Who Reads Your @nospam Mail?

pjbrewer writes: "Ever use an address like name@nospam.com when filling out a form on the web or registering software? Think thats safe? Somebody is surely receiving messages destined for these fake nospam emails... and for curiosity or boredom, I checked it out. Nospam.com is owned by Anything.com, which is apparently, as it says on their web page, based in the Cayman Islands. Their page gives a short bizspeak blurb about what the company does (provide strategic advice to internet companies and vc-types). Offshore corporations can be as legitimate as any other, so why does this suggest concern? Could it be that the owners or managers of nospam.com want to avoid US laws for some reason? The Caymans sound like a place to incorporate rather than a place to set up offices and a T1. Am I overly paranoid, or is there something interesting that could be done to analyze people's use of *@nospam.com type addresses or some other interesting use of this content they must be receiving? Nospam.org and Nospam.net appear to be net malls owned by BestOfTheNet."

Re:Hey, Fine With Me

[rtscts]

the uninvolved parties are, as you said, postmasters and the like of hopefully large organisations, therefore in a better position to deal with the loser.

however, my MTA has this odd ability to figure out what to do with RCPT-TO and MAIL-FROM so i'm golden. i don't remember the command but an SMTP server can 'suggest' an alternate address if a user doesn't exist on your system, which means the spammer either forwards it to the new victim (ie. your system doesnt accept it then bounce it somewhere else) or gives up. either way you dont get it, and the new victim will not have any evidence that your system passed the buck...

Another "fake" address problem

[Ben+Jackson]

In 1992 I registered ben.com just so I could be ben@ben.com. In the past I've been extremely careful not to let it fall into the hands of spammers, using tricks like others describe (dedicated per-service aliases and the like). Unfortunately I get TONS of spam (20-50 messages per day are automatically filtered, and those are just the ones that get by the RSS/DUL/RBS). As it turns out, people named Ben use my email address as a fake address or a test address all the time. And recently I tracked down one person who was doing it who told me that "ben" means "me" in Turkish, so me@me.com => ben@ben.com in Turkey!

I guess the moral of the story is to choose your primary email address carefully, because even if you aren't deliberately registering domains to catch phony email addresses, you might do it anyway!

Re:I have an approach to dealing with spam

[billybob+jr]

Caught anyone interesting selling your email address to a spammer?

Re:Email suggestions

[Cramer]

Yes, "bar.com" is registered -- and has been for a long time. Mike used to read the mail flying in for "foo@bar.com", but he stopped that a few years ago (like 4 or 5 years) as "the internet has no sense of humor."

Re:So don't do that. [IANAL]

[Tiro]

Yahoo is a carrier, not your employer.

Interesting. What is the definition of a carrier? I would have guessed Yahoo is not a carrier, since its servers are merely clients on the net, and is not directly "above me" in the net's "hierarchy". Whereas my ISP is a carrier.

I am going to look up the ECPA right now.

I just use...

[Edward+Teach]

A.Norton@palomine.com

Re:send me spam! c'mon!

[MicroBerto]

you're wasting precious bandwidth that could be used to get the REAL porno!

Mike Roberto (roberto@soul.apk.net) -GAIM: MicroBerto

Re:So don't do that.

[ncc74656]

And I thought I was creative using 'president@whitehouse.gov' all this time.

I thought "billc@whitehouse.com" was more appropriate, given his proclivities...

_/_
/ v \
(IIGS( Scott Alfter (remove Voyager's hull # to send mail)
\_^_/

Re:Darn. Thanks, though.

[rothwell]

The first thing I did when I moved into my new house was become the registrar for the city's domain. I figured I was going to be here a while. I also registered my parents' city, so I could give them an email address.

I contacted the US domain people about allowing, for instance, the delegation of the MX record for NC.US (my state) to me. No go. They're pretty strict about usage. It has to be [city|county].state-code.US. You're allowed to make up stuff four levels down, but no higher. Other countries have whatever.com.uk, for instance, but not here.

Cayman for offices and Internet connectivity

[dbaker]

If you think that Grand Cayman is a poor choice for Internet connectivity then you are sorely mistaken.

In the past years, Cable and Wireless has invested hundreds of millions of dollars into their Cable and Wireless: Cayman Islands subsidiary. They offer nearly every high-tech Internet solution that you would expect in a well-funded area.

Although many companies simply use the Cayman Islands as a place to incorporate, there is significant business presence there, so the viability of locating there is not out of the question.

-dbaker

--
Daniel Baker - dbaker@(cuckoo.com|distributed.net|FreeBSD.org)

The Caymans rule!

[MicroBerto]

I had my spring break in the Cayman Islands, and it was the best week of my life. It's paradise down there!

Mike Roberto (roberto@soul.apk.net) -GAIM: MicroBerto

Re:So don't do that. [IANAL]

[Syberghost]

Look for "Electronic Communications Privacy Act".

Yahoo is a carrier.

They better hope they do nothing to jeopardize that; it's the only thing that prevents them from being liable for the content of every email that passes through their system, like your employer is.

--

Don't use localhost.com!

[swb]

When we started installing browsers with email capability, when creating the master image for one model I entered "nobody@localhost.com" instead of "nobody@localhost". This was /supposed/ to have been changed by the helplessdesk when they configured the PCs for whatever end users actually used them; needless to say it wasn't.

Needless to say, the helpless desk didn't do this, the end users idiotically clicked an awful lot of mailto: URLs without even wondering if their browsers were config'd completely, and I started getting hostile emails from the owner of localhost.com who had apparently just gone through some big tiff with a spammer who had used that as the bogus return address for their email.

I tried explainging to the guy what had happened and that it wasn't getting changed overnight -- I corrected the master image and warned the help desk to fix this when they came upon the machines of this model. But he was such an asshole about it that I finally ended up blackholing his domain at the mail relay; partly to stop the users from sending email to that domain (they get RELAY DENIED) and partly to stop this guy from being a jerk.

Nowadays I'm more careful to enter just "localhost"..

Personally I use 'username+descriptor' -- sendmail passes it all to procmail which delivers it to the username and I can filter /and/ track where it came from. Now whenever filling out web forms, I always use username+website as the name so I can see who's being naughty and who's being nice with their privacy policies.

It's a little along the lines of making slight changes in the spelling of your name when filling out forms -- John Q. Public, J.Q. Public, Jq Public, and so on so you get an idea who's selling lists to who.

Other popular ones when I never want ANY email from them are root@localhost, root@[127.0.0.1], root@[192.168.1.1]. I also like the suggestion elsewhere in this article about using the billing contact for the domain. That's clever AND effective...

Re:Don't use localhost.com!

[swb]

That's what I thought, too. I mean, you register that or bar.com, foobar.com, foo.com and what do you expect? The guy who runs the domain appears to think otherwise. He's right, to an extent, but to be a prick about email that should be all rights bounce or piped to /dev/null is a bit much.

Re:Don't use localhost.com!

[alecto]

Like whoever registered "localhost.com" shouldn't have seen that coming. They've certainly no right to whine about it when it happens--that's the price they pay for being so "clever."

Re:Example.com is reserved for this

[AtariDatacenter]

Kinda yes, kinda no... DNS records as follows:

DUMMY-HOST 2D IN A 10.0.0.0
TEST-HOST 2D IN CNAME VENERA.ISI.EDU.
www 1W IN CNAME VENERA.ISI.EDU.
BTW... did slashdot remove the tag from HTML message submission?

Re:Get filtering

[luckykaa]

The real steve@aol.com probably gets a lot of spam anyway. Not enough people use that particular name (There are after all a lot of possible first names and a lot of common providers) so the mail box isn't totally filled up.

The bill/bill.gates@microsoft.com on the other hand is used SOOO often that I can't believe that anyone uses that, unless there's a (self funded) legal team on the other end sending shrink wrapped "All commercial email will be charged...." messages back. Whatever Bill's email is, I can almost guarentee that it is NOT Bill.gates@microsoft.com Could be something more like Bill@gates.com

Re:Hey, Fine With Me

[Seumas]

Sounds like you might be refering to 'smtprewritestyle', or something similar -- to allow a search for potential local accounts to be run against a UID, address@localdomain or a combination of the two. I don't see why it couldn't be used to route to bounce it elsewhere.

But my commentary in response to your first message was not with regard to passing the buck. It was with regard to handling the incoming, in whatever manner, yourself.
---
seumas.com

From a "victimizer's" point of view...

[jpowers]

They're trying not to get spammed. The instinct to protect their privacy is a good one (I, as you can see above, don't give a shit), but it's unfortunate you have to suffer for it. Perhaps changing smtp to pipe all non-specifically addressed e-mails to /dev/null would be a good solution? Your "Swiss data protection commisioner" isn't going to be able to help you, I'm afraid. This is the sort of thing you have to take into your own hands and deal with.

-jpowers

Re:From a "victimizer's" point of view...

[beh]

Oh well, he's been rather helpful so far in pointing out what can and can't be done. Of course I will have to do most on my own; but it's certainly a good thing to get any kind of help.

As for the "I don't give a shit"; this is actually not 100% true. To a certain extend I don't. I am certainly NOT into yielding any email address in my domain, just that some idiot can use it for his own pleasure.

One thing - did you also think about some other implication? Those who entered the false email address also accepted some kind of use policy (basically in MY name!) for some product downloaded.

How would you think, if someone downloaded a product and when required to give some email address (before accepting all sort of things) just give out your email address?

How much will it cost the "registrant" to either pick an email address that surely is not in use; get his own domain and have some "spam" address in their domain, or even create a "spam" account of their own on hotmail or the like?

Instead people just display their own ignorance by entering existing email addresses belonging to other (if the other doesn't like it, all it takes him is either giving up the email address or writing to the vendor to be crossed off the lists there).

Personally, while I understand the motives of these people, in my opinion these kind of people are WORSE than spammers.

Re:not so easy

[ncc74656]

Well, most of the "Bulk Mail" filters work by assuming all mail without your email address in the To: or Cc: field is spam.

However, often legitimate mailing lists don't put your email address in To: or Cc:. I subscribe to several.

Most mailing lists include a Sender: line in outgoing messages, so you can filter for something like Sender:apex600a-bounce@nerd-out.com or Sender:oldsmobile-owner@chebucto.ns.ca (real examples from my .procmail directory) to make sure your mailing-list traffic doesn't end up in the Spam Can.

_/_
/ v \
(IIGS( Scott Alfter (remove Voyager's hull # to send mail)
\_^_/

webmaster@domain.com

[collin.m]

Just use webmaster@domain.com, this account mostly exists and somebody will read all the mail send to this account ;-)

(domain.com => the place you give your email address to ...)

Use [a-z].[com|org|net]!

[Jason+W]

Check it out:

Domain Name: K.COM
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: www.register.com
Name Server: No nameserver
Updated Date: 12-feb-2000

Organization:
Reserved Domain
(ICANN) Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 92092
US
Phone: 310-823-9358
Fax..: 310-823-8649
Email: res-dom@iana.org

Domain Name: K.COM
Created on..............: Wed, Dec 01, 1993
Expires on..............: Fri, Dec 07, 2001
Record last updated on..: Fri, Jun 02, 2000

Its the same for all [a-z].[com|net|org] domain names. No nameserver, no way to get the mail, and I would hope that ICANN wouldn't find some covert way to read spam.

--

Re:Use [a-z].[com|org|net]!

[Dahan]

Obviously you haven't heard of x.com :) (or q.com, for that matter, but I wouldn't expect anyone to have heard of them).

Re:Use [a-z].[com|org|net]!

[Dahan]

Oh yeah, how could I forget x.org, makers of a popular windowing system for *nix? :)

"my" @nospam mail? It's not -mine-.

[RollingThunder]

Think about it folks. If you don't actually put your email address in the field, why in gods name would you consider the email yours?

You TOLD them where to deliver it. They're doing exactly what you wanted. Don't complain when that actually goes someplace! :)

Re:O the humor...

[NP]

warez.it.kth.se is 127.0.0.1 , could be used ..

/N

Get filtering

[shermozle]

This nospam business is getting really annoying. If you don't want to get spam, start doing agressive filtering.

Another nice thing is to give an email in the form name+domain@yourdomain.com where domain is the domain of the people you're giving your email address to. Lets you track down where the spammers got your address and then filter it all out.

Re:Get filtering

[beaubell]

Isn't it just localhost.localdomain? localdomain.com is a REAL site! and localhost would just be a subdomain to localdomain.com

Re:Get filtering

[Mr+Z]

I personally use root@localhost.somedomain.com. That one resolves to 127.0.0.1 in many domains, and it's a DNS-resolvable host name for sites that require that to consider an email address valid. (Note: Newer domains don't seem to be including a "localhost" entry, so run "host localhost.somedomain.com" to check beforehand. Or, if you don't have host, you can try nslookup or some other utility.)

--Joe
--

Re:Get filtering

[Mr+Z]

I meant "somedomain" as a meta-name that you fill in with some other domain. For instance, I use my ISP's domain usually, since they have localhost.theirdomain.com in their DNS tables.

Next time, I'll put that part in italics.

--Joe
--

Re:Get filtering

[I+R+A+Aggie]

Annoying to who? The Spamers? Who gives a fuck?

Perhaps the legitimate owners of the domain you're forging, if you're not using a blatantly invalid email address (something@somewhere.invalid).

As for the user+whatever@legit.address notation, not all address verifiers on web pages accept the +whatever part. Seems that some programmers feel they can regex out valid and invalid addresses. snicker

James

Re:Get filtering

[JeffL]

I use the name+domain@my.domain all the time, but many sites claim that the + is an illegal character. I then explain the addressing rules to the offending site, but I have only once received a response saying that the address verifier would be fixed.

Another favorite of mine is to enter my address as root@127.0.0.1, and if I am feeling like a real bastard I check the boxes for "please send me spam", etc.

Re:Get filtering

[BobTheWonderchicken]

What I fail to see as the problem is the fact that you can give out a completely annoying fake address. I have free addresses that I send my mail to. Others use address such as Bill@Microsoft.com or Steve@aol.com. Of course people probably have those e-mail addresses and are completely annoyed at the large amount of e-mail they get that isn't for them. I suppose that the accounts have become inactive. The point is you can make up an address and not worry about the spam.

Use EXAMPLE.COM for this purpose

[Ross+Finlayson]

If you want to use a deliberately fake domain name, please don't just make up something that you think is fake; instead, use EXAMPLE.COM (or .NET or .ORG). IANA has deliberately reserved these domain names for this purpose.

Re:@nospam.com is a forgery

[topdogg]

I used to work at a local ISP when T1's was fast, ;) and people dial-up on 14.4 and lower, people used to do this on our bbs, and on out isp signup page, Guess what I did. evil grin. Poof...

oh MAN

[happystink]

This is the craziest most paranoid question ever. Trying to draw a line between someone registering nospam.com (which has MANY totally understandable valid uses) and being located in the Cayman Islands, and that person using it nefariously is just SO crazy.

The only way I can see you coming to a conclusion like this, or to even question it, is that you were like "oh man, i should get nopspam.com and see whose mail I get!" and then seeing that it was taken, and assuming whoever took it got it for that. Maaaaaan.

@nospam.tld addresses.

[Rhys+Dyfrgi]

I've set up my /etc/aliases file to redirect all mail to devnull to, well, /dev/null. I find it works quite well to send spam to devnull@mydomain. Thus you prevent the massive load on servers like nowhere.com which, according to the webpage, gets about 80000 (!) pieces of mail a month.
---

Re:@nospam.tld addresses.

[NtG]

Or an alias to one of the above mentioned machines.

Re:@nospam.tld addresses.

[eswan]

from www.nowhere.com-

"the only valid hosts within the NOWHERE.COM domain are void, ns1 and ns2. any other hosts claiming to be from within the NOWHERE.COM domain are faked. "

Errr, so www.nowhere.com is faked?

Finding out who's selling e-mail addresses

[mOdQuArK!]

I like the messages I've seen about giving unique e-mail addresses when signing up for services to find out who is giving our e-mail addresses to spammers.

Would there be anyway to make automate this & make it really convenient so that we could create a online "hall of shame" database of companies who are responsible for selling our e-mail addresses?

Re:Finding out who's selling e-mail addresses

[topdogg]

Most spamming software comes from newsgroups.

Re:Finding out who's selling e-mail addresses

[mOdQuArK!]

It wouldn't surprise me, but do you have any numbers to back this statement up?

Even if most e-mail addresses culled by spammers are from newsgroups, there are very likely at least SOME companies which sell e-mail addresses which they collect from their web sites - and it would probably be a good precedent if their names were splashed far and wide as privacy violators.

Check out asdf.com too:

[Tom7]

Check out this page at asdf.com, too:

http://www.asdf.com/asdfemail.html

Re:Check out asdf.com too:

[xlogan]

ha ha. Yea, we get enough spam, and we actually save the spam we get. We rotate the mail file every day, and even gzipped the size of the file is usually between 5 and 12 megs :-P

Re:Check out asdf.com too:

[T-Punkt]

I wonder how much spam qwerty.com gets... :-)

So don't do that.

[Syberghost]

That's why I don't use "@nospam.com" for that stuff.

I use billg@microsoft.com if I don't care who reads it, and an alias that is procmailed into /dev/null if I want it as private as possible. Sucks up a little of my bandwidth, but I have an OC3 on that box...

Get a free Yahoo account, and then never check it and just let 'em delete it for you when it fills up. Since it's actually your account, it'd be a felony for Yahoo to reveal the contents of the email, so you're set.

--

Re:So don't do that.

[homer_ca]

If you're that paranoid, then you need this. Get a home DSL line, then set up an SSL anonymizing web proxy from your work IP to the Internet. Your browser shouldn't be caching SSL web pages. How are the snoops at work gonna sniff your traffic now?

Re:So don't do that.

[jonathanclark]

clipped from here:

"In 1986, Congress passed the Electronic Communications Privacy Act ("ECPA"),[13] which protects electronic communications from interception and disclosure to third parties.[14] This act was passed ostensibly because the common law protections for individual privacy were deemed insufficient. The problem in our context occurs because is it unclear whether e-mail is covered at all by this act. The hearings concerning the act showed that the House and Senate acknowledged the existence of e-mail, but did not address those technologies in the wording of the act. Regardless of whether e-mail was implied to be covered by the act, the exceptions tend to create large loopholes for employers to find relief in. Thus, although the ECPA would seem to protect workers from e-mail interceptions, it is not explicit when it comes to the workplace, and the exceptions contained may exclude employee protection.[15] These exceptions may limit the protection of employee e-mail, and include interstate systems, prior consent, and business use.

First, the ECPA only protects messages sent over public networks, because the definition under the act specifies only such communication that affects interstate or foreign commerce.[16] Thus, an inner-company e-mail system would not be covered, although a company voice mail would. This ambiguity will only require court interpretation, but under the statute itself, it appears that the exception would shelter the employer. Thus, an employer who provides an inner-company e-mail system could read and disclose employee's e-mail messages freely. Yet an employer who merely provides standard e-mail service from an outside provider does not appear to be protected by the provider exemption. Legislative history suggests the rational for the exemption was to allow providers access to the contents of stored electronic communications to back up messages as protection for system failure.[17]

Second, the ECPA allows interception and monitoring where one of the parties has given consent. Although an employee may not give explicit consent to the employer to read specific message "A," some prior aspect of the employer/employee relationship, such as signing an employee agreement which gives consent, or accepting an employee handbook, may defeat this claim. Courts have found that consent may be inferred from circumstances indicating that the party agreed to the surveillance.[18] However, in Watkins v. L.M. Berry & Co., the court noted that mere knowledge of the capability of monitoring does not imply consent.[19]

Third, the business use exception is the broadest exception of all, and allows the company the right to make interceptions under the ordinary course of business. Analyzing this exception courts usually take one of two approaches. The first approach is based on context and the second on content. Under the context approach the key to limiting employer liability is employee notice and a legitimate business purpose for the monitoring.[20] For example, the employer can probably successfully argue that in order to maintain productivity, decrease fraud, etc., they must intermittently monitor employee e-mails. It would be very difficult for the employee to argue successfully against this exception. "

Re:So don't do that.

[John+Jorsett]

And I thought I was creative using 'president@whitehouse.gov' all this time.

I did this for a while and then started thinking, "Hmmm, I wonder if the Secret Service has a sense of humor."

Re:So don't do that.

[Syberghost]

Your employer is well within their rights to look at your browsing habits while on company time, inspect the contents of the perimeter web cache, and even read whatever is on their hard drive(s). (They can also inspect every packet inside their network.) Anything entering or leaving the company can be subject to inspection. (sad isn't it.)

That's not what the top-rated law firm in the state told them, and it's not what my home-town lawyer told me.

If the contents of those packets are private email, it's a felony to read them unless they're in the company's email system. The fact that they're traversing the company's network doesn't change that, according to all the research everybody involved did.

--

Re:So don't do that.

[SpiLL]

Wow.

And I thought I was creative using 'president@whitehouse.gov' all this time.

Re:So don't do that.

[pheonix]

Doing a brief search on two law databases shows that in the most obvious cases of this nature, the company doing the reading won their case 17 times to every 1 that they lost. It sounds like your "top rated law firm" should do some more research.
-Jer

Re:So don't do that.

[Syberghost]

Doing a brief search on two law databases shows that in the most obvious cases of this nature, the company doing the reading won their case 17 times to every 1 that they lost.

What that statistic doesn't show you is that in the vast majority of such cases, they settle out of court, because they know they're on shaky ground.

You're just seeing the cases where they weren't on shaky ground, and took it to court.

My ex-employer folded like a house of cards 'cause they knew I had 'em by the short and curlies.

--

Re:So don't do that.

[LordDartan]

Actually, yahoo can do what they want with your email, including letting anybody they want read it. Since it's on servers they own, technically, they own all the email, even users private email. Just like at work, you're employer has rights to read and do what they want with your email since it's on their equipment.

Re:So don't do that.

[Syberghost]

Actually, yahoo can do what they want with your email, including letting anybody they want read it. Since it's on servers they own, technically, they own all the email, even users private email.

That has been incorrect since 1986. There is a specific law against it in the United States, and it is a seperate felony count for *EACH* email.

Just like at work, you're employer has rights to read and do what they want with your email since it's on their equipment.

That is a specific exception in the law; your employer can read email that exists in their mail system, and they can prohibit you from accessing your private mail from work (and fire you if you do), but they can't look at your private email even if you access it from their equipment.

Trust me on this one; it's what my last employer's lawyers told them shortly before I left. :-)

--

Re:So don't do that.

[grammar+nazi]

You don't need a nospam.com address. Use a nospam.nospam domain instead, like the grammar nazi does.

Re:So don't do that.

[mickwd]

BillG: Hey Steve, I keep getting sent other people's e-mail.

SteveB: Anything interesting ?

BillG: Well, there's a lot of rubbish, but there's also a lot of really great ways people have thought up of making lots of $$$$.

SteveB: Well we could do with a bit of help right now. Hey, why not get everyone to send us their e-mail ?

GillG: Great idea. Get some marketing guys to knock up some lame excuse for a strategy, call it something meaningless like .NET, and let's see if we can make the mug punters pay us money for it.

Re:So don't do that.

[Cramer]

While it is true that electronic mail has been aforded the same protections as regular ol' US postal mail for some time, there is an agreement between you and Yahoo!, or you and your ISP, or you and your employer which can (and in many cases does) negate that law. Of course you can sue them when they read your email -- this is America after all... Many people have unsuccessfully sued their employers for such close monitoring.

And while it is also true that your employer cannot go into your office and read your external/private email while you're out to lunch or in a meeting, etc. (i.e. "away from your desk"), there are an alarming number of exceptions to this. For example, you read your "private" Yahoo! email from work via netscape on your company owned workstation. Your employer's perimeter firewall/web cache/proxy not only logs your browsing activities, but caches the pages you are viewing -- including your web based email. Additionally, netscape will store a copy in its cache on a company owned hard drive in your company owned workstation. Your employer is well within their rights to look at your browsing habits while on company time, inspect the contents of the perimeter web cache, and even read whatever is on their hard drive(s). (They can also inspect every packet inside their network.) Anything entering or leaving the company can be subject to inspection. (sad isn't it.)

Remember this next time you're doing something at work you'd rather your employer not know about.

Re:So don't do that.

[John+Jorsett]

but they can't look at your private email even if you access it from their equipment.

So how do they know it's your private email until they've looked at it?

I usually use

[gnarphlager]

not@chance.com However, I never thought of looking at it. Try it. Seems to be for sale.

Like i'd want to buy THAT.

They're not reading your spam mail

[jobius]

The guys at nospam.com aren't reading your spam mail, they're bouncing it:

nospam.com preference = 5, mail exchanger = mail.nospam.com
nospam.com nameserver = ns1.anything.com


[jobius@server ~]$ telnet mail.nospam.com 25
Trying 207.70.7.172...
Connected to mail.nospam.com.
Escape character is '^]'.
220 slant.anything.com ESMTP
mail from: nobody@nowhere.invalid
501 nobody@nowhere.invalid... Sender domain must exist
Damn, I guess I'd better use a real address...
mail from: cmdrtaco@slashdot.org
250 cmdrtaco@slashdot.org... Sender ok
rcpt to: joe@nospam.com
550 joe@nospam.com... User unknown
rcpt to: bob@nospam.com
550 bob@nospam.com... User unknown
rcpt to: somebody@nospam.com
550 somebody@nospam.com... User unknown
rcpt to: postmaster@nospam.com
250 postmaster@nospam.com... Recipient ok
At least that one works.
quit
221 slant.anything.com closing connection
Connection closed by foreign host.

bitch.com

[Caffeinated]

I always wonder about the poor bastards who own bitch.com, since that's where all of my spam e-mail goes... oh well.

- - - - -

Why I'm not on AOL

[micahjd]

Lately I've been using MAILER-DAEMON@whatever.xxx (substituting with the domain the form originates from) It so happened that I needed to use AOL Instant Messenger. I hadn't used it in a long time, because I only know a couple people on AOL. So, when registering my new username (captburrito ;-) I used MAILER-DAEMON@aol.com as the e-mail address.

Well, anyway, after I logged on using gAIM and chatted a bit, I started receiving connections from many (about 50 or so total) people. Most of them I closed, but I asked a few of them why they bothered to contact me.

Turns out, they got a mail from MAILER-DAEMON containing 'captburrito' somewhere in it. The curious ones sent me an instant message. Whatever this mail was, it got sent to many (if not all) AOL users. Could be that MAILER-DAEMON is a broadcast address on their dumb servers, or maybe the message bounced back to the program that handled the form, and something strange happened.

I wanted to see if it was repeatable, but it said the e-mail address was already taken.
Anyone else experienced this??? (or got this mail?)

Here's another loopback address

[zeet]

mouse-potato.com and twinkiewienersandwich.com should both resolve to 127.0.0.1 (at least by later today). Use them happily!

user@host

[Tiro]

Smart publishers [i.e. O'Reilly as of late :] just use host as their "example" server. It is just so damn eligant, plus it "acknowledges" the fact that, in the networked world, hostnames don't have to have the damn dots.

Of course there is about one or two machines that actually use TLDs. I seem to remember a guy with the user@cx domain who posted on /. Everyone he gave his address to freaked out.

The moral of the story? Just use user@host for your fake email. Or better yet, the slicker root@localhost for an evil loopback effect.

Re:user@host

[Snaller]

The moral of the story? Just use user@host for your fake email. Or better yet, the slicker root@localhost for an evil loopback effect.

Doesn't work - most site/programs check for a country code at the end. root@localhost.hi ?

--

Re:If you must provide a fake address...

[John+Jorsett]

The downside of this is that spammers will frequently forge return addresses, some of which may go to real people. If you sign up with me@privacy.net, pretty soon joeblow@aol.com is getting the autoresponses meant for the spammers. It's hardly fair to solve your own problem by creating one for someone else. You're better off creating a free account on Yahoo or Hotmail and letting the spammers send their crap there. You can just abandon it and then no one is inconvenienced (well, ok, sorry Yahoo and Hotmail. You pay the small price of having people sign up for accounts they have no intention of using. Better you than me.)

Re: drug smugglers need data havens too

[kevin805]

Why is everyone always bashing on drug smugglers? You're going to have crime as long as you define stuff people want to do as a crime. And if you're going to have crime, I'd much rather have organized crime than amateurs. I was actually considering setting up something similar to Jim Bell's assasination politics for local drug dealers. My theory is that the problem with drugs isn't the drugs themselves, it's the disorganized nature of the market. Make prices widely known, and people will be able to shop around. Profits fall out of the market, and bam! it's no longer worth shooting someone over drug territory. Maybe roughing them up a bit, but not killing them.

The guy down the street got shot through his window a few months back. Is someone going to do that if price competition can bring the margins down to under 50%?

I decided against it, though. Even if it isn't strictly illegal, I wouldn't want the hassle of being disliked by the police.

--Kevin

Re:So don't do that. [IANAL]

[Tiro]

I checked it out, and it seems clear that any machine on any network counts as a "carrier", and that everything he said was true.

I'm actually suprised that I have this many protections.

where to send it! (he he)

[joto]

I always set my email address when registering at a site (say, foo.com) to webmaster@foo.com.

They probably filter that out, but it gives me a good feeling nonethless...

Re:send me spam! c'mon!

[pen]

Posting on Slashdot is enough. I've already gotten several pieces of spam at the address above. One of them actually included the phone number of the company:

Message sent by: Kuppler Graphics, 32 West Main Street, Maple Shade, New Jersey, 08052, 1-800-810-4330. This list will NOT be sold. All addresses are automatically added to our remove list. Hello. My name is Bill from Kuppler Graphics. We do screenprinting on T Shirts, Sweatshirts, Jackets, Hats, Tote Bags and more!

(And so on.)

I called them once, and I'm gonna call them again. And I'm gonna keep calling until they agree with me that spamming is not a good marketing strategy.

--

Re:Suprisingly...

[RallyDriver]

The .gb TLD does exist, and some half-wit from the UK government actually registered a bunch of ".hmg.gb" domain names; very helpful! I used to work at one of the afflicted establishments, and had a lote of phone conversations along the lines of "no, really, it's gb and not uk, and yes, I know all about the standard TLD's". They have since mercifully been switched to ".gov.uk" where they belong.

I can't see why anyone would want one of those clumsy .us addresses; it's hard enough convincing people that your email address doesn't end in .com far less getting them to transcribe that mouthful - I have a domain name from one of those tiny pacific island countries (main export - domain names), which let me have the second level I wanted and is wonderfully succinct, but it makes it hard when dealing with boneheaded customer service people.

Spamido - The art of stopping spam.

[Moderation+abuser]

Spamido - The art of turning a spammers strength against them.

http://www.yelm.freeserve.co.uk/spamido/

Oh My Microsoft !!

[da_King]

Oh My God !!
What have I done?

That means Microsoft employees would have recieved 1000 spams per day if my stats of entering their email goes anywhere...
;-)
Posted by: no_more_spam_please@microsoft.com

Irresolvable domain spoofing

[BoogieGod]

A better way, imho, is to use a non-resolvable domain name, like user@domain.com.nospam... or you could be more creative and do something like i.like@to.co.uk.spaghetti ~Ken

Spamido.

[Moderation+abuser]

http://www.yelm.freeserve.co.uk/spamido/

Add a centralised LDAP server that can be used to check the senders address and spammers will be put out of business big time.

I was actually going to register one:

[smack_attack]

ieatspammers.com but then of course I have too much work to do as it is, so it would just become another domain to me... It's free if anyone wants it. It would be a good one to scare spammers, or perhaps you could alter it to your needs, ie: ikillspammers.com spamhunter.com deathtospammers.com you get the idea.

Well..

[mindstrm]

If people are sending mail to @nospam.com, and someone IS receiving mail for *@nospam.com... what legal ground do they have? After all.. THEY SENT IT!

There is no 'law' that says how to use email..

queue it for hunting down later

[kevin805]

Tell me if anyone is doing this, but...

Set up a mailing list. People forward spam there. Everything sent to the mailing list is stored for ... maybe 8 hours. Then it is divided up so that only one copy is kept of each message. Then, it's sent out to volunteers who hunt down the spammer to whatever degree they feel like. Since each message is only processed once, rather than once per person, volunteers probably wouldn't be called upon more than once a week. Once a month, if it scaled well. Send a message to the postmaster "on behalf of hangthespammershigh.org" and everyone else involved, like whoever hosts the web page they tell you to visit.

It's much more effective for one person to track down the people involved and threaten to blow up their offices if they don't stop spamming than it is for 100 people to forward it to abuse@nonexistantdomain.cx.

--Kevin

Re: It's Happening to Me Right Now

[jwilloug]

The All-American Answer: Lawyers.

I'm sure one could give you a solution with teeth behind it. A restraining order, perhaps, or if you want blood (and cash), a slander and harassment lawsuit.

Re:I don't get it.

[Dahan]

I believe a divide-by-zero operation will spit one out.

I'm pretty sure dividing by zero either gives you a SIGFPE or +/-Infinity, depending on which you want. You need to do stuff like divide 0 by 0 to get NaN.

I own spamstop.com...

[gustavf]

...and get 5-10 emails a month for users that have given an address @spamstop.com. So far all of it has been spam.

- Gustav

Stupid people

[voidptr]

I can't believe the number of idiots that use random email addresses. If you do, don't complain that it may be a real address that goes somewhere and the legitimate owner is reading it. And, if anyone is actually reading this, don't use 'void at null dot net' either. Christ I get enough 'Weclome to service Blah' mail through that one.

A suggestion:

[Richy_T]

Perhaps a DNS solution is in order. I don't know exactly how DNS mail lookups work but you could do something like this...

Set up a domain with a DNS server for example spamecho.com (apologies if anyone already owns this domain). When the spammer's mail software looks up where it needs to connect to to deliver the mail, the DNS software returns the IP address of the calling machine. If it were clever, the DNS server could even do a reverse DNS lookup and change the domain (for example, the spammer might be using the machine spam1.spammer.com, the DNS server could return the address of mail.spammer.com or smtp.spammer.com). This way, spam is pretty likely to end up back at the address of the spammer.

A simpler and less obtrusive use of something like this would be to log the originating ip of any DNS lookups to make it simpler to track down the ISPs of those sending the spam where they fake the originating address.

Rich

dunno@dunno.com

[dunno]

if you like spam, try... http://www.egroups.com/group/dunno-com
This is where emails to xxx@dunno.com all end up.

Re:I have an approach to dealing with spam

[David+Gerard]

There's another approach to this, if you don't have your own domain: get one from bizland.com, which offers free email and webspace. You get a domain in the form foo.bizland.com, and all mail to username@foo.bizland.com (for any username at all) is redirected to you. So I typically set up my email address as domain.com@foo.bizland.com and am able to track just what came from where.

The bizland account redirects to an iname.com account, so if the spam ever starts mounting I can kill it fairly easily.

(Note that 'foo' is NOT my Bizland name!)

So far I haven't received anything I shouldn't have. Which is nice to know.

procmail solution

[mikpos]

:0
* ^From.*mymaillist@list\.com
MailListFolder

:0:
* ^(To|Cc).*me@mydomain\.com
/dev/null

or something like that. HOORAY FOR POKEY THE PENGUIN!!

stupid

[stray]

sometime way back i registered stupid.ch because it was late and i was drunk. lately, i get a lot of mail from people who just use addresses like joe@stupid.ch when registering for something.

it was funny for the first 100 messages or so, but it's getting annoying.

personally, i usually use the sdl of the site i am registering when filling out nosy forms, i.e. yourself@real.com when downloading real player.

Well,

[MoOsEb0y]

I always filled out forms with "dfasdsafdfsfsddfsa@fdsafsadfsda.com", so whoever owns "asdfsdfafdsasda.com" will enjoy my spam.

Who gets the spam? I do.

[drow]

For various reasons, I own the domains "false.org" and "them.org". I get the most amazing collection of other people's mail... for instance:

faust@false.org
me@them.org
us@them.org

I get, on average, a half dozen spam messages to me a day; I also get, on average, about thirty to other people's fake email addresses at my domains.

Plus is your friend

[mcelrath]

Doesn't look like anyone's mentioned the plus ('+') method yet. Take your email (like mcelrath at draal.physics.wisc.edu) and insert +[identifier] after your username. i.e. mcelrath+slashdotcomment@draal.physics.wisc.edu. If you have a non-piece-of-crap mailer, the +[identifier] will be pereserved, and you'll know exactly where they harvested your e-mail address (or who sold your e-mail). This way you can use a logical identifier (like slashdotcomment), rather than a number, as I saw someone else suggest. Then you can always procmail it to /dev/null if need be. And if the spammer has a piece-of-crap mailer, it'll bomb and you won't get any spam anyway.

This is especially useful when you have to fill out a form that might send you something useful, so you want to use a real e-mail rather than one you know you'll never get useful e-mail from (in which case I usually use something like nunjo.bidness@no.way.never.com or root@127.0.0.1).

Unfortunately, all the spam I get is through an e-mail I haven't used in over a year. I have yet to receive any spam through a + address. But when I do it's gonna be ugly. ;)

--Bob

Re:Plus is your friend

[mindstrm]

I relize this works in a lot of situations.. but is it part of the smtp rfc, or simply a common way of doing things? I mean..
bang-path addresses used to work too, and they slowly faded away.

So.. if it's not part of the RFC.. then it would be wrong to say a server that doesn't support it is a 'piece of crap' server.

OO TLDs

[l-ascorbic]

I do think that geographically-based domain names would be complimentary to the free-for-alls that are most other TLDs. They would be good for different purposes. Personally, I have a .st (sao tome and principe) domain, which is my 4-letter surname, which I couldn't get in any other domain space, and I use that just for email, and loads of .co.uk, .com etc... for work, but for other pursoses, especially very obviously local projects, a mycompany.bristol.gb domain would be great, especially if it was free. It seems a logical system, and creates a lot more name-space. Thinking about it, perhaps one based on postcodes would be better - in the example above - mycompany.bs.gb. On second thoughts, i suspect that coventry would suddenly become popular - I'll stick with the full name idea. That sort of object-oriented system is far less cumbersome than the abominations like .uk.com or *ugh* things like this.

Re:send me spam! c'mon!

[QuoteMstr]

Do you have a copy? That is one of the funniest things I've heard.

Re:Email suggestions

[Imperator]

POSTMASTER@example.com
MAILER-DAEMON@example.com

Sometimes when they ask me to "tell a friend!" about something or other, I'll tell the postmaster, and give mailer-daemon as my address. Lonely postmasters like getting mail from their mailer-daemons.

Canonical '127.0.0.1' list?

[nutsy]

Is there a canonical list of such gag addresses (like warez.slashdot.org) that resolve to 127.0.0.1? It'd come in handy, I bet.

Re:Canonical '127.0.0.1' list?

[MostlyHarmless]

Please tell me that was a joke...

Re:Canonical '127.0.0.1' list?

[Black+Parrot]

Hmmm. Both your links seem to be Slashdotted.

--

Re:Canonical '127.0.0.1' list?

[Sabalon]

Wow...I got fast downloads from that site...though I think I already had everything they had :)

Re:Canonical '127.0.0.1' list?

[jovlinger]

The first I ever heard about this was warez.blackdown.org (net?), which I read about on the blackdown site. 'twas an IRC log, with some semi-unqualified sysadmin threatening legal action if they didn't stop pointing that adress to "his" machines.

eventually he clued on, but not until he made a severe jackass of himself.

A google search for warez.blackdown.org should be good for a laugh, but I'm lazy.

Try qmail

[alteridem]

Qmail lets you add extra stuff to the end of your email addresses, so if I have an address like rob@foo.org, I can set it up to accept stuff like rob-slashdot@foo.org for when I set up and account with a company. Then I know where it originated when spam starts coming in and I can redirect it to /dev/null or bounce it.

This has the advantage of not requiring any setup on your end at all beyond the intial .qmail-default file. And besides, qmail tends to be more secure than sendmail so I would rather run it on my boxes.

Re:I have an approach to dealing with spam

[Spire]

the addresses all start with 0x7ff (geek joke - think about it! :-)

Something about being signed?
--

Sneakemail

[cocoa9999]

I just create a new Sneakemail account for each sign-up. BTW, if you haven't, see http://www.sneakemail.com- it is very helpful for this!

Nobody@site.com

[MeanGene]

If you use nobody@ address, all the email never leaves the offending site and does not use up the bandwidth.

Suprisingly...

[l-ascorbic]

Take a look at nic.us. You can't just register anything, though: its based on your location.

e.g: Jane Doe in Canoga Park, CA = jane-doe.canoga-park.ca.us.

I wish we had this sort of thing with a .gb domain in britain. I heard a rumour about it once...

Re:DANGEROUS VIRUS WARNING

Digital Equipment Corporation is not responsible for X. For V and A, maybe. But not X.

MIT OTOH... but that's another story.

spam address

[non]

i thought about that as i decided how i would include my email address here; who's box is going to absorb all those misguided electrons.

and then i thought that maybe someday someone would start writing filters for that.

and then...
--

detecting spammers the sophisticated way

[nc]

well, we do something similar: we have catch-all subdomains for this purpose, so I can enter $sitename@catch-all-sub.ourdomain.net
makes identifying spammers even more fun :-)
(IIRC, you can make a catch-all in sendmail by using *@domain as a recipient in the virtusertable)
have fun :)

nc

Combining the necessary with the idealist

[fre]

Why don't we all type bill@microsoft.com in email fields. In the longer term this will jam their domain (all traffic is mail to bill@microsoft.com) and they might have to change their (domain)name. As changing names is usually (marketing-wise) a bad thing, ... Dreams...

example.(com|net|org) is reserved for this stuff.

[Convergence]

The founders of DNS have reserved those 3 domains for use in 'example' documentation, explicitly so that documentation can use those domains in safety and know that any email will go to the bit-bucket.

They have a similarly reserved set of IP addresses that are only to be used as 'examples' in documentation. This is more important than you might think, there are several class-B's that are unusable on the modern internet because CISCO used them (instead of the real 'example IP's') in their documentation for setting up their routers. And more than a few admin's have used them verbatim.

So, for everyone who writes documentation, or wants an address/DNS that's reserved and will never be used in the global internet, use example.(com|net|org) and the appropriate IP ranges.

Re:Extremely Confused

[restless_ne'erdowell]

I guess before anyone can give you a lot of help, the question has to be asked...newby to what? In other words are you new to the Internet, to open source software, to programming...etc.? Slashdot covers a lot of topics.

One good, all-things-computer, general reference site is whatis.com It has an alphabetical reference, "learning curves" that organize all the related entries on a specific topic together, and a wealth of other information.

Also using any search engine and typing in the topic of interest along with "how to" or "tutorial" usually turns up lots of helpful sites.

Re:Spam me. I'm at your loopback interface.

[whimsy]

you want localhost alone...only localhost/127.1 match up with the loopback device. localhost.tld is fine. eg:

Registrant:
Wraith Interprises (LOCALHOST-DOM)
1034 Grant St.
Longmont, CO 80501
US

Domain Name: LOCALHOST.COM

Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Seidl, Matthew (MS434) seidl@LOCALHOST.COM
1034 Grant St
Longmont, CO 80501
(303) 682-5848

Record last updated on 28-Apr-2000.
Record expires on 15-May-2001.
Record created on 14-May-1995.
Database last updated on 8-Jul-2000 18:43:43 EDT.

Domain servers in listed order:

PALLAS.WALLIS.COM 209.81.49.2

Re:Cayman's not really the place for it...

[SigVn]

HELLO.... The Second Best Place to open a untraceable bank account is YOU GUESSED IT.... THE CAYMANS.

rot13

[Skapare]

Geek places like /. get my rot13 address because (at least for now) geeks (at least the UNIX derived subset) know how to deal with that. Other places get addresses that have my real domain, and actually get delivered to a distinct mailbox. That way I can see not only what spam picks up that address, but also how many people fail to correct the address (many, actually). My usenet postings are like that.

But the idea of unique codes for every submission of an e-mail address is very intriguing. I may have to do that.

Re:send me spam! c'mon!

[Steeltoe]

You forgot the parsing of the mail address. It can't be that hard to make a script delete characters that's not typically part of a mail-address. I bet I could make a script that will dechiper most of the fake slashdot mailaddresses.

A few simple rules, you can juggle with the rules to create more mailaddresses. One or more might be the true one:

ignore mails lacking @, at or a substitute. You MUST have an @. The same with dot.
at = @ , dot = . , plus = + especially with spaces in the text
attempt stripping everything after .com, .edu and .org
attempt stripping everything in caps, and vica versa (lowercase)
attempt stripping certain keywords: SPAM, REMOVE, IGNORE. Attempt to widen the scope of this, checking for same caps or until a special symbol occurs.
strip illegal symbols and sequences of symbols, like spaces, question-marks, dollar-signs, paranthesis, [ , ] , @. , .. , etc.
ignore addresses resolving to localhost, localdomain, root, webmaster, abuse, admin. These will only get you in trouble for little gain.

This is only on top of my head, I'm sure someone looking at a list of fake addresses can come up with more "rules". I'm also sure that if you apply this to the addresses you find here on /., you'll be surprised how easy it is to send spam to those who wants to be found.

Of course you have to be pretty sick in your head for doing this, but spammers probably are already.

- Steeltoe

Almost the same

[Asmordean]

I have a few email accounts. One has the name nospamfake. A friend informed me that most spambots will auto delete the letters 'nospam' from an email address and some will also delete 'fake'. Seems to work.

I use this address when ever I need to signup for a list or usenet. Problem is that most software will reject the name even though it is a real account. As far as using it on usenet, it has yet to be spammed. I accidently used my normal email address once now it gets two or three spams per week.

I used to use abuse@imaginet.ab.ca as my email address (old ISP, way back when I was on a 14.4K). After about a month of doing that I got an email from abuse@imaginet.ab.ca telling me that if I did not stop doing that, they would terminate my account.

Why would I care?

[Cosworth]

I use bill@microsoft.com (yeah, yeah I know, but the spam still goes to them) but I only use it when I'm install and software that I don't care about.

RealAudio
Quicktime
Adobe Acrobat Reader
many others.

Re:Why would I care?

[Cosworth]

Duh! I said knew that, I just thought it was funny.

Re:I have an approach to dealing with spam

[SIGFPE]

You're vaguely in the right direction. My domain name is a clue! Think ieeefp.
--

Paranoid / Rude / Usenet / Good munge

[Duckie01]

I think the person who submitted of this story is just a little too paran.... *HUH*! Who's that!?!

Suppose I use a nospam.com email address on slashdot. Suppose some spammer harvests the address from slashdot.org, and sends a spam to it. Does that say *anything* about what the email address was *ever* used for? Naah.

Even when I use it to subscribe to hmmm let's say mp3.com or some, and they send me a newsletter. Does that say anything about me? Can they collect any information that's valuable to advertisers that way? Naah.

Anyways, it's just plain *rude* te use an existing domain in an anti-spam munge. Those people get the junk that's meant for you.

On Usenet, RFC1036 tells you to use a valid email address. It's rude not to check the email, people can have a valid reason to email you. Discussions can become off-topic, or a one on one discussion, perhaps your article got canceled for some reason and the canceler wants to send you a cancel notice, etcetera.

If you really want to munge the email address, simply use something that never can and will exist (like a non-existing tld, or a domain name with an underscore in it) and put .invalid behind it.

Email clients with some clue will recognize the .invalid and understand that the address is not valid.

Example: fake.email@slash_dot.invalid

One Usenet, it's best to munge your From address and use a valid Reply-To address. From addresses are very easy to harvest very rapidly from the overview database, while you'd have to retrieve all headers seperately to harvest the Reply-To headers. A friend of mine tested it by using spamtraps, and after three months, out of +- 550 spams.... 550 were send to the From address.

It's Happening to Me Right Now

[InitZero]

wouldn't it be fun to put someone's e-mail that I don't like in my message, to get them spammed to oblivion?"

It would NOT be fun.

Since June 5, I've been the person of which you speak.

If you have done a gnutella (or clone) search in the past few days, you probably have seen my name...

gnut> find anything CURRENT RESPONSES ----------------- 1) email matt@steinhoff.net for kiddie porn and anything 216.10.33.21:6345 size:80.854M ref:84279680 speed:10000

It all started when I noticed that every query I submitted returned an html file. In that html file was a link to http://www.cybergirlsex.com/raw cash/click.cgi?tella...

gnut> find anything and everything CURRENT RESPONSES ----------------- 1) anything and everything.html 216.100.51.42:6345 size:2.83K ref:234946611 speed:10000 gnut> find nothing at all CURRENT RESPONSES ----------------- 1) nothing at all.html 216.100.51.42:6345 size:2.83K ref:117638272 speed:10000

I figured that an ambitious person had hacked gnutella in order to promote the web site so that he'd get some extra cash. I sent email to the the owner of 216.100.51.42 and they promptly shut off the user's connection. I also sent email to cybergirlsex.com in hopes that they wouldn't pay the user 'tella' for the referrals. Spam shouldn't pay no matter how it is done, right?

Ever since I sent the email message to the domain admin for the porn site, my name and server address has been showing up in each and every gnutella response. Cause and effect (and a bit more) leads me to believe that the porn site was 'tella' and they are not happy that I've cut into their revenue stream.

With a bit of investigative work I was able to tie the user who is spamming gnutella with the user who admins the porn site and more than two dozen other domains.

I've got the guy booted off a number of services in the past few days but that isn't much help (though it does make me feel a bit better). It's like playing wack the mole; hit him in one place and he pops up again elsewhere. I'm getting hundreds of email messages from people either looking for child porn or wanting me dead for supplying child porn. (Of note, of course, I don't have any child porn so stop asking.)

I've contacted the FBI's computer crimes division and they are far more interested in the folks emailing me looking for kiddie porn than they are in getting rid of the slime ball spamming my email address. At least the kiddie porn angle got their attention or I imagine this wouldn't have even made their radar.

So, what can I do? I'm already filtering my email so that I don't have to read through hoards of email. (Did I mention that he has also signed me up to dozens of mailing lists?) What's next? While tracking and smacking the first day was exciting, today it's a bit of a drag.

Any good ideas will return my eternal gratitude. (Any especially nasty ideas and I'll give you the guy's email address. {grin})

Matt Steinhoff

(I had posted this as an 'Ask Slashdot' a few days ago and, of course, Slashdot would rather post Anime Moves on DVD.)

Re: It's Happening to Me Right Now

[InitZero]

(I sure wish Slashdot would allow the PRE tag.)

Matt

Re:It's Happening to Me Right Now

[aboleth]

A thing quite like that happened to me about two years ago... My email address was rbjeffries@mindspring.com there was another person on mindspring who apparently THOUGHT that his email was rbjeffries@mindspring.com, and he used that in a bunch of things, such as daily porn pictures, webpage accounts, etc. The interesting thing about this is that I also received an email about a buisness conference he had signed up for, and it had a website of which he was a member, and I received the url of a webpage which (basically) he had filled in a few pages worth of information about him, including his full name, street address, phone number, age, fax number, information about his computer, information about kids and his wife (he had neither), about how much money he made each year. Basically all the information one would need to do anything that this dude would not appreciate. I dealed with this for a few months (it was quite funny to read his personal email) but by the time i was getting 10 emails a day that were mostly ads, always at least 1 porn picture, and occasionally "personal" email, I became fed up and changed email addresses. Wouldn't a person realize that they weren't getting email?

Re:It's Happening to Me Right Now

[Valdrax]

Actually, I just hopped onto Gnutella for the first time tonight and ran into the problem with your name popping up everywhere. I thought you were just an annoying marketer since I don't get the kiddie porn bit as a result. Searching for "nonsense" gets me back " e-mail matt@steinhoff.net for nonsense" instead of a result for kiddie porn. Seems like you'd be getting even more e-mail harrasment if this is pointing at you for everything.

On a related note, you might want to contact the makers of ShareZilla. They claim to be selling software that intercepts Gnutella requests and responds with ads related to the search requests. Any search result I get back includes the above URL for their website. This product seems vile and frighteningly abusive enough in its own right, but it may be the tool that the scum ruining your name may be using. You may wish to inquire with them about that.

To be honest, though, I think Gnutella needs to be reworked or replaced if something like this or what happened to you can go on there. It sickens me to see this being done.

Have you considered trying to nail the bastitch under stalking or harrasment laws? How about libel or defamation if people searching for illicit materials are pointed your way? This jerk has to breaking several laws doing this. Forget civil litigation -- file criminal charges.

Re:send me spam! c'mon!

[Andreas+Bombe]

It's also possible that spammers figure anyone living in Czechoslovakia isn't going to be a good candidate for musical toilet seats or whatever they're peddling.

Yeah right. My .de address also doesn't stop spammers from sending me offers that are (as they explicitly state in their spam) valid in US only.

For spammers, a valid address is a good address. They don't care about the 99.99999% of recipients that are absolutely uninterested and annoyed, whether they live in the US, Japan or on the moon is irrelevant to them.

localhost.net has address 127.0.0.1

[Ex+Machina]

localhost.net has address 127.0.0.1 heh

nospam and none

Back in the "old days" when uucp maps were used for mail routing I had a machine called none that would map to one of my machine. I would receive a number of messages weekly to that machine. Then I started getting email between engineers at TI talk to engineers are Sun about the new Sparc chips. Seems TI had a machine called none that didnt create a fully qualified name on the email. Thus any email bound for that machine ended up on my machine. Some interesting email came. I sent notes to Sun and TI about the mail and got no replys. When the email go to 20-30 messages a day I warned them that if it didnt stop I would start posting the messages to usenet. Again it didnt stop and I just routed the email as a post to the sun newsgroup. Within a day the mail stopped. I got email to "None" for many years and it finally went away when "FQDN" did away with uucp maps.

Too Much Info

[Devil+Ducky]

I always use bgates@microsoft.com

I also fill out all contact information:
Bill Gates
C/O Microsoft Corp.
1 Microsoft Way
Redmond, WA 98052
1 (425) 882-8080

And I check the check box "Please Send Me Spam"

I figure no one really gets the emails (at least not after I started this ;-) but it screws up their already overworked servers, poor, poor, NT boxen.

I was just checking on Yahoo Maps to double check the zip code (I rarely get that right) and I noticed that http://encarta.msn.com is listed as their website not http://www.microsoft.com as I would expect.

Devil Ducky

OT: blah.com

[Penrif]

Yea, I remember one time when I sent an e-mail to blah@blah.com as a test of a SMTP server... I actually got a reply back a couple of weeks later.

Moral: When using a fake address, at least keep the domain to something you know.

Re:OT: blah.com

[FFFish]

If you snailmail your wishlist to
Santa Claus
North Pole
Canada
H0H 0H0
you will receive a reply back. Tho' perhaps you need to enclose a SASE.

It's run by Santa's elves, in the form of retired postmen/mistresses and a ton of other volunteers.

Please don't Slashdot 'em!


--

Re:OT: blah.com

[DebtAngel]

NOTE: They give that address out during the Santa Claus parade in Toronto, for those Americans who dan't know. The parade is stown in many many countries, so the wonderful people at Canada Post got a lot of mail.

You do not need to send a SASE for the simple reason that no six year old is going to understand the concept.

Oh, and if you ask for Manitoba like I did for business english, they won't send a reply. :(

Re:OT: blah.com

[Rho17]

You mean...blah@blah.com is real? oops! ...I kinda feel sorry for them now. :-) But really, I guess I should have checked that out first before I put 'blah@blah.com' in the box..... I will from now on.

Re:OT: blah.com

[Duke+of+Org]

I did that one time with my little sister, I sent her chrismas Wish list to Santa@northpole.com , and just about crapped my pants when a week later I got an e-mail saying my list had been recieved and is being read by "santa" now
You can check out the places website at www.northpole.com

Re:I have an approach to dealing with spam

[SIGFPE]

No. I've only been doing this for a few months. In the last month the amount of spam I receive at work has doubled. It's being sent to the email address I used to have about 2 years ago - our company changed name then. I have not used that address in 2 years. So suddenly, after 2 years, my address got onto a spam list! So it seems that it takes along time for mailing lists to be passed around.
--

Simple Solution

[stokessd]

Whenever prompted for an e-mail address, I always guess at a likely address that is inside the company that is asking for the address.

For example, I downloaded a new scanner driver this weekend from Epson. When they asked for my e-mail, I put: postmaster@epson.com. Turn that spam right around and feed it back to them.

This doesn't work on all sites, NY times has gotten wise to lots of us doing this. They won't let any NYtimes domains in the e-mail field.

Sheldon

Re: I can help....

[Jebediah21]

Take my address. It is ce@lycosemail.com. Lycosemail says they are dedicated to stopping spam. Funny how when I sent them a spam message to be reviewed the amount of spam I was getting in creased 10 fold. Now I am just waiting for that address to die. Anybody care to send massive quantities of mail to that address so they delete my account?

Maybe we can use this power for good....

[Denor]

You know, I'd been thinking a lot about the bogus e-mails that the spambots pick up, and I keep thinking "wouldn't it be fun to put someone's e-mail that I don't like in my message, to get them spammed to oblivion?"
Of course, it probably wouldn't be moral to do that. So who would be a valid target for this kind of treatment? In my opinion, a company that does nothing to stop spammers is fair game (since it's their fault most spam gets out here). And since I'd love the irony of them recieving spam from their own servers, I'm seriously considering changing my .signature to:
help@uu.net root@uu.net postmaster@uu.net abuse@uu.net
I can just see them now! "Where the hell is all this spam coming from?" "Um... it look like it's coming from us!"
Serves 'em right!

Re:Maybe we can use this power for good....

[llywrch]

> You know, I'd been thinking a lot about the bogus e-mails that the spambots pick up, and I keep thinking "wouldn't it be fun to put
>someone's e-mail that I don't like in my message, to get them spammed to oblivion?"

I had the same idea many years ago, & used ``cyberpromo" as a munge string.

I never heard how well it worked (except for getting a terse note from my ISP telling me to stop that), & Sandford Wallace doesn't spam any more . . .

Geoff

Re:Maybe we can use this power for good....

[griffjon]

With all the bulkmail filters on web accounts nowadays, I want to either make a scrub script or convince postmasters to do an automated spam-complaint to the originating servers of bulkmail craaaap. Also, I wonder if they'd share their filters...?

Re:Maybe we can use this power for good....

[13013dobbs]

Here is a link to a page showing the biggest sources of spam. UUnet's abuse department does stop spam; the fact thet they have such a large dial-up pool (the largest?) adds to the appearance that they are spam tollerant. Putting UUnet addresses in your sig just makes you look like a jerk.

Works for Mailing Spam too

[Tom7]

I used to add random "Apt. XXX" to my mailing address for the same reason.

That got really boring, though. =)

MailExpire, another handy spam drop

[tregoweth]

MailExpire lets you set up temporary forwarding addresses that you can delete at any time. Very handy if you think someone might spam you -- you can cut them off when they get obnoxious.

-jon

what i do

[roche]

If you dont want to get spam on your primary email account, just use a hotmail account for forums. Its simple enough.
roche

Gut reaction to nospam.com

[llywrch]

First, from reading about SeaLand, I got the impression that the Cayman Islands is making a bid to extend their corporate business secrecy laws to the Internet. Which has good applications (e.g. are you a human rights' organization in an oppressive nation who needs a safe place to store your information?) & bad applications (e.g. are you a drug smuggling ring who needs a safe place to store your information?)

But looking at the web site, it seems amazingly bland, almost to the point of parody. Amazing amount of corporatespeak. (Reading it, I was reminded of The Tubes' Sell Out album liner notes.)

Hrmf. Another mystery on the Internet, a land of countless mysteries.

Geoff

Re:Hey, Fine With Me

[rtscts]

or you can save yourself receiving the email and tell your MTA to reject anything sent to the nospam domain.

duh.

interesitng spamming

[British]

I unknowingly got singed up to a mailing list today. judging by some of the angry mailers on there, looks like I wasn't the only one. It was for egroups.com.

Here's the weird part, it's for a discussion list about BENNY HILL!

I would never in my right mind ever subscribe to a benny hill mailing list, much less watch the show.

Darn. Thanks, though.

[JimTheta]

Thanks for the info.

Unfortunately, I was looking for something a little less... anchored to a place. As a college student, I won't want jimtheta.east-lansing.mi.us once I graduate and move on outta this town (and I'm not gonna point it at my parent's town). I can understand anchoring the URL to a state, but to a city? Aside from location issues, that just makes the name too darn long!

Maybe when I get married and buy a house I'll do it, but until then, my transient ass can wait (or cough up actual *dough*).

-JimTheta, jimtheta@beer.com
---

My solution

[MOMOCROME]

Hey, Everyone! just get another hotmail account and never look at it. problem solved.

Re:Use example.[net|com|org]

[nstrom]

Many DNS zones have localhost entries - for example, localhost.snet.net, localhost.callnet.com, localhost.nai.net, and localhost.iconn.com all resolve to 127.0.0.1. Emails to root@localhost.snet.net, for example, will go to the administrator of your local system, or will bounce if you're not running a mail service on port 25.

But I need a spamproof address!

[Pseudonymus+Bosch]

I have seen suggestions for inexistent addresses. (I have seen elsewhere the suggestion of hoping it will break the spammer's system (Can somebody confirm?))

But I need a way to make my email address spamproof while being recognisable by humans. Until now, I put NOSPAM.com after the domain name. It works (also I don't publicize my address as you can see). But if somebody registers domainNOSPAM.com, they will start getting spam.

Is there a better solution? Maybe writing .comNOSPAM or similar would make any difference?
__

Apologies to foo@foo.org

[jonathon]

Sorry dude, I use your adress all the time
when filling in forms.

No doubt your email account is filled every
morning with email from 'hot chicks doing
it hardcore' because of me.

A solution?

[mheckaman]

For all those forms, I simply reply with the following address:

privacy@them.tld.

That way, they can get their own mail to their privacy account and I don't get bothered. Maybe if they get annoyed enough, they'll stop asking for your email just to download a piece of 'free' software. Of course 'free' means "If you sell^H^H^H^Hgive your e-mail address to us :)"

Is this polite? Probably not. Neither is sending junk mail to people or selling your "private" databases when you go bankrupt.

Regards,
Matt Heckaman

Re:A solution?

A better solution:

jvalenti@mpaa.org

Governments Can't Do What Numbers Can

[Seumas]

Perhaps, but what can you do? Piping your email to someone elses domain (eg: @nospam.com) is still wasting bandwidth. Perhaps an uninvolved entity's bandwidth, at that.

Seriously, I would prefer no control over government control, when it comes to spam. As much as I hate spammers, I hate government beauracracy and scheming more.

Besides, the government can't do anything more than those of us who actually use the internet can do. We can take it upon ourselves to deal with spam - report it, log it, prosecute it (based on existing not-quite-net-related laws) and pressure the spammer into ceasing his behavior.

A government only has control over it's physical jurisdiction -- but users of the internet have absolute control. We can, in numbers, put a crimp in the activities of people in places where their governments (or lack thereof) allow them to continue their spamming.

The problem with this is that there are so many organizations out there working on this, but none of them are working together. If we had an army of 100,000 volunteers worldwide, we could do some serious damage.

This is a bunch of dreamy -- in the perfect world sort of stuff following, so take it all with a bucket of salt. I'm allowed to day-dream, right?

100,000 out of the the combined global 'net population is less than one one-hundredth of a percent (.01).

If 100,000 people each processed 10 spam messages in Usenet or email per day, you suddenly have millions of people being ratted-out to their ISP's and upstream providers on a weekly basis. From experience, I know that you have a 10% chance of toasting someone's account when you bring to light their infringement of the provider's TOS. Those are decent odds, if you have enough people to pursue them.

And we aren't talking a lot of time. Not all of us can sit at our computers fighting spam each day, but if we knew we were actually helping out (a lot of us feel like people have given up, so who gives a fuck if we try), that two minutes per email would be well worth it.

And just imagine if we could get a full percentage of netizens to do the right thing and help out? We'd be talking 100,000,000 small skirmishes conducted; almost a billion per week.

There are two concerns with this, of course. The first is "won't this alone generate a lot of wasted bandwidth?" and "what about rogue ISPs?"

The answer to the first question is, yes. A lot of bandwidth, but with a legitimate purpose. Further, the amount will decrease as success is made and spam in general is diminished.

The answer to the second question is a bit complex, because there will certainly be some people who will continue to spam, no matter what ever happens.

If you have 7,000,000 messages processed each week (or in the better case of a full percent of users fighting spam, 1,000,000,000), we could imagine that perhaps 50% of the messages are duplicates. That, is 3,500,000 (or in the best case, 500,000,000) unique messages. The higher the number processed, the higher the number of duplicates, of course.

So with the lower number of 3.5 million messages (generating higher response for duplicates, in the neighborhood of 7 million), let's say that half come from every day John Q Public's who haven't quite figured out that spamming is BAD. The other half come from the top 100 known spammers.

The John Q Public half has a higher chance of being incinerated, because their 20$/mo ISP isn't going to cut them much slack when several dozen complaints are filed. Whammo. Figure a 20% success rate on that alone, minimum. Say goodbye to 300,000 spammers.

The rogue-ISP and known-spammer half is a lot more difficult. We'll figure we have what... a 1% chance of shutting them down? If 3.5 million messages are sent to these top 100 and their providers or upstreams, (we're talking AOL and upstream providers from rogues), it's only 35,000 messages per entity. Not a lot to deal with. Even over a year, it's only a couple million messages and complaints each.

This is where that fraction of a percent of anti-spammers would have to recruit people to help out, until we had that full percent battling with us. That full percent cranks that 35,000 into 3.5 million per week, per entity. This is a lot of mail. I believe it would crunch all but the actual spammers themselves, who have absolutely to reliance on other servers or services for the processing of their own spam, into submission. Jim Bob, running a box at a co-lo will be shot into flames by the service giving him the feed pretty damned fast. Jill Bob with her own server and own direct connection is going to be black holed in a heartbeat by all the other admins and postmasters watching their mailboxes fill with complaints each day. At some point, the entrace points for messages to be propegated and stuffed into your mailbox will be squeezed into a trickle for these people, which is as good as none for a lot of us.

But, as I said -- this is all a utopian, let's do this ourselves -- all it takes is some time and a group of people who give a fuck, idea. I don't actually expect it to ever happen.
---
seumas.com

Re:Governments Can't Do What Numbers Can

[Cramer]

You missed my point... the problem is not to whom this shit is sent; it's that the shit is sent at all. I "rat out" spammers as I'm sure most people do. Having worked for an ISP (as alot of readers do/have), I can assure you at least one person will report each incident of spam.

Yes, most respectable ISPs will delete accounts that send out spam. However, it's not hard for a person to create a new account -- even with the same ISP. The real problem is with people new to the ways of the internet who simply don't think about what they are doing -- they "don't know no better." (I've dealt with too many of these people.) Most of the "professional spammers" have disappeared -- it's just too expensive and much more likely to make your car explode (with you in it.)

Re:So don't do that. [IANAL]

[Syberghost]

Yahoo can do whatever it wants with your electronic mail; its sitting there on their servers, after all.

Nope. Yahoo is a carrier, not your employer.

Read the ECPA. That provision has never been ruled unconstitutional, it's been sitting there quietly in effect since 1986.

Only U.S. Postal Service mail is protected with the felony mail tampering law.

Different law.

However, I mention this because it brings up an interesting point; FedEx and UPS packages aren't mail, and aren't subject to that law. Keep that one in mind...

--

Hey, Fine With Me

[Seumas]

Hey, if those VC Vultures want to take everyone's misdirected spam, be my guest!

If you're concerned that someone may send you important email and accidentally forget to remove the 'nospam' or whatever other element you've dropped into your email address, set your domain up so that it has an appropriate subdomain such as: nospam.mydomain.org, where 'mydomain.org' is your domain. Then route everything that comes into 'nospam.mydomain' right to /dev/null. Get's rid of your spam just as well as the other alternative would have, but without the possibility of having any of it fall into someone else's hands.

I used to think I got a lot of spam. Perhaps a dozen or two dozen messages a day. But compared with the almost two hundred messages per day from customers I support, spam isn't quite such a big deal to me.

I used to take the time to track spammers down and collect a few severed heads, but with such a busy life, few of us actually have time to do so -- even with fairly reliable services like spamcop.org.

I guess it's the price we pay for having as free an internet as possible. I dislike it, but I feel better knowing that it's all part of dealing without legislation. And that's fine with me.
---
seumas.com

Re:Hey, Fine With Me

[Seumas]

Depending on your server. If you happen to use an older version of a server that will only reject post SMTP, you're not going to save much, since you still have to accept and parse the message before rejecting it.

You could also, using your postSMTP UBE filter, apply a rule to not only reject messages sent to 'nospam.mydomain.com', but to rewrite the headers so that the message is delivered back to the postmaster of the IP's found in the envelope.

Of course, envelopes can be forged, too -- so you run the risk of pissing uninvolved parties off.
---
seumas.com

Re:Hey, Fine With Me

[JordanH]

• Hey, if those VC Vultures want to take everyone's misdirected spam, be my guest!

By giving a valid domain address that you know will receive Spam, aren't you complicit in the bandwidth waste?

If you are going attempt to block Spam with a bad email address, it's best to use an illegal/invalid address or something that will cause the Spam to loop back (root@[127.0.0.1]).

Personally, Spam doesn't bother me that much. I'd much rather make it easier for people who really want to contact me than by giving out valid email address.

It generally only takes a few extra seconds for me to delete the UCE when I'm deleting all the Spam that I actually signed up for.

-Jordan Henderson

Re:Hey, Fine With Me

[Cramer]

It's not a problem of "I don't want to see it in my mailbox". It doesn't matter which file ($MAIL or /dev/null) the junk is sent. Your machine still had to process it; it still had to cross your internet link; it still cost a measurable amount of money to *gasp* ignore a message.

How much of the "push for fatter pipes" is the result of ever increasing worhtless shit flying around the internet? (and of course, the resulting emailed complaints) I would venture a guess that 40% of the bits flowing around the globe shouldn't be... from spam to badly written, uncachable HTML to lame-ass streamed media that cannot be cached.

As someone's signature said... Who are you? Where are you taking me? And why am I in this basket?!

UUNET isn't that bad, really...

[jpowers]

I always get the little bastards shut down. UUNET is very responsive if you send them the message and full headers. I figured I'd have a harder time dealing with folks overseas, but no, the ISP in the phillipines gave the guy one chance to stop, he sent me another, and they shut him down. Only one of the little ISPs in the US gave me problems, they said they couldn't shut anyone down unless I FAXed them a signed statement with the email and full headers. I went one up on them, bellsouth shut THEM down. I don't know if uce@ftc.gov helps, but I forward stuff there, too.

Weren't they considering putting bounties out for spammers? I've been seeing a lot of online marketing firms advertising UCE as a service...

-jpowers

Use example.[net|com|org]

[wfberg]

Example.net, .com and .org are domain names that will never be registered to any one, they're reserved specifically to be used in examples in textbooks etc. There are no DNS entries for these domains, so all mail should bounce. Thank the boys and girls at IANA for this nice service ;-)

Of course, loads of domain name registrars and ISPs advertise with yourname.com.. Which is of course a competitor! Doh!!
--

Re:Use example.[net|com|org]

[dorzak]

Only until somebody trademarks example.[net|com|org] and sues under the DMCA to get those names.

Re:Use example.[net|com|org]

[Krellan]

I prefer to:
use the domain of the spammer!
That way, all the spam gets sent right back to the sender, where it belongs.

For example, when downloading RealAudio, use nospam@real.com . When downloading Acrobat Reader, use nospam@adobe.com .

For even more fun, use a username such as root or postmaster .

That way, bandwidth isn't wasted on the Internet, because the spam remains on the spammer's own system. And hopefully it will tell them that people aren't interested in receiving their spam...

Re:Use example.[net|com|org]

[mprindle]

Also... If you put .invalid at the end of the spoofed e-mail addie it will surly bounce.... I just some random characters and numbers when I'm spoofing an e-mail addie... Like asdf@asdf1235.com.invalid

Re:Use example.[net|com|org]

[mikpos]

Why would somebody use a copyright act to sue under trademark law?

Re:This is annoying

[Syberghost]

Last time this happened, I looked at the headers of the usenet reply, went to the usenet newsgroup in question, and asked the person to not use my domain for nospam email addresses. The person, rather embarassed, was nice about it and changed his fake email address.

Nobody's used my domain for that purpose yet, but if they do, I'll check usenet, find out their actual address, and then set up a forwarding rule so they get their mail. :-)

--

Re:O the humor...

[budcub]

I use either user@domain.com or root@localhost.com

However, there is a http://www.localhost.com If you go there you get a message saying either your looking for them, or your dns is setup wrong. They must get tons of visitors to their site, 90% are probably there by mistake.

Re:Oh yes, I know this feeling

[h2odragon]

For some reason "freedom@freedom.org" seems to be the forged From: address of choice for some of the more annoying perverts and losers on usenet...

How often can you explain that, no, we don't know that person, he's not a user of ours, *we* don't condone tying down 8 year old boys to be raped by big dogs, etc, before giving up?

Re:send me spam! c'mon!

[John_Prophet]

Message sent by: Kuppler Graphics, 32 West Main Street, Maple Shade, New Jersey, 08052, 1-800-810-4330. This list will NOT be sold. All addresses are automatically added to our remove list. Hello. My name is Bill from Kuppler Graphics. We do screenprinting on T Shirts, Sweatshirts, Jackets, Hats, Tote Bags and more!

Interesting. I got this same email. I figured he had grabbed me off of some other list, since I actually *AM* in the business of making T-shirts (i'm in a band.)

The worst part is not that he spammed me, but that his prices are outrageous. Like $4 MORE PER UNIT(!!!!!) than what I could get done around town locally.


-The Reverend

other E-mails to use to avoid spam

[mpost4]

I use one of the following for the forms
John@aol.com
John@whoknows.net
someone@somewhare.com

if there is a John@aol.com he gets alot of diffent stuff.

Cayman's not really the place for it...

[Oroborus]

Of all the possible offshore locations for a company interested in doing shady business, Cayman's a pretty poor one. Unlike many other island-countries in the area, Cayman maintains good relations with the US and lacks the kind of corruption that would let you get around that. More likely, a company would incorporate in Cayman because of the insane tax benefits. But I think I'll go check out their office just to find out, since I'm vacationing to Cayman this week anyways. :) sun... surf... beaches... relaxation... hundreds of miles away from my computer... ack!

unsubscribe.com

[eperlman]

I registered unsubscribe.com several years ago, on which I had an random message generated by jwz's DadaDodo program, with the data generated from all the spam I received.

It as fun for about a day, at which point my mail server started getting flooded with mail for every username across the board. Most popular was unsubscribe@unsubscribe.com, but fuckyou@unsubscribe.com was pretty high on the list as well.

One spammer even decided to set his Reply-to: address to one that had the @unsubscribe.com domain.

Eventually, I decided that the best thing I could do was to remove the MX and A records, thus saving me the trouble of having to deal with bogus email, and saving everyone who has decent mail filters set up (ie, reject from unknown hosts) some extra spam.

Too Paranoid...

[quonsar]

...but I guess after phony leaked Quake screenshots, and another chunk of internet-as-3rd-world-panacea tripe, this vaporware-conspiracy-involving-spam-and-domain-nam es story is just what the doctor ordered. Expect a follow-up detailing NSI involvement...

"I will gladly pay you today, sir, and eat up

O the humor...

[nutty]

root@127.0.0.1 works for me. That way they end up spamming themselves. :)

Of course, the funniest part is when i am told that someone already registered it.
;-p

/nutt

Re:O the humor...

[Erasmus+Darwin]

Minor pet peeve: I'm blanking on which RFC specifies it (821?), but e-mail addresses that use IP addresses are supposed to enclose the IP address in brackets, like this: postmaster@[127.0.0.1]

Re:O the humor...

[DanPeng]

Too bad that root@127.0.0.1 will probably bounce... try root@[127.0.0.1]

Re:send me spam! c'mon!

[Goonie]

When I have enough spam, I'll try to find some really interesting pieces and post 'em somewhere!

Some of the funniest spam I've seen is from some PRC-based manufacturers. They spammed debian-devel with advertisements for bulk quantities of steel pipe, amongst other things . . .

x@x.com

[latro]

man i feel bad now for x@x.com

I guess I better think of a better fake address to use in filling out forms - that's just the fastest for me to type!

-------

Use a fake Microsoft addr instead...

[acidrain]

Hate to seem a bigot, but I use jjohnst@gaul.csd.uwo.ca.MICROSOFT.COM all the time. Send unrequested mail to the unrequested OS vendor.

Re:Anonymous FTP

[Tower]

dude@dude.dude or this@is.fake

Hey Spam is ILLEGAL in CA!!!!

[Alien54]

Let's see:

07/09/00 21:50:32 whois !NETBLK-PBI-CUSTNET-4056@whois.arin.net

whois -h whois.arin.net !netblk-pbi-custnet-4056 ...
BRE Properties (NETBLK-PBI-CUSTNET-4056)
1700 Promontory Lane
San Ramon, CA 94583
USA

Netname: PBI-CUSTNET-4056
Netblock: 216.100.51.0 - 216.100.51.255

Coordinator:
Campillo, Doug (DC199-ARIN) DCAMPILLO@BREPROPERTIES.COM
415 445-6575

Record last updated on 12-Feb-1999.
Database last updated on 7-Jul-2000 17:53:46 EDT.

>>>>>>>>>>>>>>>>>>>>

HEY! Spam is ILLEGAL in California!!!!!

contact your local attorney general!

Extremely Confused

[telepet]

As I read through slashdots stories and comments and the like I realize I am highly ignorant to what everyone seems to be talking about. Before you pass me off as a Lame, off-topic, whiner I would like to get my point accross. Perhaps if someone could reccomend a site for newbies, in turn you wouldn't get another lame post from me because I would at least have comprehention of what is happening.

I also would appreciate it greatly if this message wouldnt be moderated so a point where anyone who is itelligible and might help me would not be able to read it because it is below thier threshold.

Cyberstalking

[gwalla]

There's an article on this at sfgate. Your case sounds like Jane Hitchcock's--she was spammed and signed up for magazine and CD subscriptions by a phony literary agency that she had had a dispute with.

There's a watchdog group called Cyberangels that has a division devoted to fighting this sort of childish crap.

---
Zardoz has spoken!

Slow day?

[tiny69]

Nothing like a conspiracy theory to add life to an otherwise slow day. Here's one for you: Andover.net keeps close tabs on the hit count and comment submissions. They threaten to do Bad Things(TM) if it drops too low. Soooo.....CmdrTaco makes something up to bring out the flamers/trolls/conspiracy theorists/etc....

Re:send me spam! c'mon!

[odaiwai]

Spam to your reply-to: address? I've been using a throwaway From: address and a site-specific reply-to: for a few years now and have *NEVER* got any spam to the reply-to:.
Nothing, nada, zilch.
The From: address gets deluged with crap.
Also, having a real email address diaplyed on /. seems to provoke spam from home.com.

dave

Postfix

[frankie_guasch]

I have been using sendmail from ages, but I've been replacing all my sendmails by postfix lately. It's a very good mailer daemon. Check: postfix. It's very easy to configure. The spam blocking options are very handy.

Annoying

[Arcanix]

For some reason a large amount of people on Usenet enter their reply-to e-mail as my e-mail address. This is extremely annoying; I receive around 20 e-mails a day responding to various posts, some thanking me for posting something I didn't post and some flaming me for an article I obviously didn't write. It's gotten to the point where I created a generic reply that I send in reply to this mail.

People should either use a non-valid e-mail address or simply don't enter one. If you are using a valid e-mail address all that does is push the spam on someone else.

something similar

[ArchieBunker]

There used to be a list floating around usenet that had a ton of emails for government agencies. Like postmaster@fcc.gov president@whitehouse.gov etc etc. About 70% of my spam comes from asia, mostly a unix/NT box someone plugged in and never bothered to change the mail relaying settings. Complaining to someone is impossible. I look up who owns the IP block and forward it to them. A lot of the NT boxes have accounts with the same password and some even have blank administrator passwords. Maybe I should just fix smtp for them ;)

Re:not so easy

[Krellan]

Unfortunately, Yahoo does not let you block emails from certain addresses. (Perhaps it's addresses that also advertise on Yahoo?)

As an example, I get spam from "TRAFFIC" at websidestory.com -- this domain is unblockable from Yahoo Mail! Try it, you will find that the "Block Address" link does not even appear when you read an email from them...

MailExpire

[icqqm]

If you need an address just for a few minutes and don't want the hassle of spam, just visit mailexpire.com, setup a temp address, and it will disappear once your address has been "verified" by those websites that need them. Of course, if you forget your password, you're out of luck.

Regular expressions

Have people who use 'NOSPAM' in their email address never heard of regular expressions? A email harvester could in one line of code remove most of those pieces of noise to form valid email addresses. The only people you inconvenience will be the recipient.

Re:Regular expressions

[Stormin]

Yeah and in fact that is very common. Thats why I use nospam as the -real- address for web postings. The program strips it out and it becomes an invalid email address.

I've also done the technique of using custom addresses for downloads. Then I can easily kill the address if they start spaming it.

Re:send me spam! c'mon!

[mprindle]

As one of the other posters suggested you might want to get a web e-mail address like one of the email.com accounts that you can forward to another account. I currently have 2 of those accounts and both are forwarded to my real address. At any time I can cancle the email.com account and open a new one....

Re:Spam me. I'm at your loopback interface.

[Duckie01]

What he meant was this:

# nslookup localhost.localhost.com
Server: ns1.a2000.nl
Address: 62.108.1.65

Non-authoritative answer:
Name: localhost.localhost.com
Address: 127.0.0.1

I'd go for warez.slashdot.org ;-)

Re:send me spam! c'mon!

[technos]

I've recieved that one three, no four times now. Once per month, and once after I mailed nicely asking them to remove me. I finally gave up on asking nicely and sent them this.

Dear Bill:

My name is Ineyo Montoyota. You have me in your 'spam database' as [address-du-jour].

As much as I find spam in general distasteful, I try to ignore it. In fact, I tend to get a laugh of your messages in particular. See, I'm a nudist living in Grable Community near Parsippany.

You'll never get a sale from me, so knock it off..

Sincerly,
Ineyo Montoyota

I don't get it.

[Trep]

Maybe I'm missing something obvious, but I don't see it.

Re:I don't get it.

[Valdrax]

Part of the IEEE single-precision floating point standard. SIGFPE is the signal for a floating point execption. 0x7ff????? is either infinity if all the ?s are zeroes or not-a-number (NaN) if they are not. If forget what NaN is actually used for, but if any kind of calculation involves it as input, you'll get an exception. I believe a divide-by-zero operation will spit one out.

It's probably a Prisoner joke at any rate. "I am not a number, I am a human being!"

Re: drug smugglers need data havens too

[llywrch]

>Why is everyone always bashing on drug smugglers?

I dunno. They seem to be universally disliked by governments everywhere, & was the first example that came to my mind.

Whyn't we just Godwinize this line of argument, & say that anyone seeking secrecy is obviously in the business of trafficing in kiddie pr0n? that's right, all of those folks who just want to be left alone are trading pics about how they made Junior do it with Fido!

(Except that there aren't enough child molestors out there on the 'Net trading pics to make it worth the law enforcement agencies' while to ask for an international agreement to watch the 'Net for dirtbags abusing the fiber in this way. They'd rather argue that drug dealers are encrypting all of their dealings with PGP, rot-13, & other computer generated cyphers, & that's why they need to be able to decrypt every communication out there.)

Geoff

My tricks, including the 'plus hack'

[Megane]

My first experience in nospam addresses was with texas.net which specifically has a nospam.texas.net to help catch spammers. Note that nospam here is a 3LD, not a 2LD. And you can also put the "NOSPAM" in front of your domain without a dot, assuming the total combination is unlikely.

After I got my own domain, I found out that only works properly if the nospam DNS exists. Otherwise sendmail will reject it, even if it's a subdomain of a valid domain. I didn't feel like adding a nospam address because I had learned a better trick.

But what I use now is the "plus hack". See, the user name part of e-mail addresses (at least if you use Sendmail) can have a plus sign added to it, followed by some unique identifier for further routing (or procmailing) of the mail. So I simply use, say, +usenet1 on usenet posts, and once that starts getting spammed, I'll move on to +usenet2.

Some interesting results of that have appeared in my logs. One spammer's software simply removed the plus sign, and another removed everything before and including the plus sign. Either way, "User unknown".

And speaking of logs, I've noticed something VERY wierd in my logs. At first, I thought it was because someone owned my domain before, but now I'm not sure. I would notice "user unknown" bounces of the form "lusername@domain.net", where the domain was four obscure characters (definitely NOT a word). Just random user names. Now maybe a few people were clueless and put ".net" instead of ".com". But I'm not so sure. I think there may be some spammers out there trying random user names at domains for some reason I can't comprehend, probably because the reasons truly are incomprehensible. Anyhow, a bounce is a bounce.

And now with what little spam I get (about 0.5/day, mostly through my someday to be dropped texas.net address), I make a point of reporting to the abuse address of the spammers IP domain, since even most open relay mailers bother to log the source IP address. Hopefully this will help get a few more chickenboners shut down in this eternal game of whack-a-mole.

Go ahead, let them have the junk spam

[Cable]

Like I really want to read 39 messages a week from junk spammers about green cards, porno sites, credit card machines, MLM, make money fast scams, and other stuff?

I wonder if anyone owns dontyouwish.com as I tend to use that in place of nospam.com?

How about?
bitbucket.com
devnull.com
goaway.com
idontlikespam.com
foobar.com
and many others that are used?

best to use non-existant domain

[Barbarian]

For example, I use @spam-yahoo.com for my mail account on yahoo.com. If there's a real domain called spam-yahoo.com, well, they deserve it (there wasn't 6 months ago anyways).

--

Re:best to use non-existant domain

[Coward,+Anonymous]

If there's a real domain called spam-yahoo.com, well, they deserve it

whois spam-yahoo.com
[whois.networksolutions.com]

Registrant:
YAHOO (SPAM-YAHOO-DOM)
3400 CENTRAL EXPRESSWAY, SUITE 2
SANTA CLARA, CA 95051
US

Domain Name: SPAM-YAHOO.COM

Administrative Contact, Billing Contact:
HANLEY, JOHN P (JPH376) not-abuse@SPAM-YAHOO.COM
YAHOO
3400 CENTRAL EXPRESSWAY, SUITE 2
SANTA CLARA, CA 95051
(408) 530.5002
Technical Contact, Zone Contact:
mydomain Support (MS311-ORG) support@MYINTERNET.COM
mydomain Support
Email to address provided
Email to address provided
BM
+1 (888) 700-4087

Record last updated on 19-Feb-2000.
Record expires on 19-Feb-2002.
Record created on 19-Feb-2000.
Database last updated on 8-Jul-2000 18:43:43 EDT.

Domain servers in listed order:

NS1.MYDOMAIN.COM 216.34.89.1
NS2.MYDOMAIN.COM 216.34.89.2
NS3.MYDOMAIN.COM 216.34.89.3
NS4.MYDOMAIN.COM 216.34.89.4

Re:not so easy

[PD]

You can set up filters to route mails that contain the string "traffic@websidestory.com" in the "From:" field to a folder called Trash.

Go to your mail, click the options, click filters, and set it up.

Re:Is it true...

[MaggieL]

Perhaps that more of them are women than you think?

I have an approach to dealing with spam

[SIGFPE]

Whenever I sign up for any kind of service I generate a random 32 bit integer. This is the email address I use to sign up. For example for slashdot I use (4 more than 0x7ff00000)@sigfpe.com. I have a little database that maps these integers to the service I signed up for. If I receive spam on one of these addresses (1) I can remove the address from my /etc/aliases and

(2) I know how the spammer got my email address. If the email address was given to a service that promises not to give out addresses I'll know exactly who to blame.

Basically I can track the spammers like doing cookies in reverse. Even if you don't have access to your mail server you can use 'plus' userids at many ISPs although that isn't quite as powerful. Of course I don't want to feel like I'm just a number and that's why the addresses all start with 0x7ff (geek joke - think about it! :-)
--

Re:I have an approach to dealing with spam

[sonnerbob]

I just use SneakEmail. Generate a unique address for each public instance and if it is compromised, I know the source and can delete it or "dam" it up. Sort of follows along the line's of Proxymate's 'target revokable' email aliasing system. Surprisingly, even though I have around 30 different aliases in my Sneakemail setup, not one has been spammed (strictly meaning exploitation by any sender other than the site to which is was used to register or post).

And then there's always Despammed.Com, which has a good filtering system, but needs an account management method.

Could be a good thing

[Felinoid]

More than likely the owners of spam.tld domains are harvesting spam.
What for? Sevral things. For one exaples of what NOT to do. Who to avoid and maybe just what to add to filters.
As ALL the e-mail to those domains are 100% spam a simple catch and filter system could create an effective filter.
If they go the extra mile they could be looking for scams and reporting them.

We don't know but harvesting spam is hardly an invasion on us.
Whatever they are doing they know spam isn't welcomed and thie spammers are crooks. So from there they are probably just using it for internal use.

hay... know thy enemy... Keep your friends close.. keep your enemys closer...
Chances are good they have some dark and sinister motive... one we'd aprove of... along the lines of "nuke em"....

nospam

[LoRdTAW]

Well not to sound stupid but I just put in stupid stuff like ass@hole.com or fuck@off.com. I really wonder if thoes user names actually exist on thoes sites.

Re:send me spam! c'mon!

[scum-o]

Go to: iwantspam.com and register.
--
Steven Webb
System Administrator II - Juneau and TECOM projects
NCAR - Research Applications Program

my favorite,

[The+Madpostal+Worker]

is webmaster@domain.com (where domain is their site), it the lsuer decides to spam, he spam's himself.

/*
*Not a Sermon, Just a Thought
*/

Email suggestions

[Uruk]

Well, I usually use 'foo@bar.com'...

but when I'm feeling nasty, I use the root account's email address on that system. I.e. if I'm signing up for foobar service's something-or-other, my email address is root@foobar.com. Most web forms (if not all) don't catch this, and the BOFH gets the spam.

Sure, that's not exactly kind, but you can also put your email address as abuse@yourisp.com which will forward all spam to the spam account.

Or maybe sales@microsoft.com. I'm sure they can use some more...

Re:Email suggestions

[LoRdTAW]

Thats a great idea for sales@microsoft.com now I shall abandon ass@hole.com for that one........

Re:Email suggestions

[Syberghost]

Well, I usually use 'foo@bar.com'...

Registrant:
Mike O'Connor (BAR-DOM)
2168 W. Hoyt Ave.
St. Paul, MN 55108

Domain Name: BAR.COM

Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
O'Connor, Mike (MO35) mike@HAVEN.COM
O'Connor Company of St Paul
2168 W. Hoyt Ave
St Paul, MN 55108
651-647-6109

Record last updated on 21-Apr-2000.
Record expires on 23-Apr-2001.
Record created on 22-Apr-1994.
Database last updated on 8-Jul-2000 18:43:43 EDT.

Domain servers in listed order:

NS.GOFAST.NET 209.46.63.1
NS.MR.NET 137.192.240.5


--

Re:Send them to a useful place

[13013dobbs]

Use the-dma.org for your fake addresses. That way the spam goes back to the spammers and those who think you should have to recieve spam.

Re:Dip...

[LoRdTAW]

Your kool

Registration email

[bat'ka+makhno]

I see people suggesting various addresses such as billg@microsoft.com or foo@example.net. These are fine, as are random fakes (but not {abuse,root,postmaster}@bar.com, since they're never live), but consider using the names provided by either the company's whois information or, should you get lucky, a live email address listed somewhere on the web site.

Take the example of buy.com, a notoriously unresponsive spammer. julieh@BUY.COM, their billing contact, is actually received by Julie H., an administrative assistant at buy.com. My experience with administrative, billing or technical contacts from the WHOIS database has been quite positive in that inquiries directed to the addresses listed there do, for the most part, generate a human response, often coming from the very addresses listed there.

And of course, do not hesitate using spammers' snail mail in your own domain or service registrations. After all, informative, unsolicited, commercial notices are an integral part of the net.economy, aren't they.
--
Violence is necessary, it is as American as cherry pie.
H. Rap Brown

Re:Registration email

[bat'ka+makhno]

From an email recently received from my registrar:

You can always use a ficticious address. Just make sure that we have a working email address in order to help if things go wrong.

So, in so many words, fuck you, ignorant shit.
--
Violence is necessary, it is as American as cherry pie.
H. Rap Brown

Re:Is it true...

Why was this moderated funny? It's a very old troll. I don't even have an account here yet and I've already seen it many times

What's next? Beer moderated 5, Insightful?

Caveat Emptor

[Ars-Fartsica]

If you knowingly divert email to another address, anything they dig out of that email on the other end is fair game.

Where was it written that anyone had the right to create a defacto domain for spam-guarding? Once again, the ridiculous entitlement mentality of slashdotters rears its ugly head.

not so easy

[Barbarian]

Well, most of the "Bulk Mail" filters work by assuming all mail without your email address in the To: or Cc: field is spam.

However, often legitimate mailing lists don't put your email address in To: or Cc:. I subscribe to several.

--

Re:not so easy

[PD]

Yahoo mail allows specific filtering for your mailing lists to keep them out of the spam trap.

Re:not so easy

[13013dobbs]

You should be able to white list your mail lists so that they don't get routed to /dev/nul. I guess that it depends on your filtering set up. Psuedo-code might look like:
if (From = mymaillist@list.com) copy to MailListFolder
if (To OR Cc != me@mydomain.com) copy to /dev/nul

foo@bar.com

[sandler]

I often use foo@bar.com for random sites that require registration. I checked out bar.com and discovered that's it owned by some sort of domain squatter who "really meant to use all those domain names." Plus, mail to bar.com bounces for lack of proper mail handling. So I think that's a pretty good alternative.

Of course, that one's often already been used at a site, but not as often as you'd think.

skank@mofo.com

[Skankmofo]

I use skank@mofo.com, and any spammers can blow me.

This is annoying

[Kiwi]

There have been a few cases where someone uses a fake email address of "idonotlikespame@samiam.org" or "nospam@samiam.org". Rather annoying, because I like to have an "umbrella" email address, so I can get email from people who mistype my email address.

Last time this happened, I looked at the headers of the usenet reply, went to the usenet newsgroup in question, and asked the person to not use my domain for nospam email addresses. The person, rather embarassed, was nice about it and changed his fake email address.

The proper way to make a "nospam" email address is to use "name@example.com", or if you can not do that, use an invalid ".gov", ".edu", or ".mil" domain, such as "compost.gov".

- Sam

Fun With Spam

[chaobell]

For everyday use, I have a "spamtrap" address. I have Pine configured to look for mail addressed to spamtrap@chaobell.com, and poopcan it. But when I am feeling evil...

• root@company.com, where "company" is either the vendor of whatever I'm downloading, or whatever domain I'm peeved at that day
• somthing utterly random, like adjuhau@abwwuigc.com
• sonof@god.com, usually coupled with an entry of "Jesus H. Christ" if a name is requested; variants usually include anime and video game characters...almasy@balamb.garden.edu, reeve@shinra.gov (someone actually has shinra.com), vanhouten@gebler.mil, ad nauseam.
• Or if I am feeling particularly bitchy...blowthe@outyourass.com.

Let them have it

[bkeeler]

A friend of mine used to be fred@fred.com. You wouldn't believe the amount of crap he used to get from people randomly typing that into web forms.

If they've vounteering to receive a similiar amount of crap, fine. Let them. It's not like they're ever going to see anything important.

It's a pain...

[andreas.haug]

People use the address "me at this net" or something else "at this net" all the time. It's a real pain, especially since I patched the mailer at this.net to accept anything.

On the other hand... those mails are sometimes funny to read in a cold winter's night...

Andreas, postmaster, this.net

Re:I've used no@no.no. So who in Norway gets spamm

[BobTheWonderchicken]

Not, you. I understand the problem of getting spamed just by one person using my address. It was incrediably annoying. My brother was signing up for porn accounts and using my e-mail. Once or twice my machine crashed when I tried to get my e-mail because of the amount of data. At least I knew who it was and could kick his ass.

Ummm, mofo.com is a very good and big LAW FIRM

[2quam4]

Morrison & Foerster http://www.mofo.com Maye its just me, but I wouldn't use their address.

RE:skank@mofo.com (OT)

[GreenHell]

ok, off topic, but this is kinda funny...
mofo.com is owned by Morrison & Foerster, Attorneys at Law (that and MoFo is a registered trademark of theirs, go figure...)

somehow, I don't feel sorry for them if they do get your spam though...

Spam me. I'm at your loopback interface.

[AtariDatacenter]

Hello? Spam Central? Please add my root@localhost.netscape.com email address to your mailing list. I also have a friend at abuse@localhost.yahoo.com who wants to be added. THANKS!

[BTW, it is kind of an old joke. Say, has anyone visited that FTP site at localhost.localhost.com? Log in with your current username and password. They've got an awesome selection, but unfortunately, I already got what they had available.]

Oh yes, I know this feeling

[Jay+Carlson]

I get all kinds of weird stuff at nop@nop.com; my friend who has ben@ben.com does too.

One nice thing about this situation is plausible deniability. I mean, who's to say that I'm the person who registered for those 724 quasi-legal web sites? And "I"'ve been booted from geocities and Excite many many times...one more can't hurt, right?

/dev/null or . . .

[TheSlashdotter]

I often use an invalid TLD. (Un)fortunately, there are a lot more now, but long random domains often work. It seems most scripts only check to see a) there is a name before the '@', b) there is an '@', and c) there is something after the '@'. Some check to make sure that there is a two part domain or more, but most won't ever check the length as long as it can handle it (in other words, you can usually throw in a five charcter TLD like .xspam or something).

*@mydomain.com

[rothwell]

I own my own domain, and have a few real email addresses. The rest go into another mailbox. This allows me to make up addresses whenever I want, and know that mail sent to them will get delivered. I currently have all mail at that domain put into my mailbox, unless it's for my wife's or a friend's or some other real address. When I go to a site demanding an email address, I put in sitename@mydomain.com. THen I can see where the spam is coming from, and retaliate/procmail/etc as appropriate. Works well. Get yourself a .us domain, they're free, and go for it.

... and no, my domain isn't really "mydomain.com". That's owned by:

Myinternet Services Inc.,
4739 University Way NE
Suite 1640
Seattle, WA 98105
US

mojo@jojo.com

[Pope]

i've been using this one for a couple of years, and found out 2 weeks ago that Mojo Jojo is the name of the bad guy on the Powerpuff Girls.

Pope

Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!

send me spam! c'mon!

[tomaasz]

I have an account that I created for only one reason: TO COLLECT SPAM. I tried really hard to actually subscribe as much spam as possible, but I'm very disappointed with the results. I only get about 7-8 mails a day. Can you help me?
The address is spambox1 through 4 @atlas.cz, that is:
spambox1@atlas.cz, spambox2@atlas.cz, spambox3@atlas.cz, spambox4@atlas.cz

spambox2 is dedicated to spam for porno sites, so please be nice and respect that.

When I have enough spam, I'll try to find some really interesting pieces and post 'em somewhere!

Thanks in advice
tom

Re:send me spam! c'mon!

[John+Jorsett]

Have you tried posting articles on Usenet with this email address as the "reply-to"? When I first got on the net, that's what got me all sorts of spam. Another thing you can do is create an EBay account with that email address. I get stuff that way. Someone must have set up an auto-troll program to cull email addresses off of EBay somehow. Third thing to try: create some web pages with mailto: links for this address. Make sure you submit the pages to search engines so that the spammers can find you. Lastly, subscribe to some email lists and submit items so that your reply address is visible. Spammers get email addresses this way as well.

Incidentally you might want to create a more generic address. If I were a spammer, I'd be figuring that any address that had the string 'spam' in it is a diversion, and I'd code my script to either ignore it or attempt to derive the 'real' address from it. It's also possible that spammers figure anyone living in Czechoslovakia isn't going to be a good candidate for musical toilet seats or whatever they're peddling. Consider using an address in the .com domain.

Here are the fake email addresses I use.

[KiDWhiZ]

I come up with a common name, append it with a number, usually 1-100 and add @aol.com. Like doggy69@aol.com, teddybear23@aol.com. It's funny because some poor sap at AOL is going to be getting all this spam.

Re:So don't do that. [IANAL]

[Tiro]

Since it's actually your account, it'd be a felony for Yahoo to reveal the contents of the email, so you're set.

Yahoo can do whatever it wants with your electronic mail; its sitting there on their servers, after all. Only U.S. Postal Service mail is protected with the felony mail tampering law.

What Syberghost recommends, though, is a really good idea. If you start up a Yahoo spam account, you can still retrieve any important info [because sometimes you have to interact with an electronic commerce company with electronic mail (and end up on their list) to complete a transaction].

Forged return address

[kris]

Using a forged return address of "@nospam.com" puts undue strain on the network connection of others, namely those people who receive misdirected replies to these mails. You are using an address in a domain you have no authority over and where you hold no legitimate address. In some countries this already is a punishable offense (although these laws were originally created to go after spammers).

If you want a spam drop account, at least create one yourself and do not fill other peoples mailboxes. This is just as offensive as sending SPAM.
© Copyright 2000 Kristian Köhntopp

I suggest...

[god_of_the_machine]

...that people start following my lead with spammers. When signing up with spam-friendly companies such as REAL or ADOBE, use the email address nospam@real.com or nospam@adobe.com. What do I mean by spam-friendly?? Well, when you download something for free, they won't let you without getting your email... and if you don't click off some checkbox you get flooded with spam. The only way to teach them a lesson is to spam their own servers. In mass numbers would be nicer!

-rt-

Interesting uses for Spam

[HerrNewton]

Yeah, offtopic. *pthb*

In one of its catalogs, font haus T.26 set its type samples using spam instead of the standard "Lorem ipsum dolorem..." It was really quite amusing, as one got some great visual dichotomy by pairing, say, a nice enlightment style handwriting font with pron spam.

Anyone else have good uses for spam? It's not tangible, so lining the bird cage, wrapping fish, making hats for monkeys, etc. won't work.

----

mouse-potato.com

[moonbeam]

Use mouse-potato.com instead!

Anonymous FTP

[logistix]

Do you guys use nospammed email for Anonymous FTP?

If you must provide a fake address...

[Raunchola]

Privacy.net has an address that you can use if you have to provide an e-mail address for registering software, or anything of that sort. All you have to do is use me@privacy.net for whatever reason, and it provides a bounce message to anyone who e-mails it.

You can read more about it here.

--

Downloading software

[flc]

If you are getting some software from the net you have to register before downloading, just send the spam straight back to them, eg. postmaster@real.com when you download Realplayer. Hopefully the world will be a better place when they notice the amount spam they send out.

Hmm.. Should I perhaps change my email to postmaster@slashdot.org?

Similar Domains

[Knunov]

I used to administer the domain SETEL.COM

There was an ISP that used the domain SE-TEL.COM, and as a result, I received 3 or 4 stray e-mails per day from people that were sending to whomever@setel.com because they weren't including the hyphen.

I got a few love letters, some that could have even gotten people (usually wayward husbands) in trouble, some AdultCheck ID's and various other pay passwords. I was even sent financial information on several companies. Ah yes and a scanned picture of a naked woman named Jennifer.

While my experience was small scale, I was always tempted to register MINDSPRONG.COM or OAL.COM (which were unregistered at the time) just to see how much stray e-mail I would get. In a matter of time, something interesting was bound to arrive in my inbox :)

Knunov

From a "victims" point of view...

[beh]

About a year ago, I registered a Swiss (.ch) domain for a server that I intended to set up (but had to put off for a while).

During the year, I have received quite a bit of mail
for product evaluation registrations and other things with various addresses inside the registered domain). Now vendors email me with mail, that from their viepoint is legitimate (basically, it is from mine, too - as the info mails were asked for during registration of the software downloaded). Nevertheless, I get about 3 or 4 product registration emails per week from some lunatics who apparently think its funny to put in an email address of a domain they are not connected with (in this case, the domain is @here.ch -- with lots of people using "surfer@here.ch", "enteryouremail@here.ch", "jo@here.ch", "oskar@here.ch", "not@here.ch" and the like).

Currently, I am in contact with the Swiss data protection commisioner getting his support for bringing charges against those people, since as stupid as it may sound, it is the only chance I have to make these people stop (under the data protection act, the providers here are forbidden to give out details about who entered the false data). The same goes for most of the companies that the false registrations were done through.

In some way I am sorry, that this is the only way for me to make people stop (as I don't have another chance of finding them except by bringing up charges for supplying false identities).

What saddens me even more, is that this sort of thing would be easy to get around on the software manufacturers site (if someone registers for product evaluation, require an existing email address, and then mail a URL to that email address with the site information where to download the software). That way people would have no choice but to enter a valid email address if they wanted to get the software.

And, yes, I am sure, that we're not talking normal spams - among those companies from which I got news after "registering" evaluation software include companies like McAfee, Realaudio, and others.

a better idea

[Morphine007]

How's this, next time you sign up for a service that REQUIRES you input an email just put in: postmaster@127.0.0.1 and see where that gets 'em ;)

Re:skank@mofo.com (OT)

[Skankmofo]

Yup, I looked it up one time and saw that it was a law firm, that's what makes it so much better. How stupid can they be to make a web site mofo.com though...I feel that they deserve my spam.

OR...

[jpowers]

OR...the /. kids have stock in Andover, who generates a profit from ads posted on /. Consequently, it behooves the /. kids to bring in as much traffic as they can, and no motivation is necessary over and above simple greed.

OR not...

-jpowers

It's your problem..!

[cfelde]

What's wrong with letting nospam.com/.net/.org read mail sent to an address owned by them? As long as people are so stupid and entering an email address not owned by them, they have no right complaining if mail meant for them end up in the person or organization owning that address.

THEY'RE STEALING OUR SPAM!

[kinnunen]

Those bastards!

Do none of you listen to Geeks In Space?

[peterthomas]

As all true GIS listeners should know, there is only one address to send all your spam to.

Of course, its kurt@thepope.org

:-)

domain.com works, too...

[RobotSlave]

Back in the days before pit vipers took over the management of Network Solutions, you could do a `whois domain.com` and get this gem back:

Example Domain (DOMAIN-DOM)

For use by vendors and authors in
default configurations, examples,
This is not the spam-host you're
looking for. Move along.
7, va 35478
us

Domain Name: DOMAIN.COM

Administrative Contact, Billing Contact:

Example Domain (DOMAIN-NFO) user@HOST.DOMAIN.COM
+1 510 540 8000 (FAX) +1 510 548 1891

Technical Contact, Zone Contact:

BHCOM HOSTMASTER (HC391-ORG) hostmaster@BHCOM.COM
760-360-4600 Fax- 760-772-3654

Record last updated on 15-Dec-1999.
Record created on 01-Jul-1994.
Database last updated on 18-Dec-1999 13:02:57 EST.

Domain servers in listed order:

NS1.4SERVERS.COM 209.176.24.140
NS2.4SERVERS.COM 209.176.21.100

DNS now fails to resolve domain.com (can't remember if this was by design), but mail sent to domain.com (via smail and sendmail, at any rate) still evaporates. Looks to me like a well designed MTA tries to avoid clogging networks with attempts to deliver to Tattooine. Needless to say, the days where humor lurked in the belly of NSI are long gone, but domain.com is still reserved, and there are still records for it in the indicated name servers. A whois domain.com now returns a circular reference error, and no contact info.

How to get a .us domain?

[JimTheta]

This may sound like a dumb question, but how do I get a .us domain? If they're free, that sounds a hell of a lot better than paying for a .com/net/org whatever, since I'd just like a personal site. I would assume that for a .us domain I don't go through one of those commercial .com/whatever registrars, right? Can you give me web site URL? Thanks -JimTheta jimtheta@beer.com
---