EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Comments, Questions and Miscellaneous
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere.

Reply
 
Thread Tools
Old 5 Aug 2022, 10:39 PM   #1
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,404
Krebs asking about plus addressing

I wonder if anyone here would have information on this question from the security blogger Brian Krebs?
Quote:
Has anyone ever done research that looks at past breached databases to see what % in the data set included a "+" in the address followed by the name or shorthand for the breached entity? Seems like presence of even only a few 100 of these in a large data set is highly suggestive
https://twitter.com/briankrebs/statu...43056778252291
TenFour is online now   Reply With Quote

Old 6 Aug 2022, 05:55 AM   #2
jarland
Essential Contributor
 
Join Date: Apr 2014
Posts: 371

Representative of:
MXRoute.com
I only have memories of reviewing excessive amounts of data from compromised databases. I don't even recall ever coming across a plus alias in any. I'm sure they were there but I feel pretty confident they'd be so few you could ignore them and exceed 99% effectiveness whatever your goal was for the data.
jarland is offline   Reply With Quote
Old 6 Aug 2022, 11:30 PM   #3
SideshowBob
Essential Contributor
 
Join Date: Jan 2017
Posts: 230
I don't see what he's getting at, "highly suggestive" of what?

If enough addresses of the form "someuser+amazon@..." appear in spam then that suggests that amazon has been breached. Alternately if a stolen database of unknown origin contained many such addresses it would suggest it came from amazon.

What he seems to be referring to is the the case where a known organization has been breached and the stolen database contains plus addresses referring to that organization. All that suggests is that the addresses belong to external users/customers.
SideshowBob is offline   Reply With Quote
Old 6 Aug 2022, 11:42 PM   #4
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,404
My guess is he is looking at large databases on the dark web and if you see a few addresses like username+website, then he would be suspicious that "website" had been hacked. Of course some of the emails in those databases might be from email service providers, so the presence of +website wouldn't tell you anything.
TenFour is online now   Reply With Quote
Old 11 Aug 2022, 01:02 AM   #5
TenFour
Master of the @
 
Join Date: Feb 2017
Posts: 1,404
Krebs put up a new article on the pluses and minuses of using plus addressing. https://krebsonsecurity.com/2022/08/...email-aliases/
TenFour is online now   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 09:56 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy