Full Disclosure mailing list archives

Re: leaking

From: "Gary E. Miller" <gem () rellim com>
Date: Wed, 12 May 2004 09:41:04 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yo Jimmy!

On Wed, 12 May 2004, KUIJPERS Jimmy wrote:

I see no reason whatsoever why I should generate the e-mail address in a
 cryptographic manner... .whatever that may mean (since when
do we create an email address via a "cryptographically-secure" way and w
hat is the relevance?


That is because spammers do not even bother to check for valid email
accounts anymore.  They run dictionaries of known usernames, millions
of them, against all know domains.  This is why Hotmail was so screwed up
last week.  Hundreds of emails to invalid email accounts for every valid
one.  Their poor server could not stand up to the load.

Someone asked me set up a new account "greg" on a lightly used domain
name.  His old email was getting too much spam and he figured that since
greg () example com had never been used he should be spam free.  So I
checked the email logs.  Several dictionary spamers had visited in the
last few days, sending millions of emails, with millions of usernames,
to a domain that never had more than 5 active usernames.  Guess what?
greg () example com was already being sent spam!  Also greg1@, greg2@,
greg3@, etc. were also being sent spam.  So changing his email to any of
those would only slow down his spam a little for a short while.

Unless you set up a test account with a big long random number there is
no hope that it is not already in one of these dictionaries.

RGDS
GARY
- ---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
        gem () rellim com  Tel:+1(541)382-8588 Fax: +1(541)382-8676

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQFAolOm8KZibdeR3qURAr6hAJ0WaaivNEfiuCgMwko4eIJSdCQe1gCfSDa4
9y3ERoqoXn653xveMxma6lQ=
=79d2
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

leaking Felipe Angoitia (May 12)
- Re: leaking KUIJPERS Jimmy (May 12)
  - Re: leaking Dave Horsfall (May 12)
    - Re: leaking KUIJPERS Jimmy (May 12)
    - Re: leaking Gary E. Miller (May 12)
    - Re: leaking Valdis . Kletnieks (May 12)
    - Re: leaking Gary E. Miller (May 12)
    - RE: leaking Aditya, ALD [Aditya Lalit Deshmukh] (May 12)
    - Re: leaking Ron DuFresne (May 13)
    - Re: leaking Dave Horsfall (May 12)
  - RE: leaking Alerta Redsegura (May 12)
    - Re: leaking sith (May 12)
    - RE: leaking Alerta Redsegura (May 12)
    - Re: leaking sith (May 12)
    - RE: leaking Alerta Redsegura (May 12)

(Thread continues...)