Full Disclosure mailing list archives
Re: Mailing lists and unsolicited/malicious spam
From: n3td3v <xploitable () gmail com>
Date: Fri, 26 Nov 2004 16:51:27 +0000
On the note of hiding e-mail addresses: Yahoo! Groups, a fully featured user group and mailing list has taken steps to prevent malicious users harvesting new e-mail addresses to add to spam list databases. They (Yahoo) cut the e-mail address on the website, so harvesting becomes impossible by only showing the user side of the e-mail address. Example "n3td3v@...". On the note of mailing lists and user groups having its own unique (back-end off list) spam: I have also noticed Yahoo!s own resident hax0rs, spammers, whatever you wish to label them as, actually use Yahoo! users to create bot yahoo accounts (by sending them a carefully crafted url, which relays via google and queries the malicious webpage, which looks like a legitimate Yahoo! word verification page) to later broadcast out to Yahoo! users of Yahoo! Mail and Yahoo! Groups. So, in some instances, mailing lists and user groups can have its internal scams going on (if the network is big enough, which yahoo (mail and groups) We could take Yahoo!s e-mail hiding idea, but take it a step further: I was thinking, why are all e-mail addresses not encrypted as soon as they leave the authors mail client, surely this would stop anyone seeing the address, apart from the mail client at the other end the message was intended for. And when a user mails a mailing list the e-mail address could be read by the mailing list software, but stays encrypted for the broadcast out to the subscribers of the list. All you need to do to stop spam is have e-mail addresses encrpyted and only readable by the person they were sent to. perhaps to make it nicer, leave the user@ side of the e-mail address showing, but encrypt the @domain side of the e-mail address. Don't tell me, this has already been thought of and i'm the last to think of it, oh well nevermind! This would at least stop the malicious spammers harvesting new addresses on mailing lists and the third party sites where mailing list threads are published, example: seclists.org. I'm sure encrpyting the domain side of e-mail addresses has its pitfalls and flaws. Its just something I thought about on top of my head, I haven't researched fully the pro's and con's (at least yet). Thanks, n3td3v@h4hfshjkewts _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Mailing lists and unsolicited/malicious spam David Taylor (Nov 26)
- Re: Mailing lists and unsolicited/malicious spam Ralph Angenendt (Nov 27)
- RE: Mailing lists and unsolicited/malicious spam pingywon MCSE (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam Danny (Nov 27)
- RE: Mailing lists and unsolicited/malicious spam pingywon MCSE (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam nicolas vigier (Nov 30)
- RE: Mailing lists and unsolicited/malicious spam pingywon MCSE (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam Ralph Angenendt (Nov 27)
- <Possible follow-ups>
- Mailing lists and unsolicited/malicious spam n3td3v (Nov 26)
- Re: Mailing lists and unsolicited/malicious spam Ron (Nov 27)
- RE: Mailing lists and unsolicited/malicious spam Todd Towles (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam n3td3v (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam Valdis . Kletnieks (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam Andrew Farmer (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam Valdis . Kletnieks (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam devis (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam nicolas vigier (Nov 30)
- Re: Mailing lists and unsolicited/malicious spam Valdis . Kletnieks (Nov 27)
- Re: Mailing lists and unsolicited/malicious spam n3td3v (Nov 27)
- RE: Mailing lists and unsolicited/malicious spam Todd Towles (Nov 27)
- RE: Mailing lists and unsolicited/malicious spam Todd Towles (Nov 27)