[CLUE-Tech] spam issues continued
Mike Staver
staver at fimble.com
Wed Jul 16 19:27:52 MDT 2003
Both very good suggestions. I have definitely been pondering the social
engineering aspect of this all day - imagining what I would do if I had
this address, and many ideas do come to mind. I'm trying to think of a
good excuse to get the real address and/or phone number from the PO Box by
sending something to it, it just has to be something very believable.
But back to the main problem I'm having here - is spammers find out that
by simply forging the from section of mail headers and easily defeat
SpamAssassin, everyone who uses it is in big trouble, and it will be
completely worthless in a matter of weeks. Over the last 24 hours the
spam this one company has been sending me has evolved drastically. It
first started out coming from some made-up user @fimble.com. If I had the
know-how, I could have my server check to see if the account really exists
before sending the mail. (Any good sendmail/procmail programmers feel free
to correct me if I'm wrong). But now, instead of it coming from a bogus
user, it's actually just coming from my own account, so the from and to
portions match. I can exactly blacklist my own email address in SA, that
would be a problem. So maybe there would be a way to only accept mail if
it was from my account with my name in front of it? I don't know, I'm
just throwing out ideas here because I'm still learning about all this
anti-spam stuff.
On Wed, 16 Jul 2003, Joe Thomas wrote:
> yes also, there are tons of anti-spam groups out there, after finding out
> who this is, you could give all this information to the anti-spam groups,
> and they can make his life as annoying as he makes yours
>
>
> ----- Original Message -----
> From: "Jed S. Baer" <thag at frii.com>
> To: <clue-tech at clue.denver.co.us>
> Sent: Wednesday, July 16, 2003 6:04 PM
> Subject: Re: [CLUE-Tech] spam issues continued
>
>
> > On Wed, 16 Jul 2003 17:00:18 -0600
> > Mike Staver <staver at fimble.com> wrote:
> >
> > > Administrative Contact:
> > > Products, Health (JKTSYMZQYI)
> > > help at healthproductsnow.net Health Products
> > > POBOX 440033
> > > Aurora, CO 80044
> > > US
> > > (866) 292-4101
> >
> > A google search on the phone number turned up this for ihealth.bz, another
> > spamming domain.
> >
> > "4/30/03 - Whois shows registered to [Admin] Justin Smith
> > (help at ihealth.bz); [Tech] Health Products (help at betterhealth.bz); POBOX
> > 440033, Aurora, CO, 80044, USA; phone (866) 292-4101; domain servers
> > NS11.NSHOST.BZ (200.206.184.69), NS9.NSHOST.BZ (66.252.31.51),
> > NS10.NSHOST.BZ (210.21.114.9)
> > 5/21/03 - same IP address destination as for www.incredibleoffer.tv"
> >
> > Unsurprisingly:
> >
> > $ whois 200.168.14.44 at whois.arin.net
> > [whois.arin.net]
> >
> > OrgName: Latin American and Caribbean IP address Regional Registry
> > OrgID: LACNIC
> > Address: Potosi 1517
> > City: Montevideo
> > StateProv:
> > PostalCode: 11500
> > Country: UY
> >
> > I dunno whether you can get the name for the Postal Mail Box (PMB). Read
> > this:
> >
> > http://www.junkfax.org/fax/misc/pobox.htm
> >
> > You could, I suppose, go to the physical post office where that box is
> > located (the USPS can tell you this based on zip code), and hang out
> > watching the box.
> >
> > The other idea would be try and scam the spammer. Send something to the PO
> > box which will cause him to reveal himself to you. Think of "social
> > engineering" as described by Mitnick in his book "The Art of Deception".
> >
> > jed
> > --
> > ... it is poor civic hygiene to install technologies that could someday
> > facilitate a police state. -- Bruce Schneier
> > _______________________________________________
> > CLUE-Tech mailing list
> > Post messages to: CLUE-Tech at clue.denver.co.us
> > Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> >
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
>
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
http://www.fimble.com/staver
More information about the clue-tech
mailing list