[ORANGE] "WARNING: Orange.net Alert Service"
Peter Corlett
abuse at cabal.org.uk
Tue May 10 16:48:10 BST 2005
Kurt Hitchen <kurthitchen at yahoo.co.uk> wrote:
> I just had the following "intercept" message in my orange inbox. I
> noticed that all the recipients were on the orange domain; also some
> were quite complex addresses that could not be "guessed" by a
> computer.
There is of course the possibility that a worm on *your* computer
leaked the address out. (Not that I'm suggesting that this is the
likely cause.)
> It's very rare I give out my orange e-mail address to anyone, I know
> it could exist in other people's address books, but I'm slightly
> suspicious by the fact all the recipients were "@orange.net"
There's Nothing terribly suspicious about that. Most MTAs (even
spamware) will aggregate recipients by MX record so that mails can be
more efficiently delivered.
That you saw the list of email addresses merely shows that "Orange.net
Alert Service" has a broken MTA (let me guess - is it Exchange?) that
conflates envelopes with headers and leaks Bcc:ed recipients in
bounces and other delivery reports.
--
PGP key ID E85DC776 - finger abuse at mooli.org.uk for full key
Please contribute to the beer fund and a tidier house:
http://search.ebay.co.uk/_W0QQfgtpZ1QQfrppZ25QQsassZpndc
More information about the orange
mailing list