• Recent Posts

  • Categories

  • Archives

What does Rumplestiltskin and spam have in common?

Once of the most common questions we get asked by users is “How do these spammers get my e-mail address?” 

There are a number or methods that these spammers use, but today we will focus on one of the methods,  The “Rumplestiltskin” attack.

A dictionary or Rumplestiltskin attack is an attack where the spammer floods e-mail servers with usernames selected from a dictionary. The name of course, comes from the old Grimm’s fairytale.

Long, long ago when the university’s e-mail system was still very primitive and e-mail addresses were limited to 8 characters, most personnel at the university had simple names like, It is relatively easy to make up a list of common letter combinations and just add onto it to create a e-mail list. Add to that common  role-based accounts, such as admin, help and support, as well as adding the latest Baby Names list and you have a list that can be used to launch a Rumplestiltskin attack.

If you send  E-mail to Unknown Users or address that do not exist, Why bother?

Firstly rather than spammers buying a list from other spammers, they can just spam to any possible name they can generate. It might seem rather inefficient but sending email is cheap.

The second reason – which is far more sinister – is that spammers use these techniques to generate lists of valid email accounts. They first send to a generated list and when they do get a response or the receiving mail server doesn’t answer back and say“unknown e-mail address”, this allows them to either sell these lists of “verified” emails or be more accurate in their other spamming activities.

With this second reason in mind, you should be able to see the danger of replying to these mails or filling in the “opt-out” option, that is commonly included in such mails, or by setting your “Send delivery receipt” to automatic on your e-mail. As soon as these spammers realize that there is a real person at the other end of the e-mail, they will increase their spam. They get paid to send out the mail, not for how many people respond to them.

In our next edition we will focus on a second way spammers harvest e-mail addresses in – Part 2 – Trojan Horses, Bots and Zombies


Comments are closed.


© 2013-2022 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.