
Researchers’ Typosquatting Stole 20 GB of E-Mail From Fortune 500 - tathagatadg
http://www.wired.com/threatlevel/2011/09/doppelganger-domains/
======
unfletch
I get a ton of misdirected email, but for different reasons.

The first is that I have a common nickname @gmail.com. There are many other
users with some variation on that nickname @gmail.com, and people are careless
about typos, including suffixes, etc. It's a similar cause to the article, but
the username instead of the domain.

The second case is a more interesting one:

I bought an expired domain.

Now I get all kinds of email sent to what used to be legitimate email
addresses of the old domain owners. For more than one of them it was clearly
their primary email address. I was getting emails related to bank accounts,
Netflix, Facebook, etc. I thought about trying to get in touch with those
users, but ultimately decided to bounce their email.

It was something I hadn't considered when buying an expired domain, or about
my own email addresses, but it's a real problem. Here's hoping my email
provider never lets their domain expire.

~~~
keidian
I get a ton of email to my own gmail, which is just my first initial & last
name. I didn't realize there were as many people out there sharing them until
I got that email. One that bought a car about 6 months ago, one a cell phone,
etc. Since I have no way of contacting these people and it's not a domain
where I can block out certain addresses, I will usually get at least one email
a week where I go uh, what is this? For a while I kept getting building
floorplans in progress from one company as it seemed they all used a common
address book with the incorrect email added.

------
AretNCarlsen
To beat the old drum: Email isn't intended to be secure anyway. Relying on
email addresses to maintain privacy and authenticity is like relying on Caller
ID to verify callers' identities. (See spoofcard.com.)

Encrypt, encrypt, encrypt. Or, encrypt.

~~~
darksaga
Yeah, it's still shocking to me how many fortune 500 companies still don't
understand how vulnerable they are to simple hacks like this. I would've
thought it would be SOP (standard operating procedure) to encrypt their email
years ago.

I guess a normal level of paranoia hasn't quite reached those companies yet
huh?

~~~
pinko
No, email encryption is a godawful mess and impossible for normal humans to
use.

And you can't control who sends _you_ email.

------
swaits
Pretty sure that's not "stealing".

~~~
adgar
Agreed. "intercepted" seems the most appropriate.

~~~
seabee
Sometimes I get mail intended for the house at 65 rather than 85. I'm pretty
sure I didn't "intercept" it.

~~~
a1k0n
Yes, but you didn't create the street number 65 with the intention of catching
mail from 85 either.

~~~
seabee
If nobody lived at 65 you'd get "return to sender" or similar. The point is
receiving mail is a passive act, interception is not.

Regardless of the researchers' intentions, somebody has a responsibility to
address their mail correctly. I get enough email from my namesakes to
(first).(last)@gmail.com to know it's not the recipient's responsibility.

------
slig
Once a friend snapped hotNail.com.<Our country code> . The amount of email he
got was amazing and that was 8 years ago.

~~~
anons2011
hotmail.cm would be a very good one, seems like someone has turned it into a
ad/survey site along time ago though.

~~~
aristus
:D It's much worse than you imagine. The entire TLD .cm (Cameroon) was
transformed into a typosquat years ago.

<http://texturbation.com/blog/?p=95>

------
pheaduch
I have the same issue with one of my domains and I get all types of emails
including highly confidential ones including banking emails.

------
mathgladiator
So, if you are in a fortune 500 IT department, you should probably set up a
honey pot to find people doing this now.

------
ChrisArchitect
wish this wouldn't conclude sounding like a ploy to convince everyone to buy
up misspelled domains.

~~~
djb_hackernews
Don't worry, that already happened a long time ago.

------
cfinke
Shameless (and I mean shameless) plug for my latest project that collects
statistics on what domains people mistype: <http://typed.it/> (Log in with
demo@typed.it/demo for full access.)

~~~
SergeyHack
It would be better to show the timezone, whether it's UTC or what. For example
here: <http://typed.it/reports/traffic/stackoverflow.com/hour>

------
aw3c2
I only glanced over that article but 20 Gigabytes? 120000 e-mails? In 6
months? Does that include all the spam?

~~~
ableal
It takes a while for the spammers to get up to speed on new domains. Six
months should see relatively little spam.

I'd bet on reply-all and auto-complete as means of perpetuating small mistakes
in addresses. There's no cleanup mechanism for it.

~~~
gravitronic
Slightly OT but interesting. This was true a year ago, unsure if it is still
in effect today.

In Gmail, if I send an email to Alice and Bob, but modify Alice's name to
"Anne" (or anything else) in the email's "To:" field, and Bob replies all,
Gmail saves the change to Alice's contact information in Bob's user list.
Alice will now show up as Anne in his google talk and in his contact list.

------
there
i thought this was going to be related to the memory errors causing incorrect
dns lookups:

[http://nakedsecurity.sophos.com/2011/08/10/bh-2011-bit-
squat...](http://nakedsecurity.sophos.com/2011/08/10/bh-2011-bit-squatting-
dns-hijacking-without-exploitation/)

