4 weeks ago I started getting weekly spam from Carl@crossfiremedia.com. I have been "subscribed" to this newsletter. Today's spam subject line is "Get to 4GWE and Participate in the Wireless Future, We'll help pay your way..."
The address used is an address I used on NANOG some years back - I haven't used it in quite a while but still get an occasional private email from someone who has that address in their address book so the address is still active.
Because there's a remote chance that some time long ago I "subscribed" to some message board and hidden in the message board settings is a pre-checked option (which I overlooked) to receive email from "partners", I privately emailed several friends in the IT/Security fields asking if they were getting this spam. The one friend who is also getting this spam is also someone who occasionally posts to NANOG, and who also has no idea why he was "subscribed" to this spam. Because of this coincidence, I think the spammer may have scarfed email addresses of people who posted to NANOG and added them to the "targeted" mailing list / spam list.
I'm curious to know if other NANOG subscribers have started receiving spam from this person.
I also found 2 sites that have web interfaces to their NANOG archives where they are not obscuring email addresses and who leaked posting addresses onto the web:
http://www.google.com/search?q=lists05%40equinephotoart.com+nanog
Is there someone at NANOG who can ask these sites to remove these archives, or at least purge/munge email addresses?
Please reply via private email. Thanks!
jc
My subscription to NANOG aged 3 months ago and I am receiving this spam too.
And this is my first post. I effectively think that someone might have crack
the email database of the Nanog list.
Reynold
Funny; I'm not in that sort of business and I haven't received that sort
of spam. Funny also that both Reynold and JC have quite significant
online presences (as determined from a quick Google) which reveal lots
of interesting info - if you were a person interested in selling them
something, anyway. Especially wireless kit.
I think there's far less to this than meets the eye, personally. Just a
predictably asinine salesperson believing that your presence online
provides your consent for bulk email... have you contacted their CEO?
Graeme
I do have to ask though, what's up with third-party systems creating a web
accessible archive of the mailing list? Worse, with them not fudging
email addresses when doing so?
Strikes me as plain-old 'rude' to be honest... Are the standing official
archives insufficient or something?
Strikes me as such as well.
And once I accidentally sent two mails to a list with some information
I would've preferred was not public, and that was a real headache...
There's certainly the "Damn, I remember a Nanog posting about this router
issue" case - but for that, you probably can't reach the 3rd-party archive
either. The proper thing to do is save those postings on your laptop hard
drive - and then back up the hard drive regularly. 
1. (in reply to the original) I haven't received anything from them here
yet, but it may have been rejected at the perimeter. When I get a chance
this evening, I'll check logs and see if I turn up anything.
2. Yes, it's quite rude for third parties to set up (public) archives
of mailing lists without the prior, express consent of the owner(s)
of those lists. I don't see a problem with individual members of
such lists maintaining their own (private) archives -- and I routinely
do so for every list I'm on.
3. But it's utterly pointless to obfuscate addresses in such archives:
spammers have long since set up quite efficient methods of harvesting
any address used on any public mailng list or Usenet newsgroup. [1] The
only people meaningfully impeded by these futile attempts at obfuscation
are legitimate senders.
---Rsk
[1] Someone should explain this to Google in re their Usenet archive:
spammers have NNTP feeds, too.
Graeme Fowler wrote:
My subscription to NANOG aged 3 months ago and I am receiving this spam too.
And this is my first post. I effectively think that someone might have crack
the email database of the Nanog list.
Funny; I'm not in that sort of business and I haven't received that sort
of spam. Funny also that both Reynold and JC have quite significant
online presences (as determined from a quick Google) which reveal lots
of interesting info - if you were a person interested in selling them
something, anyway. Especially wireless kit.
The particular email address ceased being used (by me) over a year ago, but suddenly 4 weeks ago I was "subscribed" to their mailing list. Apparently the common theme is that we all registered for the VON conference at one point. Apparently they think it is OK to take an address that was used to register for VON several years ago and now, suddenly, and without MY PERMISSION "subscribe" me to a marketing spam list on a different topic.
RSK wrote:
3. But it's utterly pointless to obfuscate addresses in such archives:
spammers have long since set up quite efficient methods of harvesting
any address used on any public mailng list or Usenet newsgroup. [1] The
only people meaningfully impeded by these futile attempts at obfuscation
are legitimate senders.
Rich, I know that spammers can get an address by subscribing and scarfing the emails that are used to post to the list. I just don't want to see it be made any easier for them by idiots making their own public web archives (when this list already has a web archive) and then not obfuscating the email addresses. As you and others have also noted, that's just plain rude.
To tie in with another thread, those of you who don't see anything wrong with another network using someone's ASN in a way that triggered alerts to their network admins, and without permission (and causing said admin to miss part of a very important family event while he tracked down the source of the alert he received) probably didn't see anything wrong with the first unsolicited commercial email either. I mean, it's just one email, what's the harm.... you can just hit delete, right? I really can't understand why all of you are saying it's no big deal!
jc
The particular email address ceased being used (by me) over a year ago,
but suddenly 4 weeks ago I was "subscribed" to their mailing list.
Apparently the common theme is that we all registered for the VON
conference at one point.
Aha, list re-purposing. That's something completely different - I cannot
speak for your local or federal laws on spam, but in the UK we could
fairly well go to town on a company doing that (not in law, sadly, but
certainly in terms of professional shame through whichever organisations
they belong to).
I really can't understand why all of you are saying it's no big deal!
Er... we're not. I'm not, certainly, and I haven't read anyone else as
having done so. What we're saying is that there's nothing sinister (as
the original reply to your message thought), that there's a simple
explanation.
As I said originally - if this is a company with any professional pride
whatsoever, contact their CEO. Going from the top down can be
instructive at the very least, if not actually productive.
Graeme
To be clear: I think setting up an unauthorized public archive of a
mailing list, with or without email addresses, is rude. (I _might_
consider rare exceptions, such as very old mailing lists of historical
interest whose owners are no longer around, but that's clearly not
the case here.) List-owners should always be asked for their permission.
But as far as making it easier for spammers: we're talking about the
difference between lifting their pinky finger half a millimeter and
grinding out, with tortuous effort, an entire millimeter. "Professional"
address harvesters don't need and largely don't care about web-based
archives: it's much simpler, easier and faster for them to go directly
to the source and receive (so to speak) real-time feeds of valid addresses,
which, as a bonus, come with "last time known-valid" data as well.
Those feeds come from list subscriptions, NNTP feeds, malware infections,
and other sources.
So any address which:
- is used on any public mailing list
- is used in any Usenet newsgroup
- is used to send mail to anyone who reads it on a Windows box
- is used to send mail to any mail server running on a Windows box
is going to be harvested -- it's only a question of when, and from there,
it's only a question of when spammers will start trying to deliver to it.
(Which probably means "shortly after they buy the latest address collection
from the harvesters". The increasing division of labor and sophistication
of the abuse industry has led to niche roles, i.e., it's cheaper and easier
for spammers to just buy addresses than to do their own harvesting.)
The best working assumption to make is that any email address that's
actually used is going to be a target, and plan defenses accordingly.
Once again, security by obscurity does not work -- which is why there
is zero point in obfuscating addresses in list archives.
---Rsk
Rick,
- is used to send mail to anyone who reads it on a Windows box
- is used to send mail to any mail server running on a Windows box
is going to be harvested -- it's only a question of when, and from there,
it's only a question of when spammers will start trying to deliver to it.
Those are some quite sweeping generalisations there.
What if I read my mail on a Windows box yet my mail service is a Linux
host - does that mean I have a 50% chance of being harvested eventually?
I also have a Macbook that I sometimes use to read my email on, what does
that do to my chances?
I agree that it *is* very rude when someone takes a mailing list and makes
a public archive, but it has already been pointed out that anyone even
remotely interested in obtaining addresses can join the list and get
addressed and last-used data - plus a myriad other ways that addresses can
be obtained.
I have an email address and I have no real control over what a third party
might do to my email address, ergo I am going to get spam eventually.
From looking back at the thread it seems that the spam was the result of a
list being re-purposed for something else. If it was in the UK then there
is legislation that would allow you to have a good go at the company, but
all the technical and legal solutions in the world can't cure a lack of
cluefulness.
B