Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • With all those worms, many bogus addresses (obsolete and non-existing ones) will end up in such databases.

    Don't most of these worms harvest addresses from the user's address book? I can see some being obsolete, but I know very few people that actually put non-existing addresses in there. And, most people try to keep their data up-to-date... with varying degrees of success. But, in general, they do try.

    It seems to me that would increase the chance of getting a valid address... compared to other methods.
    • They don't only scan address books. Some also look at the browser's cache files (for instance).

      Another good measure of the increasing use of bogus address is the count of bounces one receives nowadays because a mail was sent in one's name to a no longer existing email address. I assume that these addresses are also used as forged from-addresses.
      • And nowadays some of the worms are grabbing message IDs and thinking they're addresses. I know they've have been trying to deliver mail to addresses like 20040304003305.51802.qmail@[one of our domains]. Even worse, they're sometimes chopping off bits from the front of valid addresses and from message IDs, so they're using all kinds of invalid fragments. And MyDoom makes up addresses for domains it finds by adding common first names (joe, mary, adam, and many more) as users.