Search
Spammers and deeply dubious marketeers use unsubscribe requests to confirm valid addresses. This practice has been going on for years but thanks to one spammer the situation is getting a lot worse.
Our junk mailer in question today is publishing every unsubscribe request on their website in a plain text log to the web. Isn’t that so nice of them?
Here is an obscured sample of the log format:
Tue May 8 14:11:48 UTC 2007, Wendyjo@pop.rr.tld
Tue May 8 14:12:27 UTC 2007, joyD678@cox.tld
Tue May 8 14:22:50 UTC 2007, roz@zzz-inc.tld
Tue May 8 14:23:24 UTC 2007, chris_99@msn.tld
NB: These addresses have been edited.
I’m pretty sure this isn’t a spammer being evil but a simple configuration error on their ‘rent-a-server’. Surprisingly few people are actually filling out the unsubscribe forms each day, though the logs go back quite some time and the larger ones contain tens of thousands of addresses (and just a few spam traps too ). This is no isolated incident, I’ve found the same issues with hundreds of sites advertising a range of services from Mortgages, Florida holidays, slot machine tips and even cholesterol testing, on servers across the USA and Canada.
I suspect that these 100’s of domains and server IP’s are expendable proxy hosts for the command and control server since there is more data than is conceivably useful on them. The servers also contain click tracking logs going back a few months for instance. With these bulkers they can build up an interests profile for everyone they mail (Just like your popular online bookshop do). If you wanted a voucher from a DIY chain, A plasma TV or an Apple iPhone they know and I’d bet you get similar offers again in the future!
My advice is simple: Never unsubscribe from email you did not specifically request.
If unsubscribing is getting worse, I wonder how we got spamme@mcafee.com onto their 1.7 million address blacklist ?
(Read Original Article - Via McAfee Avert Labs.)
Delicious
Digg
Reddit
Google
Yahoo
Technorati