The Story of "Nadine"

Guinnessy writes: "We've all accidentally typed in a wrong email address sooner or later. But can it all go horribly wrong? On http://www.spamresource.com there is the story of Nadine, an account of what happened after an Internet user accidentally gave a wrong email address when she visited a web page and signed up for a sweepstakes. Live in fear...."

Both sites choked - Google to the rescue

[Seth+Finkelstein]

Bandwidth-choked.

Read it off the Google cache

(Note to people accusing me of karma-whoring: The search formatting above is non-obvious)

Sig: What Happened To The Censorware Project (censorware.org)

Re:Both sites choked - Google to the rescue

[jafuser]

I happened to catch this article just as it came up on Slashdot so I managed to get most of the pages before they disappeared.

Mirror

Re:Now what about spam-terror?

[reaper20]

It's not perfect, but Spamassassin is pretty damn close.

Re:I hate spam, but ...

[Mr.Intel]

I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.

Perhaps the story itself is not so unique, but I find his analysis very important to understand.

From the essay:

"Subject only to the agreements and contracts that an Internet entity has with its providers and customers, that entity is absolutely sovereign within its own domain. Service providers and system administrators are completely free to decide to accept or reject any network traffic they choose; they simply must accept whatever reactions such decisions may evoke from those with whom they have agreements.

An individual consumer's service providers have absolutely no economic incentive to provide transit and storage for advertising, especially advertising delivered by email. On the contrary, many providers have discovered that swift remedial reaction to consumer complaints about unwanted communications can both increase customer loyalty and decrease operating costs. As a result, the unwritten "I will carry your traffic if you will carry mine" agreement is subject to re-evaluation, with the possible conclusion "I don't care whether you carry my traffic or not, so I won't carry yours." And there are many ways to say "I Won't".

He states that this goes against the very flow of information that transpires in other forms of media. I find it fascinating that people expect to have a captive audience on the Internet because they did on TV, radio and magazines. Frankly, this is a new world and it isn't governed by the same rules.

Re:I'm no email antispam guru...

[ShaunC]

But why doesn't someone do this deliberately? That is, create a domain for the sole purpose of receiving spam only, and automating a banned email list to other servers.

This is already a fairly widespread practice, though there's no need to use a special domain just for that purpose, or to keep that domain secret. In fact, you want the spamtrap to be quite public, otherwise spammers aren't going to find it. All you need is a dedicated mailbox - even a freebie Hotmail account - to create your own spamtrap. Seeding the spamtrap is simple, and can be done using any or all of the following methods:

• Post "test" posts to a few newsgroups, I suggest alt.test and alt.business.multi-level, using your new spamtrap address as the From and Reply-To address. (Technically, test posts are not appropriate in alt.business.multi-level, but if you want a fast track to spam, that's the place to go.)
  
• Visit the "remove" links in spam you already get at your existing mailboxes, and type your spamtrap address into the remove box. If you have the time or patience, you can do the same thing with spam which contains a remove address instead of a link; send remove requests from your spamtrap. Removal is spammerspeak for opting in, so this will grow your spam collection quickly.
  
• Embed a mailto link to your spamtrap address on a couple of webpages you control. Make the mailto visible only to web-scraping robots by linking to a 1x1 pixel black image file in place of a period on your page; human viewers will see it as a period, harvesting programs will see it as fresh meat.

Whatever you do, don't give your spamtrap address to anyone for legitimate email, and don't sign up for anything using that address. If you follow those two guidelines, every single message that mailbox receives is guaranteed to be spam. This will give you the ability to archive, auto-report, etc. the incoming mail without fear of false positives.

Shaun

Use me@privacy.net instead

[driehuis]

Please, don't pull domain names out of a hat. There is an official fake address that you can use:
me@privacy.net
See their website for more info.

A friend of mine runs a domain that happens to be used a lot by people who think they enter a non-existant domain, and it's driving him nuts. Well, there is some amusement value in noticing how many variations people come up with, but still...

spamcop helper

[dickens]

I move my spam to the "spam" folder on my imap server. So it never even wastes bandwidth coming down to my workstation (over a dialup).

Then I use this script to fire it all off to spamcop once a day:


#!/usr/local/bin/perl
$reporting_addr = 'submit.yourspamcopidhere@spam.spamcop.net';
$/ = undef; #slurp mode
$buf = &LT #slurp
@spams = split(/\nFrom /,$buf); # split on message header
for ($i=1; $i&LT=$#spams; $i++) {
open (MAILER,"| mail $reporting_addr");
$msg = "From " . $spams[$i];
print MAILER $msg;
close MAILER;
}

Not perfect, and you still have to visit the spamcop site to finish the reporting thing, but it's semi-automated at least. And forgive my clunky perl idioms.