Spamming through Boost mailing list
When I signed up to the Boost mailing lists, I used a unique email address (boost@<mydomain>.com), so that I could detect if it was being misused. Today I received the email below, which is obviously spam. It seems likely that your mailing list has been compromised, so suggest that you check what went wrong with the Open Systems Lab at Indiana University. Regards, Keith MacDonald ===== Received email with headers ===== Return-Path: <ruhnzlpxd@idx.com> Received: from srv01.mydomain.com (root@localhost) by mydomain.com (8.12.11.20060308/8.12.11) with ESMTP id k8N899lG015081 for <boost@mydomain.com>; Sat, 23 Sep 2006 09:09:09 +0100 X-ClientAddr: 204.165.241.2 Received: from sea-virtual.idx.com (sea-virtual.idx.com [204.165.241.2]) by srv01.mydomain.com (8.12.11.20060308/8.12.11) with ESMTP id k8N898Tv015076 for <boost@mydomain.com>; Sat, 23 Sep 2006 09:09:08 +0100 From: "component" <ruhnzlpxd@idx.com> To: boost@mydomain.com Subject: Gallery Date: Sat, 23 Sep 2006 01:05:33 +0700 KGBC BECKONS KGBC TRADING ALERT FOR MONDAY SEPTEMBER 25! NOW IS YOUR CHANCE TO GET ON A MINERAL (GOLD AND SILVER) STOCK! etc
"Keith MacDonald" <boost@mailclan.net> writes:
When I signed up to the Boost mailing lists, I used a unique email address (boost@<mydomain>.com), so that I could detect if it was being misused. Today I received the email below, which is obviously spam. It seems likely that your mailing list has been compromised, so suggest that you check what went wrong with the Open Systems Lab at Indiana University.
If our list had been compromised, the spam would show up in our archives and on the GMane reflector. It hasn't shown up in either place, so I suggest you check what went wrong with your spam filter ;-) -- Dave Abrahams Boost Consulting www.boost-consulting.com
The message got through my spam filter because the body of it was actually a bitmapped image of the text. However, my point was that the only time I have ever revealed that email address was when I signed up to the Boost mailing lists. The spammer sent the message directly to me, not through the mailing list, so it seems likely that he got my email address from the mailing list database - although it could have been a random guess! - Keith MacDonald "David Abrahams" <dave@boost-consulting.com> wrote in message news:87bqp6zokx.fsf@pereiro.luannocracy.com...
If our list had been compromised, the spam would show up in our archives and on the GMane reflector. It hasn't shown up in either place, so I suggest you check what went wrong with your spam filter ;-)
-- Dave Abrahams Boost Consulting www.boost-consulting.com
_______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Keith MacDonald wrote:
The message got through my spam filter because the body of it was actually a bitmapped image of the text. However, my point was that the only time I have ever revealed that email address was when I signed up to the Boost mailing lists. The spammer sent the message directly to me, not through the mailing list, so it seems likely that he got my email address from the mailing list database - although it could have been a random guess!
You never know what the spammers do! I have a special mail address used to forward mail from my old ISP to my new domain. It has never been used for anything else, ever. But it does get spammed! Bo Persson
Keith MacDonald wrote:
The message got through my spam filter because the body of it was actually a bitmapped image of the text. However, my point was that the only time I have ever revealed that email address was when I signed up to the Boost mailing lists. The spammer sent the message directly to me, not through the mailing list, so it seems likely that he got my email address from the mailing list database - although it could have been a random guess!
Have ever heard of email harvesting? It's a process by which spammers scan web sites and usenet news groups for email addresses, names, land addresses, etc. They then sell this information to other spammers. Perhaps you've gotten spam about spam, ie spam selling emails to spam. I get about five of those a month... And since this list and thousands of others are archived in a variety of publicly available web sites, including Google. Additionally spammers also subscribe to mail lists, just as you subscribed to this list, to directly collect addresses of every post. Your address was likely harvested from one of them. You have a few choices: 1. Use better Spam filters. 2. Use multiple sequential Spam filters. 3. Since you say you got the text as an image. Don't view inline attachments. It's the number one way viruses spread through email. 4. Use safe email reading programs to protect your self from virus Spam. That is, don't use Outlook. In the future you might want to investigate your claim before making accusations ;-) -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com -- 102708583/icq - grafikrobot/aim - grafikrobot/yahoo
My spam filters protect me from thousands of spams and viruses each day, sent to unavoidably public addresses. My email client allows Windows .BMP files, because they cannot be harmful to fully patched Windows XP systems, and anyway Norton AV passed it. It's not possible to harvest any email addresses from Boost mailing list messages, unless you are silly enough to type them in a message, perhaps in your signature. However, if the server containing the email database has been compromised, a spammer could easily harvest them. Personally, if this was my mailing list, I hope someone would make me aware of such issues, so I could check if my security had been breached. However, if you'd rather blame the messenger ... - Keith MacDonald "Rene Rivera" <grafikrobot@gmail.com> wrote in message news:451554D7.6090206@gmail.com...
Have ever heard of email harvesting? It's a process by which spammers scan web sites and usenet news groups for email addresses, names, land addresses, etc. They then sell this information to other spammers. Perhaps you've gotten spam about spam, ie spam selling emails to spam. I get about five of those a month... And since this list and thousands of others are archived in a variety of publicly available web sites, including Google. Additionally spammers also subscribe to mail lists, just as you subscribed to this list, to directly collect addresses of every post. Your address was likely harvested from one of them. You have a few choices:
1. Use better Spam filters. 2. Use multiple sequential Spam filters. 3. Since you say you got the text as an image. Don't view inline attachments. It's the number one way viruses spread through email. 4. Use safe email reading programs to protect your self from virus Spam. That is, don't use Outlook.
In the future you might want to investigate your claim before making accusations ;-)
-- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com -- 102708583/icq - grafikrobot/aim - grafikrobot/yahoo _______________________________________________ Unsubscribe & other changes: http://lists.boost.org/mailman/listinfo.cgi/boost
Keith MacDonald wrote:
It's not possible to harvest any email addresses from Boost mailing list messages, unless you are silly enough to type them in a message, perhaps in your signature.
I think spammers are generally capable of getting email addresses from a header. But even if they were not, emails are often contained in message bodies, such as in your mail:
"Rene Rivera" <grafikrobot@gmail.com> wrote in message
I hope Rene will forgive you. ;*) *
Daniel James wrote:
Keith MacDonald wrote:
It's not possible to harvest any email addresses from Boost mailing list messages, unless you are silly enough to type them in a message, perhaps in your signature.
I think spammers are generally capable of getting email addresses from a header. But even if they were not, emails are often contained in message bodies, such as in your mail:
"Rene Rivera" <grafikrobot@gmail.com> wrote in message
I hope Rene will forgive you. ;*)
Now the question is can I forgive you, and myself for doing the same :-) This is the reason why I use a Gmail account. Lots of spam filtering on it. PS. To Keith; It would have been more effective to send email to the list administrators directly instead of the whole list (see bottom of <http://lists.boost.org/mailman/listinfo.cgi/boost>). -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com -- 102708583/icq - grafikrobot/aim - grafikrobot/yahoo
Rene Rivera wrote:
Daniel James wrote:
Keith MacDonald wrote:
It's not possible to harvest any email addresses from Boost mailing list messages, unless you are silly enough to type them in a message, perhaps in your signature.
Not true....it's in the header.
I think spammers are generally capable of getting email addresses from a header. But even if they were not, emails are often contained in message bodies, such as in your mail:
Exactly.
"Rene Rivera" <grafikrobot@gmail.com> wrote in message I hope Rene will forgive you. ;*)
Now the question is can I forgive you, and myself for doing the same :-) This is the reason why I use a Gmail account. Lots of spam filtering on it.
PS. To Keith; It would have been more effective to send email to the list administrators directly instead of the whole list (see bottom of <http://lists.boost.org/mailman/listinfo.cgi/boost>).
We can ask the admins at Indiana to look into if the list/machine has been compromised. The machine this runs on hosts alot of lists and is very actively watched so I'd be surprised if it's could be compromised for long without someone noticing. That said, since you already received spam it's too late for your current address. Of course, you're free to generate a new one. BTW, I have text archives of the boost mailing list in which a simple grep can pull out email addresses from headers. That turns out to be useful because sometimes I don't want to discuss every issue in public -- so I want to be able to get the email of the person. So, as others have said, I'm afraid that in general it's impossible for us to prevent spammers from subscribing and harvesting...if I were a spammer that's how I'd do it...it's just not that difficult. Jeff
Keith MacDonald wrote:
My spam filters protect me from thousands of spams and viruses each day, sent to unavoidably public addresses. My email client allows Windows .BMP files, because they cannot be harmful to fully patched Windows XP systems,
Not that you know of :-)
and anyway Norton AV passed it.
Note, I was speaking in general terms when I mentioned what you can do to prevent spam and guard against viruses. I guess it's good you are using Norton AV. Does it also filter Spam?
It's not possible to harvest any email addresses from Boost mailing list messages,
Sure it is, and I mentioned a way to do it in my previous reply. A spamer can subscribe to the list receiving all postings, which have email addresses of the person posting and add that to their spam list. Also they can log into the email list web page and read most of the email addresses directly from there if they are subscribed to the list. Do you think spamers are not motivated enough to do this? Did you change your list setting to hide your email from that list?
unless you are silly enough to type them in a message, perhaps in your signature.
You mean like you just did by including in your quote my email address?
However, if the server containing the email database has been compromised, a spammer could easily harvest them. Personally, if this was my mailing list, I hope someone would make me aware of such issues, so I could check if my security had been breached. However, if you'd rather blame the messenger ...
I was only pointing out that becoming aware, through education, of the more likely possibilities of why you received spam. I'm not disclaiming that the server is compromised, although it doesn't look like it on the surface (nothing immediately strange in the logs I can look at). -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com -- 102708583/icq - grafikrobot/aim - grafikrobot/yahoo
"Keith MacDonald" <boost@mailclan.net> writes:
Personally, if this was my mailing list, I hope someone would make me aware of such issues, so I could check if my security had been breached. However, if you'd rather blame the messenger ...
Can we leave the drama out of it, please? OSL is aware of your report. -- Dave Abrahams Boost Consulting www.boost-consulting.com
Keith MacDonald wrote:
However, if you'd rather blame the messenger ...
OK, after reading my reply again. I must say it may be seen as a bit condescending. I didn't mean it to be. I sincerely asked about the harvesting since I tend not to assume people know things :-( I'm sorry about the language. I'll try and be more precise in the future. -- -- Grafik - Don't Assume Anything -- Redshift Software, Inc. - http://redshift-software.com -- rrivera/acm.org - grafik/redshift-software.com -- 102708583/icq - grafikrobot/aim - grafikrobot/yahoo
Keith MacDonald wrote:
When I signed up to the Boost mailing lists, I used a unique email address (boost@<mydomain>.com), so that I could detect if it was being misused. Today I received the email below, which is obviously spam. It seems likely that your mailing list has been compromised, so suggest that you check what went wrong with the Open Systems Lab at Indiana University.
There are other possibilities. ISP's often set up web pages for all accounts, and it is possible to reach these web pages with a spider. Then it is trivial to deduce the email address from the URL. --Beman
participants (7)
-
Beman Dawes -
Bo Persson -
Daniel James -
David Abrahams -
Jeff Garland -
Keith MacDonald -
Rene Rivera