ietf
[Top] [All Lists]

Re: The utilitiy of IP is at stake here

2003-06-01 12:06:17
"Anthony Atkielski" <anthony(_at_)atkielski(_dot_)com> wrote:

David writes:
[0]

Guessing and trying?

That would require tens of thousands or even millions of bounces for
every successful mailing attempt.  I don't think anyone is doing it
that way.

Never heard of dictionary attacks?  They're not just for passwords.  
Spammers don't seem to CARE that their delivery rate may be 1:1e6; their 
costs are practically nil.  After all, they already try to send to 
addresses that can't be verified as having existed in many years, or 
often to addresses that they have been told do not exist.

Online directory provided by her email provider?

Which e-mail providers are providing online directories?

At least Yahoo.

And how
many of these directories allow you to extract addresses without
specifying any search parameters (such as a name)?

So you have to provide a few search paramaters.  Whoop de doo.  Any 
decent programmer can write a program to search the entire space, by 
dividing it up when you hit the limit.

Or, split it up by using the Advanced Search there, and get the added 
bonus of knowing the age range, marital status, gender, interests, 
location, etc.  Can you say "marketing goldmine" boys and girls?

Not understanding risks, she joins a seniors mail list?

Possible, but not likely.

Perhaps not for your specific grandma, but . . . .

Someone she corresponds with blasts an email to
a bunch of folks leaving all addresses exposed,
and one of the addressees does some action which
exposes the email to a spammer's harvesting process?

This is getting more and more farfetched.

Not farfetched at all.  Have you never had your email address in a To or 
Cc in a message from a perfectly innocent sender to a huge number of 
people?  That happens to me about weekly.  I can't say for sure whether 
that has resulted in my address winding up somewhere easily harvestable, 
other than as below.  However, I strongly suspect that it's not only 
plausible, but highly likely!  Think how many things you have seen that 
have not only huge To or Cc lists on them, but many *layers* of same, 
after many clueless lusers have forwarded it around the planet.  Do you 
trust each and every name on such a list, never to expose the addies???

Or more explicitly, someone she knows copies her
in a post to a mailing list which is being harvested.

A list to which she doesn't belong?  Again, this seems unlikely.

That has happened to me many times.  Can you say with any confidence at 
all that, for instance, no messages on this very list, has ever had a 
non-member in the To or Cc?  It's possible, I grant you, but extremely 
unlikely (IMHO), and anybody could trivially make it not so.

I have quite a few addresses that remain untouched.  Only the ones
for which an obvious harvesting path exists have received spam.

Lucky lucky you.

[0]Not me, some other David.

-- 
David J. Aronson, Unemployed Software Engineer near Washington DC
See http://destined.to/program/ for online resume, and other info