Before they abuse a web API, I'd strongly suspect that they would abuse port 25.
But yes, it would be an interesting hypothesis to validate.... And this isn’t just, “Spam”; it’s far more intensive, and can only best be appreciated from the POV of the recipient. They’re not just using you to send traffic to them. Aloha, Michael. -- Michael J Wise Microsoft Corporation| Spam Analysis "Your Spam Specimen Has Been Processed." Open a ticket for Hotmail<http://go.microsoft.com/fwlink/?LinkID=614866> ? -----Original Message----- From: mailop <mailop-boun...@mailop.org> On Behalf Of Philip Paeps via mailop Sent: Wednesday, August 19, 2020 6:44 PM To: mailop@mailop.org Subject: Re: [mailop] [EXTERNAL] Re: Mailman confirmation email denial of service On 2020-08-20 05:17:09 (+0800), Michael Wise via mailop wrote: > BotNet? > Were they listed in the SpamHaus XBL as being compromised? The problem is that the subscriptions come in through the Mailman web interface, not through email. Arguably, this is a variant of the old "send an email greeting card" spam. I don't know of anyone who checks the XBL (or other blocklists) on the web server. Or if that would even be effective. Does the XBL list botnets that abuse web services that lead to email being sent too? This may actually be an interesting hack to perpetrate. :) Philip -- Philip Paeps Senior Reality Engineer Alternative Enterprises _______________________________________________ mailop mailing list mailop@mailop.org<mailto:mailop@mailop.org> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchilli.nosignal.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Fmailop&data=02%7C01%7Cmichael.wise%40microsoft.com%7C7bf743281ef049eb0e9508d844ab3956%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637334849539682100&sdata=lhJ5Eu%2Bh5n9vMsBG1GnoxuchwBmgtKbdRT9k7lTlEj4%3D&reserved=0
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop