I'm curious Chris, Have you had many of the online site email addresses leaked? Regards Kefyn JUDSON Multiservice Network Architect ERICSSON New Zealand * Phone: +64 9 3555 461 * Mobile: +61 21 535 331 * E-mail: kefyn.judson(a)ericsson.co.nz * SMS: kefyn(a)vodofone.net.nz -----Original Message----- From: Chris Wedgwood [mailto:cw(a)f00f.org] Sent: Tuesday, 8 January 2002 3:26 PM To: Dean Pemberton Cc: Dylan Reeve; NZNOG List Subject: Re: Spam on the increase ? On Tue, Jan 08, 2002 at 01:06:43PM +1100, Dean Pemberton wrote: So rather than having dean(a)flatnet.gen.nz post to mailing lists, I'd have nznog(a)deanpemberton.com post to the nznog mailing list. Then filter incoming mail to that address, so that if it was not a post to the nznog list it gets dumped. I do this already for all my mailing lists, for example, I receive all nznog email via nznog(a)ml.cw.f00f.org --- and I can tell you from experience this wonderful scheme of mine casues many problems :( I also use this for routing, so if somebody wanted to be malicious, they could spam that address and it would get automagically routed and stored in my nznog mailing list --- at which time I move to me next greatest scheme :) Similarly, I use cw+<blah>@f00f.org sort of thing for online sites, to I can track if given email addresses leak and such like, all very crude right now, but I've considered something much more complex where I would email using <nouce>@cw-mail.f00f.org sort of thing so I could track individual messages and replies to them on a per message basis, but it hardly seems worth the effort. The biggest problem being that I can't post to mailing lists as cw(a)f00f.org unless they have a pst-only type list (which nznog does, but most lists do not). --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, Jan 08, 2002 at 01:44:27PM +1100, Kefyn Judson (ENZ) wrote: Have you had many of the online site email addresses leaked? No, not so far... it seems then it's likely most address harvesting is done via Usenet (probably not so common) and by using spiders to walk online HTTP mailing list archives such as this one. But without hard facts this is pure speculation. I should also point out, people posting with email address constructs like user(a)nospam.domain.com and user.nospam(a)foo.com is pointless, I have shown in the past a simple sed script can clean up 90% of the common 'anti-spam' measures as used by people in nz.general (the sample I chose at the time) and with a little effort I think 95% should be trivial obtainable... at the same time making legitimate replies problematic (if I have to remove a nospam, you won't get email from me). Furthermore, if we assume having nospam in your email address was sufficient to not get spammed (ie. spammers would filter out any addresses with /nospam/ in them) I would use cw(a)nospam.f00f.org as my real email address. Sadly, spammers don't seem to clean addresses very well (if at all), mostly because lists of addresses are sold and like all things touched my marketriods, bigger numbers are better (hence there is little if any incentive to produce lists of any quality). --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 16:04 8/01/02 +1300, Chris Wedgwood wrote:
On Tue, Jan 08, 2002 at 01:44:27PM +1100, Kefyn Judson (ENZ) wrote:
Have you had many of the online site email addresses leaked?
No, not so far... it seems then it's likely most address harvesting is done via Usenet (probably not so common) and by using spiders to walk online HTTP mailing list archives such as this one. But without hard facts this is pure speculation.
I've had spam come to two addresses which are only listed as a contact address on our website (eg, its an alias that redirects to me, not an address I ever post with) so from that I can only assume that some spammers DO use some kind of web page scanning email address harvester. Fortunately I only received a few pieces of spam to those addresses, and they seem to have stopped for now... Another thing that occured to me is perhaps one of the current self-sending internet worms is actually a secret email address harvester that sends copies of the email address of all computers it infects, *and* their address books to some nefarious address collector. I understand that some email worms also check your internet explorer cache for email addresses seen on recently visited web pages as well, so the potential to extract valid email addresses with a method like that is truly scary. Regards, Simon - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, 8 Jan 2002, Kefyn Judson \(ENZ\) wrote:
I'm curious Chris,
Have you had many of the online site email addresses leaked?
Someone trawled the idg.co.nz sites and discovered lotsa live addresses... so now I get mortgage offers for the US galore. Sigh. Sigh. Sigh. -- Juha Take off every sig! - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, Jan 08, 2002 at 04:05:34PM +1300, Juha Saarinen wrote: Someone trawled the idg.co.nz sites and discovered lotsa live addresses... so now I get mortgage offers for the US galore. Sigh. Sigh. Sigh. The other idea I had was to have email addresses dynamically generated and exposed on as many web-sites as possible, so that when an email address was used, it could be traced back to the actually host/time that trawled the address. The really terrible thing about all this is it goes to show spam irritates people enough to consider all sorts or time-wasting esoteric counter-measures and detection devices and even allows people to build businesses around the prevention of it. Has anyone reputable done research on how much corporate time is wasted because of spam? --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, 8 Jan 2002, Juha Saarinen wrote:
On Tue, 8 Jan 2002, Kefyn Judson \(ENZ\) wrote:
I'm curious Chris,
Have you had many of the online site email addresses leaked?
Someone trawled the idg.co.nz sites and discovered lotsa live addresses... so now I get mortgage offers for the US galore. Sigh. Sigh. Sigh.
If you were going implement a firewall you'd construct access lists based on the principle "that which is not explicitly permitted, is denied". You'd also allow return traffic from connections you'd initiated. Much of the antispam activity is based around the premise "that which is not explicitly denied, is permitted". You simply can't secure things using this approach. I suspect that for many, many people they could construct a list which said who they were prepared to receive email from. You could add the addresses of people you email to the list (perhaps with a timeout). You then autorespond to anyone you don't recognise with a "Sorry, you don't seem to be one of the people, I communicate with. If you still want to send me email, go to this web site, fill in the form and I'll let you know. Have a nice day". How badly do you want email from strangers? Haven't you got a life? (:-) - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, Jan 08, 2002 at 04:27:19PM +1300, Andy Linton wrote: I suspect that for many, many people they could construct a list which said who they were prepared to receive email from. You could add the addresses of people you email to the list (perhaps with a timeout). You then autorespond to anyone you don't recognise with a "Sorry, you don't seem to be one of the people, I communicate with. If you still want to send me email, go to this web site, fill in the form and I'll let you know. Have a nice day". Actually, people do this already and there are procmail scripts floating about to implement this if you try google. A similar varient is if I don't know who you are, I reply with a nounce nd you must then resend with that nounce or I won't accept your email... so on-off spamming doesn't work. --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, 8 Jan 2002, Chris Wedgwood wrote:
On Tue, Jan 08, 2002 at 04:27:19PM +1300, Andy Linton wrote:
I suspect that for many, many people they could construct a list which said who they were prepared to receive email from. You could add the addresses of people you email to the list (perhaps with a timeout). You then autorespond to anyone you don't recognise with a "Sorry, you don't seem to be one of the people, I communicate with. If you still want to send me email, go to this web site, fill in the form and I'll let you know. Have a nice day".
Actually, people do this already and there are procmail scripts floating about to implement this if you try google. A similar varient is if I don't know who you are, I reply with a nounce nd you must then resend with that nounce or I won't accept your email... so on-off spamming doesn't work.
I'm sorry, you don't seem to be one of the people.... I wasn't claiming an original thought. I recall Marshall Rose running a scheme like this minus the "go to the web site" bit in the early 90s - yet more evidence that I am 'old beyond many people's capacity to comprehend'. andy - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, 8 Jan 2002, Andy Linton wrote:
How badly do you want email from strangers? Haven't you got a life? (:-)
Moi? Jamais! No, seriously, the problem is compounded by the fact that my idg.co.nz address is set to forward to my personal domain. If I didn't have that, I'd have to run Lotus Notes[*] to read my email. Not even the vilest NZNOG list-nasty wish such a fate upon me... -- Juha Take off every sig! [*] Which is utterly devoid of any filtering or sender verification ability, let alone a blocked_senders feature. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Tue, Jan 08, 2002 at 04:47:49PM +1300, Juha Saarinen wrote: No, seriously, the problem is compounded by the fact that my idg.co.nz address is set to forward to my personal domain. So have juha.saarinen(a)idg.co.nz (or whatever) forward to blem(a)saarinen.org or juha(a)idgformward@saarinen.org so you can filter it differently... --cw - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (5)
-
Andy Linton
-
Chris Wedgwood
-
Juha Saarinen
-
Kefyn Judson (ENZ)
-
Simon Byrnand