Michael Arrington posted an interesting blog earlier today on TechCrunch, showing a fairly easy way for spammers to build lists of valid email addresses from Apples MobileMe service.

The basic problem is that Apple create a public URL for every MobileMe email account, which can be used by spammers to build highly qualified lists of valid email addresses.  Live email addresses are like gold to spammers, and can be worth serious money on the black market if the numbers are high enough.  Once they have a list of live email addresses they can easily send out spam and virus email without any risk of hitting invalid addresses.

What’s particularly important here is that the spammers already have some information about the people using the addresses, they know for instance that they are users of the MobileMe service and could easily target Phishing and fraud emails at them.

When the MobileMe service first launched it had some major issues and the spammers were quick to take advantage of this by sending out fake Apple emails asking users to confirm their details.  It is possible that the spammers were able to highly target these Phishing emails by making use of this vulnerability in the Apple MobileMe service.

The public pages are still visible and are rapidly being indexed by search engines making the search for valid email addresses even easier.

We will keep monitoring the situation to see if the spammers are taking advantage of the flaw in the MobileMe service.

ClearMyMail is able to block all spam emails, before they reach your computer.  Start your free 30-day trial today.

Reference: An Easy Way To Retrieve The Entire MobileMe User Email List