Re: Massive increase in spam volume?

[Chris Brown <chris () wavetex com>]

Hopefully I can add a little bit to this thread ...

I've seen a large increase in spam since last weekend. Two things I'm 
seeing:

1. I'm getting tons of messages that are coming from a variety of dsl 
and cable accounts. Mostly from comcast and attbi domains. The really 
annoying thing about these messages is they have words all throughout 
the message as fake html tags.  Here's a snippet:

me<path>dic<pessimist>at<clamp>ion will arrive<grown> at<gangway> your 
home<grimes> or offic<deluxe>e<rapacious>
in dis<gnostic>c<pentagonal>re<adultery>e<luxury>t<caprice> 
p<correspondent>ac<dictatorial>kaging.

So in an HTML enabled client this looks like "medication will arrive at 
your home or office in discreet packaging" but seems to completely fool 
SpamAssassin and the Bayesian filter in Thunderbird.

These messages seem to be targetted at certain customers, one customer 
of mine in particular received > 200 in about a 36 hour period.

2: I'm seeing a lot of spam to some of my older domains, where the from 
header is forged as addresses in my domain. These seem to be sent to 
random mailservers and then get bounced back to us. It happens so much I 
can only assume that someone is doing it purposely to hide their true 
connection. These too often come from what appear to be cable and dsl 
accounts.

I don't know if these two are related at all but it seems to be the 
source addresses I'm seeing are computers hijacked with the recent worms 
rather than the spammers themselves

Chris

Thamer Al-Harbash wrote:

> On Tue, 27 Apr 2004, Steven Trewick wrote:
>
>  
>
> > Pretty please ?  Otherwise this thread really amounts to little more
> > than "I saw spam!", "me to", "AOL!", which is sad, as it may well be
> > that very useful information is being developed.
> >
> >
> > Just my $LOCAL_CURRENCY 0.02, no offence meant :-)
> >    
>
> Unfortunately that may be all that becomes of this. I'm not in a
> position where I am agile enough to do in-depth research while my
> SMTP cluster is being pounded into the ground.
>
> We were being hit hard from all sorts of places and I wanted to
> see if the volume was noticably higher for other ISPs. From
> responses, both private and public, it would seem that spam did
> rise last weekend. Although it may very well be a placebo
> effect. People just agreed based on my assertion.
>
> This week has been mostly uneventful for us though.
>
>
>  

---------------------------------------------------------------------------
----------------------------------------------------------------------------