Email address munging suggestions
Greg Boettcher
of email addresses to the Internet to see how much spam they draw. The
addresses will be disguised in various ways, and the project should
help provide data on the effectiveness of those address-disguising
methods. The methods will be as diverse as using JavaScript to
scramble addresses, using CSS positioning to scramble addresses, etc.
But one area where I could especially use more ideas is the kind of
simple munging often done on Usenet. For example:
myn...@domain.REMoVETHiSzz
myX...@domaiX.zz (replace X's with N's)
myname@domain.X, where X=zz
zz.niamod@emanym (reverse letters)
Can anyone think of any other clever examples of this?
Thanks in advance for any help.
Greg
Kathy Morgan
It's a courtesy when setting followups to mention it at the top of the
message. My newsreader alerts me when my followup is being directed out
of the group I'm reading, but that isn't true of all newsreaders.
Greg Boettcher <WRITET...@gregboettcher.com> wrote:
> I am preparing a research project in which I will be posting a bunch
> of email addresses to the Internet to see how much spam they draw. The
> addresses will be disguised in various ways, and the project should
> help provide data on the effectiveness of those address-disguising
> methods. The methods will be as diverse as using JavaScript to
> scramble addresses, using CSS positioning to scramble addresses, etc.
>
> But one area where I could especially use more ideas is the kind of
> simple munging often done on Usenet. For example:
>
> myn...@domain.REMoVETHiSzz
> myX...@domaiX.zz (replace X's with N's)
> myname@domain.X, where X=zz
When posting a munged address, you should ALWAYS end the munged address
with ".invalid," which is a TLD (Top Level Domain name) that has been
reserved and will never be assigned to anyone. One reason for this is
so that if you've accidentally used a munge that creates an address that
is valid (but for someone else) no mail (spam or otherwise) will be sent
to that address. Also, many mail clients and newsreaders will then
recognize the address as invalid and refuse to try to send a response to
those addresses--and if they do try, the mail server will refuse to
accept the message.
That would make the addresses above into:
myn...@domain.REMoVETHiSzz.invalid
myX...@domaiX.zz.invalid (replace X's with N's)
myn...@domain.X.invalid, where X=zz
> zz.niamod@emanym (reverse letters)
No decent Usenet client would accept this because it does not have the
format of an email address as required by RFC's. I suspect that even if
you use a sufficiently broken newsreader that it would accept the
malformed "address," the news server probably would not. You could
however make it into something acceptable to software by adding the
".invalid" at the end.
zz.n...@emanym.invalid (reverse letters and take out the invalid)
> Can anyone think of any other clever examples of this?
Sorry, no. In fact, I usually can't figure out how to unmunge the
addresses people post with. "Take out the obvious to send me email"
doesn't work for me, because I usually can't figure out what the obvious
is. One that I've seen that wasn't too bad, except that it was missing
the ".invalid," was "myn...@domain.TRASH.com" and instructions to take
out the trash.
--
Kathy
D. Stussy
news:1jbdmbp.1effpu011rkyatN%kmo...@spamcop.net...
In addition to the above, I add:
1) The ".invalid" TLD should not be used in the optional "Reply-To"
header, especially when the "From" header already specifies it. "Reply-To"
is meant only for valid mailboxes. "Reply-To" should only appear when
differing from "From", and when "From" is already invalid, an invalid
"Reply-To" breaks this tennant, even if it textually specifies a different,
invalid mailbox.
2) Some users on Usenet have resorted to using other reserved domains and
name elements (e.g. "example", "test", "localhost", etc) for their invalid
addresses. This is also a misuse of these things. Note: The combination
"example.invalid" is considered reserved due to "example" being reserved as
a 2LD. RFC 2606 only reserves "example" as a 2LD for three TLDs, but it is
reserved via ICANN contracts for the other gTLDs.
There are news servers that automatically filter OUT articles containing
RFC-2606 abuses and other stupidity (like syntax errors - e.g. two "@"s in
the same mailbox specification), so watch out for any over-aggressiveness
in your design. Generally, these filters specifically permit ".invalid" to
appear in the "From:" and "Sender:" headers
"Trash.com" - a POOR choice. It is registered and resolves:
trash.com. 1800 IN SOA dns1.name-services.com. info.name-services.com.
2002050701 10001 1801 604801 181
Domain Name: TRASH.COM
Registrar: TUCOWS INC.
...
Updated Date: 20-dec-2009
Creation Date: 20-jul-1995
Expiration Date: 19-jul-2018
Therefore, using it violates the tennant of creating a bogus mailbox that
resolves to someone else's domain.
Alan J Rosenthal
>"Trash.com" - a POOR choice. It is registered and resolves:
>Therefore, using it violates the tennant of creating a bogus mailbox that
>resolves to someone else's domain.
But it's not a valid domain name because the name of the company is
First Place Internet, not Trash. They should register something like
firstplace.com instead.
Kathy Morgan
> 1) The ".invalid" TLD should not be used in the optional "Reply-To"
> header, especially when the "From" header already specifies it. "Reply-To"
> is meant only for valid mailboxes.
Thank you for mentioning this, which I forgot in my post.
> "Reply-To" should only appear when
> differing from "From", and when "From" is already invalid, an invalid
> "Reply-To" breaks this tennant, even if it textually specifies a different,
> invalid mailbox.
Not to mention being really annoying!
--
Kathy
Greg Boettcher
> [news.newusers.questions added back in]
>
> It's a courtesy when setting followups to mention it at the top of the
> message. My newsreader alerts me when my followup is being directed out
> of the group I'm reading, but that isn't true of all newsreaders.
Sorry, I had failed to do my homework and observe that
news.newusers.questions was a moderated group. I would not have
crossposted to it otherwise, and in addition, I take your point too.
> When posting a munged address, you should ALWAYS end the munged address
> with ".invalid," which is a TLD (Top Level Domain name) that has been
> reserved and will never be assigned to anyone. One reason for this is
> so that if you've accidentally used a munge that creates an address that
> is valid (but for someone else) no mail (spam or otherwise) will be sent
> to that address. Also, many mail clients and newsreaders will then
> recognize the address as invalid and refuse to try to send a response to
> those addresses--and if they do try, the mail server will refuse to
> accept the message.
I've seen people recommend .invalid before, but I didn't realize that
it had actually been reserved and will never be used. Thanks for the
information.
> No decent Usenet client would accept this because it does not have the
> format of an email address as required by RFC's. I suspect that even if
> you use a sufficiently broken newsreader that it would accept the
> malformed "address," the news server probably would not. You could
> however make it into something acceptable to software by adding the
> ".invalid" at the end.
Thanks for the correction, as I had said "the type of munging done on
Usenet" -- not quite what I meant, as the addresses I munge will be
posted to the web, not Usenet. I hadn't thought nearly as much about
how to maintain security on Usenet, so those are good things for me to
think about.
Kathy Morgan
> > No decent Usenet client would accept this because it does not have the
> > format of an email address as required by RFC's. I suspect that even if
> > you use a sufficiently broken newsreader that it would accept the
> > malformed "address," the news server probably would not. You could
> > however make it into something acceptable to software by adding the
> > ".invalid" at the end.
>
> Thanks for the correction, as I had said "the type of munging done on
> Usenet" -- not quite what I meant, as the addresses I munge will be
> posted to the web, not Usenet. I hadn't thought nearly as much about
> how to maintain security on Usenet, so those are good things for me to
> think about.
Ah! Then the type of munge that I prefer is called obfuscation. When
displayed on the web page, it is a clickable mailto link that works, but
spam harvesters' web crawlers don't recognize it as a mail address.
There are a number of web sites that will obfuscate addresses for you;
do a web search for "mail obfuscator" or see for instance
<http://www.albionresearch.com/misc/obfuscator.php>
--
Kathy
Moe Trin
<2009Dec28....@jarvis.cs.toronto.edu>, Alan J Rosenthal wrote:
>"D. Stussy" <spam+ne...@bde-arc.ampr.org> writes:
>>"Trash.com" - a POOR choice. It is registered and resolves:
>...
>>Therefore, using it violates the tennant of creating a bogus mailbox
>>that resolves to someone else's domain.
>But it's not a valid domain name because the name of the company is
>First Place Internet, not Trash.
Why exactly does that make the domain name invalid? The name was
registered (in 1995) as you apparently checked, AND IT DOES RESOLVE.
>They should register something like firstplace.com instead.
Maybe if you looked at the rest of the registration data returned by
the whois query to Tucows (as referred to by internic.net), you would
discover that the contact data does indeed point to a firstplace.com
domain.
Old guy
Alan J Rosenthal
><2009Dec28....@jarvis.cs.toronto.edu>, Alan J Rosenthal wrote:
>>But it's not a valid domain name because the name of the company is
>>First Place Internet, not Trash.
>
>Why exactly does that make the domain name invalid?
Because domain names are supposed to be NAMES, not advertisements or
speculative properties.
>The name was
>registered (in 1995) as you apparently checked, AND IT DOES RESOLVE.
Yes, but I wish it didn't, along with all of the other speculators and
spammers and miscreants on the net. It didn't have to be this way.
It _wasn't_ always this way. But the kids these days know no other.
>>They should register something like firstplace.com instead.
>
>Maybe if you looked at the rest of the registration data returned by
>the whois query to Tucows (as referred to by internic.net), you would
>discover that the contact data does indeed point to a firstplace.com
>domain.
I did notice this, and was attempting to point out that they thus have
no legitimate need to register trash.com too.
Moe Trin
>ibup...@painkiller.example.tld.invalid (Moe Trin) writes:
>> Why exactly does that make the domain name invalid?
>Because domain names are supposed to be NAMES, not advertisements or
>speculative properties.
Now that's one that going to call on the wisdom of Solomon to resolve.
A lot of domain names are created because of the well known inability
of the great unwashed masses to be able to recognize names. Most
radio stations in the US that have web sites will use their call
letters or the name they use on the air to identify themselves, rather
than the name of the company that actually owns the station. And it's
not just the yanks - as witness the 'bbc.com' domain. Another common
place this occurs is in the pharmaceutical industry - hence the
domains 'viagra.com' and 'lipitor.com' (both registered to 'Pfizer
Inc.') or 'cialis.com' and 'prozac.com' (both registered by Eli Lilly &
Co.). Further we all know that every hostname on the inter-web-thingy
begins with the letters "www" and ends with ".com". It's a fact of
life, and nothing we're able to do is going to change that - hence the
US Army, Navy and Air Farce all having recruiting web sites that are
".com"s rather than ".mil". Gives you real confidence in the quality
of recruits they're going after.
>> The name was registered (in 1995) as you apparently checked, AND IT
>> DOES RESOLVE.
>Yes, but I wish it didn't, along with all of the other speculators and
>spammers and miscreants on the net. It didn't have to be this way.
>It _wasn't_ always this way. But the kids these days know no other.
2352 A Convention For Using Legal Names as Domain Names. O. Vaughan.
May 1998. (Format: TXT=16354 bytes) (Obsoletes RFC2240) (Status:
INFORMATIONAL)
Yes, I realize it's only an INFORMATIONAL, but speculators and squatters
will be speculators and squatters, and has often been pointed out we're
not allowed to shoot them on sight... unfortunately. Well, I suppose
it gives the legal weasels something to do.
Old guy
D. Stussy
news:2009Dec28....@jarvis.cs.toronto.edu...
Within the limits of copyright and natural-name infringement, anyone can
register any domain name they wish.
Maybe First Place Internet is also in the garbage business. We all know
how much "garbage" there is on the Internet, and especially on Usenet! ;-)
D. Stussy
news:slrnhji2ul.b...@compton.phx.az.us...
> On 28 Dec 2009, in the Usenet newsgroup comp.security.misc, in article
> <2009Dec28....@jarvis.cs.toronto.edu>, Alan J Rosenthal wrote:
> >"D. Stussy" <spam+ne...@bde-arc.ampr.org> writes:
> >>"Trash.com" - a POOR choice. It is registered and resolves:
> >...
> >>Therefore, using it violates the tennant of creating a bogus mailbox
> >>that resolves to someone else's domain.
>
> >But it's not a valid domain name because the name of the company is
> >First Place Internet, not Trash.
>
> Why exactly does that make the domain name invalid? The name was
> registered (in 1995) as you apparently checked, AND IT DOES RESOLVE.
You mean as I, not Mr. Rosenthal, checked..., since I posted the excerpt.
Alan J Rosenthal
>Within the limits of copyright and natural-name infringement, anyone can
>register any domain name they wish.
That's how it is now, but it's not how it always was, and it didn't have to
become this way.
And just because you _can_ do something doesn't make it _right_.
Alan J Rosenthal
>Alan J Rosenthal wrote:
>>ibup...@painkiller.example.tld.invalid (Moe Trin) writes:
>
>>> Why exactly does that make the domain name invalid?
>
>>Because domain names are supposed to be NAMES, not advertisements or
>>speculative properties.
>
>Now that's one that going to call on the wisdom of Solomon to resolve.
>A lot of domain names are created because of the well known inability
>of the great unwashed masses to be able to recognize names. Most
>radio stations in the US that have web sites will use their call
>letters or the name they use on the air to identify themselves, rather
>than the name of the company that actually owns the station.
That's fine by me; call letters are also their name. Some organizations
have several names. Some people have multiple names.
But First Place Internet is _not_ known as "Trash" -- at least, not as
their name.
Moe Trin
<2009Dec29.1...@jarvis.cs.toronto.edu>, Alan J Rosenthal wrote:
>ibup...@painkiller.example.tld.invalid (Moe Trin) writes:
>> Most radio stations in the US that have web sites will use their
>> call letters or the name they use on the air to identify themselves,
>> rather than the name of the company that actually owns the station.
>That's fine by me; call letters are also their name.
Would you recognize "Astral Radio Media GP"? They're a Toronto
company on St. Clair Ave. W. You _might_ know them better as CFRB. ;-)
Old guy
Moe Trin
<hhbro9$v9f$1...@snarked.org>, D. Stussy wrote:
>Moe Trin" <ibup...@painkiller.example.tld.invalid> wrote
>> Alan J Rosenthal wrote:
>>> "D. Stussy" <spam+ne...@bde-arc.ampr.org> writes:
>>>> "Trash.com" - a POOR choice. It is registered and resolves:
>>> But it's not a valid domain name because the name of the company is
>>> First Place Internet, not Trash.
>> Why exactly does that make the domain name invalid? The name was
>> registered (in 1995) as you apparently checked
>You mean as I, not Mr. Rosenthal, checked
Maybe you missed the fact that the snippet you posted did not include
the company name Mr. Rosenthal mentions.
Old guy
D. Stussy
As long as something is not forbidden, it is permitted.
D. Stussy
If you meant to refer to my statement, you would have quoted me, not him.
Frank Slootweg
Can we quote you on that!? On other subjects, for example .invalid in
Reply-To, you seem to have a somewhat different view. (Yes, I
read/understood what you wrote, but you're still inconsistent.)
Peter J Ross
Greg Boettcher <WRITET...@gregboettcher.com> wrote:
> I am preparing a research project in which I will be posting a bunch
> of email addresses to the Internet to see how much spam they draw.
I trust that all related mailboxes will belong to you, and that you
won't forge any domains that exist now or may exist in future.
> The
> addresses will be disguised in various ways, and the project should
> help provide data on the effectiveness of those address-disguising
> methods. The methods will be as diverse as using JavaScript to
> scramble addresses, using CSS positioning to scramble addresses, etc.
>
> But one area where I could especially use more ideas is the kind of
> simple munging often done on Usenet. For example:
>
> myn...@domain.REMoVETHiSzz
> myX...@domaiX.zz (replace X's with N's)
> myname@domain.X, where X=zz
> zz.niamod@emanym (reverse letters)
All these examples are, strictly speaking, forgeries of potentially
valid domains. Please stop doing that.
> Can anyone think of any other clever examples of this?
"Munging" is arguably abusive, whether it's "clever" or not.
The problem with the techniques you want to research is that they're
unacceptable techniques.
--
PJR :-)
slrn newsreader v0.9.9p1: http://slrn.sourceforge.net/
extra slrn documentation: http://slrn-doc.sourceforge.net/
newsgroup name validator: http://pjr.lasnobberia.net/usenet/validator