LISTSERV - BULLAMANKA-PINHEADS Archives

BULLAMANKA-PINHEADS Archives

The listserv where the buildings do the talking

BULLAMANKA-PINHEADS@LISTSERV.ICORS.ORG

	LISTSERV Archives
	BULLAMANKA-PINHEADS Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: AOL whining
From:	Lawrence Kestenbaum <[log in to unmask]>
Reply To:	The Afghanistan of the preservation movement.
Date:	Sun, 9 Dec 2001 21:47:39 -0500
Content-Type:	TEXT/PLAIN
Parts/Attachments:	TEXT/PLAIN (44 lines)

On Thu, 6 Dec 2001, Heidi Harendza wrote:

> Also, just for future reference, the spam happens when you use your account
> name to post messages online. I get around that by using one account for my
> personal and business correspondence, and another for any online posting or
> public use of my internet address.

Actually, if you have a fairly simple user name on a popular service like
AOL or Hotmail, the spammers WILL find it through a dictionary attack.
In a recent issue of Risks Digest, it was reported that accounts on
(three popular services), never used for ANYTHING, got a heavy flow of
spam within weeks of being created.

As I understand it, a server can be set up to query (say) AOL as to
whether a piece of mail could be delivered to [log in to unmask]  If AOL says
no, the transaction automatically aborts and the mythical piece of mail is
never even created.  If AOL says yes, then, they got your address and can
sell it.  And such queries are a routine part of exchanging and delivering
mail between Internet servers, so they can't be screened out.  (The
spammers can forge the originating server address, so each query seems to
come from a different place.)

Of course, the spam that gets generated to the email addresses they find
will be full of lies like "here's the information you requested" and "this
mail is never sent unsolicited".

More often than aaaaaa, aaaaab, aaaaac, etc., the spammers use a finite
list of dictionary words and names (including combinations of initial
letters or letter pairs and names), so that a user id like "fdsiufsqq"
might not be found for a while, if ever.  Of course, that's going to be
harder for your friends to remember.

Another way to keep an account out of the spammers' gunsights (again
assuming that the address is never made public on postings or web pages)
is to use some very obscure domain or ISP that is unlikely to be attacked.

                                 Larry

---
Lawrence Kestenbaum, [log in to unmask]
Washtenaw County Commissioner, 4th District
The Political Graveyard, http://politicalgraveyard.com
Mailing address: P.O. Box 2563, Ann Arbor MI 48106

ATOM RSS1 RSS2

LISTSERV.ICORS.ORG