Slashdot Mirror

← Back to Stories (view on slashdot.org)

My Short Life As An Unintentional Porn Spammer

Posted by timothy on from the you've-got-spam dept.

Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can now answer the questions 'who replies to spam?' and (should anyone ever wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."

56 of 557 comments (clear)

  1. Reverse spam really isn't that new... by Anonymous Coward · · Score: 5, Insightful

    Spammers have been spoofing legit addresses for a while. I know a lot of times they'll simply use webmaster@somelegitdomain.com and basically cause that person a bunch of grief and headaches. Most users are too clueless to realize it's really not coming from that address.

    1. Re:Reverse spam really isn't that new... by The_K4 · · Score: 5, Interesting

      The new one i've run into recently is they use some kinda script so that the reply-to address in my address....which makes fintering really easy becuase how often do I send mail from my account TO the same account. However I could see some stuipd user getting very confused. :)

    2. Re: Reverse spam really isn't that new... by Black+Parrot · · Score: 5, Funny


      > The new one i've run into recently is they use some kinda script so that the reply-to address in my address....which makes fintering really easy becuase how often do I send mail from my account TO the same account. However I could see some stuipd user getting very confused.

      ...and replying to himself in outrage.

      --
      Sheesh, evil *and* a jerk. -- Jade
    3. Re:Reverse spam really isn't that new... by Greg+Hewgill · · Score: 5, Funny

      That reminds me of when it was cool to tell lusers that there was this huge ftp site at 127.0.0.1, just log in with your existing account...

    4. Re:Reverse spam really isn't that new... by Zeinfeld · · Score: 4, Interesting
      The new one i've run into recently is they use some kinda script so that the reply-to address in my address....which makes fintering really easy becuase how often do I send mail from my account TO the same account

      More often than you might think. This is how a lot of mail systems support people like me who like to keep a copy of everything they have sent.

      I do wish that more of the spam filtering people would take notice of these tactics however. Quite a few of the more clueless ones have all sorts of hack-back features that can end up slamming innocent people.

      The only unusual thing in this case is that it was porn. The porn senders tend to be rather more discrete than most since they know that if there is an FBI type investigation they are sure to make examples of porno senders first. This tactic tends to be more common amongst the con-artists that the FBI are completely uninterested in prosecuting.

      One of the big problems is that there is no agency that has an analogous operation to the mail-inspectors role in the post office. In theory this is wire fraud but the wire fraud investigators tend to be busy dealing with cases with a few really big transactions. They are much less interested in a case where the amounts are $30 or so, even though the totals might be millions.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
    5. Re:Reverse spam really isn't that new... by dead+sun · · Score: 4, Interesting
      I've actually had spam being forged from my yahoo account a couple times. They didn't do just the reply-to trick either, but instead forged the whole thing so the send from is my email address. Though it's only happened a couple times and I've only ever gotten one irate reply, I know it's happened several times by the mail server bounce back that I get with the original message, along with the huge alphabetical list of addresses it couldn't be delivered to.

      But that isn't the most disgusting part about it. All the bounced addresses were coming from one particular domain, which happens to be the domain my parents are on so I really don't want my email address blacklisted from their servers. Nor do I want my account closed by Yahoo, as I've had the account for a long time. Since I don't want this, and I hate spam as much as the next guy, I decided that I should send that domain owner's operators, which happen to be an ISP, an email message explaining what was going on and that if they could retrieve the headers from my message they'd have another relay they should add to their list to block.

      On to the disgusting part. I get a message back telling me that I have a virus. A virus of all things, sending spam, to alphabetical lists of people on a single domain. Right. I try again, explaining the situation in detail so they can see what's going on. I include the bounce message, etc. They tell me they'll take care of it in that sort of message you know means they'll delete any correspondence we've had to this point and ignore it. Luckily enough I haven't gotten any more such signs that my email address is being forged, but I'm still put out that the people who should care, because it's their bandwidth and customers, first insulted me and then told me in so many words to bugger off.

      --
      If not now, when?
    6. Re:Reverse spam really isn't that new... by evilviper · · Score: 4, Funny
      just zip up your files and attach a password to the transmitted zip file.


      should you get side-tracked and not make it home (eg, if you get lucky and score


      What kind of a geek ARE you??? Not only do you talk about zip rather than gzip/bzip, then call zip passwording "secure", but you also talk about getting sidetracked by scoring, rather than some more sci-fi reason, like being shot at by storm troopers, attacked by some creature from LOTR, etc. Come on, get it together man! This IS slashdot afterall.
      --
      Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
    7. Re:Reverse spam really isn't that new... by David+Gould · · Score: 4, Funny


      That reminds me of when it was cool to tell lusers that there was this huge ftp site at 127.0.0.1, just log in with your existing account...

      No, it's "Dude, I hate to be the bearer of bad news, but I'm afraid you've been hacked -- the FTP server at 127.0.0.1 has all your personal files. See for yourself; just log in with your normal id..."

      Thing is, it only worked when a sufficiently naive person would still be likely to be using a Unix system and be familiar with FTP, whereas now, even having heard of those things is something like a guarantee of knowing too much to fall for it.

      Speaking of falling for it, though -- didn't I read here a while back that this particular troll had been used on the Scientologists, with spectacular success? Like, they were in court taking a deposition and their lawyer was shouting at the guy "Tell us who runs the FTP server at 127.0.0.1!"

      --
      David Gould
      main(i){putchar(340056100>>(i-1)*5&31|!!(i<6)<< 6)&&main(++i);}
    8. Re:Reverse spam really isn't that new... by AndroidCat · · Score: 5, Interesting

      Keith Henson, during a deposition. It's all over the place, but definitely here

      --
      One line blog. I hear that they're called Twitters now.
    9. Re: Reverse spam really isn't that new... by Have+Blue · · Score: 4, Funny

      ...And replying to himself in outrage.
      ...And replying to himself in outrage.
      ...And replying to himself in outrage.
      ...And replying to himself in outrage.
      ...And replying to himself in outrage.

      It's "How do you keep an idiot busy for hours?" for the new millenium!

  2. What the Internet needs: by unterderbrucke · · Score: 5, Funny

    A proprietary mail protocol by a major power (MS?) to eliminate IP address/e-mail address spoofing.

  3. Not New @ All by devaldez · · Score: 5, Interesting

    I experienced this five years ago and a group of sysadmins helped me track the guy back to his ISP and we turned the info over to the FBI as identity theft. We were told that my experience did not meet the threshold for them to investigate further ($5000 in damages). Worse, the ISP didn't have a code of conduct prohibiting this type of thing...

    Sucks when it happens, but isn't new.

    Probably the same idiot in Minnesota:(

    --
    "... but you can love completely without complete understanding." - Norman Maclean, "A River Runs Through It"
    1. Re:Not New @ All by jo_ham · · Score: 4, Funny

      That's what baseball bats are for.

      If the FBI won't take it further, you could always beat seven shades of shit out of him, then when the police arrest you, assume his identity.

  4. Skynet by OwlofCreamCheese · · Score: 5, Funny

    its not going to be military computers that come alive and kill us all, its going to be the spam filters! I mean, its going to take some serious adaptive AI to filter out spam at this rate...

    and the conformforting thought:

    when spamfilters come alive... their prime directive will be "eliminate anything that is worthless"

    --
    -You're wasting your time. Alfador only likes me.
  5. Why? by BurntHombre · · Score: 4, Interesting
    Why intentionally spoof someone's legitimate email address in the reply-to field?

    Why not just put some bogus made-up address there?

    Are the spammers just trying to cause as much chaos and unpleasantness for as many peoples as is humanly possible?

    1. Re:Why? by stratjakt · · Score: 4, Informative

      >> Are the spammers just trying to cause as much chaos and unpleasantness for as many peoples as is humanly possible?

      Perhaps some, but it's also a way to get past some spam filtering app, or to make you think its a legit e-mail. I remember there was a big whoopty-doo a year or so ago about spammers using someone@linux.org as the reply to.

      Which goes into the trashbin first, hotsex69@sexparty.ru or ltrovalds@linux.org?

      --
      I don't need no instructions to know how to rock!!!!
    2. Re:Why? by Neon+Spiral+Injector · · Score: 5, Informative

      Hanging out on some anti-spam news groups I've seen this happen to people who go after spammers. In this case the spammer quite intentionally selects the FROM: address to make the bounces and irrate replies cause trouble for someone who has been causing trouble for the spammer. This is called a "Joe-job".

    3. Re:Why? by Fluffy+the+Cat · · Score: 5, Informative

      In general, it's not a good idea to accept mail unless you think you can correctly generate a bounce message if you fail to deliver it. As a result, many mail servers will refuse to accept mail if the

      MAIL FROM:

      section of the SMTP exchange doesn't include a domain that exists. Some will go further and do some checks to see if the localpart exists, too. If the spammers want to get to as many addresses as possible, they have to use a real address rather than a made up one. In some cases, they'll pick the address of someone who's irritated them (anti-spammers, for instance).

    4. Re:Why? by schon · · Score: 4, Interesting

      Why intentionally spoof someone's legitimate email address in the reply-to field?

      Revenge.

      I've had several spammers disconnected by reporting them to their ISP. One of the ISPs I reported to was stupid enough to send the report (along with my email address) to the spammer (before they disconnected them.)

      Next thing I know, I'm getting tons of bounce messages for spam I didn't send.

      It stopped after a week or so.

  6. It's nothing new by Anonymous Coward · · Score: 5, Informative
    It's referred to as a "Joe Job" or that you've been "joe jobbed"

    an article about it

  7. No way to contact spammer by $$$$$exyGal · · Score: 5, Funny
    I am repeatedly surprised by the amount of spam out there that does not contain any way to contact the spammer. How do they expect to make money if there is no way to contact them?

    --sex

    --
    Very popular slashdot journal for adul
    1. Re:No way to contact spammer by nomadic · · Score: 5, Funny

      Volume!

    2. Re:No way to contact spammer by wobblie · · Score: 5, Informative

      Some spams are purely for confirmation that your email address works. I repeatedly see spams which have 1x1 pixel gif's that link to a script to call the image and pass your email address off to that script. Biggest reason not to use HTML mail.

    3. Re:No way to contact spammer by camusflage · · Score: 4, Informative

      Try this.

      --
      The truth about Scientology, Xenu, and you: Operation Clambake
    4. Re:No way to contact spammer by ColdForged · · Score: 4, Funny
      I am repeatedly surprised by the amount of spam out there that does not contain any way to contact the spammer. How do they expect to make money if there is no way to contact them?
      Are you really gonna leave that hanging up there like a big, juicy grapefruit?
      1. Sling a kajillion spam messages with no contact information whatsoever.
      2. ???
      3. Profit!

      "We apologize for the previously displayed shenanigans. Those responsible for that ordered list have been sacked."
      --

      -"I seem to be having tremendous difficulty with my lifestyle." - Arthur Dent

  8. Not happy... by Space_Nerd · · Score: 5, Funny

    ...with all the spam replies and such he got, he now decides to take it a step further and slashdot his server!

    Way to go!

    --
    Everybody has a purpose in life, maybe mine is to lurk in slashdot.
  9. Happened to Me, Too by Lucas+Membrane · · Score: 4, Interesting

    I'm in the Northwest US. The spam sent with my name came from Bermuda, according to the headers. I got complaints and a reply that seemed to be a death threat. The death threat came from Russia. Email to its return address came back as undeliverable. Talking to my ISP, they said that there is really not much that can be done about this unless I wanted to change my email address. I do business there, so I can't.

  10. Fix it with PGP. by bartman · · Score: 4, Interesting

    Really, the only way to combat this kind of identiy fraud is with PGP. It would be ideal if every mail-program out there supported PGP.

    --
    -- bartman
    1. Re:Fix it with PGP. by Enry · · Score: 4, Informative

      There was a discussion on my local lug.

      PGP/GPG only ensures that you did send it, not that you did not. Since you can send e-mails without being signed, unsigned e-mails don't prove a thing.

      Those that know you (or have your key) would know
      enough about you that any non-PGP e-mails would be
      suspect, but that's what, .000001% of the internet?

  11. Spam needs a technical solution. by Sheetrock · · Score: 5, Insightful
    This adds more weight to my assessment of spam as being a technical problem with a need for a technical solution. Why are address spoofing and open mail relays still a problem after over a decade of spam-related problems?

    Obviously, legislation isn't catching up and as evidenced by the junk fax law is useless when it does. Technical minds built the Internet, and I have little doubt that a solution could be found once we quit looking for the quick fix.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




    1. Re:Spam needs a technical solution. by IamTheRealMike · · Score: 5, Interesting
      About a year ago I designed a new email system. It was pretty kickass.

      It was kind of a cross between usenet and standard email. When you "sent" an email, it was in reality uploaded to your message store (the idea of the inbox was removed). Then notifications were sent to each person that a message was in the To field. That meant that for instance you could edit messages after they were sent, you could bring people in on threaded conversations half way through preserving the threading and so on. It also meant the attachment limit was decided by the senders account, not the receivers. Want to send a 200mb video to your hotmail using friend? No problem.

      One of the features of this system was that key signing was built in from the start. That meant, you could opt to trust certain "roots", probably international ISPs. If you wanted to setup a newMail server, you'd have to get your hosting ISP to sign it for you, probably requiring a contract to be signed saying you'd shut down any abusive accounts etc.

      Mailing lists were dealt with specially, I've never been happy with the way they currently work.

      Combined with send limits (how often do you email >100 people?), that meant that spam could be cut down quite significantly. In particular, because it could be shut off at the source, if a spammer did somehow manage to spam lots of people at once, all it'd take is one report and the email would magically disappear from peoples message stores, before they'd even seen it in some cases. If the spammers were running their own servers, revoking their certs would do a similar trick.

      It wouldn't eliminate spam of course, that's not possible. Smart enough people will figure out ways around it. However, having accountability built in from the start would help curb the situation a lot.

      Originally I was going to write the client as a commercial app, but make the protocols open (with a non-commercial free license available). However, I ended up working on autopackage instead, so I never got around to it. If somebody thinks it'd be cool, contact me and I'll fill you in.

  12. Who replies to spam by WIAKywbfatw · · Score: 4, Funny
    I can think of a few. People looking for:
    • Penis emlargements;
    • Viagra;
    • Boob jobs;
    • Sex;
    • Porn;
    • Rebuilt credit;
    • Credit cards;
    • Cheap mortgages;
    • Cheap health insurance;
    • Cheap dental insurance;
    • An easy way to make millions from home with little effort!;
    • University Diplomas;
    • Free anything; and, of course
    • Spam lists.
    Spammers try to sell (gullible) people what they might buy, never what they won't. I've yet to see a spammer selling flights to Mars - although I do predict it will be a growth area for spammers in 20 years time.
    --

    "Accept that some days you are the pigeon, and some days you are the statue." - David Brent, Wernham Hogg
  13. Everyone call your State Rep! by Mustang+Matt · · Score: 5, Insightful

    I gave Testimony to the Missouri House of Reps on Jan. 29th.

    It's easy to get things in motion, everyone is too lazy to try though.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
  14. This is old news for me by jfaughnan · · Score: 4, Interesting
    It's been about two years since I started receiving spam from "myself", or rather some spammer spoofing me. I still get several a day, but mostly they get hung up in my postini filters. I also get several bounce messages a day. For some reason the spammers often use an ancient address in one of my domains that is no longer used.

    Curiously, I almost never get anyone writing to me complaining about the spam. That used to happen, but I think most folks have figured out not to reply. I also don't seem to have been blacklisted anywhere (faughnan.com); the blacklist maintainers are apparently smart enough not to be fooled by spoofed fields.

    Why did they pick me? I think they like to take addresses that are present in the registrar databases. Or maybe they picked me because I complained about spam and write about ways to stop it (not that hard really, we just need to authenticate the sending service rather than the harder task of authenticating the sender).

    In any event, sadly this is old news. Good to know it's starting to make its way into the public consciousness though.

    --
    John Faughnan
    jfaughnan@spamcop.net
  15. Internet growth halted protocol refinement? by robslimo · · Score: 4, Interesting

    Has the rapid growth of the Internet of the last few years caused it to reach the status of an immovable object?

    IPv6, which includes security, ummm, mechanisms that could be utilized to curtail spoofing, some forms of DDOS and net abuses in general, but rolling it out seems too be gracial.

    New RFC's could be authored that extend, modify or replace those upon which our present mail server's are based, but would... could anyone get them pushed through? Or is the Internet infrastructure so massive that any major advances in concept run smack into the issue of interoperability?

  16. It happened to my wife! by mjh · · Score: 5, Interesting
    This exact same thing happened to my wife. At the time, she had an email address "@iname.com". Someone posted something to alt.bestiality.something or another with the From and reply-to set to her email address. The actual email was talking about what Julia and her little sister liked to do, and encouraged suitors to respond in email.

    Holy crap the email she got! Emails came from people all over the world. An incredibly rare number of them included clothing and were simply introductions. Most of them included an attached nude picture of (I assume) themself (either that or there is a cast of nude pictures of incredibly ugly people floating around somewhere). Some of them demonstrated their sexual experiences with animals. But every single one of them seriously pursuing some sort of sexual relationship with someone that

    1. they had never met
    2. wasn't actually my wife

    This whole experience turned my wife off of the internet for a long time.

    I was able to track down the original post to alt.bestiality.whatever it was, and tracked it to a posting through deja news. (This was about 5 years ago). But ironically, there was nothing in that post that included "go to this website" or anything like that. The only contact information in it was my wife's email address. At the time, I assumed that the person who did this wanted us to change email addresses so he/she could have the one that we had (which was simply my wife's first name@iname.com).

    After tracking it down I sent deja the information and asked them to pursue it. And I changed my wife's email address. We have our own domain now. BUT I still, occasionally login to the iname.com account and empty it. I want that account to stay active forever so that whoever tried this doesn't win.

    What would you do if this happened to you? What are the defenses for this kind of thing? The email that came in wasn't spam. It was real email from real people who had real mailboxes. How do you prevent this kind of thing? So most of the antispam techniques that I know of wouldn't have worked. Additionally, we occasionally get emails w/attachments from friends who want to show us pictures of their kids. So blocking all attachments won't work. What should be done?

    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
  17. Replying can help stop spam... by Phoenix · · Score: 4, Interesting

    ...if it's a legit company who has someone who has a person actually reading the replies.

    This is a letter I sent off to a company who offered me ways to enlarge my breasts. Being male and having no desire for hooters I felt obliged to reply.

    ----------

    Do you people simply not bother to see to whom this message is going to? Do you not bother to do market research to see if I'm even going to be able to use the product? I am a man. I have a penis and not breasts. I am a guy, a bloke packing a "willie", a "johnson", "meat and two veg", a "one-eyed trouser snake", a "little fellow", a thingie, the "outy" parts to match up with the "inny" bits of the people to whom you should be sending this spam to and not me and my "Collection of dangly bits".

    To put it simply people..."A DICK"

    I have no interest in your product for the enlargement of breasts and request that you remove me from your list.

    Thank You,
    [name removed]
    BTW: I'm also happy with the size of my naughty bits and request that you not send me information on that product should you offer that as well.

    ----------

    To which I actually got this as a response:

    ----------
    ROFL

    Sir we are deeply sorry that you have recieved this advertisment and we are taking you off our contact list. We thank you for your polite and amusing letter.

    Again sorry for the inconvience
    ----------

    That was in August and to this day I have not seen any messages offering to give me "Huge...tracts of Land" since that date.

    Sometimes it pays to answer a spam

    Phoenix

    --
    -- Wiccan Army, 13th Airborne Division "We will not fly silently into the night"
  18. Swift and effective retribution... by dcavanaugh · · Score: 5, Interesting

    A spammer forges the wrong domain into a batch of spam, and the victim strikes back.

  19. Re:Am I missing something? by Entrope · · Score: 4, Informative

    That would vastly reduce the amount of USEFUL EMAIL as well. You would not believe what a large fraction of the Internet is configured to fail that kind of test -- or else you would not seriously contemplate that solution. Sometimes there are good reasons to configure a mail server that way.

    DNS is not a terribly useful authentication mechanism for this kind of thing. Much more useful is origin-authenticated SMTP: the originator (either user or mail server) calculates a signed hash of the message, and attaches that when sending it. The receiver can verify that the signature is valid for the person (or mail server) that claimed to originate the message.

    Obviously things lose in the transition period before every sender does that. You also get a huge fight over which algorithms to use, how to distribute and verify the public keys, and so forth. Welcome to Internet politics.

  20. It's called a "Joe Job" by Rathian · · Score: 5, Interesting

    Sometimes spammers do this just by putting whatever domain in. Other times this is done deliberately as a means of attacking someone.

    The term Joe-Job got it's name originally from Joes.com when a spammer decided to get revenge in this fashion. Information can be found here:

    Spam Attack!

    I can say from having had this done to me, it absolutely sucks. It creates a huge mess that takes weeks to clean up, plus the joy of dealing with people who decide to attack you for something you didn't/would never do. If I were to ever get my hands on those responsible....

    Unfortunately, the problem with tracking down those responsible for this dispicable act is the same one with tracking spammers down in general. It is time consuming, costly and may not yield a desireable result.

    If you want to see more on this, just Google Search for "Joe-Job"

    It is good to bust/report spammers, but when you do, look at the spam and the site being spamvertized. You might have received a joe-job email and by reporting them, you're playing into the spammer's hands.

    If you ever get joe-jobbed, I would say one defense on the web is to change your page to one similar to the "Spam Attack" page I reference above.

  21. Better than Disneyland? by harlows_monkeys · · Score: 4, Funny
    Q: You've had your email address forged on spam, subjecting your mail server to many many many bounce messages and complaints. What are you going to do now?

    A: I'm going to slashdot my web server!

  22. This happened to me... Here's what I did... by cjustus · · Score: 4, Interesting
    This doesn't sound so bad to someone, until it really happens... I began receiving a couple hundred bounced messages an hour, and a few "please don't spam me any more" messages... Just what I wanted - to be known as a porn spammer...

    I tried to find where they were coming from, some of the bounces were more informative than others... The originating IP ended up being someone(intentionally or unintentionally) running an SMTP proxy server... And the IP was out in the middle of nowhere... (Came back to a B-class set of addresses... Not much help in tracking down a network admin...)

    Some of the bounces had the actual message... Which were linking people to a site which in turn asked them to buy something (saying that their order page was secure when it wasn't)... I tracked down who had registered the domain (the admin and billing contacts...) addresses ended up being in China (domain was cnmailads.com)... Sent email, no response... I set up procmail to redirect the hundreds of bounces to them, plus I had some simple spam filters, and redirected all of my spam to them as well...

    The order page contained a form that had an email address for where the orders were really going... I made my own personal copy of the form, and began sending megs of data through... Entering bogus info to corrupt any real entries (who would order this crap over the Net from a website in China??? Who knows...) Email address was a yahoo account, which it didn't take long for me to fill it up... All added the yahoo address to my procmail redirector as well...

    I went to a couple of spammy sites (cooldeals.com or something like that)... Signed them up to receive all sorts of valuable emails... Signed them up for some mailing lists too... Easy to sign up, and pain to get off of...

    It had been going on for about a week before I started this, and stopped after about 2 days... Checked back to the link that was sent and the site was gone... Probably moving on to the next sucker email address and site...

    --
    Platform independent bug tracking software
  23. Re:and in other news by Fluffy+the+Cat · · Score: 4, Insightful

    spam spam spam. if spam should be illegal, so should any form of unsolicited communication. that includes conversing to persons without their permission at the local pub.

    Spam is grossly different to most other forms of unsolicited communication in one simple respect - the total cost to the recipiants is hugely larger than the total cost to the sender. This isn't true of (say) unsolicited email from an individual directly to you, unsolicted junk mail, unsolicited telephone calls or unsolicited personal conversation.

  24. For those who cannt access the site by Neophytus · · Score: 4, Informative

    I mirrored it. Read away.

  25. Re:3 little words by ahrenritter · · Score: 4, Insightful

    Um.. those are three very pretty all caps words... but they don't have a lot to do with this article. They aren't talking about open-relay abuse here.. During the course of an SMTP transaction, there are two important identifying lines:
    HELO
    and
    MAIL FROM:

    Many SMTP servers will do some sort of verification on the HELO line, but very little can be done about the FROM line. You can't easily kill addresses that don't match the HELO domain because legitimate mail relays would be unable to forward your mail on then.

    I can send you a piece of mail that will display bob.hope@whitehouse.gov as the from address. If Bob had that address, and people replied to the forged address, he'd be getting the blame for my spam.

    It sucks.

    --

    All I wanted was a rock to wind a piece of string around, and I ended up with the biggest ball of twine in Minnesota
  26. since they have a threshold by commodoresloat · · Score: 4, Funny

    only break $5000 worth of his bones. then you won't be worth investigating either.

  27. You Don't Like The Mail Admin, Do You? by Myriad · · Score: 4, Funny
    Our domain is productive.com so any email to whatever (at) productive.com comes back to the admin email accounts. As you can probably guess there's quite a few spammers that use productive.com as reply-to.

    Given that you just entered the domain name not once, but twice, and your post is likely to be seen my thousands, spidered, and google-cached, I take it that you don't like your mail admin very much, do you?

    --
    "They do not preach that their god will rouse them, a little before the Nuts work loose." Kipling, 'The Sons of Martha'
  28. Depends on Which Version of Outlook by Carnage4Life · · Score: 4, Informative

    Service Pack 1 of Office XP (which contains Outlook 2002) adds a feature for disabling HTML mail which is described in Microsoft KB Article # 307594 . Users of previous versions of Outlook can use the macros provided here

  29. Re:3 little words by Fluffy+the+Cat · · Score: 4, Informative

    POP before send is a hack to get around the poor level of authenticated SMTP support in most clients. A correctly configured SMTP sever will only relay for clients with IP addresses in the local network - authenticated SMTP or POP before send allow people who aren't on the local network to relay mail through the SMTP server. This has very little to do with spam - POP before send just allows you to do something that wouldn't otherwise be possible without running an open relay. How on earth would it prevent someone from forging somebody else's email address? There's no way to pass that authentication information to remote machines, and POP before send generally allows you to use arbitrary email addresses once you've authenticated.

  30. Re:IQ Test by shepd · · Score: 5, Funny

    Which button is it???~!?//!?11

    LOCK WORKSTATION, logout, shutDown, _Change Password, TaSK L1st, or Cncel?

    I MUST KNWO! Give me answer! Pleez! NOW! Right NOW! PLEAEEHZ! PLEEZ!

    --
    If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
  31. Re:IQ Test by Anonymous Coward · · Score: 5, Funny

    Duh. It's a trick question.

    The *real* IQ test button is hidden on the back of your computer near the power cord.

  32. Re:IQ Test by schon · · Score: 5, Funny

    Press CTRL-ALT-DEL now for an IQ test.

    Reminds me of my days as a BBS sysop..

    My board forced registration before you could post anything - in the registration sign-up (before it asked for any information) I had it say "Press any key to begin. If you don't know which key is the 'any key, it's the large one on the front of your computer labeled 'reset'

    Over the course of the 3 years I had it running, the logs showed two people drop carrier immediately after reading that.

  33. Unfortunately, posting to /. can generate spam.... by droopus · · Score: 5, Interesting

    Two stories, one related to /.

    I submitted an article to /. last weekend about the Simpsons cast on Bravo. To my utter shock, it was accepted and posted. I stupidly put my very private email (the one that didn't ever get spam) in the Email field. I know, I know...

    Less than two hours later, I started getting weird email, complete with .zip.pir attachments, and a few with blatant Trojans. Luckily, I'm OSX so they had no effect, but I was amazed how quickly the email hoovering app grabbed that email addy. They seemed more malicious than sales oriented.

    I haven't received any today at that address but I'm still kicking myself. Moral: spammers hoover slashdot, so don't post your email here, ever.

    Story two: For almost five years I had the email bruce@altavista.net. In November, I got mail from Mail.com stating that the Altavista.net domain was being closed down and they were replacing my long-used address to something like bruce@way-cool-dude.com. Um, no thanks I said, I use this account for business and that doesn't work for me.

    Ok, they said, how about we reactivate bruce@mail.com and you can have that? "Hmm, neat addy, easy to remember," so I agreed. They activated it on a Monday night.

    Tuesday morning I woke up to more than 400 mails. Maybe 20% were typical Hotmail "make your penis so big you need a hose reel" spams but a full 80% were Joe jobs: spammers who had used that address as a reply-to. I knew I was going to shut it down but I watched it for three days just to see.

    Total Joe job spams, almost four thousand (in three days) before I had them cut the damn thing off. Said fuck it, and bought a domain for business mail, and ended that adventure.

    Someone oughta make a law.....

    --
    "The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
  34. New Mail RFC by Ayanami+Rei · · Score: 5, Informative

    You mean like this?

    RFC 2487: SMTP Service Extension for Secure SMTP over TLS.

    SMTP [RFC-821] servers and clients normally communicate in the clear over the Internet.... Further, there is often a desire for two SMTP agents to be able to authenticate each others' identities. For example, a secure SMTP server might only allow communications from other SMTP agents it knows, or it might act differently for messages received from an agent it knows than from one it doesn't know.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
  35. Re:IQ Test by gidds · · Score: 4, Insightful
    LOL!

    I've never understood why people don't put "Press a key" instead. The intelligence-challenged can search out the `a' key, which will work, and the rest of us will know that all the others'll work too. Plus it's two characters shorter -- benefits all round!

    --

    Ceterum censeo subscriptionem esse delendam.

  36. This happened to my girlfriend too by forkboy · · Score: 4, Interesting

    My girlfriend started getting a ton of bounced emails and not being a techie type person, asked me what the hell was going on...turns out the same thing happened to her as happened to the writer of that article: A spammer was mass mailing, in this case, penis enlargement pills, and setting her address as the reply-to.

    Instead of writing a witty retort on a website though, I took care of it the way everyone else should from now on: (READ THIS) I looked up the registration info on the website that was being advertised in the spam....luckily it was a US registrant.

    I then immediately called the technical contact listed for that company. After a few tries, I managed to get him to answer the phone. I told him politely but firmly that whomever he had hired to advertise his website/product was using questionably legal and certainly unethical tactics to do so and was making a lot more enemies than customers. He seemed genuinely upset that this was going on and gladly gave up the name, address, email address, and telephone number of the spam-mercenary he had hired. I called the spammer and left a voice mail telling him I hope he didn't really enjoy his email address or phone number a whole lot and proceeded to sign up for any and every mass marketing, porn, magazine subscription, and telemarketing form I could find.

    Sometimes the operator of the website is the one doing the spamming, and if this were the case I would have chewed him a new one when I talked to him. Either way, you'll get a pretty good idea of where the spam is coming from if you just call the webmaster for the advertised site. I've been saying for years that this is how they need to enforce spam legislation....bring charges against the website operator rather than trying to track down the spammer. No customers to spam for, the spammers will dry up and blow away. Legally, it makes sense...if you hire someone to kill a person for you, you're legally culpable...so hiring someone to spam for you should get you into trouble as well. Make the first offense a "warning" in case they hired a marketing company and didn't know they were spammers. A slap on the wrist and warnings of heavy fines for future infractions will most certainly make them choose more wisely when picking a marketing company.

    --
    This message brought to you by the Council of People Who Are Sick of Seeing More People.