AOL: Menace to the 'net

Sean Embry sean at NISD.NET
Mon Jan 13 15:09:43 GMT 2003


>Julian Field wrote:
><snip>
>I have noticed that viruses received from AOL include an
>X-Apparently-From: header, which presumably the AOL mail server is
>inserting when receiving mail from the SMTP server built into the
virus.
>
>I haven't verified whether you can contact the owner of the infected
>machine using the email address in this header.
><snip>

I've sent several e-mails to AOL requesting this information.
I've not received ANY kind of answer at all, which doesn't
really surprise me at all.

I have sent e-mails to these addresses, and not gotten a bounce
because
the address is invalid. I get nothing at all, or "This user doesn't
want to receive
e-mail from your account." I've also not ever gotten anything from any
of these
users, but then again the e-mail I send concludes with "I am not
allowed to
assist you in this matter. If you are unsure how to proceed, please
contact
a friend and ask their advice."

I had 207 Klez alerts from AOL accounts in my in box this morning
(Sunday
night to Monday morning). Some of the accounts have been reported as
long as eight weeks ago, and most every day since. If I wouldn't get
lynched, I'd start blocking AOL at MX'es I run. I've blocked ISP's for
less in the past, and they are still on the block list. (Ignore a
problem
for a week, win a place in my block list after last warning.)

If I suspected that AOL would start blocking my abuse reports, I'd
start
forwarding all these reports to them automagically.

Sean



More information about the MailScanner mailing list