The Spam Experiment

Monday, January 03, 2005

Usenet spam has started!

The spam from usenet postings has started!

I officially started posting to newsgroups on 23rd December 2004. On the 31st I received my first spam from these newsgroup postings. However if we look in closer detail we see that I was spammed to the address:

mlm@

I used this domain to post to some mlm and home business related newsgroups only two days earlier! I posted on the 29th to several different newsgroups in alt. biz. and fidonet. This spam clearly came from someone harvesting one or more of those newsgroups. In fact I received the same spam to three different emails that are used in newsgroup posting.

Of course... silly me... I sort of screwed up my experiment! I'm testing a certain anti-spam appliance that runs $30,000-$50,000. I changed the ip address to put the machine on my DMZ. I want it to be a real test that someone in a corporate enviornment might actually experience. Guess what? When I changed the ip address I forgot to change the gateway. So the appliance wasn't able to receive email all weekend. Because it was the holiday I wasn't checking it :( Oh well.

I'm now back up and running. I also have setup a backup MX record to go through a seperate gateway and into another high end email appliance that we're currently beta testing.

Hopefully over the next couple of days I should be able to start getting you guys some real solid information.

- Ben Fitts
ben@benfitts.com <- i'll keep posting this email because I know it will be harvested and because it is a REAL live email address for me. It helps me watch false positives and negatives.

119 Comments:

Post a Comment

<< Home