[linux-elitists] ELNK Spam/Joe-Job confirmation request: [automated-response@earthlink.net: Re: trombone]

Karsten M. Self kmself@ix.netcom.com
Mon Oct 13 17:20:25 PDT 2003

on Mon, Oct 13, 2003 at 04:23:38PM -0500, Andrew Moore (amoore@mooresystems.com) wrote:
> On Sat, Oct 11, 2003 at 02:10:00AM +0100, Karsten M. Self wrote:
> > I've received the following confirmation request from Earthlink's spam
> > blocker challenge-response system.  It appears to be directed to me
> > based on a spoofed 'From:' sender on an item of spam.
> <snip> 
> > ----- Forwarded message from automated-response@earthlink.net -----
> <snip some more> 
> > Click the link below to request that christgo@earthlink.net add you to this list.
> > https://webmail.pas.earthlink.net/wam/addme?a=christgo@earthlink.net&id=1a7DZz7li3NZFl40
> I wonder how long that link is active. 

Probably a week or so, if it follows most C-R system specs.

> It's now archived on at least one web page, meaning it will invariably
> be followed by a client of some kind. It won't be long until we can
> all spam christgo@earthlink.net with mails "from" Karsten.
> Does this represent yet another failure of challenge-response systems?
> Is it a large enough one that it will be exploited by spammers? Will
> we all start receiving spams "from" archived mailing lists?

I'm amused.  Hadn't even considered this possibility.


Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.netcom.com/
 What Part of "Gestalt" don't you understand?
    Don't rush me sonny. You rush a miracle man, you get rotten miracles.
    You got money?
    - Princess Bride
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20031014/eea3c3e0/attachment.pgp 

More information about the linux-elitists mailing list