An offer circulating the campus e-mail system is offering a compiled list of 1.7 million U.S. student e-mail addresses to anyone looking to "target the student sector" for the price of $370.
A company called PgUp Host, which claims to offer affordable and reliable web hosting, is behind the list. Company representative Tom Theroux calls the list "the most comprehensive student e-mail database available on the Internet." According to the PgUp company website, the list is a worthwhile investment for anyone looking to sell a product or advertise their website to the valuable demographic of students ages 18 to 24. The company further boasts that 84 percent of students on the list are credit card holders. As proof of the claim to have captured the student demographic, the company points out that all the e-mail addresses listed end in ".edu," the suffix used for college and university webmail.
The thought of a company compiling and selling a list of e-mail addresses to anyone with the money to purchase it seems to explain the surge of junk mail and spam that has infiltrated Chicago's webmail system in recent months. But Bob Bartlett, director of Enterprise Network Services & Security for NSIT (Networking Services and Information Technology), doesn't think PgUp Host's list is necessarily responsible for the increase. "There are hundreds or thousands of collections of addresses available," Bartlett said when asked to speculate on the additional unwanted traffic. "What is different about this one is that a vendor is attempting to differentiate itself by stating that their list hits a particular demographic."
Bartlett also explained on how these agencies go about compiling such lists. First, they can harvest names from the public sources, such as search engines, Usenet newsgroups, and any mailing lists or archives that are posted in public domain. They can also conduct what Bartlett calls "brute force attacks" on public directories, searching common names that often bring back multiple matching entries. A last option is to buy e-mail addresses from websites that collect and sell that information to companies such as PgUp Host. Bartlett confirmed that these collection methods are legal, adding that "if someone were to break into a machine or the registrar's office to acquire them, that would be a different matter." Since the list targets students from multiple schools, this is highly improbable.
Students need not worry. Bartlett does not think that the collection and sale of these and similar databases pose a serious threat to students' identities. The main risk posed is a lot of annoying e-mail, which NSIT tries to combat with spam and junk mail filters. But as search engines get faster, harvesting methods become easier and more available, leaving organizations like NSIT to make up the difference by creating even stronger filtering methods. When asked if there was anything students could do to protect their individual email accounts from being listed in these databases, Bartlett said there was no foolproof method. "There will always be some kind of leakage," he says. "As long as someone uses an e-mail account, has a web page, or leaves an e-mail address on web sites that they have visited, the address will be acquired by these harvesters."