Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. SpamAssassin>
  3. users
Here's an interesting one... (social engineering attempt)
mtrent at localaccess
Feb 25, 2004, 10:36 AM
Post #1 of 3 (585 views)
Permalink
I got this one this morning. Unless I'm overly-paranoid, it looks they're
trying to improve on their "dictionary attack" efficiency:

---------- Forwarded Message ----------

Subject: Email Account Validation
Date: Wednesday 25 February 2004 07:54 am
From: "Geoffrey Gordon" <ggordon@globaltecsolutions.com>
To: POSTMASTER@RAINIERCONNECT.COM

I am Geoffrey Gordon with GlobalTec Solutions, LLP.
(http://www.globaltecsolutions.com). I am revising all of our email
validation scripts and wanted to know if there is a set format that all of
your domain email accounts must follow when being created?

For instance:
minimum Length = 3
maximum Length = 15
cannot contain punctuation of any kind
etc...

We are trying to cut back on the invalid email addresses our clients and
potential clients are entering in when listening to our conference calls.
Everything from joe@joe.com and joe@blow.me.com is being entered.

This will in turn reduce the number of bounces when our newsletters and
mailings are emailed and reduce the number of invalid email addresses stored
in our database. If you do have a set format that all of your domain
accounts must follow, please reply to me with them so I can update our email
validation scripts.

Respectfully,

Geoffrey Gordon | GlobalTec Solutions | Development | 888-304-8881 x257 |
214-675-7361 | ggordon@globaltecsolutions.com

CONFIDENTIALITY NOTE: The information contained in this e-mail message is
confidential information intended only for the individual or entity named
above. If the reader of this message is not the intended recipient, you are
hereby notified that any dissemination, distribution or copy of this
communication is strictly prohibited.

----------------- cut --------------------------

Nice try. I'll feed him crap so all his address-guessing attempts are invalid.
Here's my reply:

------ begin
Mr. Gordon:

I appreciate your attempt to validate addresses. Anything to reduce unneeded
traffic to our servers is welcome.

Our email addresses can be anywhere between 1 and 64 characters in length and
are required to contain at least one form of punctuation and one number (to
make them harder to guess, to reduce spam). We control four other domains,
xxxx.com, xxxxx.net, xxxxxx.com, and xxxx.com. Those
domains also fall under the same address-naming restrictions.

Thanks!
------ end

And his immediate (a little too fast...) reply back:

---- begin
Thanks for your reply Matt. I'll add your specs into our script. If you
ever have any questions regarding emails from globaltecsolutions, let me
know.

Respectfully,

Geoffrey Gordon
---- end
--
Matt
Systems Administrator
Local Access Communications
360.330.5535
RE: Here's an interesting one... (social engineering attempt) [ In reply to ]
JunkEmail at rapidigm
Feb 25, 2004, 10:53 AM
Post #2 of 3 (549 views)
Permalink
Me, too! Sent to the postmaster account. Kind of confused me with the
joe@blow.me.com stuff, that's my standard fake address. (Sorry to the
domain squatters at me.com)


Mike


> -----Original Message-----
> From: Matthew Trent [mailto:mtrent@localaccess.com]
> Sent: Wednesday, February 25, 2004 12:36 PM
> To: spamassassin-users@incubator.apache.org
> Subject: Here's an interesting one... (social engineering attempt)
>
>
> I got this one this morning. Unless I'm overly-paranoid, it
> looks they're
> trying to improve on their "dictionary attack" efficiency:
>
> ---------- Forwarded Message ----------
>
> Subject: Email Account Validation
> Date: Wednesday 25 February 2004 07:54 am
> From: "Geoffrey Gordon" <ggordon@globaltecsolutions.com>
> To: POSTMASTER@RAINIERCONNECT.COM
>
> I am Geoffrey Gordon with GlobalTec Solutions, LLP.
> (http://www.globaltecsolutions.com). I am revising all of our email
> validation scripts and wanted to know if there is a set
> format that all of
> your domain email accounts must follow when being created?
>
> For instance:
> minimum Length = 3
> maximum Length = 15
> cannot contain punctuation of any kind
> etc...
>
> We are trying to cut back on the invalid email addresses our
> clients and
> potential clients are entering in when listening to our
> conference calls.
> Everything from joe@joe.com and joe@blow.me.com is being entered.
>
> This will in turn reduce the number of bounces when our
> newsletters and
> mailings are emailed and reduce the number of invalid email
> addresses stored
> in our database. If you do have a set format that all of your domain
> accounts must follow, please reply to me with them so I can
> update our email
> validation scripts.
>
> Respectfully,
>
> Geoffrey Gordon | GlobalTec Solutions | Development |
> 888-304-8881 x257 |
> 214-675-7361 | ggordon@globaltecsolutions.com
>
> CONFIDENTIALITY NOTE: The information contained in this
> e-mail message is
> confidential information intended only for the individual or
> entity named
> above. If the reader of this message is not the intended
> recipient, you are
> hereby notified that any dissemination, distribution or copy of this
> communication is strictly prohibited.
>
> - ----------------- cut --------------------------
>
> Nice try. I'll feed him crap so all his address-guessing
> attempts are invalid.
> Here's my reply:
>
> - ------ begin
> Mr. Gordon:
>
> I appreciate your attempt to validate addresses. Anything to
> reduce unneeded
> traffic to our servers is welcome.
>
> Our email addresses can be anywhere between 1 and 64
> characters in length and
> are required to contain at least one form of punctuation and
> one number (to
> make them harder to guess, to reduce spam). We control four
> other domains,
> xxxx.com, xxxxx.net, xxxxxx.com, and xxxx.com. Those
> domains also fall under the same address-naming restrictions.
>
> Thanks!
> - ------ end
>
> And his immediate (a little too fast...) reply back:
>
> - ---- begin
> Thanks for your reply Matt. I'll add your specs into our
> script. If you
> ever have any questions regarding emails from
> globaltecsolutions, let me
> know.
>
> Respectfully,
>
> Geoffrey Gordon
> - ---- end
> - --
> Matt
> Systems Administrator
> Local Access Communications
> 360.330.5535
>
Re: Here's an interesting one... (social engineering attempt) [ In reply to ]
mtrent at localaccess
Feb 25, 2004, 11:14 AM
Post #3 of 3 (557 views)
Permalink
On Wednesday 25 February 2004 09:53 am, Mike Kuentz (2) wrote:
> Me, too! Sent to the postmaster account. Kind of confused me with the
> joe@blow.me.com stuff, that's my standard fake address. (Sorry to the
> domain squatters at me.com)
>
>
> Mike

I got it to postmater@ two different domains today.

Send 'em false info like I did and we'll pollute their DB...
--
Matt
Systems Administrator
Local Access Communications
360.330.5535

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal