Others have that I’m aware of, yes. The problem is that ultimately, the best place to detect this is on the receiving end.
But it certainly helps out to have the larger mailing list companies aware that a single email address being signed up to more than a very small number of mailing lists all at once should be treated with suspicion. I don’t know what the trigger threshold should be …2? 5? 10? But I suspect if you categorize how many signups per email address over the course of an hour, that the optimal number will reveal itself very quickly. These guys will be using multiple ML providers for the attack, and may start using botnets (CBL listing?), and I’m guessing the trend will only increase over time. Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ? From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Brett Schenker Sent: Wednesday, October 19, 2016 12:36 PM To: mailop@mailop.org Subject: [mailop] Listbomb issue We recently were tied up in the listbomb issue that's been plaguing folks for a while. For those that don't know what's going on, https://wordtothewise.com/2016/08/subscription-bombing-esps-spamhaus/<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwordtothewise.com%2F2016%2F08%2Fsubscription-bombing-esps-spamhaus%2F&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cab44bb7ff32c4a30a40408d3f8597b69%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636125035623416912&sdata=MgavzZqF74WSo6jQJv4KdGuXVS0NHvaptn0KW3pv8%2FQ%3D&reserved=0> I'm honestly surprised it's taken this long for us to wind up having a listing for a client. That being said, we're thinking through solutions and I wanted to get others opinions in how they've tackled the problem on their end. We're currently looking to implement a combination of preventions with the leading idea being: honeypot on sign up pages + IP intelligence + email address intelligence + coi The idea being the honeypot will stop some bots, the IP monitoring will look for numerous sign ups within a short periond of time (which we currently do for credit cards) and then also look for email addresses being signed up acorss clients in a short period of time. Have folks used this type of combo to stop fraudelent sign ups? And thoughts? Thanks! Brett -- Brett Schenker Man of Many Things, Including 5B Consulting - http://www.5bconsulting.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.5bconsulting.com&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cab44bb7ff32c4a30a40408d3f8597b69%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636125035623416912&sdata=%2BJHCujrV7XDi1AuvmLC7tvI4IrBUHHECPeRGjz1BeaQ%3D&reserved=0> Graphic Policy - http://www.graphicpolicy.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.graphicpolicy.com&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cab44bb7ff32c4a30a40408d3f8597b69%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636125035623426925&sdata=ZXF9Vp5sqxvKDz5%2BwThFoTSMQWQF4RfWqh%2F%2BjYSDy1c%3D&reserved=0> Twitter - http://twitter.com/bhschenker<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Ftwitter.com%2Fbhschenker&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cab44bb7ff32c4a30a40408d3f8597b69%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636125035623426925&sdata=fOC14br1HiKO2w8yuS5Z0ZHO%2F6n1dV556tDTq974iy4%3D&reserved=0> LinkedIn - http://www.linkedin.com/in/brettschenker<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.linkedin.com%2Fin%2Fbrettschenker&data=02%7C01%7Cmichael.wise%40microsoft.com%7Cab44bb7ff32c4a30a40408d3f8597b69%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636125035623426925&sdata=Dn%2By43fHXmIHc8ivheneReqLVQcXfWuvwEcJA2qKAWM%3D&reserved=0>
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
