SCOUG-HELP Mailing List Archives

<< Previous Message << >> Next Message >>

Date:	Tue, 23 Sep 2003 22:12:18 PDT7
From:	"Robert Blair" <blairra@tstonramp.com >
Reply-To:	scoug-help@scoug.com
To:	scoug-help@scoug.com
Subject:	SCOUG-Help: Rejected messages that I never sent

=====================================================
If you are responding to someone asking for help who
may not be a member of this list, be sure to use the
REPLY TO ALL feature of your email program.
=====================================================

** Reply to message from Peter Skye on Tue, 23 Sep 2003
19:47:36 PDT7

> Since last Friday I've been getting about two per hour. I am *also*
> getting "Microsoft Security Update" notices (the name changes a lot)
> telling me to install the attached patch, which is an ongoing
> replication of the Swen virus.

The security update is a virus. As I recall the "administrator" message is
also a virus.

> If you aren't running Windows or an SMTP server then somebody else is
> simply using your email address in their From field or a virus on their
> machine is reading their address book or (typically) the last-received
> message in their inbox (which could be a mail list posting from you) to
> get a random From address.
>
> I've tried tracing these darn things and they appear to be coming from
> everywhere. Of interest is the Message-ID which you can check against
> the lowest (first) Received line in the header. The Message-ID field
> contains a date-time stamp plus the name of the originating SMTP server.

Coming from all of those windows users that are infected which is everywhere.

I have not read the RFC about the message-id but from what I see is if there is
a message-id no other server will replace it. So it may be inserted by any
mail server along the path from source to destination. I sometimes see a
message-id inserted by my ISPs mail server since there was not one in the
message when it got it. I do know that the content of the message-id can be
anything as long as it is, in theory, unique for the internet (no two messages
will have the same message-id).

> I've even gotten these bounceback messages from auto-reply machines such
> as people on vacation and tech support departments ("We'll respond as
> soon as possible.") and I even got one from a mail list server that
> tried to interpret the lines as commands.
>
> So you're not alone. I just delete them, hoping Swen will die down in a
> few more days. The "Microsoft Security Update" notices are the biggest
> pain since each one is 155K and, at two per hour, my 10 MB inbox fills
> up in a day or so.

I guess I am lucky, I have not received a single security update (it may be
that my ISP is deleting them but should not as I have told them not to filter
my email). I have heard of some people getting thousands a day.

--
Robert Blair

=====================================================

To unsubscribe from this list, send an email message
to "steward@scoug.com". In the body of the message,
put the command "unsubscribe scoug-help".

For problems, contact the list owner at
"rollin@scoug.com".

=====================================================

Return to [ 23 | September | 2003 ]

SCOUG, Warp Expo West, and Warpfest are trademarks of the Southern California OS/2 User Group. OS/2, Workplace Shell, and IBM are registered trademarks of International Business Machines Corporation. All other trademarks remain the property of their respective owners.