Montag, 5. November 2007

Using Google Calendar to find email adresses

Spammers always search for new valid email addresses. I just found out that the nice Google Calendar not only verifies if a given email address is correct, it also print out the real name of the owner. This also works if the calendar is not published!

If the calendar is published with details a spammer can also search for keywords what spam the receiver would not like to enjoy. Of course, this is also useful for sending trojans or phishing attacks.

How it works:
One feature of the calendar is that you can publish your dates to everyone you like or just to everyone. If you switch the option on your dates are published on a web address which has the email address as parameter:

http://www.google.com/calendar/embed?src=youradresse@gmail.com

Even if the calendar is not published you can see at the top of the page the real name printed out. If the page is called with an not registered address an error occurs so you can see what address exists. With a scanning tool you can easily search for valid email address and fetch the names of the owners.

I ask google to fix this issue and hope they will do it soon.

1 Kommentar:

Alex hat gesagt…

interessant .. scheint allerdings nur bei Leuten zu funktionieren die sich für den Calendar angemeldet haben, aber das sind sicher auch schon einige.