[CLUE-Tech] spam issues continued

Mike Staver staver at fimble.com
Wed Jul 16 19:27:52 MDT 2003 

Both very good suggestions.  I have definitely been pondering the social 
engineering aspect of this all day - imagining what I would do if I had 
this address, and many ideas do come to mind.  I'm trying to think of a 
good excuse to get the real address and/or phone number from the PO Box by 
sending something to it, it just has to be something very believable.  

But back to the main problem I'm having here - is spammers find out that 
by simply forging the from section of mail headers and easily defeat 
SpamAssassin, everyone who uses it is in big trouble, and it will be 
completely worthless in a matter of weeks.  Over the last 24 hours the 
spam this one company has been sending me has evolved drastically.  It 
first started out coming from some made-up user @fimble.com.  If I had the 
know-how, I could have my server check to see if the account really exists 
before sending the mail. (Any good sendmail/procmail programmers feel free 
to correct me if I'm wrong).  But now, instead of it coming from a bogus 
user, it's actually just coming from my own account, so the from and to 
portions match.  I can exactly blacklist my own email address in SA, that 
would be a problem.  So maybe there would be a way to only accept mail if 
it was from my account with my name in front of it?  I don't know, I'm 
just throwing out ideas here because I'm still learning about all this 
anti-spam stuff.  

On Wed, 16 Jul 2003, Joe Thomas wrote:

> yes also, there are tons of anti-spam groups out there, after finding out
> who this is, you could give all this information to the anti-spam groups,
> and they can make his life as annoying as he makes yours
> 
> 
> ----- Original Message -----
> From: "Jed S. Baer" <thag at frii.com>
> To: <clue-tech at clue.denver.co.us>
> Sent: Wednesday, July 16, 2003 6:04 PM
> Subject: Re: [CLUE-Tech] spam issues continued
> 
> 
> > On Wed, 16 Jul 2003 17:00:18 -0600
> > Mike Staver <staver at fimble.com> wrote:
> >
> > >    Administrative Contact:
> > >       Products, Health  (JKTSYMZQYI)
> > >       help at healthproductsnow.net Health Products
> > >       POBOX 440033
> > >       Aurora, CO 80044
> > >       US
> > >       (866) 292-4101
> >
> > A google search on the phone number turned up this for ihealth.bz, another
> > spamming domain.
> >
> > "4/30/03 - Whois shows registered to [Admin] Justin Smith
> > (help at ihealth.bz); [Tech] Health Products (help at betterhealth.bz); POBOX
> > 440033, Aurora, CO, 80044, USA; phone (866) 292-4101; domain servers
> > NS11.NSHOST.BZ (200.206.184.69), NS9.NSHOST.BZ (66.252.31.51),
> > NS10.NSHOST.BZ (210.21.114.9)
> > 5/21/03 - same IP address destination as for www.incredibleoffer.tv"
> >
> > Unsurprisingly:
> >
> > $ whois 200.168.14.44 at whois.arin.net
> > [whois.arin.net]
> >
> > OrgName:    Latin American and Caribbean IP address Regional Registry
> > OrgID:      LACNIC
> > Address:    Potosi 1517
> > City:       Montevideo
> > StateProv:
> > PostalCode: 11500
> > Country:    UY
> >
> > I dunno whether you can get the name for the Postal Mail Box (PMB). Read
> > this:
> >
> >   http://www.junkfax.org/fax/misc/pobox.htm
> >
> > You could, I suppose, go to the physical post office where that box is
> > located (the USPS can tell you this based on zip code), and hang out
> > watching the box.
> >
> > The other idea would be try and scam the spammer. Send something to the PO
> > box which will cause him to reveal himself to you. Think of "social
> > engineering" as described by Mitnick in his book "The Art of Deception".
> >
> > jed
> > --
> > ... it is poor civic hygiene to install technologies that could someday
> > facilitate a police state. -- Bruce Schneier
> > _______________________________________________
> > CLUE-Tech mailing list
> > Post messages to: CLUE-Tech at clue.denver.co.us
> > Unsubscribe or manage your options:
> http://clue.denver.co.us/mailman/listinfo/clue-tech
> >
> _______________________________________________
> CLUE-Tech mailing list
> Post messages to: CLUE-Tech at clue.denver.co.us
> Unsubscribe or manage your options: http://clue.denver.co.us/mailman/listinfo/clue-tech
> 

-- 
				-Mike Staver
				 staver at fimble.com
                                 mstaver at globaltaxnetwork.com
				 http://www.fimble.com/staver

More information about the clue-tech mailing list