Dela via

Publicly available spam tool

  • Artikel

A colleague alerted me to a spamming tool available on the web at the following web URL:

https://verify-email. org

It's a page that allows someone to enter in an email address and it will tell you whether or not that email address is live.  In essence, this is the non-techy spammer way of checking for a valid RCPT TO address in the SMTP command.  If it comes back positive, the email address is live, and if it comes back negative, the email address is not and therefore the spammer can remove it off their list.

How do I know it's a spam tool?  Well, besides thinking of almost no legitimate uses for this web tool, the WHOIS information is suspicious.  The registrant lives in Moldova but has a phone number registered to a North American address.  Even if he screwed up and meant Maryland, the area code resolves to no actual area code in the United States.

The site was created in July, so it's fairly new.  This in itself is not the clincher but combined with everything else, I think we can be rest assured that a spammer set up this page in order for himself (and possibly other spammers, I can't imagine why) to verify his spamming lists.

Comments

  • Anonymous
    October 15, 2007
    PingBack from http://www.artofbam.com/wordpress/?p=8826

  • Anonymous
    October 15, 2007
    The comment has been removed

  • Anonymous
    October 15, 2007
    > and if it comes back negative, the email address is > not and therefore the spammer can remove it off > their list. Huh?  Why would a spammer ever bother removing an old dead e-mail address from their list?  It's not as though the spammer had to pay for bounces. In the late 1990's I happened to glance at the SMTP log of a machine that I had used in the early 1990's, and noticed a bunch of spams addressed to an address that I had had in the early 1990's.  Obviously the bounces went to forged "from" addresses, helping irritate any of those victims whose addresses were still live. However, this spam tool could still be useful in searching for new e-mail addresses to add to a list.  I wonder if the occasional spates of received 0-length e-mails with partial headers had come from that tool. > phone number registered to a North American address [...] > resolves to no actual area code in the United States Umm, last I recall, there used to be some North American addresses whose area codes weren't in the United States...

  • Anonymous
    October 15, 2007
    The comment has been removed

  • Anonymous
    October 16, 2007
    > Huh?  Why would a spammer ever bother removing an > old dead e-mail address from their list?  It's not > as though the spammer had to pay for bounces. Sending mail to live addresses makes sense for the spammer.

  1. You have to send out fewer mails.  Less mails means less chance of detection.
  2. You can append multiple good lists together, they can command a higher premium in the underground economy.

  • Anonymous
    October 16, 2007
    The comment has been removed

  • Anonymous
    October 17, 2007
    Since there's been no more news, today I took the risk of looking at the site itself.  Just by looking at the site itself there isn't any way to prove whether it's honest or not, but I didn't see any obvious problem with it.  Furthermore they conduct sales through a partner located in the US.  The US has its share of operations like "Russian Business Network", or maybe more than its share, but still this one doesn't look obviously suspicious. I tried two experiments with e-mail addresses which I think probably don't exist.  In one case, a very famous multinational spam operator (a big famous spam provider in both Japan and the US) confirmed that the queried address doesn't exist.  In the other case, a big famous ordinary company, which I have not observed any problems with, confirmed that the queried address exists!  I'm guessing that the latter company probably gives a positive answer to everything in order to avoid assisting spammers.

  • Anonymous
    October 18, 2007
    The same day Terry and I discussed this site, I created a new email address specifically to test it. Since then, I've received 11 spams at that address in three days, all through zombies, and all from some nice folks who want to help me sell my timeshare or give me a payday advance. As if we needed any further evidence, he's also selling the PHP script that runs it for only $24.95. The Buy Now link takes you to a buy page at plimus.com, and informs you that for support issues regarding Email Verification PHP Script, you should write to contacts@email-unlimited.com (AKA Live Software, author of various bulk emailing products). One of the touted features of their software is "Send 30000 emails weekly and never be convicted of spamming." Any further questions? <g>

  • Anonymous
    October 18, 2007
    > Since then, I've received 11 spams at that address > in three days By itself that doesn't mean much. When I created a Yahoo US e-mail account, but had not used it yet, it started off with two spams in its inbox.  Therefore I never even started using it for its intended purpose as a regularly used e-mail accout, though now I occasionally use it for some other purpose. Your other paragraphs are pretty informative though.