Everything leaks eventually

We have a role address we use to receive support requests from users of our Abacus ticketing system – they’re typically abuse or security desk administrators at ISPs or ESPs, inside corporate firewalls and protected by multiple layers of security and malware protection.
We’ve been using it since around 1997, so we’ve had a good, spam-free run, but in the past few days it’s started receiving botnet originated malware.
If you give an email address to other people, eventually it’ll leak and start receiving spam and malware.

Related Posts

The little things

It really amuses me when I get blatant spam coming from a network belonging to one of our Abacus customers. I know that the complaint will be handled appropriately.
It’s even better when the spam advertises the filter busting abilities of the spammer. I get a warm, fuzzy feeling to know that the spammer is going to be looking for a new host in the immediate future.

Read More

Fast and loose

Politicians often play fast and loose with permission and data. This can cause them all sorts of problems with email delivery at major ISPs. I really expect that politicians buy, sell, transfer, spindle, mutilate and fold data. If they can use it to further their goals, they will. And, many of the consumer protection and privacy laws don’t apply to political groups.
The news that Representative Bachman may have known that some of her mailing list was taken and used by others is a surprise even to me. I talked with a few ESP reps, though, and they told me that this was mostly par for the course and that they often have a lot of delivery and compliance issues with their political clients. Many have had to suspend or terminate political clients, and a couple people mentioned SBL listings.
This isn’t a problem with just one side of the political spectrum, it seems endemic in how the game is played.
 
 

Read More

Don't spam filter your role accounts

A variety of “amazon.com order confirmations” showed up in my inbox this morning. They were quite well done, looking pretty close to real Amazon branding, so quite a few people will click on them. And they funnel people who do click to websites that contain hostile flash apps that’ll compromise their machines (and steal their private data, login and banking credentials then add them to botnets to attack other sites and so on).
Not good. Just the sort of urgent, high-risk issue that ISP abuse desks really want to hear about. I sent email about it to the ISPs involved, including a copy of the original email. One of them went to iWeb, a big (tens of thousands of servers) hosting company.
This was the response:

Read More