Slashdot Mirror
DSLReports Study: 8 Hours 'til the Spam Hits
Masem writes: "In a rather interesting study at DSLReports, it was observed that email addresses published on a web site recieved spam within 8 hours of being posted, showing how aggressive the harvesters are working. In particular, a special link was set up on the main page that by following the link, the site generated an email address that was trackable to the IP that called the link, and not published anywhere else at any time. In the specific case, in only 8 hours after the email address was created, it had recieved spam; since that time about 9 months ago, it's gotten around 100 pieces. Given the time and source of most of the emails, the authors believe that they've simply got someone at one end of a home broadband pipeline using open relay mail servers, and most likely being paid to redistribute spam on the email addresses they harvest."
When I started working for Lockheed Martin, I had 4 spam emails in my mailbox that was delivered prior to my first day of work. In addition to this, I had 2 personal (they seemed personal IT related) job offer emails in my mailbox, also from prior to my first day of work. Both from recruiting companies.
Bringing irony to the Slash-masses
GOp@Tohell.com
LeaveMe@lone.com
Kissmy@ss.com
All of which I have used to registery sofware in the past.
Hughj@ss.com is still waiting for his free natural viagra as I write this.
Hello Kettle,
You, my friend are as black as pitch.
With love, Pot.
The email address wasn't harvested 8 hours after being posted, it was sent spam 8 hours after being harvested.
What would be more interesting is to find out how long it takes with your address on the web before it gets entered into the various lists...
While this study is very interesting, what I'd like to see more posted about is how often an e-mail address, unpublished on the Web but used for e-commerce, becomes the target for spam. Whenever I post something where the e-mail address goes up on a Web page, I sufficiently de-spamify it so that the harvesters won't know what to do with it (i.e. it's an obfuscated form of my address). But what really gets me is when I used my e-mail address for getting e-commerce confirmations, important for verifying orders, etc., and find that address the target of spam, even when I decline it.
I also find it handy to have a 'spamdrop' account, which is just another e-mail alias on my host, for signing up for one-off things, like chat, games, etc. That account fills up incredibly quickly; I receive on the order of 50 spams/day at that address. Wow...
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
What's the average length of time between a slashdot posting and the subsequent DoS attack on the linked site?
Jason.
Damn that Bernard Shifman! Will he never learn?
If Bill Gates had a nickel for every time Windows crashed... Oh wait, he does.
How about we put FBI and CIA email addresses up, or *.gov, and see how long until the spammers are raided?? I bet it could even be before that first spam gets out if we use the right addresses/web links..
:)
I bet that time period for harvesting goes down pretty quick..
.
We don't need no Net Explorer We don't need no Thought control
On 6.26am the morning of May 13th, 2001, the link is hit from IP 24.1.197.144 - a residential cable modem in Arizona
Google is big. Google has a very fat spider going around. Google definitly does not check a nowhere webpage as soon as it is created! How can somebody on a cable account (limited bandwith?) scan pages at a high enough rate that they hit an almost invisible webpage soon after it was created? Big machine, big connection? spoofed IP?
Is this business really so lucrative that people are willing to spend hours working on it? It'd like to have some stats on how many people actually subscribe to the "services" advertised for in spam. I know a spider is not a lot of maintenance once setup and the distribution cost for the spammers is almost null because they make everybody else pay for it, but where the hell do they get the profit...
Imperium et libertas
Autocracy and freedom
I used to have an e-mail address that was andrew@, it was great for a year or two. I still have it, but I do not retrieve the messages since it receives 30+ SPAM messages per day. My other e-mail address is my first initial + last name, and my last name is rare enough that I get maybe 1 Spam message per month.
What?
Could this technique be changed. Rather than generating a mailbox for the spam to go to, based on IP, instead generate the abuse address for the IP's netblock owner.
:)
That way, whoever is running the spider can start spamming direct to the abuse address, saving the site owner from having to report them.
the e-mail address is uce@ftc.gov
my pet machine
Does suing spammers work? For example, if you made a web-page that CLEARLY reads: If you agree to pay me $52,000, please send email to foo@bar.com. Consent of this contract will be shown by sending an email to that address, regardless of content.
Post this email NOWHERE else. Wait for a spider to come around and harvest... Is such a contract legally binding? I would think it would be, considering you can make online-payments and such, and those contracts are binding (i.e. if you promise to pay Amazon for your book, you have to do it, right?)
"Your superior intellect is no match for our puny weapons!"
That's exactly why I use sneakemail. It gives you a random email address like asjglkjg176489@sneakemail.com. When an email is sent there, it goes to your inbox. You can have as many aliases as you want (They suggest 1 per site you sign up with). If you receive spam on one of them, you can just disable that alias. It's really great.
I rarely ever got telemarketing calls.
Last week I applied for a telemarketing job.
Within hours I started getting calls, and I've gotten 5 a day since.
How exactly does someone running a standard Windows install go about faking an email bounce? Or on Linux?
Lendrick
I've been using the 'theirname@mydomain.com' technique whenever I provide an email to on-line stores.
:o)
I was amazed when I started receiving spam on 'premaritalagreement.com@mydomain.com' (only the mydomain is fake!) and I contact the people and they denied everything. But at least you can ban that email address and ban the company.
On the other hand it's funny when (for some reason) the company calls you to verify something, and they go over all the stuff and then get to the email. There was one person that just didn't get it: 'yeah, but that's OUR email address', recognizing her companies name.
For those reasons some people generate an obfuscated (rot-13 for example) address.
In any case, the sad thing is that there's not much you can do against the companies that sell your email address, legally...
I use html code in my email address on my web page, like this:
rsidd@yaho 1.com
Amazingly, not a single spammer has gotten hold of it yet, in over a year; whereas, unobfuscated
addresses used only once, on mailing list archives for example, are picked up immediately.
Obviously these spambots aren't so intelligent.
The following experiences have led me to wonder whether my ISP (AT&T Broadband) or my Web host (Doteasy) are selling e-mail addresses to spammers as they are created:
1. Created a new e-mail account for a friend at my doteasy domain. I am the only owner of the domain ever, and have held it for years. The e-mail address had never existed before. About 12 hours later, while helping my friend to configure outlook express to check the account, I was surprised to discover two pieces of SPAM already in the account. This is a new address that has never been used or given to anyone, ever.
2. After the AT&T @Home to AT&T Broadband fiasco, new e-mail addresses had to be created. One of the accounts I created (and did not use for anything) got spam within hours of its being created. Here again, this e-mail address had never been supplied to anyone but AT&T Broadband, in the process of creating it.
My reluctant conclusion (unless someone can explain some other solution to me) is that both ISPs and Web hosts routinely place e-mail addresses they host on lists which are sold to spammers, I guess as a way to supplement the revenue stream.
STOP . AMERICA . NOW
In 1997, I worked for a very small travel company that decided to try its hand at SPAM. Of course, take this anecdote for what it's worth (it *was* five years ago).
They set up a small server that would just browse around the Web and usenet harvesting e-mail addresses wherever they could be found. The first week they sent out about 80,000 pieces of e-mail per day. They got tons and tons of hate mail in return but also a few hits. The first day, there were about 60 sales of a $69.99 "travel club membership" product (essentially a hotel and airline coupon book), and by that Friday they were up to over 200 sales a day thanks to the SPAM. Totals for the week were something like 350,000 e-mails sent and 900 sales for a total of about $63,000 in revenue that week thanks to SPAM. The coupon book itself wasn't all that expensive -- the deals were promotional and each book only cost the company something like $12.00, so the net was around $52,000 for the week. Not bad for a computer sitting in the corner with a $100 piece of software -- this likely explains why spammers stay at it.
I left shortly thereafter so I don't really know whether they "stuck with it" or not, but it obviously can generate sales.
STOP . AMERICA . NOW
On our networks, logging for almost two dozen domains, the largest source of spam via "Open Relay Mail Servers" is Hotmail. These emails are being sent via other servers, and mass mailed via hotmail servers being used to relay them. Hotmail's responses to the numerous complaints? "We'll cancel that user's account..." Often though it's not the user at fault, since you dont even need a valid Hotmail address to do this. So, even with notifying them of the real problem (open servers) and showing them headers that confirm it, they do nothing. Our incoming spam would drop by over 45% if they'd fix it. - Rob
WebMaster:
BinFeeds
XXX Thumbnailed Image Newsgroups but
This report matches my own experience. While at a public library awhile back, I opened a hotmail account in order to mail a few URLs to my home account. I did nothing consciously to advertise this account other than the default hotmail settings. Out of curiosity, I checked this account the following day and had 20 SPAM advertisements. So much for privacy on the web. By the end of the week, I had received just under a hundred messages, all to an account I had never actively given out. Turns out it was those account defaults that bit me. Hotmail automatically publishes your account on their directory, to make it possible for other Hotmail members to find your address. Sigh....
Make their lists worthless. Compile this, run it...(snipped out overly long, but runnable C proggy)
Dood, learn some perl. Not only would it cut this down to a nice readable couple of lines, but you could also generate a different list every time the web page was hit. That way, it would really poison the well.
Spackler
PS: Yes folks, right tool for the job. Not every job.
One guy is the source of all the spam on the Internet?
I say we've found a perfect target for testing that AC-130 Death Ray.
--Blair