328
submitted 5 months ago* (last edited 5 months ago) by henfredemars@infosec.pub to c/showerthoughts@lemmy.world

I wonder how many thousands of spam bots have tried to connect to the servers and send email using text ripped from these pages federated across numerous domains.

And they can’t just block one website. They’d have to individually block every node if they want to crawl the web for email addresses to steal. I hope it’s a real thorn in their side.

top 26 comments
sorted by: hot top controversial new old
[-] HootinNHollerin@lemmy.world 93 points 5 months ago* (last edited 5 months ago)
[-] db2@lemmy.world 41 points 5 months ago

One specifically for the Indian scammers

behen@chod.in

For all I know that's a real email address 🤣

Knew a guy who did screen printing in college in the engineering program, which had a large Indian population. He put this particular phrase on a shirt and wore it around.

[-] HootinNHollerin@lemmy.world 8 points 5 months ago

😂 I never knew how that was spelled

[-] odium@programming.dev 13 points 5 months ago

The real way to spell it would be in the Hindi script. This is just the most common approximation in the English version of the Latin script.

You can't get a very accurate version in the Latin script because the Hindi alphabet (devanagiri) has 4 different Ds, two different CH sounds, etc.

It’s a bit of a tangent, but linguistically, that’s quite interesting. How do those “redundant” (in western comprehension) sounds differ? Or is it just that there are explicit characters for each pronunciation (e.g. “cede” vs “can”)?

[-] odium@programming.dev 4 points 5 months ago* (last edited 5 months ago)

Don't worry about the tangent, I'm a bit of a linguistics nerd. As you can tell by the following paragraphs.

Try making a d sound with your tongue right behind your teeth. Now try making it with it deeper in your mouth, touching the top of your mouth. There's multiple tongue positions in the mouth that can make d sound. While making the d sound you can also change the amount of air you expel to make the d sound.

This is how a lot of the multiple letters for a single Latin letter work in most indian languages. Explicit characters for each position and often two letters at each consonant position, one for low stress sound at that position and one for high stress.

Found this website for pronunciation of the Sanskrit alphabet: https://oursanskrit.com/sanskrit-grammar-reference/pronunciation-of-sanskrit-letters/

Sanskrit is an ancestor language for most Indian languages, like how Latin is a parent for most European languages. There are some differences between the modern language alphabets, similar to how German, Spanish, and English pronounce "j" differently. Umlauts and/or accents addded to vowels in some european languages, but not others, etc. But the majority of the letters are the same. South Indian (Dravidian languages, as opposed to north India's indo-European languages) have alphabets that look very different but the letters have mostly a 1 to 1 relationship with the north Indian ones.

That is cool. I learned something today, and I learned it from you. Thank you, genuinely.

[-] odium@programming.dev 3 points 5 months ago* (last edited 5 months ago)

Side note: finally noticed your username - from another Sanderson enjoyer, cheers!

[-] moira@femboys.bar 76 points 5 months ago* (last edited 5 months ago)

At my instance I did setup a email wildcard (receive emails from any address on that domain which don't already have a account) and I get a lot of phishing and scam emails, most of them are send "to" /c/meta@femboys.bar, as link to this community is linked in sidebar, but I also seen emails "send to" random usernames

screenshot showing email mailbox, about 15 phishing emails

So yeah, It is happening, i wonder how bad it is on larger instances

[-] henfredemars@infosec.pub 14 points 5 months ago

Wow! Thanks for confirming my suspicions.

[-] abbadon420@lemm.ee 10 points 5 months ago* (last edited 5 months ago)

The horror! I hope you have a good spam filter

[-] moira@femboys.bar 5 points 5 months ago

thankfully that is a special mailbox for spam, I sometimes like to come through the emails and see where they submit the data, and maybe submit some data on my own, plus report the issue to website owner/hosting

[-] PM_Your_Nudes_Please@lemmy.world 6 points 5 months ago

I personally love my catch-all email domain. Anything that isn’t addressed to a specific list of addresses lands in a generic secondary inbox. So like I can have a personal inbox with the email address I give to friends, a work inbox for the address I give to clients, and an “everything else” inbox that isn’t associated with either work or personal emails.

It also allows me to easily identify which companies are selling my info. If I sign up to a Walmart membership with “Walmart@[domain]” and then start seeing a bunch of spam at that address, I know they sold my info to some ad company. I can simply burn that address; I just filter everything from that address straight into spam. And now my inbox is clean again.

[-] RGB3x3@lemmy.world 4 points 5 months ago* (last edited 5 months ago)

Crap, that sounds amazing! Any good resources you'd suggest for getting started with doing that?

[-] lord_ryvan@ttrpg.network 1 points 5 months ago

Btw, the last one can be done via plus-addresses on at least GMail and Outlook; rgb3x3+walmart@outlook.com will forward to rgb3x3@outlook.com, and you'll see that it was sent through rgb3x3+walmart@outlook.com at the top.

[-] EtzBetz@feddit.de 3 points 5 months ago

I was searching for this, but how can you do a wildcard account which will just receive mails from all aliases?

[-] moira@femboys.bar 5 points 5 months ago

it depends on your email provider/server, search under term "catch-all" or alias. I'm using a self hosted email on hestiacp, which have a option under domain email settings

[-] tehWrapper@lemmy.world 43 points 5 months ago

Spammers don't care.. they have a list of millions of addresses and blast through them.. lots are deleted, never existed, or just garbage.

The people that run the email server they are using to send the mail care very much, but in most cases they are not the same people.

[-] FlihpFlorp@lemm.ee 31 points 5 months ago

When I first started on lemmy during the great exodus and I was still trying to wrap my head around federation, I saw a hexbea(.net) account and straight up thought this dude was using some random email

[-] Moonrise2473@feddit.it 14 points 5 months ago

They also monitor new website registrations and immediately spam info@newdomain

[-] LostXOR@fedia.io 11 points 5 months ago

Would be interesting to set up email servers on some of the more popular instances and see how much traffic they're actually getting.

[-] FaizalR@kbin.social 5 points 5 months ago

Wondering 💭 how many of spams have been caught.

this post was submitted on 11 May 2024
328 points (96.1% liked)

Showerthoughts

29588 readers
1105 users here now

A "Showerthought" is a simple term used to describe the thoughts that pop into your head while you're doing everyday things like taking a shower, driving, or just daydreaming. The best ones are thoughts that many people can relate to and they find something funny or interesting in regular stuff.

Rules

founded 1 year ago
MODERATORS