Re: spamcop's mailing list compromised?

PJ6 wrote:
> I gave SpamCop a sneakemail address years ago. The last machine of
> mine that visited SpamCop, or had that email address stored anywhere,
> was wiped and reformatted long ago; I am forced to conclude that
> either sneakemail has been compramised - which I find unlikely
> because none of the other addresses have sent me spam - or SpamCop's
> list itself has been compromised. That, too I find unlikely. Very odd.

How many versions of that story have I heard.

It is very common for people to think some email provider or other
addresslist holder has some kind of insecurity when they receive a mail
addressed to some address which is virgin or relatively unexposed when
the address receives a spam.

How could the spammer have possibly gotten this address!!?  they exclaim
in horror.

The answer is, very easily.

The most common type of username that most people create and use is not
an ugly randomly generated set of characters, but instead it is some
combination of ascii with or without numbers in it.  As a result, the
username is not at all unique, but instead has been used by one or
hundreds of different people over the years.

Here's where many spammers get the addresses they spam.  They harvest
usernames from all over the place and they harvest domainnames from all
over the place.  Then they mix and match all of those usernames with all
of those domainnames.  Eventually they put together the same username
you selected/created a long time ago which is the same username as
dozens or scores of other people have created for their particular
domainname's username and then they put it together with sneakemail.com
along with lots of other domainnames and start spamming it.

When you get the spam, it doesn't mean some spammer found your address.
It means some spammer put your available sneakemail username together
with sneakemail.com and sent you some spam.

-- 
Mike Easter
kibitzer, not SC admin

"Mike Easter" <MikeE@ster.invalid> wrote in message 
news:fsh4tt$mn8$1@news.spamcop.net...
> PJ6 wrote:
>
> How could the spammer have possibly gotten this address!!?  they 
> exclaim
> in horror.
>
> The answer is, very easily.
>
> The most common type of username that most people create and use is 
> not
> an ugly randomly generated set of characters, but instead it is some
> combination of ascii with or without numbers in it.  ...

Sneakemail aliases *do* use a random set of characters for the username 
in the e-mail address.  For example, I just generated (and then deleted) 
the following e-mail alias:

4vc085s02@sneakemail.com

Words are not used in generating the username in the e-mail alias.  If 
the OP is correct in that he never divulged the e-mail alias (but then 
why did he create it if not to give to someone) then the only way a spam 
source hit that alias was to randomly generate characters for the 
username and it matched what Sneakmail used.  Without any evidence as to 
what spam the OP received, we can't tell any more about it than what the 
OP described about it which was nothing.

I gave SpamCop a sneakemail address years ago. The last machine of mine that 
visited SpamCop, or had that email address stored anywhere, was wiped and 
reformatted long ago; I am forced to conclude that either sneakemail has 
been compramised - which I find unlikely because none of the other addresses 
have sent me spam - or SpamCop's list itself has been compromised. That, too 
I find unlikely. Very odd.

Paul 

VanguardLH wrote:
> "David Bolt"
>> VanguardLH

>>> If the OP is correct in that he never divulged the e-mail alias

He didn't actually say that.  He didn't actually say at all how many
other places he had exposed the address, only that its storage was
eliminated a while back.

The only thing he said was

<snip>
PJ6 wrote:
> I gave SpamCop a sneakemail address years ago.

</snip>

> I'm assuming the OP was truthful and accurate that the only place to
> which the e-mail alias got divulged was in a SpamCop account.

You are assuming that 'only place' -- not that he said it.  He didn't
even use the word 'only' in the whole post.  Sneakemail generates the
address and then how you use it or how many different ways you use it
are up to you.

> There
> would have nowhere else to harvest the sneakemail alias than from
> output generated by SpamCop.

SpamCop generates reports to the reporters.  All sneakemails are
forwarded somewhere else.

> So I have to wonder if spam reports
> that he generated through SpamCop somehow divulged his e-mail
> identity to spammers

The reports are from the reportid.  Within the headers of the spam or
the spambody can appear 'evidence' or unmunged appearance of the spammed
address.  We are assuming that the spammed address was /not/ the
sneakemail address which was the registered address.  I think it is
reasonable to assume that there isn't a relationship between the spammed
address and the sneakemail address, but I don't think it is reasonable
to assume how he handled the sneakemail address while he 'had' it.

He is emphasizing how long it has been since he has had/used it, not how
well protected it was nor how narrowly it was distributed while it was
in his possession and usage.



-- 
Mike Easter
kibitzer, not SC admin

"David Bolt" <blacklist-me@davjam.org> wrote in message 
news:t+j5UAqGRC7HFw5N@dev.null.davjam.org...
.....
> [0] Yes, there are some spammers stupid enough to harvest NANAS and even
> Google, ....

Actually a number of them target specifically those that slightly greyer hat 
or more careful spammers put in their suppression lists, and those that 
complain. Yambo, and the replica outfit are 2 such.

Why? Who knows? The only rationale I can think of is "because they 
can".