Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] how spammers work, was: You are awesome, Treat yourself to a love one

M. Fioretti mfioretti at nexaima.net
Sun Mar 31 02:47:31 PDT 2013


On Sun, Mar 31, 2013 09:21:13 AM +0000, Andreas Bader wrote:

> How could that happen??  This Email Adress is existing since a week
> or two and is only used for trusted contacts and Libtech/Drones
> List!
> From: mark ! <write2mark1 at gmail.com>
> To: andreas.bader at nachtpult.de

How could that happen? In the same, totally unsurprising ways in which
always happen to everybody who takes the same measures as you (no
offense meant, really, just a technical explanation!). It happened in
one of these two ways (there may be others, but these are by far the
easiest and most likely):

1) one of your "trusted contacts" got infected by a spamming virus who
   sent spam to all the addresses in his list. And the list itself to
   other spambots.

2) (much more efficient) robots that automatically (**):

   - search online for mailing list archives and find pages like:
     https://mailman.stanford.edu/pipermail/liberationtech/

   - download from such pages the "downloadable version" of each
     monthly archive, eg:
     https://mailman.stanford.edu/pipermail/liberationtech/2013-March.txt

   - extract and reformat from those files, in one fell swoop, all the
     strings that are trivial to recognize as email addresses, eg:

     "From andreas.bader at nachtpult.de  Wed Mar 20 09:40:35 2013"
     (that's the first occurrence at line  30740, there are others)

I can write a shell script that does all this in less time than it
took me to write this explanation. So nothing unusual or surprising,
really. And this story of yours (again, no offense at all meant!!!) is
a perfect example of why and how many "address protection" measures
like yours are completely useless. Point 2 above proves that this list
didn't make all it could have done to hide your address, but Point 1
proves that it really doesn't matter.

HTH,
Marco
http://mfioretti.com

(**) your address is online, in equally recognizable form, also in all
the "single message" pages, eg
https://mailman.stanford.edu/pipermail/liberationtech/2013-March/007938.html,
but why should a spammer download them all, when everything is in the
text format montly archive?



More information about the liberationtech mailing list