lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed Jun 7 17:57:08 2006 From: snort at babtras.com (Cory) Subject: Strange Emails -- What are they? My best guess is that they are trying to poison bayesian spam filters with these. I don't know if it is actually working, but I can't imagine how else these would serve any purpose. Simon Smith wrote: >Hi List, > I've had roughly one dozen people forward emails to me from >different companies asking me to figure out what these emails are. The >emails appear to be emails from the from the recipient. For example, >John Doe appears to be sending an email to himself, but he's not. In >reality when checking the mail server logs I find that the mails >originate from the Internet. Other emails like the one below contain a >different sender than the recipient but the contents of the emails are >the same and they are still from the same domain. > > >-------------------- BEGIN EMAIL ---------------------- > >Received: from 83.145.66.70 ([172.18.12.134]) > by vms043.mailsrvcs.net (Sun Java System Messaging Server 6.2-4.02 (built >Sep > 9 2005)) with ESMTP id <0J0E00AVSNH9ETG0@...043.mailsrvcs.net> for > xxxxxxx@...izon.net; Mon, 05 Jun 2006 15:55:58 -0500 (CDT) >Received: from raptor.net (83.145.66.70) > by sv12pub.verizon.net (MailPass SMTP server v1.2.0 - 112105154401JY+PrW) > with SMTP id <5-25035-180-25035-2228-2-1149540957> for >vms043pub.verizon.net; > Mon, 05 Jun 2006 15:55:58 -0500 >Date: Mon, 05 Jun 2006 22:52:40 +0100 >From: "Gil.novak" <xxxxxx@...izon.net> >Subject: 586876 >X-Originating-IP: [83.145.66.70] >To: "xxx.xxxx" <xxxxxx@...izon.net> >Message-id: <ayoznyepbslfqdlqblr@...izon.net> >MIME-version: 1.0 >Content-type: text/html; charset=us-ascii >Content-transfer-encoding: 7bit > > > >-----Original Message----- >From: xxx.xxxx [mailto:xxx.xxxx@...izon.net] >Sent: Monday, June 05, 2006 5:53 PM >To: xxx.xxxx >Subject: 586876 > > >969 > > > >-------------------- END EMAIL --------------------- > >Is this just another instance of spammers fishing for legit addresses? >If so, then why the hell are they sending email from invalid addresses? >I can dig into this a lot further if I need to, but I wanted to see if >anyone else had any ideas about it first. Thanks in advance!!! > > >-Simon > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ > > > > >
Powered by blists - more mailing lists