[Gloucs] Spam to unique email address

Andrew Oakley andrew at aoakley.com
Thu Sep 18 08:19:50 UTC 2008


On 17/09/2008, Keith Edmunds <kae at midnighthax.com> wrote:
> On Wed, 17 Sep 2008 23:05:08 +0100, lug at twinmoons.clara.co.uk said:
>> One explanation is that spammers are just guessing valid email
>> addresses.
> That's exactly the answer. It costs them nothing to try an address.

Yup. Dictionary attack.

http://en.wikipedia.org/wiki/Directory_Harvest_Attack

Virus writers sell time on their networks of virus-infected
home/corporate desktop computers ("botnets") for around US$50 per
1,000 machines per hour. That gives a spammer plenty of resources to
whizz through millions or billions of email address combinations.

A common technique is to use a username part, that has been known to
exist elsewhere, on a different domain name. Typically the spammer
will pick a small number of domain names to spam, then try all their
dictionary of usernames on those domains.

For example, my gmail addy is evilandi at gmail.com . "evilandi" is a
reasonably rare username, yet I've seen spammer try to deliver to
evilandi at aoakley.com despite that email address not existing.

Any username that you can actually remember is almost certainly not
unique. Someone else has probably used it too, somewhere, at some
time. If you want to generate random difficult-to-guess usernames, use
pwgen (designed to generate random passwords, but good for generating
random strings in general).

-- 
Andrew Oakley andrew at aoakley.com
(formerly anti-spam development manager at MessageLabs, now doing far
more cushy Head of Software role at HESA)



More information about the gloucs mailing list