[Dshield] The incredible speed of spam
tericssonearnshaw at barlaeus.nl
Fri Aug 18 17:33:33 GMT 2006
fr den 18.08.2006 Klokka 11:02 (-0400) skreiv Jon R. Kibler:
> Want good evidence that putting email addresses on web pages is a dumb idea? Well, here it is.
> We did the following experiment:
> 1) Registered a totally lame domain name.
> 2) Set up DNS and mail to recognize it, and to receive email sent to any address in the domain.
> 3) Picked an obscure web page and added an email address in a meta tag along the lines of:
> <META NAME="ALL SPAMMERS ARE MORONS" CONTENT="spambait at example.com">
> >From the time that we saved the page until it got ripped by MFC_TEAR_SAMPLE from a system in the UK was 28hrs 22mins. One hour and 45 minutes later, we had spam sent to that email address from a system in Korea. So, it only took 30h 7m from the time an email address appeared in a web page until spam was sent to that address.
> Your mileage may vary.
Indeed, your mileage may vary. And one might, indeed, be planning a spam
Our domain (barlaeus.nl) has always had a unique, non-existent user as
example on our web page, k.devries at barlaeus.nl. I (the Postfix admin)
love the myriad spam-trap anti UCE answers that Postfix returns,
culminating (if all else fails) with:
"Out: 550 5.1.1 <k.devries at barlaeus.nl>: Recipient address rejected:
Out: 221 2.0.0 Bye".
There are relatively few spam attempts to K.devries.
OTOH we have another recipient (published all over, in brochures, web
sites, everywhere): ben at barlaeus.nl (using reverse Stanley Kubrik
notation, i.e. HAL => IBM) that gets spam - attempts - from all over the
world, many, many per day. Blocking the subnets that produce these is an
avid hobby of mine.
Moral, translating semi-literally from the Norwegian: "there is nothing
so bad that it isn't good for something else".
More information about the list