Jump to content

Email Addresses Harvested From Geocaching.com Site

dinobalz

By dinobalz
in Website

Followers 4

Recommended Posts

dinobalz

+dinobalz

Posted
Posted

Today I received my first UCE (SPAM) sent to my unique geocahcing.com email address. The email address is used only for this site, and the UCE came from a mass mailer, so I'm quite sure it was harvested.

 

Now before everyone starts ranting and flaming me, I know I can turn off making my email address visible to prevent this. That's fine, except I want other geocachers to be able to see my email address, and have the option of emailing me directly instead of through Groundspeak's servers if they so choose.

 

A solution that comes to mind is adding an option to use the ROT13 encryption to mask email addresses and allow users viewing a profile to decrypt it. That should be enough to thwart most automated email harvesters.

 

Waddaya think?

Link to comment
Gremalkin

+Gremalkin

Posted
Posted (edited)

I received 2 spam messages this morning to my gmail account. I only use this account for geocaching.com, and my e-mail address is hidden from users. (Although I have sent it to a couple of people on geocaching.com with an e-mail)

 

I figured someone did a mass mailing of gmail accounts. Hopefully I won't get any more.

 

Edit to add that I really don't know anything about harvesting e-mail or ROT13 encyrpting so I can't really comment there. :-)

Edited by Gremalkin
Link to comment
Cheminer Will

+Cheminer Will

Posted
Posted

Once you get a couple, it just seems to build. It's sad. It's amazing to me that enough people respond to make it worth while to the spammers. The only solution I have found is to change email addresses a couple times a year which I don't like to do. Now I just deal with getting 10 or 20 spams for every legitimate email.

 

Anyone use a spam blocker that really works?

Link to comment
M-T-P

+M-T-P

Posted
Posted
I received 2 spam messages this morning to my gmail account. I only use this account for geocaching.com, and my e-mail address is hidden from users. (Although I have sent it to a couple of people on geocaching.com with an e-mail)

 

I figured someone did a mass mailing of gmail accounts. Hopefully I won't get any more.

 

Edit to add that I really don't know anything about harvesting e-mail or ROT13 encyrpting so I can't really comment there. :-)

I can also confirm this about the gmail SPAM. I have two gmail accounts that I use for public things like geocaching. However, I have another one that only I use for internal gmail testing purposes and has never been posted on the web or given to anyone or even used to send messages outside of gmail itself. All three of these accounts (two public, and one private) got the same two or three SPAM messages.

Link to comment
sTeamTraen

+sTeamTraen

Posted
Posted (edited)

My daughter Joanna used to get spam at an address jojo@domain.net, which she had never given out. Turned out the spammers were trying every possible 4-letter combination in front of the @.

 

Since we started using Greylisting at my place of work, spam has dropped by more than 90%. I would suggest you encourage your ISP to implement it - it's more or less risk-free in terms of losing "real" mails.

 

Concerning the OP: if your e-mail address has ever been used to send you an e-mail from a Windows-based PC, it may well have been harvested by one of the many viruses which scan the whole disk - not just the mail program address book - looking for anything that looks like an e-mail address which it can use. In other words, if anyone has /a/ used your address and /b/ caught a virus, your e-mail address is "out there".

Edited by sTeamTraen
Link to comment
StarBrand

+StarBrand

Posted
Posted

For popular accounts like gmail, yahoo, hotmail, aol etc..... It is relitively easy to try every possible combination of letters in front of the @ until something gets through. As a administrator for a few internet domains, I have seen this happen even on small little backwater domains.

 

If any of the people you sent email to forwarded your email and then that got forwarded - etc etc etc - that is a common way for spammers to get addresses.

 

Try an experiment - open a gmail account and never give it to ANYBODY. You never send it anything either. Wait about 1 year and it will most likely be getting some spam messages. Just happens.

 

Unless somebody actually was flipping from page to page manually - it would be most difficult to automatiucally "harvest" emails from gc.com

 

Technologies like greylisting and challenge/response systems, filters and scanners greatly reduce unwanted email but they are all reactionary to SPAM and thus the good guys are always a step or 2 behind the bad guys.

Link to comment
BigFurryMonster

+BigFurryMonster

Posted
Posted
Anyone use a spam blocker that really works?

Sadly, Gmail's filter does not work too well if you're unlucky with the particular spam you're getting.

 

Popfile is a very good client-side filter, mostly because it learns from your preferences. It's free, too.

 

I use an account at the Spamcop online service to weed out most of my spam. Come to think of it, I didn't receive any spam in the last two weeks or so.

Link to comment
Glenn

+Glenn

Posted
Posted

I have a registered a domain name. I have email set up for it and a catch all email address. I get spam all the time sent to users that have never existed on domain.

 

It is equivalent to telemarketer practice of calling 555-0001, then 555-0002, then 555-0003, etc.

 

For the record I have an email address I use solely for geocaching.com. It has never received any spam. It is not hosted at any of the free email site. I have it blocked from view in my geocaching.com profile. No one has ever had any trouble emailing me through my profile. When I respond to their email I do it through their profile.

Link to comment
Zzyzx Road

+Zzyzx Road

Posted
Posted

I use two email addresses. One for serious important things, and a Yahoo address for the signups and other less necessary things.

Like the junk mail, where I use my hyphenated married name for the serious stuff, I can see who is selling what to whom. Yahoo blocks a lot of the junk, and I never have gotten any spam through my current (main) ISP either...

Link to comment
TotemLake

+TotemLake

Posted
Posted
Today I received my first UCE (SPAM) sent to my unique geocahcing.com email address. The email address is used only for this site, and the UCE came from a mass mailer, so I'm quite sure it was harvested.

 

Now before everyone starts ranting and flaming me, I know I can turn off making my email address visible to prevent this. That's fine, except I want other geocachers to be able to see my email address, and have the option of emailing me directly instead of through Groundspeak's servers if they so choose.

 

A solution that comes to mind is adding an option to use the ROT13 encryption to mask email addresses and allow users viewing a profile to decrypt it. That should be enough to thwart most automated email harvesters.

 

Waddaya think?

Your name pops up on Google Earth a couple of times when I do an intensive search. Is it possible you posted your e-mail address there upon registration?

Link to comment
Eric K

+Eric K

Posted
Posted

Some accounts are just mass mailed especially if you have an account like sales, support, etc. etc.

 

Some of the spammers now, like mentioned above, just seem to put in a lot of possible combinations.

 

I also use a program called Spambayes on my Outlook reader. It's a free program. Don't have the site off the top of my head but you an do a google search for it. I've been using it for a few years now. You have to train it a little but it works pretty good.

Link to comment
dinobalz

+dinobalz

Posted
  • Author
Posted

Just to clarify, not only is the email recipient part of the address unique, but my entire domain name is unique to geocaching.

 

I don't think the spam is coming from a "shot in the dark" approach, like sending to common recipient names, otherwise I would have gotten multiple copies of the same email (via the catchall).

 

Since the administrator feels comfortable that there is enough security in place to prevent harvesting from this site, I suspect the most likely source was as sTeamTraen suggests:

if your e-mail address has ever been used to send you an e-mail from a Windows-based PC, it may well have been harvested by one of the many viruses which scan the whole disk - not just the mail program address book - looking for anything that looks like an e-mail address which it can use. In other words, if anyone has /a/ used your address and /b/ caught a virus, your e-mail address is "out there".

 

However, if the "let others see my email address" is enabled, the address appears in clear text in the code, allowing automated harvesting-- but you would have to have an account to see it. It's not inconceivable that a mass mailer would sign up for an account to get addresses.

 

Please don't misinterpret; I'm not suggesting that geocaching.com been the least bit negligent. There is not much that could be done to prevent all possible email abuse. I get the strong impression that the Groundspeak folk are intent on preventing any abuse of this website, hence the reason for my post.

 

TotemLake:

Your name pops up on Google Earth a couple of times when I do an intensive search. Is it possible you posted your e-mail address there upon registration?

 

I'm not sure why that happens if you are searching on my geocaching ID, as I use a completely different domain for Google. Maybe it's related to the display of cache information? If you care to, PM me with the hits your are getting.

Link to comment
Blue Bomb

+Blue Bomb

Posted
Posted
Anyone use a spam blocker that really works?

When my ISP decided to put a spam blocker on my acount without telling me for 3 months I spend many, many hours trying to figure out how come no email from Canada was making it through. Spam was getting through just fine, though. Once they decided to tell me I called tech support and yelled at them until they disabled it for me (there is now an option to do it yourself).

 

In the meanwhile I have installed Bogofilter, which works pretty good now that it's been trained for over a year. I see maybe 1 spam per month, and as far as I know it has never labelled legitimate mail as spam yet. The other 40 or 50 spams per day bypass my inbox and go straight to a spam folder.

Link to comment
Kai Team

+Kai Team

Posted
Posted (edited)
Now before everyone starts ranting and flaming me, I know I can turn off making my email address visible to prevent this.  That's fine, except I want other geocachers to be able to see my email address, and have the option of emailing me directly instead of through Groundspeak's servers if they so choose.

I've never had a problem contacting people through a hidden profile email address (i.e. "Send Message"). If your email address was displayed and ROT13 encrypted, I wouldn't take the time to decrypt it - I'd just email you through your profile link anyway.

 

If you're that concerned about insuring other users have your email address, why don't you hide your email address in your profile, then put your email address in your gc.com profile - first thing under "Latest News" - in a format that a 'bot won't recognize, eg. "dinobalz (at) domain (dot) com".

Edited by Kai Team
Link to comment
pdxmarathonman

+pdxmarathonman

Posted
Posted
Today I received my first UCE (SPAM) sent to my unique geocahcing.com email address. The email address is used only for this site, and the UCE came from a mass mailer, so I'm quite sure it was harvested.

 

Now before everyone starts ranting and flaming me, I know I can turn off making my email address visible to prevent this. That's fine, except I want other geocachers to be able to see my email address, and have the option of emailing me directly instead of through Groundspeak's servers if they so choose.

 

A solution that comes to mind is adding an option to use the ROT13 encryption to mask email addresses and allow users viewing a profile to decrypt it. That should be enough to thwart most automated email harvesters.

 

Waddaya think?

I have created two gmail accounts. 1 with a similar address as I use on this site, one derived from my real name.

 

Within weeks I was getting spam on the one that included my real name in it. I had never sent anyone any email using it!! The earlier reference to the 555-0000, 555-0001, etc... style of "harvesting" (I mean guessing) at email addresses is the likely culprit. I suspect this may have been what happened to you.

 

Many people (geocachers) know the real email address used on this site and except for a short period of about 2 weeks back in November, I never get spam. I have used it for over 4 years!

Link to comment
pdxmarathonman

+pdxmarathonman

Posted
Posted
Now before everyone starts ranting and flaming me, I know I can turn off making my email address visible to prevent this.  That's fine, except I want other geocachers to be able to see my email address, and have the option of emailing me directly instead of through Groundspeak's servers if they so choose.

I've never had a problem contacting people through a hidden profile email address (i.e. "Send Message"). If your email address was displayed and ROT13 encrypted, I wouldn't take the time to decrypt it - I'd just email you through your profile link anyway.

 

If you're that concerned about insuring other users have your email address, why don't you hide your email address in your profile, then put your email address in your gc.com profile - first thing under "Latest News" - in a format that a 'bot won't recognize, eg. "dinobalz (at) domain (dot) com".

After you reply to their initial contact, they'll have your address. There isn't any compelling reason that they need your email address to make first contact.

Link to comment
Gremalkin

+Gremalkin

Posted
Posted

I have a yahoo account that I have used for a couple of years. I use it for everything on the internet: mailing lists, registrations, even registration forms at stores.

 

I am using the spam protection provided by Yahoo, and can count on my fingers the number of spam messages that have gotten through to my In Box. My spam folder gets less than 5 messages in it a week. Unfortunately, I have to check this folder, because once in a while some of my mailing list messages go into there, although most times they go to my Inbox (ones sent from same e-mail address).

 

My e-mail username has an underscore (_) in it. Although I am somewhat careful about who I provide my e-mail address to - I do distribute it quite a bit. I am wondering if the _ has anything to do with me getting very little to no spam?

 

Just a thought.

Link to comment
klossner

+klossner

Posted
Posted
After you reply to their initial contact, they'll have your address.  There isn't any compelling reason that they need your email address to make first contact.

I just found such a reason yesterday. I found a four-year-old cache that the owner had archived when he couldn't find it. I wanted to send a photo showing the cache location.

 

One way to publish your email address while preventing robot harvest is to put it in the photo on your profile page.

Link to comment
4wheelin_fool

4wheelin_fool

Posted
Posted

My geocaching e-mail is only used for caching, but it is visible in my profile. I get about 15 spam messages per week, which doesnt bother me as yahoo separates them, but they all are investing and mutual fund related. Does everyone's geospam have the same subject - investing and mutual funds? I've always been curious about that. If everyone's spam is the same subject, then there is a geospammer out there..

Link to comment
CoyoteRed

CoyoteRed

Posted
Posted (edited)

I stopped using multiple email accounts and put up a filter. I use K-9. After training it works very well. I've been using and training for almost a year. My latest reset was 209 days ago and I'm at 99.28% accuracy and 0 good emails mis-classified.

 

I don't have to keep cheching a butt-load of email addresses.

Edited by CoyoteRed
Link to comment
dinobalz

+dinobalz

Posted
  • Author
Posted
Does everyone's geospam have the same subject - investing and mutual funds?  I've always been curious about that.  If everyone's spam is the same subject, then there is a  geospammer out there..

The UCE's I got were not financial related, but they were all (so far) targeted to my local area and most of them have been sports related.

Link to comment
Guest
This topic is now closed to further replies.
Followers 4
Go to topic listing
×
×
  • Create New...