College Student Receives Email of the Lost

dots and loops wrote to mention an eWeek article that's something of a life lesson: Don't be too smart for your own good. The article tells the tale of a college student who cleverly chose null@vtext.com as his cellphone email address. He's been getting thousands of wayward emails and text messages since 2001. From the article: "Initially, the content of the messages was innocuous, he said. It was things like don't forget to drop the car off at baker's and to call mom at 781-XXX-XXXX, stuff like that, Bubrouski wrote. The problem worsened in mid-2002, when Bubrouski's phone began channeling what he claims were dozens of messages from an e-mail address used by General Motors' then-new "OnStar" system. The messages quickly filled up the memory on his cell phone and contained diagnostic response to tests on a beta version of OnStar. 'Basically, peoples' cars were sending messages to my phone, Bubrouski wrote. "

What was the weirdest email got that wasnt for you

My freshman year a friend of mine received a few emails for a professor, the best one was an email asking the professor to excuse the sender's daughter from a final because she had a cold.

Not a smart man

[VisiX]

If he chose this address to receieve the emails will null as sender then he is not very smart. I'm betting he just uses the handle null, and it was just an unfortunate coincedence.

Re:Not a smart man

[rcamans]

addresses for slashdotters to try out, now that they know about them:
nul, null, root, administrator, president, ceo, cio, cfo, none, unknown, lost&found, hotty...

Re:Not a smart man

[Eric+Giguere]

Perhaps he heard it was a Linux-based phone and was worried when he couldn't find /dev/null.

Eric
View the XML for any Amazon product

Re:Not a smart man

Hello there.

It was Verizon who was being 'not very smart'.

a) They should be just dropping messages which don't have a valid from or to
b) If they're going to use an address as a bitbucket, rather than just dropping it, they shouldn't have allowed that address to be assigned to anyone.

How can you call the user 'not very smart', when he's not the one who actually has the control required to ensure that things like this cannot happen?

Re:Not a smart man

[xaaronx]

Yeah, that's actually at least implied--I'm not sure it was explicitly stated--in the article.

Re:Not a smart man

[Thrakkerzog]

Who says the message was addressed to "@vtext.com".

I am guessing that the OnStar beta system actually sent the message to "null@vtext.com"

If such a name is going to cause problems, Verizon should not have permitted him to choose that name.

Re:Not a smart man

[networkBoy]

Like the guy who got "unknown" or some such for his licence plate. Got several thousand tickets in the mail each year.
-nB

Re:Not a smart man

1) The article itself states that some of the messages he received had invalid to and/or from information. That covers what I stated about Verizon allowing invalid messages to propogate.

2) OnStar and the other companies should not have been sending test messages to an address that they did not control. Seriously, how the hell do you verify that your test messages are actually being sent and received if you're sending to an address where you're not the other endpoint?

His receiving the messages is in no way his fault.

Re:Not a smart man

Note that the original poster was saying the guy was 'not very smart' for choosing that address.

My argument is against that - it was Verizon, and the companies testing, who were 'not very smart'. They had the control required to prevent this from happening, and they did not use it.

Re:Not a smart man

[Pneuma+ROCKS]

My name is Null, you insensitive clod!

Re:Not a smart man

[Muddie]

Just for the fun of it I had tried to set my address to 'root@vtext.com' figuring it would never let me. It did.

And I started getting text messages to root@. I changed that quickly.

Re:Not a smart man

[soft_guy]

Try "abuse@vtext.com".

Re:Not a smart man

[Dare+nMc]

>I'm betting he just uses the handle null

I would have choosen the handle null to ensure I never got any email, cause I don't want to pay for any...

I am guessing that was the intent, go figure spamme might have served better, live and learn.

Re:Not a smart man

Yes, but I came here for an argument!!

OH! Oh! I'm sorry! This is abuse!

Re:Not a smart man

[identity0]

Oh come on, how is a non-geek supposed to figure out that it's a bad idea?

I actually know a girl with a null@ address (no I won't tell you the ISP). She's sort of a 'geek' but more in art than in computers. I think she chose null because it sounds cute and has an interesting meaning, even outside of the computer field.

I don't think it's stupid for people not familiar with computer geek culture to not know that 'null' is often used for testing or system purposes, any more than I would expect a non-native English speaker to know that 'John Doe' is an example name.

Re:Not a smart man

[giorgiofr]

Well, I'm certainly not a native speaker but I do know John Doe as well as his friends Joe Six-Pack and Joe R. User.

Re:Not a smart man

[StanB]

I'm the one the article is written about and I chose the name just because it was the name I had been using in forums at the time. I never assumed for even a minute it would be a problem, nevermind a plague. Fortunately vtext.com gives you the ability not to recieve txt msgs from the internet or e-mail.

Re:Not a smart man

[indianajones428]

The plate actually read "NO PLATE."

Snopes is there.

Re:Not a smart man

[networkBoy]

Thank you. That was it, couldn't remember where I read it ;)
-nB

You think it's bad *now*

[Weaselmancer]

Slashdot just put your email address on their home page. Unscrambled.

Hmmm...wonder what a variant of the Slashdot effect is going to do to a cellphone?

Re:You think it's bad *now*

[nmccart]

I see BILLIONS in text message bills, at 10 cents a pop, he's gonna need a new job

Re:You think it's bad *now*

"Hmmm...wonder what a variant of the Slashdot effect is going to do to a cellphone?"

I imagine it will be something like this.

Re:You think it's bad *now*

[ObsessiveMathsFreak]

Slashdot just put your email address on their home page. Unscrambled.

This is actually quite serious. I have had one story posted on Slashdot, and because I didn't have a homepage, the editors put in my unscrambled email address. The story was copied and pasted verbatum by countless sites all over the next.

That address was almost rendered unusable. Only the bayesian span fliters in thunderbird salvaged it. Still, it was pretty irritating to see an address I had been quite careful with destroyed because the Slashdot editors didn't consider carefully what they were doing.

Re:You think it's bad *now*

[Crazy+Man+on+Fire]

Verizon does not charge the recipient of a text message.

Re:You think it's bad *now*

[ElleyKitten]

Verizon does not charge the recipient of a text message.

That explains why he kept the account for 5 years.

Re:You think it's bad *now*

[jb.hl.com]

Quite a bit I think. When I got a story posted to the /. homepage, they linked directly to my email address; unscrambled, of course (and my homepage link was readily available). Spam galore!

Re:You think it's bad *now*

[Rolan]

Still, it was pretty irritating to see an address I had been quite careful with destroyed because the Slashdot editors didn't consider carefully what they were doing.

You mean, because you didn't consider what you were doing.... You entered your e-mail address, they didn't go look it up and enter it for you. You should have considered the fact that, if the story was accepted, it would be posted, but you failed to consider that. It is not the editor's place to go and edit someone's e-mail address or homepage link that was entered. If you don't want your e-mail published, then don't publish it. The field isn't even required, you could have left it blank.

Re:You think it's bad *now*

[zdzichu]

Hey, but he is not sending thoses messages, he receives them. Charging for incoming SMSes would be insane. It would be so dumb like charging for incoming *phone calls*, silly idea dropped by operators 15 years ago. Before even GSM got popular, when analog cellular telephony ruled.

Re:You think it's bad *now*

[pHatidic]

Isn't giving your email address optional? I think it says that you either get a linkback to your website or a link to your email address right where you submit the article.

Re:You think it's bad *now*

[Rolan]

Odd, my bill says Verizon, and it charges me for incoming text messages.... Must be more than one Verizon....

Re:You think it's bad *now*

[ObsessiveMathsFreak]

Negative. The email address I entered was garbled. The editors degarbled it.

Re:You think it's bad *now*

[rkrabath]

Insane, yes... but common in the US.

boo US... BOO

Re:You think it's bad *now*

[B3ryllium]

I get charged for airtime, I don't think it matters if it's incoming or outgoing.

Sell crazy some place else, we're all stocked up here.

Re:You think it's bad *now*

Grandparent blames slashdot editors for his email address becoming unuseable due to spammers.

Parent blames grandparent for not considering what he was doing when he gave his email address to slashdot.

While yes, if he was more careful or if the slashdot editors were more careful, he'd probably get less spam.

Still, I'd lay the blame squarely on the spammers.

Re:You think it's bad *now*

Mod parent down for excessive dickery.

Re:You think it's bad *now*

[iminplaya]

It would be so dumb like charging for incoming *phone calls*...

Just part of the insanity of American cel phone service. I still can't figure out how they let this come to pass. I guess they'll buy anything.

Re:You think it's bad *now*

[Crazy+Man+on+Fire]

Holy crap. You're right! Verizon does charge to receive text messages. That stinks. Seems a bit unfair that you can be billed for something that you have no control over. At least with an incoming call you can choose not to answer if you don't want to spend your minutes talking to the caller.

https://www.vtext.com/customer_site/jsp/aboutservi ce.jsp#Prices

Re:You think it's bad *now*

[Uber+Banker]

It would be so dumb like charging for incoming *phone calls*, silly idea dropped by operators 15 years ago.

Not that silly. In many countries calls from home telephones are free. Calls to mobiles and whatnot are also free, indeed why not, I'm just calling a number. The mobile telephone recepient chooses to answer the call. Why not let them take the mobile network side of the call? It isn't dumb, it makes sense. Call to switch is free, when it reaches switch it is in the domain of the mobile telephone company. Charging for unsolicited texts, however, does not make sense as there is no option to recieve or decline them.

Re:You think it's bad *now*

[VolciMaster]

yes they do, unless you subscribe to an optional package that groups them into one.

Re:You think it's bad *now*

[trcooper]

Actually they do now. If you go over your plan's allowance, you're charged $.10 a message, incoming or outgoing.

Unlimited IN Messaging applies only to TXT, PIX&FLIX messages sent/received within the National Enhanced Services Rate and Coverage Area from a Verizon Wireless customer's phone to another Verizon Wireless customer's phone and addressed to the recipient's 10-digit phone number. Monthly allowance and overage rates of 10 per message sent and received apply to all other TXT, PIX&FLIX messages sent/received, except international TXT messages, which cost 25 per message sent and 10 per message received.

He's probably going to go over his allowance this month.

Re:You think it's bad *now*

[pyros]

maybe not when he opened the account, but they do now, unless you have a monthly service add-on for unlimited texts, which I didn't immediately see a link for but I'm sure they offer.

Re:You think it's bad *now*

[RollingThunder]

They charge for inbound calls, too, which you again have no control over. Sure, you may see the caller ID isn't somebody you recognize, but often you have to answer it anyways.

Re:You think it's bad *now*

[iminplaya]

Still, it was pretty irritating to see an address I had been quite careful with destroyed because the Slashdot editors didn't consider carefully what they were doing.

Oh, come on! Evidently you weren't careful enough. Why didn't you use a throw away address just for that purpose? I never put my personal/business address on a commercial site, unless it's a site I use for my business. Furthermore, I use a white list. Works like a champ. Remember, a "privacy policy" is about as effective as an EULA and is subject to change on the slightest whim.

Re:You think it's bad *now*

Kind of like this?


obsessivemathsfreak@eircom.net

Re:You think it's bad *now*

[pyros]

Charging for unsolicited texts, however, does not make sense as there is no option to recieve or decline them.

I don't think you are charged if you don't read it.

Re:You think it's bad *now*

[pyros]

Sure, you may see the caller ID isn't somebody you recognize, but often you have to answer it anyways.

No you don't. Only if someone else is paying for it under the condition that you always answer it would you be obligated to answer. And that's still your choice to enter such a situation, and you aren't even paying for it in that case, the other person is paying to be able to reach you.

Re:You think it's bad *now*

[after+fallout]

If it is not an "in" message they do. To quote their plan offering page:

TXT Messaging

Fun, easy way to stay in touch. TXT Messaging is a two-way text messaging service. Send and receive text messages of up to 160 characters right on your two-way messaging-capable phone. $0.10 for messages received and $0.10 for messages sent. Bundle plans also available. Sending and receiving text messages do not deduct from a calling plan's airtime allowance.
Not Available in some areas.
© 2006 Verizon Wireless

-----------------
emphasis theirs.

You can get message plans at 250, 500, and 1000 messages sent or recieved from anywhere, along with free "in" messages. These numbers are combined send and recieve numbers.

Re:You think it's bad *now*

You should do what I do when sites ask for an email address, and just use "null@vtext.com". I don't know if it's a real address, but it's worked fine for me for probably 5 years now. I even used it for my car's OnStar.

Re:You think it's bad *now*

[BurntHombre]

Wow, that was cold!

Re:You think it's bad *now*

[don.g]

Being "careful" about email addresses doesn't work. It'll ward off the spammers for a while, but eventually you'll have to change your address.

And that stinks. We need a better solution to the spam problem than carefully hiding email addresses from the world.

My current "solution" is to run spamassassin, which gets most of my enormous amounts of spam with a fairly low false positive rate. But it's only a stopgap solution -- something more permanent is needed.

I wish I knew what it was.

Re:You think it's bad *now*

[Splab]

Thats a load of bs.

I've had my domain for more than 4 years now, when the spam I get peak, its about 4 messages a month.

Graylisting and carefull about who gets my emailadress works like a charm.

Re:You think it's bad *now*

[4n4l_4v3ng3r]

I have Verizon and I pay to recieve text messages, there is an unlimited plan though.

Re:You think it's bad *now*

[yuriyg]

No, this does:

"I was getting people's grades, order information from unknown retailers, personal messages with people's credit card numbers [and] social security numbers," he wrote.

Re:You think it's bad *now*

[Cygfrydd]

Re:You think it's bad *now*

[Splab]

Excuse me, but why the F*** do people accept those rates?

Here in Denmark I pay 0.10 DKR per sent message and nothing per recieved - 630 DKR to $100. My monthly bill is rarely above 40DKR - thats less than $7 US. Ohh and we got about 99% coverage including the sea. (Granted its a small country, but still..)

Re:You think it's bad *now*

[Fulcrum+of+Evil]

Still, it was pretty irritating to see an address I had been quite careful with destroyed because the Slashdot editors didn't consider carefully what they were doing.

Your fault. Everybody knows that the /. editors don't know what they're doing, so your first (and last) mistake was not using a throwaway email address.

Re:You think it's bad *now*

[Ken+D]

Graylisting doesn't count. This is about managing your email address as an end-user. From that perspective, even bayesian filtering isn't great. Sure you don't have to read the junk, but you have to download it for your filters to be run.

The odd thing is this: I have one address that I carefully managed. I only gave it out to family and friends. I have another address that I use on all web forms, email lists, etc.
Which one gets ALL the spam? My carefully managed address. The other one gets maybe 1 spam a month, and even then, it might be spam sent to a mail list that I'm subscribed to as opposed to directly sent to me.

Both addresses are at the same ISP, so I can't blame them. One is more susceptible to a dictionary 'attack', the other has punctuation. That's the only thing I can think that matters.

Re:You think it's bad *now*

Heh, I pay Verizon $.10 per message sent & $.02 per message received. You can buy unlimited plans, but normally, you DO pay for the incoming messages.

Re:You think it's bad *now*

[massysett]

I understand your annoyance, but honestly I've given up on the spam wars. I can either a) spend time trying to manage email addresses, checking multiple addresses, etc., or b) use one address and rely on spam filters. I used to do a), had two mail inboxes and probably thirty spamgourmet.com addresses.

The hassle got to be too much. Now I use just one address and no spamgourmet. I post my address unmunged on my Web site. My web host has spamassassin, and Gmail has good spam filters. I get 10-15 spams per day, but it all goes to the spam box. I find this much easier than trying to prevent spam, and more effective too.

Re:You think it's bad *now*

[ObsessiveMathsFreak]

To be honest, this is where my attitude now stands as well.

Modern filters are now quite good, with well over a 97% sucess rate, and rarely hit false positives for me. The occassional house cleaning required is in my opinion worth the saving in extraordinary measures.

Re:You think it's bad *now*

So what's your new email address?

Re:You think it's bad *now*

"bayesian span fliters" - are those some kind of mysterious email account-saving creatures? :-P

Re:You think it's bad *now*

[Fulcrum+of+Evil]

Being "careful" about email addresses doesn't work. It'll ward off the spammers for a while, but eventually you'll have to change your address.

So use email addresses with an expiration date that forward to the address you actually read.

Re:You think it's bad *now*

[joeljkp]

Because we don't have much of a choice?

But if you want to help me sign up with a Denmark cell phone company, it'd be much appreciated :-).

Re:You think it's bad *now*

Here's a nice verizon trick, once you know someones' "nick" you can send em a message here:

https://www.vtext.com/customer_site/jsp/my_webpage .jsp?userName=null

and once you send that text message, their number comes up

2/28/2006 3:18 pm 617-835-3284 Message accepted by network NONE

Re:You think it's bad *now*

Use sneakemail for _everything_. Gives you an on/off switch for your aliases.

Re:You think it's bad *now*

[Animaether]

I don't know why people bother with these 'obfuscation' / garble techniques on Slashdot comment threads. I wrote a mIRC script that unscrambles practically all of them with ease. The only ones it doesn't are the ones the user scrambled themselves - but all the automated slashdot stuff is a piece of cake.
If I can do it with a mIRC script, you bet an e-mail harvest is already doing it with a more dedicated tool.

Re:You think it's bad *now*

[poot_rootbeer]

Sure, you may see the caller ID isn't somebody you recognize, but often you have to answer it anyways.

Whaaaat.

Do the phones have a feature where the 'Talk' button presses itself and the phone crawls out of your pocket and up to your ear if you let it ring for more than 10 seconds?

Re:You think it's bad *now*

[after+fallout]

In the states everything is about bundles.

My plan is the 250 message plan ($5 IIRC) meaning I pay for 250 messages every month regardless.
I can send and recieve to other verizon customers as much as I want (good because all my friends also have VZW) for free as long as I have one of the message plans. I send about 700 messages a month (around 600 of them are to my friends on VZW), and the other 100 are to GOOGL (46645) and I recieve around 750 (600 from friends within VZW and 150 from google).

This plan is a pretty good deal for me, because I mostly text to my friends who are also in the "in" network. The other carriers here offer similar rates (free within their network, costing outside it). If I was paying for all sent messages this would equate to (5/700 = .007) seven tenths of a cent for me each message (.045 DKR per sent message).

These pricing schemes seem to lead to localized monopolies (everyone around me uses VZW, If you go about 50 miles northwest of me most people use sprint) because if you want the cheapest bill, you go with whatever the people around you have.

Re:You think it's bad *now*

[CableModemSniper]

Dude, shutup! Don't give them any ideas!

Re:You think it's bad *now*

[Xserv]

*crickets*

Re:You think it's bad *now*

[CableModemSniper]

How does the provider know if you read it or not? I'm pretty sure reading of messages is not done "online", the contents are copied to your phone. And of course the counter-example is that if they only charge for reading what prevents me from hacking my phone to not report that I've read a message.

Re:You think it's bad *now*

[KutuluWare]

Yes it does. Potentially a lot, as a matter of fact. The nominal rate, as you can clearly read right on their web site, is "$0.10 for messages received and $0.10 for messages sent.".
If you are "IN" then I beleive all other "IN" messages are free, and for about $5.00/mo you get something like 500 messages. (All prices are applicable to my area, central Florida, but I doubt they vary much). Those bundles also typically reduce your per-message fee for overages, I think mine is $.05/message. But if you do go over (I have -- my company decided to stick my SMS number into log4net's SMTP logger on a horribly broken system over Xmas break) then the bills can get rather pricy.

--Kutulu

Re:You think it's bad *now*

[Alex+P+Keaton+in+da]

It gets better- verizon charges you for airtime when someone leaves you a voicemail. So if you dont answer it, you still pay if they leave a message... Fun stuff

Re:You think it's bad *now*

[pyros]

On the phones I've had the message is downloaded when I open it.

Re:You think it's bad *now*

[Celt]

well you are using eircom.net for your e-mail, so its basically un-usable from the get-go :)

Re:You think it's bad *now*

[CableModemSniper]

Well I just spent 10cents to try and test that. On my phone (a Sanyo RL-4192) with Sprint as soon as the message is received the text of the message is displayed. I had no opportunity to not download it. Maybe your provider/phone uses a more reasonable system. But I couldn't have denied that message and the associated charge if I wanted to.

Re:You think it's bad *now*

[pyros]

I freakin hate verizon. switched to tmobile in december. Even if all the little extras end up costing the same, and even though the network is noticeably less reliable, I don't have to deal with crippled phones locked to a single network.

Re:You think it's bad *now*

[pyros]

that sucks. Seems like an ideal candidate for a class action law suit.

Re:You think it's bad *now*

[JNighthawk]

My e-mail address received 0 spam until some jerk didn't like a comment I made and posted it unscrambled. Thereafter, and up to now, I receive plenty of spam at that address.

Re:You think it's bad *now*

> Even if all the little extras end up costing the same,

"Even if the extra stuff is stil just as expensive,"

>and even though the network is noticeably less reliable,

"Even though it's harder to actually communicate on the phone,"

> I don't have to deal with crippled phones locked to a single network.

"I can buy a new phone whenever I want to pay full price to do so, despite the fact that I'll pay more for stuff and have more trouble actually getting connected."

Yeah, that'll teach Verizon a thing or two. Good luck with that.

Re:You think it's bad *now*

[eosp]

I have an implanted phone, you insensitive clod!

Re:You think it's bad *now*

[consumer]

Verizon DOES charge for incoming text messages unless you pay the monthly fee for unlimited messages.

Re:You think it's bad *now*

[Saeed+al-Sahaf]

Yes, but you have an AOL address, I mean with NihirNighthawk@aol.com what do you expect? I wouldn't be surprised if Slashdotters unscrambled it just BECAUSE it's an AOL address...

Re:You think it's bad *now*

[dcam]

It is still really, really dumb.

The person recieving the call has no information as to who is calling them. To find that out, they need to pick up the phone*. On the other hand the person making the call knows who they are calling. Also they initiate the phone call. Therefore they have more control, therefore they should be charged.

* Sure you can use caller ID, but a lot of people I know have hidden numbers and a lot of (wired) phones don't display the number that is calling. I know that in the US you can dial a number first to get your number displayed, but the onus is still on the person making the call. Add to that the fact that companies can have a group of numbers to dial out on. Also more than one person can use the same number to dial out on (eg I might want to talk to my sister but not my parents). The upshot is, you still don't know who is calling you until you pick up the phone.

Re:You think it's bad *now*

[geekoid]

well then, now you know why you should have a junk email address.

Anybody at anytime could make a mistake and your email address is allover the place.

My slashdot email is a junk one I check about every week. I also use it for sights that are going to send me a password. If it turns out I will continue to do business and trust they will take reasonable precautions, I give a higher tier email.

Notice slashdot does not have a higher tier email.

This system as worked exceptionally well with one exception, Apple computers. I ahve a 'higher tier' email only used for them, and now I get spam.

Re:You think it's bad *now*

[StanB]

Yeah well my text message box only holds 50 messages and is full so I won't be finding out until I empty it and I won't be doing that anytime soon. Plus disabling txt msgs from the internet and e-mail doesn't hurt either. Sorry to disappoint, although at some point I will enjoy reading some of them ;)

Re:You think it's bad *now*

[WhatAmIDoingHere]

It's funny, I don't get much spam on my email address..

although gMail's filters are pretty good.. and this actually forwards all the mail that gets past the spam filter to my adelphia email address that has it's own spam filter.. and that forwards back to a gmail account that is checked with a program that runs an updates spam filter..

But, yeah... sexwithanimals@gmail.com is where all my email ends up, and while I do get some odd spam, it's no more than 5 unwanted messages a day.

Re:You think it's bad *now*

This from a random other slashdotter: you are a complete dick.

Re:You think it's bad *now*

[iamdrscience]

Verizon does not charge the recipient of a text message.

Oh yes they do. It's only like $5/month for unlimited texts, but otherwise it's like $0.10 to send and receive.

Re:You think it's bad *now*

[JNighthawk]

I've already given that e-mail up for dead and knew when posting, some jerk would unscramble my e-mail address and post it, again. Thanks for proving yourself to be a colossal jackass.

Re:You think it's bad *now*

Believe it or not, I'm not that other AC, and I agree. That's screwed up, posting his email.

Re:You think it's bad *now*

[alchemist0405]

Most cell phone companies have a "1 minute minimum" on all inbound calls whether you answer or not. I remember one month with Sprint where I almost ran out of minutes - so naturally I turned off my phone for the last few days.

I still got "overage fees" because the inbound calls to my voicemail charged exactly one minute each.

So if I used a phone-dialer and called you 50,000 times (then hanging up immediately), I could probably still cost you a significant amount of money. 50,000 isn't unreasonable if it takes 40 seconds to go to voicemail and you don't think to call and have my number blocked. If you give up and hang up the phone, I could make 500,000 calls in a month. (Theoretically)

I'll bet the cell company would rebate the fees though if you complained about it.

Re:You think it's bad *now*

[Saeed+al-Sahaf]

You're welcome!

Fault

[Billosaur]

SMS users, like e-mail users, rely on the fact that carriers like Verizon won't accidentally deliver improperly formatted messages, such as those with no addressee, to an unrelated address, said John Pescatore, a vice president at Gartner.

"There's no way that this should be happening. No e-mail system would ever do that," he said.

Verizon should be rejecting messages with improperly formatted addressee information, not forwarding it to an account, he said.

Bubrouski agrees.

"I'd have to say Verizon is at fault. Sure, service providers make mistakes, but Verizon shouldn't be accepting messages from no one to no one," he said.

It's safe to say Verizon is at fault, but perhaps not in the way everyone would think. How could they let someone have an email address of 'null'? NULL is generally a reserved keyword in most places where it is used; apparently the designers of Verizon's email system forgot some basic computing. Could someone sign up for 'root@vtext.com'? I would hope they would be smart about avoiding problems like that in the first place, though in the end it's true that their email system must be pretty poor if it allows messages with malformed header information to be received.

Re:Fault

[Nos.]

I would disagree. Sure, you wouldn't want someone using root or other default names like administrator, but null, while a reserved word in some circumstances, should not be a problem for a mail server. If my mail servers get an email to a non-existant account, they don't deliver it to "null". This sounds to me like something strange (unescaped maybe) on verizon's mail servers.

Re:Fault

Yes Verizon is at fault for not excluding that address from the pool available to users, but they are even more at fault for routing the messages. E.g. routers don't route packets from 192.168.x.x for a reason. The same thing applies here, only its the standard shabby organization of Verizon showing through.

Re:Fault

[L7_]

its probably from the fact that they are using Java to process thier Strings... and printing out a non-initialized String in java will print 'null'. :x

Re:Fault

[Nos.]

I'm not a java programmer, but I figured it would be something like that. There's no reason someone shouldn't be able to have the email address null@somedomain

Re:Fault

[Doug+Merritt]

It's safe to say Verizon is at fault

No, it's not safe to say. I very strongly doubt it, in fact:

he couldn't find anyone at Verizon or ESPN who had heard of it and could help him with his problem.

That's because it was probably our little mobile group at Disney (owner of ESPN and ABC), oops. We took content such as sports stories and sent it out to all kinds of mobile devices, including cell phones and SMS devices.

If we ever screwed up during our testing (bugs? what bugs?), we could very easily have been the source of a "null@" sort of address.

Zillions of companies send things to SMS, just like they send email; you can't be sure the fault is ever with the SMS service!

On a related theme, my pre-web Internet (yes, there was such a thing :-) email address was "doug@a_big_isp.com", and so naturally I got a certain amount of misdirected email. Email traffic was comparatively low back then, so it wasn't an awful lot.

But one time I ended up being CC'ed on some corporate email that was CC'ed to dozens of people and had many followups. It was intensely boring material, but very private, too, and somewhat high volume. I kept replying, telling them what was going on, and "please stop", and a few people would take me off their CC list, while dozens of others didn't...

So finally I said, "I'm not going to release all of this highly sensitive information about your corporate plans and finances to your competitors or the press or to an ftp site, because I'm a good guy. But YOU don't know that!" That did the trick, the CC's stopped instantly.

Re:Fault

[Thrakkerzog]

Perhaps the message was actually addressed to "null@vtext.com" by OnStar?

Re:Fault

[NickFitz]

In at least one case it was faults in the services sending the messages that were addressing them to him:

Messages from both the Princeton Review Service and Pill Phone were accidentally sent to Bubrouski's phone... Messages without a "To" address were not delivered by the service. However, because of a programming flaw in the client server software, messages with an invalid address, such as a blank space, were translated as "Null," and wound up on Bubrouski's phone.

I don't suppose there's much Verizon can do to filter out stuff that's actually addresed to him. Other services were doing a similar thing:

An eMbience spokeswoman said that Bubrouski's vText account was the same as an account used by engineers for internal testing.

So it looks like clueless techs outside of Verizon are responsible for a lot of his problems. This is why, if I have to send emails to some /dev/null address, I either create a dummy account on a domain that I control, or (in a pinch) use the example.com domain. Just sending messages to a real domain owned by somebody else because you assume they won't have an account with a particular user name is just dumb and inconsiderate.

Re:Fault

NULL is generally a reserved keyword in most places where it is used

Null is a reserved keyword in many languages, yes, but that doesn't mean that strings can't contain that keyword. Should we forget about while@, end@, if@ and other addresses, just because they happen to be keywords?

If it was something like 'root', then I could understand; that's a reserved account name on many systems. But being a reserved keyword means nothing whatsoever.

Re:Fault

[jaredmauch]

back before abuse@ was the way to report issues and commonly used, there were a number of people that were customers of various ISPS, including one customer at MSN that used abuse as their e-mail address. I remember the stories of how much mail that person would receive..

I know of someone who created their personal email for their family member as nospam@ a domain and they don't get any :) someone must be doing a s/nospam//

Re:Fault

[Nos.]

You're absolutely right. I shouldn't have said that it was verizon's mail servers. It could be someone accidentally (through bad code) sending to null, instead of [emptyvar]. I guess my main point was that there is no reason he shouldn't be able to have null@vtext.com. Its a perfectly legit and reasonable email address to have.

Re:Fault

[Qzukk]

The bigger question really, is that if it was "just a flaw" that made the "null" part of the email appear, where did the @vtext.com part come from? I could see "just a flaw" on the vtext.com server reassigning invalid emails to null, where they'd be delivered @vtext.com, but that would still require the messages reaching the vtext.com MX in the first place. This makes eMbience's explanation make no sense, unless they used null@vtext.com before this student did, and he's just getting those leftover emails now... but just how many people/companies could have been null@vtext.com over the years?

Re:Fault

Actually Verizon is not to blame. An empty username on an email address would not be accepted by SMTP. however, "null@vtext.com" is a valid SMTP address. There is no reason for their system to reject it, other than there is no user with that name, which now there is.

The mail is probably the result of web pages, auto-mailers or TAP programs that SEND directly to VeriZon's domain with an empty to field, replacing the empty field with the string "null", thus constructing an email address of "null@vtext.com"

Re:Fault

[halcyon1234]

Could someone sign up for 'root@vtext.com'?

Personally, I'd rather have fuck@you.com

Oh, the tons of email I'd get from "please give us your email address to read this article/download this software/view this porn" providers I'd get...

Re:Fault

[CycleMan]

Feh! Back in high school, I remember registering as "sysop" at a variety of free email sites. No malicious intent, just liked the coolness factor of it. Ended up receiving and dealing with quite a bunch of requests for help with spammers etc.

Yes, I helped them. I figured I owed it to them since I'd taken the email address. One solution would be to have standardized contact addresses: postmaster, root, admin, sysop, and have them universally applied. The lack of these standards let me have my fun, and additionally makes it so difficult for many folks to get help online.

Re:Fault

[MadMidnightBomber]

NULL is generally a reserved keyword in most places where it is used; apparently the designers of Verizon's email system forgot some basic computing.

I think Java would do this if you had a null java.lang.String recipient and did a recipient + "@" + domain for example. Remember, the language can save you from shooting yourself in the foot, but it can't make you do the right thing.

Re:Fault

[dodobh]

"null" != null.

Also, null@example.com is a perfectly valid email address. The only reserved ones are postmaster@example.com and abuse@example.com. Other commonly used addresses may also be reserved, such as root, hostmaster, webmaster, sales, etc.
NULL is not in that list.

In this case, it is the fault of the developers for assuming that null@domain is invalid. They should have used a domain like example.com for testing.

Verizon's fault is accepting messages for invalid accounts in the first place, but your objection is null and void.

Re:Fault

I'm curious...who has the list of "forbidden" email addresses? The two previously mentioned (abuse and postmaster) are special, but why would any word from some other area besides email be disallowed? Why not null? Why not root? Why not superuser?

So, folks, what user names shouldn't be allowed in an email address? Any suggestions and reasons why not?

Re:Fault

[i.r.id10t]

same wiht a spamtrap@mydomain - lots of bounces to trap@mydomain in my logs..

Re:Fault

[whathappenedtomonday]

They should have used a domain like example.com for testing.

hm, example.com seems to be down at the moment... if you rely on it for testing, you're screwed!

it's a joke. laugh!

Re:Fault

[nmos]

In this case, it is the fault of the developers for assuming that null@domain is invalid. They should have used a domain like example.com for testing.

My guess is that they didn't intend to assume null@vtext.com was valid, they just never checked for it. Most likely they are pulling the username part out of a db and just appending @vtext.com. Unfortunately if a particular db item is empty it may return "null" as the value for that item.....

Re:Fault

[dodobh]

That is just bad programming. The people writing the query/gateway should check for a NULL as opposed to the string 'null'. Oh well, there _is_ http://thedailywtf.com/

Now...

Now he going to get messages sent to null@vtext.com from all of slashdot

Posting your email on Slashdot

[Ant2]

I am very sure that also having your email address posted on the front page of Slashdot won't help matters either. This guy doesn't seem too smart.

Now it is worse

[tie_guy_matt]

He though he got a lot of email before. I wonder what happens after his email address is splashed up on /.?

think you were getting lots of messages before?

[aliscool]

Now that you null@vtext.com address has shown up
on the front page of slashdot...
You haven't seen anything yet.

Here's an idea:

[sxltrex]

Change your fucking cellphone e-mail address, genius.

Re:Here's an idea:

[truthsearch]

That's what I was thinking. Thousands of emails since 2001... did he not get it that there was a problem? After it became a problem change addresses and it wouldn't be a /. story.

Re:Here's an idea:

[TrappedByMyself]

Change your fucking cellphone e-mail address, genius.

Yeah, you'd think that after 5 years, he'd think of that one. Guess some people are a little slow.

Re:Here's an idea:

[Nos.]

Would you? Honestly?
I probably wouldn't. You can deny that it would be interesting to get some of that stuff that was meant to go elsewhere. Hell, I'd probably build a site of the strange stuff I've received.

Re:Here's an idea:

[panthro]

RTFA: Getting rid of his vText account would stop the stream of unwanted SMS message problem, but Bubrouski said he enjoys reading the messages he receives, and blocks companies and individuals when the volume of SMS they're sending him gets too high.

Re:Here's an idea:

[TubeSteak]

You're not new here, but did you not get it that you should RTFA?

He likes getting all these texts.
He blocks the most voluminous senders and reads the rest for giggles.

Re:Here's an idea:

[truthsearch]

You're not new here, but did you not get it that you should RTFA?

RTFA? You must be new here. ;)

Me too!

I can't tell you how many misrouted emails I've gotten for some great stock market tips, interesting (and I do mean interesting) pictures, some pretty amazing medications, and even offers for prestigious non-accredited degrees!

I almost feel bad taking advantage of people who accidently send me these deals by mistake.

Re:Me too!

[AndroidCat]

Do you mean that they didn't come with half a page of boilerplate text at the bottom saying that if you weren't the intended recipient that you had to destroy all copies and submit to a brain-scrub?

Re:Me too!

No, but they did include instructions of how to opt-out of future messages. Why anyone would want to opt of deals like these, I'll never know.

This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this posting. Please notify the sender immediately by a reply posting if you have received this posting by mistake and delete this posting from your system, including your browser cache. Slashdot posting transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of Slashdot postings.

Re:Me too!

Tell me about it. This is great! Since I set up my e-mail account I've found hundreds of people offering to help enlarge my penis size and send me free pix of hot chicks. I'm also going to get a fortune from some guy in Nigeria and all I have to do is help him move some money to this country - I only have to send him my bank account info. I just love being connected, don't you?

Talk about your security breach.

[TubeSteak]

FYI - vtext (the service the kid is using) stands for Verizon Text

That data has become more sensitive in recent months, as companies rush to deliver everything from SAT test scores to medical information and automobile diagnostics to cell phones and PDAs.
...
"I was getting people's grades, order information from unknown retailers, personal messages with people's credit card numbers [and] social security numbers,"

Medical information? Credit Card & Social Security numbers?
Shit is going to hit the fan in 5... 4... 3...

Seriously, letting someone choose "null" is like letting them pick "Administrator" or "HelpDesk". I thought that was Security 101 material?

Re:Talk about your security breach.

[flimflammer]

To be frank, I've signed up for quite a few services in the past that allow me to register "null" - Null is a little different than "admin", "helpdesk" or some other name. There would be no problem if they just didn't screw up when they were handling the strings. Why the hell does an improper string get turned into "null"? That's one of the things I've always hated about Java/Javascript. When they're not defined, they litterally hold the value of "undefined".

Re:Talk about your security breach.

My email address is undefined@vtext.com, you insensitive clod!

Re:Talk about your security breach.

[pthisis]

Seriously, letting someone choose "null" is like letting them pick "Administrator" or "HelpDesk"

No it isn't. There's no reason for anyone to send email to null@domain unless they're trying to reach a user named "null". The latter two will get people guessing at administrative addresses.

The blame is on broken Java apps that are sending things out with uninitialized strings as the email address. You could see similar broken emails to other addresses from broken apps written in other languages.

He could have chosen "None"

[waterford0069]

This storey reminds me of one I heard about in the 1980's.

Some smart *ss decided to get a vanity plate that read "NONE". It seems that whenever a police officer or parking commisionair issued a ticket for a vehicle without a license plate, they would write in "NONE" where it said plate.

Then the clear entering the ticket info, would (of course) enter the same thing into their system.

The result was hundreds of tickets being issued to him, for various offenses (parking, speeding, etc.).

Re:He could have chosen "None"

[Rude+Turnip]

Some comedian once suggested that IFORGET would be a much more clever license plate number.

Re:He could have chosen "None"

[dougmc]

The result was hundreds of tickets being issued to him, for various offenses (parking, speeding, etc.).

Clever. Of course, this could be used to his advantage too -- since there would be a flood of them, any tickets that he himself got would also say NONE, and so he could probably get the entire stack dismissed all at once, both the not-his ones and the really-his ones. (The court system is unlikely to expect him to pay for tickets that weren't issued to him, though they might make him jump through some pretty serious hoops to prove that she shouldn't have to.)

I'm not saying it would be worthwhile, but it's a possiblity ...

Re:He could have chosen "None"

[Secrity]

There is a similar myth with a "NO PLATE" vanity plate.

Re:He could have chosen "None"

[Larry+Lightbulb]

Full details at http://www.snopes.com/autos/law/noplate.asp/

Re:He could have chosen "None"

[Scarletdown]

This storey reminds me of one I heard about in the 1980's.
Some smart *ss decided to get a vanity plate that read "NONE". It seems that whenever a police officer or parking commisionair issued a ticket for a vehicle without a license plate, they would write in "NONE" where it said plate.

Would this by chance be the one you are referencing?

http://www.snopes.com/autos/law/noplate.asp

Barbour, a sailing enthusiast, wrote down "SAILING" and "BOATING" as his first two choices; when he couldn't think of a third option, he wrote "NO PLATE," meaning that if neither of his two choices was available, he did not want personalized plates. Plates reading "BOATING" and "SAILING" had indeed already been assigned, so the DMV, following Barbour's instructions literally, sent him license plates reading "NO PLATE." Barbour was not thrilled that the DMV had misunderstood his intent, but he opted to keep the plates because of their uniqueness.

Re:He could have chosen "None"

Hey that's my callsign!

N0NE (N ZERO N E) It pisses off lots of people at hamfests. :-)

Re:He could have chosen "None"

"N0NE" is a valid FCC ham radio callsign licensed to THE DX RADIO CLUB in ROCHESTER WA.

There very well COULD be a valid license plate with that on it.

Re:He could have chosen "None"

[db32]

Cept for that whole section where the fill out the make, model, color, etc of your car. Many that I have seen even include the VIN number when writing a ticket.

Re:He could have chosen "None"

[nursegirl]

I checked snopes, and the story's been verified for NO PLATE, NOTAG, UNKNOWN and VOID. What makes me laugh is that the same thing has happened four times with similar types of vanity plates, ranging from 1979 to 2004, without the DMV creating a set of standards for vanity plates.

Re:He could have chosen "None"

[Marc2k]

Man, kudos. That was seriously the fifth time I've actually laughed out loud (if only a chuckle, not a guffaw, mind you) at the Internet.

Re:He could have chosen "None"

Many that I have seen even include the VIN number when writing a ticket.

Were the tickets issued at an ATM machine where the person was entering his PIN number to withdraw cash money?

Re:He could have chosen "None"

[db32]

I honestly don't know what this means. Is this a bad joke, or do you not know what a VIN number is?

Re:He could have chosen "None"

Vehicle Identification Number (VIN) number.
I love love redundancy.

Nothing worse than outsmarting oneself

[RedHatLinux]

However, I don't understand why he hasnt gotten a new email address, or why Verizon hasnt fixed this problem, because messages should be returned or deleted, not forwarded to some random person.

Re:Nothing worse than outsmarting oneself

[allgood2]

I understand why he hasn't gotten a new email. Think of it this way. You create some pissant email or text message account, and all of a sudden your getting emails from your boss, his boss, other employees, etc. And that's just small scale, when you think about a single corporate server. But Verizon serves millions of individuals and organization. The information maybe random, and he may have no plans to do anything with it; but its a slew of information.

Just look at some of the high profile mishaps--SAT tests scores, medical information, etc.--then think of the things he probably didn't even mention--meet me here(s), grocery lists, break-ups, email sex/flirting, etc., etc. Think:

"I slept with Kevin's best friend last night. I don't know if I should feel horrible or wonderful. You can't tell anyone --B"

real life drama's randomized, and at your disposal. It must be like flipping through the TV when your bored. Lots of junk, but some interesting tidbits that keep you coming back for more.

Vehicle tag fun

[weave]

There was a story in our local paper a while back about someone who had the vehicle vanity tag of "UNKNOWN" and the owner started getting issued all sorts of automated red light camera tickets shortly after the city started installing red light cameras. Turns out the system that would OCR scan the violaters would enter the word UNKNOWN in the license field for the ticket if the car that was photographed running the light was missing its tags or they were otherwise illegible.

Be careful of your chosen names!

Ahhh Java...

[EWIPlayer]

Everyone complains about C++ programs "crashing" if you're doing silly things with memory. Why would we want to know about our problems when we can have them buried for us by just defaulting the String to "null" instead?

Poor bastard... but let's face it... he's a bit of a tool :D

Joke?

[pcmanjon]

Must be a joke. It's impossible to register an email as a null character, since most mailservers use nullcharacters internally to sort messages etc.

Not to mention, how will you send a nullcharacter through the signup form, did he use telnet and send the form data that way?

Re:Joke?

[Kufat]

It's "NULL", not "/0" (Or ^@ if you prefer.)

Re:Joke?

[EWIPlayer]

He didn't register '\0'. He registered "null". 4 characters -- all of them in the nice, normal ascii spectrum.

Re:Joke?

Wow, are you dense.

Re:Joke?

[butlerm]

He is no doubt getting properly formatted messages from buggy senders with code like this:

        char *user = NULL;

        user = lookup_vtext_user_handle(....); /* missing NULL check */

        sprintf(email_address, "%s@vtext.com", user);

printf implementations often output "null" or "(null)" when passed a NULL pointer for a %s argument.

Re:Joke?

[EWIPlayer]

There is absolutely no possibility that this was C++ or C code. VERY few compilers (actually, all i can think of is windows... which reminds me why it's so slow) actually do what you said, but every single Java VM does exactly this. And, let's not forget, C/C++ isn't "cool" for enterprise level apps like a cell phone company would have... it's totally bad Java programming.

stupid BBS tricks

[b1t+r0t]

I remember back in the early '90s when I still did Fidonet, all echomail messages had a "To:" field (unlike Usenet), you could read replies to you, no matter what group they were in. Messages that weren't replies were by default sent to "All".

So if you created a user named "All", most messages in echomail and most messages in local boards would be flagged as new to you. Once sysops figured that out they usually created the user All and that was the end of it.

i might be in the minority here

...but, uh

a college student who cleverly chose null@vtext.com

doesn't sound like there was anything "clever" about it.

People predicted this ages ago...

[Schraegstrichpunkt]

That's why we have RFC 2606

Re:People predicted this ages ago...

That RFC does not talk about null and it relates to DNS. The problem is that the verizon email system let him choose null as a username. No RFC will restrict that - only common sense on the part of the email provider (Verizon)

Re:People predicted this ages ago...

[NickFitz]

If you RTFA you'll find that he was getting many of these messages because dumb techs at various companies testing messaging services were deliberately sending their stuff to his null@ email address on the incorrect assumption that there was no such user. If they'd had a clue, they would have used something RFC2602-compliant - null@example.com, for example. That's what it's for. (Personally I don't see why he shouldn't have null as a username, if he wants. It's not as if it gives him admin rights or anything.)

I wonder if he chose

[n0dna]

867-5309 for the number?

Re:I wonder if he chose

[sconeu]

Nah. That would be jenny at vtext dot com.

Re:I wonder if he chose

[pdangel]

heh.

How many /.'s just missed this joke?

Do we have any polls regarding age of Slashdotters?

Re:I wonder if he chose

[gknoy]

A local business where I live actually has this as their phone number, and advertises it on the radio (complete with jingle). Amusing and jarring at the same time.

Re:I wonder if he chose

[Doctor+Memory]

Do we have any polls regarding age of Slashdotters?

Yeah, a long time ago. Guess you're too young to remember...

Re:I wonder if he chose

http://en.wikipedia.org/wiki/867-5309/Jenny

car spam

[digitaldc]

In the world of software design, "Null" is commonly used to represent "no value" or "0." Developers of mobile services use the "Null" address during testing routines, assuming that the messages won't be sent to anyone.

I wonder if he even thought about this before he got that address.
Now the question is - can he sue for textual harassment?

Re:car spam

[zoeblade]

In the world of software design, "Null" is commonly used to represent "no value" or "0."

At least in the world of databases, and I thought general software design too, "null" is used to represent an unknown or inapplicable value, whereas "false" or "off" are boolean equivalents of 0.

Re:car spam

[Rich0]

This guy is hardly the first. snopes has a good writeup on what happens if you have a vanity plate that reads "NO PLATE", "NONE", "MISSING", "VOID", etc...

Re:car spam

[themoodykid]

This reminds me of something that happened at my friend's work. He told me that one day a guy called the company complaining that somebody from their offices was calling his line at 3 in the morning every night. They did some investigating and discovered that their software was calling using a NULL value as the phone number somewhere, and that the NULL value was not really zero, but some valid sequence of digits that ended up mapping to this guy's phone number. Of course, their software was set up to call home every night to transmit some lab data and so ended up dialing this poor sap's number regularly. :-D

Re:car spam

[Myopic]

i like how you think. i figured Verizon would sue him for hacking their network, and he'd get life in prison, or something like that.

Re:car spam

[VAXcat]

Heck, quite a few years back, when UUCP was used to ship mail around, I was installing it on a system here. I didn't know the first thing about it, so when it asked for a phone number during installation, I thought, what the hell, and entered my home number, just so it would keep installing, thinking, I'd figure out what it wanted that number for and change it later. After that, for three weeks, I got woken up every night at 2:00 AM...thought it was a prank caller, until I realized, UUCP was using it for the default number to call to transfer mail...I finally figured it out and dope-slapped myself for being an idiot.

*ahem*

[Spy+der+Mann]

he chose the nick "n","u","l","l". Not "\0".

Re:*ahem*

The article slashdot links to states:

"In the world of software design, "Null" is commonly used to represent "no value" or "0." Developers of mobile services use the "Null" address during testing routines, assuming that the messages won't be sent to anyone. "

E.G. The article is telling me that he's using x0 as his E-Mail address. That is the way I read the article.

If it is "null@" -- then verizon must have an internal redirect to send messages that are invalid to his addr. They must be using null@ as a /dev/null to trash messages. Since a user lives on this accountname -- he's getting all the trash.

"null" (string) vs. null value?

[d_jedi]

Sounds like someone screwed up big time. In most (all?) programming languages,
str = "null" and
str = null

mean two completely different things. Somewhere along the line, they must be converting null(value) to "null"(string), which seems like a dumb thing to do.

Re:"null" (string) vs. null value?

[Chapter80]

It doesn't need to be as blatent of an error as that.

In Python, for example, if you take in a number, and convert it to a string, it's something like this:

>>>a=8675309
>>>b=str(a)
>>>print b
'8675309'
>>>a=None
>>>print a
(NOTHING PRINTED!)
>>>b=str(a)
>>>print b
'None'

Note that now b equals a sting holding 'None'. I think other languages will do something similar with "Null" or "NaN" (Not a number).

Re:"null" (string) vs. null value?

[yeremein]

Somewhere along the line, they must be converting null(value) to "null"(string), which seems like a dumb thing to do.

In C, if you try to print a null string with printf, you get the text "(null)" out, which is arguably better than crashing. It's probably something like this causing the spurious messages to the null@ address.

Re:"null" (string) vs. null value?

[StanB]

Well the article is about me although I don't know exactly whats going on I have an idea. One of the companys involved, Vocel, responded to one of my emails suggesting maybe they were sending out messages with a blank as in "To:" field and they responded that yes they found a bug that caused just that. Their response between making contact and them fixing it was mere hours. Anyways I think that messages with a blank To: field either get converted to "To: (null)" or it just bitbuckets them somewhere in the code to "null". Here is an example messages that makes me think its the former:

Fr: (null)
(null)
CB#:

Notice that (null) is actually a string that Verizon must be filling in when a field is blank. Perhaps somewhere along the line they replces blank fields with "(null)" and later on when its actually being processed for the recipient the disallowed '(' ')' are removed and thus it ends up going to null@vtext.com.

Re:"null" (string) vs. null value?

[LanceUppercut]

I several implementations of C language RTL functions like 'sprintf' will insert sequence "null" (or "(null)", or someting similar) in response to null-pointer value passed for '%s' format specifier. That's one possible explanation of how null-pointer values can turn into "null" strings.

Re:"null" (string) vs. null value?

[d_jedi]

You're right.
        char * id = NULL;
        char email[100];

        sprintf(email, "%s@vtext.com", id);
        printf("%s", email);

prints:
(null)@vtext.com

Signs or more to come....

[fak3r]

..but again let me ask, why do Multi-Million dollar companies fail to have their SMTP servers setup correctly, but lame geeks such as myself and other /. readers have their POSTFIX servers set to deny emails that don't have any TO: or FROM: headers? I mean come on, here's a HOWTO that I worked with that started out in 2001 for hell's sake: Postfix Anti-UCE

Still, there's going to be a ton of companies that don't know what they're doing, or who they're hiring; problems like these will only continue to surface.

Re:Signs or more to come....

[dougmc]

but lame geeks such as myself and other /. readers have their POSTFIX servers set to deny emails that don't have any TO: or FROM: headers?

It's highly likely that most of the emails he's receiving DO have the To: and From: headers set properly. This comment is probably very close to the true source (if not the true idea of the source) of most of the messages he's been receiving. It could also come from java programs, where if you print an unitialized string it just prints the four characters n, u, l, l, or `null' (which strikes me as a poor way of handling it. Throwing an exception would be a lot smarter. But then again, I don't do much java.)

And really, what does this have to do with POSTFIX? (and why is it capitalized?) Most MTAs have similar options, and they're often (typically?) enabled by default here in 2006 thanks to the spammers, so `lame geeks' and big companies alike can benefit from them, clued or not!

Stupid NULL pointers

[phxhawke]

I new they could cause many problems, but receive the wrong email wasn't one of them.

Sounds like a version of the vanity plate legend

[HotNeedleOfInquiry]

A car owner in California buys a vanity license plate that says NONE. Within a week he's receiving hundreds of parking citations. All the citations have NONE in the license number field because the car had no license plate.

Subtle plug for TCPA on page 3

[Schraegstrichpunkt]

From the article:

TCG is developing specifications for hardware building blocks, including the TPM (Trusted Platform Module) chip that can secure transactions from mobile devices.

Great!

test cluster vs testcluster.com

[iguana]

I own the testcluster.com domain.

Until I finally shut off DNS to it, every day or so there would be some Windows Active Directory system out there trying to update my DNS servers. I'm guessing "testcluster" is a popular name for a new Windows clusters.

For example:
query: _ldap._tcp.pdc._msdcs.testcluster.com
query: _kerberos._tcp.dc._msdcs.testcluster.com
query: 6c91d860-bf0b-4bd9-b0f3-2a368934fe0e._msdcs.testcl uster.com
query: _ldap._tcp.DomainDnsZones.testcluster.com

Re:test cluster vs testcluster.com

Oh, that's so totally the wrong way to handle it. Whenever you receive one of those, add a DNS entry pointing it to somewhere nasty, like a goatse server.

Re:test cluster vs testcluster.com

[garylian]

I hear ya.

My company has a 24hr support pager, and I am the poor slob that got it thrust on them. (Only U.S. employee left, and the pager # is reserved to the U.S., I guess.)

There is a Bed & Breakfast in the U.S. that has a horrible font used on it's phone #. The 3 in the # looks like an 8. Those 2 digits are the only ones that are different between my pager # and their phone #.

I receive about 10 pages a month from people looking to make registrations. I called both the B&B and the website designer, asking them to change the font. They refused.

I have been sorely tempted, as many friends have suggested, to simply start taking reservations, or call the people back and tell them the business is closed. I haven't, because the reservation part would require me to take their credit card #'s, and I'm not going there. (I can see the lawsuits from that stunt being brutal.) And the whole "We're closed of renovations" and the like just doesn't work for me.

Fortunately, none of my customers are currently in the surrounding area codes any longer, but for a while, I was making a lot of unnecessary LD calls because a webmaster chose an idiotic font.

Re:test cluster vs testcluster.com

[Creedo]

So, tell the B&B that from now on, you will answer any messages you get attempting to contact them with a "out of business" message. I'm pretty sure that they will change it.

Re:test cluster vs testcluster.com

[Randseed]

I have been sorely tempted, as many friends have suggested, to simply start taking reservations, or call the people back and tell them the business is closed. I haven't, because the reservation part would require me to take their credit card #'s, and I'm not going there. (I can see the lawsuits from that stunt being brutal.) And the whole "We're closed of renovations" and the like just doesn't work for me.

"I'm sorry, but we're currently closed for rennovations. (insert CEO/manager/whatever's name here) overflowed the toilet again and when we came in this morning he was passed out drunk on the dining tables again, and there was a huge log floating through one of the guest rooms."

Reminds me of the guy

[JohnnyGTO]

that when choosing a vanity plate in california decide to enter NOPLATE as his last choice of three. Well that was what we call a "Dumb Idea" as he soon started receiving many, many parking tickets and soon warants for his arrest. Seems that at the time if you illegally parked a car without plates the cops entered NOPLATE on the parking ticket.

same thing happend to me

[ashishpuliyel]

When my school started to offer friendly email address (as opposed to unfriendly uXXXXXXX@nus.edu.sg) you could only sign up for addresses using a combination of your initials and your name. Smartass that I am, I signed up for a@nus.edu.sg.

It's a college, and long story short seems like every few months somebody testing out the new shopping cart or mail server they made, sends me test emails. I've had credit card information more than once. I reply and tell whoever it is that I'm getting the emails, and it stops.

It's a good way to liven up an inbox that usually only gets circulars and spam.

Re:same thing happend to me

[Chapter80]

Smartass that I am, I signed up for a@nus.edu.sg..

"smart ass" = "anus edu" ? very clever.

Re:same thing happend to me

[Pope]

I used to use Mojo Jojo as first/last names for testing forms ( EARS before the Powerpuff Girls. Damn you Gennedy!) , with mo@mo.com as the email address, because all are quick to type when you're just after error responses or a thank you email. Two months ago I got forwarded an email from a very annoyed guy who owns mo@mo.com.

So don't use it!

Another good username

[chowbok]

Many years ago, I worked at an ISP where a customer chose "core" for his username. A weekly OS cleanup script kept deleting his mail spool.

Similar situation

[nolife]

Obviously not at the quantity this guy has but I have an common odd user name that I use on yahoo, hotmail, and several other free web mail places. I get tons of email confirmations and passwords for people that setup accounts at places. Just last week was a Myspace account a dude setup trying to get back at his ex girlfriend. Nice pictures but I had hundreds of requests to add people to my friends list because of the content of the pictures that were posted.

I've also had several accounts created with my username from Snapfish and similar photo places. The content is not spectacular but some are interesting.

But does it run Linux?

[LookoutforChris]

Slashdot teh cell phone!

WTF are the developers thinking?

[Senzei]

Ok, I will admit that registering null@ is cute in a I-am-a-complete-freaking-moron kind of way. No, it shouldn't be allowed by whatever service he is using.

All that said, why are the developers of these programs using it? I can only assume it is them sending messages to this address as I doubt any clients would. Whatever happened to sending you email to example@example.com? Even better set up an email account that just dumps into a bit bucket on your domain and use that. Regardless of the method why allow messages that the users are obviously not intending to send to go out at all? Sometimes I wonder how computers can work at all with this many idiots behind the wheel.

Blame Verizon

[dannyelfman]

The security and system admin folk at Verizon goofed. They shoudln't have allowed the use of ``null'' in the first place.

A similar overload

[Anthracene]

I had a similar problem in college, when as a freshman I felt very lucky to get john@[mycollege].edu as my address. Apparently lots of people think they have "John" as an alias in their address book that will get automatically expanded, and many of them are incorrect in this assumption. A few thousand misaddressed emails later, I didn't feel quite so lucky.

The worst of it was a mailing list that randomly chose my address as the example address for their explanation of how to compose a subscribe message, just as the Net was being flooded with AOLers. You can imagine how many times (per day!) I was subscribed to the list.

Well...

[jd]

The signal to noise ratio will go down, but the quality of the noise will skyrocket.

Great idea!

[Sax+Maniac]

My vanity license plate is "NONE". I never get any parking tickets.

Re:Great idea!

[Intron]

Since you already got that one, I'm applying for "MISSING". Parking in Boston is brutal.

Re:Great idea!

[Sax+Maniac]

Except MA plates only have six letters.

Similar Situation Here

[oni]

I own a domain that is similar enough to an ISP that I get about one errant email a month. I wont change the domain name though for reasons that you wont care about.

Anyway, I have a standard response that I send back to people letting them know that they mistyped the addresses. In about two years of this, only 3 or 4 times has anyone bothered to thank me for letting them know they screwed up.

And one time, some idiot actually replied to my message and kept talking as if he was talking to his friend! Talk about dense.

rethink...

[stewie's+deuce]

Great, now its going to be even more difficult to explain to people learning unix what happens to data going to /dev/null

Another problem

[OhHellWithIt]

The FA mentions that the subscriber was able to block emails using a blacklist on the vtext.com web site. Unfortunately for those of us who use Verizon, they don't have a companion whitelist capability. I would like to be able to specify who CAN send me text messages, so I don't get /.-ed to the poorhouse.
BTW, those of you who think it would be fun to send this guy texts, please don't. Verizon charges something like a dime a pop for texts. I wouldn't wish that on my enemies or even my freaks.

which reminds me

[temojen]

I'm constantly editing text my boss writes for publishing on the web that has stuff like "enter your email address (eg: smithj@telus.net)" to say username@example.net.

Whoever smithj@telus.net is should be glad.

Remember folks, example.org, .net, .edu, and .com are reserved for use in documentation and common system names like Postmaster@, abuse@, root@, etc shall not be used for personal email addresses.

Re:which reminds me

[All+Names+Have+Been]

But I'm username@example.net you insensitive clod!

Re:which reminds me

[ShadowBlasko]

Yeah, but with the amount of shareware, nagware, usenet posts, and free account signups I have had over the years, I would bet poor old bob@bob.com hates me by now!

Re:which reminds me

[Distan]

"root" is my preferred email address on all machines that I can have it. I don't see any reason why I should do things differently.

Re:which reminds me

[*Pres*]

(...) system names like Postmaster@, abuse@, root@, etc shall not be used for personal email addresses.

I once signed up for the e-mail address administrator@... with a large telco. "Administrator" is a default Microsoft Exchange mailbox.

I did get some funny mail from time to time and also the output of some antivirus-program with default notification settings.

Reminds me...

[rekoil]

...of a friend of mine who registered billgates.com way back in the day. He set up a website that showed the most recently received emails to the domain. Quite entertaining...a lot of people actually seemed to believe that emailing Bill with your sob story would result in a cash handout. Wacky.

Re:Reminds me...

Check out http://web.archive.org/web/*/http://billgates.com

Hi Dale :)

Re:Reminds me...

[Andy_R]

Similarly, my company policy of filling software licencses out with "Anybody", "Anywhere" in the the Name and Company fields to ensure our legal right to resell, coupled with MSN doing stupid things with defaults once lumbered us with the email address anybody@msn.com - you wouldn't believe the incomprehensible complaints that get sent there by the technologically challenged!

Just Like Woz!!

[mtDNA]

This reminds me of what happened to Steve Wozniak.

Apparently, he always wanted a phone number with all the same digit, like 444-4444. After he got one, he discovered the horrible truth... he got tons of calls followed by hang-ups. As the story goes, he couldn't figure out what it was, until one day he heard someone yell in the background, "Jimmy - you hang that up!" (or something like that). He was getting little kids! Of course, they grab the phone and press the same number over and over.

Re:Just Like Woz!!

[commodoresloat]

The # was 888-8888.

Re:Sounds like a version of the vanity plate legen

[CheeseTroll]

I can't help but wonder, though, why a cop would even bother writing a ticket for a car with no plates? How else are they going to know whose car it is?

So is OnStar

[iminplaya]

going to destroy the planet if it doesn't recieve a response?

Why is confidential info sent as email?

[JSBiff]

I gotta wonder, maybe this story is true, but why would confidential info, like Medical records, credit card numbers, etc, be being sent as clear-text email? I could maybe see SAT scores, but I don't think even that would be.

If anyone I did business with sent me confidential info over email, and it wasn't encrypted, I'd be royally ticked, and sue them for being so negligent about protecting my info.

Re:Why is confidential info sent as email?

[greenrd]

Sending medical records unencrypted over email, SMS, etc. would almost certainly be illegal throughout the US (due to HIPPA) and the EU (due to Data Protection). At least, I hope so.

Re:Why is confidential info sent as email?

[zcat_NZ]

Don't ever work in web hosting then..

Standard procedure for a really huge number of websites;
after you enter your credit card via 128-bit SSL it gets mailed in plaintext from the webhost to the company handling the orders. That's if you're lucky. Sometimes it will get appended to a textfile of orders which is accessable via the webserver if you know the right 'secret' url.

Also don't hang out on 'carding' irc channels. Credit card details are so freely available those guys trade a minumum of 1,000 at a time for a few dollars. If you only want a dozen you can just sit around and collect the free samples..

Re:Why is confidential info sent as email?

[tacocat]

What mechanism would you suggest using to send someone a new password?

Few mail clients are configured to handle encryption.

Any realistic suggestions on what might be a solution that works for more people than it doesn't?

Off topic rant about null

[hellfire]

From the article:

In the world of software design, "Null" is commonly used to represent "no value" or "0."

NO NO NO NO NO NO NO!

Null is commonly used to represent "no value" or the absence of data. In programming, zero is discrete and specific data. Zero is data. Null is the lack of any data.

Okay so this isn't exactly a programming or data base design article but these things are important. I work in a support department and do you know how hard it is to explain what NULL is? Misinformation should not be spread to the masses! :)

Re:Off topic rant about null

[Dunbal]

if(NULL == '0'){
      printf("Why won't this print?\r\n");
}

Re:Off topic rant about null

[HighBit]

cuz you're comparing NULL (usually defined as 0) to 48

Re:Off topic rant about null

[Hannah+E.+Davis]

Probably doesn't help that in afx.h in the MFC C++ library, there's this handy little line:

#define NULL 0

So yes, sometimes NULL does represent 0, which can also substitute for false. It really just depends on what language you're working in :)

Re:Sounds like a version of the vanity plate legen

[HotNeedleOfInquiry]

The cop can also write down the VIN number. It's on the dashboard visible through the windshield. The cop gets points for the number of tickets he/she writes. The tickets are often a necessary precurser to getting the car towed.

Re:Sounds like a version of the vanity plate legen

VIN number

Re:Sounds like a version of the vanity plate legen

[zakezuke]

I can't help but wonder, though, why a cop would even bother writing a ticket for a car with no plates? How else are they going to know whose car it is?

The vin number, usually visiable on the dashboard unless we are talking something very old. IIRC the tickets reflect the plate if visiable, the vin, and color. And I believe, not having much experence with this, a car if parked on a public street needs to be ticketed to be towed.

Why not just change the email address?

[Colgate2003]

I have a Verizon phone and set up an "alias" email address like this for my phone. That's all it is. You can always send email to 1005551212@vtext.com (your phone number, of course), but the alias address can be changed. I started to get some spam on my phone through the alias, so I changed it to something else. It took 15 seconds on their website.

Years of this? Why not just change the address?

same thing happened to me

[TRRosen]

same thing happened to me when I registered an "address"@XXXX.com address. all sorts of generic mail.

Great career choice, Mom

[Gruneun]

call mom at 781-XXX-XXXX

My therapist is buying a boat.

Seen this before

[Hjalmar]

Many years ago I worked at a dot com. We needed some bogus email addresses with a valid looking domain name, and the developer working on that project just picked one at random. However, he didn't both to see if the domain name was valid, and a little later we got a call from the owner wondering why our systems were flooding his mail server, trying to send messages to bogus addresses.

It was a stupid mistake, but it looks like one that others have made as well. I would bet the reason he started getting messages from OnStar was simply because developer somewhere needed an email address and didn't bother to check whether or not the address was valid - a stupid mistake. But an honest one.

Re:Seen this before

Should always use example.com or yourcompany.test, both valid, both guaranteed to not have been registered. Otherwise use your own e-mail address and set up a filter so the test e-mails don't clutter your inbox.

Ah, that takes me back.

[porkchop_d_clown]

In the early 90's I wrote email software for a living. When we added SMTP support, I would use "nobody@nowhere.com" as a guaranteed-to-fail address for testing non-delivery reports.

Then, one day, around 1996, I stopped getting non-delivery reports....

I've never had the courage to try and figure out who I dumped 10,000 identical e-mails onto...

Re:Ah, that takes me back.

[salmon_austin]

I'm guessing it was this lady....
(from a whois query)

Registrant:
  Lisa Seaman
  1621 Haight Street
  Apt 26
  San Francisco, CA 94117
  US

  Domain name: NOWHERE.COM

  Administrative Contact:
        Seaman, Lisa ThinkAboutItForASecond@yahoo.com
        1621 Haight Street
        Apt 26
        San Francisco, CA 94117
        US
        +1.4155334619
  Technical Contact:
        Seaman, Ted ItIsYouWhoAreMistaken@yahoo.com
        1621 Haight Street
        Apt 26
        San Francisco, CA 94117
        US
        +1.4155334619

  Registration Service Provider:
        Jump Domain
        http://www.jumpdomain.com/

  Registrar of Record: TUCOWS, INC.
  Record last updated on 31-Jan-2006.
  Record expires on 22-Dec-2007.
  Record created on 21-Dec-1994.

  Domain servers in listed order:
        PARKING1.JUMPDOMAIN.NET 69.30.210.35
        PARKING2.JUMPDOMAIN.NET 69.30.210.36
        PARKING3.JUMPDOMAIN.NET 69.30.210.37
        PARKING4.JUMPDOMAIN.NET 69.30.210.38

  Domain status: REGISTRAR-LOCK

The Data in the Tucows Registrar WHOIS database is provided to you by Tucows
for information purposes only, and may be used to assist you in obtaining
information about or related to a domain name's registration record.

Tucows makes this information available "as is," and does not guarantee its
accuracy.

By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:
a) allow, enable, or otherwise support the transmission by e-mail,
telephone, or facsimile of mass, unsolicited, commercial advertising or
solicitations to entities other than the data recipient's own existing
customers; or (b) enable high volume, automated, electronic processes that
send queries or data to the systems of any Registry Operator or
ICANN-Accredited registrar, except as reasonably necessary to register
domain names or modify existing registrations.

The compilation, repackaging, dissemination or other use of this Data is
expressly prohibited without the prior written consent of Tucows.

Tucows reserves the right to terminate your access to the Tucows WHOIS
database in its sole discretion, including without limitation, for excessive
querying of the WHOIS database or for failure to otherwise abide by this
policy.

Tucows reserves the right to modify these terms at any time.

By submitting this query, you agree to abide by these terms.

NOTE: THE WHOIS DATABASE IS A CONTACT DATABASE ONLY. LACK OF A DOMAIN
RECORD DOES NOT SIGNIFY DOMAIN AVAILABILITY.

Re:Ah, that takes me back.

[pe1chl]

In those days I had an account at the Dutch provider Knoware, which used the domain knoware.nl
It only had my first name as a username.

Sometime I started to receive lots of junk. It was addressed at my name @nowhere.nl, which turned out to be registered by the same company.
I asked for an explanation, and the helpdesk told me that so many users complained that when telling their e-mail address to friends they misunderstood the "knoware" for "nowhere" that they decided to register that domain and alias all mail to knoware.nl

Needless to say, I was not amused. Apparently lots of people having the same name had entered this @nowhere.nl address as their fake mail address and I got lots of spam, subscription confirmation messages, etc.

After some time, they turned it off. And I see they later (in or before 1999) released the domain and it is now registered by someone else.

Re:"null" vs. null

There was a similar example of bad programming on thedailywtf a few days ago. Check out The Replacement...(and some of the other crazy code samples that they've found).

Yes, smithj@telus.net should be glad.

[douglips]

Yes, surely smithj@telus.net should be glad you so thoughtfully published his email address on slashdot.

Re:Yes, smithj@telus.net should be glad.

[outsider007]

No kidding, this one post nullifies all the good you've done for good old smithj.

I will hyperbolically metaphorize this with being a school crossing guard for 20 years, and then suddenly pushing a bunch of kids under a truck

Re:Yes, smithj@telus.net should be glad.

[Kadin2048]

One can only assume (hope?) that his boss' real name is not J. Smith.

At any rate, if it was his boss' email address, it won't be shortly.

Re:Yes, smithj@telus.net should be glad.

[Senzei]

I will hyperbolically metaphorize this with being a school crossing guard for 20 years, and then suddenly pushing a bunch of kids under a truck

Wouldn't it be more like deciding one day to switch out your stop sign for one that says "Race to the end of the block, $1000 prize"

Stan Bubrouski

[Randall311]

This kid is a friend of mine, I went to Northeastern and took some classes with him. He told me once that he had the vtext address of null. I thought he was joking until he showed me his inbox. He got all kinds of crazy text messages, he said the random messages amused him so he kept the account. Some people are lucky that he's not a bad guy, because he occasionally gets "sensitive" information texted to him. Verizon is dumb as hell for letting somebody use null as a username, and there email system is piss poor if messages with malformed headers are getting though. I'm switching to Cingular this spring, hopefully the username root is still available. Yo Stan if you read this I'll text you when I get out of work, Hopefully you're inbox isn't bursting with SPAM.

Mods: FFS Let's kill another urban legend!

Mods: FFS Let's kill another urban legend!

Re:Mods: FFS Let's kill another urban legend!

[Kevinv]

Actually according to snopes, this one is true.

http://www.snopes.com/autos/law/noplate.asp

Reminds me of "uucp@aol.com"

[IvyMike]

On RISKS, a few years ago, someone wrote up his experiences as"My life as uucp@aol.com". Pretty funny:

The AOL software politely informed me that this name was taken, and said thesame when I requested "postmaster", "webmaster", etc. In some cases itsuggested an alternative like "webmast236", and in others it simply said"That name is taken."

Then I requested "uucp".

And the software asked me to enter my new password.

Re:Reminds me of "uucp@aol.com"

[pe1chl]

Some time before the big internet bubble, the Dutch telecom company KPN created a an AOL-like provider named HetNet. ("TheNet" in English)
Users could select their own username, as long as it was not taken.

There was a root@hetnet.nl and an info@hetnet.nl that were quite active in newsgroups. Especially the second one was confusing, as he was frequently pretending to be speaking as some authority at this provider.

But after some time, the fun was over and HetNet withdrew these accounts, suddenly claiming that it had been an error that they were allowed to be taken by customers and that HetNet wanted to respect Internet standards for mail addresses. This left root@ confused, as there does not seem to be any standard that reserves this address for some purpose. The thread is still available in Google Groups.

Re:What was the weirdest email got that wasnt for

[rolandog]

I'm receiving weird emails everyday... they all seem to be from distraught girls who are disappointed with their boyfriends:

Today I received an email from a girl called Neomi Rosina. The subject read: "CHEEAP WAY TO BIGGER UR SHORT & THIN D11CK am".
The body of the email contained the following.

benefit benefit window parents, few supposedto not? explain fire happened or, allow being purpose. nothing end wife wrong different my. benefit find bad am. benefit already similar off again? slow whom the anybody reference beautiful. mischievous corner use. profession wanted young. shining here motor reply latter black? window appearance supposedto wrong beautiful.

foo@bar.com

Now THAT's an INBOX that has got to be really stuffed.

Slashdot + defective mobile batter = BOOM

[Yankel]

We all knew the answer to that.

his complaint is legitimate

[idlake]

I never put my personal/business address on a commercial site, unless it's a site I use for my business. Furthermore, I use a white list. Works like a champ.

Well, how nice for you that your life is so simple and your needs are so modest. However, many other people cannot use a white list.

His complaint is legitimate: it is exceptionally rude for Slashdot editors to manually unscramble an E-mail address and put it into a story.

Re:his complaint is legitimate

[iminplaya]

I didn't say it wasn't rude. However, it is something you should prepare for. As far as the white list, I don't use it for all accounts. It is however a very convenient way of seperating the wheat from the chaff. New clients start off in my junk mail account, and then get moved into the list on my real account. Besides, with phone calls getting cheaper by the minute, I can always get an address to put into the white list. And yes a simple life with modest needs is a big plus. It's simple because I keep it that way out of choice. I don't feel poor because of it. Life is good. The weather is great. I'm not driving 50 miles each way every day in winter waste land. If you wish to live a stressful life and complain about every little thing that goes wrong, have at it.

Re:his complaint is legitimate

[idlake]

However, it is something you should prepare for.

Like how? I have all the E-mail filtering technologies you can get and dozens of spam messages still get through every day. At some point, one has to complain when other people use that address irresponsibly.

And yes a simple life with modest needs is a big plus. It's simple because I keep it that way out of choice.

So, what interesting things do you do then? What are you contributing to the world? What will be left after you're gone?

Re:his complaint is legitimate

[iminplaya]

Like how?

I thought I spelled it out. You just set up a junk email address when you sign up with Slashdot, NYT, etc. A working address, but not your primary one.

So, what interesting things do you do then?

Simple doesn't mean uninteresting.

What are you contributing to the world?

My ideas. Many people like them and use them. And when I ask, they even pay me for them. Sometimes I don't even have to ask. Which is nice, because I hate asking for money.

What will be left after you're gone?

Hopefully a world at least as good as the one I came to. I have no vision of grandiose. I'm taking care of my part of the world without harming others, and that's good enough for me. I also believe in the camper's creed, "Leave no trace." In other words, I should leave it as I found it.

In-Band Signaling

[Ichijo]

“How could they let someone have an email address of 'null'? NULL is generally a reserved keyword in most places where it is used; apparently the designers of Verizon's email system forgot some basic computing.”

The problem goes deeper than reserved keywords. They apparently didn’t understand the concept of “in-band signaling--the sending of metadata and control information in the same channel used for data,” instead of using separate channels. Using unescaped, reserved keywords in software is one example of this. You should be able to use NULL or PRN or COM1 or whatever you want in the e-mail address instead of telling the user, ”you can’t use this as your e-mail address.”

A better design than using NULL to indicate “pretend like you’re sending this message but don’t actually deliver it” would be to have a separate field in the message header to say the same thing. Then you wouldn’t have to arbitrarily deny the use of certain e-mail addresses just because you designed the system poorly.

Re:In-Band Signaling

[Fulcrum+of+Evil]

The problem goes deeper than reserved keywords. They apparently didn't understand the concept of "in-band signaling--the sending of metadata and control information in the same channel used for data," instead of using separate channels.

This isn't about in-band signalling. It's about the results of a common error case, which ends up as (null)@foo.net. Null isn't metadata.

similar experience

I once set an alias of

=

(the equal sign) for an email account I had. Not sure why it let me do that, but it did via a web interface. I got several messages (not nearly as many as in this article) that somehow got sent to that address. I always figured someone hit the = in the to field by accident. Of course I was really hoping to get

:)

as my alias, but it wasn't allowed.

wrong

[idlake]

apparently the designers of Verizon's email system forgot some basic computing

Unlike "root" or "postmaster", the address "null" has no special meaning in an E-mail system.

What did you do that for!?!?

[porkchop_d_clown]

Man... Now she's gonna connect me with all that ancient spam.

Well, at least I didn't mention that I was working for Soft-Switch at the time. She may not connect me with email that came from them....

Re:What did you do that for!?!?

[salmon_austin]

I'm sure there are thousands of others who have made the same mistake. Albeit, maybe not on the same scale as you.

So how many of you slashdotted his phone?

[slashname3]

So after reading the article how many of you sent email to his phone? Could this be the first slashdoting of a phone? And does he get charged per message?

Re:So how many of you slashdotted his phone?

[lgw]

No, the first recorded slashdotting of a phone was the payphone outside of Mann's Chinese Theater when /. ran a story on "the line" of people in Star Wars costume wating for days for the first showing of Revenge of the Sith. Apparently thje phone rang continuously for hours, and the people standing in line had nothing better to do than to chat with random slashdotters.

Re:Sounds like a version of the vanity plate legen

Unlike you, the police know about VIN

Improper automated testing setup

[deeLo57]

Why can people be more careful on how they test thier equipment/software?
what's so hard about setting up a simple SMTP server in a seperate lab enviornment,
configuring it to be vtext.com and making sure your software is sending the correctly formated "TO:" fields

sending it off into public networks is just irresponsible.
I'm sure some engineers sent messages purposely to NULL@vtext.com but shouldn't good programers at Verizon check for that?
shouldn't there have been a list of restricted VTEXT alias? so administrator@vtext.com couldn't be registerd?

There is plenty of blame to spread around here.

Channeling?

[Geoffreyerffoeg]

Bubrouski's phone began channeling

Wow. A cell phone ter'angreal.

Plan : bankrupt Verizon

[drgonzo59]

Create a worm that will send text messages to Verizon customers. Before they'll know what is going on, there will be hundreds of thousands of pissed off customers. Everybody will sue/break their contract/yell/put strain on tech support/etc.

I feel sorry...

[wickedj]

... for anon@anon.com, a@anon.com, abc@abc.com, junk@junk.com and host of other imaginary email addresses I've chosen in the past.

Re:I feel sorry...

i always use bob@bob.com or my favorite, shittyshitpants@shit.com

He knew waht he was doing

[gjuk]

Seriously. What I find amusing here is the collection of comments about "stupid kid" and similar. No way. This guy knew what he was doing; he thought it would be quite funny to see what happened - and he was rewarded with years of amusing misdirected messages followed by a flurry of activity on the web. Well done him. Years ago - a secretary in my office "was shocked" to discover that British Airways voicemail could be broken into by using # followed by the PIN 4444 when prompted for options 1-n. The SUN newspaper in the UK carried the story prominently - after we changed the messages. This was brilliant. Just what she was hoping for when she type '#4444'. And similarly - he's got just what he was hoping for. Just think about the email admins in charge of testing.com, test.com and 123.com. They must have a field day.

Might Want to Pick a Different Alias?

[Kamel+Jockey]

How about allah@vtext.com?

Re:What was the weirdest email got that wasnt for

[Obi-w00t]

Sounds like you're in there.

nospam

[j1mmy]

I set up an email alias nospam@myuniversity.edu when I was in school. I actually got a few emails to it, but nothing like this guy.

Verizon charges 10c/message to receive txt

[erice]

Verizon does not charge the recipient of a text message.

Yes, they do. I'm a Verizon customer. Up until last September, I was charged 1.5c per received message. I used to forward a copy of my personal emails to the phone because it was convenient and, as long as I wasn't forwarding spam, it was cheap. On September 1st, Verizon raised the price to 10c per message received. Naturally, I turned off the forwarding.

There are bundle deals but recieving isn't free with them either. You get a fixed number of messages that you can send or receive.

Been there, done that, with Downside

[Animats]

I run Downside, which provides some financial information, mostly about failing and failed companies. For some years, I just routed all the mail for the domain to a default mailbox, regardless of username.

There's a "Downside School and Abbey" in England. I'd get misaddressed e-mail to and from students and teachers. Most of this was minor, although a few students signed up for things that generated spam, resulting in my getting junk mail about British teen idols. On one occasion, though, I got a misaddressed message headed "I am going to kill you tonight". This was after the Columbine massacre, when everyone was paranoid about school shootings, so I called the school, got someone up in the middle of the night their time, and read them the message. It turned out to be a 12 year old kid flaming in E-mail. But you never know.

Then there was "Downside", the band. They had "downside.net" for a while. That produced some amusing E-mail. I'd get some of their mail, even after filtering. I forwarded this to their lead singer, and we'd occasionally exchange messages. That was fine, but then they tried offering branded e-mail to their fans, using the "downside.net" domain. That led to too much junk, and I talked to them about that. Finally, they were signed by a label, and changed their name to "Strata" to avoid trademark problems, since I own "Downside" as a registered trademark. There are actually several other bands now calling themselves "Downside", but none of them seem to be very active. (The grunge band on Long Island broke up, another let their domain expire, and the third insists they haven't broken up, but don't play much.)

The worst problem was a "joe job", a company sending out spam to advertise their porno sites. At one point, 16,000 mail bounces per day were coming in, and the mail server was overloading. We put some effort into shutting them down. Since they were paying for ISP accounts with credit card numbers they'd collected from their customers, ISPs were very cooperative. And owning a registered trademark gives you extra legal leverage.We got them kicked off servers on three continents. We had their domains locked and their DNS turned off. It took a while to trace them to St. Petersburg, Russia, but after some long international phone calls, all their sites disappeared from the web and were never seen again.

What if they sent to Bukowski's email address?

[myth_of_sisyphus]

"So these sons-of-bitches send me crap all day. 'My car's broken down. My baby's been eaten by a dingo.' Boo fucking hoo.

I go to the bar at lunch. Have a bottle of the Dago Red and read this drivel. I would smack them if I knew them. A woman approaches. A fan. I take her back to the room and throw a fuck into her while the email inexorably builds up. It's driving me out of my fucking mind.

After I'm finished with her I look at the thing: a thousand messages from the doomed to the lost. I throw it out the window on the way to the track."

Re:What was the weirdest email got that wasnt for

[Alex+P+Keaton+in+da]

Say what you want, and don't admit it, but we are all secretly trying to figure out how to do this with our picture phones so we get topless images of drunk coeds (by mistake) at 3 am.

Google can log SMS message content

[tech-law-ny]

If he received SMS messages via Google Send to Phone, Google might
have the contents, which could be useful in tracking down why they
occurred. I didn't see anything saying that Verizon stores the
contents of SMS messages, or whether they'd be willing to do this.
http://toolbar.google.com/firefox/extensions/sendt ophone/faq.html says

      "When you send a message using Google Send to Phone ... we
      might also log the text of the message you send, in order to
      investigate and correct technical problems with the service."

real spam probably won't be a problem

[FlippyTheSkillsaw]

I imagine most email harvisting software will ignore things like null@ and maybe things like nobody@ or abuse@ in addresses, figuring them to be false results.

A wise person could probably avoid 80% of spam just based on their username. A common username like john, will probably be getting spam before it is created, because spam software will take every reasonable domain name it can and add common names to it.

Phone Tag

[umbrellasd]

*ring*

"Hello?"

"Vroom vroom!"

"Damn!"

*click*

Re:What was the weirdest email got that wasnt for

Years ago in college I created a batch file that would flood other students screens with endless DOS windows with stupid messages during class (some Windows feature to send messages across the network, I don't recall the command). People usually surfed the net well the teacher babbled on, so this would really piss them off. The messages would come so fast most students who weren't smart enough to just block me or disconnect from the network would end up shutting off their computers to end the flood.

For shits and giggles I named my computer admin@[network], which turned out to be the same name as the teachers computer in his office. How this was possible, I don't know, bad setup on their part I assume. How I learned that the teachers computer shared the same name? People were sending messages back to me, which were going to the teachers computer instead, with swearing and death threats that I better stop messing up their computers and after a day of batch files calling batch files and a massive flood of many computers the teacher came in and asked why his computer was flooded with these type of messages from so many students.

This was before I logged into everyones computer who didn't set an administrator password, deleted their user account, and changed their admin passwords to, "ilikehairyballsonmyface"

no@no.no

[deprecated]

I've used that one a lot.

Cool!

[HaDAk]

That gives me bad ideas... O:)

similarly .....

[nblender]

I feel sorry for (postmaster at localhost dot com) ...

Just like 'cat /dev/null' on a busy multi-user system. Amazing what some people throw away.

(yes, I'm only kidding and no, I know that doesn't work.)

Re:similarly .....

[daverabbitz]

QUOTE:
I feel sorry for (postmaster at localhost dot com) ...

Just like 'cat /dev/null' on a busy multi-user system. Amazing what some people throw away.

(yes, I'm only kidding and no, I know that doesn't work.) /QUOTE

That gives me an idea for a kernel hack ;)

I think I'll call it /dev/null_log /me grins evilly

Re:similarly .....

[eosp]

Not nearly as fun as cat /dev/zero > ~/test though.

Complaints

[ClamIAm]

Send flames to /dev/nul ... I mean ... this guy.

C'mon Joe, you can always change your name

[billstewart]

Hey, at least he's just "null" and not "nobody", which is a bit more canonical in the Unix world. And he's not Joe, or "joe user" or Alice or Bob (popular with cryptographers and protocol designers) or "user" or "login" or "example".

"nobody" is occasionally reserved

[billstewart]

"nobody" is a standard user in SunOS and various other Unix flavors, so mail to "nobody@some-machine-running-sunos.domain.com" will generally go to whoever gets "nobody"'s mail, generally root or a large file named [your mail spool here]/nobody . It's not official from an SMTP standards perspective, but it's a more likely target for random mail than "bin", "usr", etc.

"The" DMV?

[raehl]

There are over 50 DMVs. I'm sure they have better tings to do than sit someone down and come up with every word a police officer might use to indicate that a vehicle's tags are missing. And then still miss some, which at some point would get hit unintentionally.

It's a case of trying to proactively solve the problem is more work than retroactively solving it (from the perspective of the DMV, anyway).

node.com had a similar problem site-wise

[Ungrounded+Lightning]

(Like the guy who got the vanity plate "NO NE" and next year, when he went to renew his registration, got billed for the last year's unpaid parking tickets on every car in the state with a missing license plate.)

The domain node.com had a similar problem.

('scuse me for spacing out the email addresses in this post, but you know bots. I don't want to cause 'em any more trouble.)

Back in the days of home-rolled sendmail configurations, system administrators often thought they knew better than the users (and were often wrong.) One thing that was common was to decide that mail addressed to a user named "user" or a site named "node" was the result of somebody reading the manual too closely and forgetting to substitute the actual user's or site's name in the mail command. And of course mail to "u s e r @ n o d e . c o m" MUST be an error, right? B-) So many of them would "hotwire" their sendmail configuration files to bounce such mail, returning a helpful note about what the manual meant.

But it turns out that "node.com" is a real domain. (A very old one - dating from the days when a list of ALL the domains fit on a three-page appendix to an early book on the internet.) So these bogus sendmail configurations were interfering with its mail something fierce.

In those days the mail was handed around from site to site, too, rather than going straight to the mail server of the target over the "connected intenet". So one "helpful" sendmail configuration file could foul up mail to node.com from great swaths of sites that had no institutional connection with the hotwired one. The automatic routing protocols would find their best route, which often would happen to go through a hotwired mail server. Then a user at node.com would complain, and the sysadmin would have to contact the correspondent getting bounces, hunt down the offending site, figure out how to get in touch with the sysadmin, and talk him into getting things fixed. (Of course this wasn't helped by the sysadmin's own system bouncing his return mail... B-) )

(Of course people with the expertese to attempt such "automated helpfullness" were often running large sites that handled a lot of mail for a lot of other sites, so it only took a few of 'em to bollox things up for much of the net.)

What he eventually did was create the account "user" and configure the "vacation" program. "u s e r @ n o d e . c o m" was ALWAYS on vacation. The "I'm on vacation until ..." mesage was actually the explanation about how you're supposed to fill in the user's and site's name rather than make a copy of the mail command in the manual. So this hack provided the message for the entire internet.

Of course "vacation" records the sender's address and only replies once, thus breaking mail loops. It also squirrels away all the incoming mail for the vactioner's return - creating a record of how often the mistake is made.

Turns out it was not very common at all. "user" got far less than a hundred letters a year. (Or did until some web forms for signing up for mailing lists used "user" and "node.com" for the default fields. And then the account got onto some spam lists.)

By the way: Don't test it by sending mail. It was taken down during the system upgrade for Y2K. By then there were a lot of Mail Transfer Agents other than sendmail, and most sendmail configurations were automatically generated by vendor-supplied tools - which didn't try to hotwire "node.com". So when the system was moved to a non-unix box without a preinstalled "vacation" program there seemed little point in maintaining the "service".

"abuse@vtext.com"

[Stephen+Samuel]

Try "abuse@vtext.com".

No thanks. I like to be able to find my email.
I just wish I had some mod points to give you for that one, thougn.

That's nothing

[spacey]

I was the SA and mail admin for void.com from about '94-96 (before it was in the hands it presently appears to be in).

There was an amazing amount of bogus email that went to null@void.com - largely from people filling in web forms. It was a huge waste of bandwidth at the time. I can only imagine how much traffic it would generate now.

-Peter

been there, done that.

[Stephen+Samuel]

On the University of Alberta MTS system (back in the early '80s), all userids were 4 letters long. I got the userid 'None'. This wasn't a big deal until the Plato system started using the MTS system for printing. .... so a couple of things started happening.

The heart of the problem is that when you signed up for plato, the application asked for your MTS id (always 4 letters). Many people who didn't have an account filled in "none". When Plato saw that a print job was finished, it would send an email to the MTS user associated with the print job. I started getting dozens of emails a day telling me that my print jobs were done.

I complained to the plato consultant.

He fixed the problem by setting the account name for all users with no account and then not sending any emails to the user 'none'. Unfortunately, he didn't quite get the second part right. Now I was getting hundreds of unwanted emails (kinda like today, but filtering software didn't exist way back then).

This time I teased the plato consultant

As a quick fix, he just turned off all emails for the plato system... Unfortunately, this was a new hook that he'd just put in, that consisted of setting the notification ID of all users to 'none' just before it went thru the (non-working) filtering code.
Now I was getting about 100 emails an hour (or, at least, it felt like it).

All I had to say to him by this point was "it's getting worse".

He did, finally get it fixed, but there was one last hitch...
All of the unassigned emails had a destination mailbox name of 'none', so we had to train the operators to deliver all plato emails with a destination of 'none' into a designated 'plato' box. Unfortunately, they didn't just put the plato print jobs there. They also put print jobs that were legitimately mine there as well.

It probably took about 2 months to get everything working properly, but it did ultimately settle down.

That is the risk

[nurb432]

Hey, you posted.. you should have accepted the risk. Tough luck.

Verizon does charge

Last I checked VZ is charging me $0.02 per received text message and $0.10 for each I send.

I guess it depends on your plan.

If this guy was evil

[bobamu]

He'd be rich by now!

Re:What was the weirdest email got that wasnt for

[StanB]

Well I'm the fool the article is written about and I got and forgot so many its hard to say. Not many of them were entertaining, more informative than anything else. I'd have to say though the wierdest and by far most annoying messages are:

Fr: (null)
(null)
CB#:

That's it. I've been getting them since the beginning, and the time I waste erasing empty messages from nobody always strikes me as odd.

That's NOTHING!

[scorilo]

I registered a few years ago an email address of johntory@rogers.com. John Tory was a relatively young lawyer turned executive (for those who know, Rogers Cablesystems is the main cable company in Canada, ran by Ted Rogers, also a lawyer). I registered it because he kept on appearing on TV explaining why Rogers sucks. Anyway, 1-2 years later he ran for mayor in Toronto, and took the second place (first loser). My mailbox got filled with messages from other lawyers and layppl congratulating him for his excellent campaign, even though all Rogers corp emails are in the *@rci.rogers.com namespace. Not long after, my service started to suck, I asked them to disconnect me, they didn't, and eventually I had a collection agency on my a** claiming almost $1000 from me. Typical.

Maybe he's not that smart

[thepacketmaster]

While I do agree that the people creating the devices that send the emails should be a little more cautious, and I think it is nice that this guy came forward with the information, it seems a little odd that he would have let this go on for 5 years!

uucp@aol.com

[Matt]

This reminds me: Long ago, someone at a UNIX user group meeting told us about how he had the email address uucp@aol.com for a while. He said he got some pretty strange email.

Java code

[kulpinator]

Sometimes the compiler just helps you be stupid. For example, in Java:

public class Null {
public static void main(String[] args) {
String a = null;
a += "";
System.out.println(a);
}
}

prints null to standard out. Silly, but true. (I don't like the indentation either.)

It works even better in reverse :)

[thedji]

When signing up to high-risk crap I don't need like NYTimes articles, once-off downloads and the like, when prompted for an email address, I try and use a combination of [root|postmaster|webmaster] @ [localhost|company.domain] and choose as many "Free Newsletters" as I can.

It really gives you that warm, fuzzy, "F@CK YOU!" feeling on the inside :)

Re:It works even better in reverse :)

[IamGarageGuy+2]

You're a sick bastard. Although this will become a hobby of mine now.

Heh ... file@aol.com

[Motherfucking+Shit]

For many years, I had the screen name "File" on AOL. I don't know where exactly the convention comes from, but apparently, lots of people are used to CCing a copy of their emails to "File" in order to save a local copy. On AOL, the mail system has quasi-LDAP built in; if whatever you place into the CC field is a valid AOL screen name, that screen name becomes a CC recipient. And so, tons of people would try to carbon copy their emails to a local file by typing "File" into the CC field, and it would wind up in my inbox.

I can't begin to describe the various hilarities I witnessed over the years. Wish I still had the screen name; alas, it was hijacked a few years ago when someone called up impersonating me, and all the AOL support fuckwits were willing to do was cancel the account. Their loss.

Random brainfart: file@aol.com posts to Usenet almost 10 years ago. Yikes, I'm feeling old!

OT

hey, you may have done this on purpose, but the link in you sig is http://slashdot.org/adrd.org

perhaps you only want certain people that can work out how to fix that minor problem to view your site?

Also, you have spelling mistakes in the Disclaimer of every drug report:

Disclaimer These reports are not necessarily indicative of a problem or new side effect of the durg or drugs listed. This is merely a report of an adverse reaction that may be related to one or more the durgs listed. Before stopping or starting any medication, you should consult with a physcian.

Re:What was the weirdest email got that wasnt for

[unitron]

"Say what you want, and don't admit it, but we are all secretly trying to figure out how to do this with our picture phones so we get topless images of drunk coeds (by mistake) at 3 am."

So which part is by mistake, drunk or topless?

(of course if a drunk is trying to operate a cell phone camera at 3AM you may well get an image that is itself topless, not to mention out of focus and upside down)

Hmmm...

Can we buy this guy a phone->computer link and post all these messages on the web somewhere?

Try having donotreply.com

[stoutstreet]

Yup -- it's funny

Re:What was the weirdest email got that wasnt for

[justthinkit]

Years ago in college I created a batch file that would flood other students screens with endless DOS windows with stupid messages during class (some Windows feature to send messages across the network, I don't recall the command).

Sounds more like the NetWare SEND command. I once did something similar to disrupt an Advanced Netware seminar.

mount /dev/hda0 /dev/null

[marciot]

"I mounted my 60GB hard drive on /dev/null and now it's filled with crud..."

Re:mount /dev/hda0 /dev/null

You are a clueless idiot.