yes, spammers harvest email addresses from securityfocus lists. i have sent emails to various SF lists using new (never before used or publicized) email addresses associated with new domains, and have started receiving spam at those addresses within 48 hours. Since many SF lists are mirrored at quite a few other web sites though, and since all of the lists have open subscriptions, you shouldn't waste your time trying to determine how the spammers harvest those addresses. Better solution is to create disposable email accounts for each SF list and use those exclusively for the SF lists. and filter all incoming email.
btw, you're lucky if you only get "sporadic spam". i filter over 100 spam-mails/day from some of my more heavily utilized email addresses that were established back in the 90's. Regards, ken Ken Williams ; Technical Lead ; [EMAIL PROTECTED] eSecurityOnline - an eSecurity Venture of Ernst & Young [EMAIL PROTECTED] ; www.esecurityonline.com ; 1-877-eSecurity Craig Van Tassle To: security-basics <[EMAIL PROTECTED]> <craig@ambrosa. cc: (bcc: Ken Williams/AABS/EYLLP/US) dns04.com> Subject: spam 02/05/2002 12:57 AM I was wondering if any one knows if people (spammers) watch the security focus mailing lists to get peoples email addys? over the last couple of months i have been getting sporaticaly spam emails.. and i also noticed some funy things from my mail logs.. Feb 3 23:16:53 postfix/smtpd[33997]: lost connection after DATA from unknown[209.149.145.250] Feb 3 23:16:53 postfix/smtpd[33997]: disconnect from unknown[209.149.145.250] Feb 3 23:16:53 postfix/cleanup[33998]: 846CD3F1A: message-id =<[EMAIL PROTECTED]> does that mean that someone have been trying to get in though my email server or if they are just useing me as remailer? thanks ______________________________________________________________________ The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer. Thank you. Ernst & Young LLP