hwg-techniques archives Jan 2003 new search results previous next

Re: Yahoo (How beaconing works)-how spammers get addresses

by "Octavian Rasnita" <orasnita(at)home.ro>

 Date:  Fri, 31 Jan 2003 09:36:17 +0200
 To:  "jim barchuk" <jb(at)jbarchuk.com>,
<hwg-techniques(at)mail.hwg.org>
 References:  jbarchuk
  todo: View Thread, Original 
So you are saying that the spammers are paid just for sending messages even
though those messages are not reaching their destination?
But in this case they shouldn't care if the domain is valid or not.

How can they find a lot of good email addresses then?
There are millions of domain names and on each domain name could be a lot of
email addresses.
I don't think they are trying to match any word like a@domain, b@domain,
c@domain, ... aa@domain, ab@domain, ...until zzzzzzzzzzzzzzz@domain because
this will take millions of years.

They could try using a dictionary with names and combinations of names using
the "." and "_" characters and ending with a few digits eventually.

But if you have a username that doesn't sound like a name, and especially if
you say that you have it on a major ISP, they've probably sold the list of
email addresses to someone.
Yeah, all of them say that they don't do such a thing, but you've seen how
bad are staying in business the companies that are getting money from
internet...

BTW. I guess you've heard about the big losses of Time Warner, the owner of
ICQ and AOL.


Teddy,
Teddy's Center: http://teddy.fcc.ro/
Email: orasnita(at)home.ro

----- Original Message -----
From: "jim barchuk" <jb(at)jbarchuk.com>
To: <hwg-techniques(at)mail.hwg.org>
Sent: Friday, January 31, 2003 2:56 AM
Subject: Re: Yahoo (How beaconing works)-how spammers get addresses


Hi Teddy!

On Thu, 30 Jan 2003, Octavian Rasnita wrote:

> I don't think that's a valid explanation.
>
> Just think how many combinations of email addresses could be on just a
> single domain and you will see that they will need to send a lot of
messages
> and this will take years.
> The result could be that that server is configured to receive all the non
> existent email messages in a separate inbox.
>
> The spammers use a spider like that for indexing web pages for a search
> engine to get the email addresses from all the web pages.
> They use to use a query to Google or other search engine for specific
> topics, and this will get web pages with a certain content....
>
> Teddy,

It's not unreasonable. I'm sure you've seen the envelope comments. One
email can sends hundreds of spams.

Anecdotally speaking... I have an email address onm a major ISP that looks
like essentially four random characters. It doesn't even have a vowel in
it. I have never posted it anywhere, or even used it to send an email
message.  But wihin *days* of opening it I started getting spams. The spam
volume has slowly but steadily increased over the years as it wends its
way from cdrom to cdrom compilations of 'addresses that don't bounce.'

So yes, they do send out to randomly created names, the shotgun theory. I
also get spams for larry01(at)jbarchuk.com, larry02, larry03 etc.. Given four
chars there are only about 1.7M. At 100 addresses per envelope that's only
17k envelopes.

Anecdotally speaking... I operate a very small server here. Only a few
valid email addresses. One day I started getting spams to real-looking but
invalid user names that bounced and bounced and bounced. Over the course
of about a week totalling about 6k *separate* messages. For a little while
I configured things so they wouldn't bounce so I could look at the
headers. Unfortunately they were all totally bogus and untraceable without
resorting to lower level analysis that I couldn't be bothered with. A few
months later the same thing happened again, maybe or maybe not the same
source. But I don't particularly care because they're now all listed as
'addresses that bounce.' :)

The upshot of that second example is that the professional spammers don't
*care* how much time it takes to send. They get paid whether it arrives,
or bounces. They're offshore and immune to any destinational jurisdiction.

Part of -this- particular problem is that there is a level at which the
internet is inherently insecure because it's -designed- to ensure
anonymity. It could have been done differently but wasn't. OTOH, is it
-really- a problem? Because without that level of insecurity there would
be absolutely *no* anonymity. Tradeoffs all around.

On the PLUS SIDE, also anecdotally speaking, I think the market is
saturated and not getting any worse than it already is. The address I'm
writing from has been on the net for many years and is undoubtedly on
every eleventy-hundred-gazillion-address cdroms. A year or two ago my
daily spam dose peaked at about 100/day and has -not- increased since
then.  Sometimes 80, sometimes 120, but never less or more than that.

Have a :) day!

jb

--
jim barchuk
jb(at)jbarchuk.com

HWG hwg-techniques mailing list archives, maintained by Webmasters @ IWA