From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 22 05:29:34 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8C0C937B401
	for <questions@freebsd.org>; Tue, 22 Apr 2003 05:29:34 -0700 (PDT)
Received: from pa-plum1b-166.pit.adelphia.net (pa-plum1b-122.pit.adelphia.net
	[24.53.161.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id D0F9343FB1
	for <questions@freebsd.org>; Tue, 22 Apr 2003 05:29:33 -0700 (PDT)
	(envelope-from wmoran@potentialtech.com)
Received: from potentialtech.com (working [172.16.0.95])
	h3MCTVwl002762;	Tue, 22 Apr 2003 08:29:31 -0400 (EDT)
	(envelope-from wmoran@potentialtech.com)
Message-ID: <3EA535AB.5060104@potentialtech.com>
Date: Tue, 22 Apr 2003 08:29:31 -0400
From: Bill Moran <wmoran@potentialtech.com>
User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2.1) Gecko/20030301
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Stephen Hovey <shovey@buffnet.net>
References: <Pine.BSF.4.05.10304220745020.29612-100000@buffnet11.buffnet.net>
In-Reply-To: <Pine.BSF.4.05.10304220745020.29612-100000@buffnet11.buffnet.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
cc: questions@freebsd.org
Subject: Re: Spammers harvesting addresses
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 22 Apr 2003 12:29:34 -0000

Stephen Hovey wrote:
> OTHER than a unsecured fingerd, how else might spammers be harvest email
> addresses?  Every so often Ill end up with spam in an account created for
> some specific purpose, which never sends email, and which is a nonsense
> made up userid (thus hard to think of as being spammed on a lucky guess)

Isn't there an EXPN command that lists available users on an SMTP server,
that's usually disabled by default just for this reason?  Memory could be
bad on this one but it's something to look into.

Also, why would you be so suprised if spammers just tried every possible
combination of letters?  Hell, they're probably using someone else's
server (that they've cracked) so why should they worry about lots of
non-deliverables?

-- 
Bill Moran
Potential Technologies
http://www.potentialtech.com