Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Story of "Nadine"

Posted by timothy on from the not-a-porn-story dept.

Guinnessy writes: "We've all accidentally typed in a wrong email address sooner or later. But can it all go horribly wrong? On http://www.spamresource.com there is the story of Nadine, an account of what happened after an Internet user accidentally gave a wrong email address when she visited a web page and signed up for a sweepstakes. Live in fear...."

36 of 270 comments (clear)

  1. Old News by netfox39 · · Score: 3, Informative

    http://www.honet.com/nadine/

    1. Re:Old News by gambit3 · · Score: 4, Funny

      yeah, but at least it was the SAME Old news that it was yesterday!

      --
      Watch the Teaser Trailer for "The Lightning Thief" Her
  2. I've read this before (spoilers) by Telastyn · · Score: 4, Funny

    Apparently the story is about a slashdotted webserver...

  3. nice job! by flynt · · Score: 5, Funny

    We've all accidentally typed in a wrong email address sooner or later.

    Classic Slashdot grammar!

  4. Typoing your email address can be a drag by PEN15 · · Score: 5, Interesting

    Several years ago, I made a typo in my email address when I was updating the contact info for a domain name. Without double-checking I sent the confirmation back to InterNIC. It wasn't till the next day that I realized the mistake. In order to get things back under control, I actually had to register the typoed version of my domain name, so that I could receive InterNIC's mail there.

    It's the kind of expensive mistake you only make once! :)

    I kept the typo'd domain for esoteric value, and yes, I now get plenty of spam there. Some things never change.

    1. Re:Typoing your email address can be a drag by brer_rabbit · · Score: 3, Funny

      kind of like mistyping a stock ticker? Buying 100 shares of SUN versus SUNW can be pretty pricey (and no, I wouldn't know anything about such an incident. I'll deny it all).

    2. Re:Typoing your email address can be a drag by mshomphe · · Score: 5, Funny

      Dragging this offtopic, a good friend of mine was told to invest in Cisco Systems a few years ago. But he just heard the name and, being a non-techie, bought a bunch of shares in Sysco, the food services company.

      Cisco went down, Sysco went up. Talk about pulling a Homer....

      --
      She sat at the window watching the evening invade the avenue.
  5. All your base... by Debillitatus · · Score: 5, Funny
    We've all accidentally typed in a wrong email address sooner or later.

    What you say?!?

    --

    Come on, give it up, that's

  6. Prevention measures by yoyoyo · · Score: 5, Interesting
    This sort of thing could be avoided if companies used confirmed opt-in. That is, when you enter your email address they send an email address to that account with a unique url in it. They only email you their newsletters if you you click the link.

    That also prevents your email address from being maliciously signed up to these sorts of lists, so it's the sort of thing every reputable mailing list should do.

    Of course, no spammer is going to bother with confirmed opt-in, so we need to go after ISPs that allow these non-confirmed lists to remain on their net-space.

    --

    --

    --
    I have taken more out of alcohol than alcohol has taken out of me - Churchill
    1. Re:Prevention measures by Dwonis · · Score: 3, Informative

      The whole idea of confirmed opt-in isn't to confirm *if* there is an address on the other end, but to confirm that the recipient is really the one who signed up. The "web bug" you propose doesn't address that problem.

  7. Idea!!! Lets get revenge! by jeanluisdesjardins · · Score: 3, Funny

    Lets start slashdoting spammers!

  8. Both sites choked - Google to the rescue by Seth+Finkelstein · · Score: 5, Informative
    Bandwidth-choked.

    Read it off the Google cache

    (Note to people accusing me of karma-whoring: The search formatting above is non-obvious)

    Sig: What Happened To The Censorware Project (censorware.org)

    1. Re:Both sites choked - Google to the rescue by jafuser · · Score: 5, Informative
      I happened to catch this article just as it came up on Slashdot so I managed to get most of the pages before they disappeared.

      Mirror

      --
      Please consider making an automatic monthly recurring donation to the EFF
  9. Why not fix it the old-fashioned way? by WebCowboy · · Score: 3, Informative

    A bit OT but...

    If you made a mistake in your contact info, you could've rectified the problem by voice phone and fax. That's what I did when the contact info for a domain I registered had to be updated because the email was an expired domain for a now-defunct company. Network Solutions had surprisingly good customer service and once they verify the credentials via fax (or even snail-mail) they will make any changed required without the use of email.

    That way seems low-tech and backwards, but you don't need to register an otherwise useless domain and it costs nothing more than your time (certainly mot much more than the trouble of registering a domain and setting up the DNS).

    Us techie types should be careful not to overlook the most simple solution because it is low tech...

    OTOH, the useless domain could be useful to keep track of how many OTHER people make that typo...kinda like the Slashdor site...

  10. I hate spam, but ... by smoondog · · Score: 5, Insightful

    Perhaps I'm confused (or maybe it is because I got bored and only read 10 of the many links on that page), BUT, I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.

    In my experience, trying to follow up or research these spammers is generally a useless waste of time. Bounce them, sue them or further change the law. Doing more is just going to frustrate yourself, IMO. Remember when you call around and get put on hold and follow the paper/isp trail you are wasting a lot more of your time than theirs.

    -Sean

    1. Re:I hate spam, but ... by Mr.Intel · · Score: 4, Informative
      I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.

      Perhaps the story itself is not so unique, but I find his analysis very important to understand.

      From the essay:

      "Subject only to the agreements and contracts that an Internet entity has with its providers and customers, that entity is absolutely sovereign within its own domain. Service providers and system administrators are completely free to decide to accept or reject any network traffic they choose; they simply must accept whatever reactions such decisions may evoke from those with whom they have agreements.

      An individual consumer's service providers have absolutely no economic incentive to provide transit and storage for advertising, especially advertising delivered by email. On the contrary, many providers have discovered that swift remedial reaction to consumer complaints about unwanted communications can both increase customer loyalty and decrease operating costs. As a result, the unwritten "I will carry your traffic if you will carry mine" agreement is subject to re-evaluation, with the possible conclusion "I don't care whether you carry my traffic or not, so I won't carry yours." And there are many ways to say "I Won't".

      He states that this goes against the very flow of information that transpires in other forms of media. I find it fascinating that people expect to have a captive audience on the Internet because they did on TV, radio and magazines. Frankly, this is a new world and it isn't governed by the same rules.

      --
      ASCII tastes bad dude.
      Binary it is then.
    2. Re:I hate spam, but ... by qrys · · Score: 3, Informative

      I think I am under that same impression as you are. Someone's getting a lot of spam? Who cares. I get tons of spam. My hotmail account (as listed above) gets at least 20 spams a day probably more- but that's why I still have it around. (Although my main e-mail still gets some spam).

      Are there people out there that really care?

      I thought there was supposed to be something gone terribly wrong in this article (like someone killed as a result of spammers)...

      Much ado about butt-kiss..

    3. Re:I hate spam, but ... by Eggplant62 · · Score: 3, Informative

      For you newbie spam fighters out there, here a few links:

      http://www.samspade.org
      http://www.spamhaus.org /rokso/index.lasso
      http://www.spamcop.net
      http:/ /www.spamfaq.net/spamfighting.shtml

      There's no reason to get upset or frustrated when looking for spammers. Rule 3 says they're stupid so they're usually rather easy to trace down, if you know what you're doing. Once you've taken the time to educate yourself on how to read email headers, trace through them to find the originating ISP, open relays/proxies that forwarded the email, and decode the spamvertised URL, rooting out any redirection services or encryption used to obfuscate the spammers actual website (read cash generator), it's like anything else and can become second nature. It only took me about six months to get a good handle on all of the above and then another year to refine it to a science. I'm currently administering my own Linux mail server. I'm also pulling mail out of two POP accounts, one of which gets the majority of my spam, the other which has never been published anywhere and hasn't received spam... YET. I'm using a combination of DNS-based blocklists on postfix, iptables and a procmail filter to keep my spamload down to about 1-2 messages a day.

      The only thing I can say is use the above links and get familiar with the process. Read news.admin.net-abuse.email and ask questions of the inhabitants on how to fight spam. Make certain you stock up on Nomex underwear as it can be a pretty rough group to follow. A speed reading course may be helpful to keep up with the flow of articles.

      Hope this help....

      Rich
      --
      Consumer Watchdog! Yes, we're rough on bogus businesses! And today,
      Consumer Watchdog reports on protecting you, the consumer, from being
      consumed by dangerous products and phony packaging. -- Firesign Theatre
      TINLC Unit #2309 Death to all spammer accounts.

    4. Re:I hate spam, but ... by mcc · · Score: 3, Insightful

      This is important *because* it is so common.

      It is a good general view of something that happens every day, all over. It is a good forensic analysis of what can happen from just *one instance* of submitting an e-mail address to a single sweepstakes site.

      It may not have helped most of the people on slashdot right now to have read this, but i think this is a good, well-written article to give to someone who doesn't read slashdot, doesn't know any sysadmins, doesn't have to deal with spam, doesn't incessantly read web message board posts by sysadmins who have to deal with spam, and doesn't know the extent to which this stuff goes on.

      More importantly, it is a good article to show businesses who are considering using spam to advertise.

      If you read all the way through the nadine chronicles (a good part of the middle could probably stand to have a "you can just skip this part" disclaimer, really..), the end is actually targeted directly at businesses considering advertising with spam, telling them why they should not and why their money will most likely be wasted if they give it to a bulk-email-advertising firm.

      Just because you and i know (or think we know) everything there is to know about spam doesn't mean that everyone in the entire world does. And this is one of these issues where the people who are most important to reach are the ones who are currently uninformed..

      --
      Irritable, left-wing and possibly humorous bumper stickers and t-shirts
  11. Re: The point of the Nadine story by gorbachev · · Score: 5, Insightful

    The real point of the Nadine story is demonstrating how spammers are reselling and distributing spam lists.

    Some of the spammers hitting Nadine's Email address are trying to act as responsible members of the bulk emailing industry, while at the same time blatantly violating online privacy policies (their own, and their list suppliers') left and right.

    The point of the story is to point out how effective "industry self regulation" really is.

    Proletariat of the world, unite to kill spammers

    --
    In Soviet Russia, I ruled you
  12. Re:Now what about spam-terror? by reaper20 · · Score: 5, Informative

    It's not perfect, but Spamassassin is pretty damn close.

  13. This = Great way to kill off a hotmail account ... by indiigo · · Score: 3, Funny

    I purposely have done this.

    See, I signed up for a hotmail in it's early stages ('97). I used it for everything, including online purchasing, friends, family, you name it. At some point something happened-- one of the forms I filled out, or someone sold my same, and I started to get mail addressed to my real name, at that address. This semi-scared me.

    So recently I went to cancel the account. Hotmail by default will consider your account "cancelled" after inactivity of 90 days. I cannot click something that says "Forever, never use this e-mail" My fear is that others will get this e-mail after I have cancelled it, and they will see my real name.

    The best solution I have come up with is to fight fire-with-fire. I now sign up for every mailing list I can, each with a different real name. I now belong to over 400 mailing lists(including /.), some legit commercial businesses, some obvious spam. The mailbox fills up roughly every 30 hours. I plan to continue this for a few months, until it will be impossible to distinguish my real name from the fake names. Whomever picks up the account next will be in for a treat as they open their account and start getting thousands of messages a day, random names, and all.

    It's so sad it's come to this.

    --
    fslg503-985-8686503-985-8686503-985-8686503-985-86 8650 3-985-fdsg8686503-985-8686503-985-8686503-9
  14. Re:I'm no email antispam guru... by ShaunC · · Score: 5, Informative
    But why doesn't someone do this deliberately? That is, create a domain for the sole purpose of receiving spam only, and automating a banned email list to other servers.
    This is already a fairly widespread practice, though there's no need to use a special domain just for that purpose, or to keep that domain secret. In fact, you want the spamtrap to be quite public, otherwise spammers aren't going to find it. All you need is a dedicated mailbox - even a freebie Hotmail account - to create your own spamtrap. Seeding the spamtrap is simple, and can be done using any or all of the following methods:

    • Post "test" posts to a few newsgroups, I suggest alt.test and alt.business.multi-level, using your new spamtrap address as the From and Reply-To address. (Technically, test posts are not appropriate in alt.business.multi-level, but if you want a fast track to spam, that's the place to go.)
    • Visit the "remove" links in spam you already get at your existing mailboxes, and type your spamtrap address into the remove box. If you have the time or patience, you can do the same thing with spam which contains a remove address instead of a link; send remove requests from your spamtrap. Removal is spammerspeak for opting in, so this will grow your spam collection quickly.
    • Embed a mailto link to your spamtrap address on a couple of webpages you control. Make the mailto visible only to web-scraping robots by linking to a 1x1 pixel black image file in place of a period on your page; human viewers will see it as a period, harvesting programs will see it as fresh meat.
    Whatever you do, don't give your spamtrap address to anyone for legitimate email, and don't sign up for anything using that address. If you follow those two guidelines, every single message that mailbox receives is guaranteed to be spam. This will give you the ability to archive, auto-report, etc. the incoming mail without fear of false positives.

    Shaun
    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  15. I need a lawyer... by gnovos · · Score: 3, Interesting

    The thing that I find amazing is that these spammers are flat out lying. They claim that ficticious entities "opt in" when they clear could not have done so. Doesn't this constitute some kind of fraud? Is there no legal recourse?

    --
    "Your superior intellect is no match for our puny weapons!"
  16. Original by Pac · · Score: 3, Funny

    Now, if you really want to impress us, come up with a search that returns all pages in the correct order.

    :)

  17. Use me@privacy.net instead by driehuis · · Score: 5, Informative

    Please, don't pull domain names out of a hat. There is an official fake address that you can use:
    me@privacy.net
    See their website for more info.

    A friend of mine runs a domain that happens to be used a lot by people who think they enter a non-existant domain, and it's driving him nuts. Well, there is some amusement value in noticing how many variations people come up with, but still...

    --

    Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.

  18. The funniest thing about this story was... by Kamel+Jockey · · Score: 5, Insightful

    I really hope that the author of the article implied sarcasm when he was "not worried" that the spam sender had a "privacy policy" registered with that TrustE or whoever the authority of the week happens to be. I can't believe people actually believe any site's privacy policy. Sure it says all the BS about how they won't sell your info, but of course it also says they can change it at their discretion, which is how they get around it. Call it the "Darth Vader" rule of contracts.

    This reminds of a friend of mine who was outraged that her supposedly private email address (which she only gave to 3 friends and never posted it online anywhere) received spam. I told her it must have been her ISP that sold her email address to a spammer, if none of her friends indeed didn't give it out. She told me it couldn't have been them because it was "illegal" for the ISP to do that. Of course its "illegal"... doesn't mean they won't do it though!

    IMHO, no privacy policy is worth the paper on which it is written (which is true because most are not printed out). No matter what any site's policy says, it is safe to assume that they can and will sell all of your personal information to the highest bidder (along with everyone else). We need to stop being naive enough to believe that companies actually care about our privacy. As long as its profitable for companies to sell information, it will always happen.

    I hope I didn't come off as a troll, but this cynical view is based on many years of experience dealing with online and offline vendors. None of them has ever respected my privacy, and none ever will. But knowing this, I can adjust my buying habits to ensure my privacy isn't compromised too badly.

    --
    In case of fire, do not use elevator. Use water!
  19. But did she win?! by pyrrho · · Score: 4, Funny


    I read the whole thing and I still don't know if she won the sweepstakes and then the poor dear didn't even hear about it or get her oodles of cash.

    --

    -pyrrho

  20. Spam makes email useless for me, what to do? by Ars-Gonzo · · Score: 3, Interesting

    I've been the technical editor for Maximum PC magazine for almost two years. Before I worked here, I worked for Ars Technica. At some point or another all of my email addresses have been posted on high traffic, public websites. Heavy spam has been a part of my day-to-day life for the past 4 years.

    It's gotten much worse lately. On any given day, I get about:
    20 viagra sales pitches
    20 penile/breast enlargement ads
    20 get rich quick schemes
    30 different porn ads
    10 you've won something messages
    and another 20 or so messages that don't fit a category

    Add anywhere from 3 to 20 assorted virus infected messages, the 20 or so press releases that come in every morning, and I don't know why email's even worth fooling with for the four or five messages that I actually read every day. Most of the repeat spam gets filtered and stored in a special folder, but I still end up seeing 25% of the total spam in my inbox every day.

    Does anyone actually think that spam control legislation would help at this point? Most of the stuff I receive comes from the Pac rim countries or Russia. Anyone know any Congressmen or Senators who are pro-spam control?

    As a short term solution, does anyone know a spam-filtering good POP3 client, or preferably a proxy I could use to filter spam that uses the MAPS or SPEWS lists?

    ///Will Smith

  21. Advertising? What advertising? by Animats · · Score: 3, Interesting
    I'm only vaguely aware that there's advertising on the Internet. Mail goes through SpamCop, web browsing goes through WebWasher, and searches go through Google. What ads?

    There are some e-commerce sites that don't work right behind a WebWasher proxy, but most do, and I buy from the ones that work, so there's no problem there.

  22. Re:That only answers half the question... by ShaunC · · Score: 3, Informative
    Is there an existing tool to automate the conversion of the collected spam-trap mail into denials of future mail deliveries (and perhaps also to purging of still-enqueued letters to real addresses earlier in their mailing list order)?
    That I don't know. I do know that several blocklists, including the well-regarded SPEWS, use their own personal spamtraps to develop their lists of who's spamming. To the best of my knowledge, SPEWS translates their spamtrap mailboxes to their blocklist manually, not automatically; this assumption comes from several SPEWS errors, including one a few days ago which erroneously blocked a large portion of the internet (64.x.x.0/24 - 4.x.x.0/24).

    I've never investigated the details, as I don't have the bandwidth to host my own publicly available blocklist. I would if I could. I contribute to the proxy.relays.osirusoft.com blocklist, but that's only because people don't hit me directly for the queries.
    Better yet: It could also modify the behavior of the SMTP server so it spawns a (limited nubmer of) "sticky TCP connection" child process to hang the spammer's bulk-mailing tool. Deploy a bunch of these puppies around the net and spamming becomes impractical once the spammer's mailing list has acquired a few addresses on spam-trapping sites.
    If I'm thinking what you're thinking, these are known as "teergrubes" which is the German word for "tarpits." A spammer connects, and his spamware becomes trapped in several hundred SMTP connections which don't close, but instead transfer something on the order of 1 byte per minute. The spamming program gets hopelessly hung up in sockets that won't close, preventing his machine from opening more connections. A lot of people who run SMTP relay honeypots also run them as "teergrubes."

    Shaun
    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  23. Re:even better. by cybermage · · Score: 3, Funny

    The email talked about their time together and how she was having second thoughts when she called his house and his wife answered.

    I responded that she must have the wrong email address.

    You could have told her that your, that is his, wife was interested in a threesome and watch the sparks fly instead.

    If you feel like a little mischief, mistaken identity can be a beautiful thing.

    --
    Some people have a way with words, and some people, um, thingy.
  24. spamcop helper by dickens · · Score: 4, Informative

    I move my spam to the "spam" folder on my imap server. So it never even wastes bandwidth coming down to my workstation (over a dialup).

    Then I use this script to fire it all off to spamcop once a day:


    #!/usr/local/bin/perl
    $reporting_addr = 'submit.yourspamcopidhere@spam.spamcop.net';
    $/ = undef; #slurp mode
    $buf = &LT #slurp
    @spams = split(/\nFrom /,$buf); # split on message header
    for ($i=1; $i&LT=$#spams; $i++) {
    open (MAILER,"| mail $reporting_addr");
    $msg = "From " . $spams[$i];
    print MAILER $msg;
    close MAILER;
    }
    Not perfect, and you still have to visit the spamcop site to finish the reporting thing, but it's semi-automated at least. And forgive my clunky perl idioms.

  25. Poor Nadine... by ScooterComputer · · Score: 3, Interesting
    Just wanted to pass along a funny that relates to the "Nadine" story. It doesn't get much funnier than this...

    My grandmother is 75; her birthday was in October. Just prior, she suffered a heart attack, and I decided to resurrect an old Performa 6360 for her so that she could email and ICQ with my mother and aunt. I provided her an email address at a domain I own. The address had never been used prior. My grandmother had never used a computer, and even getting her to be comfortable turning it on was a challenge. I don't believe she EVER successfully sent my mother a message by herself...although I could be wrong. I would bet that she used that computer a grand total of ten times.

    A few months had passed, and I had a sneaking feeling that she wasn't using it. I would ask her, and she'd sheepishly admit that she "didn't have time" to sit and work on it. (Yeah, right. She's 75.) So one day in February I decided to peek into her mailbox to see if there was any mail in there that MIGHT be important...I was FLOORED by what I found.

    I now have a mail folder sitting in Entourage that consists of 767 (!!!) unread messages. I simply can't bare to get rid of them. The first is from September 20th, 2001, and the last was sent on February 21, 2002, when I killed the account. None of them were "for" her (from people she knows). And some of the products being offered would probably cause her to keel over.

    I am currently simply /dev/null-ing any mail incoming for her address...and I'm sure that if I'd remove that filter, the mail would still be flowing. If anyone (say a reporter, member of Congress, or FTC) would like to have a copy of this archive, I'd be happy to pass it along.

    767...I love the internet!

    --
    Scott
    "Hokey religions and ancient weapons are no match for a good blaster at your side, kid."
  26. Re:Fake Email Addresses by 0xA · · Score: 3, Funny

    I do this too. I pity the poor bastard who has fuck@yougys.com

    :)

  27. Spammers simply try variants of names... by geekotourist · · Score: 3, Interesting

    IHDAOS (I have done analysis of spam)

    It is very likely not the ISP- the money they spend on help-desk complaint people would outweigh the cents received from a spammer.

    Spammers will make up lists of names. If you are a john smith, you will get spam. period. Because their lists will have john.smith@X, johnsmith@, jsmith@, johns@... they take lists of the most common names and put together all possible variants. I've seen many cases where they forgot to BCC the list... "asmith, bsmith, csmith...aasmith, absmith..."

    Unless your friend's email address is unguessable. Then its likely someone cracked into their system and got the list. Selling it? they'd have to be desparate idiots.