[Dshield] The incredible speed of spam

Tony Earnshaw tericssonearnshaw at barlaeus.nl
Fri Aug 18 17:33:33 GMT 2006


fr den 18.08.2006 Klokka 11:02 (-0400) skreiv Jon R. Kibler:

> Want good evidence that putting email addresses on web pages is a dumb idea? Well, here it is.
> 
> We did the following experiment:
>    1) Registered a totally lame domain name.
>    2) Set up DNS and mail to recognize it, and to receive email sent to any address in the domain.
>    3) Picked an obscure web page and added an email address in a meta tag along the lines of:
> 	<META NAME="ALL SPAMMERS ARE MORONS" CONTENT="spambait at example.com">
> 
> >From the time that we saved the page until it got ripped by MFC_TEAR_SAMPLE from a system in the UK was 28hrs 22mins. One hour and 45 minutes later, we had spam sent to that email address from a system in Korea. So, it only took 30h 7m from the time an email address appeared in a web page until spam was sent to that address.
> 
> Your mileage may vary.

Indeed, your mileage may vary. And one might, indeed, be planning a spam
trap.

Our domain (barlaeus.nl) has always had a unique, non-existent user as
example on our web page, k.devries at barlaeus.nl. I (the Postfix admin)
love the myriad spam-trap anti UCE answers that Postfix returns,
culminating (if all else fails) with:

 "Out: 550 5.1.1 <k.devries at barlaeus.nl>: Recipient address rejected:
User unknown
 In:  QUIT
 Out: 221 2.0.0 Bye".

There are relatively few spam attempts to K.devries.

OTOH we have another recipient (published all over, in brochures, web
sites, everywhere): ben at barlaeus.nl (using reverse Stanley Kubrik
notation, i.e. HAL => IBM) that gets spam - attempts - from all over the
world, many, many per day. Blocking the subnets that produce these is an
avid hobby of mine.

Moral, translating semi-literally from the Norwegian: "there is nothing
so bad that it isn't good for something else".

--Tonni

-- 
Tony Earnshaw
reservebergenser :)



More information about the list mailing list