While sitting here watching bad TV, I had a thought(tm).
Has anyone set-up a generic web-page, not linked from anywhere useful, which
autogenerates a "contact e-mail" address (like deadbeef@example.com) and
logs which IP reads what address (even using the remote IP as the username
to provide) and then waits for the address to be used for SPAM ?
Is there any use in doing this (to try to identify who is harvesting) ?
Maybe I should go and eat some food, cool my head down.
Peter
Has anyone set-up a generic web-page, not linked from anywhere useful,
which autogenerates a "contact e-mail" address (like
deadbeef@example.com) and logs which IP reads what address (even using
the remote IP as the username to provide) and then waits for the address
to be used for SPAM ?
Welcome to 1998.
-alex
Has anyone set-up a generic web-page, not linked from anywhere useful, which
autogenerates a "contact e-mail" address (like deadbeef@example.com) and
logs which IP reads what address (even using the remote IP as the username
to provide) and then waits for the address to be used for SPAM ?
I've been running something that does pretty much exactly this since 1997.
Is there any use in doing this (to try to identify who is harvesting) ?
It turns out that the number of people harvesting from web pages is pretty
low. I could never identify more than a few hundred IPs as the source for
more than a few messages. The bulk of my spamtrap e-mail appears to come
from people who harvest, sell the lists to a few layers of list maintainers,
who sell the lists to spammers. This seeding technique stopped working
interestingly a few years ago, though.
One of the current harvesting techniques appears to indirectly use Windows
or Outlook worms. It is pretty simple:
- Send out a bunch of spam containing e-mail addresses that you
can read to other addresses you know might be valid.
- Wait for worms to spoof mail back to you. Collect those spoofed addresses.
As the worms spoof addresses from Outlook address books and by harvesting
local mail spools, you just collected a bunch of other valid e-mail
addresses directly off of end-users machines.
Supposedly if you put a newly installed, unpatched Windows box on the 'net,
with an Outlook address book full of fresh spamtrap addresses, you'll start
getting spam to those addresses in something like 3 hours. I've been
meaning to test this myself.
-- Aaron