Slashdot Mirror
Who Reads Your @nospam Mail?
pjbrewer writes: "Ever use an address like name@nospam.com when filling out a form on the web or registering software? Think thats safe?
Somebody is surely receiving messages destined for these fake nospam emails... and for curiosity or boredom, I checked it out.
Nospam.com is owned by Anything.com, which is apparently, as it says on their web page, based in the Cayman Islands. Their page gives a short bizspeak blurb about what the company does (provide strategic advice to internet companies and vc-types).
Offshore corporations can be as legitimate as any other, so why does this suggest concern? Could it be that the owners or managers of nospam.com want to avoid US laws for some reason? The Caymans sound like a place to incorporate rather than a place to set up offices and a T1. Am I overly paranoid, or is there something interesting that could be done to analyze people's use of *@nospam.com type addresses or some other interesting use of this content they must be receiving?
Nospam.org and Nospam.net appear to be net malls owned by BestOfTheNet."
Think about it folks. If you don't actually put your email address in the field, why in gods name would you consider the email yours?
You TOLD them where to deliver it. They're doing exactly what you wanted. Don't complain when that actually goes someplace! :)
If you want to use a deliberately fake domain name, please don't just make up something that you think is fake; instead, use EXAMPLE.COM (or .NET or .ORG). IANA has deliberately reserved these domain names for this purpose.
I've set up my /etc/aliases file to redirect all mail to devnull to, well, /dev/null. I find it works quite well to send spam to devnull@mydomain. Thus you prevent the massive load on servers like nowhere.com which, according to the webpage, gets about 80000 (!) pieces of mail a month.
---
END OF LINE
Check out this page at asdf.com, too:
http://www.asdf.com/asdfemail.html
Why is everyone always bashing on drug smugglers? You're going to have crime as long as you define stuff people want to do as a crime. And if you're going to have crime, I'd much rather have organized crime than amateurs. I was actually considering setting up something similar to Jim Bell's assasination politics for local drug dealers. My theory is that the problem with drugs isn't the drugs themselves, it's the disorganized nature of the market. Make prices widely known, and people will be able to shop around. Profits fall out of the market, and bam! it's no longer worth shooting someone over drug territory. Maybe roughing them up a bit, but not killing them.
The guy down the street got shot through his window a few months back. Is someone going to do that if price competition can bring the margins down to under 50%?
I decided against it, though. Even if it isn't strictly illegal, I wouldn't want the hassle of being disliked by the police.
--Kevin
Spamido - The art of turning a spammers strength against them.
http://www.yelm.freeserve.co.uk/spamido/
Government of the people, by corporate executives, for corporate profits.
clipped from here:
"In 1986, Congress passed the Electronic Communications Privacy Act ("ECPA"),[13] which protects electronic communications from interception and disclosure to third parties.[14] This act was passed ostensibly because the common law protections for individual privacy were deemed insufficient. The problem in our context occurs because is it unclear whether e-mail is covered at all by this act. The hearings concerning the act showed that the House and Senate acknowledged the existence of e-mail, but did not address those technologies in the wording of the act. Regardless of whether e-mail was implied to be covered by the act, the exceptions tend to create large loopholes for employers to find relief in. Thus, although the ECPA would seem to protect workers from e-mail interceptions, it is not explicit when it comes to the workplace, and the exceptions contained may exclude employee protection.[15] These exceptions may limit the protection of employee e-mail, and include interstate systems, prior consent, and business use.
First, the ECPA only protects messages sent over public networks, because the definition under the act specifies only such communication that affects interstate or foreign commerce.[16] Thus, an inner-company e-mail system would not be covered, although a company voice mail would. This ambiguity will only require court interpretation, but under the statute itself, it appears that the exception would shelter the employer. Thus, an employer who provides an inner-company e-mail system could read and disclose employee's e-mail messages freely. Yet an employer who merely provides standard e-mail service from an outside provider does not appear to be protected by the provider exemption. Legislative history suggests the rational for the exemption was to allow providers access to the contents of stored electronic communications to back up messages as protection for system failure.[17]
Second, the ECPA allows interception and monitoring where one of the parties has given consent. Although an employee may not give explicit consent to the employer to read specific message "A," some prior aspect of the employer/employee relationship, such as signing an employee agreement which gives consent, or accepting an employee handbook, may defeat this claim. Courts have found that consent may be inferred from circumstances indicating that the party agreed to the surveillance.[18] However, in Watkins v. L.M. Berry & Co., the court noted that mere knowledge of the capability of monitoring does not imply consent.[19]
Third, the business use exception is the broadest exception of all, and allows the company the right to make interceptions under the ordinary course of business. Analyzing this exception courts usually take one of two approaches. The first approach is based on context and the second on content. Under the context approach the key to limiting employer liability is employee notice and a legitimate business purpose for the monitoring.[20] For example, the employer can probably successfully argue that in order to maintain productivity, decrease fraud, etc., they must intermittently monitor employee e-mails. It would be very difficult for the employee to argue successfully against this exception. "
-- Virtual Windows Project
The bizland account redirects to an iname.com account, so if the spam ever starts mounting I can kill it fairly easily.
(Note that 'foo' is NOT my Bizland name!)
So far I haven't received anything I shouldn't have. Which is nice to know.
http://rocknerd.co.uk
MAILER-DAEMON@example.com
Sometimes when they ask me to "tell a friend!" about something or other, I'll tell the postmaster, and give mailer-daemon as my address. Lonely postmasters like getting mail from their mailer-daemons.
Gates' Law: Every 18 months, the speed of software halves.
The founders of DNS have reserved those 3 domains for use in 'example' documentation, explicitly so that documentation can use those domains in safety and know that any email will go to the bit-bucket.
They have a similarly reserved set of IP addresses that are only to be used as 'examples' in documentation. This is more important than you might think, there are several class-B's that are unusable on the modern internet because CISCO used them (instead of the real 'example IP's') in their documentation for setting up their routers. And more than a few admin's have used them verbatim.
So, for everyone who writes documentation, or wants an address/DNS that's reserved and will never be used in the global internet, use example.(com|net|org) and the appropriate IP ranges.
It would NOT be fun.
Since June 5, I've been the person of which you speak.
If you have done a gnutella (or clone) search in the past few days, you probably have seen my name...
gnut> find anything CURRENT RESPONSES ----------------- 1) email matt@steinhoff.net for kiddie porn and anything 216.10.33.21:6345 size:80.854M ref:84279680 speed:10000It all started when I noticed that every query I submitted returned an html file. In that html file was a link to http://www.cybergirlsex.com/raw cash/click.cgi?tella...
gnut> find anything and everything CURRENT RESPONSES ----------------- 1) anything and everything.html 216.100.51.42:6345 size:2.83K ref:234946611 speed:10000 gnut> find nothing at all CURRENT RESPONSES ----------------- 1) nothing at all.html 216.100.51.42:6345 size:2.83K ref:117638272 speed:10000I figured that an ambitious person had hacked gnutella in order to promote the web site so that he'd get some extra cash. I sent email to the the owner of 216.100.51.42 and they promptly shut off the user's connection. I also sent email to cybergirlsex.com in hopes that they wouldn't pay the user 'tella' for the referrals. Spam shouldn't pay no matter how it is done, right?
Ever since I sent the email message to the domain admin for the porn site, my name and server address has been showing up in each and every gnutella response. Cause and effect (and a bit more) leads me to believe that the porn site was 'tella' and they are not happy that I've cut into their revenue stream.
With a bit of investigative work I was able to tie the user who is spamming gnutella with the user who admins the porn site and more than two dozen other domains.
I've got the guy booted off a number of services in the past few days but that isn't much help (though it does make me feel a bit better). It's like playing wack the mole; hit him in one place and he pops up again elsewhere. I'm getting hundreds of email messages from people either looking for child porn or wanting me dead for supplying child porn. (Of note, of course, I don't have any child porn so stop asking.)
I've contacted the FBI's computer crimes division and they are far more interested in the folks emailing me looking for kiddie porn than they are in getting rid of the slime ball spamming my email address. At least the kiddie porn angle got their attention or I imagine this wouldn't have even made their radar.
So, what can I do? I'm already filtering my email so that I don't have to read through hoards of email. (Did I mention that he has also signed me up to dozens of mailing lists?) What's next? While tracking and smacking the first day was exciting, today it's a bit of a drag.
Any good ideas will return my eternal gratitude. (Any especially nasty ideas and I'll give you the guy's email address. {grin})
Matt Steinhoff
(I had posted this as an 'Ask Slashdot' a few days ago and, of course, Slashdot would rather post Anime Moves on DVD.)
You know, I'd been thinking a lot about the bogus e-mails that the spambots pick up, and I keep thinking "wouldn't it be fun to put someone's e-mail that I don't like in my message, to get them spammed to oblivion?" .signature to:
Of course, it probably wouldn't be moral to do that. So who would be a valid target for this kind of treatment? In my opinion, a company that does nothing to stop spammers is fair game (since it's their fault most spam gets out here). And since I'd love the irony of them recieving spam from their own servers, I'm seriously considering changing my
help@uu.net root@uu.net postmaster@uu.net abuse@uu.net
I can just see them now! "Where the hell is all this spam coming from?" "Um... it look like it's coming from us!"
Serves 'em right!
-Denor
First, from reading about SeaLand, I got the impression that the Cayman Islands is making a bid to extend their corporate business secrecy laws to the Internet. Which has good applications (e.g. are you a human rights' organization in an oppressive nation who needs a safe place to store your information?) & bad applications (e.g. are you a drug smuggling ring who needs a safe place to store your information?)
But looking at the web site, it seems amazingly bland, almost to the point of parody. Amazing amount of corporatespeak. (Reading it, I was reminded of The Tubes' Sell Out album liner notes.)
Hrmf. Another mystery on the Internet, a land of countless mysteries.
Geoff
I think I see a trend here. Maybe for them it really would be easier to muzzle the entire internet than to produce p
Seriously, I would prefer no control over government control, when it comes to spam. As much as I hate spammers, I hate government beauracracy and scheming more.
Besides, the government can't do anything more than those of us who actually use the internet can do. We can take it upon ourselves to deal with spam - report it, log it, prosecute it (based on existing not-quite-net-related laws) and pressure the spammer into ceasing his behavior.
A government only has control over it's physical jurisdiction -- but users of the internet have absolute control. We can, in numbers, put a crimp in the activities of people in places where their governments (or lack thereof) allow them to continue their spamming.
The problem with this is that there are so many organizations out there working on this, but none of them are working together. If we had an army of 100,000 volunteers worldwide, we could do some serious damage.
This is a bunch of dreamy -- in the perfect world sort of stuff following, so take it all with a bucket of salt. I'm allowed to day-dream, right?
100,000 out of the the combined global 'net population is less than one one-hundredth of a percent (.01).
If 100,000 people each processed 10 spam messages in Usenet or email per day, you suddenly have millions of people being ratted-out to their ISP's and upstream providers on a weekly basis. From experience, I know that you have a 10% chance of toasting someone's account when you bring to light their infringement of the provider's TOS. Those are decent odds, if you have enough people to pursue them.
And we aren't talking a lot of time. Not all of us can sit at our computers fighting spam each day, but if we knew we were actually helping out (a lot of us feel like people have given up, so who gives a fuck if we try), that two minutes per email would be well worth it.
And just imagine if we could get a full percentage of netizens to do the right thing and help out? We'd be talking 100,000,000 small skirmishes conducted; almost a billion per week.
There are two concerns with this, of course. The first is "won't this alone generate a lot of wasted bandwidth?" and "what about rogue ISPs?"
The answer to the first question is, yes. A lot of bandwidth, but with a legitimate purpose. Further, the amount will decrease as success is made and spam in general is diminished.
The answer to the second question is a bit complex, because there will certainly be some people who will continue to spam, no matter what ever happens.
If you have 7,000,000 messages processed each week (or in the better case of a full percent of users fighting spam, 1,000,000,000), we could imagine that perhaps 50% of the messages are duplicates. That, is 3,500,000 (or in the best case, 500,000,000) unique messages. The higher the number processed, the higher the number of duplicates, of course.
So with the lower number of 3.5 million messages (generating higher response for duplicates, in the neighborhood of 7 million), let's say that half come from every day John Q Public's who haven't quite figured out that spamming is BAD. The other half come from the top 100 known spammers.
The John Q Public half has a higher chance of being incinerated, because their 20$/mo ISP isn't going to cut them much slack when several dozen complaints are filed. Whammo. Figure a 20% success rate on that alone, minimum. Say goodbye to 300,000 spammers.
The rogue-ISP and known-spammer half is a lot more difficult. We'll figure we have what... a 1% chance of shutting them down? If 3.5 million messages are sent to these top 100 and their providers or upstreams, (we're talking AOL and upstream providers from rogues), it's only 35,000 messages per entity. Not a lot to deal with. Even over a year, it's only a couple million messages and complaints each.
This is where that fraction of a percent of anti-spammers would have to recruit people to help out, until we had that full percent battling with us. That full percent cranks that 35,000 into 3.5 million per week, per entity. This is a lot of mail. I believe it would crunch all but the actual spammers themselves, who have absolutely to reliance on other servers or services for the processing of their own spam, into submission. Jim Bob, running a box at a co-lo will be shot into flames by the service giving him the feed pretty damned fast. Jill Bob with her own server and own direct connection is going to be black holed in a heartbeat by all the other admins and postmasters watching their mailboxes fill with complaints each day. At some point, the entrace points for messages to be propegated and stuffed into your mailbox will be squeezed into a trickle for these people, which is as good as none for a lot of us.
But, as I said -- this is all a utopian, let's do this ourselves -- all it takes is some time and a group of people who give a fuck, idea. I don't actually expect it to ever happen.
---
seumas.com
Yahoo can do whatever it wants with your electronic mail; its sitting there on their servers, after all.
Nope. Yahoo is a carrier, not your employer.
Read the ECPA. That provision has never been ruled unconstitutional, it's been sitting there quietly in effect since 1986.
Only U.S. Postal Service mail is protected with the felony mail tampering law.
Different law.
However, I mention this because it brings up an interesting point; FedEx and UPS packages aren't mail, and aren't subject to that law. Keep that one in mind...
--
Of course, loads of domain name registrars and ISPs advertise with yourname.com.. Which is of course a competitor! Doh!!
--
SCO employee? Check out the bounty
Hmmm. Both your links seem to be Slashdotted.
--
Sheesh, evil *and* a jerk. -- Jade
"I will gladly pay you today, sir, and eat up
Sacred cows make the best burgers.
root@127.0.0.1 works for me. That way they end up spamming themselves.
Of course, the funniest part is when i am told that someone already registered it.
(2) I know how the spammer got my email address. If the email address was given to a service that promises not to give out addresses I'll know exactly who to blame.
Basically I can track the spammers like doing cookies in reverse. Even if you don't have access to your mail server you can use 'plus' userids at many ISPs although that isn't quite as powerful. Of course I don't want to feel like I'm just a number and that's why the addresses all start with 0x7ff (geek joke - think about it!--
-- SIGFPE
Actually, yahoo can do what they want with your email, including letting anybody they want read it. Since it's on servers they own, technically, they own all the email, even users private email.
:-)
That has been incorrect since 1986. There is a specific law against it in the United States, and it is a seperate felony count for *EACH* email.
Just like at work, you're employer has rights to read and do what they want with your email since it's on their equipment.
That is a specific exception in the law; your employer can read email that exists in their mail system, and they can prohibit you from accessing your private mail from work (and fire you if you do), but they can't look at your private email even if you access it from their equipment.
Trust me on this one; it's what my last employer's lawyers told them shortly before I left.
--
I have an account that I created for only one reason: TO COLLECT SPAM. I tried really hard to actually subscribe as much spam as possible, but I'm very disappointed with the results. I only get about 7-8 mails a day. Can you help me?
The address is spambox1 through 4 @atlas.cz, that is:
spambox1@atlas.cz, spambox2@atlas.cz, spambox3@atlas.cz, spambox4@atlas.cz
spambox2 is dedicated to spam for porno sites, so please be nice and respect that.
When I have enough spam, I'll try to find some really interesting pieces and post 'em somewhere!
Thanks in advice
tom
Using a forged return address of "@nospam.com" puts undue strain on the network connection of others, namely those people who receive misdirected replies to these mails. You are using an address in a domain you have no authority over and where you hold no legitimate address. In some countries this already is a punishable offense (although these laws were originally created to go after spammers).
If you want a spam drop account, at least create one yourself and do not fill other peoples mailboxes. This is just as offensive as sending SPAM.
© Copyright 2000 Kristian Köhntopp
Privacy.net has an address that you can use if you have to provide an e-mail address for registering software, or anything of that sort. All you have to do is use me@privacy.net for whatever reason, and it provides a bounce message to anyone who e-mails it.
You can read more about it here.
--
--
The real Raunchola isn't cool enough to have any imposters