Thread: Apology to rec.aviation...
View Single Post
  #12  
Old March 29th 04, 12:16 AM
Michael Wise
external usenet poster
  
Posts: n/a
Default
In article et,
"Dudley Henriques" wrote:

"Michael Wise" wrote in message
...
In article et,
"Dudley Henriques" wrote:

...
I was well over 100 spams a day, due to having multiple email
addresses,
posting to the news groups a lot, and having a web site with hundreds
of
individual pages, each with my email on it.

Changing the email addresses would have inconvenienced my
contributors/customers/suppliers/relatives/friends.

However, after some work and about $20 in expense, all but about 50 to
100
spams a day are flushed away and I never see them.

Of the ones I still get, the funniest are the ones supposedly from the
people who manage the email services for my domain. Since "I" am the
only
one who manages my domain, I tend to be a bit suspicious!


After the Swen virus hit, I was getting over a hundred a day. I finally
got
Mailwasher and bounced them all. The robots pick up continious bounces
apparently...

Not really. The way most of these sorts of viruses operate these days is
by turning the infected person's computer into a mail relay without
their knowledge. The term for this sort of thing is "owning" a machine.
They then scan the Outlook and Outlook Express data files as well as web
cache and mine out all email addresses. The infected machine's new
stealth mail relay mechanism is then used to send copies of the virus to
every mined address...and it uses a return address of any one of the
mined addresses. Any of the targeted addresses which actually result in
another infection are in turn going to do the same process. This is why
these viruses spread so rapidly.


Why should virus writers want to turn peoples' home and business
computers into stealth mail relays? Easy, they are paid to do so by
professional spam gangs who will then turn around and use all these new
mail relays to spew out their spam. Some 80% is relayed through "owned"
MS Windows PC's on home cable and dsl networks (some 10,000 "owned
machines)...and some 90% spamvertises Western sites hosted in China.

It never ceases to amaze me how many people using Microsoft operating
systems either don't care or are just to damn ignorant to secure their
machines (with anti-virus software they keep current).

That said, there's a lot ISP's and companies could be doing to stop or
majorly contain such quick and penetrating viral outbreaks. Blocking
this sort of stuff at the mail server or network border are not that
difficult to implement....and should be required of every ISP and it
should be free. I have such protection on all my clients' email servers,
and it has caught and blocked 100% of attempted virus relays before they
can make into my customers' mail boxes.


It's only so many sysadmins at large ISP's are too lazy and/or
incompetent, that consumers are left thinking Mailwasher and products
like it are necessary. They are only necessary to make up for their
provider's incompetence.


So what happens when you're using a product like Mailwasher and it tags
and rejects a virus-infected email? Not much, these sorts of emails have
forged return addresses 99.9% of the time...and will either go to
somebody who scratches their head wondering why they're being accused of
sending a virus...or to a bogus address. The same goes for spam. The
only way to tell the real source (well at least the last hop) of spam is
by looking at the IP which relayed it to your smtp server (either by
looking at your message headers or your mail server's logs).


With that IP address, you have enough info to root out who is
responsible for abuse from that net block and make complaints
accordingly. The user-level anti-spam software is largely worthless in
actually having an effect on stopping that spam from spamming you again
or rejecting to the right people. It is reasonably effective of keeping
the garbage out of your mail box...which I guess is as much as most
end-users care about. The fact remains, if the provider did its job at
the server level, you wouldn't need such programs. I know that's a big
"if", but there are plenty of IPS's (as well as email hosters) to choose
from who actually know a thing or two about blocking spam and viruses.


Of course, you could always get a Mac and never have to worry about
these sorts of viruses. ; )



First of all, my computer is protected by a very good anti virus program. In
fact, the virus was never an issue for me.

Which is a good thing. It would be even better if the biggies like
Earthlink filtered such viruses such that they never made it to your
mail box in the first place....because for every smart and prepared user
on Earthlink such as yourself, there are probably five who are not.


What WAS an issue were the 100 or
so emails, (infected or not infected) that were sitting on the Earthlink
server just waiting for me to hit the download button so I could sit here
for two hours waiting for the crap to get downloaded so I could delete it.
The problem for me, as it was for many others, was the unacceptable download
time taken to get these bogus emails down to where they could be deleted
without opening them.


Right, and the tools are available to Earthlink which would allow them
to block about 90% of the spam you receive and accurately tag as spam
(but not block) some 90% of the remaining 10%.


I think we all know that the answer to this is for the
ISP to have adequate programs installed on their servers to eliminate these
problems, but the simple truth is that most do not.


Indeed, but there are always alternate providers or even plain email
hosters who do. People need to speak to companies like Earthlink in the
only language they care about and understand: $$. By customers
continuing to pay for their services, they have little incentive to
change. To add insult to injury, the end-user gets to a point where
he/she has to spend extra $$ for software to bring their mail box back
into something resembling control...when the ISP should be doing that.



My antivirus program (Computer Associates) is completely up to date and will
catch any virus' infected messages after downloading, but who the hell wants
to sit on their ass for two hours and wait while all the mess is coming in
at 56kbs; I sure don't! :-)


Agreed. Just think if Earthlink actually gave a rat's a** about their
incoming spam or the amount of "owned" Windows PCs on their
consumer-grade DSL networks?

Even so, there for years have been tools which will allow you to
scan/read/delete your email while it still sits on your mail server.
That way, you can delete before downloading any messages you don't want.

POPmonitor (http://www.vechtwijk.nl/dev/popmonitor/) and Mail Siphon
(http://www.maliasoft.com/us/mailsiphon.html) are two of several such
tools which come to mind.



After complaining along with a million other people to the ISP's to install
software that catches all this crap, I, along with a million other people
out here installed Mailwasher so that we can see what the hell was sitting
on the server and get rid of the crap BEFORE downloading it.


You can thank Earthlink for that.



Bottom line is that until the ISP's start nailing this stuff on their
servers, the general public is left to programs like Mailwasher to help them
delete these messes from the server,


Or use an ISP or email hoster who does nail the stuff on their servers.



--Mike