http://www.redwoodheights.org/feedback.cfm
The form submittal is mailed by CFX_iMSmail
Does this technique work to harvest the email address CFX sends the form submittal to?
best, paul
===============================================
Paul,
If you look at the messages, it looks like the crawler is sticking a lot of the stuff into the Name filed, probably using text set up with line feeds. Notice that the italisized text below is showing up where the person's name would normally be. The EMail, Web Site URL and Comments fields all contain the bogus email address using our domain name.
I think someone's figured out the formatting of some standard email handler out there is is trying to collect addresses of the administrators, probably for spamming in the future. The BCC is popping up as part of the Name field's input; they want the mailer to send the note out and BCC them!
Speaking of spamming, have you been getting a lot of spam that is written (and addressed!!) in Chinese and Japanese? My ed.rovera id gets 2-3 of these per week. Since I can barely tell the difference between Chinese and Japanese -- let alone read either -- they go straight into the trash but I've never seen such spam on any of my other accounts.
Ed
++++++++++++++++++++++++++++++++++++++==
Dear Ed:
[EMAIL PROTECTED]
Content-Type: multipart/mixed; boundary="===============1898724428=="
MIME-Version: 1.0
Subject: c2b670e
To: [EMAIL PROTECTED]
bcc: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
This is a multi-part message in MIME format.
--===============1898724428==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
naoitokh
--===============1898724428==--
sent you the following feedback
from the RHIA WebSite:
[EMAIL PROTECTED]
They submitted the following URL: [EMAIL PROTECTED]
On 9/11/05, Paul Smith <[EMAIL PROTECTED]> wrote:
- Hide quoted text -
- I gues that's possible. I assume
[EMAIL PROTECTED]
is not a valid address.
- The bcc: [EMAIL PROTECTED] confuses me. I don't know how that got there. It appears they assumed the email would be sent by a normal mailer (which is not the case).
- Where do you think the bcc came from?
- best, paul
- On 9/11/05, Redwood Heights Improvement Association < [EMAIL PROTECTED]> wrote:
- Paul,
- Do you have any idea what this is? It looks like a crawler hit on the feedback form and tried to send something to trigger an automated response. I guess the idea is to get that email address to spam. I found 3 of these in the inbox this week.
- Thanks.
- Ed
- ---------- Forwarded message ----------
- From: [EMAIL PROTECTED] < [EMAIL PROTECTED]>
- Date: Sep 7, 2005 3:44 AM
- Subject: Note from a www.redwoodheights.org viewer
- To: [EMAIL PROTECTED]
- Dear Ed:
- [EMAIL PROTECTED] sent you the following feedback
- from the RHIA WebSite:
- [EMAIL PROTECTED]
- Content-Type: multipart/mixed; boundary="===============1573868407=="
- MIME-Version: 1.0
- Subject: 381cc026
- To: [EMAIL PROTECTED]
- bcc: [EMAIL PROTECTED]
- From: [EMAIL PROTECTED]
- This is a multi-part message in MIME format.
- --===============1573868407==
- Content-Type: text/plain; charset="us-ascii"
- MIME-Version: 1.0
- Content-Transfer-Encoding: 7bit
- wgpisv
- --===============1573868407==--
- They submitted the following URL: [EMAIL PROTECTED]
- The bcc: [EMAIL PROTECTED] confuses me. I don't know how that got there. It appears they assumed the email would be sent by a normal mailer (which is not the case).
|
This list server is Powered by iMS "The Swiss Army Knife of Mail Servers" This list is provided as a free service. Although we will try to address issues in a timely manner, support via this list is not guaranteed. If you require expedited support then a support contract is required. Support may be purchased from http://www.coolfusion.com/commerce. Details regarding support options may be reviewed at: http://www.coolfusion.com/SupportOptions.cfm. To leave this list please complete the form at http://www.coolfusion.com/Support/ Need an iMS Developer license? Sign up for a free license here: http://www.coolfusion.com/Developers/ List archives: http://www.coolfusion.com/cfbb/ Note: You are subscribed as archive_jab_org / [email protected] |
