| Author | Message | |||
| Sunny Garofalo (Jaguarxj6)
Member Username: Jaguarxj6 Post Number: 877 Registered: 2-2003 |
Rob, if you have the IP address, the task is simple to block the user(s) relaying or infected. However, convincing your ISP to block another ISP outright or convince an ISP to take action on one of their users (far easier of the two) with a good dose of "legalese" might be worth looking into. Sunny | |||
| Sunny Garofalo (Jaguarxj6)
Member Username: Jaguarxj6 Post Number: 876 Registered: 2-2003 |
Rich, there is a solution. Its called an RBL, or relay black list (I think). Its basically the kiss of death for an Enterprise mail system since ALL mail coming from this domain sent to domains with an RBL will be DENIED, period. It takes many days, somes a week or longer in the worst cases, to be removed from this list. As a result, it gets the e-mail and firewall admins working overtime to isolate and install filters as proof to the NOC and others who control this list they are no longer relays.  Sunny | |||
| Rob Lay (Rob328gts)
Board Administrator Username: Rob328gts Post Number: 6213 Registered: 12-2000 |
I can't figure out how the ISP can stop them. I can see how they would filter out all undeliverable returns, but you need that in case you actually make a mistake addressing an email. How else can they filter them out? | |||
| '75 308 GT4 (Peter)
Advanced Member Username: Peter Post Number: 3074 Registered: 12-2000 |
Same problem here. Scanned my computer with the Norton Anti-Virus top to bottom, side to side, in and out, etc... Came up clean and yet my (free) email kept getting those "SoBig" undeliverable messages. I emailed their tech support and several days later, the messages stopped. | |||
| DGS (Dgs)
Member Username: Dgs Post Number: 314 Registered: 5-2003 |
I got a dozen of the "rejected/undeliverable" notices one day at my work email. A few included the headers to the rejected message, which told me the originating IP address. A quick search at DNSstuff.com told me the ISP. I sent the ISP's contact email a message, asking that they inform their customer that they were infected. That was the end of it. What's worse is that the DOS attacks seem to have messed up granitecanyon's nameservers -- which were providing my DNS. So my email is out while sites can't find my mail server. I've spent most of the night modifying my gc account and adding another secondary nameserver. | |||
| Steven R. Rochlin (Enjoythemusic)
Member Username: Enjoythemusic Post Number: 737 Registered: 4-2002 |
Hi Everyone, Outlook allows for filters. i have a basic filter (see file below).
make sure you rename it filter.rwz Here is what you do MS Outlook folks. go to: TOOLS (scroll down to RULES WIZARD then OPTIONS the IMPORT RULES find file and import it make sure the box with MAIL FILTER is checked This is a good KNOWN basic filter. You can choose to delete individual things from this basic filter. Just trying to help. Enjoy the Drive, Steven R. Rochlin | |||
| Terry (Dogue)
Member Username: Dogue Post Number: 389 Registered: 9-2001 |
No I still get undeliverables, I still get the occasional message returned that I did not send even, but maybe once a week or less. It may have been coincidence, but the 40+ a day ended almost immediately after my call. | |||
| Rodney Haas (Icars)
Member Username: Icars Post Number: 435 Registered: 3-2002 |
The problem is that these Worms have become much smarter than previous virus infections. Previously Viruses only looked @ your address book. These viruses look @ internet cache. If you are on any list that are sent out with emails intact and one of them get sent to an infected machine you are going to start receiving these bogus emails. I actually received emails from several IT departments that had automated virus scanners. I emailed a couple of them back suggesting they turn this off. | |||
| Kenny Herman (Kennyh)
Intermediate Member Username: Kennyh Post Number: 1182 Registered: 8-2001 |
Rob, same thing is happening with my AOL address, it's good to hear that I'm not the only one.. | |||
| rich stephens (Dino2400)
Member Username: Dino2400 Post Number: 587 Registered: 10-2001 |
since 10pm last night i've received over 100 bogus virus generated emails per hour! that's like 2000 mails already. i know the ip address they are coming from and have looked it up but since it's an isp (optimum online, i.e. cablevision, somewhere in NY probably) it's probably just one of their users and so the isp has ignored my requests to find out which of their users is infected and sending the mails. is there no technical way that a mail server can be set up so that it does not send mails that have attachments with .pif or .src extensions (or other common virus attachments)? If this is technically possible, why aren't the owners of mail servers held responsible when this stuff spreads through their servers? It would be the fastest way to kill these viruses. drives me crazy. | |||
| Rob Lay (Rob328gts)
Board Administrator Username: Rob328gts Post Number: 6198 Registered: 12-2000 |
Terry, send an email to an address you know that doesn't exist and see if you get an "Undeliverable". It would be bad if they just filtered out all undelieverables as you wouldn't know if you had mistyped a real email address. | |||
| Terry (Dogue)
Member Username: Dogue Post Number: 388 Registered: 9-2001 |
I use msn and I was getting more than 40 a day of the returned emails, Called msn, after about an hour looking for an actual phone number, and it stopped almost imediately. The tech support guy said they were aware of the problem and were working on it. I have no idea what they did, but it might be a good idea to call your email administrator. | |||
| Pat Pasqualini (Enzo)
Member Username: Enzo Post Number: 920 Registered: 2-2002 |
Yep there is no solution to e-mail spoofing. Just grin and bear it I guess. | |||
| Rob Lay (Rob328gts)
Board Administrator Username: Rob328gts Post Number: 6194 Registered: 12-2000 |
I guess the only temp solution is to change email addresses. I think the only perm solution is when all 3,000+ users and anyone else in the world that has my email somewhere on their computer scans their computer and removes any virus. | |||
| Eric Eiland (Eric308gtsiqv)
Member Username: Eric308gtsiqv Post Number: 959 Registered: 11-2001 |
Had one of the employees here with this same problem, and asked me what was causing this (running Windows 2000 Pro). He received nearly 30 emails over the weekend just like you mentioned. His machine is scanned with virus files up to date. Haven't figured out a solution yet.... | |||
| Pat Pasqualini (Enzo)
Member Username: Enzo Post Number: 919 Registered: 2-2002 |
Rob, You are correct there is nothing you can do to stop this. This is called "Spoofing". Some of the recent virues scanned your hard drives looking for e-mail addresses in any documents (text files, word docs or anything that contained a e-mail address) that were stored on your hard drive. It should stop after a while it all depends how many places your address is out there and how many people had the virus that took your e-mail. If this doesn't make any sense let me know. | |||
| Craig Dewey (Craigfl)
Member Username: Craigfl Post Number: 672 Registered: 1-2001 |
I surmised that is what was happening to me too. My computer was never infected and my antivirus is up to date and I'm getting the same @#$%! returned emails... | |||
| Rob Lay (Rob328gts)
Board Administrator Username: Rob328gts Post Number: 6190 Registered: 12-2000 |
Ok, so the past month has been bad virus wise on the internet. First the Blaster then I guess the variant Sobig. Well, my computer has been scanned, cleaned, updated Windows, and have updated my virus software. I'm still getting 30-40 emails a day that are either "Undeliverable" emails I never sent in the first place or actually get unknown attachments that have the Sobig in it. Anyway, I think I know what's going on, so I just wanted to confirm with everyone and then also ask if there's anything else I can do, which I don't think there is. The major problem with these viruses is that you're allowed to have whatever address you want in the From: and To: field of an email. So all these undeliverable emails were emails I never sent in the first place, it's just that someone with me in their address book (3,000+ users) with the virus is sending emails out with my address in the From: field. So when they bounce, the "Undeliverable" is sent to me. I'm also receiving several attempts to send me the Sobig because the virus is putting my email address in the To: from an infected computer. Well, do I have that right? So basically, there's nothing I can do about receiving 30 of these emails a day unless I change my email address, but then when I send out next months newsletter my new address will be back in the address book of everyone again. Please explain if I'm missing anything here. Everyone else, make sure your computer has been scanned, cleaned, and updated! |
Upload