How spammers discover newly created email accounts - Lisp Propulsion Laboratory log

Lisp Propulsion Laboratory log

Paolo Amoroso's weblog. Main interests: Lisp, astronomy (Moon), space exploration (Apollo and early manned programs) Calendar of past entries | Related links xml

How spammers discover newly created email accounts

Friday, September 15, 2006

A few days ago I wondered how spammers had found my newly created Gmail account. I received some interesting feedback. Perry E. Metzger writes (this and the other message quoted with permission):

They brute force them. As an experiment, set up a really weirdly named account, preferably a long one with a random sequence, and use it for nothing. Watch for a while -- you'll get nothing in it.

If you ran email systems, like I do, you would know that they are inundated constantly with guessing attacks. One would try blocking these, but they're always launched from zombie machines and any given zombie rarely does more than a trivial number of iterations...

Charlie McMackin:

It's my theory / observation that spammers and/or spammer-facilitating email harvesters are reading cookies set by the webmail services to find out peoples' webmail accounts.

I noticed this a while back when I started getting spam at the exact times I was browsing Myspace. If I had been to gmail once during my browser session or if gmail was open in another tab, I would get spam. Upon a quick look at the cookie info, if one has the gmail -chat feature enabled, you can see your email in pristine plain text form ready for harvesting.

Of course I'm not absolutely positive, I just thought the correlation of getting spam only while I was using gmail or had used it once to be quite suspicous.

Copyright © 2006 by Paolo Amoroso

Created with BlogMax

September 2006
Mon Tue Wed Thu Fri Sat Sun
1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30
Aug  Oct
About Lisp | Practical Common Lisp (learn Lisp) | Planet Lisp (blog agregator) | Common Lisp Directory (software and resources) | Why Lisp?