Solved

What kind of spam is this and how do I filter it?

Posted on 2014-04-17
8
129 Views
Last Modified: 2015-04-28
Our exchange server has been getting spam/junk mail that contains only one or two sentences of garbled information...like a line or two from a strange play, novel, press release.

We've received three in the last 24 hours, all from different domains and they have no attachments, advertisements, or links.

Here is an example...

"The Volcano closed for a second and more elaborate renovation in February 2008 and reopened on December 8, 2008. This led him to new ideas. Black Music Research Journal 8."

What exactly are these and how do you filter them when they have no malicious content and keep coming from different domains each time to get around the blacklisting I do?

Thanks for the help,

Ryan
0
Comment
Question by:Ryan Gates
8 Comments
 
LVL 5

Assisted Solution

by:Pasha Kravtsov
Pasha Kravtsov earned 63 total points
ID: 40008022
Honestly that's a tough dilemma you're dealing with. It might seem as if you're going to have to blacklist every one of those domains by hand. That's the only way I can think of..
0
 

Author Comment

by:Ryan Gates
ID: 40008050
This is crazy... I've put all the offending domains on a blacklist and still get more. The most recent one, from yet another new domain, had the subject:

Hello Ryan (the sender has my name)

And then read:

The background in the arms is red. Andrew Young is affiliated. The palace has many lovely gardens and an oratory recreated from the ruins of the ancient Sunrunner Keep.

These are strange and annoying... Help?
0
 
LVL 34

Assisted Solution

by:Dan Craciun
Dan Craciun earned 63 total points
ID: 40008228
I'd think these are probably tests and the real spam is yet to come. They are testing to see if the emails get through, what triggers your spam filter.

The palace reference is from here: http://melanierawn.wikia.com/wiki/Dorval
and the volcano from here: http://en.wikipedia.org/wiki/The_Mirage

Dan
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 

Author Comment

by:Ryan Gates
ID: 40009067
I've been thinking the same thing, Dan... being tested before something nasty. I'm blacklisting and monitoring all incoming closely. I wish there were a way to guard against this better. I can't think of anything but thought it was worth an ask, here.

Dan, thanks for the reference links. Have any of you ever seen this type of 'testing'?

Ryan
0
 
LVL 16

Expert Comment

by:dhsindy
ID: 40191304
Does exchange have a filter for size like Thunderbird?

These all look like small simple messages.  You could experiment by setting up a folder and filtering your emails by size and see if you can trap them that way.  More difficult would be setting up a whitelist of addresses you will accept from.
0
 
LVL 23

Accepted Solution

by:
Brian B earned 62 total points
ID: 40535889
It may also be the spammer's software is broken and not sending the link. Blacklisting the domain won't help as that is reactive. The domain will keep changing, and is probably spoofed anyway.

I started using a realtime blackhole list in conjunction with a spam filter (Spamhaus Zen works really well) and most of that stuff disappeared.
0
 
LVL 16

Assisted Solution

by:dhsindy
dhsindy earned 62 total points
ID: 40538435
Another idea would be to review the headers and see if they contain the IP address or an ISP provider that you could contact.  I usually just ignore spammers like that and they get bored after a while with tormenting you.
0
 
LVL 16

Expert Comment

by:dhsindy
ID: 40560917
>> Have any of you ever seen this type of 'testing'?

I remember getting something like this years ago for a while on an old account. I don't recall ever finding a filtering method because everything was so random and unpredictable.

The action I took was to simply delete without any kind of response. It eventually stopped. This could be someone just testing for valid addresses from a list they have purchased.
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally published Entrepreneur.com Booming numbers of freelancing professionals are changing the face of work. In the United States alone last year, the number of workers freelancing grew from 700,000 to 54 million, according to a Freelancers’…
If you want to move up through the ranks in your technology career, talent and hard work are the bare necessities. But they aren’t enough to make you stand out. Expanding your skills, actively promoting your accomplishments and using promotion st…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

827 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question