Great Circle Associates List-Managers
(January 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: varkey@informationsearch.com
From: ckk @ pobox . com (Chris Koenigsberg)
Date: Thu, 23 Jan 1997 09:34:02 -0500
To: James Lick <jlick @ shoreside . com>
Cc: list-managers @ GreatCircle . COM
In-reply-to: Your message of "Wed, 22 Jan 1997 20:00:04 PST." <Pine.SOL.3.91.970122192007.853r-100000@shoreside.com>
Reply-to: ckk @ pobox . com (Chris Koenigsberg) 
James Lick describes a bad guy who spams anyone that posts to a mailing list, 
only James can't figure out how the bad guy is getting the mailing list mail 
in the first place.

Here's an idea you can try. Assuming you can create some temporary accounts 
at your home site, you can "fake" an outgoing mailing list message, 
individually for each subscriber on the list (unless it's too big of course). 
Each one will look as if it came through the real mailing list, only each one 
will actually be a personalized test for that recipient, from a corresponding 
personal test reply account. You create the headers by hand, to look like an 
outgoing list message, and you give Sendmail the right arguments (e.g. "-f 
owner-listname" so the envelope sender is the list-owner as usual).

Then you see which of the personal reply addresses the spammer spams to.

Create the messages from a template, substituting in the destination and 
reply addresses -- for subscriber "foo@bar", the message should appear to 
have been sent by "repl-foo_bar@your.site". Feed the outgoing messages to 
Sendmail one by one.

On the replies, your host should indicate which "repl-foo_bar" was the 
target, in the "Received" header that it adds, i.e. it will say "Received by 
your.site for repl-foo_bar...." assuming that the spammer only spams to one 
recipient at a time......

Note that if you just make the "repl-foo_bar" targets as entries in 
/etc/aliases, they will be resolved and won't appear in the Received header 
so you won't be able to tell which one was targetted.

If your site has the "+" hooks enabled, in Sendmail, then you can even use 
your own account and add the recipient hooks afterwards i.e. subscriber 
"foo@bar.com" gets a test from "jlick+foo_bar.com" and so on. (without the 
"+" hook enabled, Sendmail would bounce that as unknown; with the hook, it 
delivers it to the username to the left of the "+" sign)

And if your site enables Sendmail to pass the "+foo_bar.com" as a special -A 
arg to Procmail, then you can even sort the incoming replies.


--------------------
Chris Koenigsberg: ckk@scr.siemens.com (ckk@pobox.com)
<URL: http://www.pobox.com/~ckk>
Siemens Corporate Research, and Rutgers University Dept. of Computer Science
References:
Indexed By Date Previous: Re: fresh horror from AOL
From: Annchgo@aol.com
Next: Re: fresh horror from AOL
From: Rich Kulawiec <rsk@itw.com>
Indexed By Thread Previous: varkey@informationsearch.com
From: James Lick <jlick@shoreside.com>
Next: Re: varkey@informationsearch.com
From: "Dr. Manion" <CEO@Citadel.Net>
Google
 
Search Internet Search www.greatcircle.com