lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed Jun  7 17:57:08 2006
From: snort at babtras.com (Cory)
Subject: Strange Emails -- What are they?

My best guess is that they are trying to poison bayesian spam filters 
with these. I don't know if it is actually working, but I can't imagine 
how else these would serve any purpose.

Simon Smith wrote:

>Hi List,
>    I've had roughly one dozen people forward emails to me from
>different companies asking me to figure out what these emails are. The
>emails appear to be emails from the from the recipient. For example,
>John Doe appears to be sending an email to himself, but he's not. In
>reality when checking the mail server logs I find that the mails
>originate from the Internet.  Other emails like the one below contain a
>different sender than the recipient but the contents of the emails are
>the same and they are still from the same domain.
>
>
>-------------------- BEGIN EMAIL ----------------------
>
>Received: from 83.145.66.70 ([172.18.12.134])
> by vms043.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built
>Sep
> 9 2005)) with ESMTP id <0J0E00AVSNH9ETG0@...043.mailsrvcs.net> for
> xxxxxxx@...izon.net; Mon, 05 Jun 2006 15:55:58 -0500 (CDT)
>Received: from raptor.net (83.145.66.70)
> by sv12pub.verizon.net (MailPass SMTP server v1.2.0 - 112105154401JY+PrW)
> with  SMTP id <5-25035-180-25035-2228-2-1149540957> for
>vms043pub.verizon.net;
> Mon, 05 Jun 2006 15:55:58 -0500
>Date: Mon, 05 Jun 2006 22:52:40 +0100
>From: "Gil.novak" <xxxxxx@...izon.net>
>Subject: 586876
>X-Originating-IP: [83.145.66.70]
>To: "xxx.xxxx" <xxxxxx@...izon.net>
>Message-id: <ayoznyepbslfqdlqblr@...izon.net>
>MIME-version: 1.0
>Content-type: text/html; charset=us-ascii
>Content-transfer-encoding: 7bit
>
>
>
>-----Original Message-----
>From: xxx.xxxx [mailto:xxx.xxxx@...izon.net]
>Sent: Monday, June 05, 2006 5:53 PM
>To: xxx.xxxx
>Subject: 586876
>
>
>969
>
>
>
>-------------------- END EMAIL ---------------------
>
>Is this just another instance of spammers fishing for legit addresses?
>If so, then why the hell are they sending email from invalid addresses?
>I can dig into this a lot further if I need to, but I wanted to see if
>anyone else had any ideas about it first.  Thanks in advance!!!
>
>
>-Simon
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>  
>



Powered by blists - more mailing lists