[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Threat of harvesting email addresses from "massive cc"

Posted on 2010-09-17
6
Medium Priority
?
582 Views
Last Modified: 2012-05-10
I have recently been warned that "the primary method of harvesting email addresses is by massive
forwards." My initial reaction was to doubt that this is the "primary method."

However, I am wondering what level of threat it poses.

It seems the only way it would work would be if either someone on the distribution list was an abuser, or somewhere along the route that the email takes there is a harvester.

I am looking for insight into this problem, as to the level of risk it poses.
0
Comment
Question by:jasimon9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33703123
If you are worried about mass CC:, just use BCC:.
If you need to have mass amounts of people on an email then you should be using groups.
0
 

Author Comment

by:jasimon9
ID: 33703353
It is kind of a theoretical question. Not something that I am engaged in much.

Just the comment made by someone that I thought was perhaps not correct.
0
 
LVL 22

Assisted Solution

by:Matt V
Matt V earned 100 total points
ID: 33703507
Malware on your pc will look in your address books and your cc: lines for sure.   It is a reasonably accurate statement.
0
Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

 
LVL 32

Accepted Solution

by:
aleghart earned 900 total points
ID: 33703786
It's not the primary method any more, as there are compiled lists that are bought and sold.  A few years ago, an AOL empoyee sold a list of 90+million AOL screen names.  But not before he used it first to spam for his own online business.

In the "early" days, you'd see people trying to get themselves on your CC list.  "I absolutely LOVE all of these joke e-mails...please add me to all of your lists."  Sometimes it was a prank to flood somebody's inbox with jokes.  Sometimes the person would keep parsing all the inbound mail to collect addresses to add to their own spamming lists.

BCC is so much simpler.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 900 total points
ID: 33703833
Also, there are plenty of "businesses" that use low-paid labor to take trade show guides and copy all the email addresses.  They sell the lists to spammer as well as to sites that pay them for unique records.

Our work emails are easy targets.  The spam usually uses the generic email address we listed in the directory, along with a reference to the trade show or the industry we're in to make the spam look legitimate.

Use of temporary aliases are handy for that.  Mail to "show12@domain.tld" obviously came from trade show #12's directory being harvested.

Individuals can use aliases from a mail provider or mail forwarder.  'Nyms' is the word used by some services for temporary aliases.  I used to have one "lists-aleghart@..." so I knew what came from a certain public forum.  Easy to kill the alias and change my profile at the site that was being harvested.
0
 

Author Comment

by:jasimon9
ID: 33704103
Great input so far.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
What we learned in Webroot's webinar on multi-vector protection.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question