As I mentioned before, I was the unlucky recipient of a domain which had previously been published (accidentally).
This has led to the unique bonus of a ready-made honeypot. Honeypots, for those of you who don't know, are email addresses that have been posted onto the internet for the express purpose of being found by spammers and then added to their lists of people to sell Viagra and fake Rolex watches to.
Why do I want a few thousand Viagra emails a day? Well, I don't (yet). It does, however, lend itself to an interesting by-product - legitimate companies spamming me. How? Well, most legitimate companies send out newsletters and offers and what-not to people on their distributions lists - everytime you put a business card into a barrel at an expo, you just signed up. However, these companies do not actually send out the emails themselves, they use other companies that specialise in sending out their mail (prices go up to extortionate levels of $0.30 an email) and as with all tactics or industries less than perfect, people do stupid things to make a buck.
Some of these third party companies will, on occasion, increase their lists by using less reputable methods of getting email addresses - if you search for "email address lists" chances are you will find some hockster selling a few million email addresses for $50 - if each address you add to the list costs the customer $0.30, that is effectively free money.
Now, I was aprehensive about actually doing this - I am sure there are legal folks out there who will no doubt request removal of this page and try to sue me. What I have is undeniable proof, full insurance, and an office on a floor full of lawyers.
What I also did was offer the offending company a chance to explain themselves, which they ignored.
N-able Technologies, makers of (actually quite good) remote management software, were the most recent company to find their way into my honeypot. Twenty five times, since April, although I only just noticed.
Headers;
Microsoft Mail Internet Headers Version 2.0
thread-index: AclTyvbGK2lTvEIpQQSn81lP7LJ1yw==
Received: from mkt8.verticalresponse.com ([209.66.113.63]) by vrbl.kicks-ass.net with Microsoft SMTPSVC(6.0.3790.1830); Tue, 2 Dec 2008 02:39:13 +1100
Return-Path: <bounces-910a7023ec-ea0136bbbb@b.cts.vresp.com>
DomainKey-Signature: q=dns; a=rsa-sha1; c=nofws;s=mkt; d=vresp.com;h=X-MailerISP:Received:From:Reply-To:To:Subject:Date:Message-ID:List-Unsubscribe:MIME-Version:X-Company_ID:X-CTS-Enabled:X-Campaign:Content-Type;b=JPX3Cl2sN/FwxDVxnZmH893kxIFb86F/zm7wHH1M1JfQuJSvFk+IN4RM0w4xsdHcZ+AfCP6o3Bm+rCJvY7TmHzzroKLDgzAyVEXiDfZ32a8Vmf/nyb3xDPNiToQwlbto09KaHcbEZIPZ/FfHgW0EU4YOpClMd4BU9nhUYjRJF6E=
Content-Transfer-Encoding: 7bit
X-MailerISP: AboveNet
Received: from [10.4.7.56] ([10.4.7.56:48203] helo=mailer02.sf.verticalresponse.com) by hollister.sf.verticalresponse.com (envelope-from <bounces-910a7023ec-ea0136bbbb@b.cts.vresp.com>) (ecelerity 2.2.2.35 r(26825/26826M)) with ESMTP id A3/FA-07009-E0104394; Mon, 01 Dec 2008 07:21:50 -0800
From: "N-able Technologies" <N_able_Technologies@mail.vresp.com>
Content-Class: urn:content-classes:message
Importance: normal
Reply-To: "N-able Technologies" <reply-910a7023ec-ea0136bbbb-614f@u.cts.vresp.com>
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325
To: <geos@block.net.au>
Subject: Last Chance: Webinar - Earn More Desktop Revenue with N-able & Intel
Date: Mon, 01 Dec 2008 15:21:50 +0000
Message-ID: <910a7023ec-geos=block.net.au@mail.vresp.com>
List-Unsubscribe: <mailto:reply-910a7023ec-ea0136bbbb-614f@u.cts.vresp.com?subject=unsubscribe>
MIME-Version: 1.0
X-Company_ID: 226579
X-CTS-Enabled: 910a7023ec-ea0136bbbb
X-Campaign: 910a7023ec
Content-Type: multipart/alternative;
boundary="__________MIMEboundary__________"
X-OriginalArrivalTime: 01 Dec 2008 15:39:13.0982 (UTC) FILETIME=[F6703DE0:01C953CA]
--__________MIMEboundary__________
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--__________MIMEboundary__________
Content-Type: text/html;
charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--__________MIMEboundary__________--
Vertical Response seems to be the company that N-able use to send out their emails, and somehow, my honeypot address got in there.
Even more damning is the fact that the emails start "Dear Geo:" or "Hi Geo,"
This is not new either, about 18 months ago I received similar spam from a different, high profile, software company (no, not Microsoft) - I brought it to their attention on their forums, and they apologised profusely and then swept it under the rug - I am not completely happy with how that worked out, but at least they seemed to care that they had done something wrong. They did, however, try to make good - so I will not name them.
Corporate spammers beware.
-- Before posting this article, I gave N-able a week to respond to it - they opted not to.