The use by spammers of dictionary attacks means those whose email address begins with a less common first character are liable to get less spam. Research by Richard Clayton of Cambridge University was initially reported as establishing that usernames beginning with A are likely to get more spam than those sporting a Z. Those …
by having a long e-mail address which is punctuated with underscores. Each of the words is in the dictionary, but together they make an easily-remembered phrase.
e.g. (7-letter word)_(2-letter word)_(3-letter word)_(4-letter word)@somewhere.com
I get nada that ain't invited, and I can't believe it's down to wonderful filters.(It's Hotmail ferkrissakes....!)
NOTE TO REG STAFFERS WHO CAN SEE IT: THIS IS NOT AN INVITATION TO GIVE MY ADDRESS TO THE LADS FROM LAGOS!!!
... state the bloomin' obvious research paper.
Who would've thought that spammers could guess "email@example.com" alot more easily than guessing "firstname.lastname@example.org".
It's amazing -
If you don't use your email address for anything, you won't get spam. I have two addresses that I've not given out to more than a couple of friends, in person, and they've never received spam; they're easily-guessed addresses, too. I also discovered that simply using more HTML entities in one address I had publicly posted cut my spam by about 80-90%. Being careful about where you enter an email address (and preferably using a spam-catcher address for anything you have to sign up to on the internet, which has very strict filtering) really does work.
Oh, and by the way - Gmail has the best spam filtering I've come across in a free service. In several years I've only had 2 false positives, and as far as I can remember no spam has got through.
isn't it more likely that your ISP or mail server spots the influx of spam more readily as it moves through the alphabet/spam-run and closes the hole accordingly ?
One email to "albert" from a certain IP is less likely to raise an eyebrow than 10 similar ones to "albert", "betty", "charlie" etc...
Simple heuristics, no ?
>> (7-letter word)_(2-letter word)_(3-letter word)_(4-letter word)@somewhere.com
>> I get nada that ain't invited, and I can't believe it's down to wonderful filters.(It's Hotmail
Hmmm, let me think... Is it 'email@example.com'?
OHHHH hangman time, ideal sport on a friday afternoon:
(7-letter word)_(2-letter word)_(3-letter word)_(4-letter word)
I will guess at:
Re: Zero Spam
It's not that simple. If anyone you sent mail to automatically adds email address to their address book and they get scanned you can look forward to recieving loads of really nice offers.
Not convinced by this research
Shurely it's more to do with the commonness of the actual name, not the first letter? In the article it is argued that addresses beginning with P and M get more spam, because they are common letters for names to begin with. I would have thought it's the other way round - addresses with common names in get more spam, and addresses beginning with P and M get more spam as they are more likely to include a common name?
i just created an email address for things i sign up to and it all goes there log in to it once in awhile to keep it live but that's about it i'm relativly spam free get one or two but they go to the junk mail folder so i'm good
Bears and woods?
Surely this was common sense? Apart from email address I don't care much about, picking up junk and noddy forums, my important email addresses for online purchases and friends are a convoluted mess of letters and numbers, as most spammers are bl**dy lazy and you can see the spam headers showing you alphabetical hits and dictionary based name generation.
RE: Zero Spam.
Presumptuously assuming that everyone else has a Futurama fixation...
Postmaster begins with P. That must be why it gets so much spam.
"Who would've thought that spammers could guess "firstname.lastname@example.org" alot more easily than guessing "email@example.com"."
Thanks a lot. Now that you've published my email address I can expect a load of spam. Thanks.
Lucifer Von Beauforte III
Hmmm... not sure I get it
Does it really do any good to go after all the, say, 'P'eytons... it's not a common name. I think the researchers are oversimplifying, and are ignoring the viral aspect of spam, and the fact that spammers are often pretty smart. A more likely scenario would be if I have a common name, it's more likely to appear in someone's address book - and from there it's likely that it will get a dictionary of domains appended to it in brute force style spam (I've seen this happen when I was an email admin in a former life ;) Plus, that way you don't miss out on all the popular non-names... so if firstname.lastname@example.org gets pulled from a compromised address book, email@example.com, firstname.lastname@example.org, etc., will be tried and not overlooked.
Am I close? Can anyone get closer? :)
Just the thought that the spiders are scanning this article and harvesting everything with an @ symbol and adding it to the lists is making me chuckle.
The more dodgy addresses that get into the spam lists the better as far as I'm concerned. Just as long as email@example.com and firstname.lastname@example.org are there as well :o)
Well blow me down with a feather!
When hotmail.co.uk started I jumped in quick and picked up a couple of addresses which are my name. They pick up quite a few bits of spam even though I never got round to actually using them. Initials are just as popular.
Occasionally I take a peek to see what the spam-du-jour is and I noticed that the other thing that happens is that people randomly use that address when registering things or filling out forms. I sometimes reply if a real person then gets in touch, one of whom worked at a golf club and couldn't get his head around the fact that I was the wrong person.
I own a couple of spare domains so now everyone gets their own personalized version of my email address which is of the form:
Anything without "prefix." at the start gets "User unknown" which stops most spambots forging random From: addresses at the domain.
If I do get spam then I know who to blame and I can block that address whilst only affecting one person.
The random number removes the guessability factor if you know the prefix.
You're all hideously wrong! Never mind, some of them were quite entertaining - especially the Futurama ref. I think some of you guys need to get yourselves on Countdown!
@ chrisw: I've had the address for years now, I guess people don't auto-add me to their books, or that they haven't been scanned - at least I haven't received spam as a result, either way. Maybe the spam lists can't handle the addy length? (19 chars before the @)
@ steogede: I could compare Hotmail to a lot of parts of a dog's anatomy, but none of 'em are complimentary.... I mainly use it for legacy reasons (had it for the best part of a decade, before GMail etc) and it's the address I use for a lot of forums etc - I'm just too lazy to change them all!
I tend to use my Hotmail account for registering with websites, then on my proper email account I use BoxTrapper, so unless I've added you as a friend, or new people have replied to the validation email. No Spam gets through my Inbox has remained spam free for the last few years.
Anyone else here always use Aaron Aardvark as their system test user?
Gmail catches pretty much all the spam I get - plus all the forum post notifications / facebook spam / anything else I can't be arsed turning off on the actual site...
WTF @ Demon
More importantly WTF are Demon Internet playing at handing out details of e-mails to third parties? Surely this is breach of data protection
Barracuda Spam Firewall
Screw gmail, get yourself a barracuda in front of your mail cluster and you're good to go, virus / spam free.
We cut off about 96% of our mail traffic just by installing one... heck my mail server is sleeping.
Other solutions work, yet, having more complex names isn't even remotely useful in the near future, they'll just adapt.
So email@example.com won't get any spam?
But he sends me so much!
Re: Barracuda Spam Firewall
You might end up with less spam - but I just wish they didn't bother bouncing spam that the SPF record fails (i.e. you bouncing a spam I never f**king sent)
Guess it's too late to change my name. For now I'll just have to use a spam guard like SpamBully to keep myself from drowning in this stuff!
- Xmas Round-up Ten top tech toys to interface with a techie’s Christmas stocking
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- NSFW Oz couple get jiggy in pharmacy in 'banned' condom ad
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination