To: WSFAlist at keithlynch.net
Date: Fri, 21 Jun 2002 01:49:28 -0400
Subject: [WSFA] spam, spam, and more spam
From: ronkean at juno.com
Reply-To: WSFA members <WSFAlist at keithlynch.net>

On Thu, 20 Jun 2002 21:42:23 -0400 Ted White <tedwhite at compusnet.com>
writes:

> Some of the spam I get has, in its list of recipients, variations on
> my name
> and e-address.  Makes me wonder if addresses are being
> computer-generated,
> rather like its equivilent, telemarketer phone calls, uses
> computer-generated
> phone numbers.  (Try every possible number in an exchange.  Among
> other
> things, you get through to the "unlisted" numbers that way.)
>

I, too, have noticed that, but I doubt very much that spammers
auto-generate addresses, or at least that those who did would not find it
to be effective, if they simply try all possible combinations of allowed
characters in known popular domains.  With phone numbers there are less
than 8 million possible numbers per area code, and if one generates phone
numbers using only known good area codes and exchanges, the success rate
will be about 50%, which is pretty good, considering, as you say, that it
will pick up unlisted numbers as well.

With email addresses, there are about 38 allowed characters, so 5
character email addresses within one domain would number some 80 million,
6 character addresses 3 billion, and 10 character addresses over 6,000
trillion.  Clearly, the success rate would be way too low with that
technique, except perhaps for user names of four characters or less in
popular domains.

If they took a list of known addresses with a validity rate of 50% (about
average for harvested addresses, I think), and then applied the user
names stripped from those addresses to popular domains such as aol,
yahoo, hotmail, earthlink, etc. then the validity rate of the generated
addresses would be much higher, possibly 10%, at a guess.  I don't know
that that would be a high enough rate to justify using that method, since
it would be only one fifth the validity rate of harvested addresses.

One wrinkle is that since most spammers are crooks, it may be that the
address lists they generate for sale to other spammers are adulterated
with lots of automatically generated addresses, since those are much
cheaper to get than harvested addresses, and the dishonest sellers would
not care that the validity rate is low, so long as they get paid for the
list.

Ron Kean

.

________________________________________________________________