Re: Need antispam software - mysterious spam encountered

From: winged (winged_at_nofollow.com)
Date: 12/14/04


Date: 13 Dec 2004 20:54:28 EST

Juergen Nieveler wrote:
> "Jeff" <jeff@nospam.net> wrote:
>
>
>>In particular, is anyone familiar with a program that returns an email
>>with appropriate headers, messages, etc. to make it look like the
>>address is nonexistant?
>
>
> That won't work...
>
> a) The From-header is usually faked, so the spammer won't even GET
> your fake error message
> b) The poor guy who really owns the address abused as a From: will
> get tons of error messages - why do you want to harrass him even more?
> c) Error messages usually are sent from the Postmaster-account. You
> aren't the postmaster at your ISP, so if you send mails pretending to
> be postmaster you'll get in trouble
> d) If the spammer actually takes the time to read through all the
> bounces, he'll notice that there is a considerable delay between
> sending his spam and receiving your fake bounce - which shows that
> the bounce was generated after receiving the message, which wouldn't
> have been possible if it didn't exist, therefore verifying that the
> address is correct.
>
> Juergen Nieveler
Mailwasher is a good antispammer tool that does what your asking, but it
won't work, as spammers expect failed mail. Recently it was discovered
however certain major manufactures were embedding phone home software in
their print driver software. The one manufacture that has commented and
indicated this was to monitor ink usage on their printers, however i
haven't heard if anyone has fully cracked the data stream sent.

Bottom line it could just as easily be spammer got mail addy through
other means such as other spyware on system etc. If you use IE and the
addy is embedded in browser, it is an easy thing to glean using various
methods. Spammer may have "guessed" address with a name dictionary
attack against your mail server. From what I have seen, they are pretty
industrious in gathering addresses, and can gather them using multiple
methodologies. I have even suspected someone is gleaning addresses off
of various mail gateways. There are a number of mail servers located on
BOTNETS. Someone you have sent mail to in the past may have lost your
address for you. Bottom line if addy is used on the net, it seldom
stays virgin long. I would say you can expect more spam in the future.
  It is good fried.

Winged