Strange Messages from Amazon.com
brian at collab.net
Fri Jan 19 16:16:57 UTC 2007
On Fri, 19 Jan 2007, David RR Webber (XML) wrote:
> What is happening is that some spammer sends an email with a return
> address here - and it ends up hitting one of Amazons servers - so that
> server bounces it.
It's even slightly more nefarious than that. Most well-run public mailing
lists these days are configured to only allow posts from subscribers, an
effective tool to keep spammers from being able to send their spams to
mailing lists without requiring a moderator to sit there and manually
approve every valid message. So what does a smart spammer do? They see
if they can subscribe an address to the list, by forging a subscription
request to list-subscribe at host.org from an address they know will
auto-reply to the subscription confirmation. That's how
"service at amazon.com" is added as a subscriber to the list. The next step
is to send a spam to the list, from "service at amazon.com", asking you to
log in "to check your account", providing a phishing URL to steal your
credentials and, I guess, do nefarious things like get your CC or checking
account numbers you might have stored in your actual Amazon account.
I've seen this on a number of other mailing lists, and with a number of
other providers (ebay and paypal in particular). The reason anyone who
posts here sees a bounce from Amazon directly is because of that list
subscription - their auto-reply is replying to the From: address, not the
SMTP envelope like it should be.
We can probably fix this by forging an unsubscription request - which I
have just done. Meanwhile I thought y'all would be interested in the
latest 31337 spammer hack.
More information about the License-discuss