From: Rich Kulawiec (rsk@gsp.org)
Date: Mon Aug 11 2003 - 14:03:46 EDT
1. The following people have broken autoresponders that have
(a) incorrectly replied to mailing list traffic and (b) incorrectly
replied to the author of the message (me) instead of to the sender:
"Diaz, Gustavo" <gdiaz@hprmail.com>
Jason.Shatzkamer@cexp.com
Erik Williams <ewilliams@brownco.com>
"Davis, Bruce" <bdavis@concerto.com>
Hautsalo Kari <Kari.Hautsalo@comptel.com>
"Leonard, Roger" <Roger.Leonard@marconi.com>
"TRUCKS, JESSE (SBCSI)" <jt9873@sbc.com>
"Pohl, Stefan" <Stefan.Pohl@dresdner-bank.com>
"Linnemann, Britta" <Britta.Linnemann@t-systems.com>
woll@dvont01.univw.uni-saarland.de
Amiri Amar <Amar.Amiri@cnes.fr>
Alex Pokras <Alex.Pokras@rci.rogers.com>
Karien Depijper <karien.depijper@telindus.com>
Klas.Erlandsson@vodafone.se
"Obst, Thomas" <Thomas.Obst@t-mobile.de>
Ying.Xu@TeleCheck.com
Please fix or disable your broken autoresponders.
2. I *strongly* discourage the use of all autoresponders, not just
because they often end up doing obviously broken things like this,
but because they confirm -- for spammers doing dictionary attacks --
that the address is valid and that traffic is being delivered to it.
(And they also confirm that maybe nobody's going to read it for a while,
which means that nobody will complain about spam showing up at it for
a while, which means that this would be an excellent time to shove as
much spam into it as possible.)
3. I further discourage them because they can easily be used to
conduct third-party spam-by-proxy and other attacks. (Think about
what such an autoresponder does with an incoming message. Now think
about how the autoresponder figures out where to send the response.)
4. At least one person on this list is running a horribly broken
"anti-virus" program which flagged my message as containing a copy
of the Hybris virus. Apparently, it's triggered by any mention of it
in the text (!!), and emits this amazingly stupid message:
From: postmaster@publico.pt
Subject: ALERT Possible W95.Hybris Infection
[...]
If you used one of these listed phrases, please reword your message and send
again. PUBLICO.PT will be happy to deliver the message.
[...]
which of course means that it will no doubt flag THIS message too...
as well as copies of its own output, since the "Subject" line contains
the string "Hybris" as well. Duh!
5. On that subject, I *strongly* discourage the use of any kind of
anti-virus software which emits messages back to putative message senders.
Many viruses/worms now in the wild forge the sender, so all that such AV
software does is send a false alarm to someone who doesn't have the virus
and doesn't need to be told. Such messages are in fact unsolicited,
and if sent in bulk, then they qualify as unsolicited bulk email (UBE)
which is THE correct definition of spam.
6. These broken/mis-configured anti-virus packages can also be used to
conduct spam-by-proxy and other attacks. So if you simply *must* run
AV software (instead of ripping the M$ out of your network), then
have it notify YOU about the problem, not anybody else, because there's
really no way the AV software will be reliably able to identify
the "anybody else".
---Rsk
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:55 EDT