Re: [Asrg] Spammers looking for sites that don't bounce?

[william@elan.net]

I can confirm this. They are using 10+ random names for email at the known 
isp domains with more then one name like that used. Very similar attempts 
happen from both blackholed ip blocks and from other ip blocks. I'v so far 
found two of these correlations in the logs and its not easy to notice it.

This is yet another technique spammers use to prepare for mass mailing 
when they have multiple servers and want maximum effectiveness.

On Wed, 25 Jun 2003, Kee Hinckley wrote:

> On another mailing list (still waiting for permission to quote), 
> someone running  an ISP made the following claim.
> 
> He says that if he sets up his mail server to blackhole spam instead 
> of bounce it, the spammer shortly shifts to a different IP address 
> with slightly different text.  He claims they are seeding the spam 
> with known bad addresses, and if they don't get back a failed status 
> from the SMTP server, they know that their spam is getting trapped by 
> filters.
> 
> I don't have any idea what methodology he's using, and without a good 
> control group to compare with this could be just a case of seeing 
> lots of spam.  However conceptually it makes sense.  It's the inverse 
> of checking for bounces on valid addresses, and it would allow a 
> spammer to fine-tune their message to get through filters.
> 
> Can anyone confirm this?
> 



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg