I like, thank you =) Dennis ----- Original Message ----- From: "ABrady" <kcsmart@kc.rr.com> To: <security-discuss@linuxsecurity.com> Sent: Saturday, December 01, 2001 14:35 HRS Subject: Re: SMTP vulnerabilities > Here's what I can offer. By no means is it the only way, and it doesn't > work with all emails. But it has been very effective so far (about 20 > spammers, none of which has _ever_ been a repeat). > > First off, NEVER, EVER reply to any emails that are spam. For one thing, > as you found out the email addresses are usually bogus. Those that > aren't will NOT do what they claim (i.e. "reply below to be removed from > our list....."). Those will either bounce or they'll give the spammer > what they want, which is validation of an email address. > > Addresses are gathered through newsgroups, registrations, mailing lists, > etc. Many times, they're made up. In other words, the spammer has no > idea if the email address is real or not. They get by with it because > they use a fake address and when mail bounces it never comes back to > them. But, reply to the line that's supposed to remove you and you may > find an increase in your spam. That's because they now know the email > address is valid. Plus somebody responds to this stuff. So they make a > CD with valid addresses on it and especially ones from which people > actually respond. Bingo! You're now in other people's lists. > > What I do is try to track them down. I get anything I can from headers. > Sometimes they can be tracked that way, and sometimes they can't. Many > give URLs to webpages. I go there and attempt to find the validity of > the URL and dig around a little. Sometimes the address in the opening > URL isn't useful. But digging around can come up with one or more. > > Once I have useable domains I start doing whois on whatever I have (this > may also come from headers). I find out who the likely originator is. I > note who the contact(s) for this domain is/are. Many times this is > bogus, too. They like to use hotmail.com or juno.com and just trash the > address after registration verification is done. But, they're REQUIRED > to have a valid postmaster address or they can lose registration, > something nobody likes to do after paying for it. > > I take the information I get and put it in a file. I then forward the > email I received, a copy of the whois query and a warning to the > postmaster@domain.whatever address. I've attached one such email to this > so you can see what I mean. > > I actually intend to followup with the warning given in this email the > very first time anybody decides to call my bluff. I'm sufficiently > confident that I'll win this in court if needed (small claims, of > course) but, to date, nobody has tested it. I think they are fairly > confident that I could win, too. > > So far, I'm 100% on about 20 found via the outlined method. I've managed > to get 3-5 that were discovered via 800 numbers provided. None of them > has ever bothered me again either. > > I'm not claiming that this is 100% perfect. I _am_ claiming that this > has worked 100% of the time for me so far. > > -------------------------------------------------- > MY EMAIL STUFF > -------------------------------------------------- > > Date: Thu, 1 Nov 2001 01:00:16 -0600 > From: ABrady <kcsmart@kc.rr.com> > To: postmaster@411control.com > Subject: Fw: Dirty Teen Schoolgirls 4211 > Message-Id: <20011101010016.595089b2.kcsmart@kc.rr.com> > X-Mailer: Sylpheed version 0.6.4 (GTK+ 1.2.10; i686-pc-linux-gnu) > Mime-Version: 1.0 > Content-Type: text/plain; charset=US-ASCII > Content-Transfer-Encoding: 7bit > > Please see the entire message as it may otherwise be unnecessarily > costly to your organization. > > I received the following message and would like for this to stop: > > Begin forwarded message: > > Date: Wed, 31 Oct 2001 18:36:53 -0400 > From: tlc1816@yahoo.com > To: <tlc1816@yahoo.com> > Subject: Dirty Teen Schoolgirls 4211 > > > DARING and DIRTY young COED SLUTS want YOU!!!! > > Hardcore TEENS > > http://www.all-teen-sluts.com@411control.com/gc/allteens/?adv_id=107277 > > Don't miss this chance to see me and my friends get NASTY!!! > > > Hugs, > Amber > > > > > > > > > > To be removed from this list click the link below > http://www.all-teen-sluts.com@411control.com/remove.php > > END FORWARDED MESSAGE > > I also include the following information: > > Whois Server Version 1.3 > > Domain names in the .com, .net, and .org domains can now be registered > with many different competing registrars. Go to http://www.internic.net > for detailed information. > > Domain Name: 411CONTROL.COM > Registrar: TUCOWS, INC. > Whois Server: whois.opensrs.net > Referral URL: http://www.opensrs.org > Name Server: NS3.WEB4PORNO.COM > Name Server: NS1.STRIKE-UP.COM > Name Server: NS2.REALSEXSURFING.COM > Updated Date: 27-oct-2001 > > > >>> Last update of whois database: Wed, 31 Oct 2001 17:04:14 EST <<< > > The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and > Registrars. > > > Found InterNIC referral to whois.opensrs.net. > > Registrant: > Internet Power Inc > 4577 Bender Blv > Winnipeg, AB H2F6C7 > CA > > Domain Name: 411CONTROL.COM > > Administrative Contact: > Jolly, Scott salty_2011@yahoo.com > 4577 Bender Blv > Winnipeg, AB H2F6C7 > CA > 587-457-2555 > > Technical Contact: > Jolly, Scott salty_2011@yahoo.com > 4577 Bender Blv > Winnipeg, AB H2F6C7 > CA > 587-457-2555 > > Billing Contact: > Jolly, Scott salty_2011@yahoo.com > 4577 Bender Blv > Winnipeg, AB H2F6C7 > CA > 587-457-2555 > > > Record last updated on 31-Oct-2001. > Record expires on 20-Oct-2002. > Record Created on 20-Oct-2001. > > Domain servers in listed order: > NS1.STRIKE-UP.COM 209.88.67.237 > NS2.REALSEXSURFING.COM 80.82.160.18 > NS3.WEB4PORNO.COM 216.6.48.62 > > > I want this stopped. I don't know if you are the individual that sent > this, or it came from someone else within your domain. In either case it > is within your control to put an end to this and I want that done > immediately. > > You are hereby granted this single exemption to the paragraph at the end > of this email. No other exemptions are implied or granted without > explicit prior approval from me. All further transactions will result in > billing action to your company, with whattever further actions deemed > appropriate under the circumstances arising as a result. > > Alan Brady > > -- > This mailing address is for private use only, as defined by the > addressee. Exemptions are granted solely at the discretion of the > addressee. Automatic exemptions are hereby granted to any mailing lists > or newsletters to which the addressee subscribes, as well as any > friends, family or other associates of a non-commercial nature. Any > commercial solicitation or advertising sent to this address are subject > to a $50-per-incident charge to cover the fair use of the addressee's > time. Bills for the time and effort expended by the addressee will be > forwarded to the appropriate entities and prosecuted for failure to pay > valid outstanding bills. > > ----------------------------------------- > END MY EMAIL > ----------------------------------------- > > -- > If only closed minds came with closed mouths. > ------------------------------------------------------------------------ > To unsubscribe email security-discuss-request@linuxsecurity.com > with "unsubscribe" in the subject of the message. > ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
