AN EMAIL TO A SECURITY GURU ACQUAINTANCE OF MINE
*** begin quote ***
Thought you’d find this interesting. As an old security guy, (well that’s what all the recruiters tell me, “too old”, and “50 is the new 90”. I’m “only” 62! Strange world we live in.), I am seeing a “new” form of spam.
Background: I run an alumni news blog / ezine / website. Never, ever any email address in it. Just news. “Joe Blow Class of 1970 died”, “Samantha Smith Class of 1980 promoted”, “Harry Potter Class of 1990 gets Hogswarth PhD”. Absolutely of little interest to other than alumni. I, of course, having too much time on my hands have our own domain. Jasper Jottings dot com.
Punchline: I am now seeing spam addressed to: Joe.Blow, blow.joe, blowj …, jblow, samantha.smith, smith.samantha, etc. etc. AT my domain name! Lots of it.
Conclusion: Someone is parsing the content. Extracting names. And, has a pretty sophisticated addressing mechanism.
Sidenote: Of course, the laughs on them because there are ZERO real people to read the spam. These are advertising commercial products. Not Nigerian benefactors, male / female enhancements, nor get rich quick schemes. But they are tech conferences, odd technology products, and tech books on amazon.
Observation: “Real” websites, for companies or business, with people named on the site are going to get slimed.
Just thought you’d enjoy this little wrinkle. Clearly we need IPv6 and authenticated email; replace SMTP once and for all. (Love to lead that effort for some one!) As I said, too much time on my hands.
*** end quote ***
Love it when I find something new.
# # # # #