-   Email Comments, Questions and Miscellaneous (
-   -   Krebs asking about plus addressing (

TenFour 5 Aug 2022 11:39 PM

Krebs asking about plus addressing
I wonder if anyone here would have information on this question from the security blogger Brian Krebs?

Has anyone ever done research that looks at past breached databases to see what % in the data set included a "+" in the address followed by the name or shorthand for the breached entity? Seems like presence of even only a few 100 of these in a large data set is highly suggestive

jarland 6 Aug 2022 06:55 AM

I only have memories of reviewing excessive amounts of data from compromised databases. I don't even recall ever coming across a plus alias in any. I'm sure they were there but I feel pretty confident they'd be so few you could ignore them and exceed 99% effectiveness whatever your goal was for the data.

SideshowBob 7 Aug 2022 12:30 AM

I don't see what he's getting at, "highly suggestive" of what?

If enough addresses of the form "someuser+amazon@..." appear in spam then that suggests that amazon has been breached. Alternately if a stolen database of unknown origin contained many such addresses it would suggest it came from amazon.

What he seems to be referring to is the the case where a known organization has been breached and the stolen database contains plus addresses referring to that organization. All that suggests is that the addresses belong to external users/customers.

TenFour 7 Aug 2022 12:42 AM

My guess is he is looking at large databases on the dark web and if you see a few addresses like username+website, then he would be suspicious that "website" had been hacked. Of course some of the emails in those databases might be from email service providers, so the presence of +website wouldn't tell you anything.

TenFour 11 Aug 2022 02:02 AM

Krebs put up a new article on the pluses and minuses of using plus addressing.

All times are GMT +9. The time now is 04:18 AM.

Copyright 1998-2022. All Rights Reserved. Privacy Policy