Spamarrest

From: Adam Shephard (adams@firstfederalbanking.com)
Date: 10/28/02 

From: Adam Shephard <adams@firstfederalbanking.com>
To: security-basics@securityfocus.com
Date: Mon, 28 Oct 2002 14:18:04 -0500

I've received a couple of these emails recently.

Has anybody heard of Spamarrest harvesting info from those of us who click
their link?

It's not that I am suspicious of the Spamarrest folks, it's just seems odd
to me that in order to protect others from spam, we have to submit ourselves
to a procedure that is often used to propagate it.

Even if they are completely innocent, aren't they holding up a big neon sign
to current and would-be spammers that says "Here's how you do it!"?

Text of the email below.

----------------------------------------------------------
I'm protecting myself from receiving junk mail.
Just this once, click the link below so I can receive your emails. You won't
have to do this again.

http://spamarrest.com/a?xxxxxxx:xxxxxx

You are receiving this message in response to your email to
xxxx@xxxxxxx.com, a Spam Arrest customer.

Spam Arrest requests that senders verify themselves before their email is
delivered.

When you click the above link, you will be taken to a page with a graphic on
it. Simply read the word in the graphic, type it into the form, and you're
verified.

You will only need to do this once per Spam Arrest customer.