Rethink Your Life!
Finance, health, lifestyle, environment, philosophy 		The Work of Art and The Art of Work
Kiko Denzer on Art


[Cob] coblist, Email addresses, and phishing

Shannon C. Dealy dealy at deatech.com
Sun Apr 2 21:11:25 CDT 2006 

On Sun, 2 Apr 2006, Bill&Julie wrote:

[snip]
> Now for the TADA part,, having problems before... I changed
> my address scheme...  I established  a bunch of unigue
> addresses for myself, and submitted each to a different
> account... The Phish that I just recieved was from the same
> address that I only gave to the Coblist...
>
> So,, In asmuch as I only use that address  for this list...
> Some one on this list has a virus that is sending addresses
> to a person that is up to no-good...
>
> I know of no other way that they could have gotten this address..
> I am using Zone Alarm Pro, And I have it locked down real tight..
[snip]

First off, if you see problems that you think are related to the coblist 
of any sort, please contact me, not the list, then if necessary, I will 
contact the list.

With regard to the concerns expressed above:

  - There are over 700 people on the coblist, statistically it is virtually
    certain that one or more people on the list at any given point in time
    have a computer virus on their system, so the possible senario described
    above can happen, but only to email addresses which have been used
    to send a message to the coblist, and those addresses are also directly
    available to anyone on the internet since the archives are public,
    and everyone on the list was notified of this fact long ago (as is
    every new subscriber), along with the recommendation that if this is a
    concern to you that you use a throw away free email address from yahoo,
    or some other similar service if you are ever going to post to the
    list (if you don't post, this won't be a problem for you).  This is
    true for any email list which has public archives.

  - The full list of email addresses subscribed to the coblist is strictly
    private and I am the only one with access to it, so if you don't post
    to the list your email address is reasonably safe, however, if someone
    manages to hack my servers they could get the addresses (unlikely but
    possible, I have a great deal of expertise in this area, but with
    enough determination, almost any computer can be cracked), to the best
    of my knowledge my servers have not been cracked in the eleven years
    they have been on line, but even if they never are, a bug in the list
    software could result in the list of addresses getting out.

  - Despite what was stated above, there are a number of ways in which
    email addresses which have been created by your ISP but have NEVER been
    used or given out to anyone can still be found out by spammers,
    phishers, and other people attempting to collect email addresses off
    the internet.  I won't bother with the details as there is nothing you
    can do to prevent it, and even your ISP cannot prevent it, the most
    they can do to to make it more difficult for email addresses to be
    collected from them.

FWIW.

Shannon C. Dealy      |               DeaTech Research Inc.
dealy at deatech.com     |          - Custom Software Development -
                       |    Embedded Systems, Real-time, Device Drivers
Phone: (800) 467-5820 | Networking, Scientific & Engineering Applications
    or: (541) 929-4089 |                  www.deatech.com