Slashdot Mirror
DSLReports Study: 8 Hours 'til the Spam Hits
Masem writes: "In a rather interesting study at DSLReports, it was observed that email addresses published on a web site recieved spam within 8 hours of being posted, showing how aggressive the harvesters are working. In particular, a special link was set up on the main page that by following the link, the site generated an email address that was trackable to the IP that called the link, and not published anywhere else at any time. In the specific case, in only 8 hours after the email address was created, it had recieved spam; since that time about 9 months ago, it's gotten around 100 pieces. Given the time and source of most of the emails, the authors believe that they've simply got someone at one end of a home broadband pipeline using open relay mail servers, and most likely being paid to redistribute spam on the email addresses they harvest."
When I started working for Lockheed Martin, I had 4 spam emails in my mailbox that was delivered prior to my first day of work. In addition to this, I had 2 personal (they seemed personal IT related) job offer emails in my mailbox, also from prior to my first day of work. Both from recruiting companies.
Bringing irony to the Slash-masses
Hmmm, using these sorts of e-mail addresses can lead to annoyances to legitimate domain owners. For awhile I remember the owner of junk.com, which seems to no longer exist, posting complaints about people type "whatever@junk.com" when they register software. It seems his servers were hit or something.
I always like to use the webmaster's e-mail account when registering software. For example, if I was registering software on widgets.com, I might use the e-mail address "webmaster@widgets.com" or "abuse@widgets.com" to register the software.
I feel torn, as I want to support free software vendors by allowing them to make money, but I just don't want my e-mail address to be sold for spam. Ever. I also don't want those annoying newsletters that I could care less about unless I *explicitely* ask for it (and not be tricked or required by default).
Like many domain owners, I have a catch-all email address set up. So when I register I generate a new email address every time. And I link back when I get spam. It's not perfect - sites can leak my address fairly innocently (Salon on its chat pages, for example).
IME, very few ecommerce sites spam. And almost all of those are obviously from the company I gave the email to.
Note: I don't live in the USA, so don't deal with some of the more egrarious spammers.
I tend to go for postmaster@localhost, or, failing that, postmaster@127.0.0.1. You can also try other names -- root and webmaster are also good fun.
Google has to do a lot to process a page. It tries to analyze the content, it crossreferences complex networks of linking, building a very complicated database for searching.
A spammer-spider can be much more simple, and thus move much more quickly. All it is interested in are email addresses. Period.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
I use html code in my email address on my web page, like this:
rsidd@yaho 1.com
Amazingly, not a single spammer has gotten hold of it yet, in over a year; whereas, unobfuscated
addresses used only once, on mailing list archives for example, are picked up immediately.
Obviously these spambots aren't so intelligent.
Altogether though, ebay remains the absolute worst place to get your address harvested, with usenet a close second.
Ebay must be lucrative for spammers; a whole 'audience' of people either with money to spend (buyers), or who are about to have money to spend (sellers). And this 'audience' has already self-selected; they're not afraid to spend their money online...
deus does not exist but if he does