LISTSERV - HP3000-L Archives

HP3000-L Archives

June 2002, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L June 2002, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: OT: FREE POP Access or auto-forwarding
From:	Tom Emerson <[log in to unmask]>
Reply To:	Tom Emerson <[log in to unmask]>
Date:	Thu, 6 Jun 2002 15:46:52 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (51 lines)

> -----Original Message-----
> From: [log in to unmask]
[...] I've read that spammers have an aversion
> to spamming
> bizarre addresses, such as those containing strings of number
> or other odd
> characters, although only they know if this is so, or why it might be.

serendipidous coincidence of the day -- not one minute after reading this
post, I happened to come to this site:

http://www.ethereal.com/spamreport.html

which notes:
   "Sugarplum can generate its poisoned addresses using several methods. We
have chosen to encode the IP address of the person doing the harvesting into
each address. You can then use these tags to match harvester addresses
against any spam attempts listed in your mail logs. Even though the
harvesting and spamming may happen months apart, you now have a link between
the harvester and the spammer."

so I would suspect a "harvester" would avoid e-mails with strings of numbers
because addresses such as those are designed to track the tracker...

Following the related links on that page (to sugarplum itself) I found this
page:

http://www.devin.com/sugarplum/antipoison-commentary.html

which notes how harvesters who attempt to de-poision a list will try to
clean things up:
   "Poison filters. Ah, the important part relative to sugarplum.
Annoyingly, this paragraph doesn't drop many hints. The term "special filter
file" is meaningless -- ... Some is easy -- addresses where the username is
a number (numbers aren't valid usernames on UNIX hosts anyway); addresses
containing a letter-number ratio greater than, say, 0.4; invalid TLDs, and
so forth. Statistical filtration of addresses (e.g.
number-letter-punctuation ratios) will likely achieve some minimal success
with poison generated from byte-random output, e.g. [log in to unmask]; this
will have a fairly high loss-rate of real data. [...]"

Interestingly enough, all the "addresses" I saw on the ethereal site were of
the form "username[AT]host.com" -- yes, using the word [AT] to signify the
"@" symbol -- presumably, this requires human intervention to actually
e-mail somebody from that site ;)

Tom

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU