E-mail Scam, Addressess being collected of mailing list ::Advice Requested

[Willie Viljoen]

On Sunday 13 April 2003 18:43, someone, possibly Louis LeBlanc, typed:
> On 04/13/03 04:39 PM, Bjarne Wichmann Petersen sat at the `puter and 
typed:
> > On Sunday 13 April 2003 16:19, Bill Moran wrote:
> > > >   I have reason to believe that these scammers are collecting
> > > > e-mail addresses of our mailing list users, I'm taking this very
> > > > seriously and would like ask the more experienced of you on what
> > > > action to take next.
> > >
> > > Welcome to hell.  While I don't have 100% proof ... I think you are
> > > absolutely correct: that spammers harvest email addresses from this
> > > (among others) list.
> >
> > Well, I can prove it. I'm using different addresses for various lists,
> > so I know *where* spammers get my address. And the address I'm using
> > for this list gets it's share of spam. :-(
> >
> > And once... *once* in a thoughtless moment my address I only use for
> > personal use ended up here... few days later an address that have been
> > perfectly spamfree for *years* started receiving penisenlargement
> > investment from horny wet teenies through Nigerian Bank...
>
> Yup.  I subscribe to 8 or 10 mailing lists off and on, and with
> different addresses for each (notice the '+freebsd), and I'm always
> surprised to see new mail show up in a list folder that I've
> unsubscribed from months earlier.

Sadly this is every day life for me. I second Lou on the SpamAssassin thing, 
it's the only thing that helps, blacklists are nolonger effective as 
spammers have started finding new ways to send mail.

As for harvesting addresses, the really annoying thing is that they aren't 
harvesting them directly off the lists, they are simply using a slightly 
modified web spider to troll through the geocrawler archives, so the moment 
you use an address, or put it anywhere in a message on a list which is 
archived, you can be sure that spam will follow within weeks.

If spamasassin doesn't work, another approach I have found is whitelisting. 
Go googling for tools to do this automatically. I am too lazy, so I use 
spamassassin, but some have had success with whitelisting mailing lists 
they want by hand, and letting the rest come through with a challenge 
response authentication method, ie:

A user not on the white list sends mail
The server quaranteens this mail and sends one back to the user asking them 
to reply with the authentication code on the first message.
If this happens, the software believes the sender to be a human, and lets 
the mail through, if not, the mail is dropped after 48 hours, if another is 
received, the process begins again.

The problem with this method is that it will also eventually be overcome, as 
spammers install transport filters on their servers that detect this and 
send a reply.

Until then, this seems to be something that *could* work. I'd stick with 
spamassassin though.

Will

-- 
Willie Viljoen
Freelance IT Consultant

214 Paul Kruger Avenue, Universitas
Bloemfontein
9321
South Africa

+27 51 522 15 60
+27 51 522 44 36 (after hours)
+27 82 404 03 27 (mobile)

will at unfoldings.net