Re: How Did I Get This Mail?
From: N. Miller (anonymous_at_discussions.microsoft.com)
Date: 10/23/03
- Next message: Veronica Loell: "Re: virus-scan"
- Previous message: Alun Jones [MS MVP]: "Re: virus-scan"
- In reply to: Wayne Watson: "Re: How Did I Get This Mail?"
- Next in thread: Combustible: "Re: How Did I Get This Mail?"
- Reply: Combustible: "Re: How Did I Get This Mail?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 23 Oct 2003 12:23:23 -0700
In article <3F97BB58.76D09C5A@earthlink.net>, mtnviews@earthlink.net says...
> It's very unlikely that any communication with those 10 people in the5 days since I
> revealed to them my new e-mail address have resulted in bcc's, or cc's.
O.K., but I had to ask because that is one source of email address
discovery.
> My new address is 13 characters long. It only differs by an s (no longer plural) from
> the previous one. It seems like a very unlikely address that anyone would really want
> to use. It is possible I suppose since I just dropped the s from the old address that
> some one reproduced it without an s.
That is a very easy test for a spammer to try; with 's', and without 's'.
Another interesting variation on the theme is the 'grepping' out of address
components. I created an account with the username 'antispam'; on a local
domain that I own, so I don't have to deal with provider rules prohibiting
that name. So many people 'munge' their email addresses with some variation
of 'spam', or 'nospam', that the spammers automatically search and remove
such obvious munges.
In my case, however, I wasn't trying to over think a solution to a problem,
I just wanted a unique address at my domain to deal with spam. I figured I
could filter/block, if necessary, and a spammer would have to have something
akin to a deathwish to spam an antispam account. So what did one spammer try
to do? Unmunge the address by removing the spam from the account name; I got
a few logged rejects where my server sent; "550 Address
<anti@mydomain.invalid> not known"!
> I think I'm going to do a little experiment. I'm going to create something of a funky
> address, and not let anyone know what it is. I will then troll my usual web sites and
> see how long it is before I start getting Swen msgs or any spam.
Anywhere from hours to weeks. If you reveal it in locations where the
harvesters can grab it. Try it with "1337" spelling tricks, and make two
addresses that look like they are identical, but change which characters are
used. Say, si1ly8il1y" and "5il1ybi1ly". Note that the first case uses the
numeral '1' in the first place of 'silly', and the second place of 'billy',
while the second case reverses that order. Use one prolifically, but don't
even use the other; ever. See how long that second one lasts. I have one
such at Hotmail which is over a year old, now, and has yet to receive even a
single spam. {Gotta check it every 28 days, or so, so it won't go
'inactive', though.}
-- Norman ~Win dain a lotica, En vai tu ri, Si lo ta ~Fin dein a loluca, En dragu a sei lain ~Vi fa-ru les shutai am, En riga-lint
- Next message: Veronica Loell: "Re: virus-scan"
- Previous message: Alun Jones [MS MVP]: "Re: virus-scan"
- In reply to: Wayne Watson: "Re: How Did I Get This Mail?"
- Next in thread: Combustible: "Re: How Did I Get This Mail?"
- Reply: Combustible: "Re: How Did I Get This Mail?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
