IBM's iSource (207.25.249.18) listed in spam.dnsbl.sorbs.net
Ariel
207.25.249.18, isource.boulder.ibm.com, which sends IBM's
announcements and is as legit as it can get. It seems it's in
spam.dnsbl.sorbs.net, the spamtrap DB. I tried to report this using
SORBS web form but got a not-delivered response.
I notified iSource. If anyone here knows how to contact SORBS - please
forward this message. Not only is the listing wrong, but it could
indicate that a spamtrap was compromised and someone is opting it in
to various lists.
TIA,
Ariel.
[and yes, this is my real address, but the spammers have had it for
years, so I don't give a ....]
mb
> I just noticed today in my logs that dnsbl.sorbs.net blocks
> 207.25.249.18, isource.boulder.ibm.com, which sends IBM's
> announcements and is as legit as it can get. It seems it's in
> spam.dnsbl.sorbs.net, the spamtrap DB. I tried to report this using
> SORBS web form but got a not-delivered response.
http://www.spamcop.net/w3m?action=checkblock&ip=207.25.249.18
Peter Peters
>I just noticed today in my logs that dnsbl.sorbs.net blocks
>207.25.249.18, isource.boulder.ibm.com, which sends IBM's
>announcements and is as legit as it can get. It seems it's in
>spam.dnsbl.sorbs.net, the spamtrap DB. I tried to report this using
>SORBS web form but got a not-delivered response.
We recieved a spam advertising IBM's eServe systems. They bought an list
from a company that did not use opt-in and that doesn't honor opt-out
requests.
--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ
axlq in California
Ariel <ar...@amis-jlm.co.il> wrote:
>Not only is the listing wrong, but it could indicate that a
>spamtrap was compromised and someone is opting it in to various
>lists.
If someone is opting in a spamtrap to various lists, and those lists
are getting blocked, wouldn't that mean these lists aren't confirmed
opt-in?
-A
McWebber
news:9d46c04c.03102...@posting.google.com...
> I just noticed today in my logs that dnsbl.sorbs.net blocks
> 207.25.249.18, isource.boulder.ibm.com, which sends IBM's
> announcements and is as legit as it can get. It seems it's in
> spam.dnsbl.sorbs.net, the spamtrap DB. I tried to report this using
> SORBS web form but got a not-delivered response.
>
> I notified iSource. If anyone here knows how to contact SORBS - please
> forward this message. Not only is the listing wrong, but it could
> indicate that a spamtrap was compromised and someone is opting it in
> to various lists.
>
Maybe IBM shouldn't be spamming.
Subject: Don't miss our July mid-year special offers!
That was the subject that was in the email reported to SORBS.
Maybe IBM shouldn't require you to check a box in order not to get spam from
others when you sign up.
We'll see if they confirm subscriptions or if they were sending to
unconfirmed addresses.
--
McWebber
No email replies read
If someone tells you to forward an email to all your friends
please forget that I'm your friend.
E-Mail Sent to this address will be added to the BlackLists
> I just noticed today in my logs that dnsbl.sorbs.net blocks
> 207.25.249.18, isource.boulder.ibm.com, which sends IBM's
> announcements and is as legit as it can get. It seems it's in
> spam.dnsbl.sorbs.net, the spamtrap DB. I tried to report this using
> SORBS web form but got a not-delivered response.
>
> I notified iSource. If anyone here knows how to contact SORBS - please
> forward this message. Not only is the listing wrong, but it could
> indicate that a spamtrap was compromised and someone is opting it in
> to various lists.
Resolved 207.25.249.18 to isource.boulder.ibm.com
If they send anything except a subscribe confirmation
request, to a spam trap, it is spam.
tinyurl.com/rv8o , tinyurl.com/rv8q
groups.google.com/groups?selm=ffb7c7fc.0206180002.6272fb7b%40posting.google.com
groups.google.com/groups?selm=Pine.LNX.4.43.0206171501140.23650-100000%40spot.etherboy.com
tinyurl.com/rv9v
groups.google.com/groups?selm=woodpulp-ABE3C4.09435405062002%40news2-1.free.fr
tinyurl.com/rvaa
groups.google.com/groups?selm=pan.2002.08.02.20.40.23.322956.319%40mad.scientist.dexter.in.the.lab.watch.out.for.deedee
tinyurl.com/rvb1
groups.google.com/groups?q=%22boulder.ibm.com%22+group%3Anews.admin.net-abuse.sightings&scoring=d
support.config.com/internet/email/allspamhits.txt
SPAMCOP SpamCop Blocking List: bl.spamcop.net -> 127.0.0.2
Blocked - see www.spamcop.net/bl.shtml?207.25.249.18
207.25.249.18 Qty Most Recent
Sample traffic: 1508, 8 hours ago
Trap recipients: 2, 31 hours ago
Spam reports: 7, 5 hours ago
REYBOLDST1 Reynolds Technology Type 1: t1.bl.reynolds.net.au -> 127.0.0.2
PLEASE SEE bl.reynolds.net.au/lookup/?207.25.249.18
SORBS Aggregate Zone: dnsbl.sorbs.net -> 127.0.0.6
spam.dnsbl.sorbs.net -> 127.0.0.6
Spam Received See: www.dnsbl.sorbs.net/cgi-bin/lookup?IP=207.25.249.18
--
E-Mail Sent to this address will be added to the BlackLists
AndrewR
It depends, surely. If all it takes to get into a particular list is a
single mail to one of that list's traps, and someone attempts to
subscribe the spamtrap to a mailing list that uses confirmed opt-in,
then will the spamtrap not consider the email asking for confirmation to
be spam, and grounds for listing the sender? (I am intrigued to know
the answer to this, although I guess it will probably be something like
"it depends on the list".) How do spamtraps differentiate between spam
and confirmation requests from someone maliciously trying to subscribe
them to a list that uses confirmed opt-in?
Andrew
--
http://www.andrewr.co.uk/contact.html
"If one man offers you democracy and another offers you a bag of grain,
at what stage of starvation will you prefer the grain to the vote?" -
Bertrand Russell
I am not a lawyer, nor am I SPEWS, nor do I speak for anyone other than
myself.
Ariel
> On Wed, 22 Oct 2003 05:42:09 GMT, ar...@amis-jlm.co.il (Ariel) wrote:
>
> >I just noticed today in my logs that dnsbl.sorbs.net blocks
> >207.25.249.18, isource.boulder.ibm.com, which sends IBM's
> >announcements and is as legit as it can get. It seems it's in
> >spam.dnsbl.sorbs.net, the spamtrap DB. I tried to report this using
> >SORBS web form but got a not-delivered response.
>
> We recieved a spam advertising IBM's eServe systems. They bought an list
> from a company that did not use opt-in and that doesn't honor opt-out
> requests.
I stand corrected.
Ariel.
McWebber
news:Hn670...@bath.ac.uk...
>
> It depends, surely. If all it takes to get into a particular list is a
> single mail to one of that list's traps, and someone attempts to
> subscribe the spamtrap to a mailing list that uses confirmed opt-in,
> then will the spamtrap not consider the email asking for confirmation to
> be spam, and grounds for listing the sender?
Maybe in the case of Spamcop that doesn't post their spamtrap addresses
anywhere so anything that is sent to them is ipso facto spam.
Brian Bruns
news:9d46c04c.03102...@posting.google.com:
> I just noticed today in my logs that dnsbl.sorbs.net blocks
> 207.25.249.18, isource.boulder.ibm.com, which sends IBM's
> announcements and is as legit as it can get. It seems it's in
> spam.dnsbl.sorbs.net, the spamtrap DB. I tried to report this using
> SORBS web form but got a not-delivered response.
>
> I notified iSource. If anyone here knows how to contact SORBS - please
> forward this message. Not only is the listing wrong, but it could
> indicate that a spamtrap was compromised and someone is opting it in
> to various lists.
I can guarantee that I did not ask for this 'isource' e-mail. Its actually
being sent out by a group called nationalconsumerbrands.com:
http://groups.google.com/groups?num=100&q=nationalconsumerbrands.com
A known spammer. Maybe someone should let IBM know their reputation is being
harmed by using a client like nationalconsumerbrands.com who spams wildly.
Return-path: <ro...@ux-hst-00.dnadv.com>
Envelope-to: br...@2mbit.com
Delivery-date: Sat, 18 Oct 2003 23:30:38 -0500
Received: from amavis by mail.2mbit.com with scanned-ok (Exim 4.24)
id 1AB5DC-0000AL-Pr
for br...@2mbit.com; Sat, 18 Oct 2003 23:30:38 -0500
Received: from [66.129.103.30] (helo=ux-hst-00.dnadv.com)
by mail.2mbit.com with esmtp (Exim 4.24)
id 1AB5D9-0000A9-2p
for br...@2mbit.com; Sat, 18 Oct 2003 23:30:35 -0500
Received: (from root@localhost)
by ux-hst-00.dnadv.com (8.11.6/8.11.6) id h9J4URK13879;
Sun, 19 Oct 2003 00:30:27 -0400
Date: Sun, 19 Oct 2003 00:30:27 -0400
Message-Id: <200310190430...@ux-hst-00.dnadv.com>
To: br...@2mbit.com
From: Jen Robertson <off...@nationalconsumerbrands.com>
Content-type: text/html
Subject: Brian: Final reminder about IBM iSource e-news
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
everest.2mbit.com
X-Spam-Report:
* 1.0 NO_COST BODY: No such thing as a free lunch (3)
* 0.6 HTML_WEB_BUGS BODY: Image tag intended to identify you
* 0.1 HTML_FONTCOLOR_UNKNOWN BODY: HTML font color is unknown to us
* 0.2 HTML_50_60 BODY: Message is 50% to 60% HTML
* 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 0.7 MIME_HTML_NO_CHARSET RAW: Message text in HTML without charset
* 0.2 HTTP_WITH_EMAIL_IN_URL URI: 'remove' URL contains an email
address
* 1.9 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required
MIME headers
* 0.0 HTML_COMMENT_RATIO HTML comments are large percentage of message
X-Spam-Status: No, hits=4.7 required=7.0 tests=HTML_50_60,HTML_COMMENT_RATIO,
HTML_FONTCOLOR_UNKNOWN,HTML_MESSAGE,HTML_WEB_BUGS,
HTTP_WITH_EMAIL_IN_URL,MIME_HEADER_CTYPE_ONLY,MIME_HTML_NO_CHARSET,
MIME_HTML_ONLY,NO_COST autolearn=no version=2.60
X-Spam-Level: ****
X-Virus-Scanned: by AMaViS 0.3.12
X-SA-Exim-Mail-From: ro...@ux-hst-00.dnadv.com
X-SA-Exim-Scanned: No; SAEximRunCond expanded to false
Status:
<p>
<p>
<!--
**************************************************************************
You requested information about this offer after seeing it on TECHNOSTOP.
To view this page online, visit: http://www.t57eme.com/rd.php?
dhtm=ibm/ibm_C.htm
**************************************************************************
Brian,
If you haven't already subscribed to iSource--customized IBM® e-news at
no cost you can sign up now! (If you already responded to my earlier note,
please simply delete this follow-up reminder.)
It takes just 60 seconds to subscribe. You choose the topics that matter
to you, to get just the kinds of information you're interested in. And you
can update or further customize your interest areas any time.
Connect here to sign up now.
http://r.rd05.com/r?oid=373&lid=12839&sid=ibm12839C
<a href="http://r.rd05.com/r?oid=373&lid=12839&sid=ibm12839C">
Connect here to sign up now.</a>
iSource can help you...
- Find out which IT solutions best suit your company.
- Benefit from the insights of noted IT experts about leading-edge trends
and innovations.
- Profit from special offers designed to make your e-infrastructure more
cost-effective.
- Save money on personal computing equipment–from ThinkPads® to desktop PCs
to printers.
- Stay on top of cutting-edge corporate research, benchmark data, events and
educational opportunities.
- Keep up with late-breaking news.
To subscribe, connect here.
http://r.rd05.com/r?oid=373&lid=12839&sid=ibm12839C
<a href="http://r.rd05.com/r?oid=373&lid=12839&sid=ibm12839C">
Connect here to sign up now.</a>
I hope you enjoy iSource!
Jen
P.S. There is no charge for IBM iSource and you get the easy-to-read news you
want.
* IBM and ThinkPad are registered trademarks of International Business
Machines Corporation.
***************************************************************************
National Consumer Brands respects your privacy. If you
no longer wish to receive quality offers like this from us, please follow
the cancellation instructions below.
***************************************************************************
To cancel your subscription from National Consumer Brands, connect here:
http://www.t57eme.com/rd.php?munsub=1&email=br...@2mbit.com&un=ibm_L2C
<A HREF="http://www.t57eme.com/rd.php?munsub=1&email=bruns@
2mbit.com&un=ibm_L2C">
AOL users connect here to cancel your subscription.</A> from future National
Consumer Brands
emails. A page will appear to confirm that your email address was removed
from our database. In the event you do not see a confirmation screen, cut and
paste the following
URL into your browser's address window and hit enter.
http://www.t57eme.com/rd.php?munsub=1&email=br...@2mbit.com&un=ibm_L2C
To view our permission marketing and privacy policy, connect here:
http://www.t57eme.com/rd.php?nhtm=privacy.htm
<A HREF="http://www.t57eme.com/rd.php?nhtm=privacy.htm">AOL users connect
here to view our privacy policy.</A>
-->
<html>
<head>
<title>Moments ago, you asked about iSource - free of charge from
IBM. Thanks!</title>
</head>
<body bgcolor="#ffffff" alink="blue" vlink="blue" link="blue">
<table border="0" cellpadding="0" cellspacing="0" width="600"
ID="Table1">
<tr>
<td width="40"></td>
<td valign="top" >
<center style="FONT-SIZE: 7pt; COLOR: gray;
FONT-FAMILY: Arial"> You requested information about
this offer after seeing it on
TECHNOSTOP.<BR>
To view this page online, visit: <A
HREF="http://www.t57eme.com/rd.php?dhtm=ibm/ibm_C.htm">
http://www.t57eme.com/rd.php?dhtm=ibm/ibm_C.htm</A></FONT></center>
</td>
</tr>
</table>
<table border="0" cellpadding="0" cellspacing="0" width="600"
ID="Table2">
<tr>
<td width="40"></td>
<td valign="top">
</font><P><BR>
<FONT face="Helvetica" size="3"
color="black">Brian,<br>
<br>
If you haven't already subscribed
to <B> iSource--customized IBM<sup><FONT size=-1>®</FONT></sup> e-news at no
cost--</b>you can sign up now! (If you already responded to my earlier note,
please simply delete this follow-up
reminder.)<p>
It takes just 60 seconds to
subscribe. You choose the topics that matter
to you, to get just the kinds of
information you're interested in. And you
can update or further customize
your interest areas any time.
<p>
<a href="http://r.rd05.com/r?
oid=373&lid=12839&sid=ibm12839C">Connect here to
sign up now.</a>
<p>
<FONT face="Helvetica"
size="3">iSource can help you...</FONT>
<ul>
<li>
Find out which IT
solutions best suit your company.
<li>
Benefit from the
insights of noted IT experts about leading-edge trends and
innovations.
<li>
Profit from special
offers designed to make your e-infrastructure more
cost-effective.
<li>
Save money on personal
computing equipment–from ThinkPads<sup><FONT size="-1">®</FONT></sup>
to desktop PCs to
printers.
<li>
Stay on top of cutting-
edge corporate research, benchmark data, events and
educational
opportunities.
<li>
Keep up with late-
breaking news.</ul>
<p><a href="http://r.rd05.com/r?
oid=373&lid=12839&sid=ibm12839C">To subscribe,
connect here.</a>
<p>
I hope you enjoy iSource!
<p>
Jen
<p><B>P.S. There is no charge for
IBM iSource</B> and you get the easy-to-read news <I>you</I>
want.
<P>
<FONT face="Helvetica"
size="-2">* IBM and ThinkPad are registered trademarks of
International Business
Machines Corporation.</FONT>
</td>
</tr>
</table>
<br>
<table border="0" cellpadding="0" cellspacing="0" width="600"
ID="Table3">
<tr>
<td width="40"></td>
<td>
<P>
<TABLE BORDER="0" CELLPADDING="0"
CELLSPACING="0" WIDTH="547" ID="Table4">
<TR>
<TD valign="top">
<HR color="#1565F9"
noShade WIDTH="547">
<FONT face="Helvetica"
size="1">National Consumer Brands makes every effort to
provide a safe
and quality service; ultimately however, we cannot control the
content, products
or services offered or changes made by the advertisers. By
connecting to any
of the links on this service, you agree to hold National
Consumer Brands
harmless of any liabilities or damages that could arise out of
connecting to the
links provided. 9400 4th Street North, Suite 200, St.
Petersburg, FL
33702
<HR color="#
1565F9" noShade WIDTH="547">
</TD>
</TR>
</TABLE>
<TABLE BORDER="0" CELLPADDING="0"
CELLSPACING="0" WIDTH="547" ID="Table5">
<TR>
<TD ALIGN="left"
VALIGN="top">
<IMG
SRC="http://www.t57eme.com/rd.php?img=ncb_bug.gif" WIDTH="100" HEIGHT="40"
BORDER="0" ALT="NCB"></TD>
<TD ALIGN="right"
valign="top"><FONT face="Arial, sans-serif" size="-2"> <A
HREF="http://www.t57eme.com/rd.php?nhtm=privacy.htm">
Connect
here</A> to view our permission marketing policy.<BR>
Having trouble
connecting to the above offer? Please <A HREF="http://r.rd05.com/r?oid=373
&lid=12839&sid=ibm12839C">
connect
here instead</A>.
</FONT>
</TD>
</TR>
</TABLE>
</td>
</tr>
</table>
<IMG SRC="http://www.t57eme.com/rd.php?sid=ibm12839C&lid=12839"
WIDTH="1" HEIGHT="1">
</body>
</html>
<p>
<p>
Please connect here to cancel your subscription from future National Consumer
Brands emails.<br>
<a href=http://www.rd05.com/rd.php?munsub=1&email=br...@2mbit.com&un=ibm_L2C>
Cancel My Subscription</a><p>
A page will appear to confirm that your email address was removed from our
database.<BR>In the event you do not see a confirmation screen, cut and paste
the following URL into your browser's address window and hit enter.
http://www.rd05.com/rd.php?munsub=1&email=br...@2mbit.com&un=ibm_L2C
--
Brian Bruns
Founder, The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org
ICQ: 8077511
No spam tolerated. By sending an e-mail to this account, your
server may be subjected to an open relay/open proxy test as part
of our ongoing efforts to reduce spam.
axlq in California
McWebber <mcwe...@my-deja.com> wrote:
>"AndrewR" <and...@uk.co.andrewr.REVERSEME> wrote in message
>news:Hn670...@bath.ac.uk...
>> It depends, surely. If all it takes to get into a particular list is a
>> single mail to one of that list's traps, and someone attempts to
>> subscribe the spamtrap to a mailing list that uses confirmed opt-in,
>> then will the spamtrap not consider the email asking for confirmation to
>> be spam, and grounds for listing the sender?
>
>Maybe in the case of Spamcop that doesn't post their spamtrap addresses
>anywhere so anything that is sent to them is ipso facto spam.
Well, in this case the original poster was complaining about being
on the sorbs.net list. And sorbs *does* have a spamtrap known to
the public: lis...@sorbs.net. I use it myself to submit to spammer
"unsubscribe" forms (I never deliberately sign that address up
anywhere).
-A
McWebber
news:bn7lu4$hh2$2...@blue.rahul.net...
>
> Well, in this case the original poster was complaining about being
> on the sorbs.net list. And sorbs *does* have a spamtrap known to
> the public: lis...@sorbs.net. I use it myself to submit to spammer
> "unsubscribe" forms (I never deliberately sign that address up
> anywhere).
>
Did Matthew authorize you to use that address that way?
AndrewR
> "AndrewR" <and...@uk.co.andrewr.REVERSEME> wrote in message
> news:Hn670...@bath.ac.uk...
>
>>It depends, surely. If all it takes to get into a particular list is a
>>single mail to one of that list's traps, and someone attempts to
>>subscribe the spamtrap to a mailing list that uses confirmed opt-in,
>>then will the spamtrap not consider the email asking for confirmation to
>>be spam, and grounds for listing the sender?
>
>
> Maybe in the case of Spamcop that doesn't post their spamtrap addresses
> anywhere so anything that is sent to them is ipso facto spam.
>
Well, yes, but I was also thinking more generally, in cases where either
the spamtrap address is made known publicly (eg, the poster to this
group, "E-Mail Sent to this address will be added to the BlackLists") or
where a malicious person discovers an undisclosed spamtrap address.
Some characters for an example:
Alice, who runs a blocklist that relies on spamtraps.
Bob, who runs a confirmed opt-in mailing list.
Charlie, who wishes to discredit either Alice or Bob.
Suppose Charlie knows the address of one of Alice's spamtraps. He goes
to Bob's website, and enters the spamtrap address into a "subscribe this
address" box. Bob's mailing list software then sends an email to the
spamtrap, asking it to confirm that it wants to be on the mailing list.
Bob's system receives no confirmation, and so does not add the
spamtrap address to the mailing list, and sends it no more email.
What steps could Alice or Bob take to prevent the above scenario
resulting in Bob being wrongly included in Alice's blocklist, when Bob
has does everything right, and the email to the spamtrap was due to
Charlie's malicious actions?
axlq in California
>> on the sorbs.net list. And sorbs *does* have a spamtrap known to
>> the public: lis...@sorbs.net. I use it myself to submit to spammer
>> "unsubscribe" forms (I never deliberately sign that address up
>> anywhere).
>
>Did Matthew authorize you to use that address that way?
Yes, he did. I still have his email saying so. He actually offered
it in response to an article I posted, where I requested spamtraps
specifically for the purpose of opting OUT of spam I receive. The
idea is to poison an opt-out list so that the list can still be
legitimately used as an opt-out list, but can't be used for mailings
without getting blocked.
I had three such spamtraps which I used that way, from sorbs.net,
delink.net, and osirusoft.com. Sorbs is the only one left.
-A
Peter Peters
wrote:
>> It depends, surely. If all it takes to get into a particular list is a
>> single mail to one of that list's traps, and someone attempts to
>> subscribe the spamtrap to a mailing list that uses confirmed opt-in,
>> then will the spamtrap not consider the email asking for confirmation to
>> be spam, and grounds for listing the sender?
>
>Maybe in the case of Spamcop that doesn't post their spamtrap addresses
>anywhere so anything that is sent to them is ipso facto spam.
But if that spamtrap address trapped a spammer the spammer knows that
address. So he still can subscribe that address to the confirmed opt-in
lists. And as an extra bonus to himself he can proclaim spamcop also
lists confirmed opt-in lists.
E-Mail Sent to this address will be added to the BlackLists
Alice can, review e-mail that hits her trap,
{Yes, requires more work}.
Alice can, not block on the first e-mail from a source,
and instead block on Y (Three?) e-mails within X (Day?) time.
{Yes, that may allow more spam to get through,
to other servers that rely on her list,
to help stop the flood of spam.)
Alice can keep a few of the "Suspect" e-mails,
in case a review is necessary in the future,
{Yes, that requires more storage space}.
Alice can cross reference other blacklists,
n.a.n-a.sightings / n.a.n-a.email / n.a.n-a.blcklisting,
... (In case a review is necessary in the future).
(Like DolphinWave, SPEWS and other BlackLists do.)
{Yes, that requires more storage space.}
Bob can keep logs of the requests (to refer to in case of
complaint), {Yes, that requires more storage space}.
Only send one confirmation, only once, to a e-mail
in any IP / SubNet / Domain every X (Day?) amount of
time, (Yes, that will make it take longer for many people
at the same Nat / IP / SubNet / Domain to get their
confirmation request; {If many sign up at the same time,
from the same place}).
Only allow auto subscribe request on a specific e-mail
address once every X (Year?) very long amount of time;
{If the webpage (for example) informs the person
signing up, that the specific e-mail address has
been added to a "don't allow subscribes to list",
and an alternate way to contact the list Admin,
to request the subscription.}
Perhaps require e-mail from (instead of web subscribe)
for subscribe requests, (no not just the from line)
(Helo / Domain of destination matches the from,
rDNS of the IP from the request,
matches the Helo / Domain of the destination, ...).
{Yes that would prevent auto subscribes from a great
many places sue to unmatched rDNS / Domain / Helo.}
{In fact many requests for subscriptions to the same
e-mail address / Domain / SubNet / IP in a short
amount of time, or many subscribe requests from the
same IP / SubNet / Domain in a short amount of time,
is a likely indicator of forged requests, and may need
to result in auto "don't allow subscribes from blacklist"
of the requesting source, and auto "don't allow
subscribes to blacklist" of the destination.}
and after a complaint that results in a blacklisting,
appeal, ... (not to the e-mail that complained,
to the blacklist maintainer) {share the subscribe request
info with blacklist maintainer as proof, and to help the
blacklist maintainer track down the subscribe request
forgers (as it's likely that Bob's list is not the only
list that the forged subscribes were sent to)}.
and if Bob gets complaints about forged subscribes
add (from his records of the source that forged the
request) IPs / SubNets / ASs / HELOs / rDNSptrs
/ Domains / e-mail addresses / ...
into his "don't allow subscribes from blacklist".
and put IPs / SubNets / ASs / HELOs / Domains
/ E-mail addresses / ... of Spam-Traps (and unsubscribes)
into a "don't allow subscribes to blacklist" that is used
by him to prohibit subscribes to and prohibit his mail
servers from sending e-mail out to those destinations.
{Yes, these things may make it harder for anyone / everyone
to subscribe to Bob's list (including forged subscribes).}
{Yes, maintaining mailing lists or blacklists can be allot
of work.}
I know, nothing is impossible for the man that doesn't
have to do it, ... you did ask.
I am sure many other have better ideas
(hopefully even tested / proven ones).
--
Brian Bruns
@blue.rahul.net:
>
> I had three such spamtraps which I used that way, from sorbs.net,
> delink.net, and osirusoft.com. Sorbs is the only one left.
If you want to use one the AHBL's new spamtraps for this purpose, we have a
special spamtrap catagory for this. Please contact me at my From: email and
I'll be more then happy to set this up with you.
McWebber
> On Wed, 22 Oct 2003 21:26:17 GMT, "McWebber" <mcwe...@my-deja.com>
> wrote:
>
> >> It depends, surely. If all it takes to get into a particular list is a
> >> single mail to one of that list's traps, and someone attempts to
> >> subscribe the spamtrap to a mailing list that uses confirmed opt-in,
> >> then will the spamtrap not consider the email asking for confirmation
to
> >> be spam, and grounds for listing the sender?
> >
> >Maybe in the case of Spamcop that doesn't post their spamtrap addresses
> >anywhere so anything that is sent to them is ipso facto spam.
>
> But if that spamtrap address trapped a spammer the spammer knows that
> address. So he still can subscribe that address to the confirmed opt-in
> lists. And as an extra bonus to himself he can proclaim spamcop also
> lists confirmed opt-in lists.
How? Unless the spammer is only sending one spam to Spamcop's spamtrap he
has no way of knowing which of the millions of addresses he mailed to was a
Spamcop spamtrap.
And, IIRC, they don't list with just one email received such as a
confirmation, since spammers are known to get hold of other spammer's lists
and subscribe them to confirmed opt-in lists hoping for that. If the list is
confirmed opt-in there won't be any more spam to the spamtrap. If it's not,
and starts spamming unconfirmed, it deserves to be listed.
Johann Steigenberger
>I had three such spamtraps which I used that way, from sorbs.net,
>delink.net, and osirusoft.com. Sorbs is the only one left.
Seems that you like to feed OPT-OUT-Lists with Traps :-)
Nice: Here you have some other ones:
<blackli...@admins.ws>
<kiss-...@admins.kicks-ass.net>
<in...@dautrap.uceprotect.net>
IPs which send mail to them will become added to our public and
free Blacklist.
Regards
Johann
--
Project UCEPROTECT-Network: Spammers worst nightmare came true
Download FREE BLACKLIST at: http://www.uceprotect.net
axlq in California
Johann Steigenberger <j.steig...@spamkiller.uceprotect.net> wrote:
>
>Seems that you like to feed OPT-OUT-Lists with Traps :-)
Yes, but that's where I draw the line. I can't bring myself
actually to subscribe spamtraps to mailing lists, even obvious
spammy ones; I consider that abuse, especially if the spamtrap isn't
my property. However, seeding opt-out lists with a few spamtraps
still allows the list to function as a "don't email" list, but
renders it useless as a mailing list.
>Nice: Here you have some other ones:
<snip>
Thanks. Those first two are such obvious spamtraps that any spammer
who knowingly sends mail to them, deserves whatever they get!
-A
Peter Peters
wrote:
>> But if that spamtrap address trapped a spammer the spammer knows that
>> address. So he still can subscribe that address to the confirmed opt-in
>> lists. And as an extra bonus to himself he can proclaim spamcop also
>> lists confirmed opt-in lists.
>
>How? Unless the spammer is only sending one spam to Spamcop's spamtrap he
>has no way of knowing which of the millions of addresses he mailed to was a
>Spamcop spamtrap.
Spammers encode the addresses in their e-mail (and/or headers). Spamcop
obfuscates the addresses but not the encoded forms when sending
complaints.
Ellen
> >
> >How? Unless the spammer is only sending one spam to Spamcop's spamtrap he
> >has no way of knowing which of the millions of addresses he mailed to was
a
> >Spamcop spamtrap.
>
> Spammers encode the addresses in their e-mail (and/or headers). Spamcop
> obfuscates the addresses but not the encoded forms when sending
> complaints.
>
SC doesn't send reports for spamtrap hits ... nor make the headers publicly
viewable
Ellen