PDA

View Full Version : Possible to obtain e-mail add from web site browsing?



Shortcircuit
09-07-2006, 01:00 PM
Boy am I having a grumpy week :(

Did a clean install of Windows 6 days ago on my second box (with ZA/AVG etc).

Last night I was browsing the web looking for info on setting up Raid arrays... just general tech sites, no logon required.

This morning I received my first ever spam e-mail and you guessed it- offering tuiton on Raid setups.

Considering that my e-mail add is known to maybe 5 people, is a very unusual address and I got the e-mail after searching for the exact same thing within hours this spam is all a bit suspect.

So, pure coincidence or something more?

Also the e-mail said something like:

We have taken great measures to ensure that we are in complete compliance with the CAN-SPAM Act of 2003... and have already removed your e-mail address from our subscription list.

I think one e-mail is still spam :mad:

zqwerty
09-07-2006, 02:12 PM
Wot browser were you using?

Shortcircuit
09-07-2006, 02:16 PM
Firefox

Greg
09-07-2006, 03:48 PM
Considering that my e-mail add is known to maybe 5 peopleI sold it for 15 cents :thumbs:

zqwerty
09-07-2006, 04:05 PM
Is Outlook Express your default eMail client?

beetle
09-07-2006, 04:10 PM
Ya didnt give me your addy....:p :(

favouratism.....


beetle :rolleyes:

Shortcircuit
09-07-2006, 04:48 PM
Greg: if you put it on Trade Me you could have gotten 20c :thumbs:

beetle: you obviously didn't bid high enough! :2cents:

netchicken
09-07-2006, 04:49 PM
Nope, it was a coincidence ...

However, from observation it seems that spam managers get an email suffix such as @xtra.co.nz

then just add random characters to the string (well not random, but using a generator) and fire of zillions of them eg:

aaa@xtra.co.nz
aab@xtra.co.nz etc

so eventually your address will get hit.

Thinking on from there if the email address doesn't exist then the spammer will get a "cannot find" type error returned to them from the server

If they get that, they could then delete that name from their list (maybe automatically) and the emails that don"t generate an error message by default must be real. Such emails could be onsold or used adnauseum.

Even if they don't get an error returned the low cost in time and money of sending a million emails means they don't care about weeding out the unproductive emails from their lists.

(now if this program doesn't exist you certinaly could make one that does these things)

I read somewhere, of a spammer in America who got arrested who i think was sending out 16 million emails at a time (have to check that detail)

So don't stress out over spam, if your on the net, and you have a popular address (@clear.net.nz for example) you will probably eventually get hit.

Shortcircuit
09-07-2006, 04:52 PM
Guess it was a million to 1 then netchicken... right address, right subject, right time.

I really should buy more lotto tickets, then I might be able to afford to buy it back off beetle!

beetle
09-07-2006, 04:56 PM
seems to me................. i just may have it after all then......how much should i sell it for? and who else wants it then? :p

:lol:

beetle

zqwerty
09-07-2006, 05:28 PM
There used to be an exploit wherein a site browsed was able to get the default eMail addy setup in Outlook Express, I thought it had been patched.

Many people used to have two eMail addys, one to be spammed and the 2nd one the real addy, like me, I still get spam on my addy1 but not addy2.

Sweep
09-07-2006, 05:29 PM
Guess it was a million to 1 then netchicken... right address, right subject, right time.

I really should buy more lotto tickets, then I might be able to afford to buy it back off beetle!

Not sure on this one. The right subject, I think, is a concern.
I know that they can get the ISP without problems and the Email can be generated as said earlier. May be coincidence but maybe not.

JackStraw
09-07-2006, 06:07 PM
When it comes to problem solving I like to use a method learned from the late Dale Carnegie.
1. Eliminate the worst case scenario.
Is this the end of the world? (looks around, all seems to be OK, sky still blue etc.)
2. Eliminate next worse scenario (sniffs, no burning smells, house no on fire)
All ready we have eliminated the possibility of some horrendus consequences and can move on with renewed confidence! :-)
In your case not much further down the list would be a keylogger.
You say you were visiting tech sites to find out more about raid drive setups. Well when you get into the more geekie stuff you are more likley to come across gamer sites, loads of clever and interesting stuff done by people who don't get out much and let's face it, databases of eMail addys with info about interests are worth a lot of money to the "right" person or organisaton.
I hope I am wrong about the keylogger but eliminate that possibility.
Cheers and good luck.

Shortcircuit
09-07-2006, 08:34 PM
Thanks Jack,

yes I think coincidence a bit too much.

Keylogger crossed my mind, but then I haven't typed my e-mail address anywhere (does have auto logon though), also only installed XP a week ago and haven't really been anywhere/downloaded anything. all the sites I went to looking at Raid were 'reputable' as well... makes you wonder though.

Not too much of a problem as I've switched comps now.

Renmoo
10-07-2006, 12:15 AM
Not sure if other members would agree to this, but could you reveal to us the URL of the tech site that you claimed that you had visited and got spammed?

Cheers :)

vinref
10-07-2006, 01:04 AM
Thanks Jack,

yes I think coincidence a bit too much.

Keylogger crossed my mind, but then I haven't typed my e-mail address anywhere (does have auto logon though), also only installed XP a week ago and haven't really been anywhere/downloaded anything. all the sites I went to looking at Raid were 'reputable' as well... makes you wonder though.

Not too much of a problem as I've switched comps now.

They can get your IP address from logs, and determine your domain from there. If you are using your ISP email, that will get the "@yourisp.co.nz" part. Dunno how they could get the username though - maybe cookies, autocomplete, script of some sort?

Or maybe you really should consider buying a Lotto ticket.

JackStraw
10-07-2006, 02:08 PM
Slightly OT

Going back to your first post I did some reserch on the CAN-SPAM Act, scarey (as with a lot of stuff pushed through by the Bush admin.
Quote;

"The bill permits e-mail marketers to send unsolicited commercial e-mail as long as it contains all of:
an opt-out mechanism;
a valid subject line and header (routing) information;
the legitimate physical address of the mailer; and
a label if the content is adult.

The content is exempt if it consists of:
religious messages;
content that broadly complies with the marketing mechnisms specfied in the law; or
national security messages."

The bit about religious messages got me, does that mean funnymental Mullahs can spam you or is it just for the born again chrissy crowd ;-)

Shortcircuit
10-07-2006, 04:41 PM
The bit about religious messages got me, does that mean funnymental Mullahs can spam you or is it just for the born again chrissy crowd ;-)

Yes, maybe they weren't talking about raid set-ups for a comp... just raids.

Looks like being religious has it's uses... you Can Spam to your heart's content :D