Password Gropers Hit Peak Stupid, Take the Spamtrap Bait 100
badger.foo (447981) writes Peter Hansteen reports that a new distributed and slow-moving password guessing effort is underway, much like the earlier reports, but this time with a twist: The users they are trying to access do not exist. Instead, they're taken from the bsdly.net spamtrap address list, where all listed email addresses are guaranteed to be invalid in their listed domains. There is a tiny chance that this is an elaborate prank or joke, but it's more likely that via excessive automation, the password gropers have finally hit Peak Stupid.
How fucking stupid are you (Score:4, Informative)
You just posted the same point twice in this thread, and its completely wrong both times, and shows a total lack of reading comprehension on your part.
They are NOT emailing these addresses, they are attempting to log in to them.
Read the fucking summary, at least. You are what's wrong with the internet.
It's been done. (teergrube) (Score:5, Informative)
There's even a term for this, teergrube [wikipedia.org].
An ISP that I worked for in the 1990s used to do this (dcr.net, owned by Drew Curtis, of fark.com fame).
We had some code that would look for blatant e-mail harvesters, and would SLOWLY return random bogus e-mail addresses ... wait a couple seconds, spit out an address ... etc. The page at the top even had warnings that the page was completely bogus.
At first, all of the e-mail addresses were all in our domain (but not our real mail server), but I went and added some code that would look up the connecting IP's network (I think I used whois.ra.net), and would also include '{abuse,postmaster}@(network)' and again for the network's upstream providers.
I can't remember if the bogus mail server was also the box that we had set up so that if *anything* tried touching it, it'd blackhole the connecting IP at our external router, if it was a teergrube itself.