This is a forwarded message From: Catherine Hampton ariel@spambouncer.org To: Jeff Chan jeffc@surbl.org Date: Thursday, March 23, 2006, 12:37:24 PM Subject: Please pass on to SURBL lists...
===8<==============Original message text=============== I don't think I'm subscribed to the lists that should see this soonest. Thanks!
=-=-=-=-=-=-=-=-=-=
Today I've seen a massive spam run on some of my domains, older domains that have a lot of spamtraps. The spams are all sent via open proxies/forged headers/etc., have subject lines of something along the lines of "for investors", "best way to invest", "do you want to invest", etc.
The message bodies are pure text, two lines long, and consist of URLs at legitimate domain registrars and other companies not involved in the spam. Here are a few sample message bodies:
=-=-=-=-=-=-=-=-=-=
We offer best way for investment. http://godaddy.com/investdot.com
We offer best way for investment. http://enom.com/talkgold.com
We offer best way for investment. http://1BLU.DE/SX-INVEST.COM
Do you want to invest your money ? Ask me how http://www.moneymakergroup.com/ [Is this one legit? I don't know. But it's part of the same pattern.]
Don't lose your chance to make really good investor carier! http://www.mailer.vascoinvestment.com [Not sure about this one either.]
400% profit per month is TRUE! Visit our site. http://everydns.net/privateopps.com
Don't lose your chance to make really good investor carier! http://namecheap.com/talkgold.com
=-=-=-=-=-=-=-=-=-=
I noticed that vascoinvestment.com is already listed in URIBL, and moneymakergroup.com is in SURBL (William Stearns). Just in case people hadn't noticed, I wanted to point out that we need to be careful about listing domains from these emails.
It's perfectly possible, of course, that some of them are spammy and the others are being used as camoflauge, to slow down the SURBL and URIBL volunteers, and to cause FPs and make those blocklists less effective. It's also possible that *all* of them are legitimate/innocent. In either case, I think blocklists, and particularly SURBL and URIBL, are the targets of this attack.
So please be careful and don't let the idiots win!