Another twist on spam

[Dave Farber <dave () farber net>]

> Delivered-To: dfarber+ () ux13 sp cs cmu edu
> Date: Mon, 15 Sep 2003 17:27:22 -0400
> From: Tim O'Connor <tim () roughdraft org>
> Subject: Another twist on spam
> To: Dave Farber <dave () farber net>
>
>
> In a new variation on spam -- new for me, anyhow -- I began to
> receive bounces from AOL last night.  I thought they were from a
> mailing list I manage, which has some AOL subscribers.  Then I
> read a message and found a note explaining the failed delivery:
> a statement embedded in the bounce from AOL stated that too many
> UCE messages were being received from host, so my messages were
> ALL being rejected by AOL.
>
> When I examined the bounces, it was clear that they came from
> many disparate sources clearly NOT my domain; this was evident
> in the headers.  The forgeries all claimed to come from my domain,
> "dachshund DOT com."  But each message had some insanely fake
> username before the @ sign, and each was directed at anywhere from
> three to six AOL victims.
>
> This was not a case of a "SoBig" harvesting addresses from an
> address book.  These were apparently randomized values (e.g.,
> "l67ucwsjm") with my domain appended.
>
> I run a good spam filter to save myself from the onslaught of trash.
> Now on the other side of the fence, impersonated dozens of times
> over, with no recourse but to send messages to postmasters of
> domains I extract from the headers, I'm losing my "live and let
> live" tolerance.
>
> I'm used to seeing apparently fake AOL and Yahoo addresses, but now,
> with my (low-profile) domain grabbed by fakers, I can only watch the
> hijacking and hope not to end up blacklisted more widely.  If it is
> the proverbial tip of the iceberg, how do I protect myself?  What
> do you do if "farber DOT net" is next, not because of a virus at
> work, but because of a scammer selling ways to enlarge body parts?
>
> Then as a final insult, AOL chooses to block UCE based on the stated
> (forged) "From:" field rather than from the envelope or the "Received
> from" data, both of which clearly state the true host.
>
> I admit that I oscillate between tolerance (one person's spam is another
> person's useful message) and fury (wanting to see vigilantes triumph on
> the spam battlefield).  Today, I admit that I would readily reach for
> the digital shotgun if I had one.
>
> I suppose I should be grateful that spammers haven't (yet) appropriated
> my actual address, since, as it stands, at least anyone with 1/10 a
> brain can read the headers and tell they are looking at a forgery.
>
> --tim o'connor

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/