RE: Spamarrest

[Fred Hoot <FredH () elibrium com>]

Hi Adam,

I have not heard of the SpamArrest people harvesting info, but I have
noticed an increase of people using similar acting products (SpamBar,
SpamAmbush, QuickCop, DigiPortal, etc.) that require you to click on a link
and provide either some information or feedback to them.

They all might be tempted to gather at least some info to aggregate the
demographics and sell.

Fred Hoot

-----Original Message-----
From: Adam Shephard [mailto:adams () firstfederalbanking com]
Sent: Monday, October 28, 2002 11:18 AM
To: security-basics () securityfocus com
Subject: Spamarrest


I've received a couple of these emails recently.

Has anybody heard of Spamarrest harvesting info from those of us who click
their link?

It's not that I am suspicious of the Spamarrest folks, it's just seems odd
to me that in order to protect others from spam, we have to submit ourselves
to a procedure that is often used to propagate it.

Even if they are completely innocent, aren't they holding up a big neon sign
to current and would-be spammers that says "Here's how you do it!"?

Text of the email below.




----------------------------------------------------------
I'm protecting myself from receiving junk mail.
Just this once, click the link below so I can receive your emails. You won't
have to do this again.

http://spamarrest.com/a?xxxxxxx:xxxxxx

You are receiving this message in response to your email to
xxxx () xxxxxxx com, a Spam Arrest customer.

Spam Arrest requests that senders verify themselves before their email is
delivered.

When you click the above link, you will be taken to a page with a graphic on
it. Simply read the word in the graphic, type it into the form, and you're
verified.

You will only need to do this once per Spam Arrest customer.