Well -- spammers are following the NANOG list in real-time, it seems. A few hours after my post this afternoon, I received some spam with a correct Subject: line for that post. I'll be happy to forward the email to anyone who wants to analyze it or find the offender and permanently blacklist "her" from NANOG...
--Steve Bellovin, http://www.cs.columbia.edu/~smb
Well -- spammers are following the NANOG list in real-time, it seems. A =
few hours after my post this afternoon, I received some spam with a =
correct Subject: line for that post. I'll be happy to forward the email =
to anyone who wants to analyze it or find the offender and permanently =
blacklist "her" from NANOG...
Funny you should mention that. About two seconds before your message,
I got such a bit of spam.
From carlafletcher24@yahoo.com Tue Dec 7 17:43:02 2010
Return-Path: <carlafletcher24@yahoo.com>
Received: from nm15.bullet.mail.ne1.yahoo.com (nm15.bullet.mail.ne1.yahoo.com [98.138.90.78])
by mx1.sol.net (8.14.4/8.14.4/SNNS-1.04) with SMTP id oB7Ngtf7002716
for <jgreco@ns.sol.net>; Tue, 7 Dec 2010 17:43:00 -0600 (CST)
Received: from [98.138.90.51] by nm15.bullet.mail.ne1.yahoo.com with NNFMP; 07 Dec 2010 23:42:50 -0000
Received: from [98.138.87.1] by tm4.bullet.mail.ne1.yahoo.com with NNFMP; 07 Dec 2010 23:42:50 -0000
Received: from [127.0.0.1] by omp1001.mail.ne1.yahoo.com with NNFMP; 07 Dec 2010 23:42:50 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: 9187.54043.bm@omp1001.mail.ne1.yahoo.com
Received: (qmail 17052 invoked by uid 60001); 7 Dec 2010 23:42:49 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1291765369; bh=Nwik8gyzMPW2hSR2Fc+0a6ZUu1s5oHBhOjv0Shs9wCE=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type; b=4Yw5bYZ0DJq7pbortuz7YK0J5opr+dQ0vk3FJ3V5uTF/jVuFRcu9hJxBZ/8u4xakvycmSMYOFDMR3oFL6t2JmSt3x4JZmCnDjlS79cL3arFsW/a0aBm9pubfPCYqijis3iCY6uNhji6JxYe0OWsMlHU3qTNohvs+dwMUl/gQ8R0=
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Reply-To:Subject:To:MIME-Version:Content-Type;
b=a+L6kibArtNLl3qtSuIHEDxKt2dZfrXLRiUE91IWnNsW6NZ11W6RG51LRXFK288erRYh7k9t2evvpBxbkAH7XKQ/B/+lIBaZqgZ5ON3MC3ziMmhrjn3UIX1o1obMDz0vO7R94K4iapDIpVlD9xXPOSgc1ENMoW8GA6eoKKRDUbs=;
Message-ID: <828073.58184.qm@web120306.mail.ne1.yahoo.com>
X-YMail-OSG: tTFoZPoVM1lORXP10bFDAvyxx.jFIQDoUGJ6hUxCf6q8Tbk
8RkTR2Q6BakFB1l6t1W5BdZ4fPFVQEWRX_TSB16hGCUxPmFhrTru8ItaSrSg
oF9x5JBC6GwAHAwzXaeCohqEqZsyOLa9vBCXu_kKyxJv_zCea2QtIZ_PFH23
rGr_j.u85nfOQA_6VJ3uLvtpJ75N0.ufEudhqcR6ZhL4bPb8LTxKYxAtZQ2N
_j50f7Uf_DOQ-
Received: from [173.208.43.151] by web120306.mail.ne1.yahoo.com via HTTP; Tue, 07 Dec 2010 15:42:49 PST
X-Mailer: YahooMailClassic/11.4.20 YahooMailWebService/0.8.107.285259
Date: Tue, 7 Dec 2010 15:42:49 -0800 (PST)
From: Carla Fletcher <carlafletcher24@yahoo.com>
Reply-To: carlafletcher24@yahoo.com
Subject: Re: Re: Abuse@ contacts
To: jgreco@ns.sol.net
I didn't know that anybody was still keying on subject lines; our spam
filter tossed it anyways.
... JG
Yup, same purported sender...
I have been seeing "targeted" spam for a while now - typically from someone with my last name and a random first name,
and a familiar subject line.
Just wait until they start using the _text_ from open mail lists as well.
Regards
Marshall
Nanog is available via at least two archives on the public web - try
googling any line of text - even this
one<http://www.google.com/search?q=Nanog+is+available+via+at+least+two+archives+on+the+public+web+-+try+googling+any+line+of+text+-+even+this+one.>
.
j