Just found this on the "wire"
Well, nice to be one step ahead for a change :-) Thanks Phil!
http://www.news.com/News/Item/0%2C4%2C8247%2C00.html?nd
> Email vendors fight spammers
> By Nick Wingfield
>
> February 25, 1997, 6:30 a.m. PT
> Last Saturday, the email server of a
> small Internet service provider in
> the southwestern United States
> started to churn out email broadcasts
> from a lone user to more than 45,000
> email addresses. Naturally, the ISP
> was curious who the "spammer" was.
>
> Unfortunately, the spammer employed a out in court
> simple technique for sending email
> from the ISP's server without
> actually having an account on its
> system, making the culprit difficult
> if not impossible to track down. But
> some Internet email vendors,
> including Netscape Communications and
> Software.com, are now taking steps to
> prevent the hijacking technique--well
> understood among messaging and
> security experts, but still widely
> disregarded by organizations that run
> email servers--from working on their
> products.
>
> The technique is startlingly easy to
> exploit, and a potential boon for
> email spammers than want to cover
> their tracks. Users need only to
> designate an email server as the
> outgoing SMTP (simple mail transport
> protocol) server in a standard email
> client such as Eudora. Provided that
> the email server is not shielded by a
> firewall or some other security
> mechanism, the user will be able to
> log on the server through any ISP
> such as Netcom or CompuServe to send
> email to a potentially huge list of
> users--all without an account or
> password.
>
> For some spammers, the opportunity to
> hijack someone else's mail server
> further distances them from the
> hostile responses that almost always
> follow spams. In the case of the
> Southwestern ISP, the spammer, who
> connected to the ISP's mail server
> through PSINet, entered a false
> return address and name in his email
> client. When irate users began to
> respond to the spam--a $28.95 offer
> to convert their handwritten
> signatures into a True Type font--the
> messages bounced back to the users
> themselves and to the email
> administrator at the ISP.
>
> "That was what was mean about the
> whole thing," said the head of
> operations at the ISP, who asked not
> to be identified in order to avoid
> alerting a competitor to his
> company's misfortune. "Of the 45,000
> messages sent out, probably about
> 6,000 of them were invalid. We're up
> to about 14,000 messages to our
> postmaster."
>
> "There are certain users that have
> become vigilante anti-spammers.
> They'll take a 100 megabyte
> attachment and return it to the
> sender."
>
> Although it's impossible to tell how
> many email servers on the Internet
> are vulnerable, it is not difficult
> to locate servers that are open to
> unauthorized use. A CNET reporter,
> for example, was able to locate and
> send email from five separate
> servers, including several university
> servers and one belonging to the
> White House, within the span of 15
> minutes. Email server names are
> readily available on Usenet newsgroup
> postings.
>
> Some email systems, such as the
> popular Sendmail program in Unix
> servers, already allow administrators
> to block out unauthorized use, but
> more vendors are beginning to fortify
> their products.
>
> This week, Netscape introduced a beta
> version of its Messaging Server 3.0,
> its first email server to support
> Authenticated SMTP, a feature that
> allows systems administrators to
> control who sends and receives email
> using passwords and digital
> certificates. And within the next two
> to three months, Software.com will
> allow users of its Post.office server
> to screen out selected domain names
> from accessing the server, according
> to Andrew MacFarlane, a product
> manager at the company.
>
> MacFarlane said that interest in
> finding a solution for protecting
> email servers has grown rapidly,
> something he attributed to the media
> attention paid to spamming. "The last
> month is when email [about blocking
> unauthorized email users] really
> started coming in," he said. "It's
> almost on a daily basis."
>
> In the meantime, it's unclear what
> legal recourse, if any, an
> organization has if an outsider
> hijacks their server.
>
> "This may be one of the areas where,
> if you haven't been told you can't,
> you can," said Ira Machefsky, a
> senior industry analyst with the Giga
> Information Group. "Up until now, the
> Internet has been kind of a polite
> place to do your job. Now you have a
> bunch of strangers out there."
>
> Copyright (C) 1995-97 CNET, Inc. All
> rights reserved.
--
/ Kuyper Hoffman / Vox:+27 (0) 21.689.6242 O/H GMT+0200 /
\ mailto:Kuyper@iAfrica.Com \ Cel:+27 (0) 83.444.1024 24hr Cell \
/____________________________/ FAX:+27 (0) 21.683.4695 24hr FAX /
\ SysAdmin Manager UUNET Internet Africa PO Box 44633 \
/ http://www.baps.com/kuyper Claremont 7735 South Africa /
\______________________________________________________________________\
----- End of forwarded message from Kuyper Hoffman -----
--
Kuyper Hoffman, IA-ct ext 2212, "Hey, 50gigs ain't much space!"
Revolutions started. Famines stopped. Droughts broken.
UNIX Admin, 6uldv8 , S/W Design & Devel, Network Admin.
Trouble started. Coffee drunk. Carrots diced....while-u-wait.
