An Experiment on the Vulnerability of Web Posted E-mail Addresses





The first test message was sent to the experiment's e-mail address at 7:26 AM on October 4, 2003. A little over 56 hours later, the first scam e-mail arrived, claiming to be from a refugee in the UK with 6 million dollars in a bank in South Africa that he help to obtain.


  On October 4, 2003, I began a "spam and scams" experiment.  The purpose of this test is to document whether a moderately exposed e-mail address will attract spam and scam e-mails generated through automated processes.

The test is based on the following assumptions:

  • E-mail addresses are harvested from internet pages by webbots, programs designed to scan the web and collect information.
  • In many instances, addresses that are collected are never looked at by a human to filter out those that are non-viable.

Results from the test will be published on this web-site.  I will post the complete posts of some scams as well as significant information associated with spam e-mail.

October 4, 2003 - test begins
October 6, 2003 - The first result of the test is received, a scam requesting aid in transferring a large sum of money.
October 8, 2003 - Arrival of the first virus and a second scam message, another post looking for help in transferring a large amount of money from an overseas account