[Lowfer] Getting Spammed?

[JD]

The e-mail addresses in the call list are NOT actually "in the clear."  The 
page has to be downloaded and interpreted by a browser for the address to be 
displayed in a form containing "@" and ".com" or other top-level 
domain...the main clues that automated spambots rely upon.  It's a simple 
technique that's not uncrackable, by any means, although I periodically 
monitor for spam attacks against decoy addresses hidden within the page, and 
those have not yet been spammed

You mentioned, "In the body of one spam message was a reference to the 
LWCA."  This is actually a solid clue that the spam you received did _not_ 
come from automated harvesting!

Such behavior is typical of trojans and worms that harvest contact lists 
from folks' e-mail programs.  They like to incorporate context-sensitive 
references they find in mail you've already read, on the assumption that 
other people whose addresses are in your contact list will share some of the 
same interests, and be more inclined to trust mail that contains familiar 
phrases or names.

In other words, someone with whom you have exchanged e-mail messages has 
recently been infected with malware, and had their contact list harvested.

I'll remove your e-mail address if you still want, and those of anyone who 
doesn't want to be in the list; but I'd encourage you to provide some means 
for people to contact you about legitimate matters.

John