Incredible spam assault today

Forum Moderators: phranque

Message Too Old, No Replies

Incredible spam assault today

like nothing I've seen before

httpwebwitch

7:49 pm on Mar 1, 2008 (gmt 0)

On a typical day my main Inbox will receive 150-200 spam messages. Today I connected to the mail server and there are 70052 messages waiting. That's right: seventy thousand and fifty two. I predict perhaps 6 or 7 of them will be legit.

They're still downloding... so far most of them look identical with a blank subject line, and a body message hawking - oh the irony - email advertising services. Definitely a brute force effort spamming messages to someWord@myDomain.com, anotherWord@myDomain.com, etc... multiplied by a robust portion of my domains

I never expected this morning that it would take several hours to check my e-mail

Oh, and according to my virus filter at least one of the messages contained a Trojan

(sigh)
I hope the powers that be catch this spammer and nail his yaddayadda to the wall

httpwebwitch

8:40 pm on Mar 1, 2008 (gmt 0)

50 minutes later, and I'm almost 17% done downloading them all. Math says this will take about 4.6 hours

Romeo

8:59 pm on Mar 1, 2008 (gmt 0)

someWord@myDomain.com, anotherWord@myDomain.com,

Take care that your server does not receive more spam mails faster than you can retrieve them ...

So, as a first measure, it may be wise to switch 'catch-all' off ...

jtek

11:01 pm on Mar 1, 2008 (gmt 0)

Over the years I have had different spam filters ranging from spam-assassin in our server, Postini and even a long list of custom filters on my mail server.
Strangely a few years ago I tried Yahoo as a webserver for multiple of our domains. When I left I think they sold our alias list of names because since then our spam quadrupled.
I recently changed over to www.spamstopshere.com and setup multiple domains to pas the MX records thru.
My SPAM is down from 1000�s a day to just a few a day. Their GUI is the easiest to use and well worth the $$$$$

Alan Dobbs
Houston

jtek

11:04 pm on Mar 1, 2008 (gmt 0)

Oh a quick note your server may be set as a "Open Relay" check into it as my old Cobalt year ago was accidently set and the flood gates of spam were pouring in.
A open relay is having a 3rd party use your server to distribute spam so they cannot be traced.

httpwebwitch

12:13 am on Mar 2, 2008 (gmt 0)

7:13 PM, and still downloading...

pageoneresults

12:33 am on Mar 2, 2008 (gmt 0)

7:13 PM, and still downloading...

Do you receive emails from some of your websites? Do you have any type of .exe running that sends out a newsletter or promotion?

There was a time where I thought we were under a brute email spam assault. Come to find out, one of our .exe's for email promotions got stuck due to an invalid character somewhere in the email. The system didn't catch it and the emails bled out over a period of 5 hours before it was caught. All to the same recipient. Got us Blacklisted too. :(

Stefan

3:12 am on Mar 2, 2008 (gmt 0)

Brutal. My sympathies. Be glad you're not on dial-up. If that happened to me, it would take days :-)

Have you checked to see if there's an IP# or range responsible that you can block?

Staffa

10:59 am on Mar 2, 2008 (gmt 0)

Instead of downloading all these messages, why don't you delete them on the server ?

Tropical Island

1:04 pm on Mar 2, 2008 (gmt 0)

Instead of downloading all these messages, why don't you delete them on the server ?

My thoughts exactly.

I had similar problems while using my website mail service until I switched to Gmail.

Now I can quickly delete any problems BEFORE downloading to my computer.

BananaFish

3:27 pm on Mar 2, 2008 (gmt 0)

With this type of attack, you're probably not the intended target. The spammer most likely intended for the messages to bounce the invalid account names instead of collecting in your "catch all" box. Certain MTAs, such as Qmail, will bounce these messages, with the receipient being the forged return header. So if you get rid of the catch all, your mail server may bounce the messages, basically sending out mail for the spammer, who's intended recipient is the forged return address.