At 11:47 PM -0400 5/21/03, Barry Shein wrote:
> > As I noted in my mail. This appears to be happening now--although I
> > had not seen symptoms of it before. Is anyone else starting to see
> > low-level occasional bounce back from spam?
> >
> > Prior to that, all of the bounce-back instances I had heard of or
> > experienced (and I used to get one or two a week) were major--where
> > the entire spam load got sent out with the same return address.
Could this be that spammer tactic where they pair names and forge the
From: to appear to be coming from someone they think you might have
whitelisted?
I've seen pairing, although it could just be pairing by domain,
rather than a database of pairs.
The other thing I've noticed is spam coming in for several users at a
host, with the subject customized for one of them. So the spammer is
doing some limited amount of per-user customization, but rather than
send 10 messages to a single server, they are sending one message to
all recipients at that server. Only one of the recipients gets the
correct customization.
What I find particularly intriguing about the above was that the
recipients were per mail *server*, not domain. In other words, I
would get a single spam message with multiple recipients, one of whom
was at hinckley.com, and another at somewhere.com. The only
relationship being that they share the same mail server. So someone
is pre-sorting their spam database by MX records, and then doing
form-based mailings to the first recipient for the given MX. A
compromise between speed and attractiveness of the message.
--
Kee Hinckley
http://www.messagefire.com/ Junk-Free Email Filtering
http://commons.somewhere.com/buzz/ Writings on Technology and Society
I'm not sure which upsets me more: that people are so unwilling to accept
responsibility for their own actions, or that they are so eager to regulate
everyone else's.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg