Middlebury

Difference between revisions of "SPAM and Backscatter"

 
(20 intermediate revisions by 5 users not shown)
Line 1: Line 1:
[[Category:Helpdesk]]
+
<br>
[[Category:Network]]
 
[[Category:Troubleshooting]]
 
[[Category:E-mail]]
 
[[Category:SPAM]]
 
  
==SPAM, Backscatter, multiple MailerDaemon messages==
+
== SPAM, Backscatter, multiple MailerDaemon messages ==
  
The problem is quite complicated. We refer to it as "backscatter". This happens because your e-mail address has found its way onto a SPAM list. A spam list is a long list of e-mail addresses that spammers use to send bulk e-mail. Unfortunately, there isn't much you can do to decrease the number of such messages. The best step to take is to delete them. We may be able to help you set up a rule that will automatically move mailerdaemon messages into a separate folder, outside your inbox. Note that not all mailerdaemon messages are bad, there may be legitimate ones. See below for an explanation of how these messages get generated, and why there may be legitimate ones.
+
{| cellspacing="1" cellpadding="1" width="100%" border="1"
 +
|-
 +
| '''NOTE: Backscatter may be an indication that an account has been compromised and is being used for spamming and other malicious purposes. It is advisable to change your password and check your email rules and email signature - spammers may change your email rules and signature to automatically respond with SPAM.'''
 +
|}
  
Almost every e-mail system has a "robotic" mailerdaemon account that automatically responds when an e-mail address listed in a message is NOT found (there's no person behind the mailerdaemon account). This mailerdaemon account has valid uses. Take this for example: Joe sends a message to an e-mail list (that consists of jim@middlebury.edu, jack@middlebury.edu and bob@middlebury.edu). The message arrives in our (middlebury) mail system, and our (middlebury) mailerdamon finds that bob@middlebury.edu doesn't exist, so it goes ahead and e-mails the other people on the list (including the sender, Joe) that bob@middlebury.edu doesn't exist in our e-mail system. The message from mailerdaemon can help the sender to figure out why bob@middlebury.edu doesn't exist (maybe the sender made a typo, and the correct address is bobm@middlebury.edu). Having some indication that the message did not reach bob@middlebury.edu, is better than having no response and thinking that the message got there successful. That's how the mailerdaemon messages get generated, and why these messages may have valid uses.
+
The problem is quite complicated. We refer to it as "backscatter". This happens because your e-mail address has found its way onto a SPAM list OR&nbsp;if your email account has been compromised.
  
So imagine the spammer sending a bulk e-mail message to a long list of people on different e-mail systems. If some of those people on the list don't exist, the mailerdaemon of each e-mail system will respond back, saying so. And since there's no person behind this account, there's no way to control these responses.
+
If you suspect that your email account has been&nbsp;compromised, it is advisable to change your password and check your email rules and email signature - spammers may change your email rules and signature to automatically respond with SPAM.
  
==Phishing==
+
If your email account hasn't been compromised (i.e. you've changed your password and checked your email rules and signature), then it is&nbsp;possible that your email account was added to a spam list (it hasn't been compromised but the spammers are aware of your email address). A spam list is a long list of e-mail addresses that spammers use to send bulk e-mail. Unfortunately, there isn't much you can do to decrease the number of such messages. The best step to take is to delete them. We may be able to help you set up a rule that will automatically move mailerdaemon messages into a separate folder, outside your inbox. Note that not all mailerdaemon messages are bad, there may be legitimate ones. See below for an explanation of how these messages get generated, and why there may be legitimate ones.
:Warning About Phishing Messages
 
:March 14, 2008
 
:Phishing email warning
 
  
The College (like many other institutions) has been a target of fake (or "phishing") email offers/warnings. These malicious messages are meant to trick users into sending sensitive information to spammers. The best thing to do with these email messages is to delete them.
+
Almost every e-mail system has a "robotic" mailerdaemon account that automatically responds when an e-mail address listed in a message is NOT found (there's no person behind the mailerdaemon account). This mailerdaemon account has valid uses. Take this for example: Joe sends a message to an e-mail list (that consists of jim@middlebury.edu, jack@middlebury.edu and bob@middlebury.edu). The message arrives in our (middlebury) mail system, and our (middlebury) mailerdamon finds that bob@middlebury.edu doesn't exist, so it goes ahead and e-mails the other people on the list (including the sender, Joe) that bob@middlebury.edu doesn't exist in our e-mail system. The message from mailerdaemon can help the sender to figure out why bob@middlebury.edu doesn't exist (maybe the sender made a typo, and the correct address is bobm@middlebury.edu). Having some indication that the message did not reach bob@middlebury.edu, is better than having no response and thinking that the message got there successful. That's how the mailerdaemon messages get generated, and why these messages may have valid uses.
  
Here is a transcript of such a "phishing" message. '''If you receive a message such as the one below, do not reply to it, do not forward it, simply delete it.'''
+
So imagine the spammer sending a bulk e-mail message to a long list of people on different e-mail systems. If some of those people on the list don't exist, the mailerdaemon of each e-mail system will respond back, saying so. And since there's no person behind this account, there's no way to control these responses.
  
<pre>
+
== Reporting SPAM  ==
-----Original Message-----
 
From: EDU ACCOUNT UPGRADE TEAM [mailto:arippy@purdue.edu]
 
Sent: Friday, March 14, 2008 6:35 AM
 
Subject: FINAL VERIFICATION OF YOUR EMAIL ACCOUNT
 
  
 +
*Reporting "casual" SPAM to the Helpdesk doesn't help much.
 +
*Reporting backscatter to the Helpdesk, doesn't help much either, but if the volume of backscatter is high, the Helpdesk can at least help you manage it.
 +
*Reporting '''phishing''' messages to the Helpdesk is VERY HELPFUL, as the Helpdesk can quickly block responses to the phisher's address.  Simply forward the suspected phishing message to '''phishing@middlebury.edu'''.
 +
*You can still report any sort of SPAM at http://www.spamcop.net/ -- other people and institutions can potentially benefit from this.
  
VERIFY YOUR EMAIL ACCOUNT NOW
+
[[Category:Helpdesk]]
 
+
[[Category:Network]]
Dear Email Account Owner,
+
[[Category:Troubleshooting]]
 
+
[[Category:E-Mail]]
This message is from educational messaging center to all our email
+
[[Category:SPAM]]
account owners. We are currently upgrading our data base and email account
+
[[Category:Helpdesk Documentation]]
center. We are deleting all our edu email accounts to create more space for new
+
[[Category:Public Search]]
accounts.
 
 
 
To prevent your edu account from closing you will have to update it below
 
so that we will know that it's a presently used account.
 
 
 
We have been sending this notice to all our email account owners and this is
 
the last notice/verification exercise.
 
 
 
CONFIRM YOUR EMAIL IDENTITY BELOW
 
 
 
Email Username : .......... .....
 
EMAIL Password : ................
 
Date of Birth : .................
 
Country or Territory : ..........
 
 
 
Warning!!! Account owner that refuses to update his or her account
 
within Seven days of receiving this warning will lose his or her account
 
permanently.
 
 
 
Thank you for using edu!
 
Warning Code:VX2G99AAJ
 
Thanks,
 
Edu Account Upgrade Team
 
</pre>
 

Latest revision as of 09:09, 15 October 2018


SPAM, Backscatter, multiple MailerDaemon messages

NOTE: Backscatter may be an indication that an account has been compromised and is being used for spamming and other malicious purposes. It is advisable to change your password and check your email rules and email signature - spammers may change your email rules and signature to automatically respond with SPAM.

The problem is quite complicated. We refer to it as "backscatter". This happens because your e-mail address has found its way onto a SPAM list OR if your email account has been compromised.

If you suspect that your email account has been compromised, it is advisable to change your password and check your email rules and email signature - spammers may change your email rules and signature to automatically respond with SPAM.

If your email account hasn't been compromised (i.e. you've changed your password and checked your email rules and signature), then it is possible that your email account was added to a spam list (it hasn't been compromised but the spammers are aware of your email address). A spam list is a long list of e-mail addresses that spammers use to send bulk e-mail. Unfortunately, there isn't much you can do to decrease the number of such messages. The best step to take is to delete them. We may be able to help you set up a rule that will automatically move mailerdaemon messages into a separate folder, outside your inbox. Note that not all mailerdaemon messages are bad, there may be legitimate ones. See below for an explanation of how these messages get generated, and why there may be legitimate ones.

Almost every e-mail system has a "robotic" mailerdaemon account that automatically responds when an e-mail address listed in a message is NOT found (there's no person behind the mailerdaemon account). This mailerdaemon account has valid uses. Take this for example: Joe sends a message to an e-mail list (that consists of jim@middlebury.edu, jack@middlebury.edu and bob@middlebury.edu). The message arrives in our (middlebury) mail system, and our (middlebury) mailerdamon finds that bob@middlebury.edu doesn't exist, so it goes ahead and e-mails the other people on the list (including the sender, Joe) that bob@middlebury.edu doesn't exist in our e-mail system. The message from mailerdaemon can help the sender to figure out why bob@middlebury.edu doesn't exist (maybe the sender made a typo, and the correct address is bobm@middlebury.edu). Having some indication that the message did not reach bob@middlebury.edu, is better than having no response and thinking that the message got there successful. That's how the mailerdaemon messages get generated, and why these messages may have valid uses.

So imagine the spammer sending a bulk e-mail message to a long list of people on different e-mail systems. If some of those people on the list don't exist, the mailerdaemon of each e-mail system will respond back, saying so. And since there's no person behind this account, there's no way to control these responses.

Reporting SPAM

  • Reporting "casual" SPAM to the Helpdesk doesn't help much.
  • Reporting backscatter to the Helpdesk, doesn't help much either, but if the volume of backscatter is high, the Helpdesk can at least help you manage it.
  • Reporting phishing messages to the Helpdesk is VERY HELPFUL, as the Helpdesk can quickly block responses to the phisher's address. Simply forward the suspected phishing message to phishing@middlebury.edu.
  • You can still report any sort of SPAM at http://www.spamcop.net/ -- other people and institutions can potentially benefit from this.
Powered by MediaWiki