Citizendia
Your Ad Here

E-mail harvesting is the process of obtaining lists of e-mail addresses using various methods for use in bulk e-mail or other purposes usually grouped as spam. An e-mail address identifies a location to which E-mail messages can be delivered Distribution list is a term sometimes used for a function of email clients where lists of email addresses are used to email everyone on the list at once E-mail spam, also known as "bulk e-mail" or "junk e-mail" is a subset of spam that involves nearly identical messages sent to numerous recipients by

Contents

Methods

The simplest method involves spammers purchasing or trading lists of e-mail addresses from other spammers. Spamming is the abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages

Another common method is the use of special software known as "harvesting bots" or "harvesters", which spider Web pages, postings on Usenet, mailing list archives, and other online sources to obtain e-mail addresses from public data. A web page or webpage is a resource of information that is suitable for the World Wide Web and can be accessed through a Web browser. Usenet, a Portmanteau of "user" and "network" is a world-wide distributed Internet discussion system An electronic mailing list (sometimes written as elist or e-list) is a special usage of e-mail that allows for widespread distribution of information to

Spammers may also use a form of dictionary attack in order to harvest e-mail addresses, known as a directory harvest attack, where valid e-mail addresses at a specific domain are found by brute force guessing e-mail address using common usernames in email addresses at that domain. In Cryptanalysis and Computer security, a dictionary attack is a technique for defeating a Cipher or authentication mechanism by trying to determine its A Directory Harvest Attack or DHA is a technique used by spammers in an attempt to find valid/existent E-mail addresses at a domain by using brute force For example, trying alan@example. domain, alana@example. domain, alanb@example. domain, etc and any that are accepted for delivery by the recipient email server, instead of rejected, are added to the list of theoretically valid e-mail addresses for that domain.

Another method of e-mail address harvesting is to offer a product or service free of charge as long as the user provides a valid e-mail address, and then use the addresses collected from users as spam targets. Common products and services offered are jokes of the day, daily bible quotes, news or stock alerts, free merchandise, or even registered sex offender alerts for your area. Another technique was used in late 2007 by the company iDate, which used e-mail harvesting directed at subscribers to the Quechup website to spam the victim's friends and contacts. Quechup is a Social networking website that came to prominence in 2007 when it used automatic spamming of invitations to the entire list of e-mail addresses in the [1]

Spam differs from other forms of direct marketing in many ways, one of them being that it costs little more to send to a larger number of recipients than a smaller number. Direct marketing is a sub-discipline and type of Marketing. There are two main definitional characteristics which distinguish it from other types of marketing For this reason, there is little pressure upon spammers to limit the number of addresses targeted in a spam run, or to restrict it to persons likely to be interested. One consequence of this fact is that many people receive spam written in languages they cannot read — a good deal of spam sent to English-speaking recipients is in Chinese or Korean, for instance. This article is mainly about the spoken Korean language See Hangul for details on the native Korean writing system Likewise, lists of addresses sold for use in spam frequently contain malformed addresses, duplicate addresses, and addresses of role accounts such as postmaster. [2]

Spammers may harvest e-mail addresses from a number of sources. A popular method uses e-mail addresses which their owners have published for other purposes. Usenet posts, especially those in archives such as Google Groups, frequently yield addresses. Usenet, a Portmanteau of "user" and "network" is a world-wide distributed Internet discussion system Google Groups is a free service from Google where groups of people have discussions about common interests Simply searching the Web for pages with addresses — such as corporate staff directories or membership lists of professional societies — using spambots can yield thousands of addresses, most of them deliverable. A spambot is an automated Computer program designed to assist in the sending of spam. Spammers have also subscribed to discussion mailing lists for the purpose of gathering the addresses of posters. A mailing list is a collection of names and addresses used by an individual or an organization to send material to multiple recipients The DNS and WHOIS systems require the publication of technical contact information for all Internet domains; spammers have illegally trawled these resources for email addresses. The Domain Name System (DNS is a hierarchical naming system for computers services or any resource participating in the Internet. WHOIS (pronounced " who is " not an acronym is a query/response protocol which is widely used for querying an official Database in order to determine Many spammers use programs called web spiders to find email addresses on web pages. A web crawler (also known as a web spider, web robot, or—especially in the FOAF community— web scutter) is a program or automated Usenet article message-IDs often look enough like email addresses that they are harvested as well.

Spammer viruses may include a function which scans the victimized computer's disk drives (and possibly its network interfaces) for email addresses. These scanners discover email addresses which have never been exposed on the Web or in Whois. A compromised computer located on a shared network segment may capture email addresses from traffic addressed to its network neighbors. A network segment is a portion of a Computer network wherein every device communicates using the same Physical layer. The harvested addresses are then returned to the spammer through the bot-net created by the virus.

A recent, controversial tactic, called "e-pending", involves the appending of e-mail addresses to direct-marketing databases. Direct marketers normally obtain lists of prospects from sources such as magazine subscriptions and customer lists. Magazines, periodicals or serials are Publications generally published on a regular schedule containing a variety of articles, generally By searching the Web and other resources for e-mail addresses corresponding to the names and street addresses in their records, direct marketers can send targeted spam e-mail. However, as with most spammer "targeting", this is imprecise; users have reported, for instance, receiving solicitations to mortgage their house at a specific street address — with the address being clearly a business address including mail stop and office number. A mortgage is the pledging of a property to a Lender as a security for a Mortgage loan.

Spammers sometimes use various means to confirm addresses as deliverable. For instance, including a hidden Web bug in a spam message written in HTML may cause the recipient's mail client to transmit the recipient's address, or any other unique key, to the spammer's Web site. A Web bug is an object that is embedded in a Web page or E-mail and is usually invisible to the user but allows checking that a user has viewed the page or e-mail HTML, an initialism of HyperText Markup Language, is the predominant Markup language for Web pages It provides a means to describe the structure [3] Users can defend against such abuses by turning off their mail program's option to display images, or by reading email as plain-text rather than formatted.

Likewise, spammers sometimes operate Web pages which purport to remove submitted addresses from spam lists. In several cases, these have been found to subscribe the entered addresses to receive more spam. [4]

When persons fill out a form it is often sold to a spammer using a web service or http post to transfer the data. This is immediate and will drop the email in various spammer databases. The revenue made from the spammer is shared with the source. For instance if someone applies online for a mortgage, the owner of this site may have made a deal with a spammer to sell the address. These are considered the best emails by spammers, because they are fresh and the user has just signed up for a product or service that often is marketed by spam.

Legality

In Australia, the creation or use of email-address harvesting programs (address harvesting software) is illegal according to the 2003 anti-spam legislation. [1] [2]. The legislation is intended to prohibit emails with 'an Australian connection' - spam originating in Australia being sent elsewhere, and spam being sent to an Australian address.

In The United States of America, the CAN-SPAM Act of 2003 [3] made it illegal to initiate e-mail to a recipient where the electronic mail address of the recipient was obtained:

Anti-harvesting Methods

An automated method to attack automated e-mail address harvesters involves List poisoning, a technique that may fill the harvested lists with dynamically generated fake e-mail addresses, thus theoretically rendering the harvested list useless. The term list poisoning as related to electronic mail ( E-mail) refers to poisoning a mailing list with invalid e-mail addresses

On an individual level, users who post e-mail addresses on websites can use Address munging to make it harder to harvest. Address munging is the practice of disguising or munging, an E-mail address to prevent it being automatically collected and used as a target for people and organizations For example by changing "bob@example. domain" to "bob at example dot domain" to keep the address from being harvested by simple bots. Putting email addresses in images instead of plain text is another technique.

A method that can be implemented on a website, is to provide a contact form instead of an e-mail address. A webform on a Web page allows a user to enter data that is typically sent to a server for processing and to mimic the usage of paper forms. The contact form provides a textarea for the message, and an input for the sender's e-mail address. The server-side script that processes the posted form data, is then responsible for sending the actual message, which means that the e-mail address of the recipient is never exposed. Note that contact forms have other drawbacks: the user cannot use his preferred e-mail client to compose the message, and insecure contact forms may be subject to other types of automated abuse.

A method that can be implemented at the recipient email server for combatting directory harvesting attacks is to reject all e-mail addresses as invalid from any sender that has specified more than one invalid recipient address.

For CAN-SPAM Act of 2003 harvesting protection, operators of web sites and online services should include a notice that the site or service will not give, sell, or otherwise transfer addresses maintained by such website or online service to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.

See also

References

  1. ^ Arthur, Charls (2007-09-13). Botnet is a Jargon term for a collection of Software robots or bots that run autonomously and automatically The term list poisoning as related to electronic mail ( E-mail) refers to poisoning a mailing list with invalid e-mail addresses A spamtrap is a honeypot used to collect spam. Spamtraps are usually E-mail addresses that are created not for communication but rather to lure spam To prevent E-mail spam, both end users and administrators of e-mail systems use various anti-spam techniques. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 509 BC - The Temple of Jupiter on Rome 's Capitoline Hill is dedicated on the ides of September Do social network sites genuinely care about privacy?. theguardian. Retrieved on 2007-10-30. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 637 - Antioch surrenders to the Muslim forces under Rashidun Caliphate after the Battle of Iron bridge.
  2. ^ Rejo Zenger (25 December 2005). what you get when you buy a spam CD. rejo. zenger. nl. Retrieved on 2007-01-06. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 1066 - Harold Godwinson is crowned King of England. 1205 - Philip of Swabia becomes King
  3. ^ Heather Harreld. "Embedded HTML 'bugs' pose potential security risk", InfoWorld, 5 December 2000. Retrieved on 2007-01-06. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 1066 - Harold Godwinson is crowned King of England. 1205 - Philip of Swabia becomes King  
  4. ^ Spam Unsubscribe Services. The Spamhaus Project Ltd. (29 September 2005). Retrieved on 2007-01-06. Year 2007 ( MMVII) was a Common year starting on Monday of the Gregorian calendar in the 21st century. Events 1066 - Harold Godwinson is crowned King of England. 1205 - Philip of Swabia becomes King

External links

The Federal Trade Commission ( FTC) is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act
© 2009 citizendia.org; parts available under the terms of GNU Free Documentation License, from http://en.wikipedia.org
 Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic