In previous posts on web application email harvesting, and the distributed email harvesting honeypot, I commented on a relatively less popular threat - the foundation for sending spam and phishing emails, namely collecting publicly available email addresses. The other day I came across an email harvester and decided to comment on its configuration file.

Thankfully, there're many spam poison projects where these crawlers get directed to a huge number of randomly generated email addresses. And while the results are evident, namely they're picking them up and poisoning their databases with non-existent emails it is questionable if that's the best way to fight spam, since the spammers are going to send their message to anyone, even to the non-existent email addresses causing network load. Something else worth mentioning, these email harvesters are starting to pick up [at] and [dot] type of obfuscation too.

The link for this article located at Dancho Danchev is no longer available.