> >On 13.05.08 15:17, Arvid Ephraim Picciani wrote: > >>It's not backscatter. Please see read the message again, you'll see that > >>it actually _pretends_ to be backscatter. I'm just asking here becouse i > >>wondered why somone would do that.
> >I've looked at it and I've (probably) missed it (again). Why do you think > >that it pretends to look like backscatter, and why do you think it is not? On 13.05.08 12:01, Shane Williams wrote: > Not to put words in anyone else's mouth, but I think what sets the > recent incidents apart from backscatter is one of intention. Intentional or not, the VBounce ruleset is specially designed to catch all bounces that were sent in reply to mail that the user did not send. It's imho completely useless to speculate why did the spammer forge user's address and if he wanted to spam the invalid address, or the bounce recipient. > Backscatter is the unintended blowback of spams sent out with forged > >From addresses where the intention is to deliver spam directly to a > victim. I don't see any reason why we should not call those bounces a backscatter, even if this was true. > This new phenomenon, which I've been referring to as bounce spam (or > maybe bounced spam) reverses the intentionality. That is, bounce spam > is intentionally sent to "misconfigured" servers that are known to > bounce rather than reject, in which the forged From address is the > intended victim. The fact that it's a bounce is just another way of > eluding spam filters. > In other words, backscatter is a by-product of spamming, while bounced > spam is the product itself. I don't think it's intended. I will better guess that spammers are wanting either one side to get it. Since two addresses I receive mail for got joe-jobbed in the past, I don't think the reason was to deliver mail to us - what's the point of delivering tons of spam to _one_ forged address, when someone wants to spam? Spammers want (not being a spammer I'm just guessing) their spam to be received by as much people as possible. Can you explain to me, why would spammer want all of his spam to be received by the same user? If we would even differ between getting random spam bounces and intended bounces, there's no need for different reaction - we do not want them. We want to block them all. To summarize, the original message was a bounce, and it was a backscatter. I really see no point of speculating who did the spammer want to spam, it would change nothing. -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Linux - It's now safe to turn on your computer. Linux - Teraz mozete pocitac bez obav zapnut.
