Allen Deryke wrote:
You could try common nameing conventions like [email protected] <mailto:[email protected]>, [email protected] <mailto:[email protected]>, or sometimes [email protected] <mailto:[email protected]>. The smaller companys may use first name only. Once you know one address it's easy to guess the others.If the company has taken a strong stance on spam they may be using AD/LDAP to verify email address's. I've seen a bunch of implementations and none I've seen have a bullet proof way of preventing directory harvesting.One of the best ways to confirm an email is an annoying but ligitimante looking mailing list/ news letter with a loaded unsubscribe link. Send a bunch and a normal person will go running for that link, you can just check your webservers logs from there.-- Allen DerykeOn Aug 27, 2009, at 8:08 AM, bytes abit <[email protected] <mailto:[email protected]>> wrote:lol, I love the simplicity Vincent!On Wed, Aug 26, 2009 at 11:03 PM, Vincent Lape <[email protected] <mailto:[email protected]>> wrote:Why not call them and ask for it. People hate spam. Sent from my iPhone On Aug 26, 2009, at 10:01 AM, Bert Van Kets <[email protected] <mailto:[email protected]>> wrote: > Dear experts, > > A customer is asking me to retrieve e-mail addresses of Human Resource > managers is companies. I have the names and the companies and would > like > to know what methods you guys use to find the e-mail addresses. I > tried > a few companies and get stuck at the general e-mail addresses like > info, > jobs and sales. > > Thanks > > Bert > _______________________________________________ > Pauldotcom mailing list > [email protected] <mailto:[email protected]> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
------SNIPIf using Sendmail you can build a map containing one (or more) hashes of each user name. Use this with an external program to take a user name and hash it, followed by looking up the hash (or hashes) and return success or failure. Even if someone got that datafile, it is only hash(es), not the names. Something similar works in Postfix as well.
The possibility of multiple hashes reduces the likelyhood of false positives, which you may never see anyway. In fact, even a weak hash can get rid of 99.9999% of bogus attempts at the externally visible machine without ever giving that machine a list of actual user names.
Chuck Benson
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
