Slashdot Mirror
What Makes You "High Risk" For SPAM?
sexykitty writes "What exactly is it that we do to invite unsolicited email to our inboxes? CNET contributor Matt Lake opened 12 free email accounts online in an experiment aimed at determining just that, and here are the results. See the risks involved in disclosing your email address through various methods. " Yeah, running a relatively well known website with your e-mail address all over doesn't exactly help out in the spam avoidance department either.
"This one ain't hard..."
you've been looking at the wrong sort of porn then.
I'm on my 5th ebay email address. The first time they sold my address or allowed it to be harvested or whatever, i tried writing to their abuse desk to complain. I got back a note telling me they wouldn't help me because I had to send mail from the address in question (it's just an alias folks... but they are too clueless to understand that.) So, I solved the problem by making it their problem: every time my ebay only alias gets a spam, that alias is changed and the old one is pointed straight to their abuse@ebay.com address. now it's their problem, and they can track it down or not without bothering me in the least. They have four of those spam attractors now. heh heh
For years, i have been using bob@bob.com as a junk mail address to enter. I recently found out, there is a bob@bob.com. (It used to be owned by someone at microsoft i believe.) So im sorry bob.
The remedy How can you avoid precisely targeted unwanted mail? Reply to it. Put remove or unsubscribe in the subject header, or follow any instructions within the actual messages. Most real business e-mail provides a functioning remove link. If the message comes via paper mail or phone, contact the company with a request to stop. Any business that's savvy enough to cross-reference records with a domain registry is smart enough to stop if it's about to lose a customer (we hope).
Most places if you follow the link to opt-out it'll just let them know you that you are active and you'll be added to more lists.
Fuck Ajit Pai
this is why i changed my address to abuse@att.com... i figure why not let the spammers report themselves?
--
Well, I'm not sure about Slashdot, but I've noticed that the linux.com folks seem to have come up with a clever idea.
If you take a look at the source for the main linux.com page, you'll find a comment that contains the address spampoison@linux.com, both bare, and in the form of an HTML link. It is accompanied by a warning not to send mail to that address.
I suspect that what they're doing is collecting spam at that address, and then if a similar message arrives at one of their other addresses, it can be recognised and refused/blackholed immediately.
\\'
Your mom needs to tell her friends to stop forwarding those big header filled posts on to spammers. Honestly, I don't think those chain letters are as bad as a problem as you think they are. A spammer would have to be forwarded the letter directly from someone (who doesn't trim forwarding info), and most people don't want to send their address to spammers. The biggest danger is that a friend of a friend of a friend will forward that onto someone who posts it somewhere with the headers intact, but that's a pretty rare occurance in my experiance.
I read the internet for the articles.
It's not that the concepts behind the code is bad, but numerous perl experts have pointed out weaknesses and lack of checks in those codes that could easily break a system. Sure, others have improved the security of those codes as well, but most people take blind faith that because they're at Matt's Script Archive, the code is 'secure'.
And saying that thousands of sites use formmail.pl is like saying that thousands of sites use an unpatched IIS.
"Pinky, you've left the lens cap of your mind on again." - P&TB
"I can see my house from here!" - ST:
Problem being that it gets your real email address out there into someone else's hands -- someone who you can't control. Someone could grab the last year's worth of logs of forwarding addresses (most of which are probably legit, considering the purpose of the tool) and compile it into a list. BLAMMO! You've been spammed.
I don't give out addresses @ my domain to any company that I buy/order/sign up for something from -- they get my hotmail address.
Sonce noone who I *really* want to hear from ever emails me at the hotmail account - I can be reasonably sure the email there came from:
- MS's Spam Farm (IE: the master Hotmail list that quite obviously gets sold every couple of months to a lucky set of spammers -- despite what the article says, I open a new hotmail account every few months, and generally within a couple weeks of not doing anything with it (no mail sent, no address given out to anyone) there's about 5-10 a day - the longest this has ever taken was 2 months.)
- Companies I've signed up for stuff with
- Spammers
Thus, it's easy to contain, and about 5 minutes every month or two, I skim over the email there to make sure nothing legit came in (it never does).
My real email address gets obfuscated everywhere but on my webpage -- which is low-traffic anyway. All mail coming into me gets passed through a filter which weeds anything NOT directly addressed to me into a "suspect" mailbox.
My main mbox gets MAYBE one spam a month. The "suspect" mbox gets about one a day, two a day on Sundays (don't know why, but that's how it goes). My hotmail account gets at LEAST 40-50 a day, about half of which are generally caught by the filters there. MAYBE one legit message comes into my hotmail address every two or three months.
I made a new address that I used only for Ebay's mailing service, where you put in a filter and they send you mail when a listed item matches. This is a non-public site (others can't see that you're on it). I often use unique addresses as it makes filtering easier. Well, I got spam to that address a couple months later, meaning either they sold it, they were hacked, or spammers setup network monitors along the route for harvesting. I sent mails to abuse@ebay.com and they went unread, returning the form letter about harvesters on auctions (which this clearly wasn't). Further letters were ignored completely (poor form for any abuse admin). I procmail that address straight to /dev/null at my ISP now.
-----
My God, it's full of source!
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
It's a painless and effective way to create new email addresses when you want to register with a new service. Then, when you get email sent to one of those addresses from an unknown party, you know precisely who to blame. I have been following this practice for over a year now, and -- knock on wood -- I haven't had a single address leaked, and I've registered with some pretty obscure places. I have about 50 aliases setup. Jason.
Strangely enough, I've had one of my email addresses in the clear (yes, that's it, right up there) for over three years on Slashdot, and I've posted at least a couple hundred times during that period. I get relatively little spam to that address. (Well, a piece or two a day, which is "little" compared to the dozen or two a day I get to the address listed as my domain contact.)
The way I figure, so many folks obscure their addresses or are aggressively anti-spam that few spammers even bother harvesting here. On the other hand, I usually get a series of script kiddies knocking at my door every time I post. Kind of goes with the neighborhood...
I currently get maybe a few spams a week, whereas I used to hardly get any at all before when I was more careful about having my address on the web anywhere.
What are other people's experiences with subscribing to obscure web-archived mailing lists, or, for that matter, with posting your email address in cleartext on Slashdot?
Its a common theme on slashdot to obsfucate your email address, most of us here do it.
.sig of one guy on ./ who uses a perl algorithm to hide his...)
The account I have above (which is a junk account), I have had for the last 3 years. I have had it on slashdot for over two years.
Up until the last 6 months, I had not recieved a single spam message in my inbox at hotmail. My address appeared on the newsgroups, and on slashdot, but it was de-spammed to confuse the spambots. (I still love the
Then I decided to register for a few online services with this email account.
Bad move.
I got hit with about 20 spam mails per day.
I don't know which one it was, but as the article says take the "we take your privacy seriously" statements, often are pure B.S.
Try to hack my 31337 firewall!
You might want to gently suggest that those pr0n ads she keeps getting are her karmic comeuppance for passing on all those awful chain mails. Spammers and chain-email senders: truly, two groups of people who deserve each other.
We just moved our MX from a CoreComm affliate's IP block (Class C) to AT&T (Class A). Big jump in spam, from 5-10 week to 10+ a day spread out amongst 60+ email addys.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
They generate a unique email address for any / every different situation that you need an address for.
OK, then, let's see how it works when you spammify the address...
xcizjev55jf55t001@NOSPAM.sneakemail.com
That address agan:
xcizjev55jf55t001@NOSPAM.sneakemail.com
I always wonder how much crap you get from posting slasdot with a spammified address....
Cheers,
Jim in Tokyo
Have no clue about firewalls?
-- My Weblog.
My own spam problem started in the dark and forlorn days of 1995. It all started because of a name.
Due to an unfortunate accident of ancestry, my initials happen to be ADS. When I got my first dialup shell account, I chose to use my initials for my login name in the style of one of my then-heroes, Robert Tappan Morris (of RTM Worm fame). Thus did I become ads@netcom.com.
You can imagine the sort of traffic this generated for me, from day one! Every yokel with a half-brained scheme and a university mail account decided that this miraculous 'ads' address must be a special mailing list for thousands of Netcom customers who sat with baited breath, waiting to learn how they could lose weight fast, get rich quick or get rid of debt.
I fought this torrent of spam for almost 5 years before I finally had the technical proficiency and computing resources to come up with a solution. The solution I finally found is elegant and simple. It keeps the spam down to three or four messages per day. More importantly, it lets me know who is distributing my name to whom, and when.
I have a host alias tracker.xeger.net. Mail sent to any address @tracker.xeger.net is subjected to extra-bitchy filters, and mail that makes the cut is forwarded to one of my normal mail accounts, address intact.
Whenever I go to a new web site, or give my email address out to anyone, I give them an address of the form 'domain_dom@tracker.xeger.net'. CNN gets 'cnn_com@tracker.xeger.net'; Amazon gets 'amazon_com@tracker.xeger.net' and so forth. When the spam comes rolling in, I know from whence it came. I know how they got my mail address. And I know who to hunt down and disembowel.
To this date, I have been solely responsible for more than 200 cancelled accounts and at least two blacklistings. The count goes up daily.
No big surprises in the article, although it was nice to see somebody do a little semi-formal research to quantify where the most spam comes from.
I have a personal email address that I do not publish on the net at large, and have been remarkably successful at keeping it spam-free. I have another email address I don't publish, which came free with my dial-up account at home, that gets between 10-20 pieces of spam per day. I guess some ISPs (even good ones) sell their customer lists. I also have a couple of yahoo/geocities emails that have been getting spammed since day one, and I don't care. Work email gets about 3-5 pieces of spam a week, almost all semi-work related (notices of developers conferences, seminars, etc.)
One thing I *do* try to do is not publish my email directly on web message boards like slashdot. I've done so in the past and noticed a definite increase in spam as a result. Instead, I'll link to my web page and list my email there -- this makes it a little harder for automated email harvesting programs. Of course, I also post on usenet, so I'm not that fanatic about stopping every last piece of spam. As long as I have one email address I can maintain as a "clear channel", I don't mind as much if the others get a little clogged with junk.
The SIZE of spam also is a factor as to how much it annoys me. I'm much less likely to get bothered by 3 lines of "Make Money Fast" than I am by a 30K HTML monstrosity that looks like crap in mutt or pine. I've recently been getting spammed by some club/rave promoter in the UK (presumably because I run an electronic music site) with large HTML emails, several times a week. I don't even live in the UK, so this is particularly stupid and annoying.
In my limited experience, I've found that the more "common" your email address, the more likely it is that you will get spam. My wife had a hotmail account nmcdonald29@hotmail.com Obviously, a good way for a spammer to operate is to send mail to obvious names like that, i.e. send mail to nmcdonald1@hotmail.com, nmcdonald2@hotmail.com, etc.
Once she changed to a yahoo account, with the address nancy94376@yahoo.com, the flow of spam has almost stopped. Of course, perhaps yahoo does a better job of filtering than hotmail.
It might be a good experiment to open up several accounts at the same service with names of varying "commonness", and see which ones get the most email, e.g.
fjkflfjk78@yahoo.com
nancy74384738@yahoo.com
nancy1@yahoo.com
All email addresses have been changed to protect the innocent.
Thats right, if you happen to be jeff@somewhere.com or sally@somewhereelse.com or bill@ or steve@ or smith@ or jones@ your gonna get a lot of spam. They try every username they have ever seen on anybody's server -- on your server.
A big problem is that a lot of people leave EXPN (expand) on their sendmail servers turned on. That means joe spammer can go to your server and try expanding every common username on his list and quickly he can get every user on the system to spam. Even if that is turned off, during the normal SMTP process, sendmail will generate an error code if the username is invalid... which means they can cancel that email and try the next name.
This and a lot more spam-avoidance stuff can be found in Brett Glass's paper Stopping Spam and Trojan Horses with BSD, which contains a lot of good information, even if you are not using BSD.
--
Good Fast Cheap. Pick any two.
My experience with hotmail differs from his. I signed up for a homtail account before taking an extended overseas trip. The first time I checked my account I had 6 pornographic spams waiting for me.
--
--
E_NOSIG
I'd guess "Posting on Slashdot".
Awww shit....
--
Give a man a match, you keep him warm for an evening.
Give a man a match, you keep him warm for an evening.
Light him on fire, he's warm for the rest of his life
There must be hundreds of harvesters running, collecting e-mail addresses there. Users are required to have a valid e-mail address to keep their eBay account, and by being there, you're showing a willingness to trust strangers in net commerce to some extent. This makes eBay address collections golden.
I created a rather obscure new address at my personal domain, intending to use it for eBay only. Within a few weeks, I was up to a dozen spam messages a day.
--
I mean really. Probably the worst way to get spam is to have a 'friend' submit your email address in those 'free porn-a-day' spam collection thingies. That, and those horrible email forwards that get your email address in them.
-------
Caimlas
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
It is funny. It is also a good way to get sued for harassment. Hope your friend is being careful about using an anonymizer so he can't be tracked.
Best Slashdot Co
Recently, I opened a Hotmail account. Within minutes, I had my first spam arrive (toner cartridges). Minutes. On an address that has never been given out, used, or posted anywhere.
A friend of mine has an login name that's both short and is made up of the first five letters of the alphabet. She gets upwards of 100 pieces of spam each day.
J. Random Spammer, like an orangutang with an assault rifle, could care less if spam arrives at a valid e-mail address. As long as the client can be billed for "1,000,000 direct marketing messages sent". That's all that matters.
The real problem is all of the brain dead system administrators that leave port 25 open for anyone who wants to drop trou and take a huge dump in everyones' In Box. Korea, Ireland, Brazil, China...and the good ol' USA. Idiots.
Fetch my LART gun, boy.
k.
--
"In spite of everything, I still believe that people
are really good at heart." - Anne Frank
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
There were two of them that I never used, but which included me in their user directory. These boxes quickly filled up with spam.
So in some cases, just opening a free email account can get you spammed.
I run my own email server, and I admit, every once in a while, I get pretty obsessive about looking at the mail logs. For a few weeks earlier this year, I had someone from a [big national ISP] dialup pounding my server with requests that came up with 'unknown user' bounces. The usernames were common first names, and names like "marketing", just trying to get a hit. My best guess is someone was using a dictionary type attack to find valid usernames to spam. I sent email to [big national ISP] giving them the logs and the specific IP address that these were originating from. No response, attack continued. I finally denied that IP range with the sendmail 'access' file.
/dev/null all the 'unknown user' emails.
How can you fight this type of harvesting? I can't figure out how... having some sort of feedback when an legitimate email has a mistyped username is useful, so I don't want to accept and route to
Nah.
Every time I fill out any kind of registration for crap that I don't want to get actual email about I put in hemos@slashdot.org. I don't even remember why, I think Hemos pissed me off at some point about something mundane and it just stuck in my mind. I'm thinking that dave@dave.com gets a lot because of me too.
"Share your knowledge. It's a way to achieve immortality." -- Dalai Lama
He had a third AOL control account sitting unused, which recived no e-mail during the coarse of his experiment.
So, yeah, not being on chat *does* seem to help.
Is this post not nifty? Sluggy Freelance. Worshi
I use a different email address for each place i have to give an email address to. It's very useful for filtering and sorting incoming email.
For instance, I have amazon@mydomain.com, timezone@mydomain.com, ebay@mydomain.com, nlug@mydomain.com, etc.
This way, if an address goes rogue and gets inundated with spam, I set my filter to bounce it, which clears things up within a month or two. It's also a good way to check to see if someone is violating their privacy policy by selling my email address when they promise not to.
I take it one step further, and have one of my domains setup to take any address, and forward it to my real address. I used to use a +, but ran into occasional problems when filling out some forms.
Amazing how much of my spam comes from network solutions.
How about getting your email address stuck on a forwarded joke or chain letter?
I used to get tons of jokes or chain letters forwarded to me (which I never read), but then I noticed I started getting spam in my private email account (I have a public account I use for emailing people I don't know, and a private one for people that I know). then I figured it out. If someone sends you a chain letter or joke forwarded to a bunch of people, and anyone on that list forwards it to someone else, before long you'll have a great source of email addresses. and good luck suggesting that they list addresses using BCC, instead of To. If you can't get them to stop sending you "fwd:fwd:funny joke", how are you going to get them to use BCC?
So not only are chain letters annoying and stupid, but they'll breed spam to boot.
Insert simplistic political, ideological, or personal proselytization here.
1) Use Google to search for your own email address every couple of months. This makes sure that you or no one else has intentionally or accidentally posting your address too publicly. Contact the webmasters to encourage them to take them down or munge the address. If they refuse or ignore, the only way to start fresh is to get a new address.
The biggest culprit that I've found? Private mailing lists! You'd be surprised how many mailing lists are archived on the web with unmunged adresses. Sure, the list doesn't spam you, but if they archive everything in plain text, you will be eventually.
2) Plead with your family to only the use your private email address only for personal correspondance. Personal correspondence means email that you send yourself. The intent is to keep them from typing your name into those stupid webpages like shakin-baby-butts.com. Tell them to use your alternate spamtrap email (e.g., Yahoo with filters on) if they must type your name into anything EXCEPT the mailer's "To:" field.
3) Zap any mailto links in personal webpages. Someone suggested using a picture of the address, but I've found a nicer solution. Use HTML entities to screw up your name. For example, from my homepage, the HTML source is this:
s<!-- die spammers -->cott
<!-- die spammers --> <!-- die spammers --> @
<!-- die spammers --> <!-- die spammers --> t&<!-- die spammers
-->ringali.or<!-- die spammers -->g
This allows visitors to cut and paste the mail address. The only bot that seems to be able to parse this is Google.
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
The URL mentioned in the article (or at least ones that look like it)
c ure.htm to find out exactly how this works. Keep in mind that this method is blocked by many proxy servers, so it probably won't work for you from an office - try your cable modem or dial-up at home.
i.e. http://3519285059/remove.html
is in fact a working URL. Perhaps the nature of it leads people to believe that it is not, but visit http://packetstormsecurity.org/papers/general/obs
Having your email address on a web site in any way (mailto link, body text, form element, or even just a comment tag) is an open invitation to spam harvesting.
Consider that the lowly Sircam worm will read through web page caches to find email addresses -- spambots are at least that smart.
Get an e-mail address like [a-z][a-z][{insert generic family name}]@[hotmail|yahoo|bigfoot|whoever].com and you won't be able to stop the deluge.
I did that once at Hotmail and I had to stop reading the account. Now I am using it only for cases where I have to register with an e-mail address.
-Martin
SoftMaker Office for Windows|Linux|Android
My Yahoo address, in comparison, gets maybe 1/10th as many spams, nearly all from identifiable sources (e-tailers I've used before, for example). So, making a "chat only" address probably won't help much with AOL spam.
The only "intuitive" interface is the nipple. After that, it's all learned.
"The question of whether a computer can think is no more interesting than that of whether a submarine can swim" -EWD
Maybe the spammers were trying to email him some clues.
_O_
_O_
.|< The named which can be named is not the true named
It should be pointed out that it's not Deja/Google that spam, but spammers. Email addresses get attached to articles, in a similar way to slashdot articles. Those addresses get harvested and mailed.
Bill, no spam I.
Remove me addresses, put remove in the subject, global opt out lists, etc.
Go to http://mail-abuse.org/rbl/reporting.html instead.
I use Sneak Email to direct my mail. Any time I need to enter my e-mail address, I create a new one. Worried about Amazon.com going bankrupt and selling your e-mail address? Worry no more. You can adjust the filters to block domains, all mail, or just delete the address from existence. Why bother configuring your own host to filter when you can use SneakEmail for free.
Of course it helps to spamproof your address when posting to message boards (see mine above).
Filling in a needless registration form? I started putting 'abuse@theirdomain.com' instead. If Real.com wants to spam me, they'll just spam themselves.
...for registering for something somewhere get a free temporary email address at Spamh0le.
You can set up your account to forward email to your real address for as long as you want, and from then on it gets forwarded to their /dev/null. Handy, to say the least.
In the article they say that Hotmail's spam filter (called inbox protector) filters about 2/3 of the received spam. I got approx. the same figures with my own hotmail account.
:/ Unfortunately, I don't think circumventing a spam filter is in the scope of the DMCA
However, since last week end hotmail not only has a new design, but also a new spam filter. It is disabled by default, but you can enable it in the 'Options' section by setting the inbox protector filter to "High"
And it works very well so far (ok only 5 days is a bit short for an experiment). My 10-spams-a-day trash hotmail account that I only used to register on sites where you need to is now usable!
Well, it is until the spammers find a new way to circumvent it
!
^_^
How is this unsolicited mass email, in any way shape or form, responsible?
It's this line of thinking, that anybody is fair game for a deluge of unwanted ads until they tell each and every individual sender to cut it out, that brings us the ridiculuous opt-in vs. opt-out argument. This shouldn't even be a debate. The answer is obvious, and I'll use small words for marketeers who don't get it and are currently lobbying our elected representatives:
I had an argument...with the person here at the university that teaches OS design. I wonder when I'll learn --Linus
I've been on MP3.com for several years, and I've used a large number of its features, and I haven't experienced anything like what you're describing here. I have an artist's page, I manage several stations, I use it to buy CDs and look for (and then download) new music, I use the my.mp3.com feature to keep my favorites in order, and I get -maybe- two e-mails a month from them, which are all easily filtered because they come from "@mp3.com"!!!
Of course, if you use a fake e-mail address, you can still listen and download as much as you like without using all the extra features!
Be careful! Your example demonstrates every mistake it possibly could. One, it requires putting your email address in the HTML, where a spammer could find it. Two, it does not appear to restrict the recipient, meaning it is effectively an open relay. Three, there is no indication that it performs effective logging, meaning it is effectively an anonymous open relay.
Not to mention that any programmer so thoughtless probably didn't think much about security, so you may be creating a new vulnerability without solving the old one.
The evaluation of an action as 'practical' . . . depends on what it is that one wishes to practice.
Fight Spammers!
Every mail I send or subscribe to a service, I use a unique email address so I can track where they got my email address.
To me, the main sources seem to be USENET (I'm still getting spam sent to an email address I used _once_ over 4 years ago), website greppers and the Network Solutions Domain Registration Database (search for a random domain, grep the WHOIS entry for email and violia!).
Richy C.
Why do you guys think you have to make some sort of gratuitous self-important comment after EVERY article posted? Your own self-importance is beginning to wear mighty thin.
Michael: Mod this down, censor.
First, I have a hotmail account. When I get mail in my box that is addressed to every variant before and after my name, alphabetically, I figure that's just a buckshot approach to hitting a few addresses that might work. 'Course, I have no scientific way to demonstrate this except the suspiciousness of such CC: headers.
Second, what about email forwards? My mother-in-law is big on forwarding cutesy stories and inspirational things, as well as those fake virus warnings (when some guy was first telling me about Melissa, before he said he saw it on TV, I thought that was another one of those) and "email tracking for money/candy/cure for cancer/etc" messages. We all know someone who constantly sends stuff like that, likely. While some people even consider that borderline spam, I think the larger problem is the long list of headers, containing addresses, that end up in nefarious hands at some point or another. Again, I have no proof, but I'd bet that this kind of thing is a good way for spammers to get email addresses, when my name has been included in a long string of names on somebody's chain letter.
The problem with the second method could be greatly alleviated if people would a) clean up messages they forward; b) learn not to forward the obvious junk (a nice story or good joke occasionally is ok); and c) use BCC: instead.
"I say consider this day seized!" -Hobbes
"I say consider this day seized!" -Hobbes
"Tomorrow we'll seize the day and throttle it!" -Calvin
That way, when I get mail to me+realplayer@example.com, I know that I gave that address out when I downloaded realplayer. If email to that address starts getting out of hand, it's simple to just block to that specific address.
YMMV, as I don't know if all mailing software supports it, but for our Sendmail+Cyrus setup it works fine.
"I say consider this day seized!" -Hobbes
"I say consider this day seized!" -Hobbes
"Tomorrow we'll seize the day and throttle it!" -Calvin
I'm surprised this guy managed to only get one e-mail a day, on average (at the worst). Of course, I use a hotmail address to throw at places that I know will send me mail.
The overall outcome of the article? Don't give your e-mail address to advertisers. As if that shouldn't be obvious.
Yeah, I started doing the unique address thing, but nothing had come of it, until ezBoard.com sold me out. And once they sold my name there was no way to opt-out. So if anyone is planning on signing up for ezBoard, don't.
Maybe it's because you don't list your email addy on your account?
im curios as to how much spam the /. guys get - considering their address is around so much. what do they do to block them?
if anyone care, mod this up so they see it. if not, i will party down here with the +1'ers
NEWS: cloning, genome, privacy, surveillance, and more!
NEWS: cloning, genome, privacy, surveillance, and more!
I've come across filters like that, that seemed to only filter out "localhost" and "127.0.0.1", not realizing that the entire 127/8 is loopback. I hope abuse@127.32.64.128 liked any resulting spam... :-)
It doesn't matter if you reply to spam or not. The spammer still knows that your account is real, because if it weren't, the server would rejet his message. However, he doesn't know if anyone actually reads the account.
Got friends?
(How not to frame a question: go to national video game competitions, use the contestants as subjects in your study and trumpet your findings as proof that "gamers are comparable to top athletes". Also not to do: have Jon Katz post a long article on it days after Slashdot has already covered it, lift lengthy paragraphs from a newspaper article without using quotes or proper attribution and then add his own, even more overblown, conclusions.)
The most interesting thing, I thought, was how responding to "Remove" addresses didn't seem to be the disaster everyone says it is.
Unsettling MOTD at my ISP.
Here's some of the nefarious companies and their creations...know your enemy :)
This company has an "Atomic Harvester" that fishes for email addressen and if that's not annoying enough, they also have a program that automatically spams newsgroups. And for the spammer that's too lazy or too cheap to pay for the software, then This company will harvest email addressen for a fee.
To thwart the above methods, check here for ways of protecting against those harvesters.
/*drunk.. fix later*/
I'm more inclined to think they sell their lists. Not to mention the security at the ISP is attrocious.
I check my 'real' account about twice a week. There are always at *LEAST* 50 messages in the inbox. All spam.
The account I actually use, however, is on my *OWN* mail server. I use dyndns.org for my domain name and to provide the MX record that points to my own mail server.
The account on my own mail server gets 1, maybe 2 spam mails a month.
In summary...I think it's the fscking ISP's lack of security and selling of it's userlists that leads to spam.
btw...I post DAILY to the usenet, using the real email address that is hosted on my own mail server. The fact that I don't get spam leads me to believe that this is no longer a problem. Then again, I only post to a single alt.* group that seems to not be a target of the spambots.
Firstly, he didn't specify whether or not he was using common E-Mail addresses, or ones with slight imagination. Lucky for me, my name isn't a Western one, so spammers never guess it. The second thing that should have been taken into account is that commerical mail providers are naturally at high risk for spam. I've had a university account since 1994 and only recieve a few spam messages a month.
One of the policies that my university has is that for students, there is no, for example "jsmith@...edu". Our E-Mail addresses are actually our social security numbers somehow made into a four letter code; sure spammers could guess combinations, but most won't put in the effort.
I can testify that registering two domains was the beginning of spam on my university accounts; for months I would literally go spam free until getting put into the whois database. Contrary to what some people here have found, Hotmail and Yahoo have produced no spam for me, except their own... I think what protected me was having a unique name that wasn't easily gussed by spammers.
Usenet produced *some* spam for me, but nowhere near the amount this guy is reporting. It probably has *a lot* to do with what groups you're posting to, and whether you're crossposting.
He could have mentioned more solid ways of getting off of spam lists, like checking headers to see where spam is originating from. 50% of the spam I've seen comes from someone with a dial-up account and a mail server. Once E-Mailing abuse@, and postmaster@ these people generally go away, either because they don't want to deal with someone like me (a hostile 'customer'), or because their ISP's pull the plug.
If you have a box of your own it's fun sometimes to create a bunch of E-Mail accounts, and see which ones get spammed from who.
- Dan I.
Yeah, running a relatively well known website with your e-mail address all over doesn't exactly help out in the spam avoidance department either.
.com on
in it and people love convenience . Well, now is your
chance to capitalize on this . We will help you turn
your business into an E-BUSINESS plus decrease perceived
waiting time by 180% ! The best thing about our system
is that it is absolutely risk free for you ! But don't
believe us . Mrs Jones of New York tried us and says
"My only problem now is where to park all my cars"
. We are licensed to operate in all states . So make
yourself rich now by ordering immediately ! Sign up
a friend and you'll get a discount of 90% . Best regards
. Dear Cybercitizen , You made the right decision when
you signed up for our club ! If you are not interested
in our publications and wish to be removed from our
lists, simply do NOT respond and ignore this mail !
This mail is being sent in compliance with Senate bill
1916 ; Title 6 , Section 307 ! This is not multi-level
marketing . Why work for somebody else when you can
become rich in 96 weeks ! Have you ever noticed how
long the line-ups are at bank machines and most everyone
has a cellphone . Well, now is your chance to capitalize
on this . WE will help YOU decrease perceived waiting
time by 150% and deliver goods right to the customer's
doorstep ! The best thing about our system is that
it is absolutely risk free for you . But don't believe
us . Prof Jones who resides in Ohio tried us and says
"My only problem now is where to park all my cars"
. This offer is 100% legal ! We BESEECH you - act now
. Sign up a friend and your friend will be rich too
. Best regards ! Dear Salaryman ; We know you are interested
in receiving cutting-edge intelligence . If you no
longer wish to receive our publications simply reply
with a Subject: of "REMOVE" and you will immediately
be removed from our database ! This mail is being sent
in compliance with Senate bill 1619 , Title 4 ; Section
309 . This is a ligitimate business proposal ! Why
work for somebody else when you can become rich in
23 WEEKS . Have you ever noticed society seems to be
moving faster and faster and people love convenience
. Well, now is your chance to capitalize on this .
WE will help YOU process your orders within seconds
and SELL MORE . You can begin at absolutely no cost
to you ! But don't believe us . Ms Anderson of Georgia
tried us and says "Now I'm rich many more things are
possible" ! We are licensed to operate in all states
! We IMPLORE you - act now ! Sign up a friend and your
friend will be rich too . Thanks .
Dear Friend ; We know you are interested in receiving cutting-edge news . If you are not interested in our publications and wish to be removed from our lists, simply do NOT respond and ignore this mail . This mail is being sent in compliance with Senate bill 1916 , Title 7 , Section 302 ! Do NOT confuse us with Internet scam artists . Why work for somebody else when you can become rich within 20 months . Have you ever noticed nearly every commercial on television has a
Candygram for Mongo!
I wan't able to read the article yet (/. effect ?), so maybe it's covered there, even tho I don't think so.
:-( But, once I did not indend fo use that address for anything else, it does straigh to /dev/null, after going through some filters to separed official communication from Terra.
:-(
I have recently (about 2 months ago) opened an account on another ISP (this one for Cable). I chose and e-mail address like r[some-other-letter]@terra.com.br (just to put a finger on the culprid). Once I have lots of addresses, I simply chose not to use this one. Well, one would support that I would never get a spam on this addres, right ? wrong.
Only 3 days after, I received my first spam on this account. Of course I though "this darn bastards are selling e-mail addresses", and complained like hell to them. They went on swearing they did not sell addresses and so on and on. Well, that settled the matter was a spam I received which stated the name of the target
Dear Roberto
Well, my name is not Roberto (even tho it starts with "R"). What caused the spam ? They were recycling (reissuing?) e-mail addresses. Someone in the past had that same username on terra.com.br, did some dump things, and his address got in some spam lists. He was the target, not me. But once this address now belongs to me, I receive his spam.
I don't know if this recycling of usernames is a common practice elsewhere, but this is surely a good way to have you mailbox filled with spam
---
morcego
A friend goes to every embarassing website he can think and enters the email address for his wife's ex-boss. Pron sites, embarassing drugs, on and on.
It has been 2.5 years and he still does it!
---"What did I say that sounded like 'Tell me about your day?'"---
I'm surprised the people at SPAM haven't threatened Slashdot directly. Not for the word, but the use of the can image.
I've had an email address for about a year that was not once used for any reason at all. Never received, never sent. One day, I sent an email to a relative who had just got their email account and was excited to be on the web.
..."
A month later, I got forwarded one of those "send this to x people and Bill Gates will send you $3,014 for each 3rd person... no really, it's true, just the other day I recevied my $10 million dollar check from
I replied and told her never to do that again or she will be blocked and I'll never email her. I explained to her why she shouldn't do that. It's because someone somewhere along the line will get the 30 times forwarded message and will glean the 100's of emails that are a part of the message body from all the forwards and put you on a list.
Now, everyday I get 1 or 2 Univerity Diplomas emails, they just don't stop sending them, Every day Janna wants to know what I was doing last night, King Kong keeps wanting me to buy some Herbal Viagra alternatives, FBI snooper detection prevention software, and a chance to win a free 3 carot dimand after I send $2,000 to sponser some foundation... yeah... uh huh...
I'll tell you, those funnies you send and recieve everyday is a really good way.
The other way is to reply to a spam to be removed from a mailing list. In the same mail account, I replied to a few to be removed from the list and shortly after the volume of messages recived almost doubled. Now it's a useless email account that receives over 600 emails per week. It's sad because I've only sent and recieved less than 10 legitimate messages from that account in the past 5 years and this is what I get in return for it.
Bottom line:
* Warn your friends and family not to send
you forwarded email. Explain to them
that most of those messages are hoaxes,
anyway. Companies don't pay to you to blast
the Internet with messages.
* Second, don't reply to spams when you do
receive them or it will just confirm an
active account. I used to spoof returned
mail notices but those don't help any,
they also make it worse.
* Third, if you do recieve a mass-forward,
you're already at odds.
* Each time you sign up to a new web-site, read
the privacy statement. Usually, you're info
will be shared with a partner. Check that
partners privacy, because usually that partner
will share your info with a partner and so on.
Your email address is usually not kept secret
anymore. They make too much money by selling
to people. If they are European based, then
it might be more secure because of privacy
laws.
* Opt-out of those "important updates from the
company and their partners". This will just
generate more unwanted messages than you'll
care about. I've opted-in to some in the past
that were supposed to be monthy tech news
updates on important issues. Well, one day it
became daily. They changed their policy with
out notifying me.
* Most sites reserve the right to change their
privacy policies at-will and with no obligation
to notify you. They expect you to keep up
on this yourself. The best advice is to do
so. I've cancelled membership to some sites
because of this. My data is not theirs to
profit from while I profit nothing from it.
* Obvious names, such as "kitty@domain.com,
bmwlover@domain.com, studmuff@domain.com, etc"
are likely culprits. Sometimes they perform
dictionary based attacks on many domains and
it may just be your lucky number. What's
worse, is that they CC so all emails are there
and other spammers gather those emails and then
you are placed on another list.
* Anything else not mentioned. Keep in mind,
these are only spam "reduction" techniques. I
think it's very difficult and next to
impossible to not be spammed. Being aware of
certain actions that will trigger a result and
preventing those actions, will help greatly.
* If they leave a return address, sometimes you
can complain and have their account revoked.
This won't stop them, they'll open another
account and continue.
* Push for a law that allows the sponsor of the
spam to be sued for damages and inconveniences
rather than the sender. For example, I've
recived over 200 unvirsity diplomas messages
which all have the same phone number, but each
message is from a different sender. If we can
sue the owner of the phone number, than that
would go a great distance because it would
make people afraid to market in that mannor.
Well, hope this helps,
Leabre
in case your email has never been revealed anywhere on the net, you can use cgi or php scripts that email you. They don't reveal your email address, but let's your users email you.
I switched to these way too late though, so I still get lots of spam.
Here's an example of a web mail form:
http://www.topfloor.com/pr/examples/cgimail.htm
--
I'll synopsise it further: don't use AOL.
Further still: don't be the sort of induhvidual who uses AOL.
If you were blocking sigs, you wouldn't have to read this.
considering i hadnt used it yet (to put in forms/pasted on a site etc) i was kinda suprised (or maybe i wasnt) that it came from me. albeit at msn.com
although that spam was probably funding hotmail :]
Doing pretty much anything on the internet opens you up for SPAM, especially signing up for internet email accounts. All I say is "that's why they made the delete button." Just delete it and move on, and don't go doing anything stupid like signing up for special offers from MSN.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ now you know
My mother complains to me (her IS dept) that she keeps receiving spam and pr0n ads. However, her behavior is one not mentioned as one of the high risk activities on that report. She constantly mass mails her friends chain letters and email jokes (and unfortunately for them does not use blind carbon copy). Most people do not remove that big list of addresses from chain letters and the like before sending them on to the next person (or typically, group of people). As a result, those big long lists of email addresses will eventually get harvested by some agency looking to make money on lists of valid addresses. Even worse for my mother, those agencies do not even have to work any further to verify some of the addresses. They can be guarenteed that the sender(s) addresses are valid. Makes it quicker and easier for them to get your email address sold and sent to spammers.
So, meanwhile, my mother and I'm sure countless other novice computer users will continue to complain about spam, but those chain letters will keep getting sent. I wish this report would have gone into more depth about this practice - I think it's one of the quickest ways to get spam.
Why bother.
This nifty web page will convert your email address into Character Entities so you can display it on your site and not get harvested by spammers: Email Address Encoder
Will this fit in my /. user profile? webma ster@ super flipp y.net
Your fantasies contain the seeds of important concepts.
My email name happens to be one of the 17,576 that are possible using 3 characters from the english alphabet. Almost daily I'll get 1 or 2 (out of 20+ total) spams that cover my name, along with the alphabetically ordered names that are close to mine, all listed in the "To:" field.
Well... nice article. But one thing is missing... How much spam will posting my email at /. generate???
Lets make the test. My email is andres32a@yahoo.com. DONT SPAM ME!!!
Date: Fri, 27 Jul 2001 12:09:49 -0500 From: root | Block Address | Add to Address Book To: andres32a@yahoo.com Subject: Was that you? Make money fast by selling viagra to the Nigerian government while helping them funnel the money they skim from the operation out of the country to give to naked coeds so they can buy tiny miniture webcams from a company that you must buy stock in now. THIS IS NOT SPAM
Sorry, but if I don't ask for movie showtimes, and I rarely every buy any DVD's, why are you telling me about them?
It seems that a lot of the spam-bots try to filter out certain forms of spam-proofing and remove the word spam from email addresses. After switching to an email account with the word "spam" actually as part of the username, my spam count has plummeted. Of course, time spent explaining to people that that actually is an email address and not spam-proofing is required, but you only need to tell someone once for all of the times they'd write, while you would have to delete spam every time it came in.
______________________________________
______________________________________
Ever notice how fast Windows runs? Neither did I...
I actually tested this more comprehensively by sending all the email I got at my domain to one inbox, and using nameofdomain@mydomain.com to figure out where the spam was coming from. I was surprised that I didn't get any from my Slashdot account despit people's paranoia about it here. The biggest culprit was a single newsgroup posting that I made, netting me over 140 spam messages.
import sig.my.*;