Full Disclosure mailing list archives
RE: Empty emails?
From: James Lay <jlay () ameriben com>
Date: Wed, 25 Feb 2004 13:40:51 -0700
What was a question turned out to be an interesting excersize. Here's a header just recieved: Message-Id: <20040225203416.C37033FD03 () gateway ameriben com> Date: Wed, 25 Feb 2004 13:34:16 -0700 (MST) From: styykbqzmr () yahoo com To: undisclosed-recipients:; What's interesting is that the To: undisclosed-recipients:; line is tagged only by my exchange server. It looks like just as some people have said...looks like it's spammers trying to verify the email address. But they send via BCC...with BCC there simply isn't a To: line (least not the ones I tested). I've looked at blocking via postfix, but no go. What I MAY be able to do is use anomy tools to do a double-check..IE: if message To: == null and body == null then block/nuke/something like that. I'll keep ya posted ;-) James -----Original Message----- From: randall perry [mailto:lists () domain-logic com] Sent: Wednesday, February 25, 2004 9:12 AM To: Full-Disclosure (E-mail) Subject: Re: [Full-disclosure] Empty emails? At 10:13 AM 2/25/2004 -0500, you wrote:
yup...been getting quite a few as of late. Based on some quick googles, it appears to have been around for quite some time.... not sure if it's some kind of probe to see if my address exists..but they're annoying.
You are right that it is a verification process. What you do is have your mail bot send out spam with a twist. As each message is composed and sent, it contains an embedded image of a random name (in fact, it doesn't really exist) that is really a reference number. For example <img src=http://logging.microsoft.com/verify/123451.jpg border=0
Your web server error log will identify every time one of those images was tried and then that gets matched automatically to your database of names. Now you have: 1. A verified email address 2. An originating IP (can narrow down to what continent they are on or if broadband customers) 3. What OS you are running 4. Possibly what email client or web browser you use. This is worth big bucks in the form of "email leads" sold by geographic regions and whether they are dialup, cable customers, business, etc. *:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-. Randall Perry Domain Logic Technology Solutions http://www.domain-logic.com Every problem has a solution. If there is no solution, there is no problem.. *:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Empty emails?, (continued)
- RE: Empty emails? Steven Coutts (Feb 25)
- Re: Empty emails? partysan_FFF (Feb 25)
- Re: Empty emails? Berend-Jan Wever (Feb 25)
- RE: Empty emails? Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- Re: Empty emails? Rommel Portugal (Feb 25)
- Re: Empty emails? randall perry (Feb 25)
- OT: Re: Empty emails? gadgeteer (Feb 27)
- Re: OT: Re: Empty emails? Jim Richardson (Feb 27)
- Re: OT: Re: Empty emails? Valdis . Kletnieks (Feb 27)
- Re: Empty emails? randall perry (Feb 25)
- Re: Empty emails? gabriel rosenkoetter (Feb 26)