Sonicwall selling email addresses

3:30 pm -- create new email account for business contacts

3:45 pm -- give it to Sonicwall to ask for the name of a reseller

5:30 pm -- get my first spam with the almost virgin address

I bet it takes them a few days to get back to me.

Reply to
Tom Del Rosso
Loading thread data ...

In article , Tom Del Rosso wrote: :3:30 pm -- create new email account for business contacts

:3:45 pm -- give it to Sonicwall to ask for the name of a reseller

:5:30 pm -- get my first spam with the almost virgin address

a) dictionary attacks on popular mail systems

b) some mail systems allow the user list to be probed

c) the name may have existed before, gone out of service and been released; when you created the account, you inherited the spam directed at a previous user

d) ISPs sometimes sell account names

I have an email account which has never been used for business, and which has never been "published", and yet which regularily receives spam.

I have another email account with the same provider which has also never been used for business nor been published, and which has never received a single spam; it's been active for more than

6 months, so it isn't just a matter of timing.

The difference between the two is that the first of them is

-relatively- easy to find using a "dictionary attack", and the second of the two is not nearly as easy to dictionary.

Reply to
Walter Roberson

Absolutely.

Used to was, email and user (login) names (other than to Compuserve or similar) were meant to be somewhat recognizable if possible. Often, it was 'first initial, last name' or 'first name, last initial' or similar, so that correspondents had some chance of figuring out who in the heck that masked man was. Dictionary attacks (also phone book attacks) have changed that. When I opened accounts on the next to last ISP, the clerk asked where in the heck I came up with the username 'odky6h4i'? The explanation: 'head -2 /dev/random | uuencode -m /dev/stdout | cut -b 1-8' and pick one. (Translation for non-techies: take the binary output of a random character generator, and stick it through an encoder that makes it printable characters.) That trick is normally used to create "unbreakable" (and unrememberable) passwords. It can now be used to create usernames that aren't in dictionaries or phone books.

Old guy

Reply to
Moe Trin

Of course you're right, because, although it hasn't happened to me that quickly before, the new address was shorter than I usually make them.

Reply to
Tom Del Rosso

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.