[conspire] Probable spamhaus domain: apotmail.com

Wed Jun 1 14:26:11 PDT 2011

For the benefit of people who watch such things:  It seems that domain
'apotmail.com' is the latest to be deployed for never-post-anything
subscriptions to mailing lists for probably nefarious purposes,
_probably_ either harvesting of addresses, keeping vetted subscriptions
available for a future mass-spamming, or both.  

I am about to pre-emptively block Mailman regex ^.*@apotmail\.com from
subscription to any mailing list I administer or host, joining these
existing blocks:

^.*pc1\.papaya\.me\.uk
^.*zeusmail\.org
^.*gmx\.com
^.*@dir\.bg

Why have I arrived at that opinion?  Patterns.  You notice requests
arrive to permit new subscriptions to closed mailing lists where, for
reasons made obvious on their public Web pages, there is no earthly
reason for general members of the public to want to subscribe.  And,
say, several such requests arrive within a week or so, and you notice
that they're all from allegedly different users at zeusmail.org .

You write back to the allegedly aspiring subscribers, asking them why
they want to subscribe, say, to a mailing list that exists only for
archival purposes, is publicly archived, and is not postable.  You never
get any reply.[1]

You do a Web-search on zeusmail.org, and you find postings from other
mailing list administrators around the world, saying they've had
puzzling patterns of subscription from users at zeusmail.org, who never
say anything but want to be on mailing lists even where there's no
reason for them to want to join them.

What exactly is going on?  I'm not absolutely sure, but I'm pretty
positive it's nothing good.  Smells very much like some sort of
intelligence-gathering by professional spamhaus groups, and it's
extremely likely that all the requests are script-driven with no human
reading any return mail.

Mailing list admins:  If you block the above-cited domains, don't forget
to check your existing rosters for entries.  I'll bet many of you will
find you already have 'zeusmail.org' users (for example) whom nobody
knows, who never post, and who never respond if you write them.

And yes, I'm aware that blocking individual domains that I notice
behaving in a suspiciously spammish manner doesn't scale.

[1] This exact pattern is now confirmed for apotmail.com .

----- Forwarded message from mailman-owner-bounces at lists.svlug.org -----

Date: Wed, 01 Jun 2011 14:00:59 -0700
From: mailman-owner-bounces at lists.svlug.org
To: smaug-owner at lists.svlug.org
Subject: Smaug subscription notification

Clifford.Ude at apotmail.com has been successfully subscribed to Smaug.

----- End forwarded message -----