Sites Leaking Users' Email Addresses

Pisang writes "CNet is running a story about how spammers and phishers can learn about our surfing habits to better target their attacks. According to the article, web sites that use e-mail addresses as IDs are vulnerable to attacks that could leak their users' email addresses. These attacks are performed by requesting a password reminder for an address or trying to register with it."

P.S. Slashdot Image Validation

[ranson]

Off Topic but didn't know wherelese to post. Slashdot, you might want to think about doing a case insensitive string comparison against the image's text and the user's text on your new Human Verification thing you have going. My validation string was displayed in the image in ALL CAPS, but until i entered it in the box in lowercase, it wouldn't let me post.

Keeping the spammers at bay

[The+I+Shing]

My experience has been that if I keep an email address away from the web, and never, ever let it appear on any website or directory anywhere, that email address will never, ever get spammed or phished. It helps if the address isn't just a single first name, of course. I used to have my email address on my website until I was getting about two hundred spams a day, and once I changed my email address, put up a harvester-proof form on my website, and notified all of my contacts of my new address, I never got spammed again.