Avoid Spam - Don't Use Simple Email Addresses
Posted by Max Dunn Fri, 02 Nov 2007 15:08:00 GMT
When choosing an email address, it is often tempting to use just your first name or last name like lisa@mycompany.com or smith@mycompany.com. Don’t do it!
The problem with these simple email addresses is that spammers often use directory harvest attacks to find new email addresses to send spam to. In these attacks, they try using all sorts of different email names to see if any go through. Here is an edited portion of my mail log file that records these attacks:
... Oct 28 01:51:26 <barker@testcompany.com>... User unknown Oct 28 01:51:27 <barnes@testcompany.com>... User unknown Oct 28 01:51:28 <barnett@testcompany.com>... User unknown Oct 28 01:51:29 <barrett@testcompany.com>... User unknown Oct 28 01:51:30 <bates@testcompany.com>... User unknown ...
You see that the spammer here is employing a dictionary attack – simply trying a large list of common names. This is not very efficient since it will usually take thousands or tens of thousands of tries to find one good email address. But the spammers don’t care. They have large networks of zombie computers that can automatically do this work for them day and night.
To give you an idea of the size of these attacks, my email server incorporates techniques for reducing harvest attacks but even then, for one domain there were over 52,000 of these attempts in the last 3 days!
What can you do to prevent this? The best way is to choose an email address that incorporates elements of both your first and last name or adds other information. For instance:
- Lisa.Smith@mycompany.com
- lsmith@mycompany.com
- lisas@mycompany.com
- lisa_accounting@mycompany.com
This is just one of the techniques that you will need to use to cut down on spam. Of course, you should never put your email address unencoded an a web site or forum, and be careful when providing your email address in any web form. However, if you have been careful about your email address and are still getting spam, then it is possible that your email name is too simple and a spammer discovered it using a directory harvest attack.