At 20:14 8/30/99 , John A. Lind wrote:
[snip]
>"More at 11:00" about the *exact* source of this junk.
[snip]
It is sometimes considered poor form to quote oneself, but think it's
appropriate in this case.
1. There are two completely different domains involved in this garbage
scow of spam. The first is lbmail12.listbot.com, the *exact* IP spewing
forth the spam advertising cameradirect.com and the second is
cameradirect.com itself.
2. There are two scenarios I can think of on how this is working:
a. Cameradirect hired "listbot" to do their dirty work in the piracy of
email addresses and proceed to spew forth upon them.
b. Cameradirect did their own dirty work in piracy of email addresses and
is using the services of "listbot" (for a fee) to spew forth the spam.
Either way, it looks as if they are now "remailing" the auction advertising
through "listbot" from their own domain much as the Majordomo for this list
works.
3. It looks as if they are also using a "mail drop" at "hotmail.com" for
return mail and perhaps some bounces also, not an uncommon tactic . . .
however the mail from cameradirect is *not* being sent from there. The
source of the outbound mail is from a listbot.com SMTP (Simple Mail
Transfer Protocol) server!
4. Either way I've tracked down the ISP's and upstream providers for them.
In one case the upstream providers (two of them in-line) are rather
respected names. In the other case I do not know how they will respond.
More later as this unfolds. As there are two separate domains involved and
there was some trouble trying to query for information (from some global
network resources) for a while, this will take a little more time, but I
think I'm just about there.
In the mean time, at least some of you should be able to use the "BSM" to
fake some bounced mail back at them. I've already done this to the "return
path" email address. Even if you use BSM send it back to the "hotmail"
drop, most spammers use the bounces coming back in these drops to purge
their list.
-- John
a.k.a. Captain Blood (of the Steaming Packets)
Four Spammers cast adrift without food or water
One ISP keelhauled
< This message was delivered via the Olympus Mailing List >
< For questions, mailto:owner-olympus@xxxxxxxxxxxxxxx >
< Web Page: http://Zuiko.sls.bc.ca/swright/olympuslist.html >
|