Re: spam mails with the same Message-ID

[Matthias-Christian Ott]

Adrian Bunk wrote:

> On Thu, Feb 17, 2005 at 10:26:55AM -0500, Parag Warudkar wrote:
>  
>
> > On Thursday 17 February 2005 10:10 am, Paolo Ornati wrote:
> >    
> >
> > > > ÄúºÃ£º
> > > >    ÎÒÒÑ_­ÊÕµ_ÄúµÄÀ_ÐÅ
> > > >        
> > > and... what does this means?
> > >      
> > SPAM. This looks to me like a new way of spamming though, replying to valid 
> > mailing list messages. (I too received couple of these in reply to my 
> > messages.)
> >    
>
> The most interesting fact seems to be that these spam messages have the 
> same message ID as the original Mails.
>
> If you run a program that automatically discards duplicate mails and the 
> spam message reaches you faster than the original email through 
> linux-kernel (which seems to often happen with these mails), the 
> original email will be discarded. 
>
> I don't know whether these are known attacks, but the automatic 
> discarding of duplicated emails offers attackers nice opportunities if 
> they know a message ID (as with these emails) or can guess the
> message ID (since many MUAs have predictable message IDs, an attacker C
> could use this to suppress a message from person A to person B by 
> sending an email with the message ID to person B bevor person B gets 
> the email from person A).
>
>  
>
> > Parag
> >    
>
> cu
> Adrian
>
>  
The spamers become always cleverer :-) .

Matthias-Christian Ott
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/