[59609] in North American Network Operators' Group
Re: spam analysis
daemon@ATHENA.MIT.EDU (Jack Bates)
Fri Jul 11 12:01:18 2003
Date: Fri, 11 Jul 2003 09:28:13 -0500
From: Jack Bates <jbates@brightok.net>
To: Tomas Daniska <tomas@tronet.com>
Cc: nanog@merit.edu
In-Reply-To: <A44DA7EDD8262343B02C64AF7E063A07A5571A@kenya.ba.tronet.sk>
Errors-To: owner-nanog-outgoing@merit.edu
Tomas Daniska wrote:
> or cisco-nsp? from my own experience, the number of spams i receive
> daily increased about tenfold since i have subscribed.
>
The most reliable method for detecting list scraping is using tagged
addresses. Of course, some spammers are smart enough to remove plussing,
although some systems are designed to require the plussing to get around
this.
In general, the total spam sent is on the rise. Dictionary attacks are
on the rise (and no offense, but your username would probably be in
every dictionary attack list, as mine is in a lot of them).
There are reports done up and usually published showing the most used
methods of spam addressing methods (scraping lists,Usenet,web,whois;
dictionary; greeting cards; trusted companies selling the address; etc).
I recommend you check google or ask around on Spam-L where many admins
can do a quick database search and pull the counts for different types
of tagged addresses.
-jack
