On Sun, 16 Jan 2000 16:36:55 -0500, Edward Reid <edward@paleo.org>
wrote:
> At 3:02 PM -0500 01/16/00, D. Kirkpatrick wrote:
>> I set up a web-based address for responses and questions to my FAQ
>> [...] I find that when I access that account, it can have 90 or
>> more messages that are nothing more than SPAM.
> It continues to amaze me that some of us get so much more spam from
> posting FAQs. I suppose if someone were to conduct a survey of FAQ
> posters, perhaps we could get an answer, but I don't have any reason
> to need to know other than curiosity. My total spam volume is much
> less than what DMK reports for his FAQ address alone, and I've seen
> even higher figures in the past.
Here are some statistics.
era@iki.fi is what I normally use in From: headers nowadays. It has
been used in the clear on Usenet for several years. The FAQ pointer
(comp.mail.misc, news.admin.net-abuse.email -- no *.answers [yet])
gets posted from era+i@iki.fi and contains era+pr@iki.fi in the text
(as does the FAQ, which is a web page, itself).
Iki is in fact a forwarder which points to reriksso@cc.helsinki.fi;
various other addresses at the University of Helsinki have been used
on Usenet and in mail in the past, and are still visible as the
envelope sender of mail I send out.
era+pr era+i r@cc.h r@*.h era+* era
35 131 2972 722 33 1673
This is the number of occurrences in spams, not number of spams. It
includes all headers, even Received: headers, so some of this is
intermediate delivery information -- in particular, all the Iki ones
are subsumed in the high count for reriksso@cc.helsinki.fi (whereas
the plain "era" count should not include era+pr and era+i). Some spams
contain several addresses and/or hundreds of occurrences of my
address. But the proportions should be more or less representative.
FWIW, there are a mere 2716 spams in my collection. I started
collecting spam in May 1997 and the archive basically contains all the
spam I have received at these addresses.
Based on this limited sample, I would perhaps conclude that FAQ
addresses in particular aren't very frequently harvested, although it
does happen. But in my experience, spam victims see very different
pictures, because in the end, a single address list -- no matter how
it was produced -- might get used for a single spam, or it could live
on for many years and be used in thousands of spam runs.
Incidentally, the remaining era+something are from the address I use
when testing for open relays (which might also have been included in
reports of open relays, to mailing lists, although I have tried to
avoid that); the addresses I use on NoCeM notices; the address I use
when sending certain spam complaints (duh!); and a couple of
experimental addresses which were used specifically as spam bait.
/* era */
-- Too much to say to fit into this .signature anyway: <http://www.iki.fi/era/> Fight spam in Europe: <http://www.euro.cauce.org/> * Sign the EU petition
This archive was generated by hypermail 2b29 : Sat Aug 05 2000 - 12:25:31 CDT