In the confirmation message, there is a link (which looks like a button) to click to confirm you want to be on the list. That link is being followed and the addresses activated. My working theory is that some mail filtering software is fetching the URLs it sees.
On Wed, May 25, 2016 at 5:47 PM, Michael Wise <michael.w...@microsoft.com> wrote: > When you say, “Confirmation Clicks”, do you mean on a link provided via > email, or a confirmation button of a web form? > > > > Aloha, > > Michael. > > -- > > *Michael J Wise* | Microsoft | Spam Analysis | "Your Spam Specimen Has > Been Processed." | Got the Junk Mail Reporting Tool > <http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? > > > > *From:* mailop [mailto:mailop-boun...@mailop.org] *On Behalf Of *Vick > Khera > *Sent:* Wednesday, May 25, 2016 2:14 PM > *To:* Erwin Harte <eha...@barracuda.com> > *Cc:* mailop@mailop.org > *Subject:* Re: [mailop] signup form abuse > > > > > > On Wed, May 25, 2016 at 3:02 PM, Erwin Harte <eha...@barracuda.com> wrote: > > I did a spot check of a recent attack. The email address was > jabradb...@kanawhascales.com and it got signed up to 12 lists during May > 17 and 18. Amazingly, whoever is on the other end of that address clicked > to confirm every one of those confirmation messages. All confirmation > clicks appear to come from a netblock owned by Barracuda Networks... Hmm... > > Which netblock was that? > > > 64.235.144.0/20 > <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2f64.235.144.0%2f20&data=01%7c01%7cmichael.wise%40microsoft.com%7c06de737a7a6840fa5ca908d384e4c158%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=vzNvba4az0YFZEVEU7BPcnFpDG%2bJuzhiwZGWOzYem9o%3d> > > > > Specifically: 64.235.154.109, > 64.235.153.2, 64.235.150.252, 64.235.153.10, 64.235.154.105, 64.235.154.109 >
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
