-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, We are detecting a large number of messages that absolutely RFC822 compliant, but are causing our victim hosts to be delivering spam via the use of a certain header (I do not want to divulge everything just yet as it's absolutely RFC compliant and heavily used by legitimate mail list software. If more spam program writers know about this, we will not be able to stop the spam.) The victim hosts are relay-resistant. The scenario is this: SpamInjector talks with the victim mail host. The victim mail host will accept the mail, but there's a problem. The response from the victim box causes spam to the spam recipient, but of course the victim host's fingerprints are all over it. Anyone else seeing this? We've been tossing around mechanisms to stop it, but all the alternatives break compliance with the RFC, and will certainly cause mail lists to be far less useful. thanks, Andrew van der Stock, MCSE, Senior Security Architect, e-Secure Pty Ltd "Secure in a Networked World" Phone: (03) 9699 7088 Fax: (03) 9699 7066 Suite 302, 370 St Kilda Rd Mobile: 0412 532 963 Melbourne Victoria Australia Email: ajv@e-secure.com.au ACN 068 798 194 http://www.e-secure.com.au -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO6FrdXMQPsd9dowGEQIB2gCg+Wevw9mV1JTGaNInQIqfvTD5OuEAn2pp h60edzNeC6C8trqmVa6CUQUu =IJwX -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Sep 13 2001 - 19:32:39 PDT