[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Asrg] The fundamental misconception about paying for mail [postage]

To: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Subject: Re: [Asrg] The fundamental misconception about paying for mail [postage]
From: "Chris Lewis" <clewis at nortel.com>
Date: Sat, 29 Nov 2008 21:20:43 -0500
Delivered-to: ietfarch-asrg-web-archive at core3.amsl.com
Delivered-to: asrg at core3.amsl.com
In-reply-to: <20081130002931.GA31405 at gsp.org>
List-archive: <http://www.irtf.org/pipermail/asrg>
List-help: <mailto:asrg-request@irtf.org?subject=help>
List-id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-post: <mailto:asrg@irtf.org>
List-subscribe: <https://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
List-unsubscribe: <https://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
Organization: Nortel
References: <20081128153932.81359.qmail at simone.iecc.com> <88C6648D-9F8C-4D62-9DAB-99F4E0F918EB at pobox.com> <200811281922.OAA15028 at Sparkle.Rodents-Montreal.ORG> <7eeceb440811291530w44d98779t3eb374d3657dfc38 at mail.gmail.com> <20081130002931.GA31405 at gsp.org>
Reply-to: Anti-Spam Research Group - IRTF <asrg at irtf.org>
Sender: asrg-bounces at irtf.org
User-agent: Thunderbird 2.0.0.18 (Windows/20081105)

Rich Kulawiec wrote:
> On Sat, Nov 29, 2008 at 05:30:30PM -0600, mathew wrote:
>> Spammers could bypass all my spam filtering right now, and probably that of
>> many other people, if they could reliably automatically guess what mailing
>> lists their victims are on. Has anyone seen any evidence that they are
>> capable of doing so?
> 
> Yes.  I have spam-in-hand from multiple incidents.  And it is of course
> not necessary for them to guess, since they could (a) subscribe to those
> lists and harvest part of the subscriber list (b) grab the archives of
> [some] lists and harvest part of the subscriber list (c) go through the
> "address books" and stored mail on any zombied system and note any mailing
> list which any mail address in use on that system is subscribed to
> (d) go through any zombie which happens to be a mailing list server (e) etc.
> 
> So why don't we see more of it?  I suspect because it's not worth
> their trouble -- yet.

It certainly is, if only by way of zombied machines.

The users here getting the highest volumes of spam (in one case > 16,000
/day in bursts) have only one thing in common.

Membership in lots of IETF related activities, especially mailing lists.

The second most common attribute is membership in IEEE lists.
_______________________________________________
Asrg mailing list
Asrg at irtf.org
https://www.irtf.org/mailman/listinfo/asrg

Follow-Ups:
- Re: [Asrg] The fundamental misconception about paying for mail [postage]
  - From: John Levine

References:
- [Asrg] The fundamental misconception about paying for mail
  - From: John Levine
- Re: [Asrg] The fundamental misconception about paying for mail
  - From: mathew
- Re: [Asrg] The fundamental misconception about paying for mail
  - From: der Mouse
- Re: [Asrg] The fundamental misconception about paying for mail
  - From: mathew
- Re: [Asrg] The fundamental misconception about paying for mail [postage]
  - From: Rich Kulawiec

Prev by Date: Re: [Asrg] POSTAGE The fundamental misconception about paying for mail
Next by Date: Re: [Asrg] The fundamental misconception about paying for mail POSTAGE
Previous by thread: Re: [Asrg] The fundamental misconception about paying for mail [postage]
Next by thread: Re: [Asrg] The fundamental misconception about paying for mail [postage]
Index(es):
- Date
- Thread