At 5:05 AM -0700 5/22/02, Tod Fitch wrote: >I have seen an increase in address harvesting in the last month or two. > >And I believe I have seen a change in the type of harvesting: My >impression is that fewer accounts are being included in each try, >tries are spread over a longer time and that they are using often >relays and/or alternative IP addresses. They could all be separate >attacks, but the names being tested seem to follow a pattern that >subjectively indicate that only a few attacks are happening. I got >the impression that a new type of harvesting that attempts to keep >below the automatic detectors is starting to happen.
I brought this up on the list a couple of months ago, and nobody seemed to think it was harvesting. I think it is. It appears to be a distributed harvest attempt. Once an hour, some random open relay tries to send an email or 2 to <name>@mydomain.com, and the names are always in alphabetical order. If you think about it, using an open relay to send a thousand messages to a thousand different hosts makes it harder for each host to track you down. You can send out as many emails and get as many responses (bounces or not, or even morons wanting your product or service) as the usual way, but it's less noticeable to anyone other than the operator of the relay, who's probably clueless, anyway. Darrin -- Darrin Cardani - [EMAIL PROTECTED] President, Buena Software, Inc. <http://www.buena.com/> Video, Image and Audio Processing Development ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
