1. Home
  2. General Telecommunications Forum
  3. Catching Spammers in the Act / Researchers show how spammers harvest e-mail addresses and send out bulk messages.

Catching Spammers in the Act / Researchers show how spammers harvest e-mail addresses and send out bulk messages.

Catching Spammers in the Act Researchers show how spammers harvest e-mail addresses and send out bulk messages.

By Robert Lemos Wednesday, July 15, 2009 Technology Review

Researchers have shed new light on the methods by which spammer harvest e-mail addresses from the Web and relay bulk messages through multiple computers. They say that findings could provide additional ammunition in the fight against junk e-mail campaigns.

The problem of unwanted e-mail messages, or spam, continues to vex computer users and security professionals. Currently, more than 90 percent of the e-mail messages traversing the Internet appear to be spam, according to the information released in June by the e-mail security firm MessageLabs.

In one paper scheduled to be presented this week at the Conference on E-mail and Anti-Spam, in Mountain View, CA, researchers from Indiana University studied how spammers obtain the e-mail addresses in the first place. The researchers used a variety of techniques to match the programs that cull e-mail addresses from Web pages to the resulting spam. "We are basically trying to figure out how spammers get your address--the addresses of people that they try to victimize," says Craig Shue, a graduate student at Indiana University who now works at Oak Ridge National Laboratory.

This involved exposing 22,230 unique e-mail addresses on the Web over a five-month period and watching for spam sent to those destinations. The researchers found that an e-mail address included in a comment posted to a website had a much higher probability of resulting in spam. While only four e-mail addresses submitted to 70 websites during registration resulted in spam, half of the e-mail addresses posted to popular sites resulted in spam.

The researchers also set up a website on their own domain and waited for their pages to be crawled. Each visitor to the website would see a different e-mail, a strategy that the researchers hoped would gauge how often programs that automatically crawl sites are operated by spammers. "We are giving out a unique e-mail address to every visitor to our webpage," Shue says. "If we ever get an e-mail to that address, we know that the crawler gave that e-mail address to a spammer."

...

formatting link

Reply to
Monty Solomon
Loading thread data ...

Project Honeypot has been working on this for some time

formatting link
Anyone with a website can help by adding a link that the Honeypot people provide. This link produces a page with unique spamtrap addresses. Whenever a crawler requests one of those pages, the IP that requested it is logged along with the email addresses that were presented on the page.

If one of those email addresses later receives spam, they can trace which crawler harvested that address.

I'm helping their project, both by putting their links on my websites and by "donating" hostnames for them to use in their spamtrap addresses. If you own a domain, you can create a subdomain and point the MX for that to the honeypot servers, so that all mail sent to addresses in that subdomain go to Honeypot. That lets them have a diverse range of addresses to use for spam traps.

Occasionally I get mail from them saying "Congratulations, you helped catch a spammer." This happens when either spam is sent to a spamtrap address that was displayed on one of my sites, or an address at one of my donated subdomains that was displayed somewhere else.

Aside from putting it in their database, I'm not sure what they do with a spammer when they catch one.

Reply to
Matt Simpson

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.