ietf-asrg
[Top] [All Lists]

RE: [Asrg] Some data on the validity of MAIL FROM addresses

2003-05-21 20:56:15

As I noted in my mail.  This appears to be happening now--although I
had not seen symptoms of it before.  Is anyone else starting to see
low-level occasional bounce back from spam?

Prior to that, all of the bounce-back instances I had heard of or
experienced (and I used to get one or two a week) were major--where
the entire spam load got sent out with the same return address.

Could this be that spammer tactic where they pair names and forge the
From: to appear to be coming from someone they think you might have
whitelisted?

For those wondering what I'm talking about, consider an RFC with two
(or more) authors' and their e-mail addresses in the text. The spammer
culls this info and sends spam to each author forging the other author
as the From:. So their target lists start to become pairs of addresses
to use as the From/To (one assumes they're usually symmetrical) rather
than just single address. Another example might be forging the From:
to be asrg(_at_)ietf(_dot_)com and sending that to addresses culled from this
list.

This has definitely been going on, although not a lot. In my
experience the victim knew immediately just where the other half of
the pair came from (e.g., a co-author or similar.)

So perhaps the above was just a bad pairing, the other half no longer
is at that address etc.?

Anyhow, even not, informational for someone here no doubt.

-- 
        -Barry Shein

Software Tool & Die    | bzs(_at_)TheWorld(_dot_)com           | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>