From owner-freebsd-doc@FreeBSD.ORG Mon Mar 10 17:44:39 2008 Return-Path: Delivered-To: freebsd-docs@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 869FE1065670; Mon, 10 Mar 2008 17:44:39 +0000 (UTC) (envelope-from rsk@gsp.org) Received: from taos.firemountain.net (taos.firemountain.net [207.114.3.54]) by mx1.freebsd.org (Postfix) with ESMTP id 22F018FC2A; Mon, 10 Mar 2008 17:44:38 +0000 (UTC) (envelope-from rsk@gsp.org) Received: from squonk.gsp.org (bltmd-207.114.17.152.dsl.charm.net [207.114.17.152]) by taos.firemountain.net (8.14.1/8.14.1) with ESMTP id m2AHEZ61029476; Mon, 10 Mar 2008 13:14:36 -0400 (EDT) Received: from avatar.gsp.org (avatar.gsp.org [192.168.0.11]) by squonk.gsp.org (8.14.1/8.14.1) with ESMTP id m2AHAtbJ003001; Mon, 10 Mar 2008 13:10:55 -0400 (EDT) Received: from avatar.gsp.org (localhost [127.0.0.1]) by avatar.gsp.org (8.14.1/8.14.1/Debian-8ubuntu1) with ESMTP id m2AHFlOJ015335; Mon, 10 Mar 2008 13:15:47 -0400 Received: (from rsk@localhost) by avatar.gsp.org (8.14.1/8.14.1/Submit) id m2AHFkD0015330; Mon, 10 Mar 2008 13:15:46 -0400 Date: Mon, 10 Mar 2008 13:15:46 -0400 From: Rich Kulawiec To: Mit Rowe Message-ID: <20080310171546.GA14548@gsp.org> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.15+20070412 (2007-04-11) Cc: FreeBSD Hubs Mailing List , freebsd-docs@freebsd.org Subject: Re: Email harvesting on X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Mar 2008 17:44:39 -0000 On Mon, Mar 10, 2008 at 12:27:56PM -0400, Mit Rowe wrote: > In the online documentation for freebsd, such as on this page: > > http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mirrors-ftp.html > > Unmunged email addresses are scattered throughout. > > Is it possible that in order to thwart email harvesting that we institute a > policy of munging the addresses? Like... hostmaster [at] ca.freebsd.org or > even hostmaster [at] ca [dot] freebsd [dot] org This is completely, absolutely, utterly pointless for several reasons. First, spammers wrote the trivial bits of perl/awk/python/whatever to unmunge those forms many years ago. Second, spammers have also long since done the requisite RFC and statistical analysis to know that hostmaster@[anydomain] is reasonably likely to exist, as is webmaster@[anydomain], john@[anydomain], mary@[anydomain], etc. Third, unmunged addresses appear with regularity in message headers *because they have to* in order for mail to work. Fourth, there are an enormous number of fully-compromised systems worldwide (any estimate under 10e8 is badly outdated). Among the many uses that the new owners of those system have for them is mass harvesting of email addresses -- which means that they have long since gone through every "address book", all stored mail, and perhaps all stored documents as well. Note that some of those compromised systems are mail servers, in which case the harvesting is likely to be very fruitful. Fifth, spammers have many other methods of acquiring addresses, including but not limited to querying mail servers, acquiring corporate directories (sometimes from their web sites), insecure LDAP servers, insecure AD servers, use of backscatter/outscatter, use of auto-responders, use of mailing list mechanisms, dictionary attacks, and purchase of addresses in bulk on the open market. It's therefore reasonable to assume at this point that ANY email address is either (a) in the hands of spammers or (b) will be soon, and to plan defenses accordingly. (Yes, special-purpose addresses insulated from all this, only used in isolated cases, and sufficiently obscure as to avoid guesswork may be exceptions. But they're clearly a tiny fraction of "all valid email addresses worldwide".) ---Rsk