Spammed by a University

While looking through my server logs this morning at work I noticed a bunch of email from a server at Loyola University. I looked a little closer and the email was coming from the a bunch of bogus addresses (random@gmail.com, random@hotmail.com and random@comcast.net) and all aimed at 1 user at Harley. Once I saw the from addresses I knew it was spam so I emailed Loyola letting them know they have a problem, including some entries from my logs as proof.

While I was waiting for a response I stopped up and talked to the teacher getting all of this spam and she told me she was a Loyola alumnus. I looked at some of the actual messages and found they were addressed to one of their alumni mailing lists. It looks like the university was running a mailing list that was completely open to the public. This means Joe Spammer can send 1 email to this list and Loyola will forward it to all their alumni, making the spammers job that much easier! Bah!

A little while later I get an email back from someone at the school saying that the person spamming was on the IP address 24.97.xx.xx. They said they forwarded my complaint to Road Runner's abuse department because that IP address is registered to RR and told me that they added the address to their blacklist. The problem was that the IP address above is MY mail server's address! This guy obviously had no clue what was going on and I couldn't email him back to tell him this because I was blacklisted. So I dug up a phone number online and gave this guy a call. By the time I got to talk to him he had figured out that he made a mistake and that someone on Bellsouth's network was doing all of this.

I added their server to Harley's blacklist until they stuck cork in it, which took an additional hour and a half after my phone call.

I assumed a University to be more on the ball about this stuff, but maybe that is too much to expect.