! We're all fed up of spam, but until the
> ISPs get their fingers out collectively and block junk at source, we're
> stuck with it.
>
> If someone forges your email address to send spam, then you will still get
> any bounces back anyway if the victim email addresses fail (unknown email
> address, quota exceeded etc). A fair percentage of the spam I receive is
> bounce messages from spam sent "on my behalf" (i.e. spoofed From address)
> to invalid email addresses.
>   

I grant you that a lot of improperly configured mail servers will create 
such bounce back. However, a properly configured mail server won't 
accept that email in the first place. It will get a message back to the 
connecting "server" indicating "unknown email address" or whatever, 
rather than accept the message and end up having to reply back to a 
potentially forged return address.

A fairly old known attack method is to identify a pool of such 
misconfigured mail servers and then bomb them all with a forged return 
address of the person you want to hit with a DOS. It's called "joe 
jobbing" someone -- http://en.wikipedia.org/wiki/Joe_job.

> Not a lot I can do about it, unfortunately. I do try to not lose sleep
> about it though :-)
>   

In general, true. But, for those of you who manage mail servers, make 
sure they don't create backscatter. And, if your ISP has a mail server 
that does this, give them a hard time. It might have a small impact.


-- 
---------------

Chris Hoogendyk

-
   O__  ---- Systems Administrator
  c/ /'_ --- Biology & Geology Departments
 (*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst 

<hoogendyk AT bio.umass DOT edu>

--------------- 

Erdös 4



------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Bacula-users] bacula-dir Segmentation violation - time to upgrade?, Jeff Dickens
Next by Date:  Re: [Bacula-users] I really need some help with bscan and trying to restore (repost), Rick Knight
Previous by Thread:  Re: [Bacula-users] thannyd earthlink.net, Mike Holden
Next by Thread:  Re: [Bacula-users] thannyd earthlink.net, Kevin Keane
Indexes:  [Date] [Thread] [Top] [All Lists]