[time-nuts] 2

J. Forster jfor at quikus.com
Tue Oct 4 11:36:16 EDT 2011

I don't know how it's done, but I've asked some people who've had their
email addresses hijacked over the last year. It is clear that their
address books have been downloaded as well.

The answer I keep getting is "I joined LinkedIn or FaceBook recently".

Maybe the social networking sites provide an entry point. I don't know,
but there is a  positive correlation between them and email addresses
being hijacked by spammers.



> There has to be more to it than that.  Knowing a member's email
> address is not a key into the time-nuts (or yahoo) lists.
> For instance, if I spoof my return and from addresses to be the same
> as my time-nuts subscribed email address, and send a message to
> time-nuts at febo.com from one of my non-subscribed email servers, it
> gets dutifully ignored.  It came from the wrong email account on the
> wrong server.
> The simple Occam's Razor style answer, in my opinion, is the hijacked
> user's PC has been breached by a typical Windows PC trojan horse
> spambot program, and is spewing out spam emails through the hijacked
> user's PC's email program.
> Right?
> -Chuck Harris
> J. Forster wrote:
>> I own/moderate a number of Groups with>10,000 members total and I see
>> about one of these a day.
>> In most cases, the hijacker gets the victim's email address via a social
>> media site. Apparently what happens is that when people sign up, the
>> site
>> grabs your address book unliss you are savvy enough to explicitly
>> opt-out.
>> When this happens, you can essentially kiss that email address goodbye.
>> -John

More information about the time-nuts mailing list