[svlug] Probable spamhaus domain: apotmail.com
bill at wards.net
Wed Jun 1 14:34:30 PDT 2011
Another big use of accounts like this is to slurp up content for putting ads
next to on the web. There are a lot of "companies" which farm mailing lists
these days - just google any Linux question and instead of finding the
svlug.org archives you'll probably find dozens of sites all with the same
content, maybe even from svlug, pulled off of mailing lists and formatted to
look like web-based bulletin board threads.
On Wed, Jun 1, 2011 at 2:27 PM, Rick Moen <rick at linuxmafia.com> wrote:
> For the benefit of people who watch such things: It seems that domain
> 'apotmail.com' is the latest to be deployed for never-post-anything
> subscriptions to mailing lists for probably nefarious purposes,
> _probably_ either harvesting of addresses, keeping vetted subscriptions
> available for a future mass-spamming, or both.
> I am about to pre-emptively block Mailman regex ^.*@apotmail\.com from
> subscription to any mailing list I administer or host, joining these
> existing blocks:
> Why have I arrived at that opinion? Patterns. You notice requests
> arrive to permit new subscriptions to closed mailing lists where, for
> reasons made obvious on their public Web pages, there is no earthly
> reason for general members of the public to want to subscribe. And,
> say, several such requests arrive within a week or so, and you notice
> that they're all from allegedly different users at zeusmail.org .
> You write back to the allegedly aspiring subscribers, asking them why
> they want to subscribe, say, to a mailing list that exists only for
> archival purposes, is publicly archived, and is not postable. You never
> get any reply.
> You do a Web-search on zeusmail.org, and you find postings from other
> mailing list administrators around the world, saying they've had
> puzzling patterns of subscription from users at zeusmail.org, who never
> say anything but want to be on mailing lists even where there's no
> reason for them to want to join them.
> What exactly is going on? I'm not absolutely sure, but I'm pretty
> positive it's nothing good. Smells very much like some sort of
> intelligence-gathering by professional spamhaus groups, and it's
> extremely likely that all the requests are script-driven with no human
> reading any return mail.
> Mailing list admins: If you block the above-cited domains, don't forget
> to check your existing rosters for entries. I'll bet many of you will
> find you already have 'zeusmail.org' users (for example) whom nobody
> knows, who never post, and who never respond if you write them.
> And yes, I'm aware that blocking individual domains that I notice
> behaving in a suspiciously spammish manner doesn't scale.
>  This exact pattern is now confirmed for apotmail.com .
> ----- Forwarded message from mailman-owner-bounces at lists.svlug.org -----
> Date: Wed, 01 Jun 2011 14:00:59 -0700
> From: mailman-owner-bounces at lists.svlug.org
> To: smaug-owner at lists.svlug.org
> Subject: Smaug subscription notification
> Clifford.Ude at apotmail.com has been successfully subscribed to Smaug.
> ----- End forwarded message -----
> svlug mailing list
> svlug at lists.svlug.org
Check out my LEGO blog at http://www.brickpile.com/
View my photos at http://flickr.com/photos/billward/
Follow me at http://twitter.com/williamward
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the svlug