Solved

Threat of harvesting email addresses from "massive cc"

Posted on 2010-09-17
6
577 Views
Last Modified: 2012-05-10
I have recently been warned that "the primary method of harvesting email addresses is by massive
forwards." My initial reaction was to doubt that this is the "primary method."

However, I am wondering what level of threat it poses.

It seems the only way it would work would be if either someone on the distribution list was an abuser, or somewhere along the route that the email takes there is a harvester.

I am looking for insight into this problem, as to the level of risk it poses.
0
Comment
Question by:jasimon9
  • 2
  • 2
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33703123
If you are worried about mass CC:, just use BCC:.
If you need to have mass amounts of people on an email then you should be using groups.
0
 

Author Comment

by:jasimon9
ID: 33703353
It is kind of a theoretical question. Not something that I am engaged in much.

Just the comment made by someone that I thought was perhaps not correct.
0
 
LVL 22

Assisted Solution

by:Matt V
Matt V earned 25 total points
ID: 33703507
Malware on your pc will look in your address books and your cc: lines for sure.   It is a reasonably accurate statement.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 32

Accepted Solution

by:
aleghart earned 225 total points
ID: 33703786
It's not the primary method any more, as there are compiled lists that are bought and sold.  A few years ago, an AOL empoyee sold a list of 90+million AOL screen names.  But not before he used it first to spam for his own online business.

In the "early" days, you'd see people trying to get themselves on your CC list.  "I absolutely LOVE all of these joke e-mails...please add me to all of your lists."  Sometimes it was a prank to flood somebody's inbox with jokes.  Sometimes the person would keep parsing all the inbound mail to collect addresses to add to their own spamming lists.

BCC is so much simpler.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 225 total points
ID: 33703833
Also, there are plenty of "businesses" that use low-paid labor to take trade show guides and copy all the email addresses.  They sell the lists to spammer as well as to sites that pay them for unique records.

Our work emails are easy targets.  The spam usually uses the generic email address we listed in the directory, along with a reference to the trade show or the industry we're in to make the spam look legitimate.

Use of temporary aliases are handy for that.  Mail to "show12@domain.tld" obviously came from trade show #12's directory being harvested.

Individuals can use aliases from a mail provider or mail forwarder.  'Nyms' is the word used by some services for temporary aliases.  I used to have one "lists-aleghart@..." so I knew what came from a certain public forum.  Easy to kill the alias and change my profile at the site that was being harvested.
0
 

Author Comment

by:jasimon9
ID: 33704103
Great input so far.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question