Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Email address munging suggestions

0 views
Skip to first unread message

Greg Boettcher

unread,
Dec 27, 2009, 12:10:08 PM12/27/09
to
I am preparing a research project in which I will be posting a bunch
of email addresses to the Internet to see how much spam they draw. The
addresses will be disguised in various ways, and the project should
help provide data on the effectiveness of those address-disguising
methods. The methods will be as diverse as using JavaScript to
scramble addresses, using CSS positioning to scramble addresses, etc.

But one area where I could especially use more ideas is the kind of
simple munging often done on Usenet. For example:

myn...@domain.REMoVETHiSzz
myX...@domaiX.zz (replace X's with N's)
myname@domain.X, where X=zz
zz.niamod@emanym (reverse letters)

Can anyone think of any other clever examples of this?

Thanks in advance for any help.

Greg

Kathy Morgan

unread,
Dec 27, 2009, 2:45:07 PM12/27/09
to
[news.newusers.questions added back in]

It's a courtesy when setting followups to mention it at the top of the
message. My newsreader alerts me when my followup is being directed out
of the group I'm reading, but that isn't true of all newsreaders.

Greg Boettcher <WRITET...@gregboettcher.com> wrote:

> I am preparing a research project in which I will be posting a bunch
> of email addresses to the Internet to see how much spam they draw. The
> addresses will be disguised in various ways, and the project should
> help provide data on the effectiveness of those address-disguising
> methods. The methods will be as diverse as using JavaScript to
> scramble addresses, using CSS positioning to scramble addresses, etc.
>
> But one area where I could especially use more ideas is the kind of
> simple munging often done on Usenet. For example:
>
> myn...@domain.REMoVETHiSzz
> myX...@domaiX.zz (replace X's with N's)
> myname@domain.X, where X=zz

When posting a munged address, you should ALWAYS end the munged address
with ".invalid," which is a TLD (Top Level Domain name) that has been
reserved and will never be assigned to anyone. One reason for this is
so that if you've accidentally used a munge that creates an address that
is valid (but for someone else) no mail (spam or otherwise) will be sent
to that address. Also, many mail clients and newsreaders will then
recognize the address as invalid and refuse to try to send a response to
those addresses--and if they do try, the mail server will refuse to
accept the message.

That would make the addresses above into:

myn...@domain.REMoVETHiSzz.invalid
myX...@domaiX.zz.invalid (replace X's with N's)
myn...@domain.X.invalid, where X=zz

> zz.niamod@emanym (reverse letters)

No decent Usenet client would accept this because it does not have the
format of an email address as required by RFC's. I suspect that even if
you use a sufficiently broken newsreader that it would accept the
malformed "address," the news server probably would not. You could
however make it into something acceptable to software by adding the
".invalid" at the end.

zz.n...@emanym.invalid (reverse letters and take out the invalid)

> Can anyone think of any other clever examples of this?

Sorry, no. In fact, I usually can't figure out how to unmunge the
addresses people post with. "Take out the obvious to send me email"
doesn't work for me, because I usually can't figure out what the obvious
is. One that I've seen that wasn't too bad, except that it was missing
the ".invalid," was "myn...@domain.TRASH.com" and instructions to take
out the trash.

--
Kathy

D. Stussy

unread,
Dec 27, 2009, 7:10:06 PM12/27/09
to
"Kathy Morgan" <kmo...@spamcop.net> wrote in message
news:1jbdmbp.1effpu011rkyatN%kmo...@spamcop.net...

In addition to the above, I add:

1) The ".invalid" TLD should not be used in the optional "Reply-To"
header, especially when the "From" header already specifies it. "Reply-To"
is meant only for valid mailboxes. "Reply-To" should only appear when
differing from "From", and when "From" is already invalid, an invalid
"Reply-To" breaks this tennant, even if it textually specifies a different,
invalid mailbox.

2) Some users on Usenet have resorted to using other reserved domains and
name elements (e.g. "example", "test", "localhost", etc) for their invalid
addresses. This is also a misuse of these things. Note: The combination
"example.invalid" is considered reserved due to "example" being reserved as
a 2LD. RFC 2606 only reserves "example" as a 2LD for three TLDs, but it is
reserved via ICANN contracts for the other gTLDs.

There are news servers that automatically filter OUT articles containing
RFC-2606 abuses and other stupidity (like syntax errors - e.g. two "@"s in
the same mailbox specification), so watch out for any over-aggressiveness
in your design. Generally, these filters specifically permit ".invalid" to
appear in the "From:" and "Sender:" headers


"Trash.com" - a POOR choice. It is registered and resolves:

trash.com. 1800 IN SOA dns1.name-services.com. info.name-services.com.
2002050701 10001 1801 604801 181

Domain Name: TRASH.COM
Registrar: TUCOWS INC.
...
Updated Date: 20-dec-2009
Creation Date: 20-jul-1995
Expiration Date: 19-jul-2018

Therefore, using it violates the tennant of creating a bogus mailbox that
resolves to someone else's domain.

Alan J Rosenthal

unread,
Dec 28, 2009, 11:45:09 AM12/28/09
to
"D. Stussy" <spam+ne...@bde-arc.ampr.org> writes:
>"Trash.com" - a POOR choice. It is registered and resolves:
...

>Therefore, using it violates the tennant of creating a bogus mailbox that
>resolves to someone else's domain.

But it's not a valid domain name because the name of the company is
First Place Internet, not Trash. They should register something like
firstplace.com instead.

Kathy Morgan

unread,
Dec 28, 2009, 11:50:10 AM12/28/09
to
D. Stussy <spam+ne...@bde-arc.ampr.org> wrote:

> 1) The ".invalid" TLD should not be used in the optional "Reply-To"
> header, especially when the "From" header already specifies it. "Reply-To"
> is meant only for valid mailboxes.

Thank you for mentioning this, which I forgot in my post.

> "Reply-To" should only appear when
> differing from "From", and when "From" is already invalid, an invalid
> "Reply-To" breaks this tennant, even if it textually specifies a different,
> invalid mailbox.

Not to mention being really annoying!

--
Kathy

Greg Boettcher

unread,
Dec 28, 2009, 11:50:12 AM12/28/09
to
On Dec 27, 1:45 pm, kmor...@spamcop.net (Kathy Morgan) wrote:
> [news.newusers.questions added back in]
>
> It's a courtesy when setting followups to mention it at the top of the
> message. My newsreader alerts me when my followup is being directed out
> of the group I'm reading, but that isn't true of all newsreaders.

Sorry, I had failed to do my homework and observe that
news.newusers.questions was a moderated group. I would not have
crossposted to it otherwise, and in addition, I take your point too.

> When posting a munged address, you should ALWAYS end the munged address
> with ".invalid," which is a TLD (Top Level Domain name) that has been
> reserved and will never be assigned to anyone. One reason for this is
> so that if you've accidentally used a munge that creates an address that
> is valid (but for someone else) no mail (spam or otherwise) will be sent
> to that address. Also, many mail clients and newsreaders will then
> recognize the address as invalid and refuse to try to send a response to
> those addresses--and if they do try, the mail server will refuse to
> accept the message.

I've seen people recommend .invalid before, but I didn't realize that
it had actually been reserved and will never be used. Thanks for the
information.

> No decent Usenet client would accept this because it does not have the
> format of an email address as required by RFC's. I suspect that even if
> you use a sufficiently broken newsreader that it would accept the
> malformed "address," the news server probably would not. You could
> however make it into something acceptable to software by adding the
> ".invalid" at the end.

Thanks for the correction, as I had said "the type of munging done on
Usenet" -- not quite what I meant, as the addresses I munge will be
posted to the web, not Usenet. I hadn't thought nearly as much about
how to maintain security on Usenet, so those are good things for me to
think about.

Stephen Wolstenholme

unread,
Dec 28, 2009, 12:20:09 PM12/28/09
to

First Place Internet registered trash.com so it is a valid domain
name.

I own a company with many registered domain names but the company
itself does not need a registered domain name. It has a registered
company name.

Steve

--
Neural Planner Software Ltd www.NPSL1.com

Neural network applications, help and support.

Kathy Morgan

unread,
Dec 28, 2009, 2:15:08 PM12/28/09
to
Greg Boettcher <WRITET...@gregboettcher.com> wrote:

> > No decent Usenet client would accept this because it does not have the
> > format of an email address as required by RFC's. I suspect that even if
> > you use a sufficiently broken newsreader that it would accept the
> > malformed "address," the news server probably would not. You could
> > however make it into something acceptable to software by adding the
> > ".invalid" at the end.
>
> Thanks for the correction, as I had said "the type of munging done on
> Usenet" -- not quite what I meant, as the addresses I munge will be
> posted to the web, not Usenet. I hadn't thought nearly as much about
> how to maintain security on Usenet, so those are good things for me to
> think about.

Ah! Then the type of munge that I prefer is called obfuscation. When
displayed on the web page, it is a clickable mailto link that works, but
spam harvesters' web crawlers don't recognize it as a mail address.
There are a number of web sites that will obfuscate addresses for you;
do a web search for "mail obfuscator" or see for instance
<http://www.albionresearch.com/misc/obfuscator.php>

--
Kathy

Peter J Ross

unread,
Dec 30, 2009, 5:40:07 PM12/30/09
to
In news.newusers.questions on Sun, 27 Dec 2009 17:10:08 +0000 (UTC),
Greg Boettcher <WRITET...@gregboettcher.com> wrote:

> I am preparing a research project in which I will be posting a bunch
> of email addresses to the Internet to see how much spam they draw.

I trust that all related mailboxes will belong to you, and that you
won't forge any domains that exist now or may exist in future.

> The
> addresses will be disguised in various ways, and the project should
> help provide data on the effectiveness of those address-disguising
> methods. The methods will be as diverse as using JavaScript to
> scramble addresses, using CSS positioning to scramble addresses, etc.
>
> But one area where I could especially use more ideas is the kind of
> simple munging often done on Usenet. For example:
>
> myn...@domain.REMoVETHiSzz
> myX...@domaiX.zz (replace X's with N's)
> myname@domain.X, where X=zz
> zz.niamod@emanym (reverse letters)

All these examples are, strictly speaking, forgeries of potentially
valid domains. Please stop doing that.

> Can anyone think of any other clever examples of this?

"Munging" is arguably abusive, whether it's "clever" or not.

The problem with the techniques you want to research is that they're
unacceptable techniques.


--
PJR :-)
slrn newsreader v0.9.9p1: http://slrn.sourceforge.net/
extra slrn documentation: http://slrn-doc.sourceforge.net/
newsgroup name validator: http://pjr.lasnobberia.net/usenet/validator

0 new messages