Tuesday, January 6, 2009

All About Spam: What is a "dictionary attack"?

All About Spam is a series of blog posts about common spammer techniques. Have a question about a type of spam that you'd like to see in a future blog post? Send an email to pobox@pobox.com!

Sometimes, people will set up a new Pobox account, and then start getting spam almost immediately. When they write in, I take a look at their account, and see that they've registered aa@pobox.com. Dear Ansel Adams, you are the victim of a "dictionary attack".

As you've certainly learned on the Internet, if you go to 100 sites, and try to enter your first name as a username, unless you're named Kabir, you're probably going to get told, "That username is unavailable."

I'm sure, way back at the dawn of Internet time, Bob Smith the Spammer was signing up for Hotmail, and tried 5 different usernames, and getting frustrated. At every domain he went to, there were some very common usernames that were never available. And then, he had this grand realization:

"I can just assume some addresses will always exist, and spam them."

And thus, the dictionary attack was born.

No comments:

Post a Comment