Re: Spam with return receipt

[Joel Rosenblatt <joel () COLUMBIA EDU>]

We caught 339 of them .. the funny thing is that the email addresses that the receipts went to were all different - 
they also all
came from different IP addresses (spoofed headers to make it look like they were sent from squirrel mail)  We think 
that this is
just a broken BOT model.

My 2 cents
Joel Rosenblatt

Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel

--On Wednesday, September 24, 2008 8:55 PM -0400 Morrow Long <morrow.long () YALE EDU> wrote:

> Saw one here today.
>
> The 'receipt' bounced back to the user who had opened the spam message
> because the putative spammer's e-mail box -- to which the receipt was
> being sent --  was full and not accepting email.
>
> Morrow
>
> On Sep 24, 2008, at 12:22 PM, Valdis Kletnieks wrote:
>
> > On Tue, 23 Sep 2008 15:41:52 CDT, Roger Safian said:
> > > In the last couple of days I have noticed a dramatic increase in
> > > spam that has been tagged with return receipt requested.  I have
> > > disabled this on my system, but have it set to notify me when a
> > > message is so tagged.  I like to know who is spying on me.  ;-)
> >
> > Seen here as well.  My first guess was that it's an attempt to
> > verify that
> > the destination address is "live" - except the return receipts
> > always bounce. ;)



Joel Rosenblatt, Manager Network & Computer Security
Columbia Information Security Office (CISO)
Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033
http://www.columbia.edu/~joel