Jerry 🦙💝🦙Seems perfectly normal to get an unsolicited offer for the contact info of people attending a European security conference, right?
Viss@Viss yep. It struck me about it being a European conference. I forget the GDPR didn’t amount to much
Serge Droz
Eskuero
Jim Spath
Krypt3ia
The Cyber Unc
@jerry I’ve seen this scam before targeting other conferences, including a conference held by a prior employer.
WXQ4987 (RSX9983)@jerry I’m troubled by the use of “there” as the display name for the recipient… I guess it makes the mail merge easier from whatever zombie mail spammer they’ve setup…
Steve Atkins@jerry I’ve dug into these once or twice. As far as I can tell they’re usually nothing to do with the organizers of the conference, nor are they actually lists of attendees.
Rather it’s scraping names and companies who may have attended from public sources, merged with (typically terrible) existing lists of contact information.
Stephen Hoffman@jerry Attended a tech conference some years ago, and used a conference-specific email forwarder.
That email was used exclusively for the conference, and received only conference-related mail — until ~four years later, the newly-reorganized organizers and other senders all started spamming that email.
Old databases don’t go away.
But that email forwarder sure did.
Paul_IPv6yup. i've had "single use" emails that were dormant for over 12 years suddenly start spewing spam. i also regularly get spam to emails that have never existed (i've been only owner of the domain name) and never worked. a couple of these broken emails have been hit for decades.
old databases don't go away and are never cleaned up. just resold to other spammers.
@paul_ipv6 @HoffmanLabs the amount of spam I get to [email protected] is beyond all comprehension. Usernames look like email addresses and every crawler seems to have found them.
crawlers are the worst.
by far the most spammed email i still let through is one on an IETF RFC. at some point, a spammer scraped all the RFCs and put it into a commonly use database. all countries/languages, etc.
i don't have a personal web site and more and more, i'm glad. it would be one more morass of crap beyond my mailserver.
John Kristoff@jerry @paul_ipv6 @HoffmanLabs Any possibility you would be able and willing to make some data set available to academic researchers?
in my case, it would just be postfix logs, a lot of which would just show sbl-xbl blocking of same. if that's useful, let me know.
@paul_ipv6 All data could be useful. The infosec.exchange ones in particular however would be particularly interesting, as spam to bluesky or the bridge looking email addresses would be too. I'd imagine "proper" research might also involve a "control" instance for experiments to be conducted on. I don't have the bandwidth to lead such a project, but I'd be interested in one. I can ask around if someone wants to do something like this.