Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VeriSign's fake SMTP server for SiteFinder

From: "Geoincidents" <geoincidents () getinfo org>
Date: Mon, 22 Sep 2003 20:53:33 -0400
----- Original Message ----- 


Right now they take in the address of who you are sending to and who is
sending. What a wonderful way to collect valid email addresses. First
the MAIL FROM will be a correct address most of the time. The RCPT TO
will be wrong 100% of the time, but they could employ scripts with some
logic to see things like    user () netscpe com is really
user () netscape com and such. Many typos are repeated in the same way by
many people.

Can't wait for the spam to start flowing from that list of users they


So bust them at it. Setup some email that is unguessable, send an email to
noone () verisignsucksnuts4ever com and if your unguessble address gets spammed
you know they did it. If a number of folks here do that and all get spammed
then it's pretty clear where the information came from.

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: