Apology to rec.aviation...

In article et,
"Dudley Henriques" wrote:

...
I was well over 100 spams a day, due to having multiple email addresses,
posting to the news groups a lot, and having a web site with hundreds of
individual pages, each with my email on it.

Changing the email addresses would have inconvenienced my
contributors/customers/suppliers/relatives/friends.

However, after some work and about $20 in expense, all but about 50 to 100
spams a day are flushed away and I never see them.

Of the ones I still get, the funniest are the ones supposedly from the
people who manage the email services for my domain. Since "I" am the only
one who manages my domain, I tend to be a bit suspicious!


After the Swen virus hit, I was getting over a hundred a day. I finally got
Mailwasher and bounced them all. The robots pick up continious bounces
apparently...

Not really. The way most of these sorts of viruses operate these days is
by turning the infected person's computer into a mail relay without
their knowledge. The term for this sort of thing is "owning" a machine.
They then scan the Outlook and Outlook Express data files as well as web
cache and mine out all email addresses. The infected machine's new
stealth mail relay mechanism is then used to send copies of the virus to
every mined address...and it uses a return address of any one of the
mined addresses. Any of the targeted addresses which actually result in
another infection are in turn going to do the same process. This is why
these viruses spread so rapidly.


Why should virus writers want to turn peoples' home and business
computers into stealth mail relays? Easy, they are paid to do so by
professional spam gangs who will then turn around and use all these new
mail relays to spew out their spam. Some 80% is relayed through "owned"
MS Windows PC's on home cable and dsl networks (some 10,000 "owned
machines)...and some 90% spamvertises Western sites hosted in China.

It never ceases to amaze me how many people using Microsoft operating
systems either don't care or are just to damn ignorant to secure their
machines (with anti-virus software they keep current).

That said, there's a lot ISP's and companies could be doing to stop or
majorly contain such quick and penetrating viral outbreaks. Blocking
this sort of stuff at the mail server or network border are not that
difficult to implement....and should be required of every ISP and it
should be free. I have such protection on all my clients' email servers,
and it has caught and blocked 100% of attempted virus relays before they
can make into my customers' mail boxes.


It's only so many sysadmins at large ISP's are too lazy and/or
incompetent, that consumers are left thinking Mailwasher and products
like it are necessary. They are only necessary to make up for their
provider's incompetence.


So what happens when you're using a product like Mailwasher and it tags
and rejects a virus-infected email? Not much, these sorts of emails have
forged return addresses 99.9% of the time...and will either go to
somebody who scratches their head wondering why they're being accused of
sending a virus...or to a bogus address. The same goes for spam. The
only way to tell the real source (well at least the last hop) of spam is
by looking at the IP which relayed it to your smtp server (either by
looking at your message headers or your mail server's logs).


With that IP address, you have enough info to root out who is
responsible for abuse from that net block and make complaints
accordingly. The user-level anti-spam software is largely worthless in
actually having an effect on stopping that spam from spamming you again
or rejecting to the right people. It is reasonably effective of keeping
the garbage out of your mail box...which I guess is as much as most
end-users care about. The fact remains, if the provider did its job at
the server level, you wouldn't need such programs. I know that's a big
"if", but there are plenty of IPS's (as well as email hosters) to choose
from who actually know a thing or two about blocking spam and viruses.


Of course, you could always get a Mac and never have to worry about
these sorts of viruses. ; )

--Mike