You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Marc Perkel <su...@junkemailfilter.com> on 2014/02/06 23:41:51 UTC
Who wants to trade data?
I have 700,000 IP addresses of hackers trying to send email using stolen
authentication. Anyone interested?
http://ipadmin.junkemailfilter.com/auth-hack.txt
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: Who wants to trade data?
Posted by Benny Pedersen <me...@junc.eu>.
On 2014-02-09 22:07, Marc Perkel wrote:
> The list is just auth fooled users over the last 30 days.
could you track, sender domains from auth fooled ips, is sender domain
dnssec or not ?
this would be usefull data to collect
Re: Who wants to trade data?
Posted by Marc Perkel <su...@junkemailfilter.com>.
On 2/7/2014 3:01 AM, Benny Pedersen wrote:
> On 2014-02-06 23:41, Marc Perkel wrote:
>> I have 700,000 IP addresses of hackers trying to send email using
>> stolen authentication. Anyone interested?
>>
>> http://ipadmin.junkemailfilter.com/auth-hack.txt
>
> q: how many is listed in spamhaus pbl ?
> q: is dnswl filtered out ?
>
> or is the list just auth fooled users ?
>
> if there dns service is unstable how can you verify its not stolen ?
>
> q: would you provide the list for xtables_addons geoip in csv formated
> list ?
>
> this could then be used to create A0 country codes or another that is
> not used in geoip
>
> the last question is here since it would be lowmem and not hard to do :=)
>
>
>
The list is just auth fooled users over the last 30 days.
--
Marc Perkel - Sales/Support
support@junkemailfilter.com
http://www.junkemailfilter.com
Junk Email Filter dot com
415-992-3400
Re: Who wants to trade data?
Posted by Benny Pedersen <me...@junc.eu>.
On 2014-02-06 23:41, Marc Perkel wrote:
> I have 700,000 IP addresses of hackers trying to send email using
> stolen authentication. Anyone interested?
>
> http://ipadmin.junkemailfilter.com/auth-hack.txt
q: how many is listed in spamhaus pbl ?
q: is dnswl filtered out ?
or is the list just auth fooled users ?
if there dns service is unstable how can you verify its not stolen ?
q: would you provide the list for xtables_addons geoip in csv formated
list ?
this could then be used to create A0 country codes or another that is
not used in geoip
the last question is here since it would be lowmem and not hard to do
:=)
Re: Who wants to trade data?
Posted by Neil Schwartzman <ne...@cauce.org>.
On Feb 7, 2014, at 6:08 AM, Benny Pedersen <me...@junc.eu> wrote:
> On 2014-02-07 01:33, Noel Butler wrote:
>> else we'd have seen a url in one of his posts
>> advertising it, therefore can be considered UCE
>
> agree if its free to download its not spam, i just think its the grey zone here
Sorry, no. The cost of a payload isn’t relevant to the determination is something is spam. Spam is unsolicited and (generally) bulk. I am offered ‘free’ subscriptions to things all the time, by spam.
That said, i think someone offering anti-spam data to an anti-spam list is *collegial*, not spam, and the fact that it is free is even more collegial.
Re: Who wants to trade data?
Posted by Benny Pedersen <me...@junc.eu>.
On 2014-02-07 01:33, Noel Butler wrote:
> else we'd have seen a url in one of his posts
> advertising it, therefore can be considered UCE
agree if its free to download its not spam, i just think its the grey
zone here
Re: Who wants to trade data?
Posted by Noel Butler <no...@ausics.net>.
On Thu, 2014-02-06 at 19:20 -0500, Rob McEwen wrote:
> On 2/6/2014 6:59 PM, Noel Butler wrote:
> > spams an anti-spam list
>
> so sharing/discussing data/intel about spammers on an anti-spam list...
> is spamming? Really?
>
When you post the same thing almost weekly, yes, it is.
you only need ask once, or tell people the list is available free to
d/l, if they want it, they'll act, an offer of trade also implies not
free-for-all, else we'd have seen a url in one of his posts advertising
it, therefore can be considered UCE
Re: Who wants to trade data?
Posted by Rob McEwen <ro...@invaluement.com>.
On 2/6/2014 6:59 PM, Noel Butler wrote:
> spams an anti-spam list
so sharing/discussing data/intel about spammers on an anti-spam list...
is spamming? Really?
--
Rob McEwen
invaluement.com
Re: Who wants to trade data?
Posted by Dave Warren <da...@hireahit.com>.
On 2014-02-06 19:30, Noel Butler wrote:
> so, how about EVERYONE with list of IP's who try compromise or abuse
> systems, start offering them for sale on here, then lets see what you
> think.
Maybe you were reading a different mailing list than I am, but the
message I received didn't have any commercial sales offer, it offered up
the link freely (and indicated he might be interested in receiving
similar data, hence, a trade)
Given that it's loosely on-topic (anti-email-abuse, anti-spam),
SpamAssassin's mailing list doesn't seem to have a "Thou shall only
speaketh regarding SpamAssassin" policy, and non-commercial (free access
to the data, without any preconditions), I'm having trouble seeing the
problem.
I'd also like to say that I think it's awesome when commercial vendors
give back to the community, in large or small ways.
But that's just me.
--
Dave Warren
http://www.hireahit.com/
http://ca.linkedin.com/in/davejwarren
Re: Who wants to trade data?
Posted by Amir Caspi <ce...@3phase.com>.
Don't know if you noticed but his email earlier today included a link to a txt file with the list if IPs. Free. Just DL if you want. No sale, no money.
I don't see commercial pressure here when he gave it away already.
(I don't know the guy and don't plan to use the list, but just wanted to point out that he provided it already, for free, no request or implication for money.)
--- Amir
thumbed via iPhone
> On Feb 6, 2014, at 8:30 PM, Noel Butler <no...@ausics.net> wrote:
>
>> On 07/02/2014 10:36, Rick Macdougall wrote:
>>
>> Err,
>>
>> I have received automated emails from Mark's service multiple times about compromised users.
>>
>> He and his services are definitely white hat, and have helped us knock infected users off line.
>>
>> Not sure what your problem is.
>>
>> Regards,
>>
>
>
> so, how about EVERYONE with list of IP's who try compromise or abuse systems, start offering them for sale on here, then lets see what you think.
>
>
>
> IDGAF if he has some bois here, I really dont, I know fully well plenty here will think its OK for his to offer to trade/sell IP's, some others may not, I'm on the later class. I do the same for anyone who repeatedly sends UCE to any of my inboxes, and IDGAF who they are.
>
>
Re: Who wants to trade data?
Posted by Noel Butler <no...@ausics.net>.
On 07/02/2014 10:36, Rick Macdougall wrote:
> Err,
>
> I have received automated emails from Mark's service multiple times about compromised users.
>
> He and his services are definitely white hat, and have helped us knock infected users off line.
>
> Not sure what your problem is.
>
> Regards,
so, how about EVERYONE with list of IP's who try compromise or abuse
systems, start offering them for sale on here, then lets see what you
think.
IDGAF if he has some bois here, I really dont, I know fully well plenty
here will think its OK for his to offer to trade/sell IP's, some others
may not, I'm on the later class. I do the same for anyone who repeatedly
sends UCE to any of my inboxes, and IDGAF who they are.
Re: Who wants to trade data?
Posted by Rick Macdougall <ri...@ummm-beer.com>.
Err,
I have received automated emails from Mark's service multiple times about compromised users.
He and his services are definitely white hat, and have helped us knock infected users off line.
Not sure what your problem is.
Regards,
Rick
Sent from my iPad
> On Feb 6, 2014, at 6:59 PM, Noel Butler <no...@ausics.net> wrote:
>
>
>> On Thu, 2014-02-06 at 14:41 -0800, Marc Perkel wrote:
>> I have 700,000 IP addresses
>
>
> This is the second, no, third time I've seen this on this list in recent times, amazing that someone who claims to be in anti-spam, spams an anti-spam list, what do they say, three strikes and your out...
>
> Welcome to our spamassassin filters and internal BL.
>
>
Re: Who wants to trade data?
Posted by Noel Butler <no...@ausics.net>.
On Thu, 2014-02-06 at 14:41 -0800, Marc Perkel wrote:
> I have 700,000 IP addresses
This is the second, no, third time I've seen this on this list in recent
times, amazing that someone who claims to be in anti-spam, spams an
anti-spam list, what do they say, three strikes and your out...
Welcome to our spamassassin filters and internal BL.