[103496] in North American Network Operators' Group
Re: Hotmail NOC Contact
daemon@ATHENA.MIT.EDU (Michael Holstein)
Thu Apr 3 12:07:10 2008
Date: Thu, 03 Apr 2008 12:03:42 -0400
From: Michael Holstein <michael.holstein@csuohio.edu>
To: "Fox, Thomas" <tfox@expertsmi.com>
CC: nanog@merit.edu
In-Reply-To: <00eb01c8959e$0daef3c0$290cdb40$@com>
Errors-To: owner-nanog@merit.edu
> We have identified that messages from your IP (209.255.20.17) are being
> blocked based on the recommendations of the Symantec Brightmail as
> traffic/e-mail originating from your IP matched characteristics of recent
> spam attacks from compromised, or 'zombie' infected, machines.
>
Do you rewrite/forward mail? .. we're a .edu, and allow our students to
forward to hotmail/yahoo/whatever .. so when a phishing/malware sweep
hits campus, about 60% is reflected back onto the Internet (sometimes
our Anticrap gateway catches it, sometimes not). Because of the way
addresses are re-written, it looks like it came from us.
> After reviewing the information you provided, we have taken steps to remove
> the block. This change should take effect within the next 24-48 hours.
>
>
They're true to their word here .. we got ourselves de-listed in ~12hrs.
Cheers,
Michael Holstein
Cleveland State University
