Spamming of NANOG list members

Rich Kulawiec rsk at
Fri May 24 21:58:09 UTC 2019

On Fri, May 24, 2019 at 06:34:25PM +0300, Scott Christopher wrote:
> and
> mangle email addresses in the headers but do nothing about email addresses
> that are quoted / attributed in the body.

There is zero, as in 0.0, point in mangling/obfuscating/etc. email
addresses in forlon and misguided and ultimately futile attempts to keep
spammers from getting their hands on them.  I wrote about this extensively
a few years ago so please let me cite myself in these two messages [1]:

On the other hand, there are a lot of reasons NOT to mangle/obfuscate/etc.
email addresses, including the use of archives by people who come along
later and are trying to track down authors of messages of interest.


[1] As long as those are, there's still more: as one thought experiment,
consider how many of the addresses on this very list can be correctly
deduced by using simple constructions based on real names.  By example,
let's suppose John Smith at is on this list.  We could
readily guess:

	john at
	smith at
	johnsmith at
	john-smith at
	john.smith at
	jsmith at
	j.smith at
	smithj at
	smith.j at

and similar variations, and if you compare that to the results of

	egrep "^From: " nanog | sort -u

you'll quickly see that a very simple script could come up with roughly
half the addresses on this list immediately.

One of the implications of this, given the widespread adoption of
uniform algorithmic generation of email addresses by much of the
corporate and government and nonprofit &etc. worlds, is that an
attacker who has very little knowledge of the corpus of valid email
addresses at any such entity can make a first-order pass at enumerating
them by combining a script such as the one I posited above with lists
of the 1000 most common first and last names in the appropriate locale.
Of course if the attacker has even a small sample of known-valid
addresses, then it's not necessary to use the myriad variations that
such a script would generate, only the one that appears to be in use
at the target.

More information about the NANOG mailing list