Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security Spam IT

Hackers Blamed For MessageLabs Spam Blunder 44

Posted by timothy from the won't-happen-again dept.
littlekorea writes "MessageLabs claims to have discovered that the systems of one of its customers were hacked by spammers after an entire block of MessageLabs IP addresses was blocked by antispam service SORBS. Customers of the managed email service had problems with outbound mail last week after MessageLabs' IP addresses were included in SORBS' block list. The Symantec-owned service provider has assured customers it has systems in place to prevent such incidents from happening again."
This discussion has been archived. No new comments can be posted.

Hackers Blamed For MessageLabs Spam Blunder More

Hackers Blamed For MessageLabs Spam Blunder

Comments Filter:

  • Re:Please don't use ANY blacklist (Score:3, Insightful)

    by McD ( 209994 ) on Friday November 12, 2010 @09:11AM (#34205748)

    and arrives at a recommendation ("do not use DNS-RBLs").

    This entire analysis is spot on, but the reason blacklists are so popular is that they tend to work - you use one, the spam goes down, your users are happy. (Right up to the point where they discover a false positive that the RBL is blocking them from getting, anyway.)

    In light of that, "do not use DNS-RBLs" is kind of throwing the baby out with the bathwater. The obvious middle ground, of course, is "don't use DNS-RBLs to make a binary accept/reject decision." Instead, use them as a weighted input to an overall spam score, such as is done by SpamAssassin or policyd-weight.

    But then, that's generally more work. :-)

  • Re:This all sounds backwards (Score:5, Insightful)

    by JeffSh ( 71237 ) <jeffslashdot@[ ]0.org ['m0m' in gap]> on Friday November 12, 2010 @09:42AM (#34205972)

    Knowing how Messagelabs works myself, just to refine it, it probably went something like this.

    Emailserver1 is setup to relay outbound through Messagelabs all of the email.
    Emailserver1 is compromised and used as a mail relay itself
    Messagelabs receives spam generated by Emailserver1 and because all outbound email is filtered, they recognize it after a few hundred pieces of mail and begin to throttle/stop connections from the server
    A few pieces of the hundred are delivered to destination recipients
    SORBS places the entire Messagelabs /24 on their lame block list in response and because they suck as a service take forever to remediate bad blocks

    The answer to all this is Messagelabs IP ranges should never end up on SORBS' list because of what they are, an output pool for tens of thousands of people which is maintained by a company with a repuation. The fact SORBS feels it within their power to blacklist Messagelabs IP ranges shows how much power they feel that they have, power derived merely from the fact that some people use them.

    This should prove to people who use SORBS why not to use them. It's SORBS fault, not Messagelabs. The whole idea of a list like SORBS is to be a well maintained list of "bad ip's". If they add Messagelabs' /24's to their list, this proves it is not well maintained. The act of sending a small number of spam emails is inherently unpreventable almost by definition, and ML has the infrastructure in place to protect against 99.9999% of it.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close