The Register® — Biting the hand that feeds IT

Feeds

Common usernames get more spam

The use by spammers of dictionary attacks means those whose email address begins with a less common first character are liable to get less spam. Research by Richard Clayton of Cambridge University was initially reported as establishing that usernames beginning with A are likely to get more spam than those sporting a Z. Those …

This topic is closed for new posts.
Mike Crawshaw
Thumb Up

Zero Spam.

by having a long e-mail address which is punctuated with underscores. Each of the words is in the dictionary, but together they make an easily-remembered phrase.

e.g. (7-letter word)_(2-letter word)_(3-letter word)_(4-letter word)@somewhere.com

I get nada that ain't invited, and I can't believe it's down to wonderful filters.(It's Hotmail ferkrissakes....!)

NOTE TO REG STAFFERS WHO CAN SEE IT: THIS IS NOT AN INVITATION TO GIVE MY ADDRESS TO THE LADS FROM LAGOS!!!

Anonymous Coward
Thumb Down

Yet another...

... state the bloomin' obvious research paper.

Who would've thought that spammers could guess "john.smith@gmail.com" alot more easily than guessing "lucifer_von_beauforte_iii@gmail.com".

Andy

It's amazing -

If you don't use your email address for anything, you won't get spam. I have two addresses that I've not given out to more than a couple of friends, in person, and they've never received spam; they're easily-guessed addresses, too. I also discovered that simply using more HTML entities in one address I had publicly posted cut my spam by about 80-90%. Being careful about where you enter an email address (and preferably using a spam-catcher address for anything you have to sign up to on the internet, which has very strict filtering) really does work.

Oh, and by the way - Gmail has the best spam filtering I've come across in a free service. In several years I've only had 2 false positives, and as far as I can remember no spam has got through.

lansalot

err..

isn't it more likely that your ISP or mail server spots the influx of spam more readily as it moves through the alphabet/spam-run and closes the hole accordingly ?

One email to "albert" from a certain IP is less likely to raise an eyebrow than 10 similar ones to "albert", "betty", "charlie" etc...

Simple heuristics, no ?

steogede

crossword

>> (7-letter word)_(2-letter word)_(3-letter word)_(4-letter word)@somewhere.com

>>

>> I get nada that ain't invited, and I can't believe it's down to wonderful filters.(It's Hotmail

>> ferkrissakes....!)

Hmmm, let me think... Is it 'hotmail_is_the_dogs@hotmail.com'?

Anonymous Coward
Happy

@Mike Crawshaw

OHHHH hangman time, ideal sport on a friday afternoon:

(7-letter word)_(2-letter word)_(3-letter word)_(4-letter word)

I will guess at:

SCRUBER_IN_THE_BATH

Chris W

Re: Zero Spam

It's not that simple. If anyone you sent mail to automatically adds email address to their address book and they get scanned you can look forward to recieving loads of really nice offers.

Ian Ferguson
Thumb Down

Not convinced by this research

Shurely it's more to do with the commonness of the actual name, not the first letter? In the article it is argued that addresses beginning with P and M get more spam, because they are common letters for names to begin with. I would have thought it's the other way round - addresses with common names in get more spam, and addresses beginning with P and M get more spam as they are more likely to include a common name?

Mike Groombridge

my solution

i just created an email address for things i sign up to and it all goes there log in to it once in awhile to keep it live but that's about it i'm relativly spam free get one or two but they go to the junk mail folder so i'm good

Anonymous Coward
Alert

Bears and woods?

Surely this was common sense? Apart from email address I don't care much about, picking up junk and noddy forums, my important email addresses for online purchases and friends are a convoluted mess of letters and numbers, as most spammers are bl**dy lazy and you can see the spam headers showing you alphabetical hits and dictionary based name generation.

bluesxman
Coat

RE: Zero Spam.

Presumptuously assuming that everyone else has a Futurama fixation...

"Bending_in_the_Wind" ?

Andy

P-p-p

Postmaster begins with P. That must be why it gets so much spam.

-A.

Anonymous Coward
Anonymous Coward

@ AC

"Who would've thought that spammers could guess "john.smith@gmail.com" alot more easily than guessing "lucifer_von_beauforte_iii@gmail.com"."

Thanks a lot. Now that you've published my email address I can expect a load of spam. Thanks.

Lucifer Von Beauforte III

Peyton
Paris Hilton

Hmmm... not sure I get it

Does it really do any good to go after all the, say, 'P'eytons... it's not a common name. I think the researchers are oversimplifying, and are ignoring the viral aspect of spam, and the fact that spammers are often pretty smart. A more likely scenario would be if I have a common name, it's more likely to appear in someone's address book - and from there it's likely that it will get a dictionary of domains appended to it in brute force style spam (I've seen this happen when I was an email admin in a former life ;) Plus, that way you don't miss out on all the popular non-names... so if wow_druid@aol.com gets pulled from a compromised address book, wow_druid@gmail.com, wow_druid@hotmail.com, etc., will be tried and not overlooked.

Jolyon Ralph
Thumb Up

@mike

lobster_in_our_bath@hotmail.com

Am I close? Can anyone get closer? :)

Anonymous Coward
Anonymous Coward

Tee Hee

Just the thought that the spiders are scanning this article and harvesting everything with an @ symbol and adding it to the lists is making me chuckle.

The more dodgy addresses that get into the spam lists the better as far as I'm concerned. Just as long as president@whitehouse.gov and gbrown@gov.uk are there as well :o)

Nick

Well blow me down with a feather!

When hotmail.co.uk started I jumped in quick and picked up a couple of addresses which are my name. They pick up quite a few bits of spam even though I never got round to actually using them. Initials are just as popular.

Occasionally I take a peek to see what the spam-du-jour is and I noticed that the other thing that happens is that people randomly use that address when registering things or filling out forms. I sometimes reply if a real person then gets in touch, one of whom worked at a golf club and couldn't get his head around the fact that I was the wrong person.

I own a couple of spare domains so now everyone gets their own personalized version of my email address which is of the form:

prefix.theirname.randomnumber@mydomain.com

Anything without "prefix." at the start gets "User unknown" which stops most spambots forging random From: addresses at the domain.

If I do get spam then I know who to blame and I can block that address whilst only affecting one person.

The random number removes the guessability factor if you know the prefix.

Mike Crawshaw
Happy

@ Lots

You're all hideously wrong! Never mind, some of them were quite entertaining - especially the Futurama ref. I think some of you guys need to get yourselves on Countdown!

@ chrisw: I've had the address for years now, I guess people don't auto-add me to their books, or that they haven't been scanned - at least I haven't received spam as a result, either way. Maybe the spam lists can't handle the addy length? (19 chars before the @)

@ steogede: I could compare Hotmail to a lot of parts of a dog's anatomy, but none of 'em are complimentary.... I mainly use it for legacy reasons (had it for the best part of a decade, before GMail etc) and it's the address I use for a lot of forums etc - I'm just too lazy to change them all!

Anonymous Coward
Thumb Up

BoxTrapper

I tend to use my Hotmail account for registering with websites, then on my proper email account I use BoxTrapper, so unless I've added you as a friend, or new people have replied to the validation email. No Spam gets through my Inbox has remained spam free for the last few years.

Anonymous Coward
Linux

Aardvark

Anyone else here always use Aaron Aardvark as their system test user?

Anonymous Coward
Happy

Gmail

Gmail catches pretty much all the spam I get - plus all the forum post notifications / facebook spam / anything else I can't be arsed turning off on the actual site...

I also use the username+website@gmail.com thing so if I do actually get any spam I can see exactly who sold my address on and double check their privacy policy before setting the dogs of war loose on them :)

Anonymous Coward
Thumb Down

WTF @ Demon

More importantly WTF are Demon Internet playing at handing out details of e-mails to third parties? Surely this is breach of data protection

Jean-Francois Laforest
Dead Vulture

Barracuda Spam Firewall

Screw gmail, get yourself a barracuda in front of your mail cluster and you're good to go, virus / spam free.

We cut off about 96% of our mail traffic just by installing one... heck my mail server is sleeping.

Other solutions work, yet, having more complex names isn't even remotely useful in the near future, they'll just adapt.

Dr Patrick J R Harkin

So xqqjkl@zjjqxlbxx.com won't get any spam?

But he sends me so much!

Anonymous Coward
Anonymous Coward

Re: Barracuda Spam Firewall

You might end up with less spam - but I just wish they didn't bother bouncing spam that the SPF record fails (i.e. you bouncing a spam I never f**king sent)

john kent
Flame

Too Late..........

Guess it's too late to change my name. For now I'll just have to use a spam guard like SpamBully to keep myself from drowning in this stuff!

This topic is closed for new posts.