• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 583
  • Last Modified:

Threat of harvesting email addresses from "massive cc"

I have recently been warned that "the primary method of harvesting email addresses is by massive
forwards." My initial reaction was to doubt that this is the "primary method."

However, I am wondering what level of threat it poses.

It seems the only way it would work would be if either someone on the distribution list was an abuser, or somewhere along the route that the email takes there is a harvester.

I am looking for insight into this problem, as to the level of risk it poses.
0
jasimon9
Asked:
jasimon9
  • 2
  • 2
  • 2
3 Solutions
 
Matt VCommented:
If you are worried about mass CC:, just use BCC:.
If you need to have mass amounts of people on an email then you should be using groups.
0
 
jasimon9Author Commented:
It is kind of a theoretical question. Not something that I am engaged in much.

Just the comment made by someone that I thought was perhaps not correct.
0
 
Matt VCommented:
Malware on your pc will look in your address books and your cc: lines for sure.   It is a reasonably accurate statement.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
aleghartCommented:
It's not the primary method any more, as there are compiled lists that are bought and sold.  A few years ago, an AOL empoyee sold a list of 90+million AOL screen names.  But not before he used it first to spam for his own online business.

In the "early" days, you'd see people trying to get themselves on your CC list.  "I absolutely LOVE all of these joke e-mails...please add me to all of your lists."  Sometimes it was a prank to flood somebody's inbox with jokes.  Sometimes the person would keep parsing all the inbound mail to collect addresses to add to their own spamming lists.

BCC is so much simpler.
0
 
aleghartCommented:
Also, there are plenty of "businesses" that use low-paid labor to take trade show guides and copy all the email addresses.  They sell the lists to spammer as well as to sites that pay them for unique records.

Our work emails are easy targets.  The spam usually uses the generic email address we listed in the directory, along with a reference to the trade show or the industry we're in to make the spam look legitimate.

Use of temporary aliases are handy for that.  Mail to "show12@domain.tld" obviously came from trade show #12's directory being harvested.

Individuals can use aliases from a mail provider or mail forwarder.  'Nyms' is the word used by some services for temporary aliases.  I used to have one "lists-aleghart@..." so I knew what came from a certain public forum.  Easy to kill the alias and change my profile at the site that was being harvested.
0
 
jasimon9Author Commented:
Great input so far.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now