Spammer's sure are fast!

[photog]

Two days ago I set-up a alias for organization I belong to. I have never even sent any mail using it yet. Today I checked my Gmail spam folder and there was a message with that e-mail address in it. How in the heck did someone get that addy? The mail was from "Mail Delivery System to my unused e-mail address".

[Bamb0]

Spammers are a very big problem im afraid

The best we can do is try to stay ahead of them!!

I am sorry you experieced this so soon after opening your account..

[photog]

Yeah, this is the first time in six years with FM that this has happened.

Quote:

Originally Posted by Bamb0

Spammers are a very big problem im afraid

The best we can do is try to stay ahead of them!!

I am sorry you experieced this so soon after opening your account..

[placebo]

It could just be the result of a dictionary attack. The spammers didn't have your address; they just tried it at random. Or could it be your alias is an address someone had used earlier?

[photog]

The alias I set-up was a Latin word. I belong to a Roman Reconstructionist
organization called Nova Roma. So, my alias was to be used with them.

Quote:

Originally Posted by placebo

It could just be the result of a dictionary attack. The spammers didn't have your address; they just tried it at random. Or could it be your alias is an address someone had used earlier?

[lane]

Also, if a particular username is a valid email address at one domain, say yahoo.com or gmail.com, spammers will try the same username at other domains, say hotmail.com or fastmail.fm or yourdomain.com.

[n5bb]

Something about your description is confusing me. You say that the message was in your Gmail spam folder, so I assume that the message was delivered to your Gmail address. How does Fastmail enter into this? Was the message backscatter (messages sent by a spammer to a non-existing email address which bounces back to you, since they used your From address)?

If you created a Fastmail alias, did the message in your Gmail spam folder have that new alias as the From or the To address in the full headers?

Bill

[photog]

I forward all of my FM mail to my Gmail account. I have the FM accounts set-up as addys in the accounts section of Gmail. These are set-up to send from FM's SMTP servers not Gmail's.. This removes the "Sent on behalf of xxxxxx" when I send something from Gmail using another address. I have account's from Mac's Mobile Me set-up the same way. The alias I set-up was to be used in this fashion. The alias has never been used (and wouldn't be til after 1/1/11). And the spam e-mail was addresed directly to the newly created alias.

Quote:

Originally Posted by n5bb

Something about your description is confusing me. You say that the message was in your Gmail spam folder, so I assume that the message was delivered to your Gmail address. How does Fastmail enter into this? Was the message backscatter (messages sent by a spammer to a non-existing email address which bounces back to you, since they used your From address)?

If you created a Fastmail alias, did the message in your Gmail spam folder have that new alias as the From or the To address in the full headers?

Bill

[n5bb]

Very interesting. Was this an alias at a Fastmail domain, or a personal (virtual) domain?

As others have pointed out, dictionary attacks by spammers are common. I think that Fastmail has some ways of detecting such attempts. When I had my personal domain at Fastmail accepting any alias using a wildcard several years ago (*@mydomain), I was getting a huge number of obviously dictionary attack messages, so I disabled the wildcard. Now when I try accepting any alias I get very few additional spam messages, so I think that Fastmail has tuned things up to prevent many of the high rate automated attacks.

But you can still get random dictionary spam messages. If the spammer sends from a respectable server at a low enough rate, there isn't much that Fastmail can do to block such messages. And they can use a list of usernames found at other domains for a wide range of other domains, and Latin usernames would be good ones to try. It's possible that a spammer was sending two messages a week to that alias, and when you enabled it you now see those messages.

Bill

[photog]

The alias was using "@fastmail.fm". The alias was a Latin (Ancient Roman Latin) word so I don't think it was a dictionary attack unless they had something that uses a Latin word base. I was just elected to an office in the Roman group I belong to so I was using the Roman Latin title of the office for the alias. I do have two personal domains at FM but have NEVER received any spam on them since I've been with FM (about 6 years).

Charlie

Quote:

Originally Posted by n5bb

Very interesting. Was this an alias at a Fastmail domain, or a personal (virtual) domain?

As others have pointed out, dictionary attacks by spammers are common. I think that Fastmail has some ways of detecting such attempts. When I had my personal domain at Fastmail accepting any alias using a wildcard several years ago (*@mydomain), I was getting a huge number of obviously dictionary attack messages, so I disabled the wildcard. Now when I try accepting any alias I get very few additional spam messages, so I think that Fastmail has tuned things up to prevent many of the high rate automated attacks.

But you can still get random dictionary spam messages. If the spammer sends from a respectable server at a low enough rate, there isn't much that Fastmail can do to block such messages. And they can use a list of usernames found at other domains for a wide range of other domains, and Latin usernames would be good ones to try. It's possible that a spammer was sending two messages a week to that alias, and when you enabled it you now see those messages.

Bill

[rblon]

Quote:

Originally Posted by photog

I forward all of my FM mail to my Gmail account. I have the FM accounts set-up as addys in the accounts section of Gmail. These are set-up to send from FM's SMTP servers not Gmail's.. This removes the "Sent on behalf of xxxxxx" when I send something from Gmail using another address. I have account's from Mac's Mobile Me set-up the same way. The alias I set-up was to be used in this fashion. The alias has never been used (and wouldn't be til after 1/1/11). And the spam e-mail was addresed directly to the newly created alias.

So "who" knew about this alias? Just FastMail or also Gmail? Any other system?

@n5bb, I have several domains with wildcard forwarding to my inbox. I actually don't receive much spam at all (but a dictionary attack seems a bit less useful on an obscure domain anyway).

[photog]

As I have said I created the alias and it has never been used. No e-mail had ever been sent from it. I had not even added it to my Gmail account yet.

Charlie

Quote:

Originally Posted by rblon

So "who" knew about this alias? Just FastMail or also Gmail? Any other system?

@n5bb, I have several domains with wildcard forwarding to my inbox. I actually don't receive much spam at all (but a dictionary attack seems a bit less useful on an obscure domain anyway).

[Nikolaos]

Given your description the first explanation that comes to mind is that this particular username already exists in spammer databases. ie. other people have used it before. It could, for example, be the name of a video game, novel, or anime character, and a fan could have used it for an email account which then became known to spammers. The spammers would then just add that to their list of possible usernames to test for on any mail provider they target in future...

[photog]

Well, I deleted the alias and moved it to over to another provider I use. The user name was two Latin words together (14 letters long).

Quote:

Originally Posted by Nikolaos

Given your description the first explanation that comes to mind is that this particular username already exists in spammer databases. ie. other people have used it before. It could, for example, be the name of a video game, novel, or anime character, and a fan could have used it for an email account which then became known to spammers. The spammers would then just add that to their list of possible usernames to test for on any mail provider they target in future...

[joe_devore]

WHY do SPAMers do what they do it makes no sense
they are only hurting the FREE Internet.....
makes you wonder if they are Freelance hackers hired by the EVIl Gov????????????????????????????????