Re: New dictionary spamming method -- SOLVED!
Kevin Peuhkurinen wrote: Looks like some particularly inept spammer is grabbing partial Message-IDs from the headers of messages on this list and trying to send email to them as though they were email addresses. Sad, really. We occasionally get mail sent to *full* message-IDs. A nice demonstration of the fact that (at least some) spammers really don't pay any attention to what's on their lists. -- Kelson Vibber SpeedGate Communications
Re: New dictionary spamming method -- SOLVED!
Looks like some particularly inept spammer is grabbing partial Message-IDs from the headers of messages on this list and trying to send email to them as though they were email addresses. Sad, really. Kevin Peuhkurinen wrote: I've noticed recently in my MTA logs a growing trend of attempts to send email to numbered email addresses, such as: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Anyone have any ideas why spammers would be trying this particular tactic?
Re: New dictionary spamming method?
Steven Stern said the following on 5/30/2005 12:11 PM: Kevin Peuhkurinen wrote: Steven Stern wrote: I got a similar bunch of messages (approx 250) between 6:05 and 6:15 CDT, from about 10 unique IP addresses, yesterday and today, but on only one of my 3 MX servers. Interesting. For me, they started May 28th at almost exactly noon EDT.I'm almost tempted to let a couple through to verify if it is spam or a virus. They get stopped on my system by milter-greylist. I'm interested in your results if you let a few through. Given the short duration bursts, it seems more like a probe than a flat out, widespread attack. Maybe yet another followup from Sober. Got a handful, too - definitely not an all-out attack, but the ones I salvaged do simply look like the ever-popular male-enhancement pills in multi-part. I use safecat to pop spam in the user's .Spam folder, but these were stopped due to no-valid-addressand then doubleBounced. SA 3.0.3 gave them a "-0.2" score. :\ Anyone want a copy?
Re: New dictionary spamming method?
Kevin Peuhkurinen wrote: Steven Stern wrote: I got a similar bunch of messages (approx 250) between 6:05 and 6:15 CDT, from about 10 unique IP addresses, yesterday and today, but on only one of my 3 MX servers. Interesting. For me, they started May 28th at almost exactly noon EDT.I'm almost tempted to let a couple through to verify if it is spam or a virus. They get stopped on my system by milter-greylist. I'm interested in your results if you let a few through. Given the short duration bursts, it seems more like a probe than a flat out, widespread attack. Maybe yet another followup from Sober. -- Steve
Re: New dictionary spamming method?
Steven Stern wrote: I got a similar bunch of messages (approx 250) between 6:05 and 6:15 CDT, from about 10 unique IP addresses, yesterday and today, but on only one of my 3 MX servers. Interesting. For me, they started May 28th at almost exactly noon EDT.I'm almost tempted to let a couple through to verify if it is spam or a virus.
Re: New dictionary spamming method?
Kevin Peuhkurinen wrote: I've noticed recently in my MTA logs a growing trend of attempts to send email to numbered email addresses, such as: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Anyone have any ideas why spammers would be trying this particular tactic? I got a similar bunch of messages (approx 250) between 6:05 and 6:15 CDT, from about 10 unique IP addresses, yesterday and today, but on only one of my 3 MX servers. -- Steve
