Results 1 to 7 of 7

Thread: How Do Spammers Rape Ur Email Accounts?

  1. #1
    Double Agent
    Join Date
    May 2003
    There are many ways in which spammers can get your email address. The
    ones I know of are :

    1. From posts to UseNet with your email address.

    Spammers regularily scan UseNet for email address, using ready made
    programs designed to do so. Some programs just look at articles
    headers which contain email address (From:, Reply-To:, etc), while
    other programs check the articles' bodies, starting with programs
    that look at signatures, through programs that take everything that
    contain a '@' character and attempt to demunge munged email addresses.

    There have been reports of spammers demunging email addresses on
    occasions, ranging from demunging a single address for purposes
    of revenge spamming to automatic methods that try to unmunge email
    addresses that were munged in some common ways, e.g. remove such
    strings as 'nospam' from email addresses.

    As people who where spammed frequently report that spam frequency to
    their mailbox dropped sharply after a period in which they did not
    post to UseNet, as well as evidence to spammers' chase after 'fresh'
    and 'live' addresses, this technique seems to be the primary source
    of email addresses for spammers.

    2. From mailing lists.

    Spammers regularily attempt to get the lists of subscribers to
    mailing lists [some mail servers will give those upon request],
    knowing that the email addresses are unmunged and that only a few
    of the addresses are invalid.

    When mail servers are configured to refuse such requests, another
    trick might be used - spammers might send an email to the mailing
    list with the headers Return-Receipt-To: <email address> or
    X-Confirm-Reading-To: <email address>. Those headers would cause some
    mail transfer agents and reading programs to send email back to
    the <email address> saying that the email was delivered to / read at
    a given email address, divulging it to spammers.

    A different technique used by spammers is to request a mailing
    lists server to give him the list of all mailing lists it carries
    (an option implemented by some mailing list servers for the
    convenience of legitimate users), and then send the spam to the
    mailing list&#39;s address, leaving the server to do the hard work
    of forwarding a copy to each subscribed email address.

    [I know spammers use this trick from bad experience - some spammer
    used this trick on the list server of the company for which I work,
    easily covering most of the employees, including employees working
    well under a month and whose email addresses would be hard to find
    in other ways.]

    3. From web pages.

    Spammers have programs which spider through web pages, looking for
    email addresses, e.g. email addresses contained in mailto: HTML
    tags [those you can click on and get a mail window opened]

    Some spammers even target their mail based on web pages.
    I&#39;ve discovered a web page of mine appeared in Yahoo as some spammer
    harvested email addresses from each new page appearing in Yahoo and
    sent me a spam regarding that web page.

    A widely used technique to fight this technique is the &#39;poison&#39; CGI
    script. The script creates a page with several bogus email addresses
    and a link to itself. Spammers&#39; software visiting the page would
    harvest the bogus email addresses and follow up the link, entering
    an infinite loop polluting their lists with bogus email addresses.

    For more information about the poision script, see

    4. From various web and paper forms.

    Some sites request various details via forms, e.g. guest books &
    registrations forms. Spammers can get email addresses from those
    either because the form becomes available on the world wide web,
    or because the site sells / gives the emails list to others.

    Some companies would sell / give email lists filled in on paper
    forms, e.g. organizers of conventions would make a list of
    participants&#39; email addresses, and sell it when it&#39;s no longer needed.

    Some spammers would actually type E-mail addresses from printed
    material, e.g. professional directories & conference proceedings.

    Domain name registration forms are a favourite as well - addresses are
    most usually correct and updated, and people read the emails sent to
    them expecting important messages.

    5. Via an Ident daemon.

    Many unix computers run a daemon (a program which runs in the
    background, initiated by the system administrator), intended to
    allow other computers to identify people who connect to them.

    When a person surfs from such a computer connects to a web site
    or news server, the site or server can connect the person&#39;s computer
    back and ask that daemon&#39;s for the person&#39;s email address.

    Some chat clients on PCs behave similarily, so using IRC can cause
    an email address to be given out to spammers.

    6. From a web browser.

    Some sites use various tricks to extract a surfer&#39;s email address
    from the web browser, sometimes without the surfer noticing it.
    Those techniques include :

    1. Making the browser fetch one of the page&#39;s images through an
    anonymous FTP connection to the site.

    Some browsers would give the email address the user has
    configured into the browser as the password for the anonymous
    FTP account. A surfer not aware of this technique will not
    notice that the email address has leaked.

    2. Using JavaScript to make the browser send an email to a chosen
    email address with the email address configured into the browser.

    Some browsers would allow email to be sent when the mouse
    passes over some part of a page. Unless the browser is properly
    configured, no warning will be issued.

    3. Using the HTTP_FROM header that browsers send to the server.

    Some browsers pass a header with your email address to every web
    server you visit. To check if your browser simply gives your
    email address to everybody this way, visit

    It&#39;s worth noting here that when one reads E-mail with a browser
    (or any mail reader that understands HTML), the reader should be
    aware of active content (Java applets, Javascript, VB, etc) as
    well as web bugs.

    An E-mail containing HTML may contain a script that upon being
    read (or even the subject being highlighted) automatically sends
    E-mail to any E-mail addresses. A good example of this case is the
    Melissa virus. Such a script could send the spammer not only the
    reader&#39;s E-mail address but all the addresses on the reader&#39;s
    address book.

    A web bugs FAQ by Richard M. Smith can be read at

    7. From IRC and chat rooms.

    Some IRC clients will give a user&#39;s email address to anyone who cares
    to ask it. Many spammers harvest email addresses from IRC, knowing that
    those are &#39;live&#39; addresses and send spam to those email addresses.

    This method is used beside the annoying IRCbots that send messages
    interactively to IRC and chat rooms without attempting to recognize
    who is participating in the first place.

    This is another major source of email addresses for spammers, especially
    as this is one of the first public activities newbies join, making it
    easy for spammers to harvest &#39;fresh&#39; addresses of people who might have
    very little experience dealing with spam.

    AOL chat rooms are the most popular of those - according to reports
    there&#39;s a utility that can get the screen names of participants in
    AOL chat rooms. The utility is reported to be specialized for AOL due
    to two main reasons - AOL makes the list of the actively participating
    users&#39; screen names available and AOL users are considered prime
    targets by spammers due to the reputation of AOL as being the ISP of
    choice by newbies.

    8. From finger daemons.

    Some finger daemons are set to be very friendly - a finger query
    asking for john@host will produce list info including login names
    for all people named John on that host. A query for @host will
    produce a list of all currently logged-on users.

    Spammers use this information to get extensive users list from hosts,
    and of active accounts - ones which are &#39;live&#39; and will read their
    mail soon enough to be really attractive spam targets.

    9. AOL profiles.

    Spammers harvest AOL names from user profiles lists, as it allows them
    to &#39;target&#39; their mailing lists. Also, AOL has a name being the choice
    ISP of newbies, who might not know how to recognize scams or know how
    to handle spam.

    10. From domain contact points.

    Every domain has one to three contact points - administration,
    technical, and billing. The contact point includes the email
    address of the contact person.

    As the contact points are freely available, e.g. using the &#39;whois&#39;
    command, spammers harvest the email addresses from the contact points
    for lists of domains (the list of domain is usually made available to
    the public by the domain registries). This is a tempting methods for
    spammers, as those email addresses are most usually valid and mail
    sent to it is being read regularily.

    11. By guessing & cleaning.

    Some spammers guess email addresses, send a test message (or a real
    spam) to a list which includes the guessed addresses. Then they
    wait for either an error message to return by email, indicating that
    the email address is correct, or for a confirmation. A confirmation
    could be solicited by inserting non-standard but commonly used
    mail headers requesting that the delivery system and/or mail client
    send a confirmation of delivery or reading. No news are, of coures,
    good news for the spammer.

    Specifically, the headers are -
    Return-Receipt-To: <email-address> Send a delivery confirmation
    X-Confirm-Reading-To: <email-address> Send a reading confirmation

    Another method of confirming valid email addresses is sending HTML
    in the email&#39;s body (that is sending a web page as the email&#39;s content),
    and embedding in the HTML an image. Mail clients that decode HTML,
    e.g. as Outlook and Eudora do in the preview pane, will attempt fetching
    the image - and some spammers put the recipient&#39;s email address in the
    image&#39;s URL, and check the web server&#39;s log for the email addresses of
    recipients who viewed the spam.

    So it&#39;s good advice to set the mail client to *not* preview rich media
    emails, which would protect the recipient from both accidently confirming
    their email addresses to spammers and viruses.

    Guessing could be done based on the fact that email addresses are
    based on people&#39;s names, usually in commonly used ways
    (first.last@domain or an initial of one name followed / preceded by
    the other @domain)

    Also, some email addresses are standard - postmaster is mandated by
    the RFCs for internet mail. Other common email addresses are
    postmaster, hostmaster, root [for unix hosts], etc.

    12. From white & yellow pages.

    There are various sites that serve as white pages, sometimes named
    people finders web sites. Yellow pages now have an email directory
    on the web.

    Those white/yellow pages contain addresses from various sources,
    e.g. from UseNet, but sometimes your E-mail address will be
    registered for you. Example - HotMail will add E-mail addresses to
    BigFoot by default, making new addresses available to the public.

    Spammers go through those directories in order to get email addresses.
    Most directories prohibit email address harvesting by spammers, but as
    those databases have a large databases of email addresses + names,
    it&#39;s a tempting target for spammers.

    13. By having access to the same computer.

    If a spammer has an access to a computer, he can usually get a list
    of valid usernames (and therefore email addresses) on that computer.

    On unix computers the users file (/etc/passwd) is commonly world
    readable, and the list of currently logged-in users is listed via
    the &#39;who&#39; command.

    14. From a previous owner of the email address.

    An email address might have been owned by someone else, who disposed
    of it. This might happen with dialup usernames at ISPs - somebody
    signs up for an ISP, has his/her email address harvested by spammers,
    and cancel the account. When somebody else signs up with the same ISP
    with the same username, spammers already know of it.

    Similar things can happen with AOL screen names - somebody uses a
    screen name, gets tired of it, releases it. Later on somebody else
    might take the same screen name.

    15. Using social engineering.

    This method means the spammer uses a hoax to convince people
    into giving him valid E-mail addresses.

    A good example is Richard Douche&#39;s "Free CD&#39;s" chain letter.
    The letter promises a free CD for every person to whom the letter is
    forwarded to as long as it is CC&#39;ed to Richard.

    Richard claimed to be associated with Amazon and Music blvd, among
    other companies, who authorized him to make this offer. Yet he
    supplied no references to web pages and used a free E-mail address.

    All Richard wanted was to get people to send him valid E-mail addresses
    in order to build a list of addresses to spam and/or sell.

    16. Buying lists from others.

    This one covers two types of trades. The first type consists of buying
    a list of email addresses (often on CD) that were harvested via other
    methods, e.g. someone harvesting email addresses from UseNet and sells
    the list either to a company that wishes to advertise via email
    (sometimes passing off the list as that of people who opted-in for
    emailed advertisements) or to others who resell the list.

    The second type consists of a company who got the email addresses
    legitimately (e.g. a magazine that asks subscribers for their email
    in order to keep in touch over the Internet) and sells the list for
    the extra income. This extends to selling of email addresses a
    company got via other means, e.g. people who just emailed the company
    with inquiries in any context.

    17. By hacking into sites.

    I&#39;ve heard rumours that sites that supply free email addresses
    were hacked in order to get the list of email addresses, somewhat
    like e-commerce sites being hacked to get a list of credit cards.

    If your address was harvested and you get spammed, the following pages
    could assist you in tracking the spammer down :

    1. MindSpring&#39;s page explaining how to get an email&#39;s headers

    2. The spam FAQ, maintained by Ken Hollis.

    3. The Reporting Spam page, an excellent resource.

    4. Reading Mail headers.

    5. Julian Haight&#39;s Spam Cop page.

    6. Chris Hibbert&#39;s Junk Mail FAQ.

    7. UXN Spam Combat page.

    8. Sam Spade, Spam hunter.

    9. Penn&#39;s Page of Spam.

    A. WD Baseley&#39;s Address Munging FAQ

    B. Fight Spam on the Internet site

    C. The Spam Recycling Center

    W. The Junk Busters Site

    X. The Junk Email site

    Y. BCP 30: Anti-Spam Recommendations for SMTP MTAs

    Z. FYI 28: Netiquette Guidelines

    FYI 35: DON&#39;T SPEW
    A Set of Guidelines for Mass Unsolicited Mailings and Postings

    Several sites on the web will help in tracing spam :

    1. Sam Bretheim&#39;s list of traceroute gateways
    To find traceroute gateways in any country, visit here.

    2. gates to whois on any domain world-wide

    3. A list of whois servers, collected by Matt Power

    4. site - links to NICs worldwide.
    A similar page can be found at

    5. The Coalition Against Usolicited Commerical E-mail.
    The European CAUCE.
    The Coalition Against Unsolicited Bulk Email, Australia.
    The Russian Anti-Spam organization.

    Y. No More Spam - ISP Spam-Blocking Interferes With Business

    Z. Removing the Spam
    By Geoff Mulligan
    Published by O&#39;Reilly
    ISBN 0-201-37957-0
    A good book about handling spam.

    Legal resources :

    1. FTC Consumer Alert -
    FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk email

    2. Report to the Federal Trade Commision of the Ad-Hoc Working Group
    on Unsolicited Commercial Mail.

    3. Pyramid Schemes, Ponzi Schemes, and Related Frauds

    4. The AOL vs. Cyberpromo case

    The AOL vs. the Christian Brothers (the apricot seeds as a cancer
    cure spammers) case.

    5. "Intel scores in email suit", by Jim Hu, CNET,4,

    6. The John Marshall Law School spam page

    7. First amendment issues related to UBE, by Paul L. Schmehl.

    8. Hawaii&#39;s Anti-Spam Law

    9. Washington&#39;s Anti-Spam Law

    Also see the WA State Resident site

    A news story about a relevant court case can be found at

    A. California&#39;s Anti-Spam Law

    B. Virginia&#39;s Anti-Spam Law

    C. Nevada&#39;s Anti-Spam Law

    D. The UK Data Protection Law

    E. The Italian Anti-Spam Law

    F. The Austrian Telecm Law

    G. The Norwegian Marketing Control Act

  2. Lounge   -   #2
    Double Agent
    Join Date
    May 2003
    sorry for the long post but the last resource bit i find useful

  3. Lounge   -   #3
    Join Date
    Oct 2003
    What this one
    G. The Norwegian Marketing Control Act

  4. Lounge   -   #4
    Thanks for taking time to post all that. This can be very useful to fight spam.
    <span style='color:black'> I am a part of all that I have met - Lord Tennyson</span>
    <span style='color:blue'>Try not to let your mind is too small and fragile to be out by itself</span>

  5. Lounge   -   #5
    Join Date
    Jan 2003
    Hixus Email Encoder makes spamproof mailto links. Highly recommended.

  6. Lounge   -   #6
    Originally posted by Lamsey@10 November 2003 - 16:46
    Hixus Email Encoder makes spamproof mailto links. Highly recommended.
    Nice. I used to write my own script to scramble my email address. Who has time to write each time, this might come in handy.
    <span style='color:black'> I am a part of all that I have met - Lord Tennyson</span>
    <span style='color:blue'>Try not to let your mind is too small and fragile to be out by itself</span>

  7. Lounge   -   #7
    Cool, that&#39;s interesting reading. You should really link your source though james_bond_rulez.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts