[G4] Spammer attack / virus

Doug McNutt douglist at macnauchtan.com
Mon Sep 19 11:22:34 PDT 2005 

At 03:21 +1000 9/20/05, Tony Johansen wrote:
>I have been getting increasing spam attacks since mid year, shortly after I
>let my Anti Virus lapse.

SNIP

>I started getting mail that seemed to be from me but to numerous names that
>are fictitious. Example stan at tonyjohansen.com, frank at tonyjohansen.com,
>stella at tonyjohansen.com etc.   At their peak I was getting about 6 a day,
>but they have died down to just a few a week now but in their place have
>come mails that appear to be from my ISP and with subjects like 'Warning:
>Account About To Be Cancelled' They all have attachments which I don't open
>and my ISP says they are not genuine.

These are typical of spammers. You, as the postmaster, as seen by your ISP get default messages which are improperly addressed to a non-existent account. They will also forge your email address in a From: header while sending to another sucker.

>At first I thought it was an outside party, possibly someone who has me in
>their address book, but now that I have discovered I have been blacklisted
>for spam, I suspect it is in my computer.

It is almost impossible to be "blacklisted" in the RBL sense as an individual. You would pretty much have to be running sendmail on your own machine for that. More likely your ISP's IP address has been hit by an overzealous RBL search.  Running an "open relay" which means an SMTP server with "unapproved"  authorization features is, to them, a forbidden thing. Many ISP's use "check mail before sending" which is pretty good but not to the RBL folks.

SNIP

>Anyone any experience in what precisely I am looking for and how to get rid
>of it? And protect my self in future?

Another list, not very active, is:

To: Spam-Tools Discussion List <spam-tools at sparky.listmoms.net>
Reply-To: Spam-Tools Discussion List <spam-tools at sparky.listmoms.net>
List-ID: Spam-Tools Discussion List <spam-tools.cartel.listmoms.net>
List-Owner: <mailto:spam-tools-owner at sparky.listmoms.net>

You will find helpful answers there. They will appreciate some full headers from sample mails. If you talk about blacklisting include the IP address involved.

<http://www.email-policy.com/Spam-black-lists.htm> or Google for "RBL" or for "suspect IP"

-- 
--> $200 billion of US taxes for the Gulf. That's $400,000 for each of the half million displaced families. It would buy a $20k annual stipend forever. <--

More information about the G4 mailing list