lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4AF4994D.1080006@csuohio.edu>
Date: Fri, 06 Nov 2009 16:46:53 -0500
From: Michael Holstein <michael.holstein@...ohio.edu>
To: YK <fulldisc@...penflue.net>
Cc: Full disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: How to receive SPAM mail


> I have a SPAM filter and virus firewall testing.
> So, I want to get the real SPAM is sent to a specific email address.
> What better way is there anything?
>   

I had to do a similar thing when doing a spam-appliance "vendor 
shakedown" .. what I did was setup a subdomain

eg: test.mycompany.com

and then create email IDs within that subdomain that had valid mailboxes

eg: bob@...t.mycompany.com, suzie@...t.mycompany.com, etc.

and then I used Google to search for "free offers" and "work from home", 
etc. and entered those IDs on about 100 different sites. There's tons of 
sites out there that you can sign-up for "hundreds of free offers" and 
whatnot.

Within days I was getting hundreds of messages per day for each ID.

Note .. they have to be valid mailboxes because you frequently need to 
reply to the "activation" email to make them work. You could setup a 
little script to wget any links in emails received and do "-O /dev/null" 
with the results .. but I just had all the accounts configured on a test 
machine in thunderbird so I could view what came through and the 
resulting "junk summary" emails.

The advantage of doing it as a subdomain (or just register another test 
domain) is that you can make the traffic go away entirely by deleting 
the DNS record.

Regards,

Michael Holstein
Cleveland State University

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists