I've heard John Levine propose the "hidden link to catch scanning robots" solution but I've never heard of an email system implementing it. Similarly, senders have often suggested that spamtrap systems shouldn't follow links. (Security systems, sure, but don't do that with spamtrap addresses.) And today I heard it suggested that it would be wiser to have COI have a second click (probably an HTTP POST-based button) on the landing web page, to prevent security systems from erroneously completing COI confirm steps. All good stuff, but it doesn't sound as though any of it has been widely broadcasted as a best practice or requirement.
-- Al Iverson www.aliverson.com (312)725-0130 On Wed, May 25, 2016 at 4:55 PM, Michael Wise via mailop <mailop@mailop.org> wrote: > The classical response to that is a "Hidden" URL that, if "clicked" by the > scanning software, gives "Insight" into the fact that the recipient is doing > that, yes? > > Aloha, > Michael. > -- > Michael J Wise | Microsoft | Spam Analysis | "Your Spam Specimen Has Been > Processed." | Got the Junk Mail Reporting Tool ? > > -----Original Message----- > From: mailop [mailto:mailop-boun...@mailop.org] On Behalf Of Erwin Harte > Sent: Wednesday, May 25, 2016 2:48 PM > To: Michelle Sullivan <miche...@sorbs.net>; Vick Khera <vi...@khera.org> > Cc: mailop@mailop.org > Subject: Re: [mailop] signup form abuse > > On 5/25/16 4:40 PM, Michelle Sullivan wrote: >> Vick Khera wrote: >>> On Wed, May 25, 2016 at 3:02 PM, Erwin Harte <eha...@barracuda.com >>> <mailto:eha...@barracuda.com>> wrote: >>> >>>> I did a spot check of a recent attack. The email address was >>>> jabradb...@kanawhascales.com >>>> <mailto:jabradb...@kanawhascales.com> and it got signed up to 12 >>>> lists during May 17 and 18. Amazingly, whoever is on the other >>>> end of that address clicked to confirm every one of those >>>> confirmation messages. All confirmation clicks appear to come >>>> from a netblock owned by Barracuda Networks... Hmm... >>> Which netblock was that? >>> >>> >>> 64.235.144.0/20 >>> <https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2f64.2 >>> 35.144.0%2f20&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c2 >>> 70e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata= >>> oIRzp1YSYhsrARm8tlIY7lSAqbZvAx0rP1eLn4MWmaE%3d> >>> >>> Specifically: 64.235.154.109, >>> 64.235.153.2, 64.235.150.252, 64.235.153.10, 64.235.154.105, >>> 64.235.154.109 >>> >>> >> Single click through? (as in everything in the URL?) - if so probably >> automated mail scanning. >> > That's what I expect as well. Those addresses are all from ESS > (https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fwww.barracuda.com%2fproducts%2femailsecurityservice&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c270e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=b1Dd64fsAyanlvQmva%2bkNgXdpLD4wqzC1UGwQxAjwVk%3d) > which does 'intent' checking. > > --Erwin > > =========================================================== > > > Considering Office 365? Barracuda security and storage solutions can help. > Learn more about Barracuda solutions for Office 365 at > https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fbarracuda.com%2foffice365&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c270e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=RWCdhi4rj1HgPH5M%2bu9hUibpTdxR3T5NqbHgE%2f5Fh%2bU%3d. > > DISCLAIMER: > This e-mail and any attachments to it contain confidential and proprietary > material of Barracuda, its affiliates or agents, and is solely for the use of > the intended recipient. Any review, use, disclosure, distribution or copying > of this transmittal is prohibited except by or on behalf of the intended > recipient. If you have received this transmittal in error, please notify the > sender and destroy this e-mail and any attachments and all copies, whether > electronic or printed. > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fchilli.nosignal.org%2fcgi-bin%2fmailman%2flistinfo%2fmailop&data=01%7c01%7cmichael.wise%40microsoft.com%7c0958149c270e4866966b08d384e71286%7c72f988bf86f141af91ab2d7cd011db47%7c1&sdata=%2f1rLcSOg0Pk3Bn9UsmkSPQokBSFF2F5T0gtlsCpAJ8A%3d > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
