October 25, 2006

Crafty Spammers

Filed under: T3city — pj @ 4:01 pm

Yesterday, T3city started receiving complaints from AOL about spam received from our mail servers. This is not so unusual – some of our users forward email to their @aol.com email address and whenever spam is forwarded and the user complains to AOL, AOL complains to us. Even though we aren’t the source of the spam, from AOL’s perspective, forwarded spam comes from our mail servers.

At first, I incorrectly assumed that, as often happens, one of our users was reporting the forwarded mail to AOL as spam. Usually when this happens, I figure out who is reporting the spam to AOL and ask them to turn off forwarding or stop reporting spam to AOL. Sometimes the AOL spam complaint messages we get don’t have enough information to figure who is reporting the spam, so I have to wait for a message that has a header I can use.

In this case, I never got a message I could use. The spam looked pretty obnoxious and the source was mostly systems in China. I decided to start blocking the IPs of the systems that were sending us the spam. A lot of the IPs were from one ISP in China that has some huge IP address allocations. Blocking the IPs slowed down the AOL spam complaints, but there were other IPs from all over the world sending spam through us to AOL addresses. (more…)

Powered by Teztech