Spammers mining P2P for addresses

Interesting — Information Week reports that spammers are harvesting email addresses from peer-to-peer (P2P) networks. And it appears to work quite well, too:

All a spammer has to do (…) is connect to a file-sharing network and then search for strings such as "email" or "e-mail" or "Outlook.pst."

I doubt the method works as well as harvesting via anti-spam web sites though. I once received a spam message that displayed a Trust-e logo up front and started more or less this way:

We respect your privacy and the can-spam act.

Definitely in for a laugh, I visited their web site without delay.

While inspecting their unsubscribe form, I ran into the same Trust-e logo. Hosted on their web site, rather than Trust-e. Clicking on it sprouted the usual Trust-e popup with the usual Trust-e bullshit. Hosted on their web site, rather than Trust-e.

As you can imagine, I do not trust Trust-e and kin very much. My instinct to not trust people who explicitly tell me to trust them has probably something to do with this. Anyway… I decided to give Trust-e the benefit of a doubt, and proceded to denounce the fraud.

Using Trust-e's rather hard to locate denounce a fraud form, I give in depth details on my investigations, including whois record, urls to fraud's pages that display the logo, and so on.

A few minutes after posting the message, I was entitled an auto-response that dismissed any remaining doubt I had on Trust-e's case. It went something like:

The web site you wrote to us about is not a Trust-e member. There is nothing we can do to help you.

Morality: Never waste time with organizations and certifications that claim will let you know who you can trust.