Kakkoi » Gmail

How to Register Multiple Accounts (MU) on Websites With Single Email Addresses

Noah Ark — Sun, 23 Dec 2007 22:58:24 +0000

You can used this technique to register on sites and forum. To name a few → digg, myspace, newsvine, 9rules, blogger & msn etc.

Gravatar sign-up process took less than 5 minute to complete and they don’t burden you with filling form chores (i.e: address, newsletter subscriptions, marketing questionnaire). So we pick Gravatar Web services for this guide.

Requirements

You must have the following email.

Gmail or Google Aps Gmail

Gmail Plus-Addressing Features

In brief, Gmail services has undocumented plus-addressing features (+) since early 2004. The plus-addressing features is mostly used for writing self notes, email filtering and mapping (google maps).

“Gmail never announce this features (beta forever) as there is no official documentation at Gmail Help Center.” — Anon

RFC 2282 - Internet Message Format

Technically, the plus sign operator is a standard URI protocol for handling Email address including telephone and fax (+tel, +fax ). This standard is maintained by Internet Engineering Task Force (IETF Network Group) → RFC 2282 “Internet Official Protocol Standards - Internet Message Format”.

The signup pages can be found at the following address ↓

http://site.gravatar.com/signup

Gmail Forwarding

Example of valid Gmail plus-sign-address code.

Below is raw header received from Gravatar for billgates+mypwned.avatar@gmail.com.

Delivered-To: billgates@gmail.com
Received: by 10.114.235.16 with SMTP id i16cs666570wah;
 Tue, 11 Dec 2007 02:13:40 -0800 (PST)
Received: by 10.100.247.14 with SMTP id u14mr17188447anh.1196668020044;
 Tue, 11 Dec 2007 02:13:40 -0800 (PST)
Received-SPF: fail (google.com: domain of support@gravatar.com does not designate 72.232.151.155 as permitted sender) client-ip=72.232.151.155;
Received: by 10.36.223.23 with POP3 id v23mf1698886nzg;
 Tue, 11 Dec 2007 02:13:40 -0800 (PST)
X-Gmail-Fetch-Info: billgates@gmail.com 1 smtp.gmail.com 995 billgates
Delivered-To: billgates+mypwned.avatar@gmail.com
Received: by 10.141.85.4 with SMTP id n4cs336075rvl;
 Tue, 11 Dec 2007 02:13:35 -0800 (PST)
Received: by 10.151.7.4 with SMTP id k4mr2609357ybi.1197368014852;
 Tue, 11 Dec 2007 02:13:34 -0800 (PST)
Return-Path: 
Received: from app1.dfw.gravatar.com (155.151.232.72.static.reverse.ltdomains.com [72.232.151.155])
 by mx.google.com with ESMTP id a13si6664003rnc.2007.12.11.02.13.34;
 Tue, 11 Dec 2007 02:13:34 -0800 (PST)
Received-SPF: neutral (google.com: 72.232.151.155 is neither permitted nor denied by best guess record for domain of support@gravatar.com) client-ip=72.232.151.155;
Authentication-Results: mx.google.com; spf=neutral (google.com: 72.232.151.155 is neither permitted nor denied by best guess record for domain of support@gravatar.com) smtp.mail=support@gravatar.com
Received: from gravatar.com (localhost.localdomain [127.0.0.1])
	by app1.dfw.gravatar.com (Postfix) with ESMTP id 50EB08F36CA5
	for ; Tue, 11 Dec 2007 10:13:34 +0000 (UTC)
Date: Tue, 11 Dec 2007 10:13:34 +0000
From: support@gravatar.com
To: billgates+mypwned.avatar@gmail.com
Message-Id: <475e62ce4f383_94b15911e666750191132@app1.dfw.gravatar.com.tmail>
Subject: Welcome to Gravatar
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8

Welcome to gravatar!

To activate your account, simply click on the link below or paste into the url field on your favorite browser:

http://site.gravatar.com/activate/666aff604f5eba8025c1

When you visit the above page, you'll be able to set your password and create your first gravatar, all for free!

If you have any questions about the system, feel free to contact us anytime at support@gravatar.com.

Tom Werner
Gravatar Founder

When gmail received the email with the plus-addressing code it will split it up as follow
- billgates+mypwned.avatar@gmail.com
- login-name = billgates
- filter-name = mypwned.avatar
And Gmail will forward the email to the login-name@gmail.com → billgates@gmail.com.

Where to start

Make sure you can received the plus-sign-address email. Try compose new email with the plus sign to yourself.

Example:
Well, assume that your email account is : leeeroyjenkins@gmail.com
So compose new email like so:

From: leeeroyjenkins@gmail.com
Send-To: leeeroyjenkins+selftest@gmail.com
Subject: Hello world
Message-Body: Over, Over, Do u read me.

That should be all. check the related links for further read on Gmail tips and documentations.

Extra notes

There is few special characters you can play with.

Period . → billgates+all.your.base.belong.to.us@gmail.com
Hypen - → billgates+chuck-norris-fans-club@gmail.com
Asterisk *→ billgates+my*space@gmail.com

Email Phishing and Spams Trends - Be wary

Avice De'veréux — Tue, 11 Dec 2007 14:09:28 +0000

Below is typical phishing email I received on Dec 8, 2007. It was send to one of my active gmail accounts.

The Email Header

From: “Gmail Team”
Subject: Gmail Warning!!!! Verify Your Gmail Account To Avoid Close.
Part of the message ↓: Dear member,

This message is from gmail message center to all gmail free account owners
and premium account owners. We are currently upgrading our data base and
e-mail account center. We are deleting all unused gmail account to create
more space for new accounts.

*To prevent your account from closing, you will have to verify it below so
that we will know that it’s a present used account.*

* CONFIRM YOUR IDENTITY. VERIFY YOUR FREE GMAIL ACCOUNT NOW !!! [...]

Raw Email Content

This are part of of the raw message on gmail its not download via pop3. Certain meta info is not available as its got filtered by gmail services (spam automatic removal).

Delivered-To random-victims-name@gmail.com
Received: by 10.114.235.19 with SMTP id i19cs230694wah;
 Sat, 8 Dec 2007 04:27:12 -0800 (PST)
Received: by 10.141.20.7 with SMTP id x7mr3231780rvi.1197116792300;
 Sat, 08 Dec 2007 04:26:32 -0800 (PST)
Received: by 10.141.115.15 with HTTP; Sat, 8 Dec 2007 04:26:32 -0800 (PST)
Message-ID: <2f83b9150712080426n4a018c86mc2af4a4ed271f223@mail.gmail.com>
Date: Sat, 8 Dec 2007 13:26:32 +0100
From: "Gmail Team" 
Reply-To: customercareteamalert2@gmail.com
Subject: Gmail Warning!!!! Verify Your Gmail Account To Avoid Close.
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_Part_11145_31274162.1197116792293"

------=_Part_11145_31274162.1197116792293
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

 Dear Member*,* **
 * Account Alert*
***
 *
 *VERIFY YOUR GMAIL ACCOUNT NOW TO AVOID CLOSE !!!*
***GMAI L
*Dear Member*,*
 This message is from gmail message center to all gmail free account owners
and premium account owners. We are currently upgrading our data base and
e-mail account center. We are deleting all unused gmail account to create
more space for new accounts.

 *To prevent your account from closing, you will have to verify it below so
that we will know that it's a present used account.*

* CONFIRM YOUR IDENTITY. VERIFY YOUR FREE GMAIL ACCOUNT NOW !!!

 Gmail! ID:.........................

 Password:........................

 Your Birthday:.................

 Your Country or Territory:...........
 Enter the Security
Characters:......... [image: Registration
Verification Code]
*

 *Warning!!! **Account owner that refuses to update his or her account
before two weeks of receiving this warning will lose his or her account
permanently. *
**
*Sincerely,*
*Gmail Team*

------=_Part_11145_31274162.1197116792293
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Dear Member,

 Account Alert

VERIFY YOUR GMAIL ACCOUNT NOW TO AVOID CLOSE !!!

GMAI
 L
Dear Member,

This message is from gmail message center to all gmail free account owners and premium account owners. We are currently upgrading our data base and e-mail account center. We are deleting all unused gmail account to create more space for new accounts.

To prevent your account from closing, you will have to verify it below so that we will know that it's a present used account.

CONFIRM YOUR IDENTITY. VERIFY YOUR FREE GMAIL ACCOUNT NOW !!! 

       Gmail! ID:.........................

        Password:........................

       Your Birthday:.................

       Your Country or Territory:........... 

       Enter the Security Characters:.........                                

Warning!!!   Account owner that refuses to update his or her account before two weeks of receiving this warning will lose his or her account permanently.

Sincerely,
Gmail Team

------=_Part_11145_31274162.1197116792293--

They used Outlook to published this email and leeched numbers of images across different “known” web services ↓

Image Sources

Gmail Logo: Google Presskit logo

Captcha : yahoo (SSL)

Gmail Logo 2: genbeta.com (might be their host)

Header: EbayStatic Server

Whats the motiff

It may seem funny to read the message as this are pretty much a script kiddies at work. I’m sure that most savvy users will not trust this types of threat. But what most people unaware of is the “Image” portions of the message. It can play a big role for expoiting email.

QuickInfo: Spam “images” trends start around june 2006 and earlier version of popular email client (Outlook and Thunderbird) doesn’t block images by default.

If you are familliar with Internet Security in general,you may notice that there is many attemp and proof of concept method in exploiting Images like “TIFF & JPEG“. Both of this vulnurebilities exists in Internet Explorer Browser and various microsoft windows products. While we can only make educated guesses as there is no real working proof yet.

My doodling scenario produce this ↓

Session “hacker” create a malicious server side image → proxy tunnel send to multiple email server → the curious victim open the email → steal client informations (cookie or server session cookie) → spoof the request → send RST back to client (reset) → dump the victims data in one instance. → write signature on victim email (avoid loop) → propogate using victims session → new net-worm is born

Try digging around VX Heavens & milw0rm Database you’ll find something to start thinkering.

Firefox Freeze While on Gmail

Nick B — Tue, 04 Dec 2007 07:58:56 +0000

Recent update on Gmail has to many “Remote call” (AJAX) running (every 10secs) in the background. It will get really slow if you has a large numbers of email and spam. I’m suffering the dreaded “firefox freeze over” syndrome.

Below is a list of addons that will cause “firefox to freezeeeeeeeee”.

Firebug
Noscripts.

Its advice to disabled both of this addons or revert gmail back to older versions.

uri code to revert gmail to older versions
http://mail.google.com/mail/?ui=1.

As gmail is getting more crappy with “overload features”. I think I should start using thunderbird more often.

p/s: At this time of writing Google Aps Gmail is still with older version so you wont have this issue.

Firefox 2.0.0.12 Urgent Security Release

Kakkoi » Gmail

How to Register Multiple Accounts (MU) on Websites With Single Email Addresses

Requirements

Gmail Plus-Addressing Features

RFC 2282 - Internet Message Format

Where to start

Extra notes

Related Links

Email Phishing and Spams Trends - Be wary

The Email Header

Raw Email Content

Whats the motiff

Firefox Freeze While on Gmail

Related Posts

Kakkoi » Gmail

How to Register Multiple Accounts (MU) on Websites With Single Email Addresses

Requirements

Gmail Plus-Addressing Features

RFC 2282 - Internet Message Format

1. Gravatar Signup Process

2. Gravatar Sign-up with Gmail Plus-addressing Features

3. How Does It Work?

Where to start

Extra notes

Related Links

Email Phishing and Spams Trends - Be wary

The Email Header

Raw Email Content

Whats the motiff

Firefox Freeze While on Gmail

Related Posts