Slashdot Mirror
Eliza for Spam
Saint Aardvark the Carpeted writes "Check this out for sheer genius...This guy has posted to Perl Monks a script that uses the Perl Eliza module to respond to spam. Check it and contribute your suggestions for improved vocabulary." The downside of course is that spammers never set their reply correctly (which I think is forgery, and should be treated as such) so this is probably more academic then useful, but its definitely funny.
Cats: Eliza. All your base are belong to us.
Eliza: Does using that kind of language make you feel better ?
---
'nuff said.
At a company I worked at a few years ago, there was one particular customer who liked to bug tech support just to have someone to talk to. He'd ask the most inane questions, then when he got the answer, he'd generally say "Why would I want to do that?" in reference to what he was asking us how to do in the first place!
It got old and so we set up a psuedo tech support person and had that person handle all his tech support. We would send his email through Eliza (the one in emacs) and then take Eliza's responses and send it back to him. This seemed to keep him satisfied, and kept our tech support from getting aggravated by him.
What we NEED instead of more stupid laws (we have enough idiotic ideas about computer "crime" in law enforcement already, Taco) is legal recourse for the recipient
Giving a legal recourse for the recipient would require a law you know.
Yeah, but its pretty easy to find the server from which the email originated from the full email header, heck, even a perl script could do this... (although i guess there are ways of even spoofing this????).
Then you just get the script to respond to postmoster or root@offenfing.machine, stating that spam was originating from it. If you include the message ID in the email, the admin can determine the spammer and hopefully will suspend their account. The again, it might be the admin doing the spamming....SirCam: Hi! How are you? Eliza: Why are you interested in whether or not I am ? SirCam: I send you this file in order to have your advice. Eliza: You're not really talking about me, are you? SirCam: See you later. Thanks Eliza: Oh... later. Thanks?
How does that make you feel that you have a problem with Samba 2.02?
Click here, go down the list and open each link in a new window (rightclick, openinnewwindow then tally up the $ damage yourself.
Hit 'em where it hurtz -
Also spammers don't use their own email addresses. They will use a random address at some innocent domain, or they will use the address of some one who complained. When you use this, you are harassing some innocent person.
No replies made to AC posts. Please log in.
Had to try it out. Heres the results from a typical spam...
.BIZ .INFO Domains activation dates
:)>Dear Domain Registrant,
.BIZ domains has been announced - Sept 17, 2001 is
.BIZ domains.
.INFO domains, Sept 12, 2001 is scheduled to be the start-up date,
.BIZ, .INFO, .PRO, and .NAME. It is expected that over 3 million
. cgi ?email=[snip]
[headers snipped]
Subject: Re:
Thank you for your mail! I am new to here, and
+do not have good english -- forgive
Hi, how are you?
>The dateline for
>the last date for early-birds to pre-register their
>For
>where all pre-registrations made earlier will be processed.
What answer would please you most?
>We are now accepting pre-registrations for the new top level domains with
>extensions
>of
>these new domain names will be registered in the first few minutes when
>registration opens later this year. This will be the largest virtual real
>estate land grab in the history of the Internet.
I've told you before, I don't care about names -- please c
>According to the ZDNet July 2nd news article, industry experts have
>"estimated that 15 million dot-biz names will be registered by 2005".
I'm not sure I understand you fully.
>If you are looking for a great name like Cars.biz or Stocks.info, be
>prepared to face some stiff competition unless you pre-register early.
>http://www.NewExtensionsNow.com has built the premier pre-registration
>engine
>that can help you to secure the domain you want. Over 500,000 names have
>already been queued into our list and good names are going fast. If your
>domain name is important to you, do not wait until the last minute. Go to
>http://www.NewExtensionsNow.com to pre-register now.
I am not interested in names.
>If you have received this mailing in error, or do not wish
>to receive any further mailings from us, simply click here:
I would like to visit your site, but my mouse is broken
>http://www.newextensionsnow.com/cgi-bin/remove
That is interesting. Please continue.
Hmm, isn't replying to spam bad because it will
mark your address as 'in use' with spammers?
This looks like a fun thingy, but I wouldn't
use it to acutally reply to spammers for sure...
--
GCP
This guy has a lot of interesting ideas. I would think it would be fairly simple to write a program that did the following things:
1: If a SPAM message contains a form, you forward it to the program (which would create a local SMTP server to receive messages only from you). It would fill the form with random data, but somewhat intelligently, by parsing the HTML and figuring out what is valid for the form.
2: If a SPAM message goes to a web site with a form, go to that form in your browser. Run the anti-spam program and click a button to auto-fill the form. You could configure it to fill out the form multiple times, in the background, without user intervention.
3: If the SPAM message contains a link to geocities, or other free web hosting services, forward the e-mail to your anti-spam program's local SMTP server. It will grab the link and then forward the e-mail, header, and link to the appropriate abuse@ address.
There are probably other things like this that could be done. If someone wrote this program, I'd use it religiously, and I'd imagine a lot of other people would too. If it was easy enough to use and as unobtrusive as possible, people would be using it like crazy. The spammers would get wiped out.
Believe me, if I had the spare time, I'd start writing this program today.
(which I think is forgery, and should be treated as such)
/. crowd erupts in a furor of activity, denouncing it as tyrannical. Yet, when spammers spoof their email addresses to avoid backlash of outraged netters too dumb to view the real headers and do a whois, (ab)using the very same online anonymity, it's suddenly "forgery".
Strange. When slashdotters insert "NOSPAM" in their email addresses, making them incorrect and misleading, it's fine. And when the government proposes systems to track everyone online, the
Pfft, yeah, whatever. Let's start making some sense now Rob, hmmm?
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
Haha. Well, I have been using a bunch of robot responders for email. You can reach alice@blibs.com, eliza@blibs.com and even mrt@blibs.com .. Alice and Mr. T will remember stuff about you and you can almost carry on a conversation with them. have fun.
-- these are only opinions and they might not be mine.
And how does it make you feel that eliza responds to spam?
Is it only me who's noticed the irony that on an article about punishing spammers, the /. equivalent of them is out in force?
I'm an Angry Clam. You would be angry too if you were a ball of snot in a shell.
Oh cool. Maybe Eliza can answer the tons of Linux Questions my LUG E-Mail List delivers to me daily:
...
Question: "Hey Eliza! I have aproblem with Samba 2.0.2"
Eliza: "Tell me about your problem!"
Question: "The Win 9x clients can't get acces to my Samba File-Server."
Eliza: "That's a pitty. Your Win 9x clients can't get acces to your Samba File-Server..."
X
Boycot? Blackout? Subscriptions?
I don't care!
My friend and I have been kicking around an idea to use Eliza to reply to all e-mail. You could give it an AI that looks at a real response to a similar question, keep a database of those replies and then only forward messages to you that require a reply because the algorithm doesn't have a context to reply from. I already have a script that ssh's into machines that I maintain and do sudos and greps and such. My boss thinks that you have to constantly futz with things and be logged in all the time. He is the last log \ /var/log/messages king. He'd probably can me if he knew that I wasn't at the switch constantly, but then again it took me a week to explain how to even check logs.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
Now all it has to do is click on the link in the spam and fill out forms with data to clog their databases. More information can be found here:
http://lenny.com/spam/index.html
There is no
you can tell procmail to exit with whatever exit code you feel like it. there's an exit code for "no such user" if you can detect your spam with procmail and any combination of scripts, you can force it to send a bounce message saying that the user doesn exist. if you want, you can even force that sendmail-generated bounce message, and still receive the mail.
consider the following recipes:this would have you still able to read your spam, if you're so inclined. (deliver it to /dev/null if you're not.) i would tend to think that a "user does not exist" bounce message would be better for preventing future spam than an annoying little eliza-generated email
#define F(x) int main(){printf(#x,10,#x);}
F(#define F(x) int main(){printf(#x,10,#x);}%cF(%s))
I agree it's nasty, but hardly forgery. It's no more forgery than writing "Dr. Nikolai Pantsanundies, 6th planet of the Gastric System, 7th Dimention" in the return address portion of an envelope. What we NEED instead of more stupid laws (we have enough idiotic ideas about computer "crime" in law enforcement already, Taco) is legal recourse for the recipient. I say, if we can track down who sent it, we should have a legal right to send them a bill, and sue if it's not paid. I mean a law that explicitly states this, not just a sig tagline like some guys have tried over the years.
jX [ Make everything as simple as possible, but no simpler. - Einstein ]
I would like to order one copy of your interesting home business opportunity package, 3 tubes of thigh cream, your revolutionary mass-mailing program, my preapproved credit card, and credit repair package. And if there are any left, given that the offer was a last chance offer, 4 of your revolutionary wireless web cameras.
Attached is my credit card information. Click to open. ccinfo.doc
-- Another senseless waste of fine bytes.
No replies made to AC posts. Please log in.