Slashdot Mirror

← Back to Stories (view on slashdot.org)

Where Is Spam When You Want It?

Posted by timothy on from the come-here-little-spider dept.

Sean writes "In a complete twist to what everybody else is trying to do these days, I need to attract spam to an e-mail address for a research survey I am conducting. I have submitted a few articles to a handful of Usenet groups, and I have signed up to some general mailing lists but so far I have nothing to show for it. How come by personal account gets 100+ spam each day yet when I try to find it I get nothing? Where should I post my address so that it attracts spam?"

36 of 580 comments (clear)

  1. Outlook... by krray · · Score: 5, Interesting

    I ran an experiment to do just this... Originally USENET (a decade ago I did that one), web pages, etc... Hundreds of trap address' across many of the domains in my control -- harvest and block 'em early has been my general method... :)

    I recently took 1 Windows 2K box (SP2) and put it directly online in the DMZ type zone. Do NOT patch it and add no virus software. Load some trap address' (never used before) into the Outlook address book.

    It took twelve (12) minutes from plugging it in to getting many, many infections, to the final spam. Typical time is 3-4 hours usually and I've seen the test go for as long as 8 hours.

    How many people do you know that use Outlook and may have your email in their address book? The bitch of the matter? No Windows here anywhere, well, except for VirtualPC which makes such tests so damn easy -- too bad Microsoft had to buy them up too...

    1. Re:Outlook... by dboyles · · Score: 5, Insightful

      If you do this, are you willing to be responsible if someone hijacks the machine and uses it to commit illegal/unethical acts? I know, it's unlikely that this would happen, but knowingly putting an open machine online with the intention of having it compromised is asking for trouble. It's one thing to not know any better, but it's another to be apathetic to the situation.

      --
      -- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
    2. Re:Outlook... by dboyles · · Score: 4, Interesting

      Don't think I'm calling for honeypot operators to be arrested for setting out some bait. I think it's fine. In fact, I think it's a good addition to a security infrastructure. But dropping something insecure out in the open with full knowledge that it will probably be compromised and then likely used for undesireable activities isn't responsible.

      Perhaps I should have made that point more clear initially.

      --
      -- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
    3. Re:Outlook... by dboyles · · Score: 4, Interesting

      If you leave a box of goodies outside your house, you may be asking for trouble, but you're not accepting responsibility for someone stealing it.

      Okay, let's talk about the box of goodies. Let's say you leave a box of weapons outside with full knowledge that a neighborhood kid will probably find it and will likely use the contents for something illegal. If that happens, do you think you are partially responsible for whatever happens?

      Before you jump all over me for such a hyperbole of an analogy, no, I don't equate running an insecure machine with handing out a small arsenal to the neighborhood kids. But I think you might be able to see my point given so many peoples' reactions of "What kind of parent leaves a gun where a kid can get it?" seemingly whenever a video game violence article is posted.

      Take note of the bold text in the first paragraph. It's key to my point. If that box of weapons was in a place that you could reasonably assume wouldn't be accessible by the hypothetical gunman, I wouldn't place any blame on you, the owner.

      So no, you're not responsible for other's actions, they are, don't be stupid.

      You're exactly right - you aren't responsible for others' actions. In this case, you'd be liable for your irresponsible action.

      --
      -- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
    4. Re:Outlook... by circusnews · · Score: 4, Insightful
      I was about to use one of my mod points in this thread, when I came to this post.
      Okay, let's talk about the box of goodies. Let's say you leave a box of weapons outside with full knowledge that a neighborhood kid will probably find it and will likely use the contents for something illegal. If that happens, do you think you are partially responsible for whatever happens?
      dboyles goes on to make the point that does not equate running an insecure machine with handing out a small arsenal, and that you aren't responsible for others' actions, you are only liable for your irresponsible action. These are both points I agree with, but the analagy used still bothers me.

      Gun's are designed to kill. Computers are not designed for cracking/spaming/etc. If you leave a chain saw out in your back yard, knowing that the kid down the block is (1) a bit whacked, (2) could be a potential danger, and (3) should not be on your property, are you partially responcible for when he kills some one with that chain saw? Now, what if it is the kid on the next block that could be the danger? Or the next city, county state of country? At what point is it no longer reasonable to expect that the public to know something is a threat?

      It used to be enough to run a virus scanner every so often. Now you have to start by patching your systems regularly, then move on to running regularly updated virus scanners, installing and updating firewalls for the network, scanning for spyware, installing and updating desktop firewalls, updating spam filters, chasing drivers, updating applications (add more from the endless list here), all to keep a system going. So I ask again, at what point is it no longer reasonable to expect that the public will know something is or could be a threat?

      And at what point does the public feel that it is no longer reasonable to expect them to know something is or could be a threat when it comes to that "harmless little box on the desk"?

    5. Re:Outlook... by digidave · · Score: 5, Funny

      Knowlingly install a system from the manufacturer's CD and running it on the Internet? The horror! The horror!

      --
      The global economy is a great thing until you feel it locally.
    6. Re:Outlook... by ^Case^ · · Score: 5, Insightful

      Isn't this (more or less) the point of a honeypot?

      More or less yes. The major difference is that with a honeypot you make sure that there's only a way in -- you make it impossible for the offender to use the honeypot to carry on attacks from the honeypot. And that does not seem to be the case in this example.

  2. Hotmail. by pi_rules · · Score: 4, Informative

    Sign up for an account there, forward the spam to your new mailbox and start following links to advertisements and such. If they ask for your email address, give it to them. Won't take long.

    1. Re:Hotmail. by norsk_hedensk · · Score: 5, Insightful

      yeah but if they ask for you email address and you give it to them, it is not spam anymore. spam is unsolicited. you giving them your email says that they can email you. unless they say they WONT send spam, but yeah, thats gonna happen.

    2. Re:Hotmail. by caferace · · Score: 5, Funny

      Maybe your girlfriend is pretty serious about you getting a penis enlargement and some viagra. Ever think about that, smart guy?

  3. Domain registry by jhines · · Score: 4, Informative

    I get spam from my domain registry, which has an email associated with it. I get the Nigerian stuff this way.

    1. Re:Domain registry by dboyles · · Score: 5, Funny

      Amazing. Even after you made your millions from underground African money transfers, you still find time to post to Slashdot. What character! I can see why Igwe Emanuel thought you good enough to do business with.

      I, on the other hand, will be out of here as soon as the transaction is complete. So long, suckers!

      --
      -- "Complacency is a far more dangerous attitude than outrage." -Naomi Littlebear
  4. Why not by Alystair · · Score: 5, Insightful

    You want spam? You should have put in your email address into the submitted article...

  5. Murphy's Law part2... by Jonin893 · · Score: 5, Funny

    If Murphy's Law can go wrong, it will.

    We all know that the Spam won't show up if you want it. That's against the very nature of spam.

    All annoying things always happen every time except for the one time you try and prove the phenomenon to a non-beliver. Well known fact.

    Good luck at finding the spam (wow, I never thought I'd have say that.)

  6. Ebay by NetDrain · · Score: 5, Informative

    Make an ebay account with your email address in it and just start bidding. This is an excellent way to ruin an otherwise perfectly good email address. I was doing all right on the spam front until I did this. Big whoops. *hits head on desk* Yeah, stupid me.

    You'll quickly become inundated with "How-tos" to Ebay, "official" emails from Ubid by people attempting to fraudulently gain access to your personal information, more tips-and-tricks, more offers from uBid, and of course a plethora of marvelous online drugstore advertisements.

    Enjoy.

  7. use online greeting card companies by Indy1 · · Score: 4, Informative

    also try porn sites, gambling sites, and more importantly, paste it on slashdot. My spam trap address here gets hit ALL the time, usually several times a day, which has helped me greatly in tuning my firewall.

    --
    Lawyers, MBA's, RIAA? A jedi fears not these things!
  8. If you want to be scientific, don't by gunner800 · · Score: 4, Interesting

    If you deliberately bait spam, your research will only be about spam as it effects bait e-mail accounts. Your conclusions won't be applicable to normal e-mail use habits.

    Want to survey spam as it effects a normal, real-life, daily-use e-mail address? Get a new address and starting using it as your primary account. Anything less will be irrelevant statistics.

  9. a sure method by Alpha_Nerd · · Score: 5, Funny

    Give it to some of your friends and relatives, soon you'll recieve 20 or so joke chain letters every day...

    1. Re: a sure method by EinarH · · Score: 4, Funny

      I am only recieving wicked screensavers from my friends you insensitive clod!

      --

      Melius mori in libertate quam vivere in servitute.

  10. 'Unsubscribe' by Anonymous Coward · · Score: 4, Informative

    In your own inbox, get a couple of hundreds of spam.

    Take the urls (DO NOT CLICK ON THEM) and strip them of the stuff after the '?' .....

    Go to each of those 'unsibscribe' pages and put the test account in the email to be removed box.

    Its the best way to get spam. The spammers will generally use it as confirmation that your address does indeed exist, and theyll happily put you in their alive list, where you are shure to get everything they are selling.

    1. Re:'Unsubscribe' by Anonymous+Freak · · Score: 4, Interesting

      I actually tested that not too long ago. I made a hotmail account, did not use it, or publish the address anywhere. After two months, I found I was getting 10-15 spams a day. So, I started using the 'unsubscribe' links in all of them. In two weeks, I was down to 1-2 spams a day.

      Finally, after another two months, it was back up to 8-12 a day. So unsubscribing did seem to work, rather than hurt.

      --
      Another non-functioning site was "uncertainty.microsoft.com."
      The purpose of that site was not known.
  11. http://www.spamarchive.org/ by foonf · · Score: 5, Informative

    I was in the exact same situation, actually, and found spamarchive.org to be very helpful. Any one of the files on their ftp site should have enough spam to keep you busy for a while.

    --

    "(Man) tries to live his own life as if he were telling a story. But you have to choose: live or tell." --Sartre
  12. Re:same problem by Oestergaard · · Score: 5, Funny

    Write a HOWTO and put your real e-mail address in there.

    Worked for me ;)

  13. A few thoughts by rdean400 · · Score: 4, Informative

    - Post a comment on Slashdot with the e-mail address visible
    - If on a popular e-mail provider such as AOL, Hotmail, or Yahoo, put up a profile and go to a chat room.
    - Allow your e-mail address to be listed on any of the directories.
    - Put your e-mail on a Geocities website.

  14. Change your thesis. by CGP314 · · Score: 5, Funny

    New research shows spam no longer a problem!

  15. It's easy. by NerveGas · · Score: 4, Informative

    Put it on a web page which gets any moderate amount of traffic. I did that with some spam-bait addresses, and it's amazing how much they generate. In a few months, they've identified over 22,000 unique servers sending spam.

    steve

    --
    Oh, you're not stuck, you're just unable to let go of the onion rings.
  16. Research Survey by becktabs · · Score: 5, Funny

    "Research Survey" = getting back at evil ex-girlfriend.

  17. worked for me by pretzel_logic · · Score: 5, Interesting

    Buy a throw-away domain name and post an index page with a email address. you could also use the method where you record the IP address of the spider by generating the email address on the fly. with [IP of spider]@domain.com and then set up a catch all email box. then you are monitoring the spiders ips and the mail servers ips. this idea was posted on /. a few months back but I couldnt find the link.

    --

    pretzel_logic
  18. Ask Slashdot by roystgnr · · Score: 5, Funny

    "My deadbeat roommate has pissed me off once too often. On a completely unrelated note, I'm looking for ways to attract lots of spam to an email address for... er... research. Yes, research sounds plausible."

  19. try this one by SHEENmaster · · Score: 4, Funny

    spamthistohelpusout@someresearchcompany.com

    --
    You can't judge a book by the way it wears its hair.
  20. That depends by dmiller · · Score: 4, Interesting

    If you deliberately bait spam, your research will only be about spam as it effects bait e-mail accounts. Your conclusions won't be applicable to normal e-mail use habits.

    The relevance of a baited addres depends on how one does the baiting. I'd say that a handful of usenet posts, pasting it to a couple of web pages, use of it to create accounts on websites (e.g. here), etc would be very representative of common patterns of address disclosure.

  21. Use a control group by Kehl · · Score: 4, Insightful

    Create Several Email Addresses - Be scientific ...

    Address 1 - (Control Address) Post No Where and read no messages until the testing time is over

    Address 2 - Post On Usenet (Deja.com)

    Address 3 - Post In Public ICQ program

    Address 4 - Porn Sites

    Address 5 - IRC

    etc .....

  22. Wait. by MisterFancypants · · Score: 4, Informative

    I think you have to wait, as from what I understand most of the people who spam actually buy spam lists from other people. The spam lists seem to be compiled like phone books, so they send out batches of addresses like every month or so. I'm sure your mailbox will be stuffed to the breaking point about two months from now.

  23. Who you use as an ISP is important by Zero__Kelvin · · Score: 4, Interesting


    Is the account you want spammed provided by the same ISP as your personal account? It sounds like the ISP you are using for the research account might be doing a really good job killing off the spam before it ever gets to you. In order for the research to be uncorrupted you need to verify that your ISP passes all e-mails through to you, rather than spam filtering.

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  24. Re:Change your thesis - Decode the encryption. by orthogonal · · Score: 5, Funny

    That isn't any sort of encrypted text. It is simply a (pathetic) attempt of evading filters...

    You insensitive clod!

    You've ruined the poor boy's dream!

    Just think of the hours of fun he could have had "cracking" the "code".

    Just think of the elaborate code -- and equally elaborate conspiracy behind it -- he might have created in a desperate obsession to make his data fit his theory!

    It could have been a new formularization to rival the Illuminati, Ancient Astronauts, secret codes in the Bible, or some other tortuous, contrived theory! Why, he might even have constructed the ultimate conspirarcy theory, a religion!

    But no! You had to cruelly disillusion him. And rob us of the fruit(iness) of his labors.

    For shame!

    --
    Opinions on the Twiddler2 hand-held keyboard?
  25. SpamCop's list of websites == Game Over by Nat3d066y · · Score: 5, Informative

    So you want a lot of spam, do ya?

    http://www.spamcop.net/w3m?action=inprogress&typ e= www

    That's Spamcop's list of spam-vertised web sites. All of those sites have submission forms; just put the email address in there and you'll be rockin' and rollin' within a few hours. I got into a 'spam war' with one of my roommates back in college, and with that Spamcop list I was able to render his email account COMPLETELY useless within a couple of hours (If you're reading this, sorry 'bout that Brian... )

    Speaking of spam, on a random side note, I've recently started checking all of my email accounts with Shadango.com. Anybody else tried that yet? Shadango allows you to have advanced filtering applied to ALL of your existing accounts (both POP and IMAP). It's frickin' great. So now I don't get any more spam, plus I can check all 5 of my email accounts from one place. They've also got file storage, a calendar, etc. It's money. Check it out.

    -Nate