RE: [Asrg] Some data on the validity of MAIL FROM addresses

[Barry Shein <bzs@world.std.com>]

 > > As I noted in my mail.  This appears to be happening now--although I
 > > had not seen symptoms of it before.  Is anyone else starting to see
 > > low-level occasional bounce back from spam?
 > >
 > > Prior to that, all of the bounce-back instances I had heard of or
 > > experienced (and I used to get one or two a week) were major--where
 > > the entire spam load got sent out with the same return address.

Could this be that spammer tactic where they pair names and forge the
From: to appear to be coming from someone they think you might have
whitelisted?

For those wondering what I'm talking about, consider an RFC with two
(or more) authors' and their e-mail addresses in the text. The spammer
culls this info and sends spam to each author forging the other author
as the From:. So their target lists start to become pairs of addresses
to use as the From/To (one assumes they're usually symmetrical) rather
than just single address. Another example might be forging the From:
to be asrg@ietf.com and sending that to addresses culled from this
list.

This has definitely been going on, although not a lot. In my
experience the victim knew immediately just where the other half of
the pair came from (e.g., a co-author or similar.)

So perhaps the above was just a bad pairing, the other half no longer
is at that address etc.?

Anyhow, even not, informational for someone here no doubt.

-- 
        -Barry Shein

Software Tool & Die    | bzs@TheWorld.com           | http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202        | Login: 617-739-WRLD
The World              | Public Access Internet     | Since 1989     *oo*
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg