Email addresses?

[rancid badger]

Okay; I'm only going to ask this question, if you all promise not to laugh first.

Okay?

Right then, straight at it; is there any truth in the "urban myth" that email addresses can be read by mailicous software, scanning pms?

I never write down my full email address in pm's or elsewhere; for example:

dogmess@flimflam.co.uk ( NOT my real address by the way!)

(I notice that anything written as above, is automatically recognised as an email address?!?!)

rather; I write it thus:

dogmess AT flimflam.co.uk

leaving the recipient to insert the correct symbol.

Is this true or have I been misinformed?

As I say; please don't laugh!

atb

R.B.

 

[Shewie]

I don't think they'll be able to see the PMs but I wouldn't do it on the forums.

I expect there are a few kicking about which could potentially do it but it's up to admin to keep on top of there AV patches.

Interested to hear the official answer though

 

[Nagual]

Never heard of something scanning PMs. For that to happen, the hacker would have to gain access to the websites servers, I don't know how PMs are stored, probably encrypted so there is another hurdle for the hacker. The other way would be for a hacker to hack your account, but then that is something that you'd notice.

I've heard of bots scanning forums and web sites for email addresses, although this is certainly possible, I do question the likelyhood. Computers with software that generates email addresses and what not would not be too hard to create and just let it pump out '000s of them.

 

[Wayland]

When I first started using a photographic forum a few years ago I was a bit naive and I put an e-mail address in a thread.

I was quickly advised against it and removed it the next day.

To this day I still get a lot of spam addressed to that e-mail box and I've never used that address elsewhere.

 

[ged]

Never heard of something scanning PMs. For that to happen, the hacker would have to gain access to the websites servers

Unfortunately this is not true. The private messaging system does not use secure communications (SSL, as would be evidenced by URIs which start "https" instead of just "http"). So anyone with access to any of the (probably over a dozen) routers between you and the server can read ALL your communications with the server.

I don't know how PMs are stored, probably encrypted

No reason to suppose that. Encryption puts a large load on the server. It could easily just be raw text. It is stored in a database, which adds more security concerns because of the way the Web server software interfaces with the database. Things like "SQL injection" which basically means getting the Web server to do your hacking for you.

I've heard of bots scanning forums and web sites for email addresses, although this is certainly possible, I do question the likelyhood.

It's nearer certain than likely.

Computers with software that generates email addresses and what not would not be too hard to create and just let it pump out '000s of them.

Not sure what this is saying.

To the OP:

There are many, many very highly skilled people out there who spend all their waking hours trying to find new email addresses for criminal purposes. On a typical day my firm sees ten thousand attempts to send criminal email to its servers. Don't give them any more than you have to. Obscuring email addresses is a start, but there is software Out There which can cope with the simple obfuscation schemes you describe, and even makes a point of looking for them.

 

[rancid badger]

Thanks for not laughing, I wasn't too keen to ask to be honest!

Seems to be quite an interesting issue mind you and I too, await the official verdict on this.

Regardless; I'm going to keep doing it my way:theyareon

cheers all

R.B.

 

[Nagual]

Unfortunately this is not true. The private messaging system does not use secure communications (SSL, as would be evidenced by URIs which start "https" instead of just "http"). So anyone with access to any of the (probably over a dozen) routers between you and the server can read ALL your communications with the server.



No reason to suppose that. Encryption puts a large load on the server. It could easily just be raw text. It is stored in a database, which adds more security concerns because of the way the Web server software interfaces with the database. Things like "SQL injection" which basically means getting the Web server to do your hacking for you.



It's nearer certain than likely.



Not sure what this is saying.

To the OP:

There are many, many very highly skilled people out there who spend all their waking hours trying to find new email addresses for criminal purposes. On a typical day my firm sees ten thousand attempts to send criminal email to its servers. Don't give them any more than you have to. Obscuring email addresses is a start, but there is software Out There which can cope with the simple obfuscation schemes you describe, and even makes a point of looking for them.

Thanks for the systematic destruction of my post, not sure why you felt the need to do that, a simple statement to say you felt otherwise would have been fine. I don't nor ever have claimed to be a systems expert, RB was asking for thoughts, I gave mine. How would you like it for your answers to be ripped apart for no reason? And yes I am slightly peeved at the way you did it.

 

[ged]

Thanks for not laughing, I wasn't too keen to ask to be honest!

There's no need to be embarrassed about asking for information on a forum like this. That's what it's for. There might well be better places to ask, but a typical forum user can't be expected to know that this forum uses the vBulletin software:

http://www.vbulletin.com/docs/html/main/install

Seems to be quite an interesting issue mind you and I too, await the official verdict on this.

There isn't usually anything 'official' about any of this. But what I tell you one time is true.

Regardless; I'm going to keep doing it my way

Whatever you do, be careful.

If it's important to you that your own email addresses are visible on public documents then it's perfectly reasonable to publish it in an obscured fashion. It's up to you how you feel about getting contacts which might turn out to be unwelcome. But be aware that people have been murdered by people with whom they have made contact using the Internet. For email addresses owned by others you should at least seek permission from the owner before publication, although I would recommend that you do not publish anyone else's email address under any circumstances.

Because email addresses can so easily be harvested by spammers (and subsequently made available to half the criminals on the planet) at best it is very rude to publish the email addresses of others without their permission. At worst you might be putting someone in danger.

Incidentally, the domain of the email address that you made up as an example in your original post is actually owned by someone. As it happens they're 'domain squatters' who are considered by some to be the lowest of the low, so I don't think anyone will be getting very excited about it. But in future, the correct domain to use for examples like that is 'example.com' because IANA has reserved it for that purpose.

 

[ged]

Thanks for the systematic destruction of my post, not sure why you felt the need to do that ... How would you like it for your answers to be ripped apart for no reason? And yes I am slightly peeved at the way you did it.

I apologize. It was not my intention to offend. I think it's important to avoid making statements that you can't substantiate, so perhaps I tend to go a little too far in my explanations. But you're wrong about there being no reason. Some of your statements were incorrect, and I didn't understand one of them at all. Security on the Internet is not something which should be treated lightly. Every day in my working life I see how it is all to easy to disclose information unwittingly, and as I have explained the results can be very serious.

Again, this is not personal and I have no wish to offend. But I know exactly how all this stuff works (I build, sell, own, operate and maintain mail servers, Web servers, file servers, workstations, computer networks, firewalls etc. for both my own businesses and for customers' businesses) and I won't knowingly let guesswork take the place of the facts.

"This is not a toy."

 

[Nagual]

I apologize. It was not my intention to offend. I think it's important to avoid making statements that you can't substantiate, so perhaps I tend to go a little too far in my explanations. But you're wrong about there being no reason. Some of your statements were incorrect, and I didn't understand one of them at all. Security on the Internet is not something which should be treated lightly. Every day in my working life I see how it is all to easy to disclose information unwittingly, and as I have explained the results can be very serious.

Again, this is not personal and I have no wish to offend. But I know exactly how all this stuff works (I build, sell, own, operate and maintain mail servers, Web servers, file servers, workstations, computer networks, firewalls etc. for both my own businesses and for customers' businesses) and I won't knowingly let guesswork take the place of the facts.

"This is not a toy."

I'll all in favour of correct information being pass around Ged, but you came across as patronising and a little too willing to put others down. As with all things none of us are born with knowledge, we learn it as we go.

"This a IMB T23 and if it's lucky could be used as a toy not a paper weight"

 

[Harley]

I'll all in favour of correct information being pass around Ged, but you came across as patronising and a little too willing to put others down.

Ged was simply correcting your incorrect assertions, one thing about the internet I have yet to become accustomed to is frequent forum users getting the hump because someone with a lower post count dare point out that what they have stated is incorrect?

 

[sapper1]

This could get interesting.

 

[Tony]

This could get interesting.

Hopefully not, well, unless it's about the subject i the OP

From our point of view it's how Ged has described it. Emails are generally hidden away unless you post them up on the forums, this avoids most issues with people getting hold of them to spam them. the trouble is so much time and money goes into discovering emails by bad people it's practically impossible for a site like ours to secure everything completely with packets of information flying around all over the world to different people, machines, through servers that we don't know about etc etc. So prudence is best. I don't post some email addresses and some I do, those that we use regularly get hundreds of spam emails a day and i've got software to filter them out before I let anything on my pc. In PM's I do give emails to people but it makes sense to change it a bit so it's that little bit harder to pick up.
because of the nature of the web it leaves lots of vulnerabilities, always be cautious.

 

[ged]

... all in favour of correct information being pass around Ged, but you came across as patronising and a little too willing to put others down.

It's just culture shock I think. Like giving a firm handshake in Turkey. Over there, it's rude.

You're right to criticize my style, and I have tried to improve it -- with dismal results. The 'forum' concept is still new to me. For many years I've used what we call 'mailing lists' to exchange technical information about computer systems and similar. The way it works is that (1) anyone who is interested adds an email address to the 'list' (2) when any of those people send a mail to the list address, everybody on the list gets that email. There can be thousands of addresses on the list, so naturally if you aren't concise things can quickly get out of hand. After more than once being publicly pilloried personally by hundreds of people for not doing it the 'mailing list way', you develop an instinct for self preservation and use the style that seems to cause the least aggravation. So I still tend do things the 'mailing list way', which looks like what you saw. You edit text for brevity if you can. When you reply to a point, you quote the point and then put the reply immediately beneath the point so that someone who gets the mail can get the gist of the conversation from that one message without having to ransack the archives (very time-consuming) to find out what it's about. You're not 'taking apart' anything, you're just replying to it. Your reply might be nothing more than a single hypertext link and then you move on to the next message. It is less chatty, and more impersonal, and people who aren't used to it can feel it's rude or insulting which isn't the intention. The funny thing is if you're on a mailing list, people tell you you're being rude if you're personal and too chatty, and it's common to see newcomers to mailing lists feeling 'got at' when it's just that they're not used to the way things are done.

Well, again, I'm sorry, and I'll continue to try to to better. Please be assured that all I'm trying to do is to help, and when it comes to this kind of thing I can help a lot more than I can with skinning a rabbit.

This could get interesting.

Hopefully not, well, unless it's about the subject i the OP

Agreed, let's keep it on topic.

 

[rancid badger]

Quote by Ged

Well, again, I'm sorry, and I'll continue to try to to better. Please be assured that all I'm trying to do is to help, and when it comes to this kind of thing I can help a lot more than I can with skinning a rabbit.


I got where Ged was coming from but at the same time, it did appear to be a bit "stampy"? ( my phrase, I'm not articulate enough to think of anything more suitable, at least without assistance)

The thing is; He's apologised and as we all know, sometimes that doesn't happen, then all sorts of drama ensues

So well done to Ged for that,
as well as what would seem to be good info, if a bit scary!:yikes:

So basically; I'll continue as I was

Thanks all

kind regards

R.B.