Everyone on the list received these e-mails since they were sent to the list. No harvesting was necessary.
As I understand it, the apache mailing lists are promiscuous in a way and will easily/accidentally let any e-mail address subscribe as long as it sends a reply to a subscribe confirmation e-mail.
This means script kiddies or whoever can simply pretend to be [EMAIL PROTECTED] and subscribe to the mailing list. Since these kinds of support e-mails get auto-responded and because most sysadmins can't seem to be bothered to ignore e-mails of type "bulk", these support addresses get subscribed and can then auto-reply to every message.
The list moderators are pretty quick about removing the offending addresses, but it doesn't stop a few e-mails from sneaking through. The really painful part is how often this is happening lately. Some people seem to have way to much time on their hands and an abnormal sense of humor.
Just a lurker's two cents. -Paul
Reshat Sabiq wrote:
Hi,
I extremely apologize for this message, but i think this needs to be figured out. I just yesterday registered my new email address with tomcat-dev, and i received the spam below almost immediately thereafter. Only a few people are aware of this email address, so the origin of spam info 99% appears to be tomcat-dev registration. Is there any chance that DNS gets resolved to one of several IPs, one of which collects these emails and uses them for spam (or perhaps is infected with a virus)? I would look for any IPs based in russia as the prime suspects, because this email contains russian text and appears to be originated there.
What's worse is that 25 minutes after this spam, i received another one of similar content. Please help save me and others from this plague of the Internet.
I entrusted apache.org with this address, and hope we can keep it between us.
P.S. If there are other people who received similar emails, please let me, the admins, or the list know. If you let only me know, i will accumulate the number of people affected and forward this to an admin.
P.P.S. I see that emails are protected in the archives publicly published, and i think this issue is in the same category.
Thanks, <rsa/>
[EMAIL PROTECTED] wrote:
russian(win-1251):
Приветствуем!
Данное уведомление автоматически создано в ответ на Ваше письмо на тему
"Photo document", приведенное ниже. Вам не надо отвечать на него.
Служба поддержки клиентов получила Ваше письмо, и ему присвоен идентификатор
[TID#4977]. Пожалуйста, включайте следующий блок:
[TID#4977]
в заголовок (subject) всей последующей корреспонденции на эту тему. Это можно сделать отвечая на это письмо (reply).
C уважением, служба технической поддержки клиентов Хостинг оператор М-10 http://www.m-10.ru ------------------------------------------------------------------------ english:
Greetings,
This message has been automatically generated in response to your message
regarding "Photo document", the content of which appears below. There
is no need to reply to it now. Support has received your message and it has
been assigned a ticket ID of [TID#4977]. Please include the string:
[TID#4977]
in the subject line of all future correspondence about this problem. To do so, you may reply to this message.
WBR, Support Team Hosting Operator M-10 http://www.m-10.ru ----------------------------Original Message-----------------------------
Please, photo document. Yours sincerely
+++ X-Attachment-Type: document +++ X-Attachment-Status: no virus found +++ Powered by the new F-Secure OnlineAntiVirus +++ Visit us: www.f-secure.com
-----------------------------Headers Follow------------------------------
Received: from [EMAIL PROTECTED]
by office.m-10.ru (CommuniGate Pro GROUP 4.1.8)
with GROUP id 1745058; Mon, 12 Apr 2004 17:13:05 +0400
Received: from [62.5.188.222] (HELO office.m-10.ru)
by office.m-10.ru (CommuniGate Pro SMTP 4.1.8)
with ESMTP id 1745042 for [EMAIL PROTECTED]; Mon, 12 Apr 2004 17:12:58 +0400
X-Antivirus: Checked by Dr.Web (http://www.drweb.net)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Photo document
Date: Mon, 12 Apr 2004 17:11:48 +0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-Msmail-Priority: Normal
Message-Id: <[EMAIL PROTECTED]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
