Slashdot Mirror

← Back to Stories (view on slashdot.org)

DSLReports Study: 8 Hours 'til the Spam Hits

Posted by timothy on from the upcoming-spam-death-of-the-universe dept.

Masem writes: "In a rather interesting study at DSLReports, it was observed that email addresses published on a web site recieved spam within 8 hours of being posted, showing how aggressive the harvesters are working. In particular, a special link was set up on the main page that by following the link, the site generated an email address that was trackable to the IP that called the link, and not published anywhere else at any time. In the specific case, in only 8 hours after the email address was created, it had recieved spam; since that time about 9 months ago, it's gotten around 100 pieces. Given the time and source of most of the emails, the authors believe that they've simply got someone at one end of a home broadband pipeline using open relay mail servers, and most likely being paid to redistribute spam on the email addresses they harvest."

13 of 333 comments (clear)

  1. Re:Hmm... by no+reason+to+be+here · · Score: 5, Informative

    the e-mail address is uce@ftc.gov

    --
    my pet machine
  2. sneakemail by doofsmack · · Score: 4, Informative

    That's exactly why I use sneakemail. It gives you a random email address like asjglkjg176489@sneakemail.com. When an email is sent there, it goes to your inbox. You can have as many aliases as you want (They suggest 1 per site you sign up with). If you receive spam on one of them, you can just disable that alias. It's really great.

  3. Re:Very interesting by tandr · · Score: 3, Informative

    http://www.sneakemail.com

    I am VERY satisfied user.

    Oh, and for some annoyances http://www.spamcop.net do the job really well.

  4. Re:Does SPAM work? - Yes by nuggz · · Score: 2, Informative

    Yes, it does work.
    Last I heard they would get a response of something like 0.02-0.05% of the time
    That is 2-5 for every ten thousand spams.

    They don't care, send out a few hundred thousand spams, get a few hundred responses, they can make money.

    Shortly after it stops working, people will stop spamming.

  5. Re:telemarketers by TheFlu · · Score: 5, Informative
    I have a similiar experience. I recently started participating in Spamcop.net's blacklisting effort...a few days after I started submitting SPAM to be blacklisted, for some reason, my daily SPAM intake has tripled. I'm not sure if it's just coincidence or what, but it doesn't please me. I hate to think of the reason why this has happened...


    I'm seriously considering moving my mail servers over to using TMDA, which I hear stops about 99% of SPAM. At this point, I have to do something.

    --

    --It's Pimptastic!--

  6. Re:central database for spam-blocking ?? by g00z · · Score: 2, Informative

    There already exists such a thing. Check out http://www.ordb.org/ and you can set up sendmail (Or whatever you use) to check their database for known open relays. If found out about this little gen when my mail server was found to have a hole in it. Only bumb deal about it is that now that I have the hole fixed, I can't seem to get my mailserver off their damn list. :)

    But jokes aside, if you run a mailserver and want to block a good deal of spam, you should check out their site.

    --
    "The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
  7. Re:Solution? by reparteeist · · Score: 3, Informative

    Although there is no federal law, some states have them forbidding unsolicited spam. For the details in your area, go here.

    --
    If Bill Gates had a nickel for every time Windows crashed... Oh wait, he does.
  8. Matches my experience with Hotmail by stph · · Score: 3, Informative

    This report matches my own experience. While at a public library awhile back, I opened a hotmail account in order to mail a few URLs to my home account. I did nothing consciously to advertise this account other than the default hotmail settings. Out of curiosity, I checked this account the following day and had 20 SPAM advertisements. So much for privacy on the web. By the end of the week, I had received just under a hundred messages, all to an account I had never actively given out. Turns out it was those account defaults that bit me. Hotmail automatically publishes your account on their directory, to make it possible for other Hotmail members to find your address. Sigh....

    1. Re:Matches my experience with Hotmail by xX_sticky_Xx · · Score: 3, Informative

      After having my Hotmail account for 2 or so years I have finally received my first piece of spam in it. This was quickly followed by another, leading me to guess that it's making the rounds now. In setting up accounts for other people in the past, I've noticed that by far the biggest spam magnets are addresses that have numbered extensions. A numbered extension means that the first part of the address is already in use, therefore it's a simple matter of just putting an x=x+1 function into the mailer once you have found a legitimate address.

      --

      ---

      I didn't want to leave this space blank.
  9. Re: ISPs / hosts selling e-mail addresses? by elemental23 · · Score: 2, Informative

    Highly unlikely.

    Spammers routinely rotate domain names on their address lists, for one thing. Say, if you have bob@example.com, joe@example.com, etc, it's likely these addresses will also exist @example.org. Change the example domains to @aol.com and @msn.com, each with millions of active mailboxes, and you've got a pretty good chance of hitting a high number of people. Change the domains to any domain you can find, regardless of size, you'll hit some (albiet not as many). Don't worry about the bad addresses bouncing, just forge someone else's return address and you won't have to deal with it (another common practice).

    Another method they use is a dictionary attack type of thing, where they'll try random combinations of names, initials, numbers, etc, in the hopes of finding live mailboxes.

    Gah, now I'm getting all pissed off about it. Bastards.

    --
    I like my women like my coffee... pale and bitter.
  10. Re:Very interesting by Jucius+Maximus · · Score: 2, Informative
    "Are you talking about obfuscating it in source code (mailto:)? If so tell me how! I always figured that if a browser could read it so could a harvester, but would love to be proved wrong."

    My new address has been up on the company web site for two and a half month but no spam AT ALL has come to it ... this is possibly because I used the win32 prog Mailto Encryptor for all the mailto links. (You have to go into the site a bit to find it.)

  11. Re:Solution? by Pussy+Is+Money · · Score: 2, Informative

    I don't know what it's like in the US, but in the Netherlands, when you call a 1-900 number (or the Dutch equivalent), you get a recorded message informing you of the cost of the call. So, no, if I dial a wrong number, I am informed and can hang up. If it's not like that in the US, pity you poor fools.

    --
    Pushin' 'n dealin', shovin' 'n stealin'
  12. Re:Solution? by rworne · · Score: 1, Informative
    It works for Verizon DSL. I recently migrated my DSL service to them and they sent an e-mail contract. All I had to do was hit reply and put "I AGREE" in the subject (I read the contract first). Prest-o change-o, my account was set up, and everyone's happy.

    I doubt they would do this if it were not binding in some way.

    --
    I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit