 |
 |
Dak Aldrich wrote: > Ya know, Matrix is running SpamAssassin before our email server. Do you > know that I have NEVER ONCE gotten one of these emails? Unfortunately, we > can't afford to have all Music faculty on our exchange system, yet. So... Of > course, they keep getting them and like... Well... Some users... They > actually send the info. So far, we've caught it before anything happens, > and are able to change the password. > > I've noticed that a lot of users are getting a lot of spam that I do not. > Is there any plan to look at or consider a change to the spam filtering or > the entire system that MSU uses? Honestly, I don't think I could handle > using my MSU account these days with all the crap others are getting. I get > MAYBE 6 or 7 spam a week with our setup. And I've got MSU users that are > getting 50 a day. > > Just curious. > > -dak > -Network Admin > -College of Music, MSU > [log in to unmask] > -http://comit.music.msu.edu > -517.432.5045 > > > On 7/1/08 9:54 AM, "Brian Martinez" <[log in to unmask]> wrote: > > >> John Resotko wrote: >> >>> You'll probably want to warn your users about this as yet another attempt, >>> and not a very good one, to trick people out of their MSU Net ID and >>> password. This one is coming from a Gmail account, and not very well >>> disguised at that. >>> >>> >> John, et al, >> >> I'm not sure about your guys, but we find that the headers for the >> message help us the most when dealing with how to tackle the problem. >> We've already found about 3 different IP addresses and put them in a 24 >> hour trap. Here's a link to a Help Desk / Techbase article that you can >> pass onto users instructing them how to find headers in several >> different email clients. >> >> http://techbase.msu.edu/article.asp?id=974 >> >> Just thought you all might like to know. On a related note, if any of >> you wind up sending this or any other phishing attempt info to >> postmaster@ or abuse@ please, Please, PLEASE be sure to include full >> headers! :-) >> >> Thanks! >> ./brm >> > > ===================== > Dak Aldrich > Network Administrator > College of Music, MSU > [log in to unmask] > (517) 432-5045 > ===================== > > Dak If these MSU users have selected SPAM filtering (see http://techbase.msu.edu/article.asp?id=65&service=techbase) they should not be receiving 50 spams a day. Please look in the headers and see if the spam score is greater than 5.0 If so they should not be getting these emails. Please forward me samples of these (headers included) and I will see if I can figure out why they slipped by. If they are forwarding their email off the MSU system then the SPAM processing is bypassed. We cannot spam check forwarded mail. MSU is planning a spam check before SMTP accept scheme but this must wait until planned hardware upgrades are complete. SPAM scanning a billion emails a year for 176,000 accounts takes a lot of processing power. On the subject of the phishers this particular phishing came from a legitimate ISP in Canada and once we saw it we blocked it. The return address for this phishing has been blocked to outgoing email since June 22. Any user on the MSU email system would have been prevented from replying to the phisher. We are as vigilante as we can be for these kinds of fraudulent emails. We block many of these and countless viruses but unfortunately some still get by. That is why we are always grateful for users such as yourself who report these cases to abuse. Thanks. /sd -- Steve Devine Email & Storage Academic Technical Services Michigan State University 313 Computer Center East Lansing, MI 48824-1042 1-517-432-7327 Baseball is ninety percent mental; the other half is physical. - Yogi Berra