Slashdot Mirror
My Short Life As An Unintentional Porn Spammer
Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can
now answer the questions 'who replies to spam?' and (should anyone ever
wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."
Spammers have been spoofing legit addresses for a while. I know a lot of times they'll simply use webmaster@somelegitdomain.com and basically cause that person a bunch of grief and headaches. Most users are too clueless to realize it's really not coming from that address.
It makes good eating, even if it's a little strange
I tried the first one, and the paper doesn't mix too well, but once the eggs soak through, it cooks up well... not too flavorful. It's more of a filler like Tofu.
Just because I doubt myself does not mean I find your position compelling.
A proprietary mail protocol by a major power (MS?) to eliminate IP address/e-mail address spoofing.
I experienced this five years ago and a group of sysadmins helped me track the guy back to his ISP and we turned the info over to the FBI as identity theft. We were told that my experience did not meet the threshold for them to investigate further ($5000 in damages). Worse, the ISP didn't have a code of conduct prohibiting this type of thing...
Sucks when it happens, but isn't new.
Probably the same idiot in Minnesota:(
"... but you can love completely without complete understanding." - Norman Maclean, "A River Runs Through It"
its not going to be military computers that come alive and kill us all, its going to be the spam filters! I mean, its going to take some serious adaptive AI to filter out spam at this rate...
and the conformforting thought:
when spamfilters come alive... their prime directive will be "eliminate anything that is worthless"
-You're wasting your time. Alfador only likes me.
a couple of months ago Rogers cut off a friend of mine in Toronto, and he was without cable for 3 days...When his father was eventually contacted/got a hold of them, they said that my friend was spamming people. If I was there I would have liked to see proof, but I know my friend doesn't spam people and this is pretty groundless. But it just goes to show how gullible ISP's are (at least Roger's) at cracking down on this sort of thing. Basically I lost 3 days of downloading warez to his box (since I live in SlowNet land meh!
I tried to think of a good sig, and this wasn't it.
What legal action can he take against the spammer?
The place I work (Productive Data Corporation) gets tons of bounced spams and replies to spams every day. Our domain is productive.com so any email to whatever (at) productive.com comes back to the admin email accounts. As you can probably guess there's quite a few spammers that use productive.com as reply-to. We have to constantly update our spam blockers to weed out all the real emails from the spam =/
So what did you do? Change your address? Or wade through it all until eventually the maelstrom died down?
I'd be pretty upset if this happened to me.
Why not just put some bogus made-up address there?
Are the spammers just trying to cause as much chaos and unpleasantness for as many peoples as is humanly possible?
this could be a new sort of attack
-find someone who you dont like email address
-spam a whole bunch of people with there address in the return field
-watch them get blacklisted/spammed by lots of annoyed people
-enjoy the results
Selling software wont make you money, selling a service will.
As 10^100 other people will tell you this is not new. I've been seeing this for at least 3 years on my University account.
-- bartman
an article about it
I dont know what the Spammers thing, they are right up there with Telemarketers who think by calling me maybe i will buy (insert name of needless service here) I think the federal government should get on the ball and have a Federal No Spam List, if they can do a no call list, theoretically they could do a no spam list with the same rules and restrictions. I am sorry 45 messages of Spam a day gets old.
---
I've had this problem recently, only the funny thing is that the reply to was my own addy
Use Mozilla Mail's new bayesian spam filtering to catch it all!
Here's an article from MS explaining address spoofing in some detail.
--sex
Very popular slashdot journal for adul
...with all the spam replies and such he got, he now decides to take it a step further and slashdot his server!
Way to go!
Everybody has a purpose in life, maybe mine is to lurk in slashdot.
I'm in the Northwest US. The spam sent with my name came from Bermuda, according to the headers. I got complaints and a reply that seemed to be a death threat. The death threat came from Russia. Email to its return address came back as undeliverable. Talking to my ISP, they said that there is really not much that can be done about this unless I wanted to change my email address. I do business there, so I can't.
This has got to be the dumbest thing a spammer can do. What's the point of using a real address? What's the motive? Perhaps the spammer used a real domain and guessed at a username that just so happened to be taken?
This has happened to me three times. Two at one domain my business owned and once at my personal domain.
First you get millions of bounces. Then you get hundreds of angry replies. "TAKE ME OFF THIS LIST!" (Which only ensures that they get put ON more lists because it proves that it is a valid e-mail and that they OPEN AND READ their e-mail!)
AND you get the orders! You don't get that many, compared to how many e-mails were sent, but since the RECEIVER pays to receive the stuff, who cares?
Really, the only way to combat this kind of identiy fraud is with PGP. It would be ideal if every mail-program out there supported PGP.
-- bartman
Obviously, legislation isn't catching up and as evidenced by the junk fax law is useless when it does. Technical minds built the Internet, and I have little doubt that a solution could be found once we quit looking for the quick fix.
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
the site seemed to be going pretty slow for me.. so Ill put the info here if it gets slashdotted
My Short Life As An Unintentional Spammer
by Mike Masnick
Ever wonder what sorts of emails end up in a spammer's email database? Want to know who actually responds to spam and what they say? Want to know the myriads of formats (and languages) a bounced email message can take? I can now tell you all of this. Without my knowledge, I recently became an accidental porn spammer.
When I got home one evening a few weeks ago, I noticed that I had more than the expected amount of email waiting for me. A quick glance through the inbox showed about fifty "bounced" emails - saying that email addresses of people I had emailed did not exist. The problem with this, of course, was that I hadn't actually emailed anyone.
It did not take long to figure out what happened. While some bounces simply told me that the recipient didn't exist, others included the original text of the email I had supposedly sent. It claimed to be from someone named "Chris" or "Ali" and was a reply to an alleged message from an online dating site. Chris and Ali apologized for taking so long to reply, and nervously suggested that the recipient find out more information about them by going to a website. Clearly, this was porn spam. Out of principal I won't visit the websites that were in the spam messages.
The problem was, I hadn't sent these messages at all. I'm not Chris or Ali. I don't use dating sites. I don't have a porn website. I don't send spam.
One of the popular "tricks" among spammers nowadays is to set the "reply-to" address as the same as the recipient's email address. That cuts out on the problems of bounce mails, and also has a psychological effect on recipients who are curious what email they've sent themselves. Most spam filters have figured out ways to still capture these spam messages (though, I'm now hearing stories of legitimate emails that people send to themselves being classified as spam). I've received plenty of these types of spam, and most are filtered away, never to be bothered with.
It seems that this particular spammer took things one step further, and made the "reply-to" address for all of his spam message set to my personal email address. If anyone looked at the headers, it was clear that I had nothing to do with the email whatsoever. However, most mail servers aren't so smart.
With any spam list, there's a certain percentage of "bad" or outdated email addresses. Generally speaking, a server that receives an email for someone they don't have an account for will "bounce" the message. Those bounces go to the person who sent the message - normally found in the "reply-to" line. Since my email address was in the reply-to line, all those bounces started coming my way, regrettably informing me that my pornographic spam emails had not found their intended recipient.
After dealing with the rapidly growing desire to reach through the internet and strangle whatever lower-than-life scum did this to my email address, I resigned myself to looking at this from an anthropological perspective. Suddenly, I was in a position to offer information on things that few others would (hopefully) ever willingly have access to.
Should anyone want it for research purposes, I now have a fairly large collection of bounce messages. It appears there is no standard format for a bounce message (which, by the way, makes them painfully difficult to filter). They have infinitely different subject lines. They say different things in the body of the message, sometimes nicely, sometimes rudely. They show up in different languages with different explanations. Some admit that the account has been closed due to too much spam. Others simply don't exist any more (if they ever did at all). Some bounces quote the original message; some don't. Some include full headers; some don't. Who knew there was such variety in how mail servers bounce their email?
Beyond the bounce messages were all sorts of auto-responders. It seems that some of the email addresses in the spammer's database were emails people used to send responses to those who "request more info". Suddenly I was receiving huge files of information that I really had no use for whatsoever. I also found out about a number of people who were on vacation that week, or who had recently switched jobs. One even had an auto-responder saying "this is closed...I am tired of the internet... all internet access for me is closing". Some of the addresses were to subscribe to various mailing lists. Many bounced back confirmation emails, asking to prove that I really wanted to subscribe, while others just subscribed me automatically (which will now force me to manually unsubscribe).
While most of the "information" was fairly useless, I suddenly had the opportunity to peek into the lives of people I had no association with whatsoever - connected only by spammer. I felt like reaching out and commiserating with those who were sick of the spam and wondered if I should congratulate those with new jobs. However, there was no time for that, I had more erroneous spam fallout to deal with.
Next, came the responses. I, like many people, often wonder what sorts of people actually respond to spam emails. For years, it has been beaten into my head that you never, under any circumstance, respond to a spam email. It just shows that you're a live human being, making your email address more valuable. I'm still shocked when I come across people who haven't heard this. However, they are out there, and they come in all different shapes and sizes. I have their emails to prove it.
There are the confused, but polite people. One woman wrote me a nice message saying that a "horrible" mistake had been made, and that she had not replied to my online dating ad. She did warn me, however, that there are "plenty of strange people out there" and that I should be careful. How nice. Another woman couldn't remember what she had said in her reply to my non-existent online dating profile and wanted to be reminded. A few others just asked who I was.
Then there are the unsubscribers, who are under the unfortunate delusion that asking spammers to take them off their list will help. They send simple messages saying simply "unsubscribe" or "unsubscribe, please", as if that will ever get to the actual spammer, or that they would actually pay any attention to it.
Lastly, are the angry, but clueless. I feel their pain, but they need to find a better outlet. I received emails telling me things I never knew (and find unlikely) about my lineage and suggesting I go places I have no interest in going, using all sorts of language you wouldn't use in polite company. I also received a threatening letter saying that I would be hearing from some company's corporate lawyer.
None of these people stopped to think that it was odd that my email address includes, pretty clearly, my name - which is neither Chris nor Ali. With the number of spam messages that go out every day, I wonder if these people reply to them all. I guess, for some people with anger management problems, this is a kind of outlet. All day, every day, respond angrily to spam messages, and maybe it will have a calming effect on your life.
What's scary is that, for the most, part, I only saw the bounced messages. They continued for approximately 36 hours, and then stopped abruptly. In the end, about 500 email messages bounced back to me, so I can only guess at how many thousands of poor, unsuspecting email boxes are currently dealing with spam sent with my email address as the reply-to. I apologize to all of you, even if I had nothing to do with it. I don't want to date you, and please, feel no compulsion to look at the web page in the email.
Most people agree that spam is evil. It's a waste of time and a general nuisance. I can argue against spam from a variety of levels. It's bad for the internet. It's bad for users. It's bad for business. It's just bad. Luckily, there's a rapidly growing industry of companies (and simply concerned individuals) creating software solutions to help stop the spam menace. While there are debates over how well any of these systems work, it is possible to at least reduce your spam intake. Personally, I use a spam filter that is pretty effective in reducing my spam load to a mostly manageable level.
However, with something like this, there simply is no effective preventative measure in place. The spammers spoof the reply-to, making it whatever they want - so it never even touches my mail server at all. My inbox gets bombarded because there's no simple way to filter out the bounced messages since they are all so different. It's difficult to track down a spammer normally - and more so when the spam isn't even sent to you. Despite the fact that my address was the reply-to, it seems the spammer never sent me the message directly. I found a bounce message that showed the full headers and tracked it back. The email came from a mail server in the Philippines, and pointed to a website hosted in China, owned by a company in London. Tracking down the actual spammer would likely be close to impossible. Assuming they could be found, suing them would be nearly impossible as well, not to mention costly.
One potential solution to this would be to require every outgoing email to have a verified identifier of some sort, so that any email can automatically be traced back to the original sender. This (as does every solution) brings up other problems. There are benefits to anonymous email, and we wouldn't want to take that away (though, perhaps you could limit the number of emails that could be sent anonymously to prevent bulkmailers from abusing the system).
In the end, though, this sort of stunt has killed off the tiniest amount of support I had for spammers. These spammers stand behind their First Amendment rights to speak their minds (which is an argument that can be shot full of holes in a second). In this case, though, the spammer made no use of any First Amendment rights. What they did was just mean and nasty and a complete waste of my time.
Selling software wont make you money, selling a service will.
- Penis emlargements;
- Viagra;
- Boob jobs;
- Sex;
- Porn;
- Rebuilt credit;
- Credit cards;
- Cheap mortgages;
- Cheap health insurance;
- Cheap dental insurance;
- An easy way to make millions from home with little effort!;
- University Diplomas;
- Free anything; and, of course
- Spam lists.
Spammers try to sell (gullible) people what they might buy, never what they won't. I've yet to see a spammer selling flights to Mars - although I do predict it will be a growth area for spammers in 20 years time."Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Our competitor's mail server bounced an email back to us which we had never sent. When I talked with their techs about it they told me that the same chinese company had been spamming them from our email address for more than a year. No one in their office spoke chinese so they just put up filters. I like to wonder how many prospective customers received the same spam.
Sure you can filter it, but you haven't stopped the bandwidth that you paid for from being sucked up.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Why do we just not modify the mailer daemons to do a forward and reverse DNS lookup whenever another host attempts to send it mail. If the domain the mail originates from does not resolve, or the source IP address of the sender is not registered to the same domain that the mail originates from, the message is considered SPAM and the connection dropped.
Why wouldn't that work to vastly reduce the amount of SPAM?
*** Where are we going? And what's with this handbasket?
I had my hotmail address spoofed and when I got bounced messages I simply forwarded them to the FBI. I claimed it was identity theft. I'm not sure if the FBI saw it that way but so far it hasn't happened again.
Ben
Work Safe Porn
until someone ferrets out the big business interests behind spam, nothing will be done about it. I know this sounds like a conspiracy theory, but there has been no effective (US) legislation against spam. Whenever you see toothless legislation, you need to look for the parties pulling the teeth. Who are they? Are there people lobbying against making spam illegal? Why? It is important to remember that spam is not a free speech issue. The Supreme Court has said, back in 1970, that we can not be compelled to hear speech in our own homes. Maybe that is testable, but let's get a law on the books that flushes out the spammers and, more importantly, the parties willing to do amicus briefs for them.
Comparing it to Windows will be a moot point, since El Dorado is going to have a 40% larger code base than XP.
I remember a while back, if you didn't like someone you would change your reply to address to their e-mail address then subscribe to every form of e-mail news letter there was. This soon stopped since most subsciption services now require approval from that address. This seems to just be another version of the same thing. Think how easy it could be to get someone fired. By the time you tracked down who did it the damage was done. The feature needs to be removed I think from e-mail clients. Or better yet pop servers need to add some kind of manditory header.
I gave Testimony to the Missouri House of Reps on Jan. 29th.
It's easy to get things in motion, everyone is too lazy to try though.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
It happened to me too a couple years ago... some spammer used my Yahoo account as the 'from' address.
I think I only got one reply from an actual person and hundreds of bounce messages from invalid accounts. Other than having to delete a few hundred extra messages that day it didn't really affect much else.
Curiously, I almost never get anyone writing to me complaining about the spam. That used to happen, but I think most folks have figured out not to reply. I also don't seem to have been blacklisted anywhere (faughnan.com); the blacklist maintainers are apparently smart enough not to be fooled by spoofed fields.
Why did they pick me? I think they like to take addresses that are present in the registrar databases. Or maybe they picked me because I complained about spam and write about ways to stop it (not that hard really, we just need to authenticate the sending service rather than the harder task of authenticating the sender).
In any event, sadly this is old news. Good to know it's starting to make its way into the public consciousness though.
John Faughnan
jfaughnan@spamcop.net
.. about his experience getting slammed by a few milion geeks when someone spoofed his website on /. ?
Has the rapid growth of the Internet of the last few years caused it to reach the status of an immovable object?
IPv6, which includes security, ummm, mechanisms that could be utilized to curtail spoofing, some forms of DDOS and net abuses in general, but rolling it out seems too be gracial.
New RFC's could be authored that extend, modify or replace those upon which our present mail server's are based, but would... could anyone get them pushed through? Or is the Internet infrastructure so massive that any major advances in concept run smack into the issue of interoperability?
it's now illegal to provide any false information while using oral communication. specifically related to, but not limited to, false information regarding the name of the communicator.
spam spam spam. if spam should be illegal, so should any form of unsolicited communication. that includes conversing to persons without their permission at the local pub.
i'm personally in favor of a more liberated
government system, but if we want our legislatures to make rules, let's make it a level playing field , not just fix the annoying problem we have of spam (that is created because of a technical deficiency in the overall system of itself).
im not sure if this would suit everyones needs, but what I do is have one account with a white list. Family/friends/buisness email only. Everything else is denied.
I have another account for public email. Game accounts(yahoo for instance), registration to forums, and so on. People can spam this account all day if they want.. I could care less.
Selling software wont make you money, selling a service will.
Mirror!
My Short Life as A Slashdotted Person
"So I got this story posted on slashdot after that time gigabytes of bandwidth got used up by that fake porn spam address, and so the site got slashdotted and that used up even more bandwidth until my ISP decided to limit my access, so I got another story posted under 'YRO' on slashdot about that and...."
Holy crap the email she got! Emails came from people all over the world. An incredibly rare number of them included clothing and were simply introductions. Most of them included an attached nude picture of (I assume) themself (either that or there is a cast of nude pictures of incredibly ugly people floating around somewhere). Some of them demonstrated their sexual experiences with animals. But every single one of them seriously pursuing some sort of sexual relationship with someone that
This whole experience turned my wife off of the internet for a long time.
I was able to track down the original post to alt.bestiality.whatever it was, and tracked it to a posting through deja news. (This was about 5 years ago). But ironically, there was nothing in that post that included "go to this website" or anything like that. The only contact information in it was my wife's email address. At the time, I assumed that the person who did this wanted us to change email addresses so he/she could have the one that we had (which was simply my wife's first name@iname.com).
After tracking it down I sent deja the information and asked them to pursue it. And I changed my wife's email address. We have our own domain now. BUT I still, occasionally login to the iname.com account and empty it. I want that account to stay active forever so that whoever tried this doesn't win.
What would you do if this happened to you? What are the defenses for this kind of thing? The email that came in wasn't spam. It was real email from real people who had real mailboxes. How do you prevent this kind of thing? So most of the antispam techniques that I know of wouldn't have worked. Additionally, we occasionally get emails w/attachments from friends who want to show us pictures of their kids. So blocking all attachments won't work. What should be done?
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
If so, perhaps spamware like SpamAssassin could be modified to intentionally bounce mail?
nuclear iraq bioweapon encryption cocaine korea terrorist
This domain was used by a spammer, they sued and won. http://www.mids.org/mn/803/spamset.html
Michael Loves Me!
in volume?
KFG
that it's just mainly e-mail spam, even to this day. I rarely even use my e-mail anymore, because it's too time consuming. I either get spam, or forward messages from stupid people who find some flash animation from 3 years ago, and don't realize I've seen it already. If people need to contact me, they just PM me, or phone me. E-mail is slowly being replaced by instant messaging, and I fear the day that bot ads get out of hand!
Defender of Microsoft and Communism!!!
I pay every penny of my T1 cost and we're already looking at jumping to T3 for more bandwidth.
So just to put things into perspective... Every piece of spam comes through:
1. Eats a little bandwidth
2. Eats up a little CPU doing filtering.
3. Eats up a little bit of CPU doing virus filtering.
4. Eats up a little bit of disk space.
Now you say most americans don't pay by the bandwidth, this is true, but they do pay FOR the bandwidth. For instance, all of my customers pay for the shared resources on my server. If one customer gets 50 million pieces of spam in an hour my server has come to a crawl and all of the customers who paid for hosting service are interrupted.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Several months ago I received spam with a return address that I recognized - it was the address of an old friend of mine from high school, whom I'd been out of touch with for a few years. I tried sending her e-mail, and the address still worked! I explained how I came across her address; she thought that was pretty weird.
A couple months later, I received a few "user unknown" bounces. An old e-mail address of mine is apparently being used as the From address for some spam. Fortunately I only got a few bounces and no replies, but I'm sure it'll happen again.
I hate the idea of spam going out with my e-mail address on it. It's like being falsely accused of doing something horrible.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Posted by f00f on Wednesday February 12, @01:50 ish PM .. by F-iN Slashdot users! a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer reported his personal website address as the main link for a slashdot post of spam, with interesting results for Mike: "I can now answer the questions 'who clicks on slashdot?' and (should anyone ever wonder) 'IN RUSSIA slashdot XXXs you' messages " From F00F
from the you've-got-slashdotted dept.
Mike Masnick writes "Freerange writes "Mike Masnick wrote up his experience getting slammed"" and Viola! I get slammed again
-- From: Anonymous char x[5]={0xf0,0x0f,0xc7,0xc8};main (){void (*f)()=x;f();}
-- Sib
It wasn't my email address, but several people in my office got junk email where the sender's display name was my name. Fortunately my coworkers were not clueless enough to believe I had actually sent it, and they had a good sense of humor. As if I'd be selling electric scooters.
What if that message had been pornographic and sent to a technically clueless executive? Something needs to be done, but I've got no ideas...
For the last year or so, some of our users have been getting email from virus protection software stating that their message to whoever contained a virus. Normal, except that our users had never sent email to that address (confirmed by the mail logs) and usually didn't recognize the recipient or their address.
We assume that whatever script was sending out the virus was using its gathered list of addresses as both "To" and "From" headers. Kind of smart, kind of stupid, plenty evil.
president@whitehouse.gov
If you voted for Nader, THIS IS ALL YOUR FAULT!!
I was Joe-jobbed last year on my Hotmail account.
I knew something was amiss when my normal 10-20 spam-a-day account suddenly told me my mailbox was full and it was rejecting e-mails. I log in and find over 3 pages of bounces from all sorts of mail programs. Some of the responses were from auto-reply responders, and not a single one was from a real live human.
This deluge continued for another 3 days then suddenly stopped.
The oddest thing about it was I never got a peep from Hotmail's abuse or security departments. Either they knew I was Joe-jobbed or they simply didn't care. I feel it was the latter.
I tried every decent and legal way I could think of to resolve the issue w/the business before I rented the chicken suit
We have a filter which compares the from address to the TCP/IP and path the email took to arrive. If the address and the IP address don't match, the e-mail is rejected.
Galium Arsenide is the material of the future, and always will be.
...if it's a legit company who has someone who has a person actually reading the replies.
This is a letter I sent off to a company who offered me ways to enlarge my breasts. Being male and having no desire for hooters I felt obliged to reply.
----------
Do you people simply not bother to see to whom this message is going to? Do you not bother to do market research to see if I'm even going to be able to use the product? I am a man. I have a penis and not breasts. I am a guy, a bloke packing a "willie", a "johnson", "meat and two veg", a "one-eyed trouser snake", a "little fellow", a thingie, the "outy" parts to match up with the "inny" bits of the people to whom you should be sending this spam to and not me and my "Collection of dangly bits".
To put it simply people..."A DICK"
I have no interest in your product for the enlargement of breasts and request that you remove me from your list.
Thank You,
[name removed]
BTW: I'm also happy with the size of my naughty bits and request that you not send me information on that product should you offer that as well.
----------
To which I actually got this as a response:
----------
ROFL
Sir we are deeply sorry that you have recieved this advertisment and we are taking you off our contact list. We thank you for your polite and amusing letter.
Again sorry for the inconvience
----------
That was in August and to this day I have not seen any messages offering to give me "Huge...tracts of Land" since that date.
Sometimes it pays to answer a spam
Phoenix
-- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
I had this happen to me about a year ago. Very painful. As far as I could ever tell, the spammer was in *.it and was sending through an open relay in *.jp. I complained to the open relay and luckily got ahold of someone who spoke as least as good english as I speak japanese. After several misunderstandings, we got things straightened out, they closed their relay... and I never got any messages or bounces ever again.
woof!
This happened to my wife recently - She was suprised (to say the least) to be getting hundreds of bounces back from a spam.
If it had been porn I would have looked into the possiblity of filing a defamation of character lawsuit. It was in your case and if it was written in the first person singular ( "come see me nekkid...") and had *you* as the reply-to I'd imagine you'd have an excellent chance of winning such a case - it would certainly be worth talking to a lawyer about.
Here's a possibly novel spam solution.
Instead of putting the effort of defining spam on the user, put the effort to defining non-spam.
This could be be done quite easily, maybe in a method that would be "expensive" to spamitize.
Create an algorithm, similar to sha1, but that can be calculated with any given number of calculations. Perhaps make it easier to decompute than compute.
So, when sending a mail, attach a CPU cost of lets say 20 seconds. (X number of calculations)
When your friend receives the mail, he spends 2 seconds checking the calculation (or maybe 20, does it matter?) And then accepts it is probably not spam.
Thus, a spammer, in order to spam, would need a reallly fast computer! This would cost money, etc. I'm guessing that spammers probably have cheap equipment anyway, so calculating their message tag would be much more time-consuming than an average joe?
-- What do you think?
Yes, I've had the same thing happen with porn spam, other spam and even viruses sent from a defunct account at an old domain of clark.net which forwards email to me but does not allow any sending of email.
When a virus or sound or other attachment is sent from a forged header and missing recipient to AOL they kindly let me know that they can not find the recepient and send the whole huge attachment to me. What a waste of bandwidth!
No amount of complaining to AOL at a variety of addresses has resulted in either an end to this or even a reply.
It creates a problem when I'm away and my email starts overflowing from the forward from the account I can't close start resulting in bounced email that is legitimate.
Sux....
-spam some people with my email adress
-get some angry replys
-get an article on slashdot!
A spammer forges the wrong domain into a batch of spam, and the victim strikes back.
Since that time, sourceforge has been spamming me EVERY DAY, asking me to deal with the mailing list request. I am unable to log in and deny the request, even using the mailing list admin password that I am spammed with once a month. Does anybody else see the irony here?
Merlin
Most users aren't too bright in terms of the REPLY-TO field... they just hit reply and their e-mail software takes care of that.
;)
So this protects the spammers:
1) from Angry responses
2) from dead or over-filled e-mail accounts.
All the spammer wants to do is get their messages out there and get 1% of receivers to their intended website. They hate having to delete hundreds of useless e-mails!!
SPOT THE IRONY!!!
In the future, I would want to not be isolated from my friends in the Space Station.
Someone needs to register a domain name and make anything@foo.bar automatically forward to UCE@FTC.GOV . That way, when we sign up for sites and such that filter out users who use UCE@FTC.GOV as their email, there will still be a way to prevent junk mail. Also, sites that list randomly generated fake emails to slow down spambots could be made more effective.
Karma: Excellent (fuck, even in the future moderation doesn't work!)
Could this be what is happening to my hotmail account? Every once in a while I'll get a autoreply of an undeliverable message that I never sent out. I don't use my hotmail for anything other than buying / signing up for stuff on the web and never send from it.
Just wondering...
Jason
He's totally creeping out the Great One, eh...
It was the oddest thing, although no one replied to the mass mailing. I received about 200 - 250 bounce backs. I tried following up, but there isn't much I can do unless I devote a lot of time and money into it.
Its kind of ashame that something thats so easy to do, should be so hard to fix.
Sometimes spammers do this just by putting whatever domain in. Other times this is done deliberately as a means of attacking someone.
The term Joe-Job got it's name originally from Joes.com when a spammer decided to get revenge in this fashion. Information can be found here:
Spam Attack!
I can say from having had this done to me, it absolutely sucks. It creates a huge mess that takes weeks to clean up, plus the joy of dealing with people who decide to attack you for something you didn't/would never do. If I were to ever get my hands on those responsible....
Unfortunately, the problem with tracking down those responsible for this dispicable act is the same one with tracking spammers down in general. It is time consuming, costly and may not yield a desireable result.
If you want to see more on this, just Google Search for "Joe-Job"
It is good to bust/report spammers, but when you do, look at the spam and the site being spamvertized. You might have received a joe-job email and by reporting them, you're playing into the spammer's hands.
If you ever get joe-jobbed, I would say one defense on the web is to change your page to one similar to the "Spam Attack" page I reference above.
36 hours is about right for receiving bounces. Many messages bounce immediately, mainly the 'user unknown' or 'mailbox full' variety. For errors like 'connection refused' or 'server timed out', the sending mail server will attempts to deliver the message periodically over the course of 36 hours. This period of time is generally configurable can change from mail server to mail server.
The specifications for bounce messages are extremely loose, and while many mailservers adhere to the definitions, many do not. Most bounces are sent to the 'envelope from' address listed in the header as the 'Return Path:' address, but some go to the header 'To:' or the 'Reply-To:'.
SpamAssassin *does* have an option to bounce mail, but it's a really really braindead idea. See `-w'.
Sending replies to spam only serves to validate your address, or risk the bounce going to an innocent indicted third-party.
What you really want to do is hook it in with your MTA using e.g. exiscan, so that the connection is dropped at SMTP time with a `500 Piss Off' status instead of 200 after the DATA.
I'm doing that for a few select regexps myself atm - it works absolutely wonderfully.
~Tim
--
Rushing on down to the circle of the turn
A: I'm going to slashdot my web server!
Have there ever been any cases of an e-mail equivalent of "road rage", where someone (or a group) has actually went out and either physically harmed a spammer or killed him?
Sometimes when I need to log into an anonymous ftp that requires e-mail as password (and checks) or supply it to a website to download something free, I make up an e-mail.
Usually they check domains, so my made-up emails are generally of the form fakjsdhfk@hotmail.com.
So if thats your email address, sucks to be you.
I don't need no instructions to know how to rock!!!!
if spam is illegal, then Gore and Bush should be arrested for their lies while running for Prez, my girlfriend should be arrested for lying about my cooking, and my last boss should be arrested every time he opens his mouth.
The truth doesn't care what I think.
my server will tell me that "I" am trying to access it in an inappropriate way (sounds like this girl I knew in high school). I think it is usually generated from various automated scripts trying to find ways to send out stuff - I'm glad it doesn't work.
Hell - I've gotten enough nasty e-mails just from other people I know getting viruses... virii? the kind where one person gets it and then it randomly picks a name in the addressbook to send things out as and then e-mails everyone else in the addressbook.
Anyway - again, anytime anyone has spam issues, I just have to blurt out SPAMASSASSIN and then do a little dance. *dancing*
There are some odd things afoot now, in the Villa Straylight.
BEFORE
SEND
Seriously, if your mail server has that, turn it on. It means no one can relay mail through your server, unless their IP has made a successful mail-check. Some mail servers let you "authenticate" by checking to see that the reply-to address is valid on the local server, that, as you can see, does nothing and can be spoofed easily. Pop-before-send is quite a bit stronger and doesnt really require the clients to do anything. No, its not perfect, Im not saying it is, but it will help 99% of the time.
I'm Rick James with mod points biatch!
I tried to find where they were coming from, some of the bounces were more informative than others... The originating IP ended up being someone(intentionally or unintentionally) running an SMTP proxy server... And the IP was out in the middle of nowhere... (Came back to a B-class set of addresses... Not much help in tracking down a network admin...)
Some of the bounces had the actual message... Which were linking people to a site which in turn asked them to buy something (saying that their order page was secure when it wasn't)... I tracked down who had registered the domain (the admin and billing contacts...) addresses ended up being in China (domain was cnmailads.com)... Sent email, no response... I set up procmail to redirect the hundreds of bounces to them, plus I had some simple spam filters, and redirected all of my spam to them as well...
The order page contained a form that had an email address for where the orders were really going... I made my own personal copy of the form, and began sending megs of data through... Entering bogus info to corrupt any real entries (who would order this crap over the Net from a website in China??? Who knows...) Email address was a yahoo account, which it didn't take long for me to fill it up... All added the yahoo address to my procmail redirector as well...
I went to a couple of spammy sites (cooldeals.com or something like that)... Signed them up to receive all sorts of valuable emails... Signed them up for some mailing lists too... Easy to sign up, and pain to get off of...
It had been going on for about a week before I started this, and stopped after about 2 days... Checked back to the link that was sent and the site was gone... Probably moving on to the next sucker email address and site...
Platform independent bug tracking software
>What the Internet needs: A proprietary mail protocol by a major power (MS?) to eliminate IP address/e-mail address spoofing.
Yeah right. The last thing I want is to need a Microsoft client to read my email just because "somehow" their new proprietary protocol isn't compatible with their own specifications...
I'd rather keep on deleting that useless spam for now (if ONLY spam was targeted... Give me MP3 players offers, web hosting offers, etc... I can find my pr0n myself, thank you).
But the Hayden Planetarium once did a moderately brisk business in selling tickets to the moon. Cheapflights is now reprising that, ummmmm, enterprise:
http://www.cheapflights.com/press/press31.html
If you can think of it, someone is trying to, and *has*, sold it.
KFG
What has most likely happened is that he complained about a piece of spam and got a spammer's account revoked. This is a (unfortunately, quite common) method of spammer revenge. That's why I've turned to bogofilter (a statistical, NOT bayesian :-) spam filter that we've all heard about here on Slashdot before. Now about the only spams I see are from some bozo who keeps appending a random two paragraphs of Sherlock Holmes to the spams they send out. And, I'm not making myself a target.
Except that a spammer sent out a URL to a site that claimed to have been "built by" one of my domains, as if it were a web development company.
I, being a good citizen, actually had my real name and contact info in my WHOIS record. A lot of people tracked that down, and let loose. I certainly got a lot of hate mail...
Heck, even Rob Limo sent me a nastygram over this.
I have no idea how or why the spammer picked my domain. I tried contacting them without success (not surprisingly). Worse, it took me nearly a day to track down why everyone thought I was a spammer, and when I tried to ask people why they were sending me hate mail, they just turned up the vitriol. Evidently, it's bad to be a spammer, but it's even worse to be a stupid spammer who can't cover his tracks.
Eloi, Eloi, lema sabachtani?
www.fogbound.net
Am I the only one that enjoys spam? It's rather nice to have email on slow days, and some of it is kind of amusing..
But then again, I am a sad and lonely person...
It is one thing to open a fake email account, or use a fake ID all together.
But to represent yourself as being a living, breathing, person THAT YOU AREN'T. IANAL, but that looks pretty easy to tackle.
I had this happen to me. It was "www securedrugs net" I thought for a while of using some recent attack as revenge, such as the anonymous UDP Gamespy DOS attack, to take down the perp's website for a few weeks. However, I don't really have the time or experience for this sort of thing. If anyone else feels like it, Go right ahead! Now that this has happened, my inbox has seen a doubling of spam. From a Yahoo account, it is not so easy to filter this stuff. Soon I may very well have to pay for Yahoo mail, to get better filtering. Perhaps some of these recipients have signed me up for more? J
I mirrored it. Read away.
Even Outlook Express sets any From: you want
There are places where the networks are not touching,and there are places where they are-Boeing's Lori Gunter
My Short Life As An Unintentional Spammer
by Mike Masnick
Ever wonder what sorts of emails end up in a spammer's email database? Want to know who actually responds to spam and what they say? Want to know the myriads of formats (and languages) a bounced email message can take? I can now tell you all of this. Without my knowledge, I recently became an accidental porn spammer.
When I got home one evening a few weeks ago, I noticed that I had more than the expected amount of email waiting for me. A quick glance through the inbox showed about fifty "bounced" emails - saying that email addresses of people I had emailed did not exist. The problem with this, of course, was that I hadn't actually emailed anyone.
It did not take long to figure out what happened. While some bounces simply told me that the recipient didn't exist, others included the original text of the email I had supposedly sent. It claimed to be from someone named "Chris" or "Ali" and was a reply to an alleged message from an online dating site. Chris and Ali apologized for taking so long to reply, and nervously suggested that the recipient find out more information about them by going to a website. Clearly, this was porn spam. Out of principal I won't visit the websites that were in the spam messages.
The problem was, I hadn't sent these messages at all. I'm not Chris or Ali. I don't use dating sites. I don't have a porn website. I don't send spam.
One of the popular "tricks" among spammers nowadays is to set the "reply-to" address as the same as the recipient's email address. That cuts out on the problems of bounce mails, and also has a psychological effect on recipients who are curious what email they've sent themselves. Most spam filters have figured out ways to still capture these spam messages (though, I'm now hearing stories of legitimate emails that people send to themselves being classified as spam). I've received plenty of these types of spam, and most are filtered away, never to be bothered with.
It seems that this particular spammer took things one step further, and made the "reply-to" address for all of his spam message set to my personal email address. If anyone looked at the headers, it was clear that I had nothing to do with the email whatsoever. However, most mail servers aren't so smart.
With any spam list, there's a certain percentage of "bad" or outdated email addresses. Generally speaking, a server that receives an email for someone they don't have an account for will "bounce" the message. Those bounces go to the person who sent the message - normally found in the "reply-to" line. Since my email address was in the reply-to line, all those bounces started coming my way, regrettably informing me that my pornographic spam emails had not found their intended recipient.
After dealing with the rapidly growing desire to reach through the internet and strangle whatever lower-than-life scum did this to my email address, I resigned myself to looking at this from an anthropological perspective. Suddenly, I was in a position to offer information on things that few others would (hopefully) ever willingly have access to.
Should anyone want it for research purposes, I now have a fairly large collection of bounce messages. It appears there is no standard format for a bounce message (which, by the way, makes them painfully difficult to filter). They have infinitely different subject lines. They say different things in the body of the message, sometimes nicely, sometimes rudely. They show up in different languages with different explanations. Some admit that the account has been closed due to too much spam. Others simply don't exist any more (if they ever did at all). Some bounces quote the original message; some don't. Some include full headers; some don't. Who knew there was such variety in how mail servers bounce their email?
Beyond the bounce messages were all sorts of auto-responders. It seems that some of the email addresses in the spammer's database were emails people used to send responses to those who "request more info". Suddenly I was receiving huge files of information that I really had no use for whatsoever. I also found out about a number of people who were on vacation that week, or who had recently switched jobs. One even had an auto-responder saying "this is closed...I am tired of the internet... all internet access for me is closing". Some of the addresses were to subscribe to various mailing lists. Many bounced back confirmation emails, asking to prove that I really wanted to subscribe, while others just subscribed me automatically (which will now force me to manually unsubscribe).
While most of the "information" was fairly useless, I suddenly had the opportunity to peek into the lives of people I had no association with whatsoever - connected only by spammer. I felt like reaching out and commiserating with those who were sick of the spam and wondered if I should congratulate those with new jobs. However, there was no time for that, I had more erroneous spam fallout to deal with.
Next, came the responses. I, like many people, often wonder what sorts of people actually respond to spam emails. For years, it has been beaten into my head that you never, under any circumstance, respond to a spam email. It just shows that you're a live human being, making your email address more valuable. I'm still shocked when I come across people who haven't heard this. However, they are out there, and they come in all different shapes and sizes. I have their emails to prove it.
There are the confused, but polite people. One woman wrote me a nice message saying that a "horrible" mistake had been made, and that she had not replied to my online dating ad. She did warn me, however, that there are "plenty of strange people out there" and that I should be careful. How nice. Another woman couldn't remember what she had said in her reply to my non-existent online dating profile and wanted to be reminded. A few others just asked who I was.
Then there are the unsubscribers, who are under the unfortunate delusion that asking spammers to take them off their list will help. They send simple messages saying simply "unsubscribe" or "unsubscribe, please", as if that will ever get to the actual spammer, or that they would actually pay any attention to it.
Lastly, are the angry, but clueless. I feel their pain, but they need to find a better outlet. I received emails telling me things I never knew (and find unlikely) about my lineage and suggesting I go places I have no interest in going, using all sorts of language you wouldn't use in polite company. I also received a threatening letter saying that I would be hearing from some company's corporate lawyer.
None of these people stopped to think that it was odd that my email address includes, pretty clearly, my name - which is neither Chris nor Ali. With the number of spam messages that go out every day, I wonder if these people reply to them all. I guess, for some people with anger management problems, this is a kind of outlet. All day, every day, respond angrily to spam messages, and maybe it will have a calming effect on your life.
What's scary is that, for the most, part, I only saw the bounced messages. They continued for approximately 36 hours, and then stopped abruptly. In the end, about 500 email messages bounced back to me, so I can only guess at how many thousands of poor, unsuspecting email boxes are currently dealing with spam sent with my email address as the reply-to. I apologize to all of you, even if I had nothing to do with it. I don't want to date you, and please, feel no compulsion to look at the web page in the email.
Most people agree that spam is evil. It's a waste of time and a general nuisance. I can argue against spam from a variety of levels. It's bad for the internet. It's bad for users. It's bad for business. It's just bad. Luckily, there's a rapidly growing industry of companies (and simply concerned individuals) creating software solutions to help stop the spam menace. While there are debates over how well any of these systems work, it is possible to at least reduce your spam intake. Personally, I use a spam filter that is pretty effective in reducing my spam load to a mostly manageable level.
However, with something like this, there simply is no effective preventative measure in place. The spammers spoof the reply-to, making it whatever they want - so it never even touches my mail server at all. My inbox gets bombarded because there's no simple way to filter out the bounced messages since they are all so different. It's difficult to track down a spammer normally - and more so when the spam isn't even sent to you. Despite the fact that my address was the reply-to, it seems the spammer never sent me the message directly. I found a bounce message that showed the full headers and tracked it back. The email came from a mail server in the Philippines, and pointed to a website hosted in China, owned by a company in London. Tracking down the actual spammer would likely be close to impossible. Assuming they could be found, suing them would be nearly impossible as well, not to mention costly.
One potential solution to this would be to require every outgoing email to have a verified identifier of some sort, so that any email can automatically be traced back to the original sender. This (as does every solution) brings up other problems. There are benefits to anonymous email, and we wouldn't want to take that away (though, perhaps you could limit the number of emails that could be sent anonymously to prevent bulkmailers from abusing the system).
In the end, though, this sort of stunt has killed off the tiniest amount of support I had for spammers. These spammers stand behind their First Amendment rights to speak their minds (which is an argument that can be shot full of holes in a second). In this case, though, the spammer made no use of any First Amendment rights. What they did was just mean and nasty and a complete waste of my time.
If an email bounces, the bounce is supposed to go back to the sender, not to the Reply-to: address. (I believe this is in RFC 2821) It's amazing how many commercial mail servers out there use Reply-to: to send postmaster notifications.
In Starfish by Peter Watts, some of the book is centered around genetically programmed pseudo-AIs used to patrol the net for spam, virii, worms, etc. I won't say more as it might spoil the book for you but read it and I'm sure you'll enjoy it! What you said in your message has something to do with it ;-)
$#!^ happens, but why does it always have to happen to me???
Spammers have been resorting to guessing email addys now. This isnt new but I've just started seeing more and more of this shit lately:
Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <dclark@mydomain.com>... User unknown
Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <paladin@mydomain.com>... User unknown
Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <mbrown@mydomain.com>... User unknown
Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <viper@mydomain.com>... User unknown
Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <kelley@mydomain.com>... User unknown
Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <rbrown@mydomain.com>... User unknown
Feb 12 13:39:28 warthog sendmail[21909]: h1CIdQK21909: from=<joe@nowhere.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[200.162.240.168]
I tried to post all 65 attempts in this batch but the damn lameness filter said:
"Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted"
Nonetheless you get the picture.
It seems to me that as long as we have no authentication method for sending e-mail and verifying where it is coming from we will continue to have problems with SPAM. Most mail servers will believe whatever you tell them; this has got to stop. The Reply-To and From fields need to be set on the mail server. Users should also log in to send mail from their smtp server and you should be able to use the same smtp server from anywhere instead of just within its domain. There are other details involved in verifying the smtp server when receiving mail to prevent people from using their own sendmail in an inapropriate manner. This can be solved techinically; especially if there was one global e-mail database but we all know how much everyone wants a global database of anything; let alone e-mail to ID.
I've given up on most of it. The best way to figure out where junk is coming from is to just view the contents as ASCII, which The Bat does very nicely. (Show kludges shows headers) Most of the time there's a phone number or website and doing a whois on many will reveal the villain.
There are urls which are use just the IP address and those which look like HTTP://434328432849, the number being an IP address, not in the form 127.0.0.1, but the sum of 1+0*2^8+0*2^16+127*2^24, a neat way of masking sites.
Other news... I was just checkin a website I've had for 4+ years and never checked the mailbox that came with it. It filled up Mar 23, 2002 and has 1,669 pieces of mail, mostly spam. Looks like I'll be cleaning it out on Saturday. It would be an interesting project to archive it all and see how many violate California's anti-spam law and see if I can Make $$$$ At Home!
A feeling of having made the same mistake before: Deja Foobar
Now, all we have to do is get the super spamfilter to think that all the reply-to addresses are JacksonRoyKirk@ufp.mil
"Reality is that which, when you stop believing in it, doesn't go away." - Philip K. Dick
They'd have to have valid reply-to fields in order to receive bounces to prune their DB with, so I'd say no. A spammer isn't like a telemarketer - it doesn't take 30 seconds to find out that a number is bad. For a spammer, sending to a DB with only 10% valid addresses is trivial. CPU time and bandwidth are cheap, and as we've seen, they shrug off the consequenses of their bad DBs onto innocents.
I swear, if I ever meet a spammer, I'm using his CD tray and a pair of razor blades to castrate him. Fix the blades in place, drop and chop. The least we can do is prevent people like spammers from propagating their genes.
They don't - they'll use a forged envelope sender address so they don't receive the bounces. You don't have to modify SpamAssassin to bounce things it thinks are spam, though - just change your filtering to bounce tagged mails. Remember that in the process you'll probably be increasing the number of bounces that some poor innocent has in their mailbox.
I have had to deal with this same problem off and on.
Someone who does not like the idea of my operation of a website critical
of our company forges e-mails with my E-mail Address.
Instead of porn or spam this person includes Virus files.
Same said person also sends me 2 or 3 Klez infected e-mails everyday.
http://www.Slaveway.com
only break $5000 worth of his bones. then you won't be worth investigating either.
Slashdot requires you to wait 20 seconds between hitting 'reply' and submitting a comment.
It's been 19 seconds since you hit 'reply'!
Given that you just entered the domain name not once, but twice, and your post is likely to be seen my thousands, spidered, and google-cached, I take it that you don't like your mail admin very much, do you?
"They do not preach that their god will rouse them, a little before the Nuts work loose." Kipling, 'The Sons of Martha'
I bet she wasn't much into sex with animals for a while after that too.
Any idea how to reject messages that have bogus domains in the Received: headers? For example:
Received: from 200-171-127-240.terra.com.br (200-171-127-240.terra.com.br [200.171.127.240] (may be forged))
by mailhub3.mail.cornell.edu (8.12.6/8.12.6) with SMTP id h1BGY5fa026349;
Tue, 11 Feb 2003 11:34:07 -0500 (EST)
Received: from z6rbbasc.aw [143.24.93.162] by 200-171-127-240.terra.com.br with ESMTP id WAIBYOKKT; Mon, 10 Feb 03 09:02:53 +0400
Received: from tjg6o [129.65.215.50] by 143.24.93.162 with ESMTP id LNCGVGJT; Mon, 10 Feb 03 08:58:53 +0400
Message-ID:
As you can see, the Message-ID: doesn't contain a vailid domain name, and two of the Received: lines carry forged domainnames. How can I block out spams like this?
retrorocket.o not found, launch anyway?
The FBI routinely sets a high threshold before it will get involved, and it sounds unfair until you consider they are *tiny* compared to local law enforcement. Similarly, the entire federal judiciary has fewer judges than California.
:)
Did you look at state law remedies, call the attorney general, that sort of thing? I'm not faulting you if you didn't, I'm just ignornant of whether there a meaningful alternatives.
You could have sued the guy personally in small claims, although the dollar value was low. But there's nothing wrong with a little spite.
Testosterone supplements
and
$9.95 miniature RC cars
to name the two most recent, most frequent.
The living have better things to do than to continue hating the dead.
does not exist. A zip file has ZERO security. A small tool called pkcrack can easily perform a known-plaintext attack on a zip file and retreive a key equivalent.
Make even shorter URLs - 8LN.org
Service Pack 1 of Office XP (which contains Outlook 2002) adds a feature for disabling HTML mail which is described in Microsoft KB Article # 307594 . Users of previous versions of Outlook can use the macros provided here
You don't have to actually look at all attachments, and hopefully you can tell from the email text if it's a picture of someone's kid rather than a picture of someone having sex with a moose. I always have HTML email turned off and if I want to see an image I drag it to my browser. I prefer not to get images at all in email; if someone wants me to see their kid they can put up a web page and send me the URL. Which I will ignore, but I'll tell them their kid looks cute anyway. I can't stand HTML email, and I don't let my email program show inline images at all.
I doubt the person was trying to get ahold of the iname account, since it would have been as unusable for them as it became for you. And that seems like a lot of harassment just to get a freakin' login id. It could have been someone who wanted to harass you specifically, or more likely they just used a common name at random that happened to be your wife's name.
It doesn't matter. The west coast voted for Gore.
That you always sign your messages. If all my friends knew that I ALWAYS signed my messages, they would be suspect if they got one that I didn't sign. Doesn't do any good for strangers.
A few months ago, I opened up my spam folder to check to see if any non-spam messages had gotten in there by accident and found that in one particular instance, a spammer had sent out a message and when one person replied to it, it went to everyone who had gotten teh original message. It was kind of funny. All sorts of people saying "Stop sending me this spam!" "I didn't send you anything, you sent it to me!" "No you both sent me spam!" it was funny how many messagees it too some of these people to figure out what was going on.
http://www.popularculturegaming.com -- my blog about the culture of videogame players
Press CTRL-ALT-DEL now for an IQ test.
It sounds to me like spam where you get an "opt-out" link at the bottom of the message that subsequently fills your in-box with offers for organ enlargement.
I've heard a few direct marketers recently switch to calling themselves "permission-based marketers" as if to say "we're not spammers."
Just like some clueless people prefix racist statements with "I'm no racist but..." it seems these companies doth protest too much.
Can someone enlighten me?
... all mail servers should be required to use a password to send email, plus no rely (or a mail shoudl use the mailserver (i.e. sendmail daemon) where the mail account resides.
However, hacker spammers would soon build up their own mail servers, then mail servers should have a list of trustable mail servers, then the technical level of the fight would be raised.
errera hunamum ets
Hot mail doesnt, it just deletes to save bandwidth. Pitty, I have my filters on MAX safe list ONLY. I want to genereate bounces from them. not just auto delete.
encryption, not compression. my bad.
Username taken, please choose another one.
Some spammers retaliate aginst anti-spammers by sending Joe Job spam messages with the intent of making the anti-spammers look bad.
So if you ever recive a spammed message claming to be from an anti-spammer orginization, system, community, etc, it is likely from a pissed off spammer trying to get revenge and tarnish the anti-spammer.
Unscribe
I was the target of a joe-job since last April. A spammer advertising a Human Growth Hormone website based in China was sending out tens of thousands of spams over a long period, with my long-held email addy in the From: address.
The vast majority of the mails you get back are administrative emails saying that "the user does not exist." There is also a small amount that you get that are ill-informed, ignorant, and often very inflamed responses from people who respond.
At the peak of the attack, I got over 14,000 emails in a single day. It almost caused me to have to give up my email address, which I had held for almost seven years at the time. I didn't want to give it up so easily.
My solution was to install and use the Tagged Message Delivery Agent (http://www.tmda.net), which is a whitelisting service. It has my admiration for rejecting 100% of the unwanted emails for two reasons. First administrative accounts don't reply to their whitelisting requests, and second, ignorant angry users don't bother to reply to get whitelisted anyways.
As for the question of why someone would do this, I have thought of three reasons:
- To make their spam look more legitimate.
- Just to cause general havoc
- Because I have, in the past, not hesitated to complain to service providers about spam. This was probably retribution.
I did attempt to bring some form of legal action into the fray. I talked informally to Scott Frewing, a US attorney (one of the prime players in the Skylarov case), about the attack. He referred me to the FBI's online fraud folks, but couldn't really give me much encouragement on the chance of the success, since the spammer's website was located in the China Telecom domain, although the company it claimed to represent was in New Jersey. In fact, he told me I would probably be better off pursuing the case strictly on the basis of fraud and possible identity theft (the use of my email address) rather than as a spam case.
I stopped pursuing it after talking to Frewing.
In any event, I have won the battle in the sense that I will never see the unwanted mails. But I have lost the war in the sense that I can't really make the F*CKER stop doing it, and it does consume resources on my linux box.
-- Mojo Tooth : exploring our world as only an idiot can.
A quick technique is to use "File:Work Offline" immediately after ALL email downloads. It seems to do the trick with images and blocking pop-ups from embedded scripts.
There is one problem with this though. When using a phone modem, IE is normally set up to "Dial whenever a network connection is not present". So EVERY occurance of the tag "[IMG...]" within a HTML-email would result in a dialup prompt. That has the work-around of setting the option to "Never dial a connection".
Well, there is one more problem: you also have to remember to do it every time.
This is not my sig.
1 - Set up a website with a comments form. Never give your email address to anyone. Give your friends the url to your comments form instead of your email. If your website contains your name, Google will pick it up eventually and people who want to get in touch with you will find you. Spammers won't bother going to your website and clicking on your form (unless it's a standard feedback form that's so popular that it's worth writing a script to spam it)
2 - Use captchas as a way to authenticate human beings. Have an email address with a list of authorized contacts. For everyone else, have a bounce message telling them to go to your website and authenticate themselves as humans. After that, you can choose several actions such as adding them to your contact list, accept messages through a feedback form, etc.
See charts for twitter trends on Trendistic
It happened to me, it turns out I was selling penis enlargement, without weights (somebody sells one with weights??).
Here is what I did,
1) open a new yahoo account, set it up through a remailer, and tell everyone important to use it.
2) going through the headers I found the email was sent through a distant learning center in Chile, so I emailed their sysadmin and pointed him toward the black hole sites, for tips on fixing his server. (never got a response, but I tried)
3) The add listed a pharmacy in GA as a provider. Their site claimed they do not spam, so I forwared them a copy of the bounced email (no reponse again)
4) Found another link in the header to a "marketing" company in CA. They were proably long gone, but I called their DNS listed entry phone number, but it was always busy, so I emailed the Attorney General of CA and complained about this company's practices. The AG responed with a form letter, but a least they thank me for letting them know. Maybe someday they the joker running the company will goof up, and at least they have some complaint on record.
I agree with others, your pretty much at their mercy, but since they are selling something, some contact info has to be there. Complain to thier state's Attr. General, someday somebody may pass a law making it a crime.
I actually reply to spam in hopes that it will reach someone at the place spamming me or make a person away that their e-mail address is being used for spam. Either way, it gets something accomplished, that is unless the e-mail just bounces back to me.
--If only there was a license required to use a computer.
I had a different but similarly disturbing experience recently. A domain I host has the same name as a fairly large ISP in a neighbouring country (just the tld is different). A spammer started sending floods of messages with made up rcpt (aaa@domain, aab@domain, etc) addresses to it.
The sender address was a similar auto-generated hotmail address. When I found out what was going on (on a sunday night) because the sysload went up, my mailqueue contained over 50000 undeliverable messages.
I blocked the sending address with an ip table rule and mailed the Irish ISP. The next morning the connection attempts were still bouncing of my firewall and the ISP never replied.
These guys are beginning to do more and more damage...
Xenna
There are currently several different spam lists that are killing my soul. This differs from the story, as every spam that they send out has the reply-to set to a different random userid with our domain tacked onto the end. we get about 100 or more bounces a day and have been getting them for the last month or so.
I've been saving them all, but haven't spent the time yet to track down the originators. Anyone else out there getting this one?
As I sit here some asswipe in the Netherlands is sending spam with my email address as the return address. I'm thinking its an ametuer because he appears to be slow - I'm getting a couple of bounces an hour instead of the usual overload.
This seems to be the originating address
dslam197-18-166-62.adsl.zonnet.nl (62.166.18.197)
I've complained to abuse@zonnet.nl. Its a free ISP so I'm not expecting to even get a response
True,rejecting spam after DATA has a few nice advantages, such as not having to worry about sending a bounce, and knowing that legitimate senders will receive notification that their mail wasn't delivered (most MTA's will include the 5xx message in the bounce, so you can probably supply some information to the "spammer" there).
However, I doubt that rejecting spam after DATA would automatically unsubscribe you from any significant number of spamlists because of the bounces. It doesn't make sense to use DATA as an indication of the validity of the recipient -- RCPT does. But then again, you can't scan for spam after RCPT. :-)
Beautiful stuff.
Just wondering, how would it be cracked? If I had a complete message, that included sender name and receiver name plus text. Therefore to send a mail to 10 people (even same text) requires 10 computations (different receiver text). I have an (updatable) algorithm on the sender side and the receiver side. The sender requires 30 seconds of computing, the reciever requires 1 second. How would you send 100 emails without computing 100 times? There is nothing to be cracked!
My sweetie got Joe-Jobbed a couple of weeks ago. 20K bounces over the course of the day. Thankfully, the payload of the spam was only two lines of text, containing a URL to a (non-existent) pr0n site. So the bounce messages were comparatively short. A cursory look at the headers in the bounces suggested that the attacker -- 'spammer' is too genteel a term for this -- was using a constellation of open relays to spread the stuff.
She came into my office, saying, "Make it stop!" Sadly, there turns out to be little one can do to stop it. The emails were coming from thousands of different legitimate sites, all serving a legitimate bounce to an illegitimate spam. It was very distressing for her. Fortunately, the attack stopped, and things settled down after about 24 hours.
I wrote up the experience on Kuro5hin. Feel free to have a look.
Schwab
Editor, A1-AAA AmeriCaptions
I have installed the CanIT pro spam filter and had to turn off one of the most effective methods of blocking spam (it temp fails the email the first time assuming the email server will try the secondary mx record) because of email servers that never try to send the valid email again or who wait 2 days to send it again. What ever happened to the standard of servers that always try a secondary mx record and if that fails, try again every 4 hours or so?
I knew we would get a spammer shouting/claming the cliché "Frea Speach." The "let's make it a level playing field" part sticks out, they must mean make it to what a spammer will find acceptable.
That reminds me of spammers trying to redefine the meaning of spam to the kind of spam that they don't do. They pose as if they are anti-spam and are taking the stand aginst the spam methods that they do not employ (most likely what ever their competition does), yet try to keep it open so that the way they spam is still ok.
Claim what ever you will, but commercial speach is not free speach. Free speach would be a bar patrion saying "your logic sucks," commercial speach would be clamin/saying "Buy my product and watch your XXX/bust/nut/cash size increase."
With free speach (or the "unsolicitated communication" as you call it) I reserve the right not to listen or to be forced to listen.
I had the UK national radio station Classic FM hijack my domain and use it to send a Valentines day spam message (this was last year). Again, the only way I found out was when all the spam came bouncing back to me. I wrote to the MD of the station, and did get a personal reply, apologising and claiming their web developer had made a "mistake". I asked for compensation and didn't get it though. I also got plenty of out of office auto replies, plenty with name, addresses and telephone numbers. The biggest number of bouncing emails came from Hotmail, Yahoo and Lycos. The thing I found most upsetting was the possibility of having my email blocked by companies or people that got this spam or having my net connection closed because of spam reports.
Two stories, one related to /.
/. last weekend about the Simpsons cast on Bravo. To my utter shock, it was accepted and posted. I stupidly put my very private email (the one that didn't ever get spam) in the Email field. I know, I know...
.zip.pir attachments, and a few with blatant Trojans. Luckily, I'm OSX so they had no effect, but I was amazed how quickly the email hoovering app grabbed that email addy. They seemed more malicious than sales oriented.
I submitted an article to
Less than two hours later, I started getting weird email, complete with
I haven't received any today at that address but I'm still kicking myself. Moral: spammers hoover slashdot, so don't post your email here, ever.
Story two: For almost five years I had the email bruce@altavista.net. In November, I got mail from Mail.com stating that the Altavista.net domain was being closed down and they were replacing my long-used address to something like bruce@way-cool-dude.com. Um, no thanks I said, I use this account for business and that doesn't work for me.
Ok, they said, how about we reactivate bruce@mail.com and you can have that? "Hmm, neat addy, easy to remember," so I agreed. They activated it on a Monday night.
Tuesday morning I woke up to more than 400 mails. Maybe 20% were typical Hotmail "make your penis so big you need a hose reel" spams but a full 80% were Joe jobs: spammers who had used that address as a reply-to. I knew I was going to shut it down but I watched it for three days just to see.
Total Joe job spams, almost four thousand (in three days) before I had them cut the damn thing off. Said fuck it, and bought a domain for business mail, and ended that adventure.
Someone oughta make a law.....
"The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
The spammers are comming out of the wood works to astroturff, shouting the same old "you are aginst free speach" and pushing their agenda while trying to hid the fact that they are a spammer.
Will this ever happen? No. But it WOULD stop the spam.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
a friend of mine has the domain bobville dot com and it's quite amusing to hear him bitch about how much spam he gets (everything's rerouted to him)
Jeremy Logan's Website.
Why not bitch to sourceforge's site runners? Oh, and what project is this anyway?
/., throw the blame, and butcher the meaning of irony.
Oh wait, you must not have really wanted to solve the problem. You just wanted curse at
Believe it or not, AOLers and Compuserve users didn't get spam in the days before AOL could connect to the rest of the world. There were other nifty features too - you could see if your mail had been read, cancel it if it hadn't been, etc.
But, y'know, they wanted to connect to the net, because what good is an email address that only connects to one service?. And the rest is history.
14 day risk free trial of penis enlargement pills!
The message almost certainly contained some sort of serial-numbered link to the spammer's web site. That way if your serial number shows up in their web server's log, they know that you've opened their message.
Doesn't sound like a big win for them... until you know that advertising is big business. By proving that you opened the message, they can claim that their spam will make one more "impression". Initially, they'll want to do a little profiling because audiences "targeted" by interest areas can be sold for higher rates, something like [US]$10 per 1000 impressions in general and up around [US]$20 or more for 1000 targeted impressions.
Once you've opened one of those dumb spams with a mail client that will load images from HTML IMG tags, you become part of the "audience" which that spammer can sell to advertising clients.
And by the way... five hundred e-mails is nothing compared to the number of hits the spammer probably got back.
You mean like this?
RFC 2487: SMTP Service Extension for Secure SMTP over TLS.
SMTP [RFC-821] servers and clients normally communicate in the clear over the Internet.... Further, there is often a desire for two SMTP agents to be able to authenticate each others' identities. For example, a secure SMTP server might only allow communications from other SMTP agents it knows, or it might act differently for messages received from an agent it knows than from one it doesn't know.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
Happened to me too. Someone used my domain with a .tw extension!
.com and .com.tw
I got hatemail from THOUSANDS telling me (as webmaster) to do something or they were going to report ME to the FCC.
Shame most American users don't realize the difference between
ISPs and mail providers following these recommendations can prevent most illegitimate spam(forged headers, open relays), and completely prevent what happened here. Unfortunately, large providers cannot follow these recommendations, due to the large volume of legitimate mail that gets blocked from systems with ignorant admins. The former ISP I worked for decided to implement some of the measures in RFC 2505 and began verifying PTR records (reverse DNS)....I never had to take so many calls from pissed customers not recieving their mail. I was threatened by an admin US Department of Education, who, in a most impolite fashion told me to fix our problem(we don't need no stinkin PTR records).....not to mention the University of Texas, Texaco, and so on. Soon the ISP relented, the spam came flooding back in and we were back where we started. I don't see the need for a new system.....just better admins.
--Gentoo Baby!
This may be true, but's it's just as easy to add a forged bounce-to header in the e-mail as it is to add a reply-to.
if we slow ass americans ever get moving to ipv6, will it have any anti-spamming benefits?
...even though I'm an os x mail.app guy.
---If you can't trust a nerd, who can you trust?
in the last 4 days my yahoo account (which i've had for years and don't want to have to change) has used its' 6mb quota up 17 times because of all of the undeliverables i'm getting back from this spam I didn't send. I volunteer for a Forensics K9 Search group and I get emergency call-outs sent to this address, so my mailbox filling up and bouncing messages is a very very very bad thing. (side note: this week NASA contacted us saying that if they needed to call in groups from outside CA and TX we were next on the list to be brought in!) This morning was the last straw..i got over 1000 bounces again and I decided to take a closer look at the SPAMMERs site. It turns out they have a crappy verisign shopping cart that does not, in fact, verify credit card numbers beforehand. So i submitted the form about 1000 times before i got sick of it. If you'd like to have a laugh, or to help me get revenge, then click the link below to see a screenshot of their website with the info i filled in the form, as well as the URL to the SPAMMER's page...
This is NOT the spammer's page, just a link to a screenshot of their page with the URL included
"Leave no authority existing which does not answer to the people" --Thomas Jefferson
Maybe creating a new DNS RR to indicate the ip addresses of servers authorized to send email from a domain. Big domains like hotmail.com, yahoo.com, msn.com could set these and our MTAs will check whether the sender's ip address is in their lists. Of course it should check it both at the MAIL FROM: and within headers.
HTML is obsolete. It's time for a new, simpler and richer markup language.
Grab the picture, make it look like an FBI "wanted" poster, and send it out as spam. Need a fake return address?? How about spam headquarters, a.k.a. abuse@uu.net?
Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype
Now he gets to write about a somewhat old type of DOS attack known as "getting slashdotted". Actually, his site seems to be holding up well.
MDC
Do you have ESP?
http://www.cypherspace.org/~adam/hashcash/
a sh .pdf
http://www.cypherspace.org/~adam/hashcash/hashc
here's an idea that may work for both the regular spam and the reply-to kind described in the article:
whenever any user anywhere receives what he thinks is spam, he forwards the message (if he can/wants) to a well-known, centralized anti-spam place.
the machine(s) that receive the message verify that the message is indeed a spam, by checking it against the database of messages -- if the same message body comes from, say, 100 different addresses, it's a spam.
once it determines it is a spam, the machine(s) launch a denial-of-service attack against the sender's computer, or another computers in his subnet. this is the trickiest part, but probably doable. (an alternative is to launch DOS against the URL in the message, but there's a danger of the spammer trying to knock down a legitimate site).
if doing a DOS on a spammer's site is illegal, put the attacker machine(s) in a country where it is not.
Mr. Masnick appears to be unaware that the Reply-To
and the envelope sender are not one and the same
thing. As a result, his article makes little
sense.
Ben "You have your mind on computers, it seems."
My first clue was the 50000 bounces in my inbox. Then, the flood of unsubcribes & death threats.
I ended up signing the domain up for Spam Arrest, which sends an auto-reply explaining the situation back to whomever, and they need to pass the spam filter challenge in order to send stuff through to me.
I still get some unsubscribes and angry people, but I think for the most part they understand.
a few days later, another spammer sent stuff from another address at my domain, (blow@me.cx, creative, huh?) so I just added that to Spam Arrest too.
...the original poster?
Eventually Kim-Il Sung might be limited to two missiles per day.
I keep a hotmail account (I know it is lame, but I've had it from the time when hotmail was not lame ...). Buried deep within the settings is the option to "white list". With this option everything that is not specifically allowed is sent to the junk mail folder. I told it to allow my family and friends and co-workers e-mail. Every day or so I go through the junk folder just to make sure nothing valid got sent into it. Once junk mails hit 100 or so e-mails, hotmail erases the oldest so that the system is self maintaining. This is a fantastic solution to the spam problem. Before I used to a 100 spams a day or more. With this system, over the past three ones, only one spam somehow managed to slip in.
Comment removed based on user account deletion
I had the same thing happening to me a couple of months ago. Over the course of the three or four weeks that it lasted, I received about 2000 bounced messages, mostly due to non-existant target addresses. I also recieved a handfull of unsubscribe attempts, and a few irate messages from people telling me where to put "my" spam.
I suppose spammers are people too (evil though they may be) since the bounces stopped friday night, and then started up again monday morning.
It was easy to filter out, but it was still a pain in the ass.
1.Send out tons of Spam 2. ? 3.profit
or that you dont allow ANY external ip's use your server to relay.
Do a google search for auth smtp for more details
Lawyers, MBA's, RIAA? A jedi fears not these things!
He could always bounce some of the more humorus replies to Spam Radio for everyone to enjoy.
A spammer took his AOL address and used it in the 'from' feild. He got, I think, five or six replies and a few IMs. All very angry :P
autopr0n is like, down and stuff.
If so, perhaps spamware like SpamAssassin could be modified to intentionally bounce mail?
You're looking for this:
marc.merlins.org/linux/exim/sa.html
I too have suffered from this, thus I now filter on "slashdot" in the mail header.
This works reasable well.
Wow, I should not post when knackered.
Mojo, This sounds identical to the group that hit me (see prev. post), except that they *started* as "Ultimate Health" in NJ selling HGH and then changed to "Advanced Health" in FL selling penis enlargment (which are the majority of the emails I get). I'm now at 205,000 emails and counting. Would like to know: did it eventually stop? Or did the whitelisting service just sheild you? Please respond to email above.
The only effective countermeasure I found was to use SpamGourmet. It's a web site that allows you to define disposable addresses forwarded to your real (secret) address. The disposable addresses can be disabled. They automatically shutdown after 20 messages from unknown senders (not in your whitelist). So, a Joe Job would generate, at most, 20 replies into your forwarded mailbox. After that, you'd have to re-enable the disposable email, although you'd rather leave it disabled because it WILL be spammed again.
--
Mad science! Robots! Underwear! Cute girls! Full comic online! http://www.girlgeniusonline.com/
In the course of day to day work (I do helpdesk work at a company that contracts out to multiple ISPs) I've frequently run across this situation in the past two or three months. It's not terribly common *yet* but it seems to be happening with much more frequency. One individual that I spoke with was receiving about 50 emails an hour, and, whilst out of town for 3 days, received 350 - 400 emails. All of these were bounced.
:)
My solution has always been to renamed the account and cancel the forwarding from the old name to the new one. Seems to do the trick. I wonder what happens to the bounced emails then..
My previous email host banned and deleted services for my entire domain, because I forwarded a spam to Spamcop, and one of the technicial recipients of the Spamcop fwd read ME as the spammer and not the one complaining about the spam.
*I used to be quite irreverent and ignorant. I am probably much smarter now. I seem to realize this every 45 days or so.
I send email to myself to check how GPG works on different MUA's, if they can check signs etc
By now i got the conclusion that Sylpheed and Evolution dont sign the same way.
Whatever, its useful
My english is sow-sow. Sowhat?
My girlfriend started getting a ton of bounced emails and not being a techie type person, asked me what the hell was going on...turns out the same thing happened to her as happened to the writer of that article: A spammer was mass mailing, in this case, penis enlargement pills, and setting her address as the reply-to.
Instead of writing a witty retort on a website though, I took care of it the way everyone else should from now on: (READ THIS) I looked up the registration info on the website that was being advertised in the spam....luckily it was a US registrant.
I then immediately called the technical contact listed for that company. After a few tries, I managed to get him to answer the phone. I told him politely but firmly that whomever he had hired to advertise his website/product was using questionably legal and certainly unethical tactics to do so and was making a lot more enemies than customers. He seemed genuinely upset that this was going on and gladly gave up the name, address, email address, and telephone number of the spam-mercenary he had hired. I called the spammer and left a voice mail telling him I hope he didn't really enjoy his email address or phone number a whole lot and proceeded to sign up for any and every mass marketing, porn, magazine subscription, and telemarketing form I could find.
Sometimes the operator of the website is the one doing the spamming, and if this were the case I would have chewed him a new one when I talked to him. Either way, you'll get a pretty good idea of where the spam is coming from if you just call the webmaster for the advertised site. I've been saying for years that this is how they need to enforce spam legislation....bring charges against the website operator rather than trying to track down the spammer. No customers to spam for, the spammers will dry up and blow away. Legally, it makes sense...if you hire someone to kill a person for you, you're legally culpable...so hiring someone to spam for you should get you into trouble as well. Make the first offense a "warning" in case they hired a marketing company and didn't know they were spammers. A slap on the wrist and warnings of heavy fines for future infractions will most certainly make them choose more wisely when picking a marketing company.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
What kind of geek AM I? What kind of geek ARE you, pal? Right back atcha!
All geeks know it's stormtroopers, one word, not storm troopers, two words. Jeez, next you'll be putting a hyphen in Jar Jar Binks's name. I bet you don't even know the difference between a Corellian YT-1300 freighter and a YT-1900 one.
Kids. Sheesh.
"Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
Less than two hours later, I started getting weird email, complete with .zip.pir attachments, and a few with blatant Trojans. Luckily, I'm OSX so they had no effect, but I was amazed how quickly the email hoovering app grabbed that email addy. They seemed more malicious than sales oriented.
That's not from a spammer, that's from someone's infected computer. There are quite a few virii out there that go through the users browser cache and send email to any mailto's in any site they've visited recently. Anyone who has a popular website with a mailto in it will attest to this fact.
Unfortunately, your email address was on one of the most visited sites on the internet, and that's why you got the virri.
These spammers stand behind their First Amendment rights to speak their minds (which is an argument that can be shot full of holes in a second).
Don't you mean "shot full of holes by the second?"
Unfortunately the ISP's wouldn't help me
no big sig
That was about the most boring article I've read in awhile
Add a simple new series of commands:
ADDWHITELIST - add an email to a whitelist
WHITELIST - list emails in whitelist
REMOVEWHITELIST - remove email from whitelist
CLEANED - List of emails that fit in the whitelist
QUARANTINED - List of emails not inthe whitelist.
There.. now you can just have whitelisted emails go into your normal mailbox, and then you can apply whatever filtering on the QUARANTINED list.. or just delete them all.
OR modify SMTP, you give someone a password and require all SENDs on SMTP to have a password
SEND father@...com [password]
message
.
So you can set up a password for each person, or for a group of people.
Is building some of these simple failsafes too hard?
meh
Some spammer also used my email address in their reply-to field, and I was surprised that I only got one human reply asking me to take them off 'my list'. I did however get hundreds of "failed mail" messages and auto replies. Darn spam.
There is a nifty program called MailWasher that does this :)
these aren't really spam, it is a variant of the klez32.worm that can exploit your outlook email address book (thanks bill) and spoof with whoever's email addy is in there...The senders are just people that are infected...I work for an ISP and have had quite a few calls about the subject...
It started couple days ago.
I have yahoo email address so defending from it is
not easy. Fortunately most bounces come from postmaster@ or mailer-daemon@ and I set up filter on yahoo for that. So the only stuff I receive now are vacation notices and threats.
Does anyone have any idea how to stop it?
I cannot close email account because I have too much stuff linked to it.
Why the did I have to click thru 3 (*three*) websites (all claiming to have "it") before I was able to read the origional story ?
... ...
/. about, they think it's "funny". :-) ? Or do I have to create one-time only adresses just to please /. ?
... two rants, and one about the very organisation that is supposed to post them :-)
Is this ment to be a detour (from the US) thru france, japan, russia & bolivia just to enhance my knowledge of the world ?
Wouldn't a direct link have sufficed ?
And yes, I've read the story, and (all) responses to it. Interesting to say the least
Where did I read that story about identity theft again
I'm afraid that as long as they don't try to pose as a gouverment representative they (the gouverment) could care less. As long as a *gouverment* thinks that their "free speech" is exempt from my wish to listen to it (effectivily *forcing me* to listen to their, hyped up and not delivered, promises) no (form of) spamming will be *really* adressed as such. My two bits about the subject.
On another avenue : if you're asking yourself why I'm noted as "anonymous coward", that's something you'll have to ask
Do they *really* think I want to deposit my URL here, where they (and the rest of the world !) can read and harvest/*mis*-use it (don't tell me you, or the rest of the world won't, I have absolutily *no* reason to believe you
Oh, well, what was the subject again ? Spamming ?
(Guess what, I don't even expect this rant to turn up *anywhere*. I think it'll get trashed
As for blocking spam, I've noticed that almost all the spam I get comes from asian pacific or latin america netblocks. I found that blocking all emails comming from SMTP addresses starting with 61, 200, 202, 203, 210, 211, 218, 219 and 220 helps a lot.
There are 2 kinds of people in this world: Those who write in decimal and those who don't
I've been without cable for years, and until now, I never realized how much I was suffering! Thank you for ruining my evening!
Probably because all my mail comes to domains I own. I think spammers are wary of using business-like domains as phony return addresses. There's a good chance of being sued for big bucks for trademark misuse under the Lanham Act. Sending out spams with a trademarked domain as a return address is a clear violation, and the penalties can be huge.
Maybe we should just kill the spammers? Preferrably with a rusty spoon.
Lesbian Nazi Hookers Abducted by UFOs and Forced Into Weight Loss Programs - -all next week on Town Talk.
I wish to add you to my "Humour impaired" list.
Thank you for playing !
the process of surrounding the letter 'C' with the letters 'N' and 'R'.
Tabbed browsing before morning coffee: BAD
I want to see the flames!
That techdirt link entitled approximately 500 bounce messages, autoresponders, and angry replies should be a link to the ~500 messages!
Looks like you win, the domains gone now.
"(I) have this unfortunate condition that causes me not to believe a single thing any politician says when a mic's on.
I remember they used a very similar trick on the hell.com site -- they explained to you that the contents of your computer had been uploaded to their server while you were browsing, and "proved" it with an HTML fileupload (whose browse button was labelled "View Files on Server" or something like that).
I'll bet they scared a lot of people...
There are only 10 types of people: those who understand decimal, those who don't, and, uh, 8 other types I forget.
Moral: spammers hoover slashdot, so don't post your email here, ever.
Screw that. I refuse to hide or obfuscate my email address. I've been using the Internet for 15 years. I remember the time when the Internet was mostly spam-free, and people rarely forged email addresses even though everyone knew how to.
My real email address is deven@ties.org -- this is my primary personal email address, not a spam-trap address. I know that the spammers are harvesting address from Slashdot and everywhere else. I don't care. Let them have the address. I've never hidden it, and I never will. I'm stubborn that way. (It's akin to refusing to change your lifestyle in response to terrorism, even when you know you're at risk...)
Of course, since I don't hide my email address, I get tons of spam, along with "Joe job" bounces/replies for spams forged in my name, plus more bounces copied to postmaster, since I receive postmaster mail for several domains. Bring it on! It just provides me with a larger corpus of bogus email to use for Bayesian filtering, or whatever other technique I may experiment with...
I firmly believe that a technical solution will be required to solve the spam problem. Legislation won't prevent the virtually-untraceable international spams, and may not even prevent local ones if it's not zealously enforced. Social controls haven't been effective. We need to prevent the spam from being delivered in the first place, or at least mark it as suspicious so legitimate mail doesn't drown in the noise so easily.
Beyond basic filtering like SpamAssassin and Bayesian filtering, there are other technical solutions worth exploring. Human validation techniques like TMDA might help. Finding a way to punish spammers and drive up their costs, such as E-Stamps or selling interrupt rights (original paper: HTML or PDF), might be effective. (But likely a higher barrier to legitimate mail.) Some sort of PGP-style Web of Trust might be very effective if done well, but it would be difficult to build. Perhaps some "soundness" principles could be borrowed from Usenet II to create a similar system for email...
Let's cross our fingers and hope to find a truly effective solution (or combination of solutions) in the near future!
Deven
"Simple things should be simple, and complex things should be possible." - Alan Kay
Back in the day, I worked for a large ISP on the west coast. Large as in customers, there were only a handfull of us in the NOC (no modems, leased lines only). Anyway, we were doing battle with this spammer out in Las Vegas, who for some reason liked to hammer on our filters (Sparc1000 straight into the NAP was probably why). After having his fourth or fifth account cancelled, he decided to drop our NOC email addy into the From field on some *really* nasty kiddie-pr0n.
When I got in about 6:am the next morning, my mailbox was slammed. The voicemail box sat'ed at about 300 voicemails from angry folks. My favorite was this horrific string of profanity about what the guys in jail were going to do to us once the FBI got done with us, that ended up coming from a daycare center. We saved that one, and it exists somewhere in the ether (thanks to the mic on all SGI workstations).
Ah, good times, good times. But old times. Why is it that people who can't be bothered to do a little research assume everything is new just because they haven't heard of it?
I didn't realize it had been superceded. Do you know if any mail servers support RFC 3207 (experimentally or officially)?
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
What about legitimate mailing lists?
This happened to me about a year ago. I got probably 50,000 messages over one weekend. Filled up an entire partition - I got in on monday and had to do some radical surgery to clean things up enough to finish receiving all the junk.
I saved enough of the messages to get some good info about who was sending them. Of the ones I could get information from, probably two thirds were URLs for the cheezy Net Detective package.
I chased down the net defective people after a bit of work - there are so many sites selling this it took some work and the originating site was not overly forthcoming with information. Further, I managed to find someone a local phone call away who was selling the net defective package. He refused to give me a contact number for them. Not entirely politely. (Next time I'm calling at two AM.)
Of the rest of the junk I could get information on, most of it was selling stuff and taking payment through a place called clickbank. I sent them email asking for information on some of the vendors. No response. So I called them - they'll take a complaint and get back to you. Vendor information is confidential. How convenient for the vendors. So I gave them my complaint. No response. Eventually I filed a complaint with the better business bureau. The response was that clickbank kept their vendor information confidential and the better business bureau was just all spiffums as shit about that.
Since then, I've checked out a number of sites that look sleazy to me. A large number of them use clickbank. I've never found a site that I would consider reputable to use clickbank.
From that I've come to figure that clickbank is a bunch of sleazy types looking to make a quick buck by providing services to even sleazier types.
YMMV
I just have to add another 'Happening to me' to put pressure.
Both 'Reply-To' and 'From' are forged. I am pretty lucky, I got only 50 in the last 70 days, but it is increasing. It started on Dec 31 with one bounce every other day for the first 2 weeks, then one every day, and now 5 per day. I had no replies from angry targets yet (touching wood).
I am with AT&T (abuse@attbi.com) in California, who of course does not reply to my concerns. The SPAM is typically sent to 1 address with 4 "CC" obviously sequential listed names (Joe, joe1, joeB). Because of the low amount of bounces I get the spammers are probably changing the forged name every mail they send. This is not necessarily bad, since they will forge more and piss off more people, to best way legislature will be adopted. I can only hope many politicians will be victimize in that fashion.
I have not opened the SPAM the last few weeks, but typically only a link hints to the culprit, bringing me to some non-English characters site, unreadable by me. Tracing the header IP (4-5 relays) brought me to China or Brazil.
There is nothing I can do; it is really not worth my time, or money. Legislation is probably the best solution, but what about the international aspect?
GG
haha.. i hadn't noticed that. I was just getting ready to do another "punishment run" on their order form too....
"Leave no authority existing which does not answer to the people" --Thomas Jefferson