W3C home > Mailing lists > Public > www-rdf-interest@w3.org > August 2000

Spam alert

From: Sean Luke <seanl@cs.umd.edu>
Date: Sat, 12 Aug 2000 14:20:09 -0400 (EDT)
To: www-rdf-interest@w3.org
Message-ID: <Pine.GSO.4.21.0008121405270.2053-100000@jifsan.cs.umd.edu>
Sorry for posting this to the group, but I'm not sure what administrative
address at W3C is supposed to get this.

I've been getting some spam from www-rdf-interest lately, here's the
latest.  So I did a little checking, and discovered, holy cow, that W3C,
of all organizations, has open mail relays.  That's GOT TO GET FIXED
IMMEDIATELY. I can just see W3C being added to MAPS and ORBS; that'd be
guaranteed an ironic front-page story on Red Herring and Wired.  :-)

W3C's relays are (this is just amazing) semi-open: they don't allow you to
send mail if you say you're from an address outside of W3C, but if you
just say you're some address inside, then you're let right on through.  
Spammers have figured out this little bit of software stupidity in a lot
of sites, and are abusing it for email lists.  The proper way to close the
relay is to get software which actually checks your IP address; that's
guaranteed except in the event of spoofing.

The spammer simply said he was from www-rdf-interest-request@rdf.org.  
It's easily repeatable on the victimized box (www18), try it yourself:

yo> telnet www18.w3.org 25
Trying 18.29.0.19...
Connected to www19.w3.org.
Escape character is '^]'.
220 www19.w3.org ESMTP Sendmail 8.9.0/8.9.0; Sat, 12 Aug 2000 14:06:50 -0400 (EDT)
MAIL FROM: www-rdf-interest-request@w3.org
250 www-rdf-interest-request@w3.org... Sender ok
RCPT TO: www-rdf-interest@w3.org
250 www-rdf-interest@w3.org... Recipient ok


And we're in!  If the open relay was properly configured as closed, this
last line would read: 550 www-rdf-interest@w3.org... Relaying denied


Doing some playing with numbers, here's another one:

yo> telnet www12.w3.org 25
Trying 18.29.1.22...
Connected to slow1.w3.org.
Escape character is '^]'.
220 slow1.w3.org ESMTP Sendmail 8.8.8+Sun/8.8.8; Sat, 12 Aug 2000 14:04:33 -0400 (EDT)
MAIL FROM: www-rdf-interest-request@w3.org
250 www-rdf-interest-request@w3.org... Sender ok
RCPT TO: www-rdf-interest@w3.org
250 www-rdf-interest@w3.org... Recipient ok


Here's the forwarded spam, in case anyone didn't get it :-)

Sean


---------- Forwarded message ----------
Received: from ringding.cs.umd.edu (ringding.cs.umd.edu [128.8.126.2])
	by scruffy.cs.umd.edu (8.9.3/8.9.1) with ESMTP id NAA20550
	for <seanl@drinkme.cs.umd.edu>; Sat, 12 Aug 2000 13:39:28 -0400 (EDT)
Received: from mimsy.cs.umd.edu (mimsy.cs.umd.edu [128.8.128.8])
	by ringding.cs.umd.edu (8.9.3/8.9.1) with ESMTP id NAA18388
	for <seanl@ringding.cs.umd.edu>; Sat, 12 Aug 2000 13:39:27 -0400 (EDT)
Received: from www19.w3.org (www19.w3.org [18.29.0.19])
	by mimsy.cs.umd.edu (8.9.3/8.9.1) with ESMTP id NAA24741
	for <seanl@cs.umd.edu>; Sat, 12 Aug 2000 13:39:26 -0400 (EDT)
Received: (from daemon@localhost)
	by www19.w3.org (8.9.0/8.9.0) id IAA07248;
	Sat, 12 Aug 2000 08:01:15 -0400 (EDT)
Resent-Date: Sat, 12 Aug 2000 08:01:15 -0400 (EDT)
Resent-Message-Id: <200008121201.IAA07248@www19.w3.org>
Date: Sat, 12 Aug 2000 08:00:20 -0400
Message-Id: <200008121200.IAA18544@tux.w3.org>
From: Please read this carefully!<inet-commerceman@e-com.net>
To: www-rdf-interest@w3.org
Mime-Version: 1.0
Subject: Do You want to earn $3000-$4000 or more per month?
Resent-From: www-rdf-interest@w3.org
X-Mailing-List: <www-rdf-interest@w3.org> archive/latest/1225
X-Loop: www-rdf-interest@w3.org
Sender: www-rdf-interest-request@w3.org
Resent-Sender: www-rdf-interest-request@w3.org
Precedence: list
Content-Type: multipart/mixed;
    boundary="====================54535yqrgwf===="
Content-Length: 89129

Have a nice day! 
 
Do You want to earn about $3000 per month? If yes just read this e-mail(business_eng.txt)!
It`s very eazy and absolutely FREE!!!
Good luck!!!
 
Please excuse me if this e-mail disturbed You.

------------------------------------------------------------------------------------------------

Желаю Вам приятного и успешного дня! 
 
Это заработок без отрыва от монитора;-)
Если Вы проявите некоторый интерес и терпение (а главное, разберетесь, как ЭТО работает), Вы можете хорошо заработать (до 50.000$ и более!!!, это зависит только от Вас) в течение следующих 90 дней. КАЖЕТСЯ НЕВОЗМОЖНЫМ?? Прочитайте документ business_rus.txt
 и Вы убедитесь, что в этом нет никакой каверзы или обмана. Если Вы полный лентяй (прошу прощение 
за предположение!!!), то это не для Вас!!! Лучше занимайтесь серфингом или кликайте по баннерам или не занимайтесь ничем. Если будет что-то непонятно - с удовольствием разъясню.
С уважением, Игорь.

!!!Если предложение Вас ничем не заинтересовало, приношу свои извинения и не надо сердиться ("спам" имеет свои издержки, так же как радио и TV), но не забывайте, что сказал первый миллиардер США Эндрю Карнеги: 
"Я лучше буду зарабатывать 1% в результате усилий 100 человек, чем 100% в результате своих собственных усилий." 

P.S. Прикрепленный документ проверен на наличие вирусов, “Троянов” и прочей “нечисти”. 

Встанете на путь к финансовой независимости и СВОБОДЕ!!

НЕ ПРОПУСТИТЕ ЭТУ ВОЗМОЖНОСТЬ! - ЭТО НИЧЕГО НЕ СТОИТ, ТАК ПОЧЕМУ НЕ ПОПРОБОВАТЬ?

 
Received on Saturday, 12 August 2000 14:20:11 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:51:43 GMT