Apple's MobileMe plays into hands of spammers
Address harvesting all too easy
Apple has inadvertently made it easy for spammers to create a database of MobileMe email addresses.
The issue points to a future of more junk mail for Mac heads. They are already being targetted by MobileMe phishing scams.
The email harvesting issue arises because every MobileMe user gets a public idisk file-sharing site. These sites have an address tied into a user's email username. A user can't hide or delete their public folder and there's no way to choose what the name will be.
As a result spammers only need to map the iDisk domain using web crawler tools to extract the entire MobileMe user name list. Taking this username list and simply adding either @me.com or @mac.com will give an email list, Techcrunch reports.
Apple doesn't see a problem with its system, essentially because it hasn't received any complaints - yet.
Apple tech support said: "We’ve never had a complaint from a customer about people spamming them because of their iDisk public folder name. There is no way to remove your account name from the iDisk folders. I’m very sorry,".
The consumer electronics giant's response smacks of complacency, especially as it comes little over a week after the emergence of a phishing scam targeting MobileMe users. Personal data belonging to hundreds of punters with @mac.com email addresses is being traded in underground forums, credit card protection service CardCops reported. Punters were tricked into handing over these details for phishing emails whose plausibility was increased by earlier problems with the MobileMe service.
MobileMe has ploughed through a field of snafus since its launch on 9 July. Users were blocked from accessing email accounts for more than a week at the end of July and there have been syncing and billing problems, with some European users charged before their trial came to an end, forcing Apple to issue refunds.
Apple responded to these problems by adding 60 days onto the end of every MobileMe subscription.
MobileMe provides an online synchronisation service which includes a bundle of storage, calendar, mail and photo services. It adds support for Outlook and push email to the iPhone to Apple's previous .Mac services. ®
Safari - Ayteer.
Aetyr, Safari isn't blocked, it works and has worked.
Here's the quote from the WSJ you may have misread:
Update: We just spoke to PayPal. It seems we in the media are reading too much into this. It will block people using old browsers and old operating systems, but contrary to many reports it will not block Apple’s Safari browser.
As for harvesting MoblieMe addresses, this is HARDLY a new tactic, my old Mindspring account (Or before that, Netcom) over TEN years ago had my username in it, and was an easy way to figure out my email. You need to get your tech news from more than the Reg if that's what you're doing, their reporting is not somehow less flawed than others :) As for spam, from what I know of friends who have .mac/MobileMe the spam filtering is very good. Personally I don't use M-Me, have no use for it.
Two words -
"Non-story" and "Bandwagon".
There are a lot of ways of getting people's email addresses, and there are a lot of ways that are a darn-site easier than this.
Mine's the one that's just had "FAnboi!!1!" written on the back... in silly-string...
Have to agree with the other users that actually have a MobileMe account, I've recieved 0 spam mails during my 1½ of having the service. Getting huge loads to my Gmail/Hotmail, it would be a lot easier to just spider the web for emails or simply guess the addresses than using the idisk folder for this.