Slashdot Mirror

← Back to Stories (view on slashdot.org)

My Short Life As An Unintentional Porn Spammer

Posted by timothy on from the you've-got-spam dept.

Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can now answer the questions 'who replies to spam?' and (should anyone ever wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."

26 of 557 comments (clear)

  1. Reverse spam really isn't that new... by Anonymous Coward · · Score: 5, Insightful

    Spammers have been spoofing legit addresses for a while. I know a lot of times they'll simply use webmaster@somelegitdomain.com and basically cause that person a bunch of grief and headaches. Most users are too clueless to realize it's really not coming from that address.

    1. Re:Reverse spam really isn't that new... by The_K4 · · Score: 5, Interesting

      The new one i've run into recently is they use some kinda script so that the reply-to address in my address....which makes fintering really easy becuase how often do I send mail from my account TO the same account. However I could see some stuipd user getting very confused. :)

    2. Re: Reverse spam really isn't that new... by Black+Parrot · · Score: 5, Funny


      > The new one i've run into recently is they use some kinda script so that the reply-to address in my address....which makes fintering really easy becuase how often do I send mail from my account TO the same account. However I could see some stuipd user getting very confused.

      ...and replying to himself in outrage.

      --
      Sheesh, evil *and* a jerk. -- Jade
    3. Re:Reverse spam really isn't that new... by Greg+Hewgill · · Score: 5, Funny

      That reminds me of when it was cool to tell lusers that there was this huge ftp site at 127.0.0.1, just log in with your existing account...

    4. Re:Reverse spam really isn't that new... by AndroidCat · · Score: 5, Interesting

      Keith Henson, during a deposition. It's all over the place, but definitely here

      --
      One line blog. I hear that they're called Twitters now.
  2. What the Internet needs: by unterderbrucke · · Score: 5, Funny

    A proprietary mail protocol by a major power (MS?) to eliminate IP address/e-mail address spoofing.

  3. Not New @ All by devaldez · · Score: 5, Interesting

    I experienced this five years ago and a group of sysadmins helped me track the guy back to his ISP and we turned the info over to the FBI as identity theft. We were told that my experience did not meet the threshold for them to investigate further ($5000 in damages). Worse, the ISP didn't have a code of conduct prohibiting this type of thing...

    Sucks when it happens, but isn't new.

    Probably the same idiot in Minnesota:(

    --
    "... but you can love completely without complete understanding." - Norman Maclean, "A River Runs Through It"
  4. Skynet by OwlofCreamCheese · · Score: 5, Funny

    its not going to be military computers that come alive and kill us all, its going to be the spam filters! I mean, its going to take some serious adaptive AI to filter out spam at this rate...

    and the conformforting thought:

    when spamfilters come alive... their prime directive will be "eliminate anything that is worthless"

    --
    -You're wasting your time. Alfador only likes me.
  5. It's nothing new by Anonymous Coward · · Score: 5, Informative
    It's referred to as a "Joe Job" or that you've been "joe jobbed"

    an article about it

  6. No way to contact spammer by $$$$$exyGal · · Score: 5, Funny
    I am repeatedly surprised by the amount of spam out there that does not contain any way to contact the spammer. How do they expect to make money if there is no way to contact them?

    --sex

    --
    Very popular slashdot journal for adul
    1. Re:No way to contact spammer by nomadic · · Score: 5, Funny

      Volume!

    2. Re:No way to contact spammer by wobblie · · Score: 5, Informative

      Some spams are purely for confirmation that your email address works. I repeatedly see spams which have 1x1 pixel gif's that link to a script to call the image and pass your email address off to that script. Biggest reason not to use HTML mail.

  7. Not happy... by Space_Nerd · · Score: 5, Funny

    ...with all the spam replies and such he got, he now decides to take it a step further and slashdot his server!

    Way to go!

    --
    Everybody has a purpose in life, maybe mine is to lurk in slashdot.
  8. Spam needs a technical solution. by Sheetrock · · Score: 5, Insightful
    This adds more weight to my assessment of spam as being a technical problem with a need for a technical solution. Why are address spoofing and open mail relays still a problem after over a decade of spam-related problems?

    Obviously, legislation isn't catching up and as evidenced by the junk fax law is useless when it does. Technical minds built the Internet, and I have little doubt that a solution could be found once we quit looking for the quick fix.

    --

    Try not. Do or do not, there is no try.
    -- Dr. Spock, stardate 2822-3.




    1. Re:Spam needs a technical solution. by IamTheRealMike · · Score: 5, Interesting
      About a year ago I designed a new email system. It was pretty kickass.

      It was kind of a cross between usenet and standard email. When you "sent" an email, it was in reality uploaded to your message store (the idea of the inbox was removed). Then notifications were sent to each person that a message was in the To field. That meant that for instance you could edit messages after they were sent, you could bring people in on threaded conversations half way through preserving the threading and so on. It also meant the attachment limit was decided by the senders account, not the receivers. Want to send a 200mb video to your hotmail using friend? No problem.

      One of the features of this system was that key signing was built in from the start. That meant, you could opt to trust certain "roots", probably international ISPs. If you wanted to setup a newMail server, you'd have to get your hosting ISP to sign it for you, probably requiring a contract to be signed saying you'd shut down any abusive accounts etc.

      Mailing lists were dealt with specially, I've never been happy with the way they currently work.

      Combined with send limits (how often do you email >100 people?), that meant that spam could be cut down quite significantly. In particular, because it could be shut off at the source, if a spammer did somehow manage to spam lots of people at once, all it'd take is one report and the email would magically disappear from peoples message stores, before they'd even seen it in some cases. If the spammers were running their own servers, revoking their certs would do a similar trick.

      It wouldn't eliminate spam of course, that's not possible. Smart enough people will figure out ways around it. However, having accountability built in from the start would help curb the situation a lot.

      Originally I was going to write the client as a commercial app, but make the protocols open (with a non-commercial free license available). However, I ended up working on autopackage instead, so I never got around to it. If somebody thinks it'd be cool, contact me and I'll fill you in.

  9. Everyone call your State Rep! by Mustang+Matt · · Score: 5, Insightful

    I gave Testimony to the Missouri House of Reps on Jan. 29th.

    It's easy to get things in motion, everyone is too lazy to try though.

    --
    The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
  10. It happened to my wife! by mjh · · Score: 5, Interesting
    This exact same thing happened to my wife. At the time, she had an email address "@iname.com". Someone posted something to alt.bestiality.something or another with the From and reply-to set to her email address. The actual email was talking about what Julia and her little sister liked to do, and encouraged suitors to respond in email.

    Holy crap the email she got! Emails came from people all over the world. An incredibly rare number of them included clothing and were simply introductions. Most of them included an attached nude picture of (I assume) themself (either that or there is a cast of nude pictures of incredibly ugly people floating around somewhere). Some of them demonstrated their sexual experiences with animals. But every single one of them seriously pursuing some sort of sexual relationship with someone that

    1. they had never met
    2. wasn't actually my wife

    This whole experience turned my wife off of the internet for a long time.

    I was able to track down the original post to alt.bestiality.whatever it was, and tracked it to a posting through deja news. (This was about 5 years ago). But ironically, there was nothing in that post that included "go to this website" or anything like that. The only contact information in it was my wife's email address. At the time, I assumed that the person who did this wanted us to change email addresses so he/she could have the one that we had (which was simply my wife's first name@iname.com).

    After tracking it down I sent deja the information and asked them to pursue it. And I changed my wife's email address. We have our own domain now. BUT I still, occasionally login to the iname.com account and empty it. I want that account to stay active forever so that whoever tried this doesn't win.

    What would you do if this happened to you? What are the defenses for this kind of thing? The email that came in wasn't spam. It was real email from real people who had real mailboxes. How do you prevent this kind of thing? So most of the antispam techniques that I know of wouldn't have worked. Additionally, we occasionally get emails w/attachments from friends who want to show us pictures of their kids. So blocking all attachments won't work. What should be done?

    --
    Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
  11. Re:Why? by Neon+Spiral+Injector · · Score: 5, Informative

    Hanging out on some anti-spam news groups I've seen this happen to people who go after spammers. In this case the spammer quite intentionally selects the FROM: address to make the bounces and irrate replies cause trouble for someone who has been causing trouble for the spammer. This is called a "Joe-job".

  12. Swift and effective retribution... by dcavanaugh · · Score: 5, Interesting

    A spammer forges the wrong domain into a batch of spam, and the victim strikes back.

  13. It's called a "Joe Job" by Rathian · · Score: 5, Interesting

    Sometimes spammers do this just by putting whatever domain in. Other times this is done deliberately as a means of attacking someone.

    The term Joe-Job got it's name originally from Joes.com when a spammer decided to get revenge in this fashion. Information can be found here:

    Spam Attack!

    I can say from having had this done to me, it absolutely sucks. It creates a huge mess that takes weeks to clean up, plus the joy of dealing with people who decide to attack you for something you didn't/would never do. If I were to ever get my hands on those responsible....

    Unfortunately, the problem with tracking down those responsible for this dispicable act is the same one with tracking spammers down in general. It is time consuming, costly and may not yield a desireable result.

    If you want to see more on this, just Google Search for "Joe-Job"

    It is good to bust/report spammers, but when you do, look at the spam and the site being spamvertized. You might have received a joe-job email and by reporting them, you're playing into the spammer's hands.

    If you ever get joe-jobbed, I would say one defense on the web is to change your page to one similar to the "Spam Attack" page I reference above.

  14. Re:Why? by Fluffy+the+Cat · · Score: 5, Informative

    In general, it's not a good idea to accept mail unless you think you can correctly generate a bounce message if you fail to deliver it. As a result, many mail servers will refuse to accept mail if the

    MAIL FROM:

    section of the SMTP exchange doesn't include a domain that exists. Some will go further and do some checks to see if the localpart exists, too. If the spammers want to get to as many addresses as possible, they have to use a real address rather than a made up one. In some cases, they'll pick the address of someone who's irritated them (anti-spammers, for instance).

  15. Re:IQ Test by shepd · · Score: 5, Funny

    Which button is it???~!?//!?11

    LOCK WORKSTATION, logout, shutDown, _Change Password, TaSK L1st, or Cncel?

    I MUST KNWO! Give me answer! Pleez! NOW! Right NOW! PLEAEEHZ! PLEEZ!

    --
    If you could be told what you can see or read, then it follows that you could be told what to say or think - BoC
  16. Re:IQ Test by Anonymous Coward · · Score: 5, Funny

    Duh. It's a trick question.

    The *real* IQ test button is hidden on the back of your computer near the power cord.

  17. Re:IQ Test by schon · · Score: 5, Funny

    Press CTRL-ALT-DEL now for an IQ test.

    Reminds me of my days as a BBS sysop..

    My board forced registration before you could post anything - in the registration sign-up (before it asked for any information) I had it say "Press any key to begin. If you don't know which key is the 'any key, it's the large one on the front of your computer labeled 'reset'

    Over the course of the 3 years I had it running, the logs showed two people drop carrier immediately after reading that.

  18. Unfortunately, posting to /. can generate spam.... by droopus · · Score: 5, Interesting

    Two stories, one related to /.

    I submitted an article to /. last weekend about the Simpsons cast on Bravo. To my utter shock, it was accepted and posted. I stupidly put my very private email (the one that didn't ever get spam) in the Email field. I know, I know...

    Less than two hours later, I started getting weird email, complete with .zip.pir attachments, and a few with blatant Trojans. Luckily, I'm OSX so they had no effect, but I was amazed how quickly the email hoovering app grabbed that email addy. They seemed more malicious than sales oriented.

    I haven't received any today at that address but I'm still kicking myself. Moral: spammers hoover slashdot, so don't post your email here, ever.

    Story two: For almost five years I had the email bruce@altavista.net. In November, I got mail from Mail.com stating that the Altavista.net domain was being closed down and they were replacing my long-used address to something like bruce@way-cool-dude.com. Um, no thanks I said, I use this account for business and that doesn't work for me.

    Ok, they said, how about we reactivate bruce@mail.com and you can have that? "Hmm, neat addy, easy to remember," so I agreed. They activated it on a Monday night.

    Tuesday morning I woke up to more than 400 mails. Maybe 20% were typical Hotmail "make your penis so big you need a hose reel" spams but a full 80% were Joe jobs: spammers who had used that address as a reply-to. I knew I was going to shut it down but I watched it for three days just to see.

    Total Joe job spams, almost four thousand (in three days) before I had them cut the damn thing off. Said fuck it, and bought a domain for business mail, and ended that adventure.

    Someone oughta make a law.....

    --
    "The pie shall be cut in half and each man shall receive.....death. I'll eat the pie."
  19. New Mail RFC by Ayanami+Rei · · Score: 5, Informative

    You mean like this?

    RFC 2487: SMTP Service Extension for Secure SMTP over TLS.

    SMTP [RFC-821] servers and clients normally communicate in the clear over the Internet.... Further, there is often a desire for two SMTP agents to be able to authenticate each others' identities. For example, a secure SMTP server might only allow communications from other SMTP agents it knows, or it might act differently for messages received from an agent it knows than from one it doesn't know.

    --
    THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON