SPAM and Backscatter
SPAM, Backscatter, multiple MailerDaemon messages
The problem is quite complicated. We refer to it as "backscatter". This happens because your e-mail address has found its way onto a SPAM list. A spam list is a long list of e-mail addresses that spammers use to send bulk e-mail. Unfortunately, there isn't much you can do to decrease the number of such messages. The best step to take is to delete them. We may be able to help you set up a rule that will automatically move mailerdaemon messages into a separate folder, outside your inbox. Note that not all mailerdaemon messages are bad, there may be legitimate ones. See below for an explanation of how these messages get generated, and why there may be legitimate ones.
Almost every e-mail system has a "robotic" mailerdaemon account that automatically responds when an e-mail address listed in a message is NOT found (there's no person behind the mailerdaemon account). This mailerdaemon account has valid uses. Take this for example: Joe sends a message to an e-mail list (that consists of email@example.com, firstname.lastname@example.org and email@example.com). The message arrives in our (middlebury) mail system, and our (middlebury) mailerdamon finds that firstname.lastname@example.org doesn't exist, so it goes ahead and e-mails the other people on the list (including the sender, Joe) that email@example.com doesn't exist in our e-mail system. The message from mailerdaemon can help the sender to figure out why firstname.lastname@example.org doesn't exist (maybe the sender made a typo, and the correct address is email@example.com). Having some indication that the message did not reach firstname.lastname@example.org, is better than having no response and thinking that the message got there successful. That's how the mailerdaemon messages get generated, and why these messages may have valid uses.
So imagine the spammer sending a bulk e-mail message to a long list of people on different e-mail systems. If some of those people on the list don't exist, the mailerdaemon of each e-mail system will respond back, saying so. And since there's no person behind this account, there's no way to control these responses.
- Warning About Phishing Messages
- March 14, 2008
- Phishing email warning
The College (like many other institutions) has been a target of fake (or "phishing") email offers/warnings. These malicious messages are meant to trick users into sending sensitive information to spammers. The best thing to do with these email messages is to delete them.
Here is a transcript of such a "phishing" message. If you receive a message such as the one below, do not reply to it, simply delete it. It sometimes helps to forward the headers of the phishing message to the Helpdesk. Contact the Helpdesk to find out how to forward the headers.
-----Original Message----- From: EDU ACCOUNT UPGRADE TEAM [mailto:email@example.com] Sent: Friday, March 14, 2008 6:35 AM Subject: FINAL VERIFICATION OF YOUR EMAIL ACCOUNT VERIFY YOUR EMAIL ACCOUNT NOW Dear Email Account Owner, This message is from educational messaging center to all our email account owners. We are currently upgrading our data base and email account center. We are deleting all our edu email accounts to create more space for new accounts. To prevent your edu account from closing you will have to update it below so that we will know that it's a presently used account. We have been sending this notice to all our email account owners and this is the last notice/verification exercise. CONFIRM YOUR EMAIL IDENTITY BELOW Email Username : .......... ..... EMAIL Password : ................ Date of Birth : ................. Country or Territory : .......... Warning!!! Account owner that refuses to update his or her account within Seven days of receiving this warning will lose his or her account permanently. Thank you for using edu! Warning Code:VX2G99AAJ Thanks, Edu Account Upgrade Team
Forged From Address
http://forum.spamcop.net/scwik/FromAddressForgery (also has a note on backscatter)
- Reporting "casual" SPAM to the Helpdesk doesn't help much.
- Reporting backscatter to the Helpdesk, doesn't help much either, but if the volume of backscatter is high, the Helpdesk can at least help you manage it.
- Reporting phishing messages to the Helpdesk is VERY HELPFUL, as the Helpdesk can quickly block responses to the phisher's address.
- You can still report any sort of SPAM at http://www.spamcop.net/ -- other people and institutions can potentially benefit from this.
Client host blocked using Barracuda Reputation
Problem: E-mail sent from off-campus messages may be blocked by Barracuda with the error Client host blocked using Barracuda Reputation.
Solution: There are three ways of resolving the problem: 1) You can setup a non-middlebury e-mail account for yourself (for example, Gmail http://www.gmail.com), ask people that have this problem to e-mail you on that account.
2) The people that have this problem can setup a another e-mail account (for example Gmail) and e-mail you FROM that account to your middlebury account.
3) The people that have this problem can review the error messages that they received. They should contain a link that will allow them to remove themselves from the spam filter. If you look at the message that you forwarded to us, you'll see this link: http://bbl.barracudacentral.com/q.cgi?ip=126.96.36.199 <-- that's the link that this particular person needs to use to remove himself/herself from the spam filter.
We (Middlebury College, or the Helpdesk) do not have control over this particular spam filter. This particular spam filter uses some sort of a reputation system to decide what's spam and what's legitimate (if you look at the error message that you forwarded to us, you'll see "blocked using Barracuda Reputation").
host shark.middlebury.edu[188.8.131.52] said: 554 Service unavailable; Client host [t-1.altavoz.net] blocked using Barracuda Reputation; http://bbl.barracudacentral.com/q.cgi?ip=184.108.40.206 (in reply to end of DATA command)