"Anthony Atkielski" <anthony@atkielski.com> wrote: > David writes: [0] > > Guessing and trying? > > That would require tens of thousands or even millions of bounces for > every successful mailing attempt. I don't think anyone is doing it > that way. Never heard of dictionary attacks? They're not just for passwords. Spammers don't seem to CARE that their delivery rate may be 1:1e6; their costs are practically nil. After all, they already try to send to addresses that can't be verified as having existed in many years, or often to addresses that they have been told do not exist. > > Online directory provided by her email provider? > > Which e-mail providers are providing online directories? At least Yahoo. > And how > many of these directories allow you to extract addresses without > specifying any search parameters (such as a name)? So you have to provide a few search paramaters. Whoop de doo. Any decent programmer can write a program to search the entire space, by dividing it up when you hit the limit. Or, split it up by using the Advanced Search there, and get the added bonus of knowing the age range, marital status, gender, interests, location, etc. Can you say "marketing goldmine" boys and girls? > > Not understanding risks, she joins a seniors mail list? > > Possible, but not likely. Perhaps not for your specific grandma, but . . . . > > Someone she corresponds with blasts an email to > > a bunch of folks leaving all addresses exposed, > > and one of the addressees does some action which > > exposes the email to a spammer's harvesting process? > > This is getting more and more farfetched. Not farfetched at all. Have you never had your email address in a To or Cc in a message from a perfectly innocent sender to a huge number of people? That happens to me about weekly. I can't say for sure whether that has resulted in my address winding up somewhere easily harvestable, other than as below. However, I strongly suspect that it's not only plausible, but highly likely! Think how many things you have seen that have not only huge To or Cc lists on them, but many *layers* of same, after many clueless lusers have forwarded it around the planet. Do you trust each and every name on such a list, never to expose the addies??? > > Or more explicitly, someone she knows copies her > > in a post to a mailing list which is being harvested. > > A list to which she doesn't belong? Again, this seems unlikely. That has happened to me many times. Can you say with any confidence at all that, for instance, no messages on this very list, has ever had a non-member in the To or Cc? It's possible, I grant you, but extremely unlikely (IMHO), and anybody could trivially make it not so. > I have quite a few addresses that remain untouched. Only the ones > for which an obvious harvesting path exists have received spam. Lucky lucky you. [0]Not me, some other David. -- David J. Aronson, Unemployed Software Engineer near Washington DC See http://destined.to/program/ for online resume, and other info