Computer Security Research - McAfee Avert Labs Blog

Spammers and deeply dubious marketeers use unsubscribe requests to confirm valid addresses. This practice has been going on for years but thanks to one spammer the situation is getting a lot worse.

Our junk mailer in question today is publishing every unsubscribe request on their Web site in a plain text log to the Web. Isn’t that so nice of them?

Here is an obscured sample of the log format:Tue May 8 14:11:48 UTC 2007, Wendyjo@pop.rr.tld Tue May 8 14:12:27 UTC 2007, joyD678@cox.tld Tue May 8 14:22:50 UTC 2007, roz@zzz-inc.tld Tue May 8 14:23:24 UTC 2007, chris_99@msn.tld
^{NB: These addresses have been edited.}

I’m pretty sure this isn’t a spammer being evil but a simple configuration error on their “rent-a-server.” Surprisingly few people are actually filling out the unsubscribe forms each day, though the logs go back quite some time and the larger ones contain tens of thousands of addresses (and just a few spam traps too ;)). This is no isolated incident, I’ve found the same issues with hundreds of sites advertising a range of services from Mortgages, Florida holidays, slot machine tips, and even cholesterol testing, on servers across the USA and Canada.

I suspect that these hundreds of domains and server IPs are expendable proxy hosts for the command and control server since there is more data than is conceivably useful on them. The servers also contain click-tracking logs going back a few months for instance. With these bulkers they can build up an interests profile for everyone they mail (just as your popular online bookshop does). If you wanted a voucher from a DIY chain, a plasma TV, or an Apple iPhone, they know; and I’ll bet you get similar offers in the future!

My advice is simple: Never unsubscribe from email you did not specifically request.

If unsubscribing is getting worse, I wonder how we got spamme@mcafee.com onto their 1.7-million-address blacklist?

This entry was posted on Wednesday, May 9th, 2007 at 5:25 am and is filed under Data Theft, Spam and Phishing. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Be careful what emails you unsubscribe from » The PC Doctor’s blog Says:
May 9th, 2007 at 6:21 am

[…] I was just about to write a bit about the dangers of unsubscribing from emails when I saw this on the McAfee Avert Labs blog : […]

Chris Santerre Says:
May 9th, 2007 at 6:44 am

I like when you find these open logs and you see people’s angry comments in them. ie:

“Take your spam and shove it!”
“Stop sending me this F***ing cr*p!”

Cal Frye Says:
May 10th, 2007 at 8:06 am

Sounds like a good way to get your spamtrap address into the right places

SPAM email - Avoid every URL, even those that allow you to opt out - Harry Waldron - Microsoft MVP Blog Says:
May 12th, 2007 at 5:28 am

[…] AVERT Blogs (McAfee) - Unsubscribe getting Worsehttp://www.avertlabs.com/research/blog/?p=274 […]

SPAM email - Avoid every URL, even those that allow you to opt out - Harry Waldron - My IT Forums Blog Says:
May 12th, 2007 at 5:31 am

Dave Says:
May 15th, 2007 at 1:13 am

These scum are publishing unsubscribes to the web. That is very bad news.
Thanks for the info.

Permanent Link to Unsubscribe Getting Worse — Poker Information Says:
June 13th, 2007 at 1:18 pm

[…] Unsubscribe Getting Worse Wednesday May 9, 2007 at 5:25 am CST Posted by Chris Barton 6 Comments; … from Mortgages, Florida holidays, slot machine tips, and even cholesterol testing, on servers across the USA … they can build up an interests profile for everyone they mail (just as your popular online bookshop does source: Permanent Link to Unsubscribe Getting Worse, Computer Security Research - McAfee Avert Labs Blog […]

Unsubscribe Getting Worse

7 Responses to “Unsubscribe Getting Worse”

Leave a Reply

Archives

Categories