Nmap Development mailing list archives
Retarted XV.Net spam filter
From: Fyodor <fy-xvtest () insecure org>
Date: Fri, 13 Feb 2004 08:38:43 -0800
Hey everyone. I'm back from a great Europe trip, and back to Nmap coding and book writing. People who have been posting to nmap-hackers and nmap-dev have been receiving forged emails from XV.Net purporting to be "a automated message from nmap-dev () insecure org". It also claims that "We have chosen to use XV.NET (eXtreme Email Protection) as our Anti-Spam E-Mail filter due to the security and ease. We suggest you use it also!" This is the most retarded spam filter I have ever seen. It apparently just looks at the 'To' address and then forges email as coming from that address. This obviously doesn't work for mailing lists and probably breaks for email that is CC'd too. Whois shows that it seems to be run by the same guys who hijacked the kismetwireless.com domain (real kismet is kismetwireless.net). The mail headers don't show what user is forwarding to XV. If anyone is using this nonsense, please desist or unsubscribe from the Nmap lists. If anyone gets further responses to your posts like the one below, please let me know. Thanks to Martin for forwarding me this one. ----- Forwarded message from "support @ xv. net" <nmap-dev () insecure org> ----- Return-Path: <xvnet () server2 xv net> Delivered-To: martin.macok () underground cz Received: from server2.xv.net (unknown [66.98.160.81]) by technomat.underground.cz (Postfix) with ESMTP id C58C0EC003 for <martin.macok () underground cz>; Fri, 13 Feb 2004 15:04:06 +0100 (CET) Received: from xvnet by server2.xv.net with local (Exim 4.24) id 1ArdvG-0004kv-84 for martin.macok () underground cz; Fri, 13 Feb 2004 09:04:02 -0500 To: martin.macok () underground cz Subject: Please confirm your email for nmap-dev () insecure org From: support () xv net <nmap-dev () insecure org> Message-Id: <E1ArdvG-0004kv-84 () server2 xv net> Date: Fri, 13 Feb 2004 09:04:02 -0500 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - server2.xv.net X-AntiAbuse: Original Domain - underground.cz X-AntiAbuse: Originator/Caller UID/GID - [32003 504] / [47 12] X-AntiAbuse: Sender Address Domain - server2.xv.net X-Spam-Level: This is a automated message from nmap-dev () insecure org. Due to the high rate of spam and viruses, we ask that you perform a ONE TIME ONLY verification of your email address. We have chosen to use XV.NET (eXtreme Email Protection) as our Anti-Spam E-Mail filter due to the security and ease. We suggest you use it also! http://www.XV.net Just click the link below to deliver the email message you have sent with the subject: Re: Why does nmap fingerprint the application by using the standard probes ** YOU MUST CLICK THE LINK BELOW ** http://www.xv.net/live/verify.php?code=martin.macok@underground.czinnvdyqpfbvkjeolgkhrigntnmap-dev () insecure org If you do not click the link below, your email will NOT be delivered to nmap-dev () insecure org Thank You, support () xv net The XV.NET (eXtreme Email Protection) E-mail Verifier. ----- End forwarded message ----- --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Retarted XV.Net spam filter Fyodor (Feb 13)