Home page logo
/

nanog logo nanog mailing list archives

Re: Are you getting Spam from Crossfire Media?
From: Rich Kulawiec <rsk () gsp org>
Date: Wed, 14 Jan 2009 09:24:50 -0500

On Tue, Jan 13, 2009 at 05:19:01PM -0800, JC Dill wrote:
RSK wrote:
3. But it's utterly pointless to obfuscate addresses in such archives:
spammers have long since set up quite efficient methods of harvesting
any address used on any public mailng list or Usenet newsgroup. [1]  The
only people meaningfully impeded by these futile attempts at obfuscation
are legitimate senders.

Rich, I know that spammers can get an address by subscribing and  
scarfing the emails that are used to post to the list.  I just don't  
want to see it be made any easier for them by idiots making their own  
public web archives (when this list already has a web archive) and then  
not obfuscating the email addresses.  As you and others have also noted,  
that's just plain rude.

To be clear: I think setting up an unauthorized public archive of a
mailing list, with or without email addresses, is rude.  (I _might_
consider rare exceptions, such as very old mailing lists of historical
interest whose owners are no longer around, but that's clearly not
the case here.)  List-owners should always be asked for their permission.

But as far as making it easier for spammers: we're talking about the
difference between lifting their pinky finger half a millimeter and
grinding out, with tortuous effort, an entire millimeter.  "Professional"
address harvesters don't need and largely don't care about web-based
archives: it's much simpler, easier and faster for them to go directly
to the source and receive (so to speak) real-time feeds of valid addresses,
which, as a bonus, come with "last time known-valid" data as well.
Those feeds come from list subscriptions, NNTP feeds, malware infections,
and other sources.

So any address which:

        - is used on any public mailing list
        - is used in any Usenet newsgroup
        - is used to send mail to anyone who reads it on a Windows box
        - is used to send mail to any mail server running on a Windows box

is going to be harvested -- it's only a question of when, and from there,
it's only a question of when spammers will start trying to deliver to it.
(Which probably means "shortly after they buy the latest address collection
from the harvesters".  The increasing division of labor and sophistication
of the abuse industry has led to niche roles, i.e., it's cheaper and easier
for spammers to just buy addresses than to do their own harvesting.)

The best working assumption to make is that any email address that's
actually used is going to be a target, and plan defenses accordingly.
Once again, security by obscurity does not work -- which is why there
is zero point in obfuscating addresses in list archives.

---Rsk


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]