Theoretically how spamming works

[Asphyxia]

Let's say a potentially nefarious individual stumbles upon a post like https://r4p3.net/threads/antipublic-and-collection-1-2-3-4-5-torrent.7950/#post-71383 - except keep in mind this is posted around the "dark web" in 1,000s of places and exchanged for money while I am sharing this as a public service announcement of sorts for email/password security.

The nefarious individual would:

1. Obtain the torrent files and use torrenting software like BitTorrent (or others) to download the contents.
2. Parse out any and all emails, in this particular case stripping everything after ":" in the lists much like detailed in the thread linked above.
3. Once we have a large listing of all the emails separated by new lines/returns we can use tr '\n' ',' < input.txt > output.txt or replace the \n for \r, also possible to use dos2unix to strip carriage returns or possibly just replace \n with '\r\n', explained over here.
4. Using software like Mautic, you can generate a leads list for email marketing but keep in mind you may want to enable the email queue support considering sending 1,000,000+ emails immediately is rather ridiculous.
5. Chances are high you may want a separate SMTP server to easily destroy/rebuild your Postfix email relay as the demand would arise - you may also consider cycling through different domain names.

Alternative methods to this could involve scraping emails from public Internet directories to acquire a Bing/Google indexed leads list. The key to successful email marketing of any kind is sending quality content that encourages users to click through. The number one goal to any email marketing campaign is a high click rate (click-through rate). This means finding or guessing the interests of recipients and making sure to pique the recipient's interest. Maybe to a list of all ".ca" emails, "Fun activities in Canada", or something of that sort.


Examples of gathering more emails via Google searching:

intext:@gmail.com filetype:xls
intext:@yahoo.com filetype:xls

For example, the @yahoo one returns an Electric File Certifications list containing - one can get creative when searching for email recipients:

regina.adams@hindscc.edu
beauchampwanda@bellsouth.net
hb2826@hotmail.com
carolynbrantley14@yahoo.com
bladebrown77@yahoo.com
lychanda.brown@hindscc.edu
sylvina.buckley@jcjc.edu
rpb69@hotmail.com
dpullin@deltatechnicalcollege.com
mashell35@bellsouth.net
ktconde@aol.com
cac_julie@bellsouth.net
unlimitedcosmetologyschool@aol.com
ddenson@northwestms.edu
vickiedrummond94@gmail.com
mian04@bellsouth.net
nadineh@bluecliffcollege.com
danadavis0824@yahoo.com
donna@msinstitute.com
ahowell@eccc.edu
mjones@smcc.edu
vnicole2@yahoo.com
ckenned3@meridiancc.edu
tmanley@deltatechnicalcollege.com
carohatfield@hatfieldsinc.com
cnewsom@northwestms.edu
boonevilleacademy@gmail.com
hhriley@northwestms.edu
rebaroy@att.net
cshortkcs@outlook.com
delois.stovall2@gmail.com
cbeth87@yahoo.com
cac_inc@bellsouth.net
wansleykristina@gmail.com
cewilburn@northwestms.edu

Ironically, I stumbled upon a dork for TeamSpeak 2 inurl:Teamspeak2_RC2/server.log and the outputs are fairly funny.

16-04-06 12:51:06,WARNING,Info,SERVER,    admin account info: username: admin password: zadoyw
16-04-06 12:51:06,WARNING,Info,SERVER,    superadmin account info: username: superadmin password: h46isj

From http://xcelco.on.ca/~bee-mee/Teamspeak2_RC2/server.log

and

30-07-05 19:07:36,WARNING,Info,SERVER,    admin account info: username: admin password: jm9ph5
30-07-05 19:07:36,WARNING,Info,SERVER,    superadmin account info: username: superadmin password: zirf11

From http://vcrpat.free.fr/Teamspeak2_RC2/server.log

Some dorks were found at https://d4msec.wordpress.com/2015/09/03/google-dorks-for-finding-emails-admin-users-etc/ and other similar security blogs.