--On 2 July 2009 12:27:57 -0400 Chris Lewis <clewis(_at_)nortel(_dot_)com>
wrote:
Bill Cole wrote:
Ian Eiloart wrote, On 7/2/09 6:23 AM:
Exercise for the reader: why aren't spammers using the @ibm.com domain?
You provided the answer before the question.
Somewhat. Because spammers _are_ using @ibm.com too. I got samples ;-)
Ok, but it's trivial to reject them after checking SPF.
Anybody saying "spammers don't do X" and "spammers do X" are wrong at
least some of the time. Except for the obvious tautology that "spammers
spam".
Forged sender addresses are predominantly harvested rather than purely
invented or recombinantly assembled.
IOW: the biggest asset spammers have is lists of potential spam victim's
email addresses.
What better place to get the email addresses to forge as sender than from
the exact same list? Is it so hard to imagine that a bot might do this
or some variation?
1) Read a bunch of addresses
2) Spam the bunch of addresses, forged with one of the bunch as sender
3) Goto step 1
Various corollaries:
- If you get spam, you're probably being forged as sender in other spam.
- If they're hitting valid addresses, then there will be blowback _to_
valid addresses.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
--
Ian Eiloart
IT Services, University of Sussex
01273-873148 x3148
For new support requests, see http://www.sussex.ac.uk/its/help/
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg