How do spammers(with external IP) figure out the mail exchange servers of private n/w

Replies

• 

  gaurav.bhorkar

  Re: Spammers
  
  Some crooks within the organisation sell our email addresses to the spammers.
• 

  durga ch

  Re: Spammers
  
  nope, i dont think so, I read in wikipedia for the process what they follow, its soemthing like if an organisation has a backup server which is of lesser priority and the prime server, the anti-spamming filters need not be same. The spammer can then acess the prime server through the backup server.
  
  Saying that, i dont have a clue how they retrive details of mail box servers details.
  if within an orgnisation, we can do it by nslookup and figure out the detailsof the mail server what the organisation uses.
• 

  optimystix

  Re: How do spammers(with external IP) figure out the mail exchange servers of private
  
  we visit sites and often register there for email subscriptions and all that. many sites(reputed ones wont) give away these email addresses to email marketers who spam their stuffs on these ids.
  One must have seen threads in Orkut communities such as "free airtel recharge- leave your email addresses". And our foolish greedy Indian give away their email addresses on these threads.
  
  Even many of the free sms sites share emails of their customers. Their argument is that they have put up notice regarding sharing of emails to 'friendly sites' in their Terms of Service which hardly anyone reads completely.
  
  Porn, warez, cracks, and other such sites are notorious for leaking email ids to spammers.
  
  Some time in 2009, the editor of Digit magazine posted some false scheme or something whereby one must leave their email addresses with passwords and mail to some email id posted by digit and they will get access to mail servers from where they can hack any account they want. in the following month's edition, the editor lambasted the Indian public for getting fooled by their simple prank. According to them thousands of people had given away their email ids and passwords to them.
  
  Untill a few years ago I used to be junked badly by spammers as I had joined many internet groups and communities and many of them seemed to have leaked mails out. But since past year or so things are under control through proper regulation and preventive steps.
  
  Junk mails can be really irritating. My yahoo inbox still has more than 19,000 mails (Bulk folder has a few thousands too) which am yet to clear.
  
  Restrain is the best solution to avoid getting spam mails.
  
  And about someone from workplace leaking mail server details by some insider(as memtioned by Gaurav) can be possible if someone is associated with e-marketing but such possibilites are less in big organisations. If someone is earning well then there's no reason to go after e-marketing stuffs and doing illegal stuffs like these.
• 

  durga ch

  Re: How do spammers(with external IP) figure out the mail exchange servers of private
  
  @ Opti 😀 Thanks.
  But is that all? i thought there was a mechanism or a technique with which all mail ids from say xyz @.com could be derived.
• 

  juniorintellect

  Re: How do spammers(with external IP) figure out the mail exchange servers of private
  
  have u heard about SMTP, if u have a smtp of a particular domain u can send anykind of mail 2 them.
  SMTP are basically of 2 types :1)Inbox delivery smtp's
  2)bulk delivery smtp's
  now it depends on the spammer what kind of smtp he/she is using to send the mail to a particular organisation be it private or public.😀
• 

  optimystix

  Re: How do spammers(with external IP) figure out the mail exchange servers of private
  
  

  @ Opti :smile: Thanks.
  But is that all? i thought there was a mechanism or a technique with which all mail ids from say xyz @.com could be derived.

  yes there are.the traditional way is to swap the mailing lists between websites. its the traditional way, fastest and still used by majority of spammers.
  
  others, who have the technical skill and can risk it(and for the kind of thing you are talking about ,durga), will use bots(there are various types for doing various types of related work) to collect email ids from sites, forums etc. it just identifies the email link and copies it, later sending it to the master. captcha and other antispamming techniques(such as Akismet in Wordpress) have rendered this method non-viable for most spammers and only a few hard core hackers still use it.
  
  As some one earlier mentioned about by an insider selling email ids, its a small chance that he/she will do it unless he is into viral/email marketing and that chance is less if hes working in a good organisation 'cos such schemes are usually not that lucrative. Most companies will have good admins securing the company data(that includes email ids as well) and if job done properly can prevent email lists from leaking most of the times but again there are techniques to sniff the network remotely. network encryption techs and https is a good option preventing most hacker and bot attacks.
  
  I have personally tried sniffing my own network and I was able to get packets with my data and (shockingly😡) my username/passwords too. Getting under a good firewall is therefore essential for most people using the internet. As I had said earlier, I had lots of junks getting delivered to me everyday and after a few weeks of measures, things are calm now. I get very few junks these days.
  
  There are ways and ways to harvest email ids. Try this wiki E Mail Address Harvesting for more info