From verna@inf.enst.fr Thu Oct 9 03:30:16 1997 Date: 09 Oct 1997 12:26:24 +0200 From: Didier Verna Cc: verna@inf.enst.fr Subject: the spam page Message-ID: Hi Scott. Congrats for your spam pages. For sure they're really usefull and complete. I will make the most possible advertisement for it ... without spamming, obviously ;-) May I suggest that you add a few things ? I think they're important, and I'd be glad to see them added: About private mail spamming / The 'remove' problem : One other (and very subtle) way of stealing user email adresses is achieved from HTTP connections: In short, with lower level protocols, it's sometimes possible when you connect yourself to an HTTP server, to get the name of the machine you're working on. Then, spammers can investigate on the machine with a tool like 'finger' for instance, and figure out the name of users that are working on the machine. After that, they try and build an email adress like . Now the problem is what happens if you're working in a networked environnement ? I, for instance, can be working on more than 100 machines on my local network. So spammers can build more that 100 email adress for me !! I frequently receive a dozen of times the same junk mail, each one for a different machine !! Then, if I follow their 'remove' instructions, at most one of my email adresses will actually be removed and I'll still receive their junk. The very dangerous point in this technique, is that HTTP server owners can more or less figure out the tastes of people (or sites) connecting to their pages and sell their database to commercial companies. This is a real intrusion in your private life. ` / | / / Thanks again for providing people with this good `|| information site. I will link it at home. || || || Bye ! _ || //| || Didier. || \_|| \\ Didier Verna // __ // {__} E.N.S.T. INF C-214 http://www-inf.enst.fr/~verna/ || __ 46 rue Barrault mailto:verna@inf.enst.fr \\ {__} 75634 Paris cedex 13 Tel. (33) 01 45 81 80 72 \\ ``---- France