email address

You are currently browsing articles tagged email address.

Email Harvesters

June 24, 2009 in Photography, Work by Ezra S F | No comments

Good Sign I missed the story about brothers convicted of harvesting emails the first time. Well, I noticed a followup.

Back around 2001, the CIO received complaints about performance for the web server. So, I went log trolling to see what the web server was doing. A single IP dominated the HTTP requests. This one IP passed various last names into the email directory. Some quick research revealed Apache could block requests from that IP. That calmed things down enough for me to identify the owner of the IP. The CIO then bullied the ISP to provide contact information for the company involved.

Previous little adventures like this landed me a permanent job, so I jumped at similar challenges.

Well, a few years later, it happened again. This time my boss had made me develop a script for the dissemination of the anti-virus software package to home users. Basically, it used email authentication for verification if someone could get the download link. So, I applied the same technique to the email directory. Well, this upset some people who legitimately needed email addresses. So the human workers would provide email addresses to people with a legitimate need.

I’m glad since I’ve left, VSU no longer looks up email addresses for people. (I thought some of the requests questionable.) Also, my little email authentication script was before LDAP was available to the university. I think the new solution much better.

One the more vocal complainers about my having stopped non-VSU access to the email directory was my current employer. We apparently list email addresses for employees freely. Which makes me wonder how much spam we get is due to the brothers described at the beginning of this story? Or other email harvesters? Just hitting the send button potentially exposes the email address.

No worries. I’m sure Glenn is protecting me. :)


Related posts

Athensdating.org

April 11, 2009 in Interweb, Photography by Ezra S F | 4 comments

Writing a Blog Post About This Scam I noticed a little black and white sign: “Single? athensdating.org” a while ago. A couple weeks ago it came up in conversation. Today I saw it again. So I visited the site.

First impression: A local site should have images to represent something about the locality. Generic stock photography doesn’t cut it for me. The signup for wanted my home and cell phone numbers.

That sounded phishy to me.

Domaintools.com is a great site for looking up who runs a site. If the owner has selected privacy options with their registrar, then that would be a snag. Fortunately for us, the owner of athensdating.org isn’t hiding.

Owner: NuStar Solutions

The note “Email address is associated with about 4,690 domains” caught my eye. So I looked up NuStar and found this article about these popping up everywhere. (At least DomainTools gave me the info in one shot without having to do the same extensive research.) Lots of stuff online about these signs, who is placing them, and whether or not this is a scam.

I’m just going to assume it is a scam.

Picture info: Writing a Blog Post About This Scam on Flickr from sneezypb


Related posts

Mail From Address

January 29, 2009 in Blackboard Vista by Ezra F | 3 comments

It appears CE/Vista has several locations for defining the email addresses it uses for SMTP.

  1. $WEBCTDOMAIN/config/config.xml:
    mail.from=
    From address for messages sent.
  2. $WEBCTDOMAIN/customconfig/startup.properties:
    WEBCT_ADMIN_EMAIL=
    Some internal errors have a mailto: prompt to contact the server administrator.
  3. $WEBCTDOMAIN/serverconfs/log4j.properties:
    log4j.appender.EMail.To=
    Report fatal errors.
  4. $WEBCTDOMAIN/serverconfs/log4jstartup.properties:
    log4j.appender.EMail.To=
    Report fatal errors.
  5. $WEBCTDOMAIN/webctInstalledServer.properties:
    WEBCT_ADMIN_EMAIL=
    Installer picks up this value for populating #2 and possibly #3 and #4.
  6. $WEBCTDOMAIN/webctInstalledServer.properties:
    MAIL_ORIGIN=
    Installer picks up this value for populating #1.

What really disturbs me is the Vista 8 installer created log4j properties files with the  SMTP server set up for miles.webct.com and sending from vista.monitor@webct.com? I cannot seem to find anything in the Vista 8 documentation or wiki or Google index about the “Vista Trap Notification” subject line, from address, or SMTP address which the log4j appender appears to be designed to send.

This Vista Trap Notification appears designed to send an email to the address any time a fatal error is encountered. That’s fine. Just use the smtp host and From address requested in the installer.

Don’t get me started about giving end users a mailto: prompt to report errors.


Related posts

Gravatars

June 11, 2008 in Wordpress by Ezra S F | 2 comments

Probably I missed or didn’t understand the announcement.

For the past month or so, I’ve noticed all these comments with the poster’s picture next to it on various blogs. I knew them to be WordPress blogs. I noticed my own WP had some default icon in the admin user interface. Today I finally put it all together.

A recent WordPress version incorporated Globally Recognized Avatars into the main code. (They are also known as GRAvatars) Using a hash on the email address, it locates a WordPress commenter’s 96×96 picture for including in the comment. Naturally, you need to register your email account with the gravatar service.

So, now many of you get to see my ugly mug!

Zemanta Pixie

Related posts

Confidentiality

June 10, 2008 in Blackboard Vista by Ezra S F | 1 comment

A student wants Blackboard Vista to not reveal his or her last name. The student has already gone to the Registrar and gotten a confidentiality flag placed on the record. As I understand it, this flag in Banner is a FERPA protection to prevent the record from being provided to parties external to the university. It does not provide anonymity within the university. That electronic systems are being scrubbed of the student’s last name means something more than just confidentiality.

We only create new and not update from our student information system (SIS). So in general, the last name should not revert.

The instructor must know who the student is in order to correctly assign grades. If grades were automatically sent back to the SIS, then it would match the IMS id to the what is in the SIS. The user name or any other name is immaterial and not a confounder to the process. Unfortunately, our faculty has to manually transfer the grades. Some rely on the WebCT id / username. Others rely on the first and last name. I guess without names, this latter group is going to have to deal with relying on the WebCT id.

Only username, first and last name, and role are populated into the grade book. So moving the last name to another name field (like other, prefix, or suffix) would not help.

The last name appears to be part of their scheme for creating usernames, so they will likely need to change the username if the point is to not let anyone know what it is. The school in question does not appear to populate their Vista user records with a school email address. So I don’t know if the same would need to be done with it as well.

Blackboard Vista 3.0.7 does have issues with renaming the last name. While many things are immediately updated (good), some things are not. This is not a comprehensive list.

  1. The last name in the grade book was not updated. Removing the user from the section and restoring it to the section changed the name to the correct one.
  2. The last name in discussions was not updated.

So while renaming the account is easy to do, not everything takes place as quicklly as we would like.

Zemanta Pixie

Related posts

Fall in Love With Cyberbullying

March 22, 2008 in Interweb by Ezra S F | No comments

Kentucky’s Bill HB775 would require those operating web sites or blogs or message boards in the state to enforce a policy to collect legal names, postal addresses, and email addresses to use the service. The legal name would, of course, be posted on the web site. Should the poster cross someone else, then the operators have to hand over to the victim the identity of the poster. First offense at not having the poster’s identity is $500 ($1,000 each thereafter).

A policy to collect the information doesn’t mean the users of the web site must actually provide the information. Though it seems like this law is pointless unless it means the web site must force users to provide the information.

Any universities running a system like Blackboard Learning System Vista or CE editions (possibly others) probably would need to disable anonymous postings in the discussion board. The legal name of the poster would need to be visible. So, the system could not use nicknames the person would be addressed by in a face to face setting.

Universities typically have major difficulty getting students to correctly maintain their postal addresses. This is why many are turning to direct deposit of excess checks and email. This way the school avoids mail returns on thousands of addresses.


Related posts

Suck It Up And Pay the Price

January 3, 2008 in Interweb, Work by Ezra S F | No comments

Doesn’t it always look like this?

  1. User runs script against service.
  2. Script operates so quickly and sucks so much traffic its obvious its a script.
  3. Service’s automates systems detects the abuse.
  4. User gets automated notice about violation of Terms of Use and prevention from accessing the site.
  5. User pitches a fit because he is “famous”.

Services lock out abusive users because people conducting this kind of activity cause slowness. I’ve personally caught people doing this. How I got them to stop usually depended on my ability to contact them. People I knew or others directly knew, a phone call was enough to resolve it.

People outside of my social circle usually got an email and found their account locked. Doing so prevented their scripts from working. At Valdosta State, I would leave instructions at the Helpdesk for the offender to have to contact me in order to regain access to the account. Tyrrannical, I know.

UPDATE: So, it turns out Scoble was using an alpha of Plaxo Pulse. The ideas was to download ~5,000 images of Scoble’s contacts’ email addresses, text names, and text birthdays. Then the software would match them against people in Plaxo. He could then sync Plaxo with his Outlook address book for a good contact list.

He accuses Facebook of singling him out as others have not been caught. (Were the others trying to download and push 5,000 in a few seconds?) He also accuses Facebook of being hypocritical… They import contact information from other sources, but they do not allow anyone to export the same information.

I still think a user hitting 5,000 images for email addresses look like a spammer. Of course, I think Scoble is a spammer … Maybe its confirmation bias? :D


Related posts