Email addresses typed into Forum Posts can be harvested

The machines we love to hate

Moderator: Wiz Feinberg

Post Reply
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Email addresses typed into Forum Posts can be harvested

Post by Wiz Feinberg »

This is a heads-up to members who Post and Reply on the SGF.

Some of you are putting your email addresses in plain text in your Posts. This is dangerous to you because spammers send out email harvesting bots on a routine schedule to collect all available addresses from forum and blog posts. Once harvested, your email address will be added to spam databases of live addresses.

Also, scammers read our forums from time to time and collect email addresses when people include them in their posts. They use the email addresses they collect to send Nigerian 419 scams.

The new SGF PhpBB does not reveal any email addresses when people click on a link to send email. When you click on the email button on the new forum you are presented with a contact form that you submit through the forum, which in turn emails it to the registered recipient. You never see that person's email address, unless they reply from it, using their own email client. Thus, we are protecting your identities from harvesters and fraudsters. You must use caution about what information you give in public to keep your accounts secure.

What you can do to protect your email address on the SGF.

First of all, instead of putting your email address in a forum post or reply, tell people to use the email button to contact you. The forum has a database of member email addresses, which you can maintain via your Profile.

Be sure you log into your member Profile page occasionally and verify that all information is correct, then select the Posting and Signature Options you prefer, then press the Submit Button, on the bottom of the page. You will be transferred to a results page notifying you that the changes were saved succesfully. All Profiles should be reviewed and saved by Submitting, even if nothing has changed. This ensures that your information is correctly entered into our databases and is up to date.

If you feel that you must include an email address in a Post or Reply, obfuscate it somehow. Some common means of obfuscating email addresses include:
  • Replace the @ symbol with AT
  • Add spaces around the @
  • Add some word like RemoveMe around the @
  • Spell DOT instead of using a . before .com or .net
I just edited a Post where a member pasted in an email delivery failure notice, which included his account name in plain text. This made it an easy target for harvester bots or scammers reading our forum posts. In cases where you want to demonstrate a technical problem and ask for assistance by pasting in a report, remove the email account prefix, or better yet, the entire address from the report, after pasting it. Just substitute the word REMOVED where you account name was shown.
Last edited by Wiz Feinberg on 5 Dec 2009 9:16 am, edited 1 time in total.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
User avatar
Jim Cohen
Posts: 21749
Joined: 18 Nov 1999 1:01 am
Location: Philadelphia, PA
Contact:

Post by Jim Cohen »

Good advice, Wiz, thanks. Now, since you got me worried about this matter, I went and did a Forum search on my email address (to see if I had posted it and, if so, then I could edit it out now). It turned up many threads in the search results. However, in none of those threads could I find my email address typed anywhere. Many of the threads were ones in which I had never posted at all (including this very thread, before I decided to post this reply!)

Any idea what's up with that and, more generally, whether one can search for postings of one's email address so as to search and destroy before the next wave of harvest-bots come through?
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Post by Wiz Feinberg »

Jim;
Would you mind asking that in the Feeback Forum? I am going out on a service call and don't know the answer without asking b0b.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
User avatar
Al Marcus
Posts: 9440
Joined: 12 May 1999 12:01 am
Location: Cedar Springs,MI USA (deceased)
Contact:

Edress's

Post by Al Marcus »

Wiz-Thanks for the update. But I believe personally that our Email address are being harvested from a lot of sources , whether we like it or not. And yes our Telephone numbers from scammers and sales pitches.....Thanks again , we need all the protection we can get with these computers..al.:):)
Michigan (MSGC)Christmas Dinner and Jam on my 80th Birthday.

My Email.. almarcus@cmedic.net
My Website..... www.cmedic.net/~almarcus
User avatar
Will Holtz
Posts: 335
Joined: 5 Mar 2004 1:01 am
Location: San Francisco, California, USA
Contact:

Post by Will Holtz »

Jim Cohen wrote:I went and did a Forum search on my email address (to see if I had posted it and, if so, then I could edit it out now). It turned up many threads in the search results. However, in none of those threads could I find my email address typed anywhere. Many of the threads were ones in which I had never posted at all
I posted a solution to this search issue in the related thread in the Forum Feedback section. For the future reference of anyone looking at this thread, I am posting a link to the corresponding thread.

http://bb.steelguitarforum.com/viewtopi ... 821#958821
Post Reply