Great Circle Associates List-Managers
(June 2002)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Spamtrap e-mail addresses in spam headers? [was: Omar's Relevance]
From: "Alan B. Clegg" <alan @ clegg . com>
Date: Sat, 29 Jun 2002 12:22:40 -0400
To: List Managers <List-Managers @ greatcircle . com>
In-reply-to: <5.1.0.14.2.20020629033852.03cd4eb0@127.0.0.1>; from njs@scifi.squawk.com on Sat, Jun 29, 2002 at 03:51:22AM -0400
References: <Pine.GSO.4.43.0206281707270.10202-100000@saltmine.radix.ne t> <5.1.0.14.2.20020629033852.03cd4eb0@127.0.0.1>
User-agent: Mutt/1.2.5.1i

Unless the network is lying to me again, Nick Simicich said: 

> However, there may well be some escalation blacklisting regarding 
> topica.  They have had some large number of lists with spamtrap addresses 
> signed up onto their service and they have not vetted them well.

This is an interesting point on which I'd love to see some discussion
(not sure that it's relavent here, so please tell me to move it elsewhere
if that is appropriate, or followup with me off list). 

One of my systems was recently blacklisted by SPEWS.  It took me a few days
to find out 1) that it had happened and 2) to get it fixed.  It seems that
a spamtrap address somewhere had gotten "mail from me" and that seems to be
an automatic, one-shot blacklisting offense.

Now, I use TMDA for junk-mail dispatching, and it sends an e-mail back to
anyone that I don't have in an explicit whitelist explaining what is
happening, and how to deal with getting mail to me (it's really simple,
and a really nice system for those that have not seen it yet).

Anyway, after talking with the SPEWS folks, the only thing I can figure
out is that a piece of spam had an envelope From_ of a spamtrap and 
they tagged me.  The mail that had been "harvested" in the spamtrap was
one of my TMDA explanation mail.  The SPEWS guys would not tell me what
the address of the spamtrap was so I was not able to see which piece of
mail had triggered it.

Has anyone else seen spam with spamtrap return addresses?

AlanC
-- 
               | Alan Clegg | Networks | Security | UNIX | 802.11 | 
perl -le '$_="6110>374086;2064208213:90<307;55";tr[0->][ LEOR\!AUBGNSTY];print'

Attachment: pgp00006.pgp
Description: PGP signature


Follow-Ups:
References:
Indexed By Date Previous: Re: Omar, I bet this is relevant!
From: Nick Simicich <njs@scifi.squawk.com>
Next: Re: Spamtrap e-mail addresses in spam headers? [was: Omar's Relevance]
From: J C Lawrence <claw@kanga.nu>
Indexed By Thread Previous: Re: Omar, I bet this is relevant!
From: Nick Simicich <njs@scifi.squawk.com>
Next: Re: Spamtrap e-mail addresses in spam headers? [was: Omar's Relevance]
From: J C Lawrence <claw@kanga.nu>

Google
 
Search Internet Search www.greatcircle.com