A spammer just now tried to find out if my email address was live, by sending me a mail with an <img> tag to an image on his server. Gmail stopped this, but I had a closer look at the URL, and figured out that he'd encoded my email address into it.
Which meant that by hitting the right URL, I could add any email address I wanted into his database of supposedly verified email addresses.
Thus: http://wakaba.c3.cx/spam.txt
This is a Perl script that generates various kinds of garbage email addresses (loopback domains, garbage domains, and their own support address as listed in whois), and feeds it into the database. I am sure you resourceful people could find some use for this.
i hope they appreciate your context-free grammar!
at the very least those guys should have cut off the ==, isn't base64 the first thing everyone tries when they see that
Seems the collector script is down now, so that's that.
UPDATE:
I added an email address that hadn't been spread anywhere else as the first thing I did. I just checked it now, and it had fianlly started receiving spam, with the same sort of address harvesting system and the same crappy encoding.
Success!
I'll have to try and figure out what more I could for a second round.
Can this be used as a weapon?