From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261188AbVBQTvO (ORCPT ); Thu, 17 Feb 2005 14:51:14 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262092AbVBQTvO (ORCPT ); Thu, 17 Feb 2005 14:51:14 -0500 Received: from relay1.tiscali.de ([62.26.116.129]:21193 "EHLO webmail.tiscali.de") by vger.kernel.org with ESMTP id S261188AbVBQTur (ORCPT ); Thu, 17 Feb 2005 14:50:47 -0500 Message-ID: <4214F4A8.3080709@tiscali.de> Date: Thu, 17 Feb 2005 20:46:48 +0100 From: Matthias-Christian Ott User-Agent: Mozilla Thunderbird 1.0 (X11/20050108) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Adrian Bunk CC: Parag Warudkar , Paolo Ornati , bruno.virlet@gmail.com, linux-kernel@vger.kernel.org Subject: Re: spam mails with the same Message-ID References: <4213AB2B.2050604@giesskaennchen.de> <20050217154250.110f4615@localhost> <20050217161048.20daf6cd@localhost> <200502171026.55766.kernel-stuff@comcast.net> <20050217170211.GA1772@stusta.de> In-Reply-To: <20050217170211.GA1772@stusta.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Adrian Bunk wrote: >On Thu, Feb 17, 2005 at 10:26:55AM -0500, Parag Warudkar wrote: > > >>On Thursday 17 February 2005 10:10 am, Paolo Ornati wrote: >> >> >>>>您好: >>>> 我已_盏_您的繽信 >>>> >>>> >>>and... what does this means? >>> >>> >>SPAM. This looks to me like a new way of spamming though, replying to valid >>mailing list messages. (I too received couple of these in reply to my >>messages.) >> >> > >The most interesting fact seems to be that these spam messages have the >same message ID as the original Mails. > >If you run a program that automatically discards duplicate mails and the >spam message reaches you faster than the original email through >linux-kernel (which seems to often happen with these mails), the >original email will be discarded. > >I don't know whether these are known attacks, but the automatic >discarding of duplicated emails offers attackers nice opportunities if >they know a message ID (as with these emails) or can guess the >message ID (since many MUAs have predictable message IDs, an attacker C >could use this to suppress a message from person A to person B by >sending an email with the message ID to person B bevor person B gets >the email from person A). > > > >>Parag >> >> > >cu >Adrian > > > The spamers become always cleverer :-) . Matthias-Christian Ott