List poisoning
Encyclopedia
The term list poisoning as related to electronic mail (e-mail
), refers to poisoning a mailing list with invalid e-mail addresses.
Poisoning spammer's mailing lists is usually done by blacklists submitting fake information to email submit style offers, or by posting invalid email addresses in a Usenet
forum or on a web page
where spammers are believed to harvest email addresses for their mailing lists.
E-mail
Electronic mail, commonly known as email or e-mail, is a method of exchanging digital messages from an author to one or more recipients. Modern email operates across the Internet or other computer networks. Some early email systems required that the author and the recipient both be online at the...
), refers to poisoning a mailing list with invalid e-mail addresses.
Industry uses
Once a mailing list has been poisoned with a number of invalid e-mail addresses, the resources required to send a message to this list has increased, even though the number of valid recipients has not. If one can poison a spammer's mailing list, one can force the spammer to exhaust more resources to send e-mail, in theory costing the spammer money and time.Poisoning spammer's mailing lists is usually done by blacklists submitting fake information to email submit style offers, or by posting invalid email addresses in a Usenet
Usenet
Usenet is a worldwide distributed Internet discussion system. It developed from the general purpose UUCP architecture of the same name.Duke University graduate students Tom Truscott and Jim Ellis conceived the idea in 1979 and it was established in 1980...
forum or on a web page
Web page
A web page or webpage is a document or information resource that is suitable for the World Wide Web and can be accessed through a web browser and displayed on a monitor or mobile device. This information is usually in HTML or XHTML format, and may provide navigation to other web pages via hypertext...
where spammers are believed to harvest email addresses for their mailing lists.
Vulnerabilities
- Syntactically invalid email addresses used to poison a mailing list could be easily filtered out by the spammers, while using email addresses that are syntactically correct could cause problems for the mail server responsible for the email address.
- Implementations of spam poisoning systems can be avoided, if spammers learn of their location (e. g., they could automatically filter out any address containing "spampoison.com").
- Spammers often steal resources so that the efficiency of a mailing places little financial burden on the spammer.
Implementations
- List poisoning code written in Perl.
- List poisoning code written in PHP.
- Simple list poisoning code written in BASH shell script and a working example.
- An example of list poisoning using a shared CGI at a public URL (Implemented on 1,470,000 sites).
- Another example of list poisoning that throws the harvester in an endless loop of dynamically generated email addresses.
See also
- Anti-spam techniques (e-mail)
- Address mungingAddress mungingAddress munging is the practice of disguising, or munging, an e-mail address to prevent it being automatically collected and used as a target for people and organizations who send unsolicited bulk e-mail...
- BotnetBotnetA botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
- E-mail address harvestingE-mail address harvestingEmail harvesting is the process of obtaining lists of email addresses using various methods for use in bulk email or other purposes usually grouped as spam.-Methods:...
- SpamtrapSpamtrapA spamtrap is a honeypot used to collect spam.Spamtraps are usually e-mail addresses that are created not for communication, but rather to lure spam...
- Stopping e-mail abuseStopping e-mail abuseTo prevent e-mail spam , both end users and administrators of e-mail systems use various anti-spam techniques. Some of these techniques have been embedded in products, services and software to ease the burden on users and administrators...