| Sponsored Links |
|
|
This script was written to help to understand that spammers can use forged mail addresses such as forger@3dmail.com. This helps `educate' innocent victims of the spam that the spam source may not be from innocent@3dmail.com. Like them, we are also innocent victims. We hope that this would create less traffic by having the `victims' of the spam direct their complaints to the right source i.e. the Postmasters of the open relays.
This script analyses a spam header and provides with results with the aim of identifying:
1. The Open Mail Relay Servers that allowed a spammer to use such servers to sent `forged' spams.
2. It allows you to sent the IP address of the Open Relay Mail Server to http://www.ordb.org to track/test/ notify the administrator of the Postmaster of the server that their servers are misused by spammers.
3. It also tries to identify the dial-up IP of the spammer. This is usually the case when the spammer uses the connection of his dial-up ISP to sent spams directly from his computer. (In such cases, no Open Relay Mail Server is used). Your recourse? Please notify Postmaster@the-dial-up-service and/or Abuse@the-dial-up-service.
Provide only the header of the spam mail. An example is shown below:-
Received: from bigiron.lakewest.com [204.42.81.30] by mx04 via mtad (34FM1.5.01) with ESMTP id 728eiFc710113M04; Wed, 06 Sep 2000 02:58:52 GMT Received: from IVUFIHNBNHUQMVKLILDPXQGFEDJXAVJIREOBLCCA (216.191.72.246 [216.191.72.246]) by bigiron.lakewest.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id SK6F8GH6; Tue, 5 Sep 2000 23:07:57 -0400 To: umHB@excite.com From: pnWx@3dmail.com Subject: Internet Marketing Database (gayn)
I first found the concept from http://www.abuse.net/relay.html useful. Thus, I developed and refined this software when a recent spammer forged my @3dmail.com domain. Many people believed that the forged mail came from @3dmail.com and sent their compliants not realising that we are equally a victim of such spams.
We had used some of the testing concepts at Abuse.Net and ORBS.ORG (now discontinued, but there are others to replace it like ORDB.ORG)to develop this software. We will make available this source code at a later date as we are still refining / developing it.
Currently, I felt that Abuse.Net program only allows you to do a detail testing on a specific server. In my opinion it does help to identify various servers that allows Open Mail Relays from a message header. This is where, this software helps you to find out and understand what to look for.
If you want to test a specific server IP, you should still visit Abuse.Net to test 17 or more server settings to see if there are any loopholes in that server. Currently my program is targeted only to provide you information of any servers that specifically have Open Mail Relays.
Most common mail servers that had attempted to block open mail relays would have passed upto the first 7 common anti-spam tests. We prefer to be a little stricter in our test and decided that a server should at least past 12 tests that this program will check. Currently, our mail servers have been tested and passed the 17 tests. We do not expect all other mail servers to achieve such a standard. If they have passed the 12 tests, most likely we can consider that the postmaster of such a mail server has made a good attempt to protect their servers from allowing spammers to use it. If you use the test at Abuse.net and found that the specific server failed some of the tests you can forward the information to ORDB.ORG to let their program further test the server.
So long as a server fails any one of the 12 tests, my program will consider the server an OPEN RELAY MAIL server. Which is most likely how the spammer had used it to sent you a spam.
This software retrieves all mail server & IP address. It will do a test to see if a server has willingly or unwillingly opened port 25 (SMTP server is running). Note: By right all authentic received: header should have been received by a mail server who has port 25 up and running.
Those servers which is found to be unknown or cannot be connected, are seemingly forged details. It could also be a personal SMTP used by the spammer during the period when he connects to a dynamic IP to sent out spams. If the program found that an IP is no longer reachable, it means that the dial-up session could be closed after the spammer logged out of their ISP.
I recommend that you use the link provided at http://www.ordb.org to test, notify and track that Postmaster of the `offending' mail server that allowed Open Mail Relays.
One good thing I like about using the program at ORDB.ORG is that it will track the response or no response from the Postmaster of the mail server that allows Open Relays. If they do not do anything say after a week, ORDB.ORG will post the domain to a `blacklist'.
I appeal to you not to sent us a complaint note but rather use this software that I created to identify the offending websites. Please understand our situation as it would create more unnecessary traffic.
Please note that this software does not automate the process of reporting to the various affected parties. We feel that some Administrators does not like that. So instead, it aimed to help you find out the source. We leave the notification to you or you can use the link to ORDB.ORG to do that for you.
This system is `used as it is' meaning that we will NOT BE HELD RESPONSIBLE for/nor ascertaining the accuracy of spams or used as a referee. However, I believe, that this program will provide or (try to provide) you a pretty accurate identification of the spam source.
Please understand that in most cases all the open mail relay is often due to misconfiguration or no knowledge about such loopholes. So it is best that you write a nice message to the adminsitrators or their abuse department in that domain to take some action in securing the site. For more experienced sites that take an effort to try to secure their sites, they most likely have an email address: abuse@(the domain). Otherwise, you should email to Postmaster@(the-domain) or both addresses.
So far, I find the method used by www.ordb.org effective in `shaming' the mail servers that allows Open Mail Relays. Please forward the identified OPEN relay servers to their database for notifying the postmasters. Best of all it tracks them!
So far we find that most administrators will do something to close the OPEN RELAY if they are being misused. (Anyway this should be the case as the spammers are abusing their server resources).
We keep a detailed log of the servers been tested. But these are not shown to the public.
We keep track of all mail servers which has been test for NON-RELAY and for ALLOWING RELAY. If in future, a test is redone with these system already tested, the sites affected will not be actually tested. A message will appear that the server has been tested before.
This is done to save valuable server resources and time. So all new servers will be tested ONCE ONLY.
3Dmail.com does not approve of spam, as it wastes lots of unnecessary bandwith, time and invade individual e-mail privacy. As far back since we started, we have made an effort to play a small part by actively making an effort to continuously update our mail servers from Open Mail Relays and updating them with the most recent updates.
This tool aims to help to educate those who are not aware that spammers can forge e-mail addresses and also help to identify servers that have OPEN RELAYS that allows a spammer to sent mass mailing through them. It is these OPEN RELAY that spammers can forged fake domains names, and hide themselves from prosecution.
Please do not email us as it will only contribute to further waste of resources as we are usually like yourself a victim of such forged mail headers. DO NOT allow reply to such spams to REMOVE as it may be intended to let the spammer know that your e-mail address is active.
(c) 2000, Robert Lee - 3Dmail.com, Kappvest Infoserv Pte Ltd
Visit our other Networks: www.geomancy.net | forum.geomancy.net | www.lovesigns.net | www.palmistry.net