From Paul List Hess, received 21/5/02, 11:38 am -0400 (GMT): > I've been noticing massive increases in the amount of address > harvesting going on this month, coming from various unrelated IP > addresses. Have any of you seen similar occurrences on your > servers? > > Note: by address harvesting I mean attempts to send messages to > hundreds of different made up addresses on your server, so they can > see which ones DON'T bounce. If an address doesn't bounce, they > can harvest it and stick it in their database to sell off to > spammers and advertisers. > > Maye 2/3 of these are caught by the RBL lists I use, but for the > others the only protection I have is the "tempban" feature, which > lets a few attemps get through and then blocks them for a while. > Problem is they keep coming back so over time they end up > occasionally harvesting some real addresses.
A good way to foil these is to create 5 or 10 spamtraps in your router, like this for example: [EMAIL PROTECTED] = spamtrap [EMAIL PROTECTED] = spamtrap [EMAIL PROTECTED] = spamtrap [EMAIL PROTECTED] = spamtrap [EMAIL PROTECTED] = spamtrap SIMS will answer "250 OK" for these spamtraps so the spamware (which is doing a dictionary attack on you) will harvest these onto spammers CDROMs as well as any real addresses it manages to get - and SIMS will then bounce the subsequent spams when they arrive (assuming the spammers end up sending to [EMAIL PROTECTED] and [EMAIL PROTECTED]). -- Steve Linford Ultradesign Xtreme Network http://www.uxn.com ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
