4 weeks ago I started getting weekly spam from Carl@crossfiremedia.com. I have been "subscribed" to this newsletter. Today's spam subject line is "Get to 4GWE and Participate in the Wireless Future, We'll help pay your way..." The address used is an address I used on NANOG some years back - I haven't used it in quite a while but still get an occasional private email from someone who has that address in their address book so the address is still active. Because there's a remote chance that some time long ago I "subscribed" to some message board and hidden in the message board settings is a pre-checked option (which I overlooked) to receive email from "partners", I privately emailed several friends in the IT/Security fields asking if they were getting this spam. The one friend who is also getting this spam is also someone who occasionally posts to NANOG, and who also has no idea why he was "subscribed" to this spam. Because of this coincidence, I think the spammer may have scarfed email addresses of people who posted to NANOG and added them to the "targeted" mailing list / spam list. I'm curious to know if other NANOG subscribers have started receiving spam from this person. I also found 2 sites that have web interfaces to their NANOG archives where they are not obscuring email addresses and who leaked posting addresses onto the web: http://www.google.com/search?q=lists05%40equinephotoart.com+nanog Is there someone at NANOG who can ask these sites to remove these archives, or at least purge/munge email addresses? Please reply via private email. Thanks! jc
My subscription to NANOG aged 3 months ago and I am receiving this spam too. And this is my first post. I effectively think that someone might have crack the email database of the Nanog list. Reynold On Tue, Jan 13, 2009 at 12:41 PM, JC Dill <jcdill.lists@gmail.com> wrote:
4 weeks ago I started getting weekly spam from Carl@crossfiremedia.com. I have been "subscribed" to this newsletter. Today's spam subject line is "Get to 4GWE and Participate in the Wireless Future, We'll help pay your way..."
The address used is an address I used on NANOG some years back - I haven't used it in quite a while but still get an occasional private email from someone who has that address in their address book so the address is still active.
Because there's a remote chance that some time long ago I "subscribed" to some message board and hidden in the message board settings is a pre-checked option (which I overlooked) to receive email from "partners", I privately emailed several friends in the IT/Security fields asking if they were getting this spam. The one friend who is also getting this spam is also someone who occasionally posts to NANOG, and who also has no idea why he was "subscribed" to this spam. Because of this coincidence, I think the spammer may have scarfed email addresses of people who posted to NANOG and added them to the "targeted" mailing list / spam list.
I'm curious to know if other NANOG subscribers have started receiving spam from this person.
I also found 2 sites that have web interfaces to their NANOG archives where they are not obscuring email addresses and who leaked posting addresses onto the web:
http://www.google.com/search?q=lists05%40equinephotoart.com+nanog
Is there someone at NANOG who can ask these sites to remove these archives, or at least purge/munge email addresses?
Please reply via private email. Thanks!
jc
On Tue, 2009-01-13 at 14:43 -0500, Reynold Guerrier wrote:
My subscription to NANOG aged 3 months ago and I am receiving this spam too. And this is my first post. I effectively think that someone might have crack the email database of the Nanog list.
Funny; I'm not in that sort of business and I haven't received that sort of spam. Funny also that both Reynold and JC have quite significant online presences (as determined from a quick Google) which reveal lots of interesting info - if you were a person interested in selling them something, anyway. Especially wireless kit. I think there's far less to this than meets the eye, personally. Just a predictably asinine salesperson believing that your presence online provides your consent for bulk email... have you contacted their CEO? Graeme
On Wed, January 14, 2009 9:01 am, Graeme Fowler wrote:
I think there's far less to this than meets the eye, personally. Just a predictably asinine salesperson believing that your presence online provides your consent for bulk email... have you contacted their CEO?
I do have to ask though, what's up with third-party systems creating a web accessible archive of the mailing list? Worse, with them not fudging email addresses when doing so? Strikes me as plain-old 'rude' to be honest... Are the standing official archives insufficient or something?
On Tue, Jan 13, 2009 at 12:33 PM, Mark Foster <blakjak@blakjak.net> wrote:
On Wed, January 14, 2009 9:01 am, Graeme Fowler wrote:
I think there's far less to this than meets the eye, personally. Just a predictably asinine salesperson believing that your presence online provides your consent for bulk email... have you contacted their CEO?
I do have to ask though, what's up with third-party systems creating a web accessible archive of the mailing list? Worse, with them not fudging email addresses when doing so?
Strikes me as plain-old 'rude' to be honest... Are the standing official archives insufficient or something?
Strikes me as such as well. And once I accidentally sent two mails to a list with some information I would've preferred was not public, and that was a real headache...
On Wed, 14 Jan 2009 09:33:48 +1300, Mark Foster said:
Strikes me as plain-old 'rude' to be honest... Are the standing official archives insufficient or something?
There's certainly the "Damn, I remember a Nanog posting about this router issue" case - but for that, you probably can't reach the 3rd-party archive either. The proper thing to do is save those postings on your laptop hard drive - and then back up the hard drive regularly. ;)
On Wed, Jan 14, 2009 at 09:33:48AM +1300, Mark Foster wrote:
I do have to ask though, what's up with third-party systems creating a web accessible archive of the mailing list? Worse, with them not fudging email addresses when doing so?
1. (in reply to the original) I haven't received anything from them here yet, but it may have been rejected at the perimeter. When I get a chance this evening, I'll check logs and see if I turn up anything. 2. Yes, it's quite rude for third parties to set up (public) archives of mailing lists without the prior, express consent of the owner(s) of those lists. I don't see a problem with individual members of such lists maintaining their own (private) archives -- and I routinely do so for every list I'm on. 3. But it's utterly pointless to obfuscate addresses in such archives: spammers have long since set up quite efficient methods of harvesting any address used on any public mailng list or Usenet newsgroup. [1] The only people meaningfully impeded by these futile attempts at obfuscation are legitimate senders. ---Rsk [1] Someone should explain this to Google in re their Usenet archive: spammers have NNTP feeds, too.
Graeme Fowler wrote:
On Tue, 2009-01-13 at 14:43 -0500, Reynold Guerrier wrote:
My subscription to NANOG aged 3 months ago and I am receiving this spam too. And this is my first post. I effectively think that someone might have crack the email database of the Nanog list.
Funny; I'm not in that sort of business and I haven't received that sort of spam. Funny also that both Reynold and JC have quite significant online presences (as determined from a quick Google) which reveal lots of interesting info - if you were a person interested in selling them something, anyway. Especially wireless kit.
The particular email address ceased being used (by me) over a year ago, but suddenly 4 weeks ago I was "subscribed" to their mailing list. Apparently the common theme is that we all registered for the VON conference at one point. Apparently they think it is OK to take an address that was used to register for VON several years ago and now, suddenly, and without MY PERMISSION "subscribe" me to a marketing spam list on a different topic. RSK wrote:
3. But it's utterly pointless to obfuscate addresses in such archives: spammers have long since set up quite efficient methods of harvesting any address used on any public mailng list or Usenet newsgroup. [1] The only people meaningfully impeded by these futile attempts at obfuscation are legitimate senders.
Rich, I know that spammers can get an address by subscribing and scarfing the emails that are used to post to the list. I just don't want to see it be made any easier for them by idiots making their own public web archives (when this list already has a web archive) and then not obfuscating the email addresses. As you and others have also noted, that's just plain rude. To tie in with another thread, those of you who don't see anything wrong with another network using someone's ASN in a way that triggered alerts to their network admins, and without permission (and causing said admin to miss part of a very important family event while he tracked down the source of the alert he received) probably didn't see anything wrong with the first unsolicited commercial email either. I mean, it's just one email, what's the harm.... you can just hit delete, right? I really can't understand why all of you are saying it's no big deal! jc
On Tue, 2009-01-13 at 17:19 -0800, JC Dill wrote:
The particular email address ceased being used (by me) over a year ago, but suddenly 4 weeks ago I was "subscribed" to their mailing list. Apparently the common theme is that we all registered for the VON conference at one point.
Aha, list re-purposing. That's something completely different - I cannot speak for your local or federal laws on spam, but in the UK we could fairly well go to town on a company doing that (not in law, sadly, but certainly in terms of professional shame through whichever organisations they belong to).
I really can't understand why all of you are saying it's no big deal!
Er... we're not. I'm not, certainly, and I haven't read anyone else as having done so. What we're saying is that there's nothing sinister (as the original reply to your message thought), that there's a simple explanation. As I said originally - if this is a company with any professional pride whatsoever, contact their CEO. Going from the top down can be instructive at the very least, if not actually productive. Graeme
On Tue, Jan 13, 2009 at 05:19:01PM -0800, JC Dill wrote:
RSK wrote:
3. But it's utterly pointless to obfuscate addresses in such archives: spammers have long since set up quite efficient methods of harvesting any address used on any public mailng list or Usenet newsgroup. [1] The only people meaningfully impeded by these futile attempts at obfuscation are legitimate senders.
Rich, I know that spammers can get an address by subscribing and scarfing the emails that are used to post to the list. I just don't want to see it be made any easier for them by idiots making their own public web archives (when this list already has a web archive) and then not obfuscating the email addresses. As you and others have also noted, that's just plain rude.
To be clear: I think setting up an unauthorized public archive of a mailing list, with or without email addresses, is rude. (I _might_ consider rare exceptions, such as very old mailing lists of historical interest whose owners are no longer around, but that's clearly not the case here.) List-owners should always be asked for their permission. But as far as making it easier for spammers: we're talking about the difference between lifting their pinky finger half a millimeter and grinding out, with tortuous effort, an entire millimeter. "Professional" address harvesters don't need and largely don't care about web-based archives: it's much simpler, easier and faster for them to go directly to the source and receive (so to speak) real-time feeds of valid addresses, which, as a bonus, come with "last time known-valid" data as well. Those feeds come from list subscriptions, NNTP feeds, malware infections, and other sources. So any address which: - is used on any public mailing list - is used in any Usenet newsgroup - is used to send mail to anyone who reads it on a Windows box - is used to send mail to any mail server running on a Windows box is going to be harvested -- it's only a question of when, and from there, it's only a question of when spammers will start trying to deliver to it. (Which probably means "shortly after they buy the latest address collection from the harvesters". The increasing division of labor and sophistication of the abuse industry has led to niche roles, i.e., it's cheaper and easier for spammers to just buy addresses than to do their own harvesting.) The best working assumption to make is that any email address that's actually used is going to be a target, and plan defenses accordingly. Once again, security by obscurity does not work -- which is why there is zero point in obfuscating addresses in list archives. ---Rsk
Rick,
- is used to send mail to anyone who reads it on a Windows box - is used to send mail to any mail server running on a Windows box
is going to be harvested -- it's only a question of when, and from there, it's only a question of when spammers will start trying to deliver to it.
From looking back at the thread it seems that the spam was the result of a
Those are some quite sweeping generalisations there. What if I read my mail on a Windows box yet my mail service is a Linux host - does that mean I have a 50% chance of being harvested eventually? I also have a Macbook that I sometimes use to read my email on, what does that do to my chances? I agree that it *is* very rude when someone takes a mailing list and makes a public archive, but it has already been pointed out that anyone even remotely interested in obtaining addresses can join the list and get addressed and last-used data - plus a myriad other ways that addresses can be obtained. I have an email address and I have no real control over what a third party might do to my email address, ergo I am going to get spam eventually. list being re-purposed for something else. If it was in the UK then there is legislation that would allow you to have a good go at the company, but all the technical and legal solutions in the world can't cure a lack of cluefulness. B
participants (8)
-
Graeme Fowler -
JC Dill -
Mark Foster -
Neil -
Reynold Guerrier -
Rich Kulawiec -
Valdis.Kletnieks@vt.edu -
William Hamilton