On Tuesday 25 August 2009 10:35:06 Clifford Beckett wrote: > Hello Network admins. > I have a user who is receiving email error messages indicating a "BANNED > CONTENTS ALERT" from <[log in to unmask]> on emails that > claim to be sent by this user but were not. Who should I talk to about > this problem? Our email is primarily handled through the Engineering > email server. The error message includes this information > > First upstream SMTP client IP address: [61.47.11.234] unknown > According to a 'Received:' trace, the message originated at: > [61.47.11.234], egr.msu.edu (unknown [61.47.11.234]) > > Thanks > Cliff I don't think it makes sense to worry about this. We're all going to see this for the rest of our lives, and there is nothing that can be done about it, short of re-architecting the net itself, and all other communications devices. Having the IP address is useless, basically. Chances are the dreck is originating from some poor infected Windows machine, and its owner has no idea their machine is shoveling out garbage. At the very best, you can get the individual to clean up their machine, but then they'll screw up patching, or not upgrade to the latest version of some security horror like Flash, and will again get under the control of something evil and it starts all over again. If I sound jaded, its because I have fought spam/spit/email marketers in the past, and found that some huge amount (like 95%) came from compromised machines, and once I got the owners to even understand what that meant (and got it cleaned up), they all got infected again (four machines). The solution is to educate our users, to never, ever ever ever fall for requests for anything online, via txt message, or automated phone call requests (ever get a robotic voice asking for your bank data?), and discard them. Nothing else will work, nothing else is ever going to work. Teaching people to beware of scams is one of the most important parts of using the net. That is the one defense that will work, which the vandals can't get around. --STeve Andre'