Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: mailman email harvester
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Tue, 8 Feb 2005 14:52:33 -0000

"Bernhard Kuemel" <bernhard () bksys at> wrote in message
news:4207F04C.2010403 () bksys at   
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

Tons of email addresses from mailman mailing lists are vulnerable to
be collected by spammers.

They are "protected" by obfuscation (user () example com -> user at
example.com) and access to the subscriber list can be restricted to
subscribers. The obfuscation is trivially reversed and harvester
scripts can subscribe to gain access to restricted lists.

  Yes, but no spammers actually do so.  For experimental proof of this
claim,

http://www.cdt.org/speech/spam/030319spamreport.shtml

" But none of the addresses that were obscured, whether in "human-readable"
or "HTML-obscured" form, received a single piece of spam, leading us to
conclude that e-mail address "harvesters" are not presently capable of
collecting such addresses. While this may change as time passes and
technology develops, for the time being it appears that obscuring an e-mail
address is an effective means of avoiding spam. "

  The harvesters don't bother because there are so many un-obfuscated email
addresses out there, enough to keep them busy for a lifetime of spamming,
anyway.

An improved version that collects addresses that are restricted to
subscribers, processes more lists and works more parallelized is
planned.

  Why?  You hoping to sell it to spammers?  Obfuscating *works*; if YOU
break it, that makes YOU a spamming motherfucker.  Why don't you go fuck
yourself instead?

  Oh, and by the way

<bernhard () bksys at>
<bernhard () bksys at>
<bernhard () bksys at>
<bernhard () bksys at>
<bernhard () bksys at>
<bernhard () bksys at>
<bernhard () bksys at>
<bernhard () bksys at>



    drop dead,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault