Bounce Testing?

[Dunx]

Found this rather odd message in my catch-all mail box this morning:

Quote:

This was sent to nouserhere2716@<one of my domains>. It was intended as a test of the bounce
handling system implemented for your domain, and should not actually arrive
in a normal inbox.

Just wondered if anyone else had seen something like this. I assume it is some variant on address harvesting. The originator is lemroh.com.

[Bruce]

Yes, I'd rather suspect the first stage of a somewhat more advanced email address harvesting scheme.

We've already seen schemes where the address harvesters will connect to the victim servers and issue either a whole bunch of VRFY or RCPT commands (which report if an address exists on some mail servers, not qmail). If some report negative, they log all the postive reports in a database of known addresses. This practice doesn't actually transmit any email, so it's mostly invisible.

It looks like what's happening is a slicker way of doing it -- send an email to an address that is fairly guaranteed to not exist, and see if it bounces. If it does, send more probes, remove the addresses that bounce from the list that was sent, and keep the rest as a known address.

Of course, this actually requires having a valid return path, which disqualifies most spammers...

Quote:

The originator is lemroh.com

...which happens to spell "hormel" backwards, which sounds familiar somehow. I've checked Google and SecurityFocus, and found nothing on them, though, and they have no web site. The domain does actually resolve, though, so they would receive a bounce.

[teach1st]

Hormel is the maker of the canned food product, spam.


http://www.hormel.com/Hormel/GP.nsf

[Bruce]

Yes, that would be it, thanks. This stinks even more like spam harvesting than before. I think it might be an idea to put lemroh.com in badmailfrom, Terra?

[teach1st]

lemroh.com resolves to omeda.com

Registrant:
Omeda Communications, Inc. (LEMROH-DOM)
610 Academy Drive
Northbrook, IL 60062
US
Domain Name: LEMROH.COM


http://www.omeda.com/services/srv.htm##4. E-mail Deployment Services

Quote:

order to provide an overall end-to-end e-mail solution, OMEDA now offers e-mail deployment services ("O-mail"). O-mail gives you the ability to seamlessly coordinate circulation marketing and editorial needs with your e-mail blasting efforts.

After thorough research, we learned that actually sending the e-mail message (with customization and HTML content) was the easy part. However, coordinating the demographic information used for and received from the e-mail blast has proven to be a difficult challenge for many circulators, especially when they are storing files at several different locations. To combat this dilemma, the O-mail system combines this information into one comprehensive database. And as a leading database management company, collecting and storing all of this various information and understanding the uses of it is exactly where we excel.

OMEDA's new O-mail System, in conjunction with our new user-friendly web-based "Quick Index", is the ultimate e-mail marketing weapon. From start to finish, you can now make a comprehensive demographic selection, click on the 'e-mail effort' button, select a date and time you wish the blast to go out, select a list of test names, either import or compose your message, and click submit. Once that easy process is accomplished, your job is complete

[Terra]

Quote:

I think it might be an idea to put lemroh.com in badmailfrom, Terra?

Sure thing - I'll even do it 14 times over just to be sure...

This can only become an expotential linear affair...

--
Terra
--Database the world--
FutureQuest

[Dunx]

"email blast"

Good grief