The first spam message sent in this new kind of attack will probably be seen by very few people. It's directed to a small, often very specialized, mailing list. Who reads it, if any, does not matter. The spammer has selected this particular mailing-list for two main reasons : because it has less than standard antispam filtering, and because every email sent to the list is archived on its website, with a public address for the world to see.

That's the first stage. Once the email has been archived, stage two can begin : the spammer then does what he does best, mass spamming to its intended victims. Except that the message does not contain anything but a single URL. You guessed it : that's the address of the spam content being archived on the mailing-list web server.

If that list has not (yet !) too bad of a reputation, chances are the emails will get through antispam filters. Some users will then click on that link and be exposed to the message. Score one for the bad guys.

Of course, when enough of those messages will be reported as spam, filters will be updated and any email bearing that list's URL will not get through anymore. But by then spammers will have moved to another hobby list and started again. Leaving the initial mailing-list owner to deal with its newly-acquired bad reputation.

This new tactic is difficult to deal with, essentially because there are virtually dozens of thousands micro mailing-lists around the Internet (and most of those not managed by tech-aware users, let alone security-aware ones !). And even then, it would be difficult to block them preventively since it's in such a mailing-list nature to have its URL sent in legitimate emails.

For mailing-lists operators, this new approach can means a loss of reputation and the inclusion in blacklists, thus having a large portion of emails not being delivered. Their only solution is to buff up their antispam filtering on incoming emails to the list. Or make sure there *is* one !