On 06/01/2010 12:59 AM, Murray S. Kucherawy wrote:
I've seen spam posted to mailing lists. Recently, I've seen lists
targetted
in more intelligent ways by spammers. For example, by using sender
addresses in the domain of the list (quite a useful way of attacking
academic lists, which tend to have lots of local users, but some non-
local).
Though I've not witnessed this myself, I think it stands to become a more
common attack vector if it is found to be even marginally successful, because
it's free to try.
I see list spam all the time on the android-developer list. Some of it seems
to be more targeted, some of it doesn't. I assume that googlegroups spam filters
its incoming mail just like anything else that's directly connected to the
sewer,
so what I'm seeing is the remaining false negatives. So the notion that lists
are
somehow immune is quaint and outdated. If there's a big enough audience, or it
targets something that spammers want, they'll apparently go to the effort of
either subscribing or spoofing or whatever to get their turds through.
Long and short: the link between originator and list is important and probably
will become more important for large lists as software automation lowers the
barriers. Email harvesting is probably by far the easiest thing because your
legit email address is sitting in the public archives. Using DKIM to predict
likely spoofs would be a good thing, especially since there's an ongoing
relationship
between subscriber and list.
Mike
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html