I feel like my Bayesian spam filter is winning the arms race against spammers, or at least making the filtering process managable. One of the side effects of having my mail presorted is that I can evaluate which of my email addresses are attracting the most attention. Over the past few months I’ve been watching this statistic very closely, and found that two addresses produce an overwhelming majority of my garbage: mit.edu and uchicago.edu. The irony there is that I never use either address. Where are they harvesting my email from? My best guess is finger.
While companies tend to use more sophisticated directory systems, most universities use finger as an open white pages for students, faculty and administration. In the stone age of the internet, it was ostensibly the only way to find a person’s email address, and it still remains as the most effective means of tracking down a user of an academic network. In most cases, all one needs is a first or last name and the university they work for. On most unix systems, simply typing email@example.com will return a list of entries in the host.edu database matching "name."
This is a veritable gold mine of data for spammers: current students that will be graduating at some point, starting families, and needing loads of xanax, valium and viagra to cope. All the spammer has to do to tap into the finger database is know a first or last name, query the server, and take the email address. Or, alternatively you can just finger all of the names, ranked in descending order of popularity thanks to the 1990 census statistics. Since Cameron is the 336th most common name, it’s no surprise that I’ve been getting a flood of email from my fingerable addresses.
MIT does provide one level of indirection by giving each user an alias, mine being C-marlow. If you turn around and finger C-marlow at mit.edu, MIT responds with all of my contact information. I am in no way a privacy pundit, I just don’t appreciate getting unsolicited email. At this stage in the game, it seems to me that finger must die. Schools that still want to provide a directory service should do it through a web email interface, obscuring the addresses of students and employees. Otherwise they threaten to render their email addresses useless by serving them up wholesale to spammers.
21 thoughts on “Spam finger”
What about your email address being in the “about” section of this website? I always thought spammers had crawlers going around on the web harvesting email addresses. That would be my best guess.
I hadn’t used my MIT address publicly until recently, and I take measures to obscure it from robot harvesters. This study has some good suggestions on how to keep your email on the web and avoid getting picked up.
My Chicago address, on the other hand, is a completely different matter. I haven’t used it in over 5 years and I probably get an order of magnitude more spam from it than any other address. It has never been on the web and I have never used it as a contact point for any online transactions. Plus, the spammers who use it seem to have much more information about me than with any other address: they know my full name and my last address in Chicago, both of which were available through finger at one point. If not for the fact that this email address is on some academic papers, I’d just stop reading it.
Considering the quality of the addresses one can get, I’m sure it’s a valuable resource for spammers, and I’d like to see universities in particular take some steps to ensure that it’s not being used.
More likely guess is “dictionary spamming.” Being that, like you said, your name is a common one, its on the list of usernames that spammers beat on SMTP servers with, getting back either a “OK send your message” or “User unknown..”, then trying the next one . . .
Disabling access to the finger service from external IP space may help.
Very interesting site. Hope it will always be alive!
Nice site! Thank you!
Great site. Good info
Great site. Keep doing.
Great .Now i can say thank you!
It is the coolest site,keep so!
Excellent site. It was pleasant to me.
Great work,webmaster,nice design!
K5McU, I really like your site! http://www.cj58h9fbtn.com 5yzt1
cool nice site
cerita sex kakak ipar
www cookcounty idoc com
biglietti invito conpleanno
rachael ray affair rumor
pictures of an inverted bob hairdo
mjr theaters brighton michigan
benni hanna ny
kapaz de la seirra
nguoidau khovn com
www wachovia com activate
fulton county jail inmates mugshots
big lokote lyrics hi power
interlocking hair weaves and styles
cook county sheriff department inmate search
modern bob haircut pictures
hoopz flava of love uncensored
pictures of razor cut a line bobs
nude pictures of buffie da body
ml in gallons
Unusual this publish is totaly unrelated to what I was searching google for, however it was listed around the very first web page. I guess your performing something right if Google likes you enough to place you around the first page of a non associated search.
Interesting read, ty.
You definitely know how to bring an issue to light and make it important. I cant believe youre not more popular because you definitely have the gift.