Another attack to fight off

Scott Silva ssilva at sgvwater.com
Thu Feb 28 20:07:38 GMT 2008


on 2-28-2008 9:39 AM Kevin Miller spake the following:
> Scott Silva wrote:
>> I see a new reason to block OoO replies;
>>
>> It seems that spammers are using legitimate webmail accounts to
>> bounce their garbage via OoO replies. Just fake the sender, and
>> suddenly you have spam with legitimate DKIM sigs, valid SPF, and
>> maybe even whitelists. 
>>
>>
> http://www.networkworld.com/news/2008/022608-out-of-office-messages-turn
> ed.html
>> Filthy spammers!
> 
> Dang those boys are clever.  Imagine if they turned their creativity to
> world peace and cheap, clean energy.  Too bad there's no money in that.
> 
> So how are you blocking Oo0 replies?  There a spamassassin ruleset for
> that or what?
> 
> ...Kevin
I haven't quite figured out how to block them without also blocking Outlook 
read receipts.

But if it is spam, it should still get caught by spamassassin and the digests. 
DKIM verified only subtracts a small amount from the total, and I have spam 
that scores double digit quite regularly.

It just means that there will be a little more low scoring spam sneaking in, 
and here I tag and attach that so it doesn't automatically preview in the 
windows MUA's. And stripping web bugs and other nasties also helps.

-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20080228/defabcae/signature.bin


More information about the MailScanner mailing list