Date: Mon, 10 Mar 2008 13:15:46 -0400 From: Rich Kulawiec <rsk@gsp.org> To: Mit Rowe <mit@mitayai.org> Cc: FreeBSD Hubs Mailing List <freebsd-hubs@freebsd.org>, freebsd-docs@freebsd.org Subject: Re: Email harvesting on Message-ID: <20080310171546.GA14548@gsp.org> In-Reply-To: <b5365ac60803100927k19565f70l6386a4398c8316be@mail.gmail.com> References: <b5365ac60803100927k19565f70l6386a4398c8316be@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Mar 10, 2008 at 12:27:56PM -0400, Mit Rowe wrote: > In the online documentation for freebsd, such as on this page: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html > > Unmunged email addresses are scattered throughout. > > Is it possible that in order to thwart email harvesting that we institute a > policy of munging the addresses? Like... hostmaster [at] ca.freebsd.org or > even hostmaster [at] ca [dot] freebsd [dot] org This is completely, absolutely, utterly pointless for several reasons. First, spammers wrote the trivial bits of perl/awk/python/whatever to unmunge those forms many years ago. Second, spammers have also long since done the requisite RFC and statistical analysis to know that hostmaster@[anydomain] is reasonably likely to exist, as is webmaster@[anydomain], john@[anydomain], mary@[anydomain], etc. Third, unmunged addresses appear with regularity in message headers *because they have to* in order for mail to work. Fourth, there are an enormous number of fully-compromised systems worldwide (any estimate under 10e8 is badly outdated). Among the many uses that the new owners of those system have for them is mass harvesting of email addresses -- which means that they have long since gone through every "address book", all stored mail, and perhaps all stored documents as well. Note that some of those compromised systems are mail servers, in which case the harvesting is likely to be very fruitful. Fifth, spammers have many other methods of acquiring addresses, including but not limited to querying mail servers, acquiring corporate directories (sometimes from their web sites), insecure LDAP servers, insecure AD servers, use of backscatter/outscatter, use of auto-responders, use of mailing list mechanisms, dictionary attacks, and purchase of addresses in bulk on the open market. It's therefore reasonable to assume at this point that ANY email address is either (a) in the hands of spammers or (b) will be soon, and to plan defenses accordingly. (Yes, special-purpose addresses insulated from all this, only used in isolated cases, and sufficiently obscure as to avoid guesswork may be exceptions. But they're clearly a tiny fraction of "all valid email addresses worldwide".) ---Rsk
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080310171546.GA14548>