On 6/20/2013 6:49 AM, Andreas Kasenides wrote:
My conclusion is that the harvester is blindly picking usernames and domains from wherever it can (possibly from compromised systems but also from clear text net traffic) and pairing them at random!!
I guarantee that they are pairing them at random. We regularly get delivery attempts for username@domainX where that username only exists on domainY.
Including guesses of "first name + last initial" type addresses or "first name + dot + last name" style, when we've never used either of those styles.
