[IP] Another twist on spam

To: ip@xxxxxxxxxxxxxx
Subject: [IP] Another twist on spam
From: Dave Farber <dave@xxxxxxxxxx>
Date: Mon, 15 Sep 2003 18:43:15 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx

Delivered-To: dfarber+@xxxxxxxxxxxxxxxxxx
Date: Mon, 15 Sep 2003 17:27:22 -0400
From: Tim O'Connor <tim@xxxxxxxxxxxxxx>
Subject: Another twist on spam
To: Dave Farber <dave@xxxxxxxxxx>

In a new variation on spam -- new for me, anyhow -- I began to
receive bounces from AOL last night.  I thought they were from a
mailing list I manage, which has some AOL subscribers.  Then I
read a message and found a note explaining the failed delivery:
a statement embedded in the bounce from AOL stated that too many
UCE messages were being received from host, so my messages were
ALL being rejected by AOL.

When I examined the bounces, it was clear that they came from
many disparate sources clearly NOT my domain; this was evident
in the headers.  The forgeries all claimed to come from my domain,
"dachshund DOT com."  But each message had some insanely fake
username before the @ sign, and each was directed at anywhere from
three to six AOL victims.

This was not a case of a "SoBig" harvesting addresses from an
address book.  These were apparently randomized values (e.g.,
"l67ucwsjm") with my domain appended.

I run a good spam filter to save myself from the onslaught of trash.
Now on the other side of the fence, impersonated dozens of times
over, with no recourse but to send messages to postmasters of
domains I extract from the headers, I'm losing my "live and let
live" tolerance.

I'm used to seeing apparently fake AOL and Yahoo addresses, but now,
with my (low-profile) domain grabbed by fakers, I can only watch the
hijacking and hope not to end up blacklisted more widely.  If it is
the proverbial tip of the iceberg, how do I protect myself?  What
do you do if "farber DOT net" is next, not because of a virus at
work, but because of a scammer selling ways to enlarge body parts?

Then as a final insult, AOL chooses to block UCE based on the stated
(forged) "From:" field rather than from the envelope or the "Received
from" data, both of which clearly state the true host.

I admit that I oscillate between tolerance (one person's spam is another
person's useful message) and fury (wanting to see vigilantes triumph on
the spam battlefield).  Today, I admit that I would readily reach for
the digital shotgun if I had one.

I suppose I should be grateful that spammers haven't (yet) appropriated
my actual address, since, as it stands, at least anyone with 1/10 a
brain can read the headers and tell they are looking at a forgery.

--tim o'connor


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Talk (at Purdue) INVENTOR OF 'CTL-ALT-DEL'
Next by Date: [IP] delaying the recall to move in electronic voting
Previous by thread: [IP] Talk (at Purdue) INVENTOR OF 'CTL-ALT-DEL'
Next by thread: [IP] delaying the recall to move in electronic voting
Index(es):
- Date
- Thread