At 14:22 2004-04-08 +0100, Lars Hecking wrote:
The interesting and relevant detail: nearly all of these emails are
targeting non-existent local addresses. Further analysis shows that
the target addresses are obviously message-id headers harvested from
postings I made to this list 1997-2002.
Yea, the tosser spammers who can't even be bothered to parse the correct
field for addresses. Really peeves me. I've seen this going on for well
over a year (perhaps even two), though I've never bothered to try to peg
down where the messageids originated.
If I had more time on my hands, I'd probably write a milter to identify
these posts and auto local-blacklist the sending IP.
The connections are coming from literally everywhere: US, South America,
South East Asia, Europe, and also through our upstream MXs, i.e. there is
no clear pattern.which makes it really hard to pin down.
Keep in mind that there are web archives (and not JUST the one well-known
searchable one linked from the procmail homepage) which include all of the
message content from mailing lists. Thus, spammers needn't actually
subscribe to a discussion list to "target" it - they merely need to have
their spambots cruise across a web archive serving that list. This doesn't
mean that anyone has intentionally targetted the list anymore than they've
happened upon an archive with email addresses in it.
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail