One spammer has managed to identify e-mail addresses on a “do-not-spam” list touted as secure, taking advantage of an obvious flaw with such lists and prompting critics to wonder what took so long.
“Do-not-spam” registries work by encouraging users to submit their e-mail addresses - Blue Security says it has 450,000. Before sending out a batch of messages, spammers are supposed to remove any addresses appearing on such lists.
The lists are generally encrypted so spammers can’t mine them for new addresses. Instead, spammers run their lists through an identical encryption algorithm, and the resulting fingerprints are compared. Spammers can then remove any matches.
But John Levine, co-author of “Fighting Spam for Dummies,” said spammers merely have to run their lists, see what’s been removed and compare that with the original to find out the addresses on the “do-not-spam” lists.
“It’s only a surprise that it took this long,” Levine said. More info…
