[SURBL-Discuss] Fwd: Please pass on to SURBL lists...

Jeff Chan jeffc at surbl.org
Fri Mar 24 05:23:52 CET 2006


This is a forwarded message
From: Catherine Hampton <ariel at spambouncer.org>
To: Jeff Chan <jeffc at surbl.org>
Date: Thursday, March 23, 2006, 12:37:24 PM
Subject: Please pass on to SURBL lists...

===8<==============Original message text===============
I don't think I'm subscribed to the lists that should see
this soonest.  Thanks!

=-=-=-=-=-=-=-=-=-=

Today I've seen a massive spam run on some of my domains, 
older domains that have a lot of spamtraps. The spams are
all sent via open proxies/forged headers/etc., have subject
lines of something along the lines of "for investors", 
"best way to invest", "do you want to invest", etc.

The message bodies are pure text, two lines long, and consist
of URLs at legitimate domain registrars and other companies 
not involved in the spam.  Here are a few sample message bodies:

=-=-=-=-=-=-=-=-=-=

We offer best way for investment.
http://godaddy.com/investdot.com

We offer best way for investment.
http://enom.com/talkgold.com

We offer best way for investment.
http://1BLU.DE/SX-INVEST.COM

Do you want to invest your money ? Ask me how
http://www.moneymakergroup.com/
[Is this one legit?  I don't know.  But it's part of the same
pattern.]

Don't lose your chance to make really good investor carier!
http://www.mailer.vascoinvestment.com
[Not sure about this one either.]

400% profit per month is TRUE! Visit our site.
http://everydns.net/privateopps.com

Don't lose your chance to make really good investor carier!
http://namecheap.com/talkgold.com

=-=-=-=-=-=-=-=-=-=

I noticed that vascoinvestment.com is already listed in URIBL,
and moneymakergroup.com is in SURBL (William Stearns).  Just
in case people hadn't noticed, I wanted to point out that we
need to be careful about listing domains from these emails.

It's perfectly possible, of course, that some of them are spammy
and the others are being used as camoflauge, to slow down the
SURBL and URIBL volunteers, and to cause FPs and make those 
blocklists less effective.  It's also possible that *all* of them
are legitimate/innocent.  In either case, I think blocklists, and
particularly SURBL and URIBL, are the targets of this attack.

So please be careful and don't let the idiots win!


-- 
Catherine Hampton <ariel at spambouncer.org>
The SpamBouncer         *     <http://www.spambouncer.org/>
Personal Home Page      *         <http://www.devsite.org/>

===8<===========End of original message text===========

-- 
Jeff Chan
mailto:jeffc at surbl.org
http://www.surbl.org/



More information about the Discuss mailing list