The classical response to that is a "Hidden" URL that, if "clicked" by the scanning software, gives "Insight" into the fact that the recipient is doing that, yes?
Aloha, Michael. -- Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been Processed." | Got the Junk Mail Reporting Tool ? -----Original Message----- From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Erwin Harte Sent: Wednesday, May 25, 2016 2:48 PM To: Michelle Sullivan <miche...@sorbs.net>; Vick Khera <vi...@khera.org> Cc: mailop@mailop.org Subject: Re: [mailop] signup form abuse On 5/25/16 4:40 PM, Michelle Sullivan wrote: > Vick Khera wrote: >> On Wed, May 25, 2016 at 3:02 PM, Erwin Harte <eha...@barracuda.com >> <mailto:eha...@barracuda.com>> wrote: >> >>> I did a spot check of a recent attack. The email address was >>> jabradb...@kanawhascales.com >>> <mailto:jabradb...@kanawhascales.com> and it got signed up to 12 >>> lists during May 17 and 18. Amazingly, whoever is on the other >>> end of that address clicked to confirm every one of those >>> confirmation messages. All confirmation clicks appear to come >>> from a netblock owned by Barracuda Networks... Hmm... >> Which netblock was that? >> >> >> 64.235.144.0/20 >> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2f64.2 >> 35.144.0%2f20&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c2 >> 70e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata= >> oIRzp1YSYhsrARm8tlIY7lSAqbZvAx0rP1eLn4MWmaE%3d> >> >> Specifically: 64.235.154.109, >> 64.235.153.2, 64.235.150.252, 64.235.153.10, 64.235.154.105, >> 64.235.154.109 >> >> > Single click through? (as in everything in the URL?) - if so probably > automated mail scanning. > That's what I expect as well. Those addresses are all from ESS (https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.barracuda.com%2fproducts%2femailsecurityservice&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c270e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=b1Dd64fsAyanlvQmva%2bkNgXdpLD4wqzC1UGwQxAjwVk%3d) which does 'intent' checking. --Erwin =========================================================== Considering Office 365? Barracuda security and storage solutions can help. Learn more about Barracuda solutions for Office 365 at https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fbarracuda.com%2foffice365&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c270e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=RWCdhi4rj1HgPH5M%2bu9hUibpTdxR3T5NqbHgE%2f5Fh%2bU%3d. DISCLAIMER: This e-mail and any attachments to it contain confidential and proprietary material of Barracuda, its affiliates or agents, and is solely for the use of the intended recipient. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. _______________________________________________ mailop mailing list mailop@mailop.org https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c270e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2f1rLcSOg0Pk3Bn9UsmkSPQokBSFF2F5T0gtlsCpAJ8A%3d _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop