[CentOS] SPAM on the List

Mon Jul 18 06:45:57 UTC 2011
夜神 岩男 <supergiantpotato at yahoo.co.jp>

On Mon, 2011-07-18 at 04:04 +0100, Always Learning wrote:
> On Sun, 2011-07-17 at 22:37 -0400, Stephen Harris wrote:
> 
> > On Sun, Jul 17, 2011 at 09:07:38PM -0500, Les Mikesell wrote:
> > > There is no requirement for the greeting name to match any IP, and isn't likely 
> 
> > RFC2821 says:
> >    -  The domain name given in the EHLO command MUST BE either a primary
> >       host name (a domain name that resolves to an A RR) or, if the host
> >       has no name, an address literal as described in section 4.1.1.1.
> > 
> > So, pretty much, HELO or EHLO greeting _must_ match to an IP.
> > 
> > (RFC821 actually wanted the HELO to match the connecting host, but
> > 2821 just says it must be an A record or an address literal).

> It seems spammers have successfully hacked Rupert Murdock's London Times
> newspaper and copied hundreds of thousands of email addresses or has a
> member of staff sold the email addresses to spammers to make some money?

Though it is certainly possible that a breach of some sort is
responsible for your spam, sniffing for email headers on high activity
parts of a network would be sufficient to collect a large number of
active email addresses to try (sniffing at Tor gateways could provide
interesting results, come to think of it). Another big winner for
mailbox collection is to not crack the information provider's site, but
to instead crack the email service provider and obtain a list of all
active accounts on that server (which would likely span multiple
domains).

Getting a hold of email accounts can happen any number of ways, most of
them uncontrollable by the account holder. Its a mailbox -- an open
destination for the world to send you stuff. You can't be too surprised
when the world does in fact send you stuff.

Traditional solutions include hiring a secretary to screen your mail
(today this would be setting up SpamAssassin) or ignoring all but
personal messages on verified stationary (today this would be digitally
signed mail) and instead going out to retreive your information at need
instead of having it sent to you at availability.

The diffrence between deposit/fetch and send/receive is profound. This
is part of why I'm surprised that newsreaders and forums have fallen
from favor amongst technical discussion groups. The "Logging into forums
is a PITA" or "setting up another client is a PITA" arguments obviously
won the debate -- though I think spam is a lot deeper into PITA
territory than either at the present time.

-Iwao