How the hell is someone getting my email address?

Discussion in 'Computer Security' started by Edw. Peach, Jul 15, 2005.

  1. Edw. Peach

    Edw. Peach Guest

    My OS is WinXP Pro. I use Firefox as my main browser and Eudora as my
    email program. I do not keep my email program open except when I'm
    reading/writing email. My internet connection is broadband cable. I
    use a firewall (software) all the time, run AV software regularly,
    plus Ad-Aware.

    I have a primary email account that I N-E-V-E-R use. My ISP has sent
    me a few notices at that address, but as I said, I do not use it
    otherwise, period.

    I've started getting mail at that address recently and I can't figure
    out how anybody would have gotten it. It's quite random and doesn't
    use any words found in the dictionary.

    Is there ANY WAY a web site can lift any of my email addresses if I
    visit their site? Are they stored anywhere on my computer that this
    site can access? If so, how do I stop that from happening?

    Edw. Peach, Jul 15, 2005
    1. Advertisements

  2. Edw. Peach

    Unruh Guest

    Possibly, but probably lifted from the site of someone who has emailed you
    from that site or to whom you have sent an email from that address.
    Unruh, Jul 16, 2005
    1. Advertisements

  3. Edw. Peach

    Phil Guest

    Are these real emails, or spam?

    Phil, Jul 16, 2005
  4. Edw. Peach

    ThornCutter Guest

    The one know one has mentioned is your ISP has been breached, they may have
    had their database scoured, and I suspect you may soon be getting more
    garbage mail in your letter box. ISP's keep this stuff quiet as I imagine
    that it would be bad for business.

    So are you with Telstra?
    ThornCutter, Jul 16, 2005
  5. Edw. Peach

    Edw. Peach Guest

    I don't read email from people I do not know. Judging from the
    subject lines, though, it is usually ambiguous and RE-type messages to
    conversations I've never had.
    Edw. Peach, Jul 16, 2005
  6. Edw. Peach

    Phil Guest

    Well maybe you should read it - that might be the first clue to how it's
    getting to you, don't you think? If it turns out to be spam, then it's
    mystery solved, because spambots often generate email addresses at random.
    However, given that you won't make the most basic effort to sort this
    yourself, I'm not going to waste any more time on this.
    Phil, Jul 16, 2005
  7. Edw. Peach

    Edw. Peach Guest

    The reason I do not read the stuff is because I heard long ago that
    opened mail can indicate to the sender that someone is there, which
    could result in even more mail. An opened email indicates an active

    The subject lines on these emails are definitely fabricated topics I
    have no interest in.
    Edw. Peach, Jul 19, 2005
  8. I get emails sometimes that have both my new ISP address (uses a "y") and
    one I have not used at the same ISP for over 5 years now (used an "i"). Also
    they sometimes include all sorts of names with the same domain name ending,
    just to see what does not get rejected automatically.
    Patrick Sullivan, Jul 19, 2005
  9. Edw. Peach

    Ant Guest

    That can be true if the email is in HTML and your email client
    renders it. However, you shouldn't need to actually open an email
    to be able to inspect the headers and raw message data.

    I don't know how this is achieved in Eudora, but even OE makes it
    trivial to do.
    Ant, Jul 19, 2005
  10. From: "Carson Estes" <>

    Send reply to: "Carson Estes" <>


    Subject: Hey,

    Date sent: Fri, 20 May 2005 01:40:07 -0800

    I think they use random character generators, See the bellsouth addresses
    above? It's the only one I still had access to with multiple addresses,
    usually there are lots more than that. I changed the @s to ATs.
    Patrick Sullivan, Jul 20, 2005
  11. It can also be true if the sender adds a Return Receipt to the message
    and your mail system responds.

    Craig A. Finseth, Jul 20, 2005
  12. Edw. Peach

    Ant Guest

    Well I hope the configuration for any receipt would be set to
    ignore, or at least prompt. One shouldn't be receipting spam
    where the return address will inevitably be forged.
    Ant, Jul 20, 2005
  13. Edw. Peach

    Moe Trin Guest

    In the Usenet newsgroup, in article
    Seeing as how they don't want "bounce" messages, they will often use
    invalid address strings - often a simple random string. At other times,
    they will use a valid reply address of some person they wish to harass.
    For spam, you should always assume that the address is not that of the
    spammer. The contents of the spam will give some indication of how to
    contact the spammer (they want your business), but even that is obscure.

    Two points - multiple addresses on a single spam give economy of scale.
    They need only make a single connection to the mail server to deliver a
    number of pieces of spam. In case you've never looked at the conversation
    between sending (S) and receiving (R) mail servers, it goes something
    like this:

    S: Hello R, my name is sender
    R: HELO sender, pleased to meet you
    S: Mail from envelope_sender_name
    R: Sender OK
    S: Mail to envelope_recipient
    R: Recipient OK
    S: Mail to envelope_recipient2
    R: Recipient OK
    S: Mail to envelope_recipient3
    R: No such mailbox
    S: DATA (Here it comes!)
    R: OK send it - end by sending a line containing only a dot
    S: From: "Carson Estes" <>
    S: Send reply to: "Carson Estes" <>
    S: To:,,
    S: Subject: Hey,
    S: Date: Fri, 20 May 2005 01:40:07 -0800
    S: <--- an empty line separates what you see as headers and the body
    S: Bla-bla-bla
    S: . <--- only a single dot on the line - marks end of mail.
    R: OK, I got it

    The "envelope_sender_name" _should_ show up in the headers of the mail as
    the "Return-Path:" header but it can be fake. If there is only a single
    envelope_recipient, it should show up in the "Received:" header. If there
    is more than one envelope_recipient, the values do not appear anywhere.
    Also note that the "From:" and "To:" header is part of the data portion
    of the mail, and serve no purpose in the delivery - thus, they can be
    total garbage, and things still work because mail delivery is based on
    those two envelope headers. Your mail-reader only shows you the stuff
    between the word DATA and the dot by itself on the last line. If you
    _save_ the mail, or maybe tell your mail reader to 'show headers', then
    you MAY see the rest of this stuff. If you want more in details on how
    mail works, see RFC0821 and it's proposed replacement RFC2821 both widely
    available on the web. For additional help on decoding the headers, see

    The other point to recall is that sending spam to nine million addresses
    costs about the same as sending it to twelve million addresses. In the
    conversation shown above, you may see that the third recipient's name
    was rejected - compare the amount of CPU cycles between that rejection
    and the preceding acceptance. That's why once a name gets onto one of
    those "Ten Million Valid E-Mail Address" CDs, it tends to stay there
    for years. "New" addresses are obtained several ways.

    1. You posted it - mail, news, web page, whatever
    2. You responded to a "Take me off this mailing list" address in a spam
    3. You visited a site and used it as a password (See RFC1635)
    4. Your browser handed it out to anyone who asks
    5. Your box got r00ted - a worm, trojan or worm sent the name to a dropbox
    6. It was captured from a friends mailing (AOLers who mail everyone they
    ever heard of, buddy lists, etc.)
    7. Customer list stolen from ISP or someplace you do business
    8. Dictionary attack

    The latter is where the spam service provider connects to a remote mail
    server, and tries to send mail to "common" names, such as those found in
    a dictionary or phone book. They record the success/failure messages in
    the top of the server conversation shown above, and often quit without
    sending mail (or sending an empty mail) after trying 50 - 100 names.
    The spam service provider then sells the newly discovered names on one
    of those "Millions" CDs, and you just signed up to receive thousands of
    valuable offers... yeah, right.

    For '1' and '2' above - DON'T DO THAT!!!. '3' and '4' are normally a
    browser configuration - simple solution is to use an invalid address for
    this function. See
    For '5' - don't use windoze - or at least don't use outhouse express. For
    '6' - get better friends. For '7' you might be able to take legal action,
    but the usual answer is to get a better ISP/business/whatever. For '8' -
    obfuscate; this could mean using nicknames (as long as they aren't
    dictionary words), inserting numbers (though not using '1337 Sp34k' -
    that is, numbers in place of similar looking letters), or go whole hog
    and use a completely meaningless string of characters. Names _MUST_ begin
    with a letter, and consist of case insensitive letters and numbers only
    (though some providers may allow a few other characters like a dash,
    underscore, or '+'), but that's it. The names are not required to be
    meaningful, pronounceable, or even memorable (though you do make it hard
    on your correspondents if they are not at least slightly meaningful).

    Old guy
    Moe Trin, Jul 21, 2005
  14. Edw. Peach

    Edw. Peach Guest

    Thanks for all that information, Old Guy. I read that article. You
    had a mention that my browswer could be handing out my email address
    to anybody that asks. THAT interests me, but you did not give out
    further information.

    The address to which I am getting this mail is one that I have
    absolutely NEVER used. It's an account that my ISP originally set up
    for me when they switched me over from he old Excite broadband to this
    company. A few years ago the Excite broadband went bankrupt and the
    switchover to another broadband company was a bit confusing for a
    while. I only use this address as a sign-in address if I have to
    visit my ISP account. I have never, not even once, used it for any
    other purpose.

    I do not use IE.

    I am alert and careful about giving out my real email addresses.

    How will my browser hand out my address?
    Edw. Peach, Jul 21, 2005
  15. Edw. Peach

    Edw. Peach Guest

    No I'm not. Comcast.
    Edw. Peach, Jul 21, 2005
  16. Go through your browser's settings. If you see your e-mail address
    anywhere in the settings, delete it. Certain rogue scripting can
    cause some browsers to report the address contained in the settings.
    The Ghost of General Lee, Jul 22, 2005
  17. In my ancient copy of Macintosh Outlook Express, I use the "View Source"
    function to view the RFC2822 source of an e-mail without triggering any
    outbound HTTP requests.
    Lawrence D'Oliveiro, Jul 25, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.