[e2e] was Re: A message to authors - nsdi

Sharad Agarwal Sharad.Agarwal at microsoft.com
Fri Jan 11 10:35:23 PST 2008


> But if spammers really want to do this, say, to microsoft.com,
> surely they could find an automated response system somewhere
> at microsoft.com which they could use for the same purpose?
>
> Or, alternatively, send enough pointless emails to people working
> at microsoft.com until they get a vacation message - so they get
> addresses which they could use to get an autoresponse anyway
> for doing this kind of test.


The spammer would need to know valid email aliases at microsoft.com, which isn't easy to figure out from the outside. If the domain does send bouncecbacks on invalid aliases, then you could launch a search for common names, but I believe many domains don't send bouncebacks or rate limit them for this reason (Afergan & Beverly in "The State of the Email Address" in CCR Jan 05 found that only 25% of the domains they tested responded with bouncebacks).

I know that some vacation message response systems by default only send a vacation response to those in the same email domain as you. Again, possibly for the same reason.



More information about the end2end-interest mailing list