![[info]](http://l-stat.livejournal.com/img/userinfo.gif?v=92.1){kind=small}
I subscribed to a couple of mailing lists at http://www.us-cert.gov today. This involved writing an email message to majordomo at their site, and then replying to a confirmation message they send to you. Because I have greylisting set up, I had expected to wait a while before receiving the first confirmation message. However, to my surprise I received the confirmation message almost right away! That meant that the mail server at CERT had already contacted mine sometime within the last five days.
I began to think how ironic it would be to have received a Mydoom message from CERT themselves, and if they had an infected computer there. I quickly scanned through mail logs looking for their IP address, and sure enough I found that their server had sent me a message early monday morning.
I did find it, but it turned out to be fairly unexciting. Some other computer out there on the internet somewhere had forged a Mydoom message from <brenda@hewgill.com> to <majordomo@us-cert.gov>, and their mail server dutifully responded back to brenda with a confirmation message. I don't have that confirmation message anymore (I've been deleting a lot of mail lately), but it would have been interesting to see where it came from in the first place.
Oh, how I was hoping to see something fun like an original Mydoom message from CERT.
February 4 2004, 09:25:50 UTC 8 years ago
us-cert
You're doing better than me. I signed up for a few of their lists the day they were turned on and it took ~36 hours for me to complete the request -> ack -> subscribed cycle. And I don't have any greylists, this was all on their end. :-)