Identical spams going to different spamgourmet addresses

Use this forum to get help.

Identical spams going to different spamgourmet addresses

Postby ScottF4 » Tue Dec 30, 2014 9:20 pm

In the past few days I've gotten identical spam to 6 of my spamgourmet addresses. The email addresses take the form of spamgourmetuniqueword.myspamgourmetuseridsomeletters@randomdomain
Example; email sent to lifehacker.xxxxx@spamgourmet.com came from lifehacker.xxxxxgia@telstep.ca. All of the spams invite me to write back to the spammer at somerandomemail@yandex.ru
This seem similar to a problem a user wrote about at viewtopic.php?f=7&t=1538.
While I can see a spammer that is familiar with spamgourmet and discovers my user id being able to create new spamgourmet addresses and possibly guess a few, I think it would be hard for them to guess 6 of them.
Any ideas on what's going on here?
ScottF4
 
Posts: 30
Joined: Sat Dec 03, 2005 5:46 pm

Re: Identical spams going to different spamgourmet addresses

Postby josh » Tue Dec 30, 2014 9:57 pm

I often get identical spam on multiple spamgourmet addresses -- sounds like you're pointing out two things?

First, spammers almost always make up a From: address - in your case, it looks like they took what was before the @ sign and added 'gia' to it, then suffixed that with @telstep.ca --- that same algorithm works with any email address - e.g., someone@example.com becomes someonegia@ (you know the rest - I try not to type out full email addresses online unless they're @example.com - this to keep harvesters from picking them up)

Anyway - as more and more of my disposable addresses wind up on lists that the spammers are sending to, I start to see multiples - of course this only happens when the addresses are not expired - and in most cases this means I've artificially kept them open by incrementing the count or using recursive exclusive sender matching.

My theory is that they're not being guessed in most cases, but rather that they're finding their way onto these lists the way any other email address does.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: Identical spams going to different spamgourmet addresses

Postby ScottF4 » Tue Dec 30, 2014 10:14 pm

I can see the emails being harvested where they were used publicly, but some of the email addresses were only used for account creation
ScottF4
 
Posts: 30
Joined: Sat Dec 03, 2005 5:46 pm

Re: Identical spams going to different spamgourmet addresses

Postby josh » Wed Dec 31, 2014 5:56 pm

It has been our theory that if our service were ever compromised, the bandits would start sending email to the underlying protected email addresses rather than the disposable addresses - we keep a couple of quiet accounts in the system which we use as indicators -- if they ever start getting email, that will be a bad sign. So far, so good.

Not to jump to any conclusions, but I can say that I've signed up for certain things at certain places and then shortly afterward started receiving junk mail from other places on the unique address I used. In those situations, the best explanation I could come up with was that the service I signed up for (or some other service they use, maybe for payment processing, etc.) either intentionally distributed the address, or had been compromised and perhaps the owners didn't know. But of course that was mere speculation.
josh
 
Posts: 1371
Joined: Fri Aug 29, 2003 2:28 pm

Re: Identical spams going to different spamgourmet addresses

Postby ScottF4 » Mon Apr 13, 2015 11:28 pm

Just had another batch of identical spams coming to ten different spam gourmet addresses. As far as I know, these sites have no connection and they are not sites I have posted on.

Scott
ScottF4
 
Posts: 30
Joined: Sat Dec 03, 2005 5:46 pm

Re: Identical spams going to different spamgourmet addresses

Postby Clewby » Tue Nov 29, 2016 8:36 am

If you are not using encryption between the client and your email server(s), and if your computer running your email client is connected to your mail server(s) via a broadcast medium, someone could be harvesting email addresses using WireShark (or equivalent).

If, for example, you use a particular 'free' Wi-Fi in a coffee shop, or a conference venue, you could set up some email addresses that you only send/receive messages from at that individual location, and use for no other purpose, and see if they turn up as spam targets.
Clewby
 
Posts: 44
Joined: Mon Jun 13, 2011 4:48 pm


Return to Support / Hilfe / ayuda / ondersteuning / ...

Who is online

Users browsing this forum: No registered users and 18 guests

cron