Security Incidents mailing list archives
Re: email address probes
From: Andy Bastien <lists+incidents () yuggoth net>
Date: Fri, 7 Feb 2003 17:16:53 +0000
We have reason to believe that on Thu Feb 06 Ned Fleming wrote:
On Wed, 5 Feb 2003 20:54:19 +0000, Andy Bastien <lists+incidents () yuggoth net> wrote: [snip]I'd like to be able to stop these attempts, but I can't think of a way to do it. All of the attempts are coming from valid servers from some domains that we can't block. They do all have null reverse-paths (MAIL FROM:<>), but I don't think that we can reject on this criteriaMaybe you're being joe-jobbed. To wit: A spammer is using your domain name as the "From: xyz () yogguth net" or "Reply-To:" address on the spam he's spewing. http://www.spamfaq.net/terminology.shtml#joe_job
You get the gold star; this is exactly what is happening. As a test, I set up an account to catch all mail to nonexistent addresses. I found that most of them are NDRs. I don't want to keep this setup for any extended period, because I believe people should get NDRs back if they send mail to the wrong address. I want to avoid the kind of situation where Alice sends Bob an email but spells Bob's name wrong, doesn't get back an NDR, and thinks that Bob is ignoring her when he doesn't reply. This could be especially problematic with Valentine's Day approaching <g>. It also doesn't seem fair to me to set up a tarpit, because this would cause the NDRs to queue up on AOL's and MSN's servers, and it's not their fault that all of these emails that they're trying to send have invalid addresses. I guess I'll just have to grin and bear it for now. I appreciate all of the responses that I've gotten; I've certainly learned a few new terms out of this whole affair. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- email address probes Andy Bastien (Feb 05)
- Re: email address probes Kee Hinckley (Feb 06)
- Re: email address probes Brad Arlt (Feb 06)
- Re: email address probes james (Feb 06)
- Re: email address probes Brad Arlt (Feb 07)
- Re: email address probes Greg A. Woods (Feb 06)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- RE: email address probes Rob Shein (Feb 07)
- Re: email address probes Axel Beckert - ecos gmbh (Feb 06)
- Re: email address probes Dave Laird (Feb 06)
- Re: email address probes Ned Fleming (Feb 06)
- Re: email address probes Andy Bastien (Feb 07)
- <Possible follow-ups>
- RE: email address probes Johann Kruse (Feb 06)