April 21, 2011 at 11:27 AM ET
If it's ever annoyed you that you can't email somebody because you don't know their work email, a new tool will help you do that: Peepmail.
Those people who thought they were safe from random emails, well, they aren't. But everyone who uses it will realize how readily available some information is.
"Peepmail is a tool that allows you to discover business email addresses for users, even if their email address may not be publicly available or shared," reads the intro for the tool, which is the brainchild of Los Angeles-based security researcher Samy Kamkar, 25, whose Twitter profile motto is: "Think bad, do good."
Kamkar has already achieved some notoriety for some high-profile creations: the seemingly almost-impossible-to-delete "Evercookie"; the "Samy" worm in 2005 that gave him 1 million MySpace friends overnight; and a program that could simulate an AT&T Wi-Fi hotspot and snag iPhone users into unsecure browsing sessions.
I reached Kamkar, who told me this is why he came up with Peepmail:
Someone asked if it was possible, so that sparked my interest, secondly to inform people about what's available about themselves. The problem is that this data has already been available, people just don't know it (spammers and hackers do, though).
This way, people at least know what's available on them and hopefully can prevent or protect themselves if they wish.
It's pretty simple: type in a person's full name and the domain, and if you're not sure of that, type in the business name, and hit Peep.
Peepmail reveals the last 20 searches done, which seems to lean heavily toward big tech names and media personalities like Anderson Cooper and Ann Curry. When I checked out the site this morning, I saw Steve Jobs (sjobs@apple.com), Michael Bloomberg (mbloomberg@bloomberg.com), Jeff Bezos (jeffbezos@amazon.com), Larry Page (larry@google.com) and Leonard Lauer, as in Estee Lauder (llauder@estee.com).
"The emails should be accurate about 99 percent of the time," Kamkar said, but it may not be accurate if "there are multiple similar addresses based on the same name."
I tried my name, just the first name at first, and MSNBC, but that didn't work. Neither did my full name and MSNBC.
Kamkar said that the reason the tool might not work with certain domains is because of how those mail servers "are configured, specifically not verifying whether an email address does exist or not."
Since we do live in an age where people don't always appreciate this openness, he did offer a way to keep from being Peepmailed: "Have your system administrator to configure your mail server to not state whether an email address exists or not until after an email has been sent to that user."
More stories:
- 'Evercookie' is one cookie you don't want to bite
- Following security breach, expect a lot of spam
- Millions of emails exposed in major security breach
Check out Technolog on Facebook, and on Twitter, follow Athima Chansanchai, who appreciates the ease of emailing Samy Kamkar.