On Tuesday 25 August 2009 10:35:06 Clifford Beckett wrote:
> Hello Network admins.
> I have a user who is receiving email error messages indicating a "BANNED
> CONTENTS ALERT" from <[log in to unmask]> on emails that
> claim to be sent by this user but were not. Who should I talk to about
> this problem? Our email is primarily handled through the Engineering
> email server. The error message includes this information
>
> First upstream SMTP client IP address: [61.47.11.234] unknown
> According to a 'Received:' trace, the message originated at:
> [61.47.11.234], egr.msu.edu (unknown [61.47.11.234])
>
> Thanks
> Cliff
I don't think it makes sense to worry about this. We're all going to
see this for the rest of our lives, and there is nothing that can be
done about it, short of re-architecting the net itself, and all other
communications devices.
Having the IP address is useless, basically. Chances are the dreck is
originating from some poor infected Windows machine, and its
owner has no idea their machine is shoveling out garbage. At the
very best, you can get the individual to clean up their machine,
but then they'll screw up patching, or not upgrade to the latest
version of some security horror like Flash, and will again get under
the control of something evil and it starts all over again.
If I sound jaded, its because I have fought spam/spit/email
marketers in the past, and found that some huge amount (like
95%) came from compromised machines, and once I got the
owners to even understand what that meant (and got it cleaned
up), they all got infected again (four machines).
The solution is to educate our users, to never, ever ever ever fall
for requests for anything online, via txt message, or automated
phone call requests (ever get a robotic voice asking for your
bank data?), and discard them.
Nothing else will work, nothing else is ever going to work.
Teaching people to beware of scams is one of the most important
parts of using the net. That is the one defense that will work,
which the vandals can't get around.
--STeve Andre'
|