I just received the following: Your message From: "Howard C. Berkowitz" <hcb@netcases.net> To: <nanog@nanog.org> Subject: RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) Date: 10/7/2008 has been just received by nanog.org mailserver. To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient. http://mail.tcwireless.us/challenge/?folder=2008100714452628877295 Your message will be automatically deleted in a few days if you do not confirm this request. ===================================================== DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. ===================================================== I don't have an appropriately air-gapped browser to visit that link, which rather screams "scam phish". Anyone know anythig about it?
I received the same message Subject : Challenge Response Received: from mail.tcwireless.us ([67.108.86.20] verified) Your message ... has been just received by gmail.com mailserver. I assumed that this is a phishing scam due to the from / mailserver mismatch, which I think this confirms. Regards Marshall On Oct 7, 2008, at 4:16 PM, Howard C. Berkowitz wrote:
I just received the following:
Your message
From: "Howard C. Berkowitz" <hcb@netcases.net>
To: <nanog@nanog.org>
Subject: RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0)
Date: 10/7/2008
has been just received by nanog.org mailserver.
To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient.
http://mail.tcwireless.us/challenge/?folder=2008100714452628877295
Your message will be automatically deleted in a few days if you do not confirm this request.
=====================================================
DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT.
=====================================================
I don't have an appropriately air-gapped browser to visit that link, which rather screams "scam phish". Anyone know anythig about it?
Apology to NANOG for the whitelist failing.. -------------------------------------------- Fredric S. Moses Chief Technology Officer,Tri-County Times fred.moses@tcwireless.us -----Original Message----- From: Marshall Eubanks [mailto:tme@multicasttech.com] Sent: Tuesday, October 07, 2008 4:29 PM To: Howard C. Berkowitz Cc: nanog@nanog.org Subject: Re: Some odd harvesting going on? I received the same message Subject : Challenge Response
On Tue, Oct 07, 2008 at 04:16:22PM -0400, Howard C. Berkowitz wrote:
To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient.
This doesn't look to me like phishing (although I can see the similarities); it looks like yet another severely clueless site engaged in challenge-response spamming. (C-R has long since been not only completely discredited as an anti-spam tactic, but has been recognized as a spam vector. Hosts emitting it are subject to blacklisting, in the same way and for much the same reason that hosts emitting backscatter/outscatter are.) ---Rsk
On Wed, 8 Oct 2008 07:21:22 -0400 Rich Kulawiec <rsk@gsp.org> wrote:
This doesn't look to me like phishing (although I can see the similarities); it looks like yet another severely clueless site engaged in challenge-response spamming. (C-R has long since been not only completely discredited as an anti-spam tactic, but has been recognized as a spam vector. Hosts emitting it are subject to blacklisting, in the same way and for much the same reason that hosts emitting backscatter/outscatter are.)
C-R *is* spam. Interestingly, proponents use the same argument for it that spammers do. It works for them. Spammers feel that .0001% response is reason enough to load the rest of us with with work for no pay. Proponents of C-R feel that reducing their spam load justifies having the rest of us work as their spam filter for free. It's the "I got mine, Jack" mentality which is sadly way too ubiquitous. Personally I think that the answer to this problem is to simply reply automatically to these challenges positively no matter what. Puts the job of filtering spam back on the first person. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
Quoting D'Arcy J.M. Cain (darcy@druid.net):
Personally I think that the answer to this problem is to simply reply automatically to these challenges positively no matter what. Puts the job of filtering spam back on the first person.
I tend to click on the 'authorize' links i see in any ticket-queue that gets loaded with these messages at my job. Usually resulted by a joe-job run of some sort. I too think C-R spam 'prevention' is the lazy-mans approach at filtering spam. People can easily create their own whitelists based on their maillogs or mailhistory. -Sndr. -- | Bakers trade bread recipes on a knead to know basis. | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
<snip> I too think C-R spam 'prevention' is the lazy-mans approach at filtering spam. People can easily create their own whitelists based on their maillogs or mailhistory. <snip> Unfortunately, I feel the majority of the solutions offered cater to the non-technical. The process of simplifying often results in a product that requires the least amount of hands-on from the end-user. Coupled with the fact that the average end-user is not interested in learning a process that takes more then 5 paragraphs to explain and more than 10 minutes to implement (without some sort of "wizard") and I think we have a good idea why the layman's approach is so prevalent. - Michienne Dixon Network Administrator liNKCity 312 Armour Rd. North Kansas City, MO 64116 www.linkcity.org (816) 412-7990
On Thu, 9 Oct 2008 08:37:51 -0500 "Michienne Dixon" <mdixon@nkc.org> wrote:
<snip> I too think C-R spam 'prevention' is the lazy-mans approach at filtering spam. People can easily create their own whitelists based on their maillogs or mailhistory. <snip>
Unfortunately, I feel the majority of the solutions offered cater to the non-technical. The process of simplifying often results in a product that requires the least amount of hands-on from the end-user. Coupled
I don't have any argument with making the end-user's experience simpler and easier. I do complain when that simplification is at the expense of others. It's the difference between software that does some of your work and software that moves your work onto someone else's shoulders. -- D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 425 1212 (DoD#0082) (eNTP) | what's for dinner.
On Thu, 09 Oct 2008 09:44:57 EDT, "D'Arcy J.M. Cain" said:
I don't have any argument with making the end-user's experience simpler and easier. I do complain when that simplification is at the expense of others. It's the difference between software that does some of your work and software that moves your work onto someone else's shoulders.
The problem being solved is that the average end-user is proving that CM Kornbluth was right. The meta-problem is that the average developer is *also* proving Kornbluth correct...
On Oct 9, 2008, at 6:37 AM, Michienne Dixon wrote:
<snip> I too think C-R spam 'prevention' is the lazy-mans approach at filtering spam. People can easily create their own whitelists based on their maillogs or mailhistory. <snip>
Unfortunately, I feel the majority of the solutions offered cater to the non-technical. The process of simplifying often results in a product that requires the least amount of hands-on from the end-user. Coupled with the fact that the average end-user is not interested in learning a process that takes more then 5 paragraphs to explain and more than 10 minutes to implement (without some sort of "wizard") and I think we have a good idea why the layman's approach is so prevalent.
There are many, many other solutions that satisfy these requirements without massively inconveniencing everyone who tries to send you e-mail. I can only attribute the persistence of C-R as a method for combating spam to the fact that a sufficiently small percentage of humans will believe in *anything*, no matter how ludicrous it is. Hopefully this provides some motivation to those few who still cling uselessly to C-R to go out and spend 15 minutes researching advances in anti-spam technology in the last 5 years. Perhaps they will pull themselves out of the stone ages and stop irritating everyone. -- bk
participants (9)
-
Brian Keefer -
D'Arcy J.M. Cain -
Fred Moses -
Howard C. Berkowitz -
Marshall Eubanks -
Michienne Dixon -
Rich Kulawiec -
Sander Smeenk -
Valdis.Kletnieks@vt.edu