Date: Mon, 16 May 2005 14:36:22 -0400
To: WSFA members <WSFAlist at wsfa.org>
From: "Mike B." <omni at omniphile.com>
Subject: [WSFA] Re: Problems with Capclave email address
Reply-To: WSFA members <WSFAlist at WSFA.org>

At 02:06 PM 5/16/05 -0400, Elspeth Kovar wrote:

>I've been getting messages addressed to capclave6 at wsfa.org, all of which
>are of the 'mail undeliverable' sort.  I believe that this means that
>someone is using the address to send spam, yes?

Probably.  Some SPAMmers like to use real addresses as the return address
(never their own of course) so that if the receiving system checks, it will
find that the "sending" domain exists and let the mail through the first
anti-SPAM barrier at least.  If the recipient mailbox doesn't exist (which
is the case most of the time since SPAMmers use every name they can think
of at every domain they can find) you get a bounce, and it goes back to
where the message appeared to originate, whether it really came from there
or not.

Depending on what the default, or even available, return address on a
system might be, this pattern can also indicate an infected machine.
Another SPAMmer trick is to use a virus or other hostile bit of software to
take over a machine unobtrusively, and use it to send or relay SPAM.  This
gets them around the IP-based "black hole lists", which are another
anti-SPAM technique.  It is possible that some system has been infected,
and SPAM mail is going out from it with this return address since that's
the default, or at least one of the listed, return addresses found on that
machine.  The machine in question doesn't have to be yours, or even one of
the Capclave committee people...it could be anyone who has a mail message
in some folder with that address in it.  Some of the SPAM infections will
look through mail to find addresses to send to, and to pretend to be from.
They are getting smarter all the time...though apparently not smart enough
to quit SPAMming...

Not running common mail software, like Outlook, helps limit this sort of
thing, as most of the SPAM infections assume Outlook.  It works often
enough for them, since it is a very common mailer, so they don't need to
understand others...yet.

-- Mike B.
--
Following the rules will not get the job done. Getting the job done is no
excuse for not following the rules.