[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] VeriSign's fake SMTP server for SiteFinder

To: "Joshua Levitsky" <jlevitsk@xxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>, "Joshua Thomas" <JThomas@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] VeriSign's fake SMTP server for SiteFinder
From: "Geoincidents" <geoincidents@xxxxxxxxxxx>
Date: Mon, 22 Sep 2003 20:53:33 -0400

----- Original Message ----- 

> Right now they take in the address of who you are sending to and who is
> sending. What a wonderful way to collect valid email addresses. First
> the MAIL FROM will be a correct address most of the time. The RCPT TO
> will be wrong 100% of the time, but they could employ scripts with some
> logic to see things like    user@xxxxxxxxxxx is really
> user@xxxxxxxxxxxx and such. Many typos are repeated in the same way by
> many people.
>
> Can't wait for the spam to start flowing from that list of users they

So bust them at it. Setup some email that is unguessable, send an email to
noone@xxxxxxxxxxxxxxxxxxxxxxxxxx and if your unguessble address gets spammed
you know they did it. If a number of folks here do that and all get spammed
then it's pretty clear where the information came from.

Geo.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] VeriSign's fake SMTP server for SiteFinder
  - From: Ng Pheng Siong

References:
- RE: [Full-Disclosure] VeriSign's fake SMTP server for SiteFinder
  - From: Joshua Thomas
- Re: [Full-Disclosure] VeriSign's fake SMTP server for SiteFinder
  - From: Joshua Levitsky

Prev by Date: Re: [Full-Disclosure] Is Marty Lying?
Next by Date: [Full-Disclosure] New Hacking Zine: p62
Previous by thread: Re: [Full-Disclosure] VeriSign's fake SMTP server for SiteFinder
Next by thread: Re: [Full-Disclosure] VeriSign's fake SMTP server for SiteFinder
Index(es):
- Date
- Thread