Want CNET to notify you of price drops and the latest stories?

Spammers hit random addresses

One executive says the practice of "blind broadcasting" costs his company thousands of dollars per year.

3 min read
John Brogan, chief executive of ReplyNet, thinks he has found a disturbing new trend among junk emailers: sending out mailings to lists full of random email addresses.

He calls it "blind broadcasting," a practice in which spammers make up random email addresses in hopes of hitting upon a few legitimate ones. And he says it is costing his company thousands of dollars per year.

Brogan and others speculate that people who sell email lists may be padding out their lists with illegitimate addresses in order to make their lists look bigger than they really are.

Others pointed out that some antispammers occasionally use programs such as Wpoison that actually plant phony email names on the Web in order to snare junk emailers. Junk emailers find the phony names when they use software to vacuum up email addresses from the Web.

Wpoison, however, generates random pages and email addresses, and a program like that would not have generated so many different variations of names specifically to one domain, Brogan said.

Rather, he suspects that spammers use programs that generate names, such as common words and names with progressive numbering (John1, John1, and so on), in hopes of creating large lists and occasionally hitting upon a correct name.

"The progressive numbering and common name usage is from spammers that are 'shotgunning' their advertisement to a site and trying to hit as many possible addresses as possible," he said.

Brogan said he wants to send out an alert to others who think that spam is just a "nuisance" that can be dealt with by hitting the "delete" key.

"Junk email is not just annoying anymore," he said. "It's eating into productivity. It's eating into time. [Junk emailers] can actually take systems offline."

It is hard to translate the time it takes to deal with the spam into dollar amounts, but when pushed, Brogan estimated that his five-person company will spend upwards of about $10,000 this year dealing with spam.

Others have long said spam costs companies collectively at least thousands and probably millions of dollars per year in time spent combating it, protecting their customers from receiving it, and fixing systems that crash under the weight of it.

Brogan said he started noticing the rise in spam being randomly sent to email addresses about six weeks ago. ReplyNet runs email surveys for companies, which he says are sent only to lists provided by the companies themselves and definitely are not spam.

Respondents send their replies to an address created specifically for the survey. Computers are set up to tabulate results.

When the computers get responses that are not survey results, such as email advertisements randomly sent to survey addresses, they spew out error messages.

Every time a computer gets an error message, someone at ReplyNet spends time tracking that error. And every time, Brogan said, they find the cause was spam. Brogan also found that the spam messages sent to the survey addresses would start slowly and then pick up as Brogan speculated more and more people were buying email lists with the bogus addresses.

"I'm sure someone has just taken a dictionary software program and converted [the words] to email addresses," he said.

Brogan said his company could change email addresses so they are not easily correlated with real words. He also could change the protocols so messages were sent encrypted.

But the bottom line to him is that he shouldn't have to do that, he said.

In the end, he is left trying to appeal to spammers to cease this practice. "It's really just trying to get people clean up their act and stop guessing addresses," he said.