[HPFGU-OTChatter] A note about the SPAM flags

Przemyslaw Plaskowicki przepla at ipartner.com.pl
Thu Feb 5 20:57:38 UTC 2004


Iggy McSnurd wrote:

>I checked into Yahoo's help-files, and the only real reason those
>accounts should be getting flagged as SPAM is if those posts are being
>sent to multiple addresses at the same time, either overtly, or through
>a BCC:.
>
>For those of you who are falling prey to this, I have a bit of advice:
>Have a full system check done by your Anti-Virus and see if it catches
>anything.  The big virus that the e-community is dealing with does a few
>things, but one of them is also sending information to certain computers
>via attachments and/or BCC:'s so that the virus can gather information.
>
>This is especially likely if you're connecting on from a work or school
>based e-mail address that requires you to go through your employer or
>school's host servers.  (This is because those are the ones most likely
>to be affected by the major aspect of this virus.  This can also happen
>to your PC if you have LINUX on it... since the virus is designed to
>latch onto LINUX as its primary function.)
>
>If you don't qualify under the major factors (work/school based e-mail
>and/or LINUX on your personal system) or you're not sending these
>letters to multiple addresses in any way that you know of, then it's
>something that we might want to work on narrowing down.  If there's
>another reason for this, we will want to look into it, and/or report it
>to Yahoo for investigation.
>
>(The Elves may also want to check if the SPAM guard has been activated
>for the group, and who did it...  This will help as well.)
>
>Thought I would let you all know. 
>
>
>Iggy McSnurd
>
>  
>
Dear Iggy,

With all due respect, you really shouldn't have written this. Apparently 
you have no idea about what are you talking about.

Speaking as a person who does System Administration for a living, all 
what have been said above is total nonsense.
Firstly, quick view of those messages classified as spam is that they 
are mostly (or even only as I didn't check all messages) send via web 
page form since they contain those lines:

User-Agent: eGroups-EW/0.82

X-Mailer: Yahoo Groups Message Poster

As a side note those messages contain this line:
X-eGroups-Rocket-Track:
1: 100 ; SFLAG=OPENRELAY ; IPCR=g-w0,n0,g100 ; SERVER=66.218.86.245
which is apparently an information why it was marked as spam (openrelay 
in this case) -- of course how can this be the problem when message is 
sent via Web Form, is beyond my comprehension.
Also those spam tags appear only in posts received via e-mail. They are 
not tagged as spam on web archives (cf. OT-Chatter mesgs #21399 -- not 
tagged in web archive, tagged in my inbox).


Secondly, the description of current virus outbreak internals is just 
plain wrong. See this link: http://vil.nai.com/vil/content/v_100983.htm 
for REAL info how does it work. Quoting from this site: "Mydoom only 
infects systems running Microsoft Windows."

Thirdly, this virus have nothing to do with 
Linux/Unix/FreeBSD/HPunix/AmigaDOS and any other Operating System 
besides Microsoft WIndows. As a matter of fact MS Windows is the only 
modern OS affected with viruses.

Fourthly, since the beginning e-mails are being sent via "your employer 
or school's host servers". (I shall refrain from pointing the difference 
between terms "host" and "server" and nonsense of "host server" term).

I agree, however, that mods should ASAP disable SpamGuard filters on all 
HP4GU groups as current implementation is obviously broken.

Regards,

-- 
Przemyslaw 'Pshemekan' Plaskowicki
He not busy being born is busy dying. (Bob Dylan)







More information about the HPFGU-OTChatter archive