Re: Interesting spam

2016-05-07 Thread RW
On Sat, 7 May 2016 05:12:56 +0200 Reindl Harald wrote: > Am 07.05.2016 um 05:08 schrieb Reindl Harald: > > > > > > Am 07.05.2016 um 00:31 schrieb RW: > >> > >> Anyone playing whack-a-mole with those "pretty girl looking for > >> handsome man" spams might be interested in this spam I got today:

Re: Interesting spam

2016-05-06 Thread Reindl Harald
Am 07.05.2016 um 00:31 schrieb RW: Anyone playing whack-a-mole with those "pretty girl looking for handsome man" spams might be interested in this spam I got today: http://pastebin.com/SFegJAj1 Content analysis details: (16.4 points, 5.5 required) pts rule name description

Re: Interesting spam

2016-05-06 Thread Reindl Harald
Am 07.05.2016 um 05:08 schrieb Reindl Harald: Am 07.05.2016 um 00:31 schrieb RW: Anyone playing whack-a-mole with those "pretty girl looking for handsome man" spams might be interested in this spam I got today: http://pastebin.com/SFegJAj1 BTW - your pastebin version is wracked - got th

Interesting spam

2016-05-06 Thread RW
Anyone playing whack-a-mole with those "pretty girl looking for handsome man" spams might be interested in this spam I got today: http://pastebin.com/SFegJAj1

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread Dave Warren
On 2013-06-11 00:48, Neil Schwartzman wrote: On Jun 10, 2013, at 9:30 PM, Dave Warren > wrote: I doubt it's "a guy", but it wouldn't surprise me if the botnet that performs the dictionary attack forwards the results off to "a guy" to confirm that the account works

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread David F. Skoll
On Mon, 10 Jun 2013 20:33:29 -0700 Marc Perkel wrote: > We'll - it does waste their time and resources. Not so they'd notice. The basic rule is: No matter how much computing power and bandwidth you have, the spammers have a lot more. Trying to tie up their resources is a waste of time. Regard

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread David F. Skoll
On Mon, 10 Jun 2013 20:27:05 -0700 Marc Perkel wrote: > I'm not sure. I'm wondering if they use automation and maybe it's not > so smart. I don't think there is "a guy" typing passwords. Certainly not, but it's easy enough to program a password-cracker to try to detect honeypots. Regards, Davi

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-11 Thread Neil Schwartzman
On Jun 10, 2013, at 9:30 PM, Dave Warren wrote: > I doubt it's "a guy", but it wouldn't surprise me if the botnet that performs > the dictionary attack forwards the results off to "a guy" to confirm that > the account works. no, really, it's a bot. They have tens of millions of compromised a

Ang.: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread pe...@irt.kth.se
How about redirecting known bots with nat/iptables to a spamtrap to collect the data. If a botnetspammer would belive that your mailserver is a spamtrap and back off, who would complain? - Reply message - Från: "Dave Warren" Till: Rubrik: Interesting Spam Trap I

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Dave Warren
On 2013-06-10 20:27, Marc Perkel wrote: I'm not sure. I'm wondering if they use automation and maybe it's not so smart. I don't think there is "a guy" typing passwords. Perhaps only accepting the first password for any particular account from a single IP, and rejecting different password atte

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread John Levine
>One of the things I like about it is that if hackers are sending spam >into my fake server then it takes away from their efforts on real >accounts that they could hack. I'm wondering if enough of us put up fake >authentication not only can we detect spam that way but we could waste a >lot of s

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Benny Pedersen
Marc Perkel skrev den 2013-06-11 05:33: We'll - it does waste their time and resources. Maybe it would be better if it failed every time just to keep them working at it. Maybe I should open pop and imap ports just to make it more inviting looking. +1 ;) as is spammers knowing using pop3 to se

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Marc Perkel
On 6/10/2013 8:38 AM, David F. Skoll wrote: On Mon, 10 Jun 2013 08:32:35 -0700 Marc Perkel wrote: I decided to implement and advertise that the server had SMTP athentication even though there was nothing to authenticate. I created an authenticator that would accept any username and password.

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Marc Perkel
On 6/10/2013 8:53 AM, David F. Skoll wrote: On Mon, 10 Jun 2013 17:49:11 +0200 John Wilcock wrote: Theoretically you could detect such confirmation messages (logically the first message from a given user,password pair) and actually deliver them, then harvest the rest! But you'd have to be rea

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Benny Pedersen
David F. Skoll skrev den 2013-06-10 17:53: Also, putting on a spammer hat (NOT that I actually own one!) if the credentials "user/password" worked for me via SMTP AUTH, I would then try "user/anotherpassword" and if those *also* worked, I'd assume it was a honeypot and avoid it. i would del

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Benny Pedersen
John Wilcock skrev den 2013-06-10 17:49: Theoretically you could detect such confirmation messages (logically the first message from a given user,password pair) and actually deliver them, then harvest the rest! But you'd have to be really careful not to become a spam relay in the process! mang

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Benny Pedersen
Marc Perkel skrev den 2013-06-10 17:32: Thoughts? postfix recently got smtpd_relay_restrictions, wonder if it comes from that idear, its not need auth if spam is just delivered localy not needing relaying, but it will still be possible to make alias forwarding so its not relaying, just deli

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread David F. Skoll
On Mon, 10 Jun 2013 17:49:11 +0200 John Wilcock wrote: > Theoretically you could detect such confirmation messages (logically > the first message from a given user,password pair) and actually > deliver them, then harvest the rest! But you'd have to be really > careful not to become a spam relay i

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread John Wilcock
Le 10/06/2013 17:38, David F. Skoll a écrit : That's an interesting honeypot. I've seen spammers crack SMTP AUTH passwords, but in most cases the first thing they do is send an email to a freemail account with a subject like: 192.168.33.55,user,passwd and if they don't get the round-tr

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread John Hardin
On Mon, 10 Jun 2013, Marc Perkel wrote: I'm experimenting with an interesting spam trap idea. Normally I run many inbound servers as spam filters (Using Exim) with no SMTP authentication. But then I got this idea I decided to implement and advertise that the server had

Re: Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread David F. Skoll
On Mon, 10 Jun 2013 08:32:35 -0700 Marc Perkel wrote: > I decided to implement and advertise that the server had SMTP > athentication even though there was nothing to authenticate. I > created an authenticator that would accept any username and password. > But it's obviously spam. Then I harvest

Interesting Spam Trap Idea - Fake Authentication

2013-06-10 Thread Marc Perkel
I'm experimenting with an interesting spam trap idea. Normally I run many inbound servers as spam filters (Using Exim) with no SMTP authentication. But then I got this idea I decided to implement and advertise that the server had SMTP athentication even though there was nothi

interesting spam header

2006-02-18 Thread Chris
I noticed this in my syslog: Feb 18 20:21:44 cpollock spamd[18615]: spamd: processing message <[EMAIL PROTECTED]> for chris:501 Feb 18 20:21:44 cpollock spamd[18615]: Character in 'C' format wrapped in pack at /usr/lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 711, line 53. Feb 18

Re: Interesting spam

2004-12-21 Thread multimedia-fan
On Tue, 21 Dec 2004 11:05:25 -0500, Chris Santerre <[EMAIL PROTECTED]> wrote: >I just got a spam with NO url, no address, and no phone number. Looks like a >simple throw away account with a sbcglobal drop box: > >What I found interesting was the opt-out clause at the end :) Which is it? >I also li

Re: Interesting spam

2004-12-21 Thread Matt Kettler
At 11:05 AM 12/21/2004, Chris Santerre wrote: Also has anyone seen this header, X-ELNK-Trace: ? Google is your friend: http://www.google.com/search?hl=en&q=%22X-ELNK-Trace%22&btnG=Google+Search Appears to be a header added by the ISP earthlink.net.

Interesting spam

2004-12-21 Thread Chris Santerre
I just got a spam with NO url, no address, and no phone number. Looks like a simple throw away account with a sbcglobal drop box: What I found interesting was the opt-out clause at the end :) Which is it? I also like the 'hello' messege in the header. How did the spammer know I was a hottie? ;)