ietf-asrg
[Top] [All Lists]

[Asrg] IPv6 "Spam Example" Challenge

2011-01-28 12:17:01
RE: IPv6 "Spam Example" Challenge

(cross posted on SPAM-L)

I'd love for someone to point out a real-world example (just one!) of a
spam sent via an IPv6 ip address that meets the following criteria:

(1) Has *previously* been spotted sending spam at least one time (to be
sure... this would have to be in a different SMTP session, and probably
at least 10+ minutes earlier)

(2) The spam was NOT sent from a botnet IP --OR-- alternatively, the
spam was able to get past greylisting via a retry that happened at least
10 seconds after the original attempt (so this would exclude
"woodpecker" botnets that get past some greylisting measures by doing a
retry less than a few seconds after the initial attempt).

(3) The IP that the spam was sent from is NOT an ISP's MTA where legit
mail is also sent from that IP. Likewise, it should NOT be an IP that is
shared between spammers and legitimate senders. It should instead be an
IP that is delegated to the sender (at the time the spam was sent...and
as far as anyone can reasonably determine).

(4) There should be at least one "caught red-handed" piece of evidence
that the sender was sending UBE--such as sending to a harvest address,
ROSKO spammer, obfuscation that only spammers would use, hidden whois
records, use of domain blacklisted by surbl/uribl/etc, etc. Please
include all such factors.

(5) If possible, please include a copy of the spam, with headers. Feel
free to obfuscate the recipients identity as well as obfuscating any
alphanumeric codes that a spammer could use to trace the message back to
the sender. (preferably, put it in a pastebin or text file on a server)

I'm extremely curious as to whether this will be fast and easy... with
numerous examples provided quickly... or whether it might be
months/years before anyone can find a single such example! (maybe
somewhere in between?)

Any takers?

-- 
Rob McEwen
http://dnsbl.invaluement.com/
rob(_at_)invaluement(_dot_)com
+1 (478) 475-9032

_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg

<Prev in Thread] Current Thread [Next in Thread>