Full Disclosure mailing list archives

RE: Empty emails?

From: James Lay <jlay () ameriben com>
Date: Wed, 25 Feb 2004 13:40:51 -0700

What was a question turned out to be an interesting excersize.  Here's a
header just recieved:

Message-Id: <20040225203416.C37033FD03 () gateway ameriben com>
Date: Wed, 25 Feb 2004 13:34:16 -0700 (MST)
From: styykbqzmr () yahoo com
To: undisclosed-recipients:;

What's interesting is that the To: undisclosed-recipients:; line is tagged
only by my exchange server.  It looks like just as some people have
said...looks like it's spammers trying to verify the email address.  But
they send via BCC...with BCC there simply isn't a To: line (least not the
ones I tested).  I've looked at blocking via postfix, but no go.  What I MAY
be able to do is use anomy tools to do a double-check..IE:

if message To: == null and body == null then block/nuke/something like that.

I'll keep ya posted ;-)

James

-----Original Message-----
From: randall perry [mailto:lists () domain-logic com]
Sent: Wednesday, February 25, 2004 9:12 AM
To: Full-Disclosure (E-mail)
Subject: Re: [Full-disclosure] Empty emails?

At 10:13 AM 2/25/2004 -0500, you wrote:

yup...been getting quite a few as of late.  Based on some quick googles, it
appears to have been around for quite some time.... not sure if it's some
kind of probe to see if my address exists..but they're annoying.

You are right that it is a verification process.
What you do is have your mail bot send out spam with a twist.
As each message is composed and sent, it contains an embedded image
of a random name (in fact, it doesn't really exist) that is really a 
reference number.

For example <img src=http://logging.microsoft.com/verify/123451.jpg border=0


Your web server error log will identify every time one of those images was
tried and then that gets matched automatically to your database of names.

Now you have:
1. A verified email address
2. An originating IP (can narrow down to what continent they are on or if 
broadband customers)
3. What OS you are running
4. Possibly what email client or web browser you use.

This is worth big bucks in the form of "email leads" sold by geographic
regions
and whether they are dialup, cable customers, business, etc.


*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
       Randall Perry
       Domain Logic Technology Solutions
       http://www.domain-logic.com

Every problem has a solution. If there is no solution, there is no problem..

*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Empty emails?, (continued)
- RE: Empty emails? Steven Coutts (Feb 25)
- Re: Empty emails? partysan_FFF (Feb 25)
  - Re: Empty emails? Berend-Jan Wever (Feb 25)
  - RE: Empty emails? Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- Re: Empty emails? Rommel Portugal (Feb 25)
  - Re: Empty emails? randall perry (Feb 25)
    - OT: Re: Empty emails? gadgeteer (Feb 27)
    - Re: OT: Re: Empty emails? Jim Richardson (Feb 27)
    - Re: OT: Re: Empty emails? Valdis . Kletnieks (Feb 27)
- Re: Empty emails? gabriel rosenkoetter (Feb 25)
- RE: Empty emails? James Lay (Feb 25)
  - Re: Empty emails? gabriel rosenkoetter (Feb 26)