[conspire] Probable spamhaus domain: apotmail.com

[Rick Moen]

(Going back on-list.)

Quoting Margaret Wendall (mwendall at gmail.com):

> Does this have anything to do with the news of China breaking into Google?
> Or a similar attack against another trusted host? It really doesn't matter,
> but please do block this potential malware.

It seems to be nothing so dramatic, but rather just a set of fake-user
subscriptions to mailing lists used to collect material for
answerpot.com.  Answerpot.com is a Web site that collects as many as
they can find of other people's mailing lists and archives them in a
searchable Web site archive.  

A few years ago, they started using fake-user subscriptions in domain
'zeusmail.org' for this purpose, except we list administrators weren't
sure what is going on, just that a massive number of subscriptions were
being attempted from that domain, many being requests that made no sense
at all (e.g., requests to join obviously dead, non-postable, or highly
private mailing lists), and you never got any reply when you wrote the
alleged user and said 'Why exactly do you want to join mailing list
$FOO?'

It was the deceptive and uncommunicative nature of the effort, the lack
of explanation and wasted listadmin time, that lead to their being
widely blacklisted.  Their actual use of the domain wasn't particularly
evil.

Now, it appears that 'apotmail.com' is the new zeusmail.org, and is
probably intended to be short for 'mail from/for Answerpot'.

So, not really evil but just rude and irritating.  By contrast, the
Gmane archiving site is well-behaved and doesn't send bots around the
Internet looking for mailing lists to autosubscribe to:
http://gmane.org/faq.php