Slashdot Mirror
Where Is Spam When You Want It?
Sean writes "In a complete twist to what everybody else is trying to do these days, I need to attract spam to an e-mail address for a research survey I am conducting. I have submitted a few articles to a handful of Usenet groups, and I have signed up to some general mailing lists but so far I have nothing to show for it. How come by personal account gets 100+ spam each day yet when I try to find it I get nothing? Where should I post my address so that it attracts spam?"
Sign up for an account there, forward the spam to your new mailbox and start following links to advertisements and such. If they ask for your email address, give it to them. Won't take long.
Try signing up for a few mailing lists for marketers. Usually they will sell these to other companies who will in turn sell it to other companies and so on. Most email addresses are not spammed by having it available on google but rather giving it to the companies that do the spamming.
I get spam from my domain registry, which has an email associated with it. I get the Nigerian stuff this way.
sign up for those "free porn in your email" things.
works every time.
Make an ebay account with your email address in it and just start bidding. This is an excellent way to ruin an otherwise perfectly good email address. I was doing all right on the spam front until I did this. Big whoops. *hits head on desk* Yeah, stupid me.
You'll quickly become inundated with "How-tos" to Ebay, "official" emails from Ubid by people attempting to fraudulently gain access to your personal information, more tips-and-tricks, more offers from uBid, and of course a plethora of marvelous online drugstore advertisements.
Enjoy.
also try porn sites, gambling sites, and more importantly, paste it on slashdot. My spam trap address here gets hit ALL the time, usually several times a day, which has helped me greatly in tuning my firewall.
Lawyers, MBA's, RIAA? A jedi fears not these things!
In your own inbox, get a couple of hundreds of spam.
.....
Take the urls (DO NOT CLICK ON THEM) and strip them of the stuff after the '?'
Go to each of those 'unsibscribe' pages and put the test account in the email to be removed box.
Its the best way to get spam. The spammers will generally use it as confirmation that your address does indeed exist, and theyll happily put you in their alive list, where you are shure to get everything they are selling.
I was in the exact same situation, actually, and found spamarchive.org to be very helpful. Any one of the files on their ftp site should have enough spam to keep you busy for a while.
"(Man) tries to live his own life as if he were telling a story. But you have to choose: live or tell." --Sartre
Why not just download some from spam archive?
Based on a friend's suggestion, I created an alternate e-mail address and used it to create user IDs on classmates.com and match.com and, sure enough, until I kill the ID months later, I was getting 30+ spams a day after my ISP was done with its own filtering. I wasn't being very scientific and I don't know if it was one or the other or both, but it's a place to start...
"I'm a scientist! I don't think, I observe!" - Dr. Clayton Forrester
- Post a comment on Slashdot with the e-mail address visible
- If on a popular e-mail provider such as AOL, Hotmail, or Yahoo, put up a profile and go to a chat room.
- Allow your e-mail address to be listed on any of the directories.
- Put your e-mail on a Geocities website.
Put it on a web page which gets any moderate amount of traffic. I did that with some spam-bait addresses, and it's amazing how much they generate. In a few months, they've identified over 22,000 unique servers sending spam.
steve
Oh, you're not stuck, you're just unable to let go of the onion rings.
Some links of the sweet, sweet google:
Here
Again
And Again
If you search for 'contests' and click on the sponsored link then you should have an abundant source. Also, if you sign up for a few of those "Free" trials at porno websites, you should start to get some serious spam.
That and better yet the sites that will submit your web site to hundreds of search engines. That will get you to the FFA style sites quick. I did this when I needed an account to test SpamAssassin on. Worked like a charm. Better yet, give /. ers an Email and we can set a forward to you of some junk.
Hey I got plenty!
Post to Google Groups on many well-frequented lists (don't cross-post!) with the address. Sign up for a Slashdot account and write generally informative (+5! +5! +5!) tripe with your real email address tied to it.
You also should've specified the test email in your story submission (i.e. Sean writes:) -- too late for that now, of course. In the slashdot@myname.endjunk.com emails I've provided, I've easily gotten 10+/day within a few hours of first posting. Neat.
We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
I made up a semi-bogus email addy, it's real in that mail sent to it gets to me, but when I'm done, I'll flush it down the tubes.
I used it to attract spam so that I could train spamassassin for my use and for a few friends and family.
I went and dropped it all over usenet in the pr0n groups, went to every viagra site I could find, clicked on every banner add I saw.
It took a few weeks but I finally got the desired results. You'll have to put up with some extremely offensive email for awhile so make sure the wife and kids can't get to it during this phase.
After doing this for a few weeks I was getting 50+ spams a day. Now that I have spamassassin all tuned up I just don't check mail on that account. Once I feel that I no longer have the need to tweak SA, I'll just dump the account..
Too bad this doesn't work for TV commercials...
HEY! How about an app that, er, nevermind...
What in the blue hell is "address'" supposed to mean? If you are trying to pluralize the word "address" then you want to use the word "addresses." Christ Almighty, where the fuck did you go to school?
Isn't this (more or less) the point of a honeypot? Granted, the owners would presumably step in if they saw anything extremely dangerous going on, but this is fairly common,tried-and-true practice. Ever read _The Cuckoo's Egg_?
I happen to have several email addresses that are like my username here. I get spam for willy001 willy002...willy134...willy156.... If you set up an email address on a domain that is very well spammed (hotmail excite yahoo...) with a name like john12345 and that might induce spam.
Can you ping me now?... Good!
The best way to get spam? Put your email address into a popular HOWTO, or run a 3-letter domain (a friend of mine gets about 2/second to his three-letter domain). And be patient.
But if you want some of mine, I'm happy to get rid of it. ;)
Do you really need reason for beer? Wingman Brewers
Thats not Yahoo's fault that hotmail autobot spammers who do dictionary spam attacks on hotmail servers. Because hotmail is so popular they get many valid hits.
just use mailinator.com for throw away email.
There is no god
It's not encrypted data - it's merely random text intended to throw off spam filters.
Specifically, not one that's from an actual brick and mortar greeting card maker. 9 times out of 10, you'll be sure to be not only adding YOURSELF (the sender) as a future spam victim, but whoever you entered as a recipient for the e-greeting card.
All I know about Bush is I had a good job when Clinton was president.
I have an address I used for about three months on usenet, only in the comp.lang hierarchy.
I may have used it for a few web sites, but the only one I recall is a local political organization which I doubt would have sold, or had the expertise to sell, its list. Still, the data is tainted, and I can't say it all comes from usenet.
According to DejaGoogle, I last used it 18 April 2002, and it was last referenced in a follow-up message 5 May 2002. I first used it 15 February 2002.
For a while I had my ISP forward mail to that address to "nothing" until I worried it might be piling up on the server somewhere (I don't know what forwarding to "nothing" means in the ISP's web control panel). So there are no messages for most of the month of May 2003.
Disregarding the emails from the political organization, there are 1733 emails; the earliest is dated 16 July 2002, the lastest today 21 Sep 2003. (There are probably earlier emails to this address which have been archived.)
So that's a span of 432 days, not subtracting the period when I wasn't having the email forwarded. Again not subtracting the un-forwarded days, that's ~4 per day.
Note that this is only spam to this particular "sacrificial" address; it does not count the large amount of spam that, thanks to having some idiots as "friends", hits my "real" address.
I have not been subject to any dictionary attacks on my domain name, but I have gotten about 105 spams to admin@mydomain in the same time period. This pushes the daily average to ~4.25/day.
Since I started getting a lot of spam, I've made a practice of assigning each commerical contact or mailing list a different address (theirdomain.tld@mydomain.tld generally); surprisingly, these get very little spam, despite getting large volumes of legitimate mail each day.
Opinions on the Twiddler2 hand-held keyboard?
I think you have to wait, as from what I understand most of the people who spam actually buy spam lists from other people. The spam lists seem to be compiled like phone books, so they send out batches of addresses like every month or so. I'm sure your mailbox will be stuffed to the breaking point about two months from now.
I recommend NewFunPages for getting lots of spam to an account that never used to get spam.
Then start clicking on the Unsubscribe links.
There are two kinds of sysadmins: paranoids and losers. I'm both kinds.
Not a throwaway domain, but:
;-)
http://xult.org/email.html
Surprisingly few spams have arrived. I suppose the page isn't that high traffic.... yet
So you want a lot of spam, do ya?
p e= www
http://www.spamcop.net/w3m?action=inprogress&ty
That's Spamcop's list of spam-vertised web sites. All of those sites have submission forms; just put the email address in there and you'll be rockin' and rollin' within a few hours. I got into a 'spam war' with one of my roommates back in college, and with that Spamcop list I was able to render his email account COMPLETELY useless within a couple of hours (If you're reading this, sorry 'bout that Brian... )
Speaking of spam, on a random side note, I've recently started checking all of my email accounts with Shadango.com. Anybody else tried that yet? Shadango allows you to have advanced filtering applied to ALL of your existing accounts (both POP and IMAP). It's frickin' great. So now I don't get any more spam, plus I can check all 5 of my email accounts from one place. They've also got file storage, a calendar, etc. It's money. Check it out.
-Nate
- Positive expectations yield negative results.
- Negative expectations yield negative results.
A special case of this is the demo effect: The best way to make your pride-and-joy crash on the first keypress is to invite your boss's boss in to watch it run.Likewise, the only way to attract spam is by trying to avoid it.
This is not my sandwich.
Yo, I was involved in the alpha testing of shadango awhile ago. When I signed up I used the word "alphabase" in the promotional code box. It got me a paid tester account...i think it might still work. From my experience Shadango is definitely worth the try. Ian Welsh
1. news.admin.net-abuse.sightings
2. spamarchive.org
3. Build a Spam Honeypot
hth
pete
"The cup... the drop... it's a YES!"
BlueCat Networks www.bluecatnetworks.com have this really cool product called Meridius. It's an anti-SPAM Mail Relay appliance. Typically sits in the DMZ. Why don't you contact them and ask them about SPAM?
pi=sigma{n:0-infinity}[(1/16)^n][(4/(8n+1))-(2/(8n +4))-(1/ (8n+5))-(1/(8n+6))]
and see who it's to :)
It's nothing but crumpled porno and Ayn Rand.
Okay, let's talk about the box of goodies. Let's say you leave a box of weapons outside with full knowledge that a neighborhood kid will probably find it and will likely use the contents for something illegal. If that happens, do you think you are partially responsible for whatever happens?
...
You're exactly right - you aren't responsible for others' actions. In this case, you'd be liable for your irresponsible action.
Yes, that's exactly right. This is what's known as an attractive nuisance
"How many people do you know that use Outlook and may have your email in their address book? The bitch of the matter?" ... bla bla sneakemail bla bla
There is an easy defence against this:
That works just fine, but it gets even easier:
Own your own domain.
Have your e-mail setup to forward *@yourdomain.com to your actual e-mail address.
Never give anyone your e-mail address. Give everybody different e-mail addresses to e-mail you at. Your friend jenny can e-mail you at jenny@yourdomain or whatever she'd like.
When you sign up for something, use an e-mail address like theirproduct@yourdomain or theirdomain.com@yourdomain.
Then you always know who's sending you what e-mail, and if one of the aliases gets bogged down with spam, flag it, bounce it, do as you will.
I bought my domain for $30 for 2 years, including the mail service (I don't have the resources to set up my own mail server). It works great and I don't get any spam.
Synergy is your friend
The creator of the nuclear weapon didn't pull the trigger, but by your argument is somewhat liable for killing millions of Japanese. Aren't we, the scientists, just doing experiments?
r st
Einstein didn't think so. He was a major influence in the creation of the nuclear bomb, and he did take responsibility for it, calling it the greatest mistake of his life.
http://hypertextbook.com/eworld/einstein.shtml#fi
We hope your rules and wisdom choke you / Now we are one in everlasting peace
Much harder than it seems. A spam trap address can take months or even years to get up to the same levels of spam as other addresses.
Some techniques;
Unsubscribe the address.
Apart from proving that some spammers actually do harvest from unsubscribes, this method isn't very effective, because some spammers actually do remove you from their lists.
(of course, if you only unsubscribe addresses that don't get any spam, it can't get worse.)
Dictionary attacks. If you run a mail server, you will occasionally be attacked. Either pick easy to guess names, or accept any name that fits a rule. It's a good idea to always reject the first name (unless it's already in your lists) since some spammers start with a 'test' name.
Also, there will be plenty of names tried, so there's no need to accept a suspiciously high percentage. Choose a simple rule that rejects a fair percentage of the names.
For example, accept any name which has a '5b' as the last hex character when hashed.
If your server has any extra delays after a bad name, remove them.
Buy expired domains.
Some of my best trap addresses are from previously owned domains.
Posting to usenet.
I've not had much luck with this.
Posting to mailing lists.
This also seems fairly hit or miss.
Posting to websites.
Works eventually, but it can take a long time.
Setting them in Ineternet Explorer.
Some web sites have javascript that can grab your email address from your browser.
(bonus points if you write this up in a proposal)
When you get spam...
Read the web pages. Once you actually get spam, either read it in a browser, or download all the links with wget. Some spammers are paying attention, in particular it seems, the ones who sell addresses to other spammers.
Respond. When you get one of those weird messages like "Are you the same noc-staff I went to school with?" Respond with a simple "sorry, wrong guy."
-- this is not a