Date: Fri, 21 Dec 2001 14:05:15 -0500 Reply-To: Maryland Birds & Birding Sender: Maryland Birds & Birding From: Vincent Smythe Subject: discusion There are many ways in which spammers can get your email address. The ones I know of are : 1. From posts to UseNet with your email address. Spammers regularily scan UseNet for email address, using ready made programs designed to do so. Some programs just look at articles headers which contain email address (From:, Reply-To:, etc), while other programs check the articles' bodies, starting with programs that look at signatures, through programs that take everything that contain a '@' character and attempt to demunge munged email addresses. There have been reports of spammers demunging email addresses on occasions, ranging from demunging a single address for purposes of revenge spamming to automatic methods that try to unmunge email addresses that were munged in some common ways, e.g. remove such strings as 'nospam' from email addresses. As people who where spammed frequently report that spam frequency to their mailbox dropped sharply after a period in which they did not post to UseNet, as well as evidence to spammers' chase after 'fresh' and 'live' addresses, this technique seems to be the primary source of email addresses for spammers. 2. From mailing lists. Spammers regularily attempt to get the lists of subscribers to mailing lists [some mail servers will give those upon request], knowing that the email addresses are unmunged and that only a few of the addresses are invalid. When mail servers are configured to refuse such requests, another trick might be used - spammers might send an email to the mailing list with the headers Return-Receipt-To: or X-Confirm-Reading-To: . Those headers would cause some mail transfer agents and reading programs to send email back to the saying that the email was delivered to / read at a given email address, divulging it to spammers. A different technique used by spammers is to request a mailing lists server to give him the list of all mailing lists it carries (an option implemented by some mailing list servers for the convenience of legitimate users), and then send the spam to the mailing list's address, leaving the server to do the hard work of forwarding a copy to each subscribed email address. [I know spammers use this trick from bad experience - some spammer used this trick on the list server of the company for which I work, easily covering most of the employees, including employees working well under a month and who's email addresses would be hard to find in other ways.] 3. From web pages. Spammers have programs which spider through web pages, looking for email addresses, e.g. email addresses contained in mailto: HTML tags [those you can click on and get a mail window opened] Some spammers even target their mail based on web pages. I've discovered a web page of mine appeared in Yahoo as some spammer harvested email addresses from each new page appearing in Yahoo and sent me a spam regarding that web page. A widely used technique to fight this technique is the 'poison' CGI script. The script creates a page with several bogus email addresses and a link to itself. Spammers' software visiting the page would harvest the bogus email addresses and follow up the link, entering an infinite loop polluting their lists with bogus email addresses. For more information about the poision script, see http://www.monkeys.com/wpoison/ 4. From various web and paper forms. Some sites request various details via forms, e.g. guest books & registrations forms. Spammers can get email addresses from those either because the form becomes available on the world wide web, or because the site sells / gives the emails list to others. Some companies would sell / give email lists filled in on paper forms, e.g. organizers of conventions would make a list of participants' email addresses, and sell it when it's no longer needed. Some spammers would actually type E-mail addresses from printed material, e.g. professional directories & conference proceedings. Domain name registration forms are a favourite as well - addresses are most usually correct and updated, and people read the emails sent to them expecting important messages. ======================================================================= To leave the MDOsprey list, send e-mail to listserv@home.ease.lsoft.com with the following message in line 1: signoff mdosprey ======================================================================= =========================================================================