Mailing List SIMS@mail.stalker.com Message #10889
From: Darrin Cardani <dcardani@buena.com>
Subject: Re: Harvesting
Date: Wed, 22 May 2002 09:38:11 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 5:05 AM -0700 5/22/02, Tod Fitch wrote:
I have seen an increase in address harvesting in the last month or two.

And I believe I have seen a change in the type of harvesting: My impression is that fewer accounts are being included in each try, tries are spread over a longer time and that they are using often relays and/or alternative IP addresses. They could all be separate attacks, but the names being tested seem to follow a pattern that subjectively indicate that only a few attacks are happening. I got the impression that a new type of harvesting that attempts to keep below the automatic detectors is starting to happen.

I brought this up on the list a couple of months ago, and nobody seemed to think it was harvesting. I think it is. It appears to be a distributed harvest attempt. Once an hour, some random open relay tries to send an email or 2 to <name>@mydomain.com, and the names are always in alphabetical order.

If you think about it, using an open relay to send a thousand messages to a thousand different hosts makes it harder for each host to track you down. You can send out as many emails and get as many responses (bounces or not, or even morons wanting your product or service) as the usual way, but it's less noticeable to anyone other than the operator of the relay, who's probably clueless, anyway.

Darrin
--
Darrin Cardani - dcardani@buena.com
President, Buena Software, Inc.
<http://www.buena.com/>
Video, Image and Audio Processing Development
Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster