Re: [Full-Disclosure] Re: mailman email harvester

From: J b (modperlpants_at_yahoo.com)
Date: 02/08/05

  • Next message: Mandrakelinux Security Team: "[Full-Disclosure] MDKSA-2005:030 - Updated perl-DBI packages fix vulnerability"
    Date: Tue, 8 Feb 2005 10:47:10 -0800 (PST)
    To: davek_throwaway@hotmail.com
    
    

    Take a look at the date of that report. That it's from almost TWO
    YEARS ago! The spammer/anti-spammer arms race began a long time ago,
    and will only get worse.

    I've seen numerous harvesters with randomized User-Agent strings
    crawling a mail archive of mine, even though all output is filtered
    through Apache::AntiSpam. They are NOT stopped by simple, obvious
    regexps. Obfuscation is trivially easy to identify and defeat.

    -----Original Message-----
    From: Dave Korn [davek_throwaway@hotmail.com]
    Sent: Tuesday, February 08, 2005 9:53 AM
    To: full-disclosure@lists.netsys.com
    Cc: mailman-developers@python.org; bugtraq@securityfocus.com
    Subject: [Full-Disclosure] Re: mailman email harvester

      Yes, but no spammers actually do so. For experimental proof of
    this
    claim,

    http://www.cdt.org/speech/spam/030319spamreport.shtml

                    
    __________________________________
    Do you Yahoo!?
    Take Yahoo! Mail with you! Get it on your mobile phone.
    http://mobile.yahoo.com/maildemo
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Mandrakelinux Security Team: "[Full-Disclosure] MDKSA-2005:030 - Updated perl-DBI packages fix vulnerability"