NYCPHP Meetup

[nycphp-talk] Hi !

Jerry Kapron nyphp at NewAgeWeb.com
Tue Apr 1 00:59:19 EST 2003


Jim,
No reason to blame NYPHP.  I've been working on anti-spam technology for a
couple of years and can list dozens of ways how your NYPHP e-mail address
ended up on a spammer's mailing list. Harvesting the Web is not the only
way.  Perhaps that's really the case that someone joined NYPHP just to
collect e-mail addresses from the web archive. However there are all kinds
of other things done by spammers to get e-mail addresses.  You gotta realize
that once you send an e-mail message to a mailing list, the message is
distributed to all subscribers, therefore many different IPS's and PC's. ..
and then you have things like:
- evil admins who extract addresses from mailbox and mail log files on mail
servers
- weak security on shared mail/hosting servers where any user can do the
above
- e-mail worms harvesting addresses from e-mail client mailboxes
- the list goes on ..
I hope you'll be able to sleep tonight and use e-mail ever again  :)

Cheers,
Jerry

--
42.7% of all statistics are made up on the spot.


>
>--- nyphp at jimbishop.org wrote:
>> > --- nyphp at jimbishop.org wrote:
>> > > I just got this piece of spam to my mail account using the address I
>> set
>> > > up just for NYPHP.  Has the subscriber list been compromised?
>> >
>> > Negative, and with private archives the address must have been
harvested
>> > using other means.
>>
>> So then it was picked up off of the online archives?
>
>Again, negative.  The archives are only accesible after registering and
>logging in - something others have mentioned as being a pain, but at the
same
>time, this is the first ever spam issue that's been reported.
>
>> The only place I use
>> this address is for this mailing list.  It's not even a mail account or
an
>> alias.  I just have all of my email go to one mailbox, but I switch out
>> the name to track who's selling my email address.  I don't believe NYPHP
>> is selling email addresses, but I wonder if the archives are being
>> harvested for spam purposes.
>
>Unless a spammer has registered and logged into the archives, this is not
an
>issue.  As others pointed out, there are many clever ways people can sniff
>addresses or use "brute force" methods.  Having a catchall account for
>nyphp.org, I am a victim of these types of attacks continuously.
>
>H
>
>> jim.bishop
>>
>>
>>
>>
>>
>> > > ---------- Forwarded message ----------
>> > > Return-Path: <soloboso at aol.com>
>> > > Received: from aol.com ([211.184.230.1] (may be forged)) by
>> cypress.he.net
>> > >     (8.8.6/8.8.2) with SMTP id LAA16879 for <nyphp at jimbishop.org>;
Fri,
>> > >      28 Mar 2003 11:30:13 -0800
>> > > From: soloboso at aol.com
>> > > Message-ID: <001010b0ba75$bed64013$58630437 at gmx.u>
>> > > To: Administrator at cypress.he.net
>> > > Subject: Hi !
>> > > Date: Fri, 28 Mar 2003 13:07:50 +0600
>> > > MIME-Version: 1.0
>> > > Content-Type: text/plain;
>> > > charset="iso-8859-1"
>> > > Content-Transfer-Encoding: 8bit
>> > > X-Priority: 3
>> > > X-Mailer: Microsoft Outlook Express 6.00.2800.1106
>> > > Importance: Normal
>> > >
>> > > : ))).
>> > >
>> > > NEED UP TO THE MINUTE EMAIL  LISTS
>> > > TO MAIL TO -- FRESH DAILY?  30,000
>> > > brand new email names -- just $20 !
>> > >
>> > > http://BulletproofMailings.com
>> > >
>> > > Delivered to you immediately with Paypal
>> > > or Credit Card payment online. Special
>> > > yearly subscription allows you access to
>> > > ALL our past, present and future lists!
>> > >
>> > >
>> > > Send blank email to:  remove at BulletproofMailings.com
>> > > to be removed from our mailings.
>> > >
>> > >
>> > >
>> >
>>
>6489DXSF2-974RMqn0745IfyN5-899Kudi6325ofiK9-776ildZ9696aXSM6-980Wspp1032nti
O3-641HKl78
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>>
>>
>>
>>
>> ----------------------------------------------------------
>> jim.bishop at jimbishop.org
>>
>> support regime change        http://www.deanforamerica.com
>>                              http://www.newyorkfordean.com
>> ----------------------------------------------------------
>>
>>
>>
>>
>>
>>
>
>
>
>--- Unsubscribe at http://nyphp.org/list/ ---
>
>




More information about the talk mailing list