Giggle. Snort. Guffaw.
Mar. 13th, 2007 08:47 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
elfsDear Pendorwright User:I've elided the link URL. I received this the day after I had completed a security survey and had a third party independently confirm that there was no external evidence of virtualization of the Pendorwright machine (i.e. nobody else was seeing any unusual traffic on the wire).
We have recieved complaints that your account was being used to send unsolicited commercial email. Your email service has been suspended. Please contact us here and enter your username and password to re-enable your email service.
Sincerely, The Pendorwright Support Team
Sorry, this was just too amusing. Have these people no brains at all?
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2007-03-13 04:51 pm (UTC)Yes, they have no brains.
no subject
Date: 2007-03-13 04:51 pm (UTC)no subject
Date: 2007-03-13 04:55 pm (UTC)Yeah, I've been getting that sort of thing too. nd since I'm all but two of the users on my domain, it gets kinda obvious, y'know.
no subject
Date: 2007-03-13 04:53 pm (UTC)I recently received almost 6000 bounced messages that purported to come from an account in my domain and to have been sent via the mail server on the box that hosts my domain.
Of course, examining the Receieved lines showed that the "first" one was a forgery.
Probably more trouble than the idiots you are dealing with felt like going to.
no subject
Date: 2007-03-13 05:05 pm (UTC)No, actually, you shouldn't. Nobody should. it hurts too much.
Probably due to changing ISP requirements
Date: 2007-03-13 05:33 pm (UTC)I have to figure it's due to the fact that many ISPs now require authentication for SMTP. We end up moving with some regularity, and I've noticed that the default config has changed over the past... oh, about a year and a half. Every one of them (3 in my completely invalid statistical sample) has required you have an email account with them and use its credentials to authorize outgoing mail. Once that requirement is met, they don't give a hoot what the return address is. I guess wi-fi has changed things to the point where "if you're using us to connect, you can use our mail server" doesn't apply any more.
As I read your comment I couldn't help but start trying to figure the math to describe something like this... for the set of (x) attempts, there is the subset of (n) successful phishing attacks. Of those (n) accounts another subset (d) will be relatively quickly disabled, but (s) will be used -- to great volume -- to send spam through mail servers that people are going to be more hesitant to blacklist. Here's hoping (s) is a very small number (sadly, it won't be) and the ratio of (n)/(x) is skewed to indicate greater human intelligence and suspicion (again, I don't see it happening). The relationship of (x-n) to (d) to (n-d) to (s) shows the relative sizes of the population that are (1) paying attention, (2) too trusting but still paying some attention, (3) gullible and (4) oblivious.
Eeep... I think I'm gonna go hide now. I don't like how those numbers are going to come out, especially where I'm living now.
Bryan.
no subject
Date: 2007-03-13 11:26 pm (UTC)