EMail Harvesting
Results 1 to 10 of 10

Thread: EMail Harvesting

  1. #1
    Junior Member
    Join Date
    Jun 2005
    Posts
    2

    EMail Harvesting

    a client of mine told me that he uses a website that manages mailing lists to keep track of clients All subscribed in his case, But the possibility for this website to promote spam borthered me.

    I went to the website looked at the start page and then left. End of story.

    To my utter discomfort I received a message from the website in my mailbox addressed to me without me confirming clicking or anythinging on the site.

    I have done some reading about this and have realised that a website can do a couple of things to get your browser to divulge a email address.

    I use Firefox and IE and for interest sake I visisted the page in firefox to see if I get another mail from them.



    All of this is only relevant to me as I would love to know how to prevent this from happening?


    Some background:
    My local mail server uses 3 blacklists and I have just added spamcop as a 4th.
    I use spailator to filter rubbish - but I feel outlook 2003's junk filter is better as it.
    I have a IPcop firewall and url filter to try and block ickky pages and adds.

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    All subscribed in his case, But the possibility for this website to promote spam borthered me.
    Then you don't have a trustable friend - he just lied to you...... Kick his azz when you see him next.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    716

    Re: EMail Harvesting

    Originally posted here by Redsalamander
    I went to the website looked at the start page and then left. End of story.

    To my utter discomfort I received a message from the website in my mailbox addressed to me without me confirming clicking or anythinging on the site.


    Just wondering how your E-Mail address was used if you just visited the site? Did you subscribe? How would they have it unless you gave it to them?

    Get some good religion from Bad Religion.

  4. #4
    Junior Member
    Join Date
    Jun 2005
    Posts
    2
    Thats what bothers me I dont give my mail address out.

    from what I read a website can either reques a login to a annonymous ftp and that will cause some browsers to provide it with your address and the other way is possibly some javascript that collects it somehow.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    How would they have it unless you gave it to them?
    I'd guess at a script or ActiveX that crosses the boundary between the internet zone and the local/trusted zone that reads the, predictable, location of the outlook express configuration.... But thats a WAG, (Wild Assed Guess)....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    716
    Originally posted here by Tiger Shark
    I'd guess at a script or ActiveX that crosses the boundary between the internet zone and the local/trusted zone that reads the, predictable, location of the outlook express configuration.... But thats a WAG, (Wild Assed Guess)....

    Yes it is a WAG, not impossible but improbable. Would the ActiveX not be prompted? Unless the browser is not set up to prompt, which I would assume anyone worth their salt would have in effect. As far as the script, it would more than likely require a little more interaction within the site. More than just a cursory glance.

    Although I could very well be wrong.



    Woot! Only took me 4.5 years to become a senior! hahah
    Get some good religion from Bad Religion.

  7. #7
    Senior Member IKnowNot's Avatar
    Join Date
    Jan 2003
    Posts
    792
    I played with some Javascript about four years ago trying to do something similar. As I remember it always asked to confirm sending the e-mail. At the time I did not have control over the server, which, as I recall, was the main stumbling block.

    Just curious: was there anything left in your sent folder?
    " And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

  8. #8
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    Location
    3rd Rock from Sun
    Posts
    2,528
    [/topic]
    Woot! Only took me 5 years to become a senior! hahah
    And only FOUR years to add it up wrong
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  9. #9
    T3h Ch3F
    Join Date
    Sep 2001
    Posts
    716
    Originally posted here by foxyloxley
    [/topic]


    And only FOUR years to add it up wrong

    hahahah your right!!!!

    Ya Bastad!!! I changed it to more be more accurate in the portrayal of my time here.

    Get some good religion from Bad Religion.

  10. #10
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    as you said, he uses that site to keep track of his mailing lists. he probably has a mailing list of suppliers that he put you on. he doesn't care that they use the stored addys to spam with...as long as it makes HIS life easier in some way.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides