[Big snip] > > For those of you who already have a "mailing list only" > > e-mail address and a seperate address for work > > related/corporate/company matters, do you see a different > > level of unsolicited spam, compared to the work address or > > other private e-mail address for friends and family? I'm > > thinking about setting up the same myself, just for > > experimental reasons! I think i'll find some differences > > between the two. > This is true, GuidoZ could expand on this fact I know. If he is > around..lol Then again most corporate e-mails systems (and some people > at their house) have very in-depth spam filters and programs to weed out > spam and junk mail. The number would look different and should be > different.
Yeah, I'm around now and then. ;) I have a "list only" email address (this one) that I started recently and only use for mailing lists. (It gets around 20 of them or so. Mostly SecFocus lists, also the BTs, few scattered support lists.) I have noticed an increase in spam - and it can only come from one place: Spam crawlers. I haven't used this email address to register software, I haven't given it to anyone, and I haven't emailed anything BUT a list from it. I'm only getting about 8 spam a day so far, which isn't bad at all. Gmail is good about catching 99% of them. As for my other addresses, they are receiving more spam simply because they have been around longer. However, a few addresses I've created recently JUST for consulting (it's only on my business card, nowhere else) hasn't received a single spam message in almost 7 months. (My Gmail "list-only" account is about the same age.) The email addresses I've had for a decade are receiving roughly 5,000 spam a day (yes, 5 thousand - wee!). I've given up trying to save them and don't use them anymore, except to study spam and phishing attempts. =) In fact, I'm current working with someone at the Georgia Institute of Technology (gatech.edu) to analyze the different spam/phishing tactics for better filtration and general knowledge. Hey, for once spam was good for something... -- Peace. ~G On Fri, 26 Nov 2004 08:13:47 -0600, Todd Towles <[EMAIL PROTECTED]> wrote: > > How many people are actually subscribed (on FD) and what are > > the general figures for subscribers for high profile mailing > > lists, has any figures ever been released? And would the > > theft of the list of e-mails subscribed be of value to > > spammers? I think it would be, I hope FD admin is up to date > > with and keeping tracks of bugs as the rest of us. If > > malicious hackers/script kiddies got hold of the list, I > > think they would be able to attack a good percentage of > > inboxes with whatever they send. Weather it be porn spam or a > > phishing to take passwords or if it be malcious code to take > > advantage of POP mail clients via SMTP. > Number 1, I highly doubt than a spam message would be very effective > using the FD list of address only. Number 2, this list is full of > security professional (white, black and grey) and I would guess that > most of the core users you see on here would not just run a attachment > or be fooled by the double extensions trick. Given there most likely are > "normal internet users" on this list but I would guess that number is > pretty low. > > > I think already FD is targeted by spam/phishing hackers who > > wish to collect e-mail addresses for further exploration. > > Perhaps posting on FD could be a security risk in itself > > (well not just FD but mailing lists online in general) as far > > as POP mail clients and SMTP is concerned. (web-based e-mail > > has its own problems which usually don't have the risk of > > taking over computers like mail clients do. Usually web-based > > e-mail is just at risk from xss/cookie disclosure/account > > theft, whereas malicious code sent to mail clients can take > > over whole computer systems) > Every mailing list is targeted by spammers and phishing. There are > program that are designed to spider google and collect e-mail addresses. > Since this list is mirrored several times in several sites in different > countries, this shouldn't be a surprise. > > > > > For those of you who already have a "mailing list only" > > e-mail address and a seperate address for work > > related/corporate/company matters, do you see a different > > level of unsolicited spam, compared to the work address or > > other private e-mail address for friends and family? I'm > > thinking about setting up the same myself, just for > > experimental reasons! I think i'll find some differences > > between the two. > This is true, GuidoZ could expand on this fact I know. If he is > around..lol Then again most corporate e-mails systems (and some people > at their house) have very in-depth spam filters and programs to weed out > spam and junk mail. The number would look different and should be > different. > > > Plus, do FD admin and other high profile mailing lists have > > honey pots or similar methods to catch FD/mailing list born > > spam? I believe a big mailing list can have its own > > domestic/internal spam, seperate from the general internet > > who are not subscribed to the given mailing list or lists, > > and even different mailing lists having its own group of > > spammers targeting them, with its own nature of > > spam/phish/malicious code exploration. > I would guess that most spammers don't mail thru mailing list. Most > would use the thousands and thousands of relay bots all over the > internet to hide their e-mail in bulk. When I say in bulk, I mean in > bulk. To target a single list with a crafted message would be anymore > wasteful. Now that doesn't mean it wouldn't work, it would most likely. > But just like in stealing cars or wireless internet. Why take the time > to create the special message (or break the WEP) if you can send out a > general "New Microsoft patch" or "We need your banking info" and get a > 10% return. There 10% return will be normal internet users that most > likely don't know about about computers, don't have AV and don't know > about the spam underworld. Spammers don't want to get caught, they want > to use the computers that are still infected with the CodeRed worm. > Unmanged computer heaven. ;) > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
