AddressBook Harvested: Likely Mechanism?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
+ User FidoNet address: 1:3634/12
 On Thu, 09 Oct 2014, PeteCresswell wrote to All:

 P> Per David H. Lipman:
 DHL>*  Always use the BCC field when emailing a number of recipients or
 DHL>using a Distribution List (aka; D-List)

 P> I always assumed that was Good Practice just on the basis of not
 P> throwing around people's email addresses in the open... but now that
 P> I'm thinking about it, wouldn't the BCC list be just as easy to
 P> extract from an intercepted email as would any other field?

other than on the originating machine, the BCC only exists for the envelope of
the message... it is not stored anywhere else with the message thus the reason
for the 'B' meaning 'Blind'...

so it works like this... when the messages are being packaged to be sent to the
remote SMTP server(s), each BCC entry has its own envelope created with the
published fields and a copy of the message... BCC is not a published field...
the envelope with the message is sent to the remote server handling mail for
that BCC entry... when the server receives the envelope and message, it
processes it and throws away the envelope while placing the message in the
destination's mailbox... transitory servers read the envelope and pass it on to
the next server with the message...

that's a pretty simple explanation but it is also fairly accurate ;)  

)\/(ark
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com


Re: AddressBook Harvested: Likely Mechanism?

"David H. Lipman" wrote:
  
Quoted text here. Click to load it

Would spam be sent to addressbook targets via the comprimized webmail
account (using stolen credentials) and hence a copy of the spam might
(still) be present in the Sent folder - or Trash folder?

AddressBook Harvested: Likely Mechanism?

+ User FidoNet address: 1:3634/12.71
On Fri, 10 Oct 2014, Virus Guy wrote to All:

Quoted text here. Click to load it

 VG> Would spam be sent to addressbook targets via the comprimized
 VG> webmail account (using stolen credentials) and hence a copy of the
 VG> spam might (still) be present in the Sent folder - or Trash folder?

spams might be sent via the compromised account but it is unlikely in this day
in time that evidence of them will appear in the sent or trash folder... why?
because they are sent via another mechanism that doesn't use those utilities...

)\/(ark

If you think it's expensive to hire a professional to do the job, wait until
you hire an amateur.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ The FidoNet News Gate (Huntsville, AL - USA)        +
+ The views of this user are strictly his or her own. +
+ All data is scanned for malware by Avast! Antivirus +
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com


Re: AddressBook Harvested: Likely Mechanism?

Per David H. Lipman:
Quoted text here. Click to load it

Yes... but how is it hidden besides not being rendered in the reader?

i.e. The bits have to be there in the message... or do they?   Maybe the
email client at Send time sees "BCC" and fires off a separate message
for each person in the BCC list?
--  
Pete Cresswell

Re: AddressBook Harvested: Likely Mechanism?

On 2014-10-11 10:47 AM, (PeteCresswell) wrote:
Quoted text here. Click to load it

They exist at your end. AFAIK, the local server addresses each message  
individually. If all recipients are BCC, then the From will show  
"Undisclosed recipients" or something similar. I usually send a copy to  
myself as "Wolf's short list" or something like that. This will show in  
every recipient's mail.

HTH

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Re: AddressBook Harvested: Likely Mechanism?

Quoted text here. Click to load it

Thanks.   And my apoligies for my earlier post asking the same question
again - which I made before reading this.
--  
Pete Cresswell

Site Timeline