Sudden spam to this email address

[Greg Allen <ga...@netrox.net>]

Does posting to this list open me up to dweebs harvesting email addresses?

I'm suddenly getting BS spams to this email address, and they have to be
coming from one of two sources. This list being one of the options.

Thanks.

RE: Sudden spam to this email address

[Matt Kettler <mk...@comcast.net>]

At 11:53 PM 3/14/2005, Greg Allen wrote:
>Yep, I just found the culprit.
>
>The below 2 websites volunteer SA users-list email addresses for all the
>world to harvest. I found my email address in Google from posting here on
>this list.

One of many.. As I pointed out before, there's probably multiple spammers 
who are directly subscribed to the list.

>Be warned, if you post to this list use a throw-away email address unless
>you are looking to have a good test account for SA. :-)

That should be said of *any* mailing list that's open to public 
subscription. Period. They're all vulnerable to being mined regardless of 
what web archives they have. All the spammer needs to do is subscribe a 
"legitimate" account to the list and run all the messages through their 
list-mining software. As long as that address is only used for harvesting, 
and not used as a drop box for spam runs, nobody is ever likely to be the 
wiser to it.

Let's face it, telling the difference between a lurker who subscribes but 
never posts, and a spammer who mines but never posts is pretty much 
impossible. It's like trying to tell if a stranger is a spammer. The guy at 
the table behind you at lunch could be a spammer, and you'd not know. Only 
a few of the really big-time spammers get their pictures circulated.

The spammer is not easily recognized. The spammer is among us, and looks 
very much like us. Don't be fooled into thinking the spammer isn't there 
just because you can't see him. It's in his best interest to be here, and 
it's also in his best interest to blend in and not be noticed. Don't 
underestimate the spammers, some may be stupid, but some are also clever 
(albeit morally deficient).

Spying on one's adversaries is a battle tactic which is  thousands of years 
old. It goes on all the time between governments, militiaries, police and 
criminals, companies, neighbors. Why not here?

I'm sure at least some spammers know to spy on their adversaries... to spy 
on us... here... on this list.

And I'm SURE they have no moral problems with doing so.

   

RE: Sudden spam to this email address

[Rob McEwen <ro...@powerviewsystems.com>]

David B Funk said:
>geocities is pretty good about taking crap down once they're notified,

Yes... but it often takes them a couple of days to get this done... even
when kiddy pron is involved.

I wish geocities would respond faster to such complaints.

Also, much higher volumes of spam mail with geocities.com URLs hit my server
than legit mail with geocities.com URLs.

Rob McEwen

Re: Sudden spam to this email address

[David B Funk <db...@engineering.uiowa.edu>]

On Mon, 14 Mar 2005, Jeff Chan wrote:

> Well when they can sell spams that don't advertise a web site
> for the same price as those that do, let us know.  Until
> then SURBLs have them.
>
> Jeff C.

OK, how about 419'ers or stock scammers?

The child porn sites that use: http://beam.to/adultworld
or http://angels.hk.to  or a page at geocities?

geocities is pretty good about taking crap down once they're
notified, but that angels.hk.to site has been around for months.

-- 
Dave Funk                                  University of Iowa
<dbfunk (at) engineering.uiowa.edu>        College of Engineering
319/335-5751   FAX: 319/384-0549           1256 Seamans Center
Sys_admin/Postmaster/cell_admin            Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

Re: Sudden spam to this email address

[Matt Kettler <mk...@evi-inc.com>]

Stuart Johnston wrote:

> Hey, SURBLs are GREAT, no doubt about it but lets not kid ourselves.  
> It is a long way from a 100% spam solution.


I think Jeff's point is that SURBL is one test spammers have a limited 
ability to adapt to without cutting into their bottom line. Not that 
it's perfect.

Re: Sudden spam to this email address

[Stuart Johnston <st...@ebby.com>]

Jeff Chan wrote:
> On Tuesday, March 15, 2005, 9:02:44 AM, Stuart Johnston wrote:
> 
>>SURBLs have them... most of the time... eventually...  Er, yeah.
> 
> 
> Just to check, are you using ob.surbl.org and jp.surbl.org
> in multi.surbl.org, i.e.:

In the last ~24 hours:

All SA > 5: 	32540
*_SURBL: 	22361 (69%)
JP_SURBL:	20157 (62%)
OB_SURBL:	19900 (61%)

This is after a couple of DNSBLs at SMTP which may skew my stats.

Re: Sudden spam to this email address

[Jeff Chan <je...@surbl.org>]

On Tuesday, March 15, 2005, 9:02:44 AM, Stuart Johnston wrote:
> SURBLs have them... most of the time... eventually...  Er, yeah.

Just to check, are you using ob.surbl.org and jp.surbl.org
in multi.surbl.org, i.e.:

urirhssub URIBL_JP_SURBL  multi.surbl.org.        A   64
body      URIBL_JP_SURBL  eval:check_uridnsbl('URIBL_JP_SURBL')
describe  URIBL_JP_SURBL  Has URI in JP at http://www.surbl.org/lists.html
tflags    URIBL_JP_SURBL  net

score URIBL_JP_SURBL    4.0

They tend to catch new domains pretty quickly.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/

Re: Sudden spam to this email address

[Stuart Johnston <st...@ebby.com>]

Jeff Chan wrote:
> 
> Well when they can sell spams that don't advertise a web site
> for the same price as those that do, let us know.  Until
> then SURBLs have them.

SURBLs have them... most of the time... eventually...  Er, yeah.

Hey, SURBLs are GREAT, no doubt about it but lets not kid ourselves.  It 
is a long way from a 100% spam solution.

Re: Sudden spam to this email address

[Jeff Chan <je...@surbl.org>]

On Monday, March 14, 2005, 10:31:29 PM, Matt Kettler wrote:
> I am 100% certain that there are spammers subscribed to this list, or are
> getting the messages in some manner or another.  It's rather obvious why 
> they do it. Spam tools seem to quickly adapt to subjects discussed here. 
> List harvesting is a bonus. 

Well when they can sell spams that don't advertise a web site
for the same price as those that do, let us know.  Until
then SURBLs have them.

Jeff C.
-- 
Jeff Chan
mailto:jeffc@surbl.org
http://www.surbl.org/

Re: Sudden spam to this email address

[Matt Kettler <mk...@comcast.net>]

At 11:35 PM 3/14/2005, Greg Allen wrote:

>Does posting to this list open me up to dweebs harvesting email addresses?

Without a doubt, yes.

I am 100% certain that there are spammers subscribed to this list, or are 
getting the messages in some manner or another.  It's rather obvious why 
they do it. Spam tools seem to quickly adapt to subjects discussed here. 
List harvesting is a bonus. 

Re: Sudden spam to this email address

[Bob Proulx <bo...@proulx.com>]

Mike Burger wrote:
> The second link definitely gets you to, what appear to be, the raw list 
> archive files.

I did not see any "raw list archives" at this moment.  But I did see
the mail address in the mail archives here.  This one for example.

  http://spamassassin.apache.org/mail/users/200503

> In addition, the actual "archives", that are viewable to the world, show 
> the senders' email addresses.

Yes, but so does the mailing list.  Anyone can subscribe to the
mailing list.  And mailing lists that provide anonymity have been
around before but usually they have their own set of really bad
problems.  Basically web forums today are the anonymous media today.

There can be no illusion that your mail address is secret after
posting to a public mailing list.  So any spammer could get it from
there directly by subscribing regardless of how it was handled in mail
archives.  I think obfuscating addresses is just closing the barn door
after the animals have already escaped.  It just frustrates you and
annoys the pig.[1]  But even mailing addresses only known by friends
will get leaked out because a friend will sign you up for an email
greeting card or some other such frivolous thing and get you on a
spammer's list.

However I think the true leak is web pages.  I have seen studies
showing that between one to four weeks after an email address shows up
on a web site that it will start collecting spam.  And almost all
mailings lists are gateway'd to web pages somewhere on the 'net these
days.

When I web search for my email address it scary how many hits come
back.  I have old addresses from the late 1980's that are still found
by web searches.  Yet I still get very little spam to my mailbox.
RBLs, greylisting, virus filtering, spamassassin.  Sad that those are
needed.  But that is the way of things.  Fortunately they are very
effective.

Bob

[1] Let's see how long the OT followup thread goes about that analogy. :-)

Re: Sudden spam to this email address

[Mike Burger <mb...@bubbanfriends.org>]

Not his point.

The second link definitely gets you to, what appear to be, the raw list 
archive files.

The first link got me a blank page.

In addition, the actual "archives", that are viewable to the world, show 
the senders' email addresses.

Seems to me that whatever's generating the list archives, the raw files 
should be hidden from the world.  It also occurs to me that apache.org 
should either be using a list manager whose archives feature hides the 
email addresses (MailMan comes to mind) or a tool that properly masks the 
addresses...I believe mail2html, or somesuch.

But that's just my 2 cents worth.

On Mon, 14 Mar 2005, Thomas Cameron wrote:

> I don't post terribly frequently, but I certaibly do post to this list (and 
> many others).  Ditto for Usenet.  No throw-away addresses for me.
>
> I use SpamAssassin with Pyzor, Razor, DCC, and network checks, ClamAV, and 
> greylisting.
>
> I can remember one spam message that made it into my Inbox this year.  One.
>
> I can't shout from the roof tops loudly or often enough:  "SpamAssassin 
> works!"  :-)
>
> Thomas
>
> ----- Original Message ----- From: "Greg Allen" <ga...@netrox.net>
> To: <us...@spamassassin.apache.org>
> Sent: Monday, March 14, 2005 10:53 PM
> Subject: RE: Sudden spam to this email address
>
>
>> Yep, I just found the culprit.
>> 
>> The below 2 websites volunteer SA users-list email addresses for all the
>> world to harvest. I found my email address in Google from posting here on
>> this list.
>> 
>> aspn.activestate.com/ASPN/ Mail/Message/spamassassin-users
>> 
>> spamassassin.apache.org/mail/users
>> 
>> 
>> Be warned, if you post to this list use a throw-away email address unless
>> you are looking to have a good test account for SA. :-)
>> 
>> 
>> 
>> 
>> 
>> 
>> -----Original Message-----
>> From: Greg Allen [mailto:gallen@netrox.net]
>> Sent: Monday, March 14, 2005 11:36 PM
>> To: users@spamassassin.apache.org
>> Subject: Sudden spam to this email address
>> 
>> 
>> Does posting to this list open me up to dweebs harvesting email addresses?
>> 
>> I'm suddenly getting BS spams to this email address, and they have to be
>> coming from one of two sources. This list being one of the options.
>> 
>> Thanks.
>> 
>> 
>

--
Mike Burger
http://www.bubbanfriends.org

Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org

To be notified of updates to the web site, visit 
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a 
message to:

site-update-request@bubbanfriends.org

with a message of:

subscribe

Re: Sudden spam to this email address

[Thomas Cameron <th...@camerontech.com>]

I don't post terribly frequently, but I certaibly do post to this list (and 
many others).  Ditto for Usenet.  No throw-away addresses for me.

I use SpamAssassin with Pyzor, Razor, DCC, and network checks, ClamAV, and 
greylisting.

I can remember one spam message that made it into my Inbox this year.  One.

I can't shout from the roof tops loudly or often enough:  "SpamAssassin 
works!"  :-)

Thomas

----- Original Message ----- 
From: "Greg Allen" <ga...@netrox.net>
To: <us...@spamassassin.apache.org>
Sent: Monday, March 14, 2005 10:53 PM
Subject: RE: Sudden spam to this email address


> Yep, I just found the culprit.
>
> The below 2 websites volunteer SA users-list email addresses for all the
> world to harvest. I found my email address in Google from posting here on
> this list.
>
> aspn.activestate.com/ASPN/ Mail/Message/spamassassin-users
>
> spamassassin.apache.org/mail/users
>
>
> Be warned, if you post to this list use a throw-away email address unless
> you are looking to have a good test account for SA. :-)
>
>
>
>
>
>
> -----Original Message-----
> From: Greg Allen [mailto:gallen@netrox.net]
> Sent: Monday, March 14, 2005 11:36 PM
> To: users@spamassassin.apache.org
> Subject: Sudden spam to this email address
>
>
> Does posting to this list open me up to dweebs harvesting email addresses?
>
> I'm suddenly getting BS spams to this email address, and they have to be
> coming from one of two sources. This list being one of the options.
>
> Thanks.
>
> 

RE: Sudden spam to this email address

[Greg Allen <ga...@netrox.net>]

Yep, I just found the culprit.

The below 2 websites volunteer SA users-list email addresses for all the
world to harvest. I found my email address in Google from posting here on
this list.

aspn.activestate.com/ASPN/ Mail/Message/spamassassin-users

spamassassin.apache.org/mail/users


Be warned, if you post to this list use a throw-away email address unless
you are looking to have a good test account for SA. :-)






-----Original Message-----
From: Greg Allen [mailto:gallen@netrox.net]
Sent: Monday, March 14, 2005 11:36 PM
To: users@spamassassin.apache.org
Subject: Sudden spam to this email address


Does posting to this list open me up to dweebs harvesting email addresses?

I'm suddenly getting BS spams to this email address, and they have to be
coming from one of two sources. This list being one of the options.

Thanks.