Educause Security Discussion mailing list archives
Re: "postcard" spams.
From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Tue, 3 Jul 2007 13:22:43 -0500
Theresa Semmens wrote:
I'm seeing you have received a "BlueMountain.com greeting from a colleague"
Since June 29th, my home system has seen variety increase. A quick log analysis shows most subjects match these You've received {CARD} from {SENDER}! where {CARD} is one of a postcard an ecard a greeting postcard a greeting card a greeting ecard and {SENDER} is one of a family member a partner a mate a neighbor a colleague a school-mate a school friend a class mate a worshipper [my coworkers say this is an obvious fake] The sending addresses are in the form of "{TEXTNAME}" <{ADDRESS}> where {TEXTNAME} is one of vintagepostcards.com postcard.com netfuncards.com mypostcards.com greeting-cards.com funnypostcard.com freewebcards.com e-cards.com Postcards.Org MyPostcards.com GreetingCards.Com Greeting-Cards.Com FunnyPostcard.Com FreeWebCards.Com E-Cards.Com and {ADDRESS} has a very weak correlation to the domain in the PTR record of the originating IP. Good news: Most of the originating IP addresses are in the CBL (cbl.abuseat.org), so those of you using the CBL to help score this garbage as spam (and hopefully reject it *before* you accept and queue it!) may be able to block this trash before it reaches your end-users. Greylisting may also help, as this occasionally has the tendency to exert back pressure of sorts onto spam 'bots. (It also occasionally can provide insight into the organization of spam sources, i.e., you can group them by controller based on common characteristics. There's probably a paper in there somewhere.) -- Alan Amesbury OIT Security and Assurance University of Minnesota
Current thread:
- "postcard" spams. Matthew Gracie (Jul 03)
- <Possible follow-ups>
- Re: "postcard" spams. Perry, Jeff (Jul 03)
- Re: "postcard" spams. Theresa Semmens (Jul 03)
- Re: "postcard" spams. David Lundy (Jul 03)
- Re: "postcard" spams. Alan Amesbury (Jul 03)
- Re: "postcard" spams. Les LaCroix (Jul 03)