Slashdot Mirror

← Back to Stories (view on slashdot.org)

My Short Life As An Unintentional Porn Spammer

Posted by timothy on from the you've-got-spam dept.

Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can now answer the questions 'who replies to spam?' and (should anyone ever wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."

12 of 557 comments (clear)

  1. It's nothing new by Anonymous Coward · · Score: 5, Informative
    It's referred to as a "Joe Job" or that you've been "joe jobbed"

    an article about it

  2. Re:Why? by stratjakt · · Score: 4, Informative

    >> Are the spammers just trying to cause as much chaos and unpleasantness for as many peoples as is humanly possible?

    Perhaps some, but it's also a way to get past some spam filtering app, or to make you think its a legit e-mail. I remember there was a big whoopty-doo a year or so ago about spammers using someone@linux.org as the reply to.

    Which goes into the trashbin first, hotsex69@sexparty.ru or ltrovalds@linux.org?

    --
    I don't need no instructions to know how to rock!!!!
  3. Re:No way to contact spammer by wobblie · · Score: 5, Informative

    Some spams are purely for confirmation that your email address works. I repeatedly see spams which have 1x1 pixel gif's that link to a script to call the image and pass your email address off to that script. Biggest reason not to use HTML mail.

  4. Re:Why? by Neon+Spiral+Injector · · Score: 5, Informative

    Hanging out on some anti-spam news groups I've seen this happen to people who go after spammers. In this case the spammer quite intentionally selects the FROM: address to make the bounces and irrate replies cause trouble for someone who has been causing trouble for the spammer. This is called a "Joe-job".

  5. Re:Am I missing something? by Entrope · · Score: 4, Informative

    That would vastly reduce the amount of USEFUL EMAIL as well. You would not believe what a large fraction of the Internet is configured to fail that kind of test -- or else you would not seriously contemplate that solution. Sometimes there are good reasons to configure a mail server that way.

    DNS is not a terribly useful authentication mechanism for this kind of thing. Much more useful is origin-authenticated SMTP: the originator (either user or mail server) calculates a signed hash of the message, and attaches that when sending it. The receiver can verify that the signature is valid for the person (or mail server) that claimed to originate the message.

    Obviously things lose in the transition period before every sender does that. You also get a huge fight over which algorithms to use, how to distribute and verify the public keys, and so forth. Welcome to Internet politics.

  6. Re:Why? by Fluffy+the+Cat · · Score: 5, Informative

    In general, it's not a good idea to accept mail unless you think you can correctly generate a bounce message if you fail to deliver it. As a result, many mail servers will refuse to accept mail if the

    MAIL FROM:

    section of the SMTP exchange doesn't include a domain that exists. Some will go further and do some checks to see if the localpart exists, too. If the spammers want to get to as many addresses as possible, they have to use a real address rather than a made up one. In some cases, they'll pick the address of someone who's irritated them (anti-spammers, for instance).

  7. Re:Fix it with PGP. by Enry · · Score: 4, Informative

    There was a discussion on my local lug.

    PGP/GPG only ensures that you did send it, not that you did not. Since you can send e-mails without being signed, unsigned e-mails don't prove a thing.

    Those that know you (or have your key) would know
    enough about you that any non-PGP e-mails would be
    suspect, but that's what, .000001% of the internet?

  8. For those who cannt access the site by Neophytus · · Score: 4, Informative

    I mirrored it. Read away.

  9. Re:No way to contact spammer by camusflage · · Score: 4, Informative

    Try this.

    --
    The truth about Scientology, Xenu, and you: Operation Clambake
  10. Depends on Which Version of Outlook by Carnage4Life · · Score: 4, Informative

    Service Pack 1 of Office XP (which contains Outlook 2002) adds a feature for disabling HTML mail which is described in Microsoft KB Article # 307594 . Users of previous versions of Outlook can use the macros provided here

  11. Re:3 little words by Fluffy+the+Cat · · Score: 4, Informative

    POP before send is a hack to get around the poor level of authenticated SMTP support in most clients. A correctly configured SMTP sever will only relay for clients with IP addresses in the local network - authenticated SMTP or POP before send allow people who aren't on the local network to relay mail through the SMTP server. This has very little to do with spam - POP before send just allows you to do something that wouldn't otherwise be possible without running an open relay. How on earth would it prevent someone from forging somebody else's email address? There's no way to pass that authentication information to remote machines, and POP before send generally allows you to use arbitrary email addresses once you've authenticated.

  12. New Mail RFC by Ayanami+Rei · · Score: 5, Informative

    You mean like this?

    RFC 2487: SMTP Service Extension for Secure SMTP over TLS.

    SMTP [RFC-821] servers and clients normally communicate in the clear over the Internet.... Further, there is often a desire for two SMTP agents to be able to authenticate each others' identities. For example, a secure SMTP server might only allow communications from other SMTP agents it knows, or it might act differently for messages received from an agent it knows than from one it doesn't know.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON