Apologies if this ends up being a double post. My original did not seem to
appear after a few days...
On 8/7/2003, John Kurrle wrote:
>I got a bunch of bounce messages yesterday with attached spam, which seemed
>to indicate I was somehow spamming. At first, I thought someone forged my
>email address into the the spam's reply to line, as I saw no spam in my
>"Sent Items" folder, but now I'm not so sure.
Without an example (please provide), its hard to tell exactly what has
happened in your case, but...
Something like this happened to me earlier this year. A spammer was using
random "From" addresses belonging to my domain. To make things look even
'more' real, the "From" addresses had random human names. Thus, when spam
was sent to invalid e-mail addresses, I got the bounce messages (primarily
from AOL).
So a few possibilities:
1. Simply a forged "From" address.
2. A "bounce spam" attack where the "From" contains the _intended_
recipient, and the "To" contains a known invalid address. Thus, the
innocent 3rd party becomes the delivery agent.
3. Virally delivered spam (instead of a DDOS zombie, we've a spam sending
zombie).
4. Spyware driven spam. Could be functionally same as (3) or only deliver
to "infected" computer.
3 and 4 could be caught in action by a firewall or sniffer. For 1 and 2
all you can do is trace the message if you're lucky, or go after the
companies in the spam. Contacting their ISP/upstream provider (depending
if its from a spam friendly ISP), or having their domain revoked can work
at least temporarily.
I think if enough users demand it, anti-virus companies will add spyware
detection. If a major company does so, the rest will follow.
-Greg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg