[SEL] Re: <snip> Spam O.T.

Paul Pavlinovich pjp at steamengine.com.au
Sat Jan 20 01:57:55 PST 2007 

Jerry Evans wrote:
>         I also have positive proof that they can hack your email 
> service provider and strip eMail addresses from there. My main email 
> address is <jerrye at cyberserv.co.za> (I've been connected there since 
> late 1991 - a very early email user) (the addy I use on this list 
> forwards all mail to this one). My mailbox is therefore known as 
> "jerrye" My service provider is "cyberserv.co.za" but their email 
> server has an identifying name (as all networked computers do). The 
> name of this mail server (computer) is "Tahiti" (not quite but close) 
> and the internet email address of this computer is 
> mail.cyberserv.co.za. (of course it also has an Internet protocol 
> number (IP) something like <093:27:6:1>
>         About 3 years ago I started getting spam addressed to 
> <jerrye at mail.cyberserv.co.za> as well as spam addressed to 
> <jerrye at tahiti.cyberserv.co.za>. They all got through to my mailbox.
>
>         These could only have been hacked from my providers site 
> because prior to that I had no idea that those addresses could be used 
> - I was totally unaware that they even existed so there was no way I 
> could have posted them anywhere - yet I suddenly started getting spam 
> to them.
>
Hi Jerry (and List),
They would have found those internal addresses by checking the MX 
records for your main address. They're unlikely to have hacked your 
server - you can see them with the name server lookup tool 'nslookup' - 
here is what I got for cyberserv.co.za

# nslookup
 > set type=MX
 > cyberserv.co.za
Server:         203.12.35.50
Address:        203.12.35.50#53

Non-authoritative answer:
cyberserv.co.za mail exchanger = 10 taita.cyberserv.co.za.

Authoritative answers can be found from:
cyberserv.co.za nameserver = taita.cyberserv.co.za.
cyberserv.co.za nameserver = tahiti.cyberserv.co.za.
 >
#

MX are "Mail eXchanger" - it is how email actually finds its way from 
server to server - kinda like a street directory for the postman. All 
this information is public.

Spammers do this not because they want to get you three copies of 
everything, but because there are two kinds of spammer - there are 
address harvesters and spam transmitters. The harvesters get paid for 
each valid unique address they provide to the transmitters - so they 
cheat (after all they're pond scum) and provide several valid addresses 
that all point at you.

Regards
Paul

More information about the sel mailing list