Re: SPAM factoid...
BBC's Click OnLine did an informal test of how e-mail addresses get
listed for receiving spam. They found that the most effective way was
when the address occurred in a web page. They concluded that the address
harvesters seemed to crawl the web looking for addresses. Just sending
e-mail was not the way the address was harvested. They had a neat trick
to encode e-mail addresses in a bit of obscure JavaScript that would
simple be ignored by harvesters. My e-mail address in a web page is:
script type=text/javascript
!--
var x=function f(x,y){var i,o=\\,l=x.length;for(i=0;il;i++){if(i16)y++; +
y%=127;o+=String.fromCharCode(x.charCodeAt(i)^(y++));}return o;}f(\wf{tmrr +
q\\001E\\r_\\000P[NB\\021[\\037[\\010\\024\\025\\024VV\\006D\\023RZ.6+h){( +
$r=#%!+g(\\1771;5'\\0258\\033/t1qnSHC^TO\\034\\034\\033\\023\\020\\02 +
4FS\\027K\\035YN\\030N\\013\\024\\031\\r\\031\\023T\\030W{|\\177ekw.n5e':7d +
02 *{9mx3$b5\\177u\\177maU\\nJ\\r\\036[UM]_YB\\rA\\001CDP@@G\\036\\007\\0 +
[EMAIL PROTECTED]1!(2\\023\\177}`\\r\\016bde\\n\\013\\026\\+
007\\032\\026\\010\\005\\000\\03010\\037RVU:;*##)\\022X_,-BBD)*\\002533 +
[EMAIL PROTECTED]'Yd! )EF}dy13qYLG\\003COT_O[^m\\032\\036\\000 +
mn\\003\\007\\005jk\\016\\t\\ng`\\n\\017\\017\\034\\035tqt\\031\\032qzy\\02 +
6\\027|\\177~\\023\\014dbc\\010\\teeh\\005\\006lnm\\002\\003SRR?88VWX56_^]2 +
3GCB/(EFG$%NHL!\\\W223XY148UV==RS !\\\OHaJKvEF_%D+/\\020}~\\024\\024\\02 +
5z{\\033\\033\\032wp\\035\\037\\037lm\\005\\004\\005ij\\010YGI\\017\\t\\000 +
\\035\\000gb?e{p\\032e\\024\\025qeob\\022mx7/h;u8%--?)!fwvKJ\\033K:L\\017O\\+
034(\\017\\017\\003.\\034\\016\\030\\022\\013\\020\\022\\030;\\013\\+
033\\023?\\020\\021rg,djlts[4!d7:-4k((n10c0)*6!I\\tDJ_\\014\\r\\014A\\0 +
[EMAIL PROTECTED])k +
!i8*:6g6|)z5t;9,:4.:\\177w\,16) ;
while(x=eval(x));
//--
/script
I have yet to see how I can get all places with my address like this. But e-mail
harvesters do not see an address here. Pop it in an HTML block and see my address.
There is a web site that will generate these for you. If interested, I can look
it up. Note that as I can only control local instances of this, I still get far
too many spam per day...
Maybe the SxS could encode e-mail addresses?
___
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc - http://www.linux-sxs.org/mailman/listinfo/linux-users
[OT] Re: SPAM factoid...
On Sun, 2003-08-03 at 02:57, Roger Oberholtzer wrote:
BBC's Click OnLine did an informal test of how e-mail addresses get
listed for receiving spam. They found that the most effective way was
when the address occurred in a web page.
snip
My e-mail address in a web page is:
script type=text/javascript
!--
eyes go funny!/eyes funny
//--
/script
If I wanted to harvest only legitimate email addresses perhaps I'd make
a website where people could submit them. ;-)
I saw what was probably the same study so made a little pascal program
that takes a comma-delimited text file and generates a javascript file
with a case statement for each name/address provided by the text file,
using nested arrays to avoid having anything a bot is likely to read.
The javascript file can be linked to from the head of each web page and
email links placed with a call such as ...
script language=javascriptjohnDoe('IanStephen','Ian
Stephen')/script
Which would give a link displaying Ian Stephen. The visible text of
the link can be the email address (default, just omit the second
parameter) or a string you pass.
Much easier to use for more than one or two instances than the
eye-straining output from that on-line tool.
Now off to dissect that example you sent and figure out just how it
works!
--
Ian Stephen [EMAIL PROTECTED]
___
Linux-users mailing list
[EMAIL PROTECTED]
Unsubscribe/Suspend/Etc - http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: SPAM factoid...
On 08/02/03 11:35, Jerry McBride wrote: I subscribe to DISCOVER magazine and in this months issue it has an article titled, BUILT-IN SPAM... The article discusses the constant barrage of spam that every day users suffer and dives into the madness that Microsoft has placed it's windows XP users into. Anyway, included in the article is the following factoid... Half of all email is spam, and a typical internet user receives an average of 10 unwanted messages daily. AOL recently set a dubious record. It blocked 2 billion spam e-mails in one day. Meanwhile, the number of sent e-mails worldwide is doubling every 18 months. Needless to say, that took my breath away. I have always known spam was/is a serious issue and I spend a great deal of time keeping off my homes lan and at work. What boggles my mind is the 2 billion number... I'd be amazed if anyone on AOL got real e-mail messages that day... I wish i could say that I, too, was surprised, but i'm not. I get over 200 spams *every* day. -- ~ L. Friedman[EMAIL PROTECTED] Linux Step-by-step TyGeMo:http://netllama.ipfox.com 11:35am up 18 days, 14:17, 1 user, load average: 0.15, 0.06, 0.02 ___ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc - http://www.linux-sxs.org/mailman/listinfo/linux-users
Re: SPAM factoid...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerry McBride wrote: | I subscribe to DISCOVER magazine and in this months issue it has an article | titled, BUILT-IN SPAM... The article discusses the constant barrage of spam | that every day users suffer and dives into the madness that Microsoft has | placed it's windows XP users into. | | Anyway, included in the article is the following factoid... | | Half of all email is spam, and a typical internet user receives an average of | 10 unwanted messages daily. AOL recently set a dubious record. It blocked 2 | billion spam e-mails in one day. Meanwhile, the number of sent e-mails | worldwide is doubling every 18 months. | | Needless to say, that took my breath away. I have always known spam was/is a | serious issue and I spend a great deal of time keeping off my homes lan and | at work. What boggles my mind is the 2 billion number... I'd be amazed if | anyone on AOL got real e-mail messages that day... | This is from a related message I've saved. AOL tries to *sound* like they're being proactive, but in reality... - -quote- Aloha, Lonnie. Your article: ISPs Seek Bigger Mallet To Eliminate Spammers caught my attention. http://www.theledger.com/apps/pbcs.dll/section?Category=COLUMNISTS0203 I'm an information security and computer forensics expert with detailed technical knowledge of SPAM and the technology employed by spammers. Recently I authored a report on SPAM delivery via AOL -- where a spammer gains access to the Internet for the purpose of delivering SPAM to other people elsewhere on the Internet. Considering the topic of your recent article for The Ledger, I thought you'd be interested in reading this report. AOL is being ridiculous when they suggest that their billion SPAM march on cyberspace does any good whatsoever. In fact, AOL is being downright deceptive in their assertion that blocking inbound SPAM on behalf of their subscribers who use @aol.com e-mail addresses is a virtue: AOL blocks SPAM sent to their subscribers without AOL's permission (paid 'advertisements' are sent to AOL subscribers with AOL's full support) but AOL does NOT block SPAM that AOL users send to people who use OTHER ISP's e-mail services. AOL may as well capture those billion SPAM messages and relay them to non-AOL subscribers because this is exactly what the end-result is of AOL's alleged attempts to curtail SPAM. AOL has positioned themselves to be a facilitator of SPAM transmission to non-AOL subscribers while simultaneously trumpeting their technical triumph over SPAM that originates elsewhere on the Internet and is destined for an AOL subscriber's mailbox. Your readers would be interested to know that anyone with an AOL account can send SPAM to any other AOL account and AOL will NOT block it. On the other hand, some ISPs are now blocking ALL e-mail that originates from AOL because of these very issues. Sincerely, Jason Coombs [EMAIL PROTECTED] - -- A Report on SPAM Blackholes, Blocking/Filtering, and AOL For the last month I have purposefully used AOL for SMTP server mail relay in order to analyze the real-world impact of blackhole lists. AOL not only does not block outbound SMTP from dialup customers, they operate a transparent proxy farm that intercepts all outbound SMTP traffic and intentionally relays this traffic on to its intended recipient (but not its intended SMTP relay point -- you can configure ANY remote IP address as your SMTP server and AOL's proxy farm will still do your delivery for you based on the MX records present in the destination domain, you need not find an open mail relay to exploit nor set up authorized/authenticated SMTP service with any third-party service provider in order to relay SPAM through dial-up AOL Internet service). The results have been quite interesting. To summarize, only a few of my outbound e-mails have been blocked by blackhole sites in the last month. All e-mail sent to mailing lists such as bugtraq has gone through successfully. Every rejected message has been returned to me with an explanation (thank you, blackhole-enabled servers, your deterministic failure mode made this experiment possible because I didn't have to worry about whether my e-mail simply disappeared silently and could take corrective action to see that my recipient received my message through other channels). The most interesting failure I encountered was to my own domains. For e-mail service we use a third-party service provider, the same provider who does our Web hosting on Linux-based servers running Ensim (www.ensim.com). By default our service provider refuses all inbound mail delivery based on a blocking filter rule (not a blackhole service). This blocking filter considers ALL e-mail from AOL to be SPAM and refuses it. This isn't just e-mail relayed from a dial-up address block, this is ALL AOL e-mail. No user of AOL was able to send e-mail to our domains until we requested that inbound filtering be disabled. It's also interesting to
