[SLE] Re: [off-list] Re: [SLE] About spammers getting email addresses from suse archives
- From: Ken Schneider <suse-list2@xxxxxxxxxxxxx>
- Date: Fri, 21 Apr 2006 18:06:26 -0400
On Fri, 2006-04-21 at 17:27 -0400, Rich Kulawiec wrote:
There are a couple of other small points I'd like to add.
Why not keep them on list so everyone can share in your thoughts. You
have no need to preach this to me as I realize if you use a public list
you give up your right to privacy, as far as your email address is
concerned.
--
First is that spammers have long since figured out that subscribing
to lots and lots of mailing lists and harvesting every address in
every message is a reasonably good way to populated their databases.
So while at one point in time, protecting web-based archives of lists
probably made sense...it doesn't any more *except* for small lists
where subscriptions are individually vetted and so there is thus some
decent chance of preventing spammers from subscribing.
[ As an aside, this is also why Google's attempt to "protect"
its Usenet archives is a complete waste of resources. Spammers
already have newsfeeds. They've had them for years. ]
Second is that spammers have more recently figured out that installing
code to collect all addresses found in any file (notably mail messages,
but really, *any* file) on hijacked Windows boxes is a worthwhile exercise.
We're into the gray area between spam, worms, and spyware here, but the
gist is that since there is money to be made by gathering such addresses
and selling them, people are doing it.
So...are you *certain* that every single person you sent mail to today is
using a known-not-infected system? How about the mail server(s) that your
message traversed? And even if the answer to both questions is "yes",
how do you know that all of those will STAY uninfected -- since of course
a copy of your message may well be sitting there, ready to be perused,
when one of those systems succumbs to the Windows-malware-o'-the-day on
next Thursday?
The bottom line is this: it is no longer possible to prevent a "used"
address, that is, an email address which is used for everyday things,
from falling into the hands of spammers. Special-purpose addresses?
Sure, especially if you run your own mail server and turn things like
VRFY and EXPN off. But ordinary run-of-the-mill addresses will find
their way to spammers sooner or later, at which point they become
commodities to be bought/sold/traded and the game is over.
I'm *not* suggesting that any of this is A Good Thing. It's not. I'm
just saying that it's probably realistic to presume that the spammers
already or will soon possess any email address in use and to plan
defenses accordingly.
---Rsk
Ken Schneider
UNIX since 1989, linux since 1994, SuSE since 1998
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
- References:
- [SLE] About spammers getting email addresses from suse archives
- From: M. Fioretti
- [SLE] About spammers getting email addresses from suse archives
- Prev by Date: Re: [SLE] Wired and Wireless considerations
- Next by Date: Re: [Fwd: Re: [SLE] Real Numbers representation in Tcl language]
- Previous by thread: Re: [SLE] About spammers getting email addresses from suse archives
- Next by thread: [SLE] Novell Network Client on SUSE Linux
- Index(es):
Relevant Pages
|
