more news from Google

Steven Bellovin smb at
Wed Jan 13 22:31:46 UTC 2010

On Jan 13, 2010, at 5:26 PM, msheldon at wrote:

> From a single detection of one hostile email you can often expand the picture to many mail recipients.  A little open source research identifies the common community the recipients belong to.  It's pretty straight forward.

The magic phrase is "traffic analysis" -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents.  Recurse as needed.

		--Steve Bellovin,

More information about the NANOG mailing list