spam mails with the same Message-ID

[Adrian Bunk]

On Thu, Feb 17, 2005 at 10:26:55AM -0500, Parag Warudkar wrote:
> On Thursday 17 February 2005 10:10 am, Paolo Ornati wrote:
> > > ÄúºÃ£º
> > >     ÎÒÒÑ_­ÊÕµ_ÄúµÄÀ_ÐÅ
> >
> > and... what does this means?
> SPAM. This looks to me like a new way of spamming though, replying to valid 
> mailing list messages. (I too received couple of these in reply to my 
> messages.)

The most interesting fact seems to be that these spam messages have the 
same message ID as the original Mails.

If you run a program that automatically discards duplicate mails and the 
spam message reaches you faster than the original email through 
linux-kernel (which seems to often happen with these mails), the 
original email will be discarded. 

I don't know whether these are known attacks, but the automatic 
discarding of duplicated emails offers attackers nice opportunities if 
they know a message ID (as with these emails) or can guess the
message ID (since many MUAs have predictable message IDs, an attacker C
could use this to suppress a message from person A to person B by 
sending an email with the message ID to person B bevor person B gets 
the email from person A).

> Parag

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/