Email harvesting on
Rich Kulawiec
rsk at gsp.org
Mon Mar 10 17:44:39 UTC 2008
On Mon, Mar 10, 2008 at 12:27:56PM -0400, Mit Rowe wrote:
> In the online documentation for freebsd, such as on this page:
>
> http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html
>
> Unmunged email addresses are scattered throughout.
>
> Is it possible that in order to thwart email harvesting that we institute a
> policy of munging the addresses? Like... hostmaster [at] ca.freebsd.org or
> even hostmaster [at] ca [dot] freebsd [dot] org
This is completely, absolutely, utterly pointless for several reasons.
First, spammers wrote the trivial bits of perl/awk/python/whatever
to unmunge those forms many years ago.
Second, spammers have also long since done the requisite RFC and
statistical analysis to know that hostmaster@[anydomain] is reasonably
likely to exist, as is webmaster@[anydomain], john@[anydomain],
mary@[anydomain], etc.
Third, unmunged addresses appear with regularity in message headers
*because they have to* in order for mail to work.
Fourth, there are an enormous number of fully-compromised systems
worldwide (any estimate under 10e8 is badly outdated). Among
the many uses that the new owners of those system have for them is
mass harvesting of email addresses -- which means that they have
long since gone through every "address book", all stored mail, and
perhaps all stored documents as well. Note that some of those
compromised systems are mail servers, in which case the harvesting
is likely to be very fruitful.
Fifth, spammers have many other methods of acquiring addresses,
including but not limited to querying mail servers, acquiring
corporate directories (sometimes from their web sites), insecure LDAP
servers, insecure AD servers, use of backscatter/outscatter, use
of auto-responders, use of mailing list mechanisms, dictionary attacks,
and purchase of addresses in bulk on the open market.
It's therefore reasonable to assume at this point that ANY email
address is either (a) in the hands of spammers or (b) will be soon,
and to plan defenses accordingly.
(Yes, special-purpose addresses insulated from all this, only
used in isolated cases, and sufficiently obscure as to avoid
guesswork may be exceptions. But they're clearly a tiny fraction
of "all valid email addresses worldwide".)
---Rsk
More information about the freebsd-doc
mailing list