[lug] semi-related: advice on making The Call?

Bear Giles bgiles at coyotesong.com
Thu Jun 13 15:25:49 MDT 2002


Semi-related to tonight's topic, I've been having to make a large
number of The Calls today - "Hey ******, why are you sending out 
spam with my domain name?!"  The response has been predictable:

First stage of denial:  

  we don't send out mail for insurance quotes,
  credit card processing, etc.

Second stage of denial:

  we aren't an open relay (whispered to someone else: "what's
  an 'open relay'?"), usually combined with "why do you want
  a non-work email account to forward the 'bounce message'?

Third stage of denial:

  We'll have our exchange guy look at it,

then finally a sheepish "it's been fixed now."  Yeah, right.  I'm
sure the people who left the open relay in place and don't understand
why I refuse to send the incriminating evidence to one of their 
possibly compromised accounts (if they've been cracked, not just
relaying) can fix all of their security holes in a matter of an hour
or so.  They just needed someone to point out that they should look
in their own **** logs.

Yeah, right.  But they're MCSEs so they're the experts.


I don't want to hijack tonight's meeting, but I'm also at my
wit's end here.  We all know that we need to have incidence response
plans in place before The Call, but how do you deal with the clueless?
(E.g., one company just hung up on me after skeptically taking down
some of the keywords in the headers.  They didn't seem to realize
that I'm already working with state and federal investigators and
I need to have a definite response one way or the other - they deny
the problem exists, they think they closed an open relay or cracked
system, or they're working with their own investigators and I'll
share my contact information with those investigators.)

(Okay, the "working with" is a slight exaggeration, since it's
mostly forwarding additional information referencing an open
complaint.  But I don't like seeing my domain name being dragged
through the mud because some people are too dumb to know they 
have an open relay.)

Bear



More information about the LUG mailing list