Solved

Threat of harvesting email addresses from "massive cc"

Posted on 2010-09-17
6
580 Views
Last Modified: 2012-05-10
I have recently been warned that "the primary method of harvesting email addresses is by massive
forwards." My initial reaction was to doubt that this is the "primary method."

However, I am wondering what level of threat it poses.

It seems the only way it would work would be if either someone on the distribution list was an abuser, or somewhere along the route that the email takes there is a harvester.

I am looking for insight into this problem, as to the level of risk it poses.
0
Comment
Question by:jasimon9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 22

Expert Comment

by:Matt V
ID: 33703123
If you are worried about mass CC:, just use BCC:.
If you need to have mass amounts of people on an email then you should be using groups.
0
 

Author Comment

by:jasimon9
ID: 33703353
It is kind of a theoretical question. Not something that I am engaged in much.

Just the comment made by someone that I thought was perhaps not correct.
0
 
LVL 22

Assisted Solution

by:Matt V
Matt V earned 25 total points
ID: 33703507
Malware on your pc will look in your address books and your cc: lines for sure.   It is a reasonably accurate statement.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 32

Accepted Solution

by:
aleghart earned 225 total points
ID: 33703786
It's not the primary method any more, as there are compiled lists that are bought and sold.  A few years ago, an AOL empoyee sold a list of 90+million AOL screen names.  But not before he used it first to spam for his own online business.

In the "early" days, you'd see people trying to get themselves on your CC list.  "I absolutely LOVE all of these joke e-mails...please add me to all of your lists."  Sometimes it was a prank to flood somebody's inbox with jokes.  Sometimes the person would keep parsing all the inbound mail to collect addresses to add to their own spamming lists.

BCC is so much simpler.
0
 
LVL 32

Assisted Solution

by:aleghart
aleghart earned 225 total points
ID: 33703833
Also, there are plenty of "businesses" that use low-paid labor to take trade show guides and copy all the email addresses.  They sell the lists to spammer as well as to sites that pay them for unique records.

Our work emails are easy targets.  The spam usually uses the generic email address we listed in the directory, along with a reference to the trade show or the industry we're in to make the spam look legitimate.

Use of temporary aliases are handy for that.  Mail to "show12@domain.tld" obviously came from trade show #12's directory being harvested.

Individuals can use aliases from a mail provider or mail forwarder.  'Nyms' is the word used by some services for temporary aliases.  I used to have one "lists-aleghart@..." so I knew what came from a certain public forum.  Easy to kill the alias and change my profile at the site that was being harvested.
0
 

Author Comment

by:jasimon9
ID: 33704103
Great input so far.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question