[Tfug] Re: ISP for Qwest DSL

Leo Przybylski tfug@tfug.org
Thu Jan 16 11:25:02 2003 

Leo Przybylski wrote:

> Anthony Steckman wrote:
>
>> Outside of AOL, most message boards and email groups are pretty safe 
>> from harvesters, who prefer to use crawlers that harvest mailto 
>> addresses from an html context. Mailman protects against this by not 
>> posting email addresses in the archives. In other words: the only way 
>> to get addresses from this Listserv... is to join the Listserv. Most 
>> of the old-school newsgroup type crawlers fail here because they 
>> don't know how to reply to the confirmation email.
>>
> Doesn't TFUG use mailman? I would hate to rain on your parade, but I 
> could quite easily (with procmail, bash and sendmail), start spamming 
> people on this mailing list. There are ways to protect against this 
> with sendmail, but I won't go into that.
>
> In a modular sense, it would be simple to integrate this functionality 
> into a crawling system.
>
> Speaking of crawling, isn't it also possible to crawl mailing-list 
> archives available through good ole' HTTP? 

Putting 2 and 2 together, I just had a great idea for you spammers out 
there!! ASF uses The mail archive to archive their mailing lists and 
make them publicly available via HTTP. The mail archive has one huge 
fault though. It allows the option of responding to people who 
originally posted directly without needing to login or anything. This 
can give a crawler (with some interpretation) the email address of the 
poster.

How do you set up mail archive to work? Get a mail archive account and 
sign up that account with the mailing list you want to archive.

Suddenly, you have an instantly crawlable mailing list. Completely 
vulnerable.

Just thought I would post that if anyone needed help in their spamming 
exploits.

-Leo Przybylski

>
>
> I don't mean to boast, and this may not really prove anything by me 
> saying it, but I used to write crawling software for spammers (much to 
> my shame). I maintain a personal database of domestic/international 
> email addresses (I'm sure you're on it somewhere).
>
> I'm with the AOL QA person. I also used to write software for 
> profiling over network protocols. I'm sure that if you have visited 
> any of the clients from http://www.coremetrics.com, you have been 
> tagged and are tracked throughout the world of HTTP. If you have ever 
> seen an XXX banner (now, I would never stoop that low, but they are 
> the competition for legitimate businesses) or email, you again are 
> tagged.
>
> Spam isn't all you have to worry about. Be sure to turn your cookies 
> off even in your email viewer.
>
> -Leo
> P.S. By "you", I wasn't referring to any specific individual. I mean 
> anyone reading this on the list.
>
>>
>> This isn't to say it couldn't eventually become a problem, but your 
>> experience with AOL is skewing your perception of what happens on the 
>> rest of the Internet.
>>
>> Yahoo! mailing lists also protect one's email address -- again, the 
>> only way to harvest the address is to join the email groups -- and 
>> the crawlers in use just aren't smart enough to handle that yet.
>>
>> Finally, if you really work at AOL, your email to this Listserv is in 
>> violation of at least three company policies.
>>
>> All things being the same:
>>
>> Stick around awhile and you might learn something.
>>
>>
>> + I'm probably responding to some of what was said below:
>>
>> . Date: Wed, 15 Jan 2003 21:08:12 -0700
>> . Subject: [Tfug] Re: ISP for Qwest DSL
>> . From: Michele Campbell <omega593@mac.com>
>> . Reply-To: tfug@tfug.org
>> . To: tfug@tfug.org
>> . X-Mailer: Apple Mail (2.551)
>> . . . I would like to suggest that you consider how your name is 
>> getting on . the spam lists rather than changing your ISP. Email 
>> addresses are . harvested from a variety of places, including public 
>> forums such as . this one. They are also harvested from ebay and 
>> yahoo. So you can . change ISP's but if your behavior does not 
>> change, you will continue to . receive spam no matter which company 
>> provides your internet service. I . work at AOL and we are currently 
>> running some tests on Spam filters-- . but no filters are perfect. 
>> What you must consider is that if your ISP . starts filtering, the 
>> ISP might inadvertently filter some of your . non-Spam email. So, for 
>> your own sake, take a look at who is receiving . your email address 
>> and where your email address is appearing and . perhaps limit that 
>> exposure.
>> . . L. Michele Campbell
>> . Associate QA Engineer, America Online, Inc.
>> . . _______________________________________________
>> . tfug mailing list
>> . tfug@tfug.org
>> . http://www.tfug.org/mailman/listinfo/tfug
>> . .
>> _______________________________________________
>> tfug mailing list
>> tfug@tfug.org
>> http://www.tfug.org/mailman/listinfo/tfug
>>  
>>
>
>
> _______________________________________________
> tfug mailing list
> tfug@tfug.org
> http://www.tfug.org/mailman/listinfo/tfug