Email harvesting?

[David Farber <dave () farber net>]

Begin forwarded message:

From: Darrell Greenwood <darrell.usenet5 () telus net>
Date: November 24, 2006 5:14:12 PM EST
To: bkoball () well com
Cc: David Farber <dave () farber net>
Subject: Re: [IP] Email harvesting?

At 3:16 PM -0500 24/11/06, David Farber wrote:
> Begin forwarded message:
>
> From: Bruce R Koball <bkoball () well com>

<snip>

> Am I crazy to think that spammers may be using some mechanism (packet
> sniffing?) to perform a sort of key-word harvesting to get around
> filters
> and induce recipients to read their messages.

Technically possible, but not likely, would be my guess. Too
complicated for the end result.

For whatever it is worth, I have been keeping an eye on spam since it  
began.

There is no question email address harvesting happens, I have a
number of email addresses that I only keep around for use as spam
traps and checking the effectiveness of spam filtering. An
unprotected address that was exposed briefly to address harvesters
ten years ago is now getting spam at the rate of one every hour.
Another address similarly exposed but which now has greylisting and
spamassassin is down to one spam a month as I tinker with the
spamassassin filtering.

Surprisingly to me simple munging works to defeat address harvesting,
my site http://www.nyx.net/~dgreenw has had the same munged email
address on every page up for years (I increment the number when spam
arrives at the address) and it is a popular site which owns the
Google search term 'sourdough'.

At my regular address which has no protection I get no spam, I rely
only on address management and discarding compromised addresses by
incrementing the number in the address. The story of Nadine,
http://www.honet.com/Nadine/ shows once an address is compromised you
only have two choices, discard it, or rely on ever increasing
filtering with the chance of false positives. I choose to discard
compromised addresses.

Back to your question, currently it would appear most spam is out of
zombies, e.g.,  http://tinyurl.com/ymtzek thanks to Bill Gates. The
same zombies could easily be scanning your email if they are on the
same LAN as you. See http://tinyurl.com/4z9g5 and
http://en.wikipedia.org/wiki/Botnets

If your personal mail is being scanned to provide material to defeat
Bayesian filtering you are unquestionably among the first to so
suffer :-)

Cheers,

Darrell


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/