Interesting People mailing list archives
Another twist on spam
From: Dave Farber <dave () farber net>
Date: Mon, 15 Sep 2003 18:43:15 -0400
Delivered-To: dfarber+ () ux13 sp cs cmu edu Date: Mon, 15 Sep 2003 17:27:22 -0400 From: Tim O'Connor <tim () roughdraft org> Subject: Another twist on spam To: Dave Farber <dave () farber net> In a new variation on spam -- new for me, anyhow -- I began to receive bounces from AOL last night. I thought they were from a mailing list I manage, which has some AOL subscribers. Then I read a message and found a note explaining the failed delivery: a statement embedded in the bounce from AOL stated that too many UCE messages were being received from host, so my messages were ALL being rejected by AOL. When I examined the bounces, it was clear that they came from many disparate sources clearly NOT my domain; this was evident in the headers. The forgeries all claimed to come from my domain, "dachshund DOT com." But each message had some insanely fake username before the @ sign, and each was directed at anywhere from three to six AOL victims. This was not a case of a "SoBig" harvesting addresses from an address book. These were apparently randomized values (e.g., "l67ucwsjm") with my domain appended. I run a good spam filter to save myself from the onslaught of trash. Now on the other side of the fence, impersonated dozens of times over, with no recourse but to send messages to postmasters of domains I extract from the headers, I'm losing my "live and let live" tolerance. I'm used to seeing apparently fake AOL and Yahoo addresses, but now, with my (low-profile) domain grabbed by fakers, I can only watch the hijacking and hope not to end up blacklisted more widely. If it is the proverbial tip of the iceberg, how do I protect myself? What do you do if "farber DOT net" is next, not because of a virus at work, but because of a scammer selling ways to enlarge body parts? Then as a final insult, AOL chooses to block UCE based on the stated (forged) "From:" field rather than from the envelope or the "Received from" data, both of which clearly state the true host. I admit that I oscillate between tolerance (one person's spam is another person's useful message) and fury (wanting to see vigilantes triumph on the spam battlefield). Today, I admit that I would readily reach for the digital shotgun if I had one. I suppose I should be grateful that spammers haven't (yet) appropriated my actual address, since, as it stands, at least anyone with 1/10 a brain can read the headers and tell they are looking at a forgery. --tim o'connor
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Another twist on spam Dave Farber (Sep 15)