Darrall Pullen

Birmingham

Solutions Architect

I recently found that my spam filtering software from ******** was not filtering out the messages that were being generated from a whitelisted person who had a secuiryt threat on one or more of their company computers. 4500+ messages an hour being dumped into my admin boxes from spoofed SMTP senders with no patterns. Ok so the SMTP header proved the culprit party but to my disgust upon confrontation of the respective IT manager he admited that a Virus/Virii/Threat were on his LAN and VPN circuits and that he didn't have up to date security to protect his systems/users. This was not bulk e-mails, rather singular messages generating massive amounts of traffic from both sides either as sent SMTP or NDRs. Blocking the domain was not an option as we do legitimate business with this organisation daily and so could not just cut the off. My answer was to write a script bombarding(400-1) their entire SMTP domains with email for every message they sent me that was spoofed SPAM email from their domain. It took a few days to get the message but now they have a decent AV and spam protection policies. Luckily we had 400% more bandwidth to waste in this instance but how else can you block the SPAM that comes from legitimate businesses that have security breaches. I understand how you could use identification to block SPAM using blacklists but how could this be adressed by what is being dicussed here?