On Thu, 08 Apr 2004 09:05:45 -0700, Professional Software Engineering wrote:
At 14:22 2004-04-08 +0100, Lars Hecking wrote:
The interesting and relevant detail: nearly all of these emails are
targeting non-existent local addresses. Further analysis shows that
the target addresses are obviously message-id headers harvested from
postings I made to this list 1997-2002.
Yea, the tosser spammers who can't even be bothered to parse the correct
field for addresses. Really peeves me. I've seen this going on for well
over a year (perhaps even two), though I've never bothered to try to peg
down where the messageids originated.
I've seen E-mails coming to nonexistent addresses that are exact copies of
UseNet posts ID's like
484674ca(_dot_)0404080853(_dot_)5f30cc8(_at_)posting(_dot_)google(_dot_)com
We get hundreds of those in any 24 hours period.
The same applies to address harvesters sending mail to randomly generated
user names.
I am running a script that searches through mail logs and parses canonical
names of machines persistently sending mail to non-existent addresses and
E-mails me the summaries. The next day I block access from those nodes.
However, I would not recommend to automate this process, as at least 50% of
such sources are mail servers of major ISP's, which cannot be blocked for
obvious reasons.
Frank Bures, Dept. of Chemistry, University of Toronto, M5S 3H6
fbures(_at_)chem(_dot_)toronto(_dot_)edu
http://www.chem.utoronto.ca/general/itelec.html
PGP public key:
http://wwwkeys.pgp.net:11371/pks/lookup?op=index&search=Frank+Bures
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail