Re: RE: [Asrg] define spam

At 09:41 AM 4/4/2003 +0100, you wrote:

> It seems likely that some spamware is using a list of local parts
> (or an algorithm for generating local parts) and a
> list of valid domains to construct likely looking "senders".
> These lists may very well be based on the recipient list in use.
Or some similar algorithm.

Here's some fake sender names:

From: Abbe <mqdyf(_at_)ok(_dot_)RU>
From: Cathy <saxvv(_at_)olemail(_dot_)com>
From: Celine <jfjdy(_at_)mail(_dot_)hongkong(_dot_)com>
From: Christina <fckja(_at_)kki(_dot_)PL>
From: Cindy <qqivr(_at_)netposta(_dot_)net>
From: Colleen <rxkbzbmnqw(_at_)home(_dot_)SE>
From: Courtney <bgzyt(_at_)ieg(_dot_)com(_dot_)BR>
From: Crystal <czyea(_at_)mail(_dot_)RU>
From: Debbie <ab28(_at_)mixmail(_dot_)com>
From: Debra <efdjy(_at_)firemail(_dot_)DE>
From: Elina <rvgvc(_at_)ofir(_dot_)DK>
From: Elisabeth <kjvoa(_at_)netposta(_dot_)net>
From: Elise <czyea(_at_)inmail(_dot_)SK>
From: Elissa <rkhyx(_at_)home(_dot_)RO>
From: Elizabeth <ortxj(_at_)mixmail(_dot_)com>
From: Ellen <gpzgw(_at_)firemail(_dot_)DE>
From: Ellena <cxhgk(_at_)polbox(_dot_)PL>
From: Elli <fousv(_at_)byte(_dot_)IT>
From: Abbe <theiutq(_at_)extra(_dot_)HU>
From: Kathleen <oljat(_at_)hot(_dot_)EE>
From: Kathlene <jfjdy(_at_)caramail(_dot_)com>
From: Kathline <ihnjc(_at_)371(_dot_)net>
From: Kathlyn <eyjyk(_at_)miesto(_dot_)SK>
From: Kathrine <qraif(_at_)bluemail(_dot_)DK>
From: Kathryne <mwstd(_at_)private(_dot_)21cn(_dot_)com>
From: Kathy <ndfup(_at_)email(_dot_)com(_dot_)BR>
From: Kathyrn <mzuwi(_at_)scanner(_dot_)com(_dot_)TW>
From: Kati <blhxk(_at_)redseven(_dot_)DE>
From: Katia <sxlwb(_at_)mail(_dot_)777(_dot_)net(_dot_)CN>
From: Katie <qssqp(_at_)imail(_dot_)RU>
From: Katrice <sxpcz(_at_)mail(_dot_)dotcom(_dot_)FR>
From: Katrina <pzgky(_at_)ofir(_dot_)DK>
From: Kattie <nfhrq(_at_)imail(_dot_)RU>
From: Katy <oepqy(_at_)luukku(_dot_)com>
From: Kaycee <tdeka(_at_)posta(_dot_)net>
From: Kaye <unqvz(_at_)jmail(_dot_)co(_dot_)JP>
From: Keli <ghgwt(_at_)shinbiro(_dot_)com>
From: Kelle <sjrqm(_at_)extra(_dot_)HU>
From: Kellee <exnki(_at_)csbc(_dot_)com(_dot_)TW>
From: Kellie <lbvkb(_at_)hongkong(_dot_)com>
From: Kellye <mrnfg(_at_)mail(_dot_)dotcom(_dot_)FR>
From: Kelsey <pnczx(_at_)scanner(_dot_)com(_dot_)TW>
From: Kelsie <kkiju(_at_)naseej(_dot_)com>
From: Keren <qebnb(_at_)airline(_dot_)com(_dot_)TW>
From: Keri <uvzjyulqds(_at_)posta(_dot_)net>
From: Kerrie <swzjn(_at_)newmail(_dot_)net>
From: Kimberlee <ugfum(_at_)hotmail(_dot_)RU>
From: Kimberlie <qraif(_at_)mexico(_dot_)com>
From: Kimberly <sqgfh(_at_)katamail(_dot_)com>
From: Kimi <mlcgm(_at_)naseej(_dot_)com>
From: Kira <iayao(_at_)mail(_dot_)dotcom(_dot_)FR>
From: Kittie <fazyu(_at_)imail(_dot_)RU>
From: Kitty <azmty(_at_)private(_dot_)21cn(_dot_)com>
From: Kori <cjrsz(_at_)inmail(_dot_)SK>
From: Kourtney <gsbnx(_at_)id(_dot_)RU>
From: Kristian <jolpp(_at_)mailme(_dot_)DK>
From: Kristie <fpqvg(_at_)curio-city(_dot_)com>
From: Kristin <rmzli(_at_)jmail(_dot_)co(_dot_)JP>
From: Kristina <dfcui(_at_)centrum(_dot_)CZ>
From: Kristine <reram(_at_)curio-city(_dot_)com>
From: Kristy <mqdyf(_at_)redseven(_dot_)DE>
From: Kristyn <erqla(_at_)kimo(_dot_)com(_dot_)TW>
From: Krysta <arhnnuoqtg(_at_)montevideo(_dot_)com(_dot_)UY>
From: Krystal <hvudtwdqoq(_at_)montevideo(_dot_)com(_dot_)UY>

I have lot's more in trapped relay spam.    It looks like this guy 
constructs a fake sender by taking one name from a list of female names and 
making a random string that he adds to a known domain.
Here's what he's done with just one name (picked semi-randomly):

From: Lena <lvtkv(_at_)mail-online(_dot_)DK>
From: Lena <ijbynemual(_at_)bluemail(_dot_)DK>
From: Lena <swnkd(_at_)netposta(_dot_)net>

Here's fake senders from bluemail.dk:

From: Kathrine <qraif(_at_)bluemail(_dot_)DK>
From: Lilia <ijbynemual(_at_)bluemail(_dot_)DK>
From: Lena <ijbynemual(_at_)bluemail(_dot_)DK>
From: Roxie <fgmuwyxdkd(_at_)bluemail(_dot_)DK>
From: Joanne <rkkss(_at_)bluemail(_dot_)DK>
From: Barbie <cqeto(_at_)bluemail(_dot_)DK>
From: Barbie <ortxj(_at_)bluemail(_dot_)DK>
From: Kathleen <efbqtpbbns(_at_)bluemail(_dot_)DK>
From: Barbie <umrbc(_at_)bluemail(_dot_)DK>
From: Barbie <umrbc(_at_)bluemail(_dot_)DK>
From: Barbie <swzjn(_at_)bluemail(_dot_)DK>
From: Barbie <swzjn(_at_)bluemail(_dot_)DK>
From: Jacalyn <dfmve(_at_)bluemail(_dot_)DK>
From: Katrice <qraif(_at_)bluemail(_dot_)DK>
From: Elissa <tlinx(_at_)bluemail(_dot_)DK>
From: Bekki <tlinx(_at_)bluemail(_dot_)DK>
From: Kathleen <dbwqf(_at_)bluemail(_dot_)DK>
From: Lissa <eqvdg(_at_)bluemail(_dot_)DK>
From: Silvia <kksrf(_at_)bluemail(_dot_)DK>
From: Anglea <adgjj(_at_)bluemail(_dot_)DK>
From: Cassi <cxgnf(_at_)bluemail(_dot_)DK>
From: Rachal <hxalg(_at_)bluemail(_dot_)DK>
From: Karren <bkpxi(_at_)bluemail(_dot_)DK>
From: Eulah <mzuwi(_at_)bluemail(_dot_)DK>
From: Rosann <sdsau(_at_)bluemail(_dot_)DK>

(For one of the spams he got stuck on Barbie as the fake sender.)

No surprises here, I'm sure.  It's often said that honeypots are useful for 
research purposes.  Yes, at least that.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg