Slashdot Mirror
The Story of "Nadine"
Guinnessy writes: "We've all accidentally typed in a wrong email address sooner or later. But can it all go horribly wrong? On http://www.spamresource.com there is the story of Nadine, an account of what happened after an Internet user accidentally gave a wrong email address when she visited a web page and signed up for a sweepstakes. Live in fear...."
http://www.honet.com/nadine/
Apparently the story is about a slashdotted webserver...
We've all accidentally typed in a wrong email address sooner or later.
Classic Slashdot grammar!
it couldnt be /.ed so soon?
Several years ago, I made a typo in my email address when I was updating the contact info for a domain name. Without double-checking I sent the confirmation back to InterNIC. It wasn't till the next day that I realized the mistake. In order to get things back under control, I actually had to register the typoed version of my domain name, so that I could receive InterNIC's mail there.
:)
It's the kind of expensive mistake you only make once!
I kept the typo'd domain for esoteric value, and yes, I now get plenty of spam there. Some things never change.
with a server under her arm......
This is the fastest I've seen a site get slashdotted. There was one comment and one "reply beneath me". Sad.
What you say?!?
Come on, give it up, that's
Now, people can use these rogue websites to their advantage and spam the hell out of people they don't like. So one way or the the others spammers will get to you.
I think the next big invention in internet and computing is a fool proof way to detect and stop spam.
"Resistance is futile"
you mean "total lack of knowledge of grammar and/or spelling", don't you?
indeed.
That also prevents your email address from being maliciously signed up to these sorts of lists, so it's the sort of thing every reputable mailing list should do.
Of course, no spammer is going to bother with confirmed opt-in, so we need to go after ISPs that allow these non-confirmed lists to remain on their net-space.
--
--
I have taken more out of alcohol than alcohol has taken out of me - Churchill
Background Information honet.com is the Internet domain owned by Home Office Networks, a tiny network service and consulting company located in Frisco, Texas. For various reasons that seem good to its owners, its mail server accepts any and all email sent to addresses at honet.com, whether or not the accounts exist. There are many other organizations, both small and large, for which this is true. (For example, the domain honet.be also accepts mail for invalid accounts and later issues a "delivery failure" notice.) Because there are quite a few similar domains scattered all over the Earth, honet.com gets a steady trickle of misdirected email -- contracts, confidential product marketing plans, shipping manifests, students' homework, embarrassingly intimate personal notes, family holiday photos... and mailing list spam. Mailing list spam happens when somebody gives an email address that they don't actually own to the owner of a mailing list. This may occur by accident (a typing error, perhaps) or intentionally (for example, giving a false address to avoid receiving unwanted email). If the mailing list is properly administered, this is not really a problem -- when the "please confirm that you have signed up" message arrives, nobody exists to respond to it, and the address drops off the list. Unfortunately, there are still a great many lists that are not managed responsibly. As a result, quite a few bogus honet.com accounts regularly receive email that is being sent to a nonexisting person. If the mailings persist I eventually toss the sending domain into the local mail server's deny list. Alas, the list owners often will continue sending email no matter how many "No Such User" bounce messages they receive, and no matter how long all attempts at communication from their domain to this one are rejected. This is a serious problem for the Internet's email system, and it will become even more serious as time goes on, if nothing is done to awaken the many thousands of owners of legitimate (but unconfirmed) email lists. This web page recounts the ongoing story of one undead and undying bogus account, created by mistake but gathering ever more and more useless advertising traffic. I offer it in the hope that some of those who are laboring to preserve the Internet email system as a tool of business and personal communication may find its lessons useful. Next: Nadine -- The Story Begins
Here we go again!
Damn if you want to DDOS a website just post some fake news about it. lol
Never learn by your mistakes, if you do you may never dare to try again
Nadine -- The Story Begins Once upon a time, there was a senior citizen in one of the Southeastern United States who was apparently confused about what her email address was. Because I have no desire to cause this lady the slightest inconvenience, I will call her "Nadine", which is not her real name. I'm also going to change her surname to "Smith", which is likewise false. (NOTE: Because I have no desire to avoid inconveniencing any of the other players in this tale, hers is the only identity that has been altered in any way.) On or about the second day of March in the year 2000, Nadine visited a web site belonging to an outfit called delivere.com. While there she apparently entered a sweepstakes, gave delivere.com some personal information and (I presume) agreed to receive email advertisements from various parties from time to time. The email address she gave them consisted of her first name and the domain honet.com. What the actual email address should have been is something about which I can only speculate. To confirm (to Nadine) that she had signed up, delivere.com sent a message to nadine@honet.com. (This was the First Big Mistake: the message should have asked the real owner of "nadine@honet.com" to confirm that the sign-up was genuine.) A semi-automated process at honet.com noticed the message and sent a "No such user" message to the appropriate addresses (at least one of which was bogus). Normally, that is all it takes to stop any further traffic. Such was not to be the case here, however.
We had to destroy the sig to save the sig.
Lets start slashdoting spammers!
To block unsolicited spam, try a front-end filter service like MailWatch.com
http://216.239.51.100/search?q=cache:PzYbVLt75vYC: www.honet.com/Nadine/default.htm+&hl=en&start=1
Read it off the Google cache
(Note to people accusing me of karma-whoring: The search formatting above is non-obvious)
Sig: What Happened To The Censorware Project (censorware.org)
More Stuff Arrives Nothing more came in for about two weeks. When the first real advertising payload arrived it went into the "bad message" sump and it was several days before I had enough spare time to deal with the accumulated sludge. Since this was just one of dozens of bogus accounts that receive occasional messages, I made a note of the "nadine" name and archived the message with the intent to take further action if the traffic volume climbed. Which it did. Harris Polls Nadine began to receive messages from other entities. Harris Polls sent their first blast about two weeks later, and swiftly became the most prolific sender. After a few of these arrived, I followed the "how did you end up on our list" link and determined that Harris had apparently obtained Nadine's information from delivere/matchlogic. Now there was a breathtaking surprise. Harris ignored the "no such user" notice, so after the first four messages I dropped them into the mail server's deny list, where they remained for a number of months. Despite the fact that every message to nadine@honet elicited a "553 domain tesp.com does not accept mail from HARRISPOLLONLINE.COM" response, they were still pounding away months later, when I removed the block in order to collect evidence for some legal proceedings that were under way. Harris continued to send Nadine several messages per month until 9 August 2001, when the stream unaccountably stopped. In all, 79 messages were received, in addition to the ones that were rejected during the four months when Harris were in the local deny list. Update: on 23-Jan-2002 a request to confirm arrived, indicating the start of yet another round. Perhaps this time they have instituted real confirmation procedures, and nothing more will arrive. 01-Feb-2002: Apparently no answer doesn't mean a "NO" answer. Is this what is meant by "double opt out"? Ourhouse.com Ourhouse.com hired enlist.com to send Nadine a message. A second one, identical to the first, arrived the next day. Perhaps Ourhouse.com changed their minds about this method of advertising, because Nadine never heard from them again. Webstakes.com Next to step up to the plate were webstakes.com/idialog.com. They sent a total of five messages, each one entirely HTML, one each in May, July and August, and then two in September. Perhaps they were convinced that Nadine would never use a simple text email client, or they just didn't mind making the recipient wade through crufty HTML to get to the exceedingly valuable content. SmarterKids.com smarterkids.com was another one-shot wonder, sent by enlist.com. AT&T Only one message was sent (by enlist.com) directly on behalf of AT&T. A few others during the later deluge mentioned AT&T or associated products. Next: Question: Why send mail to somebody who doesn't exist?
We had to destroy the sig to save the sig.
Nadine set us up the bomb. She get signal.
Question: Why send mail to somebody who doesn't exist?
The spam from enlist.com for AT&T finally caused me to do some research. Visiting the enlist.com web site, I found what seemed like an appropriate person to contact, and sent this official-looking message, complete with ticket number and RBL references. Naturally I had some hope that a [possibly fruitful] discussion might ensue.
Once again my hopes were shown to be unrealistic.
Answer: We Believe In You, Even If You Don't.
Some readers might not be astonished by what followed, but I was. In the surreal reply that arrived the next day, the "ePrivacy Coordinator" at
247Media revealed personal information about a subscriber to a complete stranger. The details included full name, complete address with 9-digit ZIP code, and date of birth.
Fortunately, 247Media are "members of both TRUSTe and the Direct Marketing Association" and "strictly adhere to the privacy guidelines they provide". One can only speculate about what horrifying breaches of confidence might have occurred had this not been the case. Also a note of encouragement was the "exclude from future mailings from our partners" promise. As we shall see, alas, that was as empty as the promise of privacy.
Always ready to grab for the last word in any debate, no matter how one-sided, with some asperity I offered a rejoinder.
We had to destroy the sig to save the sig.
While I appreciate the service you provide the Internet community in running www.spamresource.com, I think I speak on behalf of all Sixers fans when I say that that time would be better spent showing up for team practices.
If anyone else wants to see a webserver go down, add it to this thread
... http://www. - nah, better not :)
I think I'll try load-testing our e-commerce server
Robots are everywhere, and they eat old people's medicine for fuel.
It's Worthless, But We'll Sell It Anyway.
There was a bit of a lull in the non-Harris onslaught until September 2000, when Home Shopping Network decided to join the party. Note that they obtained Nadine's information just over one month after Nadine had been assured that it would take three to five days to make certain that she would not receive any further mailing from 247Media's "partners". HSN apparently was prepared for this, as the end of their message suggests that opting out of their blasts is not as easy as one would hope. Until their last blast on 14 December 2001 they averaged one message every seven to ten days. Update: on 21-Mar-2002 HSN reappeared. Perhaps we will soon have some idea how effective the bounce processing is at 4at1.com.
Our breathless wait for new material was prolonged until October, when enlist found another sterling client, viz. thirdvoice. Nothing has been heard from them before or since.
In November, it was Hewlett Packard who elected to become the next object of derision. They likewise appear to have chosen other advertising channels.
The parade of one-time enlist.com clients continued with half.com, enews.com and finally SimplyHealth.com. After that, enlist.com sank beneath the waves. The last mention of enlist, matchlogic or delivere came in April, 2001, in a couple of bleats from peopliknow.com, who share a ZIP code with them.
Then things took a darker turn.
We had to destroy the sig to save the sig.
If you're going to list it, list all of them.
w .petitiononline.com/twotower/n online.com/antirnm/petition.htm l
http://www.msnbc.com/news/749507.asp
http://ww
http://www.petitio
I "accidentally" type my email address in wrong all the time when I'm filling in those dam free registration required so we can send you spam/special offers/propaganda web forms.
The Post-delivere/MatchLogic Late Comers: New Hogs At the Trough How the list[s] containing Nadine's supposed email address propagated from here on is a matter of conjecture. None of the items received from this point on mention any of the original culprits. It may be that financial challenges accompanying the general bursting of the net.fantasyland bubble caused fire sales of various magnitudes. Ombramarketing.com First amongst the new gathering shadows was Ombra Marketing Corp., who began to bombard Nadine with a variety of offers on 18 April, 2001. They sent an average of four blasts per month. They are currently in the local deny lists, and are discussed in a number of other areas of the World Wide Web, for example here. itsImazing: Is It a Threat or Merely a Menace? Cometh now the "itsImazing.com Network" by and through its first spewer, (apparently) ted2.net. Especially touching are the parts that thank Nadine for "registering at www.mindsetinteractive.com", proclaiming that these valuable messages will only infest the mailboxes of those "...who have specifically requested or agreed to receive our special offers...". Who can imagine the spewage that might occur should the senders be minded to send their stuff to just any old address? (NOTE: on 13 December 2001 I personally began receiving itsImazing spew from etoll.net, directed to an address used only for registering Palm Pilot software. Time to update the deny list.) Rumors on various anti-spam forums were that the "ted2" operation encountered some difficulties in maintaining its network connectivity. This is plausible, because subsequent detritus has issued from m-ul.com and TargitMail (see below). We did get one subsequent delivery attempt from ted2.net on 21 December 2001. m-ul.com are currently in the local block list, but these stout-hearted troupers were not dismayed by this minor contretemps -- until 16-Jan-2002 they continued to exhibit earnest hope that eventually I would let them back in to molest Nadine. Hah. Meanwhile, the itsImazing menagerie continues to expand, with coopt.com making its long-expected arrival on 23 December 2001. itsImazing appears also to have attempted to sneak in on 27 December 2001 through the facilities of virtumundo.com. On 17 Jan 2002, PO-1.COM began their spew on behalf of itsImazing. On 20-Feb-2002 Nadine heard from gossipflash.com. Oh joy. Yet another threat of more "exciting promotional offers". Without a helpful local deny list, Nadine would be receiving several itsImazing announcements per day. Imazingly prolific and persistent folks. The Grouplotto Flood On the same day as the first itsImazing blast came not one but two vital messages from "Grouplotto", sent from networkpromotion.com. This was just the nose of the camel, as more than thirty messages containing the string "grouplotto" arrived between that date and 12 December 2001. (This does not take into account the ones that would have arrived had the senders not been blocked.) Grouplotto are apparently more resourceful than some of the other contenders, since they appear to share their databases amongst an agglomeration of senders with diverse offerings (although itsImazing definitely gives them some crushing competition here). Senders and product types identified so far include: networkpromotion.com -- Gambling (what else?) and a special product (see below). etracks.com -- Consumer products (phones, Motorola Talkabout radios, VISA cards, satellite TV systems, digital camera [oops, that's a premium for switching long distance service], a sports wagering system, foreclosed merchandise, DVDs from Columbia House, and a "Start A Profitable Home Business and Become Rich Using the Internet" opportunity that would have been hard to pass up. And one additional product, also sent from networkpromotion, which deserves its own separate section below. ProcessRequest.com -- only one from them got through before they were chucked into the deny list: an offer for the American Express(R) Platinum Cash Rebate Card. They made two more tries on 12 December 2001, then nothing more arrived until 10 February 2002, when the envelope sender was "reedscienc@ProcessRequest.com". All of the senders above are in the local deny list, so there may be other valuable commodities on offer that Nadine will never hear about, at least not from the Grouplotto Borg. etracks.com made multiple tries nearly every day until 13-Feb-2002. networkpromotion.com tried a little less frequently and apparently gave up after 26-Jan-2002. Miss Cleo's Psychic Insight Blows a Fuse The GroupLotto product singled out for special treatment was a series of breathlessly vital disclosures from Miss Cleo. She Who Knows All was so convinced of Nadine's existence that she took the trouble to send a personal note. A short time later, apparently unfazed by the lack of response, Miss Cleo sent another enticing missive. Perhaps the puzzling lack of response (should we assume that psychics can be puzzled?) led Miss Cleo to send a poorly formatted rerun of Message Two, this time through networkpromotion.com rather than etracks.com. Who can fathom the mysterious ways of the Gifted? Gumshoes in Florida, perhaps? TargitMail (GTMI, Walt Rines) Here we have a true relic of the rip-roaring early days of unsolicited broadcast email. I will make no comments, other than to suggest that the reader who wants to know more may submit the strings "Walt Rines", "IEMMC" and "picklejar" to www.google.com and especially to Google's Usenet Newsgroup search engine, looking in the news.admin.net-abuse.* groups. TargitMail began sending itsImazing stuff from various tm0[digit].net addresses on 28 November 2001, beginning with tm03.net. They subsequently have sent from tm01.net, tm02.com and tm04.com as well. All of these domains are in the deny list. They made their last successful delivery on 09 Jan 2002 with a nice itsImazing offer of great deals from Fingerhut, sent from the heretofore-not-blocked tm02.com. They were last seen in the server logs on 09 Feb 2002. customoffers.com As uninvited spewers go, customoffers.com is pretty unremarkable. They first showed up on 9 November 2001 and managed to blap in 17 messages before I finally blocked them. Like most of the others, however, being rejected with a "553 Depart Ye Cursed Spammers" message initially did not impress their infrastructure. They appeared to have given up after 22 Dec 2001, but then something arrived from the Scott Hirsch operation claiming to be an advertisement for stuff from Sears. em5000.com, em5000.net On 28 November 2001 em5000.com began sending touts for ImazingOffers, winfreestuff, ItsAllAboutGreatOffers, Chase Manhattan Bank, gambling and college scholarships. Five messages in three days caused them immediate admission to the elite ranks of the blocked. There is reason to believe that this was not the only list they have ended up in, as they changed IP blocks and reappeared as em5000.net, managing to slip two more in on 12 December before I noticed and updated their listing. Like so many others, they tried frequently for quite a spell. 02-Feb-2002: They are now using a new envelope sender, jdrmedia1.net 11-Feb-2002: This time they have decided to abandon even the pretense of using a valid envelope sender, and claim to be something "@bounce.37.121.144". This would appear to be a seriously dim move, given the number of systems that now refuse mail from an invalid envelope sender. But then, the whole operation seems to be characterised by a significant lack of wattage. intervolved.net This player sent the usual "thanks for signing up with us" note in late November, 2001. I am personally fascinated by the "if you don't opt out, you have agreed to our terms" bit. I'm also somewhat intrigued by their "This message is not intended for anybody living in a state that has an anti-spam law" clause. What do you suppose that means? They went into the bozo bin after the third blast on 04 Dec 2001 and were last heard from on 06 Feb 2002. ixs1.net, ixs2.net Before joining the Chorus of the Banned, this domain pair sent Nadine four "winfreestuff.com" adverts, beginning with this one, in which the senders claim that Nadine visited their web site and entered a sweepstakes. I suppose it is indeed possible that the real "Nadine" was still giving out the same wrong email address 613 days after committing the first error. Personally, I have confidence that she would by this time have noticed that nobody ever responded (at least not in a way that she could observe). After a long hiatus, they made another attempt on 11-Jan-2002. ROI1.NET (Img Direct) Their first one is a keeper: entirely HTML, work-from-home opportunity, web tracking bugs. Plucky though blocked, they kept trying until 11 Feb 2002. oii1.net, oi2.net, oihost.net (Optin Inc) The first piece is an IMPORTANT NOTICE reminding Nadine that "per our TOS (Terms of Service), you wisely agreed to receive third party promotions from our network's preferred affiliates". I was so overawed by a mention of Terms of Service from this well-known Florida operation that I somehow managed to leave the web bug in while trimming the HTML portion. A few days later, two copies of a "Confirmation" arrived, identical except that the second one fails to mention "Custom Offers". Perhaps I was too hasty in blocking customoffers.com and missed all of the valuable information about Nadine's voluntary subscription to this wonderful service. Life has its unexpected setbacks. sendoutmail.com Nadine received one message and a couple of subsequent blocked delivery attempts originating from this domain. A responsible party from this domain has contacted me personally, and I have responded to his request for the details of the messages sent to Nadine. Being convinced that sendoutmail.com is making a determined effort to adopt the most effective list management practices, I have removed the IP and envelope sender blocks against sendoutmail.com. topica.com This message was surprising and profoundly disappointing. I had been led to believe that topica.com were rather strict in their list verification standards. If they would like help in diagnosing the point of failure, I'll be happy to assist. Unfortunately they were still trying to deliver email as of 14- Feb-2002, despite numerous rejections (and several visits to this page from topica's corporate IP space). DM360.com The list is sold yet again. On 19 December comes an advert apparently for REI sent by dm360.com on behalf of network60.com. Visiting the link, however, just gets you to www.freebieclub.com, with no obvious REI involvement. What a tangled web. This sender has made a sufficient number of subsequent attempts after being blocked to rate their own reject log page. Later on in the piece (30-Jan-2002), we find that their erstwhile client, network60.com, has decided to take things into their own hands and do their own polluting of the general netspace. (Or, perhaps, the two entities are really joined at the hip. Who can fathom these mysteries without buying a programme from a passing vendor?) Postmaster General (pm0.net) This sender's customer at least doesn't bother to try the "thanks for signing up at our web site" prevarication or the "you visited a 'marketing partner' and requested drivel" pretense. The lack of HTML is also a redeeming feature. pm0.net was added to the parade of unwelcome intruders, and they hammered away until 02-Jan-2002. I removed them from the deny list on 15-Jan-2002 after having a conversation with the Mindshare Design Standards & Practices people, who convinced me that changes are afoot at pm0. If this turns out to have been an incorrect impression, I will note it here. Bigfoot Interactive (bfi0.com) I've always been fascinated by a "this message is confidential -- don't do like we did and send it to a completely unrelated party" clause in email and FAX messages. What exactly does the sending party in this case have to hide, might one ask? Virtumundo.com / vmadmin.com Here is an organism that claims that somebody who doesn't exist went to a web site (the same one the itsImazing folks claim she visited) and gave permission for them to send bunches of advertising. What makes this all the more fascinating is that somebody from Virtumundo apparently visited us here a few hours before the spam started. Interesting news: Virtumundo has announced a lawsuit against two list vendors, including Mindset Interactive, who provided the list for the message discussed above. Scott Hirsch (edirect.com, offermail.net, eDirectNetwork, optin-offers.net) This submission arrived in the wee hours of 30 December 2001. These notes were originally slotted to appear in the "Spamming Scum" section, in view of eDirectNetwork's colorful history of adding unwilling participants to its list of targets for valuable offers. Upon reflection, I decided that eDirectNetwork meets many but not all of the criteria set forth there -- at least, not recently. So, eDirectNetwork joins the other Florida operations here in the slightly more prestigious "Hogs" section. The apparent proprietor, one Scott Hirsch, has been mentioned in the press from time to time. A brief Google search for this entity nets quite a bit of discussion of their, uh, methods. Those who want an example of the great care taken by this organization to verify that the recipients really want the advertising may observe eDirectNetwork spamming the abuse address here. As for offermail.net, you have to admire the earnest, honest sincerity of a firm that in its domain registration gives its business address as the White House and its telephone number as toll-free information. Spiffy folks, to be sure. (And not entirely on the mark when it comes to research. An Authoritative Source has sent me tidings to the effect that the White House ZIP is actually 20500.) I held off chucking offermail into the bozo bin because, I freely confess, I wanted to see what would happen next. I speculated that Scott might read this and spoil my fun. It has been several months since he has hit one of my personal addresses. However, on 03-Jan-2002 "what happens next" was not at all unusual as spam goes (although I do have to wonder whether the return-path account name is a bit spelling-challenged). So, I blocked offermail and waited to see: would they pay any attention to bou[n]ces? Nope. (But they did eventually fix Irma La Bouce). Then, on 09-Jan-2002, our dear comrades at CustomOffers apparently leaped into the hammock with our friends at eDirectNetwork and sent Nadine an important custom offer for Sears Custom Fit Windows. Shades of Diana Mey. And then, sent to the "Tagged by SPEWS" sump by an incorrect mail sorting filter, there is this gem, in which Scott urges Nadine to consider plastic surgery for breast augmentation. Time to bung eDirectNetwork into the deny list and give them their own rejection log. On 13 Jan 2002 another metamorphosis occurred, and stuff started arriving with an envelope sender of optin-offers.net. I was not particularly quick on the deny list entry update, and ol' Scott managed to slip in two more that afternoon. The first was a delightful Path to Sudden Wealth blandishment, which offers yet another Work From Home and Make Big Bux opportunity. The other one was sent apparently on behalf of Gevalia Coffee, who certainly should know better. PO-1.COM Yet another itsImazing tentacle put its suckers on the window on 17-Jan-2002, with threats of even more exciting offers soon to festoon the lonely inbox. Into the bin with them. Mediatrec Transmissions with an envelope sender of something@MEDIATREC.ROI1.NET were a regular occurrence here until they halted suddenly on 3 January 2002. Then on 19 January 2002 this mysterious piece arrives, with its peculiar "sorry to see you go" clause, but with links that appear to point strictly to an opt-out function. Curious to see what their list management practices might be, I visited their web page, signed up for their mailings and waited to see what would happen. A short time later this confirmation message arrived, inclining me to the belief that they do indeed practice safe mailing, at least as far as new subscribers at their own web site are concerned. Time will tell. 24-Jan-2002: What time tells us is that they don't practice safe mailing when purchased lists are involved, as they dropped this item in the hopper on behalf of VoiceStream Wireless. So, into the deny list they go. Bon voyage. The record of their rejected delivery attempts is here. 16-Mar-2002: They've been averaging more than one futile attempt per day for quite some time, sending from the myz.com IP block at 65.105.159.*. Perhaps others have blocked myz.com and/or the mediatrec.com envelope sender, and they needed to find something that would temporarily let them get through. Regardless of the reason, they are now sending from mediatreclists.net, from their own IP space. Since they dumped five days of pent-up traffic on Nadine this morning, it seems likely that they saw a high non-delivery rate with myz.com and needed to make up for lost time. Here is one for Full Access Medical, the subject of many a search-engine visit to this site. Those interested in an exclusive money- making program need go no further than here. Maybe a free cellphone? Fancy an unsecured credit card (of unspecified type and issuer)? DVDs from Columbia House? It's all here, whether you have the sense to ask for it or not (assuming that you exist at all, of course). So, into the Plonk-O-Matic with mediatreclists.net. DirectNet Advertising (dnadv.com, valudesk.com, valudesk1.com) These folks have enjoyed some popularity amongst those who receive and report spam. Nadine also received the "Free Chocolates" spam mentioned in some of those reports. In the non-HTML portion, they began their Nadine involvement with no attempt to explain how they came into possession of Nadine's address. Only if you browse down to the web-encumbered portion do you see the shift of blame to "valued marketing partners" and the typical threat to continue the bombardment if no opt-out action is taken. Before the opportunity arose to add this section to the story, somebody from a network address belonging to dnadv.com spent half an hour or so reading Our Saga. I hope they come back, now that they are a featured character. NETWORK60.COM On 30-Jan-2002 there comes a "Membership Confirmation for NADINE" from an already-familiar denizen of the swamp. We first encountered network60.com as an apparent client of DM360.COM. One is tempted to speculate about the tendency for apparent clients of spewers-for-hire to begin doing their own spewing, as is for example the case with Mediatrec and ROI1.NET. When the spewing for RadioStakes apparently began in earnest on 08-Feb-2002, the envelope sender "NETWORK60.COM" went into the bozo bin. Two-River.com (Harvest Marketing, GDTRFB.COM) On 16-Feb-2002 we first hear from the Two-River Co-op, formerly known as Prime Offers but calling itself Harvest Marketing in the domain registry. We receive the welcome assurance that "Two-River Co-op never sends unsolicited email", but are forced to ponder: if the commercial relationship is launched with such a transparently fraudulent statement, what sort of confidence shall we have in the worth of the commercial offers? Again on 15-Mar-2002 we see that things haven't changed much. And on 20-Mar-2002 it would appear that AOL needed some assistance with their sales programme, with a little help from dnadv.com, for reasons best known to those who best know reasons. Alas, it looks like it is time for the bin for Two-River Co-op. The envelope sender on the most recent atrocity was . River.com is apparently an unrelated domain in Colorado, whereas two-river.com is in New Hampshire and gdtrfb.com claims to be in New Jersey. Considering that the delivering server calls itself "two.river.com" when in fact it is listed as "jupiter.gdtrfb.com" by its own DNS server, and looking at the river.com web site one may perhaps be forgiven for exhibiting a modicum of doubt that river.com has any involvement with these misdeeds. And in fact my communication with the actual owner of river.com confirms that river.com has no connection with two-river.com and has not authorized them to use a river.com address or host name. mxsys.net (dandyoffers.com, youclickhere.net) on behalf of memolink.com, dreammates.com et al. Pretty ordinary. First a mailing for memolink.com, then another one that seems less than fully suited to the demographic information that DandyOffers presumably purchased along with a bogus email address. On 25-Feb-2002 there was another spam for Sonix Systems / AT&T. Since I'm getting spam from mxsys.net for the "imesh" list to another bogus address @honet.com, there's no obvious reason not to award mxsys.net a prime spot in the bin forthwith. And since they've persisted in knocking at the gates, let's give them their own reject log. sign2002.com The presence of links to www.opt-track.net in this piece suggests that sign2002.com is just a new disguise for the masters of opt-in-ness, Optin Inc. Regardless, it has the exceedingly tiresome mendacity "This message was not sent unsolicited. You are currently subscribed to the Open2Win mailing list". As if "you are subscribed" somehow transforms an unsolicited message to a nonexistent person into a legitimate, requested communication. Gag. Then again, I'm interested in whether the folks at discounts.com, who don't seem to be affiliated with anybody mentioned in this message, would approve of the apparent sender being "HotelDiscountCard@discounts.com". Hmm... staff@webmagic.com seems to be the place to knock. 27-Feb- 2002: Email from webmagic.com gives me the distinct impression that they aren't too happy with this use of their domain name. Imagine that. Meanwhile, on 26-Feb-2002 the next piece arrives, signaling that The Hour of The Bozo Bin has arrived for sign2002.com. Exactis As a proud carrier of the "Motel Six Discount Card" (or AARP membership, as it is sometimes called) I note that in this piece The Hartford makes some sensible use of the demographic information that somebody fraudulently sold them. Although they wisely chose exactis.com to send their advertisement for an AARP-branded insurance plan, all was not entirely well in this particular shot. For instance, the valuable quartz clock is not available in Nadine's home state (and apparently only in Nadine's home state). One would expect greater diligence from these professionals. Additionally, this message is the first one in ages to make an explicit reference to delivere.com. The HTML version of the payload attempts to retrieve an image from the server consumer.delivere.com, which is strange, since the name servers for delivere.com are unreachable (at least from any network to which I have access) and have been for quite some time. Odd. valoffers.com What can we say about this initial salvo (other than a minor carp about a missing ">" in the Message-ID)? Not much. We'll just have to wait for the inevitable Drizzle of Irresistible Offers. Which began to arrive on 19-Mar-2002, manifesting as Yet Another Free Cellphone Offer (YAFCO). Time for a new deny list entry. dartmail3.net On 22-Mar-2002 Nadine received a "privileged and confidential" offer of magazine subscriptions by Synapse Group Inc, from dartmail3.net, through flonetwork.com. tinglobal.com This is apparently an IMG Direct (optin-inc) operation. More information here. Sample here. The "strict Code of Ethics" bit is a hoot. jobsonline.com (emailoffersondemand, Toplander Corporation) One is tempted to speculate just who has demanded the email offers, of which Nadine received four in the three days that elapsed before the sender was carefully inserted into the deny list. Since three of them were very similar YAFCO advertisements -- two for AT&T Wireless, one for Voicestream -- on three successive days, the use of the phrase "this recurring mailing" was particularly apt. Sample here.
We had to destroy the sig to save the sig.
reminds me of a commercial. I gave my email address to a friend. And they gave it to a friend.... And they gave it to a friend... One way to block spam that works for me is to filter "good" emails instead if bad ones. i.e. all your friends emails will wind up in one inbox, all the more uncommon emails will end up in another. Then deletion is much easier. Separate the wheat from the chaff.
soul daddies in a firewire tumble dryer
Yes, at the risk of being called a Karma whore.
http://216.239.51.100/search?q=cache:PzYbVLt75vYC: www.honet.com/Nadine/default.htm+&hl=en&lr=lang_en
The Post-delivere/MatchLogic Late Comers: New Hogs At the Trough
How the list[s] containing Nadine's supposed email address propagated from here on is a matter of conjecture. None of the items received from this point on mention any of the original culprits. It may be that financial challenges accompanying the general bursting of the net.fantasyland bubble caused fire sales of various magnitudes.
Ombramarketing.com
First amongst the new gathering shadows was Ombra Marketing Corp., who began to bombard Nadine with a variety of offers on 18 April, 2001. They sent an average of four blasts per month. They are currently in the local deny lists, and are discussed in a number of other areas of the World Wide Web, for example here.
itsImazing: Is It a Threat or Merely a Menace?
Cometh now the "itsImazing.com Network" by and through its first spewer, (apparently) ted2.net. Especially touching are the parts that thank Nadine for "registering at www.mindsetinteractive.com", proclaiming that these valuable messages will only infest the mailboxes of those "...who have specifically requested or agreed to receive our special offers...". Who can imagine the spewage that might occur should the senders be minded to send their stuff to just any old address? (NOTE: on 13 December 2001 I personally began receiving itsImazing spew from etoll.net, directed to an address used only for registering Palm Pilot software. Time to update the deny list.)
Rumors on various anti-spam forums were that the "ted2" operation encountered some difficulties in maintaining its network connectivity. This is plausible, because subsequent detritus has issued from m-ul.com and TargitMail (see below). We did get one subsequent delivery attempt from ted2.net on 21 December 2001.
m-ul.com are currently in the local block list, but these stout-hearted troupers were not dismayed by this minor contretemps -- until 16-Jan-2002 they continued to exhibit earnest hope that eventually I would let them back in to molest Nadine.
Hah.
Meanwhile, the itsImazing menagerie continues to expand, with coopt.com making its long-expected arrival on 23 December 2001. itsImazing appears also to have attempted to sneak in on 27 December 2001 through the facilities of virtumundo.com. On 17 Jan 2002, PO-1.COM began their spew on behalf of itsImazing.
On 20-Feb-2002 Nadine heard from gossipflash.com. Oh joy. Yet another threat of more "exciting promotional offers".
Without a helpful local deny list, Nadine would be receiving several itsImazing announcements per day. Imazingly prolific and persistent folks.
The Grouplotto Flood
On the same day as the first itsImazing blast came not one but two vital messages from "Grouplotto", sent from networkpromotion.com. This was just the nose of the camel, as more than thirty messages containing the string "grouplotto" arrived between that date and 12 December 2001. (This does not take into account the ones that would have arrived had the senders not been blocked.)
Grouplotto are apparently more resourceful than some of the other contenders, since they appear to share their databases amongst an agglomeration of senders with diverse offerings (although itsImazing definitely gives them some crushing competition here).
Senders and product types identified so far include:
networkpromotion.com -- Gambling (what else?) and a special product (see below).
etracks.com -- Consumer products (phones, Motorola Talkabout radios, VISA cards, satellite TV systems, digital camera [oops, that's a premium for switching long distance service], a sports wagering system, foreclosed merchandise, DVDs from Columbia House, and a "Start A Profitable Home Business and Become Rich Using the Internet" opportunity that would have been hard to pass up. And one additional product, also sent from networkpromotion, which deserves its own separate section below.
ProcessRequest.com -- only one from them got through before they were chucked into the deny list: an offer for the American Express(R) Platinum Cash Rebate Card. They made two more tries on 12 December 2001, then nothing more arrived until 10 February 2002, when the envelope sender was "reedscienc@ProcessRequest.com".
All of the senders above are in the local deny list, so there may be other valuable commodities on offer that Nadine will never hear about, at least not from the Grouplotto Borg. etracks.com made multiple tries nearly every day until 13-Feb-2002. networkpromotion.com tried a little less frequently and apparently gave up after 26-Jan-2002.
Miss Cleo's Psychic Insight Blows a Fuse
The GroupLotto product singled out for special treatment was a series of breathlessly vital disclosures from Miss Cleo.
She Who Knows All was so convinced of Nadine's existence that she took the trouble to send a personal note. A short time later, apparently unfazed by the lack of response, Miss Cleo sent another enticing missive.
Perhaps the puzzling lack of response (should we assume that psychics can be puzzled?) led Miss Cleo to send a poorly formatted rerun of Message Two, this time through networkpromotion.com rather than etracks.com.
Who can fathom the mysterious ways of the Gifted? Gumshoes in Florida, perhaps?
TargitMail (GTMI, Walt Rines)
Here we have a true relic of the rip-roaring early days of unsolicited broadcast email. I will make no comments, other than to suggest that the reader who wants to know more may submit the strings "Walt Rines", "IEMMC" and "picklejar" to www.google.com and especially to Google's Usenet Newsgroup search engine, looking in the news.admin.net-abuse.* groups.
TargitMail began sending itsImazing stuff from various tm0[digit].net addresses on 28 November 2001, beginning with tm03.net. They subsequently have sent from tm01.net, tm02.com and tm04.com as well. All of these domains are in the deny list. They made their last successful delivery on 09 Jan 2002 with a nice itsImazing offer of great deals from Fingerhut, sent from the heretofore-not-blocked tm02.com. They were last seen in the server logs on 09 Feb 2002.
customoffers.com
As uninvited spewers go, customoffers.com is pretty unremarkable. They first showed up on 9 November 2001 and managed to blap in 17 messages before I finally blocked them. Like most of the others, however, being rejected with a "553 Depart Ye Cursed Spammers" message initially did not impress their infrastructure.
They appeared to have given up after 22 Dec 2001, but then something arrived from the Scott Hirsch operation claiming to be an advertisement for stuff from Sears.
em5000.com, em5000.net
On 28 November 2001 em5000.com began sending touts for ImazingOffers, winfreestuff, ItsAllAboutGreatOffers, Chase Manhattan Bank, gambling and college scholarships. Five messages in three days caused them immediate admission to the elite ranks of the blocked.
There is reason to believe that this was not the only list they have ended up in, as they changed IP blocks and reappeared as em5000.net, managing to slip two more in on 12 December before I noticed and updated their listing. Like so many others, they tried frequently for quite a spell.
02-Feb-2002: They are now using a new envelope sender, jdrmedia1.net
11-Feb-2002: This time they have decided to abandon even the pretense of using a valid envelope sender, and claim to be something "@bounce.37.121.144". This would appear to be a seriously dim move, given the number of systems that now refuse mail from an invalid envelope sender. But then, the whole operation seems to be characterised by a significant lack of wattage.
intervolved.net
This player sent the usual "thanks for signing up with us" note in late November, 2001. I am personally fascinated by the "if you don't opt out, you have agreed to our terms" bit. I'm also somewhat intrigued by their "This message is not intended for anybody living in a state that has an anti-spam law" clause. What do you suppose that means?
They went into the bozo bin after the third blast on 04 Dec 2001 and were last heard from on 06 Feb 2002.
ixs1.net, ixs2.net
Before joining the Chorus of the Banned, this domain pair sent Nadine four "winfreestuff.com" adverts, beginning with this one, in which the senders claim that Nadine visited their web site and entered a sweepstakes.
I suppose it is indeed possible that the real "Nadine" was still giving out the same wrong email address 613 days after committing the first error. Personally, I have confidence that she would by this time have noticed that nobody ever responded (at least not in a way that she could observe).
After a long hiatus, they made another attempt on 11-Jan-2002.
ROI1.NET (Img Direct)
Their first one is a keeper: entirely HTML, work-from-home opportunity, web tracking bugs. Plucky though blocked, they kept trying until 11 Feb 2002.
oii1.net, oi2.net, oihost.net (Optin Inc)
The first piece is an IMPORTANT NOTICE reminding Nadine that "per our TOS (Terms of Service), you wisely agreed to receive third party promotions from our network's preferred affiliates". I was so overawed by a mention of Terms of Service from this well-known Florida operation that I somehow managed to leave the web bug in while trimming the HTML portion.
A few days later, two copies of a "Confirmation" arrived, identical except that the second one fails to mention "Custom Offers". Perhaps I was too hasty in blocking customoffers.com and missed all of the valuable information about Nadine's voluntary subscription to this wonderful service. Life has its unexpected setbacks.
sendoutmail.com
Nadine received one message and a couple of subsequent blocked delivery attempts originating from this domain. A responsible party from this domain has contacted me personally, and I have responded to his request for the details of the messages sent to Nadine. Being convinced that sendoutmail.com is making a determined effort to adopt the most effective list management practices, I have removed the IP and envelope sender blocks against sendoutmail.com.
topica.com
This message was surprising and profoundly disappointing. I had been led to believe that topica.com were rather strict in their list verification standards. If they would like help in diagnosing the point of failure, I'll be happy to assist. Unfortunately they were still trying to deliver email as of 14- Feb-2002, despite numerous rejections (and several visits to this page from topica's corporate IP space).
DM360.com
The list is sold yet again. On 19 December comes an advert apparently for REI sent by dm360.com on behalf of network60.com. Visiting the link, however, just gets you to www.freebieclub.com, with no obvious REI involvement. What a tangled web.
This sender has made a sufficient number of subsequent attempts after being blocked to rate their own reject log page.
Later on in the piece (30-Jan-2002), we find that their erstwhile client, network60.com, has decided to take things into their own hands and do their own polluting of the general netspace. (Or, perhaps, the two entities are really joined at the hip. Who can fathom these mysteries without buying a programme from a passing vendor?)
Postmaster General (pm0.net)
This sender's customer at least doesn't bother to try the "thanks for signing up at our web site" prevarication or the "you visited a 'marketing partner' and requested drivel" pretense. The lack of HTML is also a redeeming feature. pm0.net was added to the parade of unwelcome intruders, and they hammered away until 02-Jan-2002. I removed them from the deny list on 15-Jan-2002 after having a conversation with the Mindshare Design Standards & Practices people, who convinced me that changes are afoot at pm0. If this turns out to have been an incorrect impression, I will note it here.
Bigfoot Interactive (bfi0.com)
I've always been fascinated by a "this message is confidential -- don't do like we did and send it to a completely unrelated party" clause in email and FAX messages. What exactly does the sending party in this case have to hide, might one ask?
Virtumundo.com / vmadmin.com
Here is an organism that claims that somebody who doesn't exist went to a web site (the same one the itsImazing folks claim she visited) and gave permission for them to send bunches of advertising.
What makes this all the more fascinating is that somebody from Virtumundo apparently visited us here a few hours before the spam started.
Interesting news: Virtumundo has announced a lawsuit against two list vendors, including Mindset Interactive, who provided the list for the message discussed above.
Scott Hirsch (edirect.com, offermail.net, eDirectNetwork, optin-offers.net)
This submission arrived in the wee hours of 30 December 2001. These notes were originally slotted to appear in the "Spamming Scum" section, in view of eDirectNetwork's colorful history of adding unwilling participants to its list of targets for valuable offers. Upon reflection, I decided that eDirectNetwork meets many but not all of the criteria set forth there -- at least, not recently. So, eDirectNetwork joins the other Florida operations here in the slightly more prestigious "Hogs" section.
The apparent proprietor, one Scott Hirsch, has been mentioned in the press from time to time. A brief Google search for this entity nets quite a bit of discussion of their, uh, methods. Those who want an example of the great care taken by this organization to verify that the recipients really want the advertising may observe eDirectNetwork spamming the abuse address here.
As for offermail.net, you have to admire the earnest, honest sincerity of a firm that in its domain registration gives its business address as the White House and its telephone number as toll-free information. Spiffy folks, to be sure. (And not entirely on the mark when it comes to research. An Authoritative Source has sent me tidings to the effect that the White House ZIP is actually 20500.)
I held off chucking offermail into the bozo bin because, I freely confess, I wanted to see what would happen next. I speculated that Scott might read this and spoil my fun. It has been several months since he has hit one of my personal addresses.
However, on 03-Jan-2002 "what happens next" was not at all unusual as spam goes (although I do have to wonder whether the return-path account name is a bit spelling-challenged). So, I blocked offermail and waited to see: would they pay any attention to bou[n]ces?
Nope. (But they did eventually fix Irma La Bouce).
Then, on 09-Jan-2002, our dear comrades at CustomOffers apparently leaped into the hammock with our friends at eDirectNetwork and sent Nadine an important custom offer for Sears Custom Fit Windows. Shades of Diana Mey.
And then, sent to the "Tagged by SPEWS" sump by an incorrect mail sorting filter, there is this gem, in which Scott urges Nadine to consider plastic surgery for breast augmentation.
Time to bung eDirectNetwork into the deny list and give them their own rejection log.
On 13 Jan 2002 another metamorphosis occurred, and stuff started arriving with an envelope sender of optin-offers.net. I was not particularly quick on the deny list entry update, and ol' Scott managed to slip in two more that afternoon. The first was a delightful Path to Sudden Wealth blandishment, which offers yet another Work From Home and Make Big Bux opportunity. The other one was sent apparently on behalf of Gevalia Coffee, who certainly should know better.
PO-1.COM
Yet another itsImazing tentacle put its suckers on the window on 17-Jan-2002, with threats of even more exciting offers soon to festoon the lonely inbox. Into the bin with them.
Mediatrec
Transmissions with an envelope sender of something@MEDIATREC.ROI1.NET were a regular occurrence here until they halted suddenly on 3 January 2002. Then on 19 January 2002 this mysterious piece arrives, with its peculiar "sorry to see you go" clause, but with links that appear to point strictly to an opt-out function.
Curious to see what their list management practices might be, I visited their web page, signed up for their mailings and waited to see what would happen. A short time later this confirmation message arrived, inclining me to the belief that they do indeed practice safe mailing, at least as far as new subscribers at their own web site are concerned. Time will tell.
24-Jan-2002: What time tells us is that they don't practice safe mailing when purchased lists are involved, as they dropped this item in the hopper on behalf of VoiceStream Wireless. So, into the deny list they go. Bon voyage. The record of their rejected delivery attempts is here.
16-Mar-2002: They've been averaging more than one futile attempt per day for quite some time, sending from the myz.com IP block at 65.105.159.*. Perhaps others have blocked myz.com and/or the mediatrec.com envelope sender, and they needed to find something that would temporarily let them get through. Regardless of the reason, they are now sending from mediatreclists.net, from their own IP space. Since they dumped five days of pent-up traffic on Nadine this morning, it seems likely that they saw a high non-delivery rate with myz.com and needed to make up for lost time. Here is one for Full Access Medical, the subject of many a search-engine visit to this site. Those interested in an exclusive money- making program need go no further than here. Maybe a free cellphone? Fancy an unsecured credit card (of unspecified type and issuer)? DVDs from Columbia House? It's all here, whether you have the sense to ask for it or not (assuming that you exist at all, of course).
So, into the Plonk-O-Matic with mediatreclists.net.
DirectNet Advertising (dnadv.com, valudesk.com, valudesk1.com)
These folks have enjoyed some popularity amongst those who receive and report spam. Nadine also received the "Free Chocolates" spam mentioned in some of those reports. In the non-HTML portion, they began their Nadine involvement with no attempt to explain how they came into possession of Nadine's address. Only if you browse down to the web-encumbered portion do you see the shift of blame to "valued marketing partners" and the typical threat to continue the bombardment if no opt-out action is taken.
Before the opportunity arose to add this section to the story, somebody from a network address belonging to dnadv.com spent half an hour or so reading Our Saga. I hope they come back, now that they are a featured character.
NETWORK60.COM
On 30-Jan-2002 there comes a "Membership Confirmation for NADINE" from an already-familiar denizen of the swamp.
We first encountered network60.com as an apparent client of DM360.COM. One is tempted to speculate about the tendency for apparent clients of spewers-for-hire to begin doing their own spewing, as is for example the case with Mediatrec and ROI1.NET.
When the spewing for RadioStakes apparently began in earnest on 08-Feb-2002, the envelope sender "NETWORK60.COM" went into the bozo bin.
Two-River.com (Harvest Marketing, GDTRFB.COM)
On 16-Feb-2002 we first hear from the Two-River Co-op, formerly known as Prime Offers but calling itself Harvest Marketing in the domain registry. We receive the welcome assurance that "Two-River Co-op never sends unsolicited email", but are forced to ponder: if the commercial relationship is launched with such a transparently fraudulent statement, what sort of confidence shall we have in the worth of the commercial offers?
Again on 15-Mar-2002 we see that things haven't changed much.
And on 20-Mar-2002 it would appear that AOL needed some assistance with their sales programme, with a little help from dnadv.com, for reasons best known to those who best know reasons.
Alas, it looks like it is time for the bin for Two-River Co-op. The envelope sender on the most recent atrocity was . River.com is apparently an unrelated domain in Colorado, whereas two-river.com is in New Hampshire and gdtrfb.com claims to be in New Jersey. Considering that the delivering server calls itself "two.river.com" when in fact it is listed as "jupiter.gdtrfb.com" by its own DNS server, and looking at the river.com web site one may perhaps be forgiven for exhibiting a modicum of doubt that river.com has any involvement with these misdeeds. And in fact my communication with the actual owner of river.com confirms that river.com has no connection with two-river.com and has not authorized them to use a river.com address or host name.
mxsys.net (dandyoffers.com, youclickhere.net) on behalf of memolink.com, dreammates.com et al.
Pretty ordinary. First a mailing for memolink.com, then another one that seems less than fully suited to the demographic information that DandyOffers presumably purchased along with a bogus email address.
On 25-Feb-2002 there was another spam for Sonix Systems / AT&T. Since I'm getting spam from mxsys.net for the "imesh" list to another bogus address @honet.com, there's no obvious reason not to award mxsys.net a prime spot in the bin forthwith. And since they've persisted in knocking at the gates, let's give them their own reject log.
sign2002.com
The presence of links to www.opt-track.net in this piece suggests that sign2002.com is just a new disguise for the masters of opt-in-ness, Optin Inc. Regardless, it has the exceedingly tiresome mendacity "This message was not sent unsolicited. You are currently subscribed to the Open2Win mailing list". As if "you are subscribed" somehow transforms an unsolicited message to a nonexistent person into a legitimate, requested communication.
Gag.
Then again, I'm interested in whether the folks at discounts.com, who don't seem to be affiliated with anybody mentioned in this message, would approve of the apparent sender being "HotelDiscountCard@discounts.com". Hmm... staff@webmagic.com seems to be the place to knock. 27-Feb- 2002: Email from webmagic.com gives me the distinct impression that they aren't too happy with this use of their domain name. Imagine that.
Meanwhile, on 26-Feb-2002 the next piece arrives, signaling that The Hour of The Bozo Bin has arrived for sign2002.com.
Exactis
As a proud carrier of the "Motel Six Discount Card" (or AARP membership, as it is sometimes called) I note that in this piece The Hartford makes some sensible use of the demographic information that somebody fraudulently sold them.
Although they wisely chose exactis.com to send their advertisement for an AARP-branded insurance plan, all was not entirely well in this particular shot. For instance, the valuable quartz clock is not available in Nadine's home state (and apparently only in Nadine's home state). One would expect greater diligence from these professionals.
Additionally, this message is the first one in ages to make an explicit reference to delivere.com. The HTML version of the payload attempts to retrieve an image from the server consumer.delivere.com, which is strange, since the name servers for delivere.com are unreachable (at least from any network to which I have access) and have been for quite some time. Odd.
valoffers.com
What can we say about this initial salvo (other than a minor carp about a missing ">" in the Message-ID)? Not much. We'll just have to wait for the inevitable Drizzle of Irresistible Offers.
Which began to arrive on 19-Mar-2002, manifesting as Yet Another Free Cellphone Offer (YAFCO). Time for a new deny list entry.
dartmail3.net
On 22-Mar-2002 Nadine received a "privileged and confidential" offer of magazine subscriptions by Synapse Group Inc, from dartmail3.net, through flonetwork.com.
tinglobal.com
This is apparently an IMG Direct (optin-inc) operation. More information here. Sample here. The "strict Code of Ethics" bit is a hoot.
jobsonline.com (emailoffersondemand, Toplander Corporation)
One is tempted to speculate just who has demanded the email offers, of which Nadine received four in the three days that elapsed before the sender was carefully inserted into the deny list. Since three of them were very similar YAFCO advertisements -- two for AT&T Wireless, one for Voicestream -- on three successive days, the use of the phrase "this recurring mailing" was particularly apt. Sample here.
We had to destroy the sig to save the sig.
The email talked about their time together and how she was having second thoughts when she called his house and his wife answered.
I responded that she must have the wrong email address. No more messages.
Fight Spammers!
But why doesn't someone do this deliberately? That is, create a domain for the sole purpose of receiving spam only, and automating a banned email list to other servers.
Of course the true domain name would have to be kept secret, but it should cut down on a significant amount of spam to the other servers, and reduce the workload on email admins.
By chance I happened to be reading that site when it got slashdotted. I couldn't figure out why it stopped responding...
I had been looking for info about a spammer called customoffers.com (they spammed nadine). Anybody else being suddenly bombarded by these clowns? Anybody else notice that exodus.net is ignoring abuse reports?
-Andy
Nadine's Address Escapes Into the General Domain of Spamming Scum
Before the messages below arrived, there was still a slim but tangible pretense that this stream of offal was some how "opt-in". The senders sent from their own equipment at [relatively] stable IP addresses; most of the senders were contactable by one means or another. Some of them even made detectable efforts to be legitimate, ethical businesses. Some of those appear to have failed more through lack of competence than lack of ethics (although it is important to note that the net effect is the same, in the end).
Such is not the case with the senders in this section.
Demonstrably they are fully aware that
Their material is unwanted.
The addresses they send to are largely scraped from public forums such as Usenet newsgroups, web pages and user profiles -- places where people reveal their email addresses with no expectation whatever that they will become the victims of postage-due electronic advertisers.
System owners will take measures to block their transmissions.
With this set of facts in mind, they take steps to evade, whenever possible, efforts to stop them from blowing their trash into people's mailboxes. These steps include
Sending from "throw-away" dial-up accounts. Eventually enough complaints will arrive at the dialup provider that the account they are using will be deactivated for network abuse. But they expect this, and have opened a large number of such accounts; when one account is cancelled, they merely proceed on to the next.
Hijacking email servers -- there are still many email servers that will allow anybody to use them to send email. By setting their spewing software to send through these open relays, spammers gain several benefits, chief amongst which is that they can consume someone else's bandwidth to do their dirty work. By rotating their spews through a large number of servers, they increase the likelihood that they will be able to bypass countermeasures in place at their targets' providers.
Adding "filter busters" (strings of nonsense characters) to the subjects and bodies of their messages, in the hope of confusing filters that look for known spam messages.
The "AmyWilson@btamail.net.cn" Spammer
Messages with this "From:" address (and multitudes from other addresses taking the form "[some female name with surname]@btamail.net.cn") have arrived here before, all sent to addresses that either were scraped from Usenet posts or were the targets of spammers before honet.com was even registered as a domain.
In this case, we see a message with classic "spammer" hallmarks -- origination from a dialup, sent through hijacked servers. It claims to have been sent on behalf of Sonix Systems, LLC, an AT&T wireless dealer.
Random spam through ptt.ru
Those who track spammers as a hobby or a full-time job will recognize a number of familiar things here, assuming they want to wade through atrocious quoted-printable-mangled HTML.
Inept Pump-and-Dump Stock Scam from optinservices.com
Here we have an exceptionally incompetent attempt at shady activity. First, the spammer unwisely chose to steal relay services from a Korean server that failed to mask the sending IP address (65.213.157.9), which belongs to optinservices.com, supposedly in Pompano Beach, FL. Then, the HTML payload appears to have been prepared with Microsoft Word, which inserts abominable amounts of cruft but also embeds intriguing information, including the apparent original author's names, which in this case appear to be "Natalie Morgen" and "ECogen". Finally, it was sent with an unreachable domain, offers4utoday.com, in the envelope sender; this will cause lots of well-run systems to reject it immediately. As spammers go, this lot are not leading the league.
And of course, in keeping with the Sacred Traditions of Spamming, the usual "Murkowski" S1618 disclaimer demands that we accept this piece as legitimate communication, even though this legislation was never enacted into law (and even if it had been, this spam doesn't actually comply with it).
Wanting to share the joys this gem has brought, I sent a copy to the "enforcement" mailbox at sec.gov. Perhaps they will find it valuable.
4optinonly.com: The Buffoonery Continues
The next day after the optinservices.com fiasco, we hear directly from 4optinonly.com, the domain that appeared in the "remove from list" link above. Oddly enough the sending server called itself "optinservicesco" when it connected here, even though its IP address carries the whimsical name "optin2.4optinonly.com". Ah, well, at least both of the supposed senders are named "Debra" and they both tell us that Nadine is a subscriber to the eNetwork mailing list.
The overwhelming impressions of honesty and competence here would certainly motivate me to seek an unsecured gold card through their ministrations. I'd probably make some investments, too. Yep.
13-Mar-2002: Not wanting to leave any doubt about who was responsible for the first stock fraud missive, but keen to clean up the MS-Word-to- HTML disaster, they resend a less-crufty version of the original not-from-a-Kim-and-Eddie-Marin-IP tout. Oofta. Hyphen city.
Then on 26 Mar 2002 the menagerie is augmented by a piece from addmeat.com/addmeat.net for quickenloans.quicken.com, and on 29 Mar 2002 a new but still MS-Word-cruft-infested version of the LKNG pump-and-dump stock tout.
We had to destroy the sig to save the sig.
I've read about this before. Here are some more sites that have info about Nadine. Honet
The EZBoard thread
Article with a bit of info
And one last one
That's it
Canadian Cynic, canadian politics is less boring than you
A link to a Google search of pages which link to the original page. Since the original is all links, this will probably be more helpful. Obviously, try clicking on the cached version, duh...
http://www.google.com/search?hl=en&lr=lang_en&num= 30&q=link:PzYbVLt75vYC:www.honet.com/Nadine/defaul t.htm
A bit OT but...
If you made a mistake in your contact info, you could've rectified the problem by voice phone and fax. That's what I did when the contact info for a domain I registered had to be updated because the email was an expired domain for a now-defunct company. Network Solutions had surprisingly good customer service and once they verify the credentials via fax (or even snail-mail) they will make any changed required without the use of email.
That way seems low-tech and backwards, but you don't need to register an otherwise useless domain and it costs nothing more than your time (certainly mot much more than the trouble of registering a domain and setting up the DNS).
Us techie types should be careful not to overlook the most simple solution because it is low tech...
OTOH, the useless domain could be useful to keep track of how many OTHER people make that typo...kinda like the Slashdor site...
Wow, here I thought I was alone.
=+=+=+=+=+=+=+=+=+=+
Bob@bob.com
Internet Scapegoat
Phone: 977-882-2515
Fax: 977-882-2514
=+=+=+=+=+=+=+=+=+=+
no workie I say
now it IS /., :)
I made a typo while changing my email address in slashdot's preferences. Now I cannot change my email or password. Go figure....
Google mirror of the article.
Hacker Media
Perhaps I'm confused (or maybe it is because I got bored and only read 10 of the many links on that page), BUT, I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.
In my experience, trying to follow up or research these spammers is generally a useless waste of time. Bounce them, sue them or further change the law. Doing more is just going to frustrate yourself, IMO. Remember when you call around and get put on hold and follow the paper/isp trail you are wasting a lot more of your time than theirs.
-Sean
Oh, wait, I can:
Spam.
Move along, nothing to see here. Nothing you haven't seen already or will continue to see for the rest of your lives.
Could anyone sum up this story for me? I had a hard time trying to understand what's happening based on a bunch of disjunct google cache pages. I don't know why a single page could have been used.
All I can get at now is that someone mistyped an email address, and that mistyped address was spammed to hell. What's the loss besides some unnecesary traffic?
Spoon not. Fork, or fork not. There is no spoon.
Sign up for a Yahoo email address and use that address when signing up for anyting. Dont most people do this? I know i do and it keeps my real address relitivly clean where my "sign up" address gets hundreds of emails a week.
The real point of the Nadine story is demonstrating how spammers are reselling and distributing spam lists.
Some of the spammers hitting Nadine's Email address are trying to act as responsible members of the bulk emailing industry, while at the same time blatantly violating online privacy policies (their own, and their list suppliers') left and right.
The point of the story is to point out how effective "industry self regulation" really is.
Proletariat of the world, unite to kill spammers
In Soviet Russia, I ruled you
1. Use uce@ftc.gov as your browser email address while surfing.
2. Use president@whitehouse.gov as your login address when signing up for something.
3. Use spamcop.net if you have the time.
4. If using PINE, then BOUNCE all spam to at least uce@ftc.gov
5. If using Microsoft email - um, well, you've got problems - you might as well give up now.
-
--- Will in Seattle - What are you doing to fight the War?
Let's go register billg@microsoft.com on every "sweepstakes" page we can find out there, and then let those geniuses in Redmond figure out how to filter the resulting spam! As a variant, try inventing random names in the microsoft.com domain. (Actually, I already do this every time I encounter a web page that REQUIRES my email address before continuing. I can only imagine that Microsoft has procedures in place to deal with the flood of spam they must already receive.)
I'm using spamcop.net and it's cut down on my spam by about 85%. Cost is $30/year for having your email filtered. Some spam (15%) still gets through but you can submit that to them to ensure others don't get the same spam as well.
(I have no affiliation with spamcop.net except as a satisfied customer.)
This is not redundant! This is the easiest way to read the whole thing!
Sure, some of it could be from spammers sharing addresses and lists, but some of it might not be.
Free Mac Mini
Why not make the spammers combat the spammers?
My idea has two parts. The first is awful and dirty, but the second is excellent.
First: Build a list of known ways to get an address into the spammer's hands. Build a tool that can fill out a web form and post it and another tool that can subscribe via an email. Subscribe thousands of fake hotmail, msn, yahoo, juno, excite, etc addresses to the spam lists. Spammers can only send so much spam. If they're sending half of it to addresses that don't work, they'll send you less. Second, these companies have real clout and could get something done about these spammers. Sure, it will cost them money, but they'll just lobby, get a government task force and some FBI help and all will be done.
Second: Most spam has an unsubscribe email. About half of those actually resolve to a real domain and sometimes a real account. Subscribe the unsubscribe emails to spam too! The spammers's return mail servers and connections will be clogged!
Just a thought.
"I threw up my hands in disgust and wondered if it had been such a good idea to have eaten my hands in the first place."
I purposely have done this.
/.), some legit commercial businesses, some obvious spam. The mailbox fills up roughly every 30 hours. I plan to continue this for a few months, until it will be impossible to distinguish my real name from the fake names. Whomever picks up the account next will be in for a treat as they open their account and start getting thousands of messages a day, random names, and all.
See, I signed up for a hotmail in it's early stages ('97). I used it for everything, including online purchasing, friends, family, you name it. At some point something happened-- one of the forms I filled out, or someone sold my same, and I started to get mail addressed to my real name, at that address. This semi-scared me.
So recently I went to cancel the account. Hotmail by default will consider your account "cancelled" after inactivity of 90 days. I cannot click something that says "Forever, never use this e-mail" My fear is that others will get this e-mail after I have cancelled it, and they will see my real name.
The best solution I have come up with is to fight fire-with-fire. I now sign up for every mailing list I can, each with a different real name. I now belong to over 400 mailing lists(including
It's so sad it's come to this.
fslg503-985-8686503-985-8686503-985-8686503-985-8
I have a domain that's ONE LETTER OFF from Yahoo. (Well, it has one extra letter).
Very often, wise-asses mutate their email addresses when posting to USENET with this additional letter, thinking they've stopped their spam. They haven't. *I* get it.
Of course, I don't see 99% of it--it's thrown in the bit bucket. However it is disturbing how much I get. Not only from email address grazers on USENET, but from people who use fake email address--often in my near-miss domain, and sites that gladly add it to their mailing list without a confirming email. Some of these are otherwise "reputable" companies, too. (This is so they can claim they have 4 billion registered users--easy to do if you don't verify!)
--
Ask the Ya-Hoot Oracle Anything!
Years ago, I registered the email account crawdaddy*AT*hotmail*DOT*com. Since then, several other "crawdaddy" accounts have been opened on hotmail. Many of these people forget to tell their friends/services they're signing up with that there is a number that follows their name, ie. crawdaddy69@hotmail.com. I have gotten several misdirected emails, including personal invitations to join someone on a trip, details of someone's personal life, two very detailed accounts of someone's sexual exploits, and one highly suspicious email that indicated something very illegal and fraudulent was going on somewhere and that the "crawdaddy" that should have received it is involved somehow. Of course, I also get exponentially more spam on this account that I do on any other account that myself or my friends have had for the same period of time. I now check my inbox twice a day just to clean out spam so that my hotmail account isn't temporarily disabled because it's reached its limit!
All the good stuff in on another page and Google doesn't cache-thru, that is to say the links on a cached Google page point to real addresses and not cached Google pages. I tried archive.com that probably doesn't have it cached yet and got: We're sorry, but due to the overwhelming response, the Internet Archive Wayback Machine is temporarily down for maintenance. Access to the past will be available in the future. Please check back with us at 4:00PM Pacific Time.
seems a popular post.. all the top hits at google seem /.ed too..
Make you wonder just how many *millions* of trash email addresses and fake names are in many databases that collect info from web forms.
How often does a person enter false info because one *has* to to download, proceed, etc.
I dunno, it IS from "honet".. I'll be that's capitalized as HoNet.
XML is like violence. If it doesn't solve the problem, use more.
What a really lame way to get karma. Break the message up into many parts just to get informative multiple times on each. Lame!
Story of Ricky might do well here.
I setup SpamAssassin on my mail server and it catches about 70%+ of all the spam I get. That's a big chunk! Just thought I'd share.
Better. I collect spammer phone numbers. Anybody want a copy of my list ?
Veteran, Bermuda Triangle Expeditionary Force, 1992-1951
This story (and a fairly boring one I must say), seems to imply that nadine@hornet.com propagated from one hand to another, presumably by list selling.
.... the same person kept entering the same wrong address on countless sites.
Now, here's the other alternative
I usually recycle the same wrong addresses when I need to sign up for free registration garbage. It's always, none@none.com, me@hotmail.com, etc.
Who really knows what happens on this crazy internet thing.
The thing that I find amazing is that these spammers are flat out lying. They claim that ficticious entities "opt in" when they clear could not have done so. Doesn't this constitute some kind of fraud? Is there no legal recourse?
"Your superior intellect is no match for our puny weapons!"
I've taken a different approach to keeping my spam under control..
I have 1 address called spam@mydomain.com that goes straight to the bin.. no question about it.. anything sent here is crap.. I use this one for any site that requires and address and I don't care if I hear from again.. If for some stupid reason I may need to use a working address I'll use the companys name.. adobe@mydomain.com would be one example.. It all ends up in the same account anyway so it's no trouble..
Now if that address starts getting spam it's quite easy to send any incoming mail to that address straight to hell. as a bonus I know what company sold my name and I can add them to my shit list.
So simple it's stupid..
If you think it's expensive to hire a professional to do the job, wait until you hire an amateur. --Red Adair
Whenever you register for a site that requires your email address, use the address of a local congressman instead of your own!
if they enterd the wrong address on the home page of /. and another site got slashdotted
:-P
The war with islam is a war on the beast
The war on terror is a war for peace
Please publish it on /.
BTW, I post thousands of spammer URLs on my web sites, as mailto:joeblo@spammer.com for their web robots to harvest, so they can send spam to each other. Don't know whether it works but what the hell...
Now, if you really want to impress us, come up with a search that returns all pages in the correct order.
:)
Four emails a month does not constitute a "pounding", nor does it constitute a "bombardment". All told, there might be a hundred emails a month going to this nonexistent account. Is his mail server running on a C-64? Can't withstand the constant shelling of 3 emails a day? I mean, fighting spam is noble and all, but using terms like bombardment and pounding with such small numbers just makes him look silly.
It was simply to hard to resist, I tried not to but..... After reading this story I just had to go to yahoo and search for "sweep stakes" and sign up Mr Simply Ironic, (ironic@honet.com) for a bunch of cool and exciting offers!
I should be taken out back and shot.
Try clicking here to read the Google cached pages for this story. -Elentar
The wheel it turns, around and around, with an ancient rumbling sound.
That was the biggest Karma whoring I've ever seen. Not necessarily a BAD thing, but something that shouldn't be modded up to +5 informative/ interesting on EVERY post. +3 is fine, but more than that is the guy beating the system. Good idea though.
No sig for you.
http://216.239.51.100/search?q=cache:www.mypage
There is no need for any of the junk that gets tacked on at the end, or for the string of nonsense between the colons.
"Nadine" indeed.
When I first signed up at pobox.com I wanted to use whiter@pobox.com but some Brazillian guy already had it, so dispite my years-long use of "whiter" for various purposes I was S.O.L.
Aparently he has receintly started having to use an "rwhite" login name for a bunch of stuff because he has apparently sent (my email address above without anti-spam) instead of his own to several spam-list-generating forms.
How do I know? The flood of spanglish spam that is hitting my mailbox. Mostly it seems to be coming from variations of random_evilspammer_@_whatever.ar, the worst offender being _various_people_@yahoo.com.ar
The sad thing is there is no mandated "remove" mechanisim on most of this (non-US sourced) mail AND the postmaster persons at these sites don't respond to my "please god make it stop I don't speek any kind of spanish" requests. [Probably because they, in turn, don't speek english, possibly because they don't have to care.]
I have been led to wonder if whiter@pobox.com is trying to get me to surrender my own alias by signing it up for spam. I don't think this is actually the case but what a technique! (Then again the account would be useless once I surrendered it so it is a self-defeating technique.)
Remember: Never attribute to MALACE that which can be adequately explained by STUPIDITY.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
Yes, it's true -- the very single-opt-in mailing lists that are used by spammer scan be used to fight back.
Spam Can Be Fun
Not only that I get virus emails from the spammers too. Right know some bozo is continuly sending me klez email. Hahahahaha
What is pirate software? Software for inventory of stolen treasure?
billg@microsoft.com
a contest where you win a delorean. I would either win, or you'd buy me one.
Whenever I am asked for an email address from an non-reputable site, I simply give a fake one such as wigglebroggle@frogtoggle.com. My friends do the same thing, except they always do randomaddress@hotmail.com. I know a lot of people who do that. Hotmail must be swamped with invalid emails... Also, I bet some of the "fake" addresses turn out to be real and some poor people start getting spam they don't deserve. "Accidently" type the wrong address...ha!
Please, don't pull domain names out of a hat. There is an official fake address that you can use:
me@privacy.net
See their website for more info.
A friend of mine runs a domain that happens to be used a lot by people who think they enter a non-existant domain, and it's driving him nuts. Well, there is some amusement value in noticing how many variations people come up with, but still...
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
But why doesn't someone do this deliberately? That is, create a domain for the sole purpose of receiving spam only, and automating a banned email list to other servers.
[Details on how to set up the TRAP deleted.]
That answers the first part of the question...
But how about the second part? Is there an existing tool to automate the conversion of the collected spam-trap mail into denials of future mail deliveries (and perhaps also to purging of still-enqueued letters to real addresses earlier in their mailing list order)?
Better yet: It could also modify the behavior of the SMTP server so it spawns a (limited nubmer of) "sticky TCP connection" child process to hang the spammer's bulk-mailing tool. Deploy a bunch of these puppies around the net and spamming becomes impractical once the spammer's mailing list has acquired a few addresses on spam-trapping sites.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Uh, aren't being you a little paranoid? So what if someone gets your real name in a spam mail? I don't see why they would find that so interesting.
True warriors use the Klingon Google
Spammers are very apt at verifying that their address lists actually work. Ever get a spam that seems really outlandish? A spammer asking for assistance in time travel? A kook that proclaims the end of the world is nigh? A totally empty message body?
Chances are they were just checking to see if the mail bounced.
If you have your own domain, try this experiment. Create an e-mail account, say: john.doe@your.domain. On your home page, publish the e-mail addresses john.doe@your.domain and jane.doe@your.domain. Make sure mail for your virtual jane is bounced with a "no such user" error. Watch how long it takes for john.doe to start getting spam. Check your logs for attempts to deliver to either john or jane.
If your experience matches mine, spam for john will be at least tenfold of what jane gets after about a month. After about a year, the relative difference will level off, but if by that time you create jane.doe@your.domain you will probably notice that she is very popular with spammers who do not speak your language.
One can debate which is worse, the bombardment of spam in a language you can read or the bombardment of spam in a language you can't, but feeding spammers fake addresses will only "hurt" the extremely stupid ones.
Not that there's any shortage of those. I get spam advertizing piano lessons in South Buenos Aires or airco repair in Hong Kong, and I own no airco or piano.
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
Say I receive a spam mail from spamcompany.com, I could go to alsospam.com and register to receive mail at doesnt.exist@spamcompany.com. Do that a couple times and you endup with spam companies using their resources to spam eachother...
Opus: the Swiss army knife of audio codec
I really hope that the author of the article implied sarcasm when he was "not worried" that the spam sender had a "privacy policy" registered with that TrustE or whoever the authority of the week happens to be. I can't believe people actually believe any site's privacy policy. Sure it says all the BS about how they won't sell your info, but of course it also says they can change it at their discretion, which is how they get around it. Call it the "Darth Vader" rule of contracts.
This reminds of a friend of mine who was outraged that her supposedly private email address (which she only gave to 3 friends and never posted it online anywhere) received spam. I told her it must have been her ISP that sold her email address to a spammer, if none of her friends indeed didn't give it out. She told me it couldn't have been them because it was "illegal" for the ISP to do that. Of course its "illegal"... doesn't mean they won't do it though!
IMHO, no privacy policy is worth the paper on which it is written (which is true because most are not printed out). No matter what any site's policy says, it is safe to assume that they can and will sell all of your personal information to the highest bidder (along with everyone else). We need to stop being naive enough to believe that companies actually care about our privacy. As long as its profitable for companies to sell information, it will always happen.
I hope I didn't come off as a troll, but this cynical view is based on many years of experience dealing with online and offline vendors. None of them has ever respected my privacy, and none ever will. But knowing this, I can adjust my buying habits to ensure my privacy isn't compromised too badly.
In case of fire, do not use elevator. Use water!
The trick of creating company specific addresses works if you have full control of you e-mail domain. If you don't, it's possible that plussed addresses do work. If your e-mail address is john.doe@company.com, enter john.doe+evilcompany@company.com when Evil corporation wants your e-mail address to download, say, their Evil Player.
If plussed addresses don't work at your provider, bug them.
A really sophisticated way of doing this is to use TMDA, which extends this concept into time-limited addresses as well as more classic notions of "tagging" an e-mail address.
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
Now i know which e-mail address to use when i'm signing up for spam!
nadine@honet.com
True story:
Embarassing - but true.
I used this in my browser (Netscape) for fear of this info being harvested.
I was working through a legitimate issue with my mail client and fired up Netscape mail to test the issue (forgetting that the wrong name was there - I do not use netscape mail).
To make a long story bearable... I managed to send mail on behalf of the president - to a legitimate address.
The whitehouse actually tracked it back to me (Not difficult as I was not trying to hide - just stupid).
So out of some degree of respect for the whitehouse.gov mail admins I now use whitehouse.com. A VERY different address. They deserve it more.
Posted anonymous Coward with good reason.
I wonder how many spammers get punched in the face.
It sounds like a satisfying thing to do, doesn't it? One can't really feel bad about punching an honorless cur, especially in the face.
I read the whole thing and I still don't know if she won the sweepstakes and then the poor dear didn't even hear about it or get her oodles of cash.
-pyrrho
I'm a firm believer in Sneakemail and customizing email addresses for each site you visit. This shows that, unfortunately, even non-existant email addresses still get spammed. That drags down their resources. What we need to do is get rid of the open relays and the like. Its obvious that MAPS and RBL will only be able to do a certain amount of blocking. Spammers are very creative and have minimal costs.
I've been the technical editor for Maximum PC magazine for almost two years. Before I worked here, I worked for Ars Technica. At some point or another all of my email addresses have been posted on high traffic, public websites. Heavy spam has been a part of my day-to-day life for the past 4 years.
It's gotten much worse lately. On any given day, I get about:
20 viagra sales pitches
20 penile/breast enlargement ads
20 get rich quick schemes
30 different porn ads
10 you've won something messages
and another 20 or so messages that don't fit a category
Add anywhere from 3 to 20 assorted virus infected messages, the 20 or so press releases that come in every morning, and I don't know why email's even worth fooling with for the four or five messages that I actually read every day. Most of the repeat spam gets filtered and stored in a special folder, but I still end up seeing 25% of the total spam in my inbox every day.
Does anyone actually think that spam control legislation would help at this point? Most of the stuff I receive comes from the Pac rim countries or Russia. Anyone know any Congressmen or Senators who are pro-spam control?
As a short term solution, does anyone know a spam-filtering good POP3 client, or preferably a proxy I could use to filter spam that uses the MAPS or SPEWS lists?
///Will Smith
There are some e-commerce sites that don't work right behind a WebWasher proxy, but most do, and I buy from the ones that work, so there's no problem there.
I especially love the s.1618 disclaimer in the Argentianian spam. That guy is absolutely clueless. He spams for hire. In the spams he gives real email addresses, in the body. The best thing to do is make a 1meg .tif file that says "REMOVER" and send it over and over. They have difficulty downloading the real responses over their dialups with those mixed in. One guy (a shop in Buenos Aires that makes case mods) got pissed and sent me a picture of a middle finger. That's when I knew I won.
...to respond to my own comment. Here is his site which is still up. He sells these half-ass case mods. I emailed Northsky abuse a few days ago and they left his page up. So please /. it.
http://cinamaster.8k.com
Even more Damaging would be this inventive scheme.
.forward that uses this aforementioned spam-legit-list and forward all spams to them, as well as the randomly generated email addys at the spammers domain.
All it would take would be a couple of bogus addresses run by a few people in different locations. Let these things become well-known spam-sluts.
Collect the addresses of the spammers for the first few months. Then, change the account so that, with each spam it recieves, it sends an email out to a well-known usenet spam-harvest list with emails of the spammers, as well as randomly generated addresses from the spammers domain.
To further make this evil, though it might cost you that account, have a
Linux - Because Mommy taught me to Share.
Evil Email, which is closed until the 17th, has the domain IFuxxedBillGates.com. I've tried to get spam from all over the place, and for some reason, the only people who will are Microsoft. I've tried to opt-in. Even Borders won't accept it. Maybe Nadine should use this...
~~~
Click here, you know you wanna!
Then again, if there's a www.joeblowforcongress.com sort of web site... nah, you think the candidate is going to listen to the complaints from his minions?
Build stuff. Stuff that walks, stuff that rolls, whatever.
Is anyone else a little puzzled by this article?
I mean I tried to figure out what in the heck it was talking about... I read through a little of it (bear in mind I have a short attention span.) In the entire minute and a half I spent reading I learned the following:
- Some old lady gave an incorrect address to spammers
- Some guy is bitching about how the spammers now spam him constantly.
Insead of frickin' plagiarizing the first paragraph of the site (this seems to be the norm for slashdot articles) could submitters or gasp!) editors give some sort of summary? Don't just copy and past out of context!
Bitch!
I only enter my email address in web forms when I really have to, and even then I customise it in the following way .. Say I am filling in a form at HP's web site (HP picked for ease of typing only), I use the email address:
.. Really easy filtering into folders. Just look for destination myrealaddress+hp and jam it into the HP folder.
.. Good tracking of who is selling your address to who. If someone else starts sending to my +hp address, most likely HP sold it on (excluding cases - like messageboards - where it might have been html harvested).
.. Ease of blocking. If I give up on that email address because of excess spam, I can filter it easily. Or I just just say "exclude all email to this address that does not originate from *.hp.com"
myrealaddress+hp@myrealdomain.com
Note the +. Sendmail (and probably other MTA's) will ignore the + part of the address, and still deliver the email to my normal inbox. The advantages:
1
2
3
When used with other measures it seems to keep my SPAM down to manageable levels
Geez, back in 1998, I consulted for MatchLogic on their email system. They seemed on the up-and-up, but of course that was four years ago.
-russ
Don't piss off The Angry Economist
I move my spam to the "spam" folder on my imap server. So it never even wastes bandwidth coming down to my workstation (over a dialup).
/,$buf); # split on message header
Then I use this script to fire it all off to spamcop once a day:
#!/usr/local/bin/perl
$reporting_addr = 'submit.yourspamcopidhere@spam.spamcop.net';
$/ = undef; #slurp mode
$buf = < #slurp
@spams = split(/\nFrom
for ($i=1; $i<=$#spams; $i++) {
open (MAILER,"| mail $reporting_addr");
$msg = "From " . $spams[$i];
print MAILER $msg;
close MAILER;
}
Not perfect, and you still have to visit the spamcop site to finish the reporting thing, but it's semi-automated at least. And forgive my clunky perl idioms.
Dear Rob Malda,
I'm going to anally rape your bride-to-be and shit in her mouth after I give her explicit instructions to snowball my steaming matter into your gaping faggot mouth.
Why?
Because you're a limp dicked pussy who runs the perfect DoS scam in the world and you don't want to ruin your gay fun.
Oh ho! They're using IIS and we slashdotted them!!! Take that 81LL G@T3ZZZZ!!! Fucking Lunix queers. There are people on the other end of those web sites who pay good money for bandwidth and hosting, M1KR0$L0+H or Lunix, and you're giving them a financial headache as well as being fucking lame to your readers by having them rely upon karma whores who reload this shit-forsaken cumslap of a weblog every five minutes and repost the text of the site that gets smoked from all the help-desk Stallman wannabes wanting to keep abreast of supposed news.
Google caches web pages regardless of your worries posted in the slashdot faq about why you won't cache sites. Why can't you grow a fucking set Rob Malda who lives on Riley Street or Woodlark Drive in Holland Michigan and just fucking cache pages.
Even better, dip into your SURPRISED BY WEALTH pocket from all the VA Li^H^H Software stock you sold back in the heyday of the dot.com boom at six cents a share (up from half a cent a share when they first bought out your crapsite) and pay for the bandwidth of people who get DoS'ed by having your site link to their site.
Malda's just a script kiddie who had his one clever idea of a lifetime to DoS sites and acting like it's legit pretending it's "news".
When's the last time slashdot had news other than "GATES SUXXX!!!! CLIX HEAZR!!!!", "NATALIE PORTMAN NUDE... WITH COCK!!!" or "RICHARD STALLMAN SUPPORTS CARDINAL LAW AND FATHER SHANLEY IN COCKSUCKING, LUNIX".
Yes it's cute to see a god damned lego brick that runs some dopey hobby operating system but every other fucking week?
Eat shit, slashdot.
I'm coming to the wedding and I'm going to piss on your wife's fat fucking child-hating face.
My grandmother is 75; her birthday was in October. Just prior, she suffered a heart attack, and I decided to resurrect an old Performa 6360 for her so that she could email and ICQ with my mother and aunt. I provided her an email address at a domain I own. The address had never been used prior. My grandmother had never used a computer, and even getting her to be comfortable turning it on was a challenge. I don't believe she EVER successfully sent my mother a message by herself...although I could be wrong. I would bet that she used that computer a grand total of ten times.
A few months had passed, and I had a sneaking feeling that she wasn't using it. I would ask her, and she'd sheepishly admit that she "didn't have time" to sit and work on it. (Yeah, right. She's 75.) So one day in February I decided to peek into her mailbox to see if there was any mail in there that MIGHT be important...I was FLOORED by what I found.
I now have a mail folder sitting in Entourage that consists of 767 (!!!) unread messages. I simply can't bare to get rid of them. The first is from September 20th, 2001, and the last was sent on February 21, 2002, when I killed the account. None of them were "for" her (from people she knows). And some of the products being offered would probably cause her to keel over.
I am currently simply /dev/null-ing any mail incoming for her address...and I'm sure that if I'd remove that filter, the mail would still be flowing. If anyone (say a reporter, member of Congress, or FTC) would like to have a copy of this archive, I'd be happy to pass it along.
767...I love the internet!
Scott
"Hokey religions and ancient weapons are no match for a good blaster at your side, kid."
DMA contacts (such as webmaster@the-dma.org)
Your local congresspeople/parliment officers/etc (such as John_McCain@McCain.senate.gov )
Those fine doubleclick people(such as publicrelations@doubleclick.net)
Don't be greedy, share the love with those who want to help companies share their fine product information with us!
What this article says to me is to use honet.com as my new email site ... :)
IHDAOS (I have done analysis of spam)
It is very likely not the ISP- the money they spend on help-desk complaint people would outweigh the cents received from a spammer.
Spammers will make up lists of names. If you are a john smith, you will get spam. period. Because their lists will have john.smith@X, johnsmith@, jsmith@, johns@... they take lists of the most common names and put together all possible variants. I've seen many cases where they forgot to BCC the list... "asmith, bsmith, csmith...aasmith, absmith..."
Unless your friend's email address is unguessable. Then its likely someone cracked into their system and got the list. Selling it? they'd have to be desparate idiots.
The author mentioned that he sends a bounce message for a nonexistent account. Now assume an opt-in mechanism that works by including a characteristic string (like a hash value) in the message and its subject and scanning for this string in all incoming messages. Now a bounce message that cites even part of the bounced message would be regarded as an opt-in, no?
I've often wondered about that... I mean, the guys who run none.com et al must have some big-ass servers bouncing those bogus emails.
is not filtering the bad, but only allowing the good. If you are the average email user, you will most likely have a list of email addresses that you expect mail from. Solution? Only allow email from those address and bin the rest. Check your spam bin once a month or week, or if someone complains about no reply. Spam problem solved.
Alright, this has been going on for ages, we all go through our short period of thinking we have the power to do something about spam... HAHAHAHA... Face it, connections are cheap, plentiful and many anonymous. I have a total of 14 email accounts (I've been cutting back)... each time one gets out of hand as far as spam I change to a new account. If you think you can filter, GOOD LUCK, the only way I've found that was even slightly effective was the DB that sendmail would check against for spam addresses, and this would only block about 60%.
In my time I have contacted companies directly, ISP's, NCC's, etc, etc, etc trying to stop spam (when I was stupid enough to think I had a chance at stopping this flood).
Anyway, my fuel is spent, I've had my rant, it's time to go... fight the good fight, but know what you actually fight. This is like WareZ, CrackZ, and SerialZ... underground, below and around the law, and in your face constantly.
That's easy. One could easily cross-subscribe lists mentioned in this story to the others (they don't bother to verify requests), generating a flood which will possibly make their servers unresponsive. BTW, real subscribers would get tons of e-mails they have never seen. I wonder what impact on the net would such a tsunami have...
whoever wrote all of that has got to be the biggest loser in the entire world, get a friggen life already
... If it was your real name
Phil McCrevis
Fill My Crevice
You fool.
The FTC has an email address for people to report spam (uce@ftc.gov). Anybody see any reason why they shouldn't create virgin email addresses, wait for spam to them that says "this was sent to you because you opted in" , and then haul the bastards in for fraud?
Private citizens can create spamtraps and use them to report the spammers to the authorities - why not cut out the middleman?
To a Lisp hacker, XML is S-expressions in drag.
Because someone taking over my account (after the 90 days) could then impersonate me (i.e. have my password from another online retailer sent to that mailbox, etc) I don't think it's paranoia at all.
fslg503-985-8686503-985-8686503-985-8686503-985-8
LOAD?
Holy cow, I haven't seen those commands in a while!
I'll be the first to admit that he's probably karma whoring, but I don't agree with modding down for it. I say when it comes to posts like this, just let it be. No modding period. +3 is even too much in my opinion.