Spam Replacing Postal Junk Mail?

TheOtherChimeraTwin writes "I've been getting spam from mainstream companies that I do business with, which is odd because I didn't give those companies my email address. It is doubly strange because the address they are using is a special-purpose one that I wouldn't give out to any business. Apparently knotice.com ('Direct Digital Marketing Solutions') and postalconnect.net aka emsnetwork.net (an Equifax Marketing Service Product with the ironic name 'Permission!') are somehow collecting email addresses and connecting them with postal addresses, allowing companies to send email instead of postal mail. Has anyone else encountered this slimy practice or know how they are harvesting email addresses?"

Do you shop online?

[Old97]

Every time I buy something on-line I have to provide my billing address so now the e-mail address I use and possibly more (can it read cookies?) is known to the vendor who can turn around and sell that information to others. How easy is it for some Javascript or something to poke around for e-mail addresses when you are at a site? Also, my e-mail providers know my address - i.e. yahoo, google, aol, apple and comcast. Could they be selling that information? I wouldn't be surprised.

I had enough

[Krneki]

I use 2 emails, one for spam and one for private mails.
Now both my emails are full of junk, but while google spam option are working my old yahoo email is beyond saving.
Just keep clicking on "this is spam". It's not worth your time to understand why it's happening, and even if you do understand, you will find out it's impossible to avoid.

Hell, I can't even check my old SMS because it's full of spam.

Re:have your own domain-get universal forwarding

[ticklemeozmo]

Many websites which require email addresses discourage and in fact prevent the use of + while signing up.

Re:have your own domain-get universal forwarding

[AnalPerfume]

If I need to reply to an email to join a site I'm dubious about, in other words actually receive it, I use the Trashmail addon for Firefox. It expires after a couple of emails. If they turn out to be OK, I can then change the email to a more permanent one in the options.

Re:have your own domain-get universal forwarding

[SpammersAreScum]

Yup. I suspect this is a case where Hanlon's Razor should be remembered.

An interesting change

[AnalPerfume]

In the UK, junk mail does subsidize the postal service, so although you can opt out, they plead with you not to, as it would increase the cost of normal post by quite a margin. How much of this is real and how much is just them desperate to hold onto an income from companies paying them to shovel shit through our letterboxes is open to question. I do accept it in principle though.

If that switched en-masse to email, those contracts would expire, meaning snail mail prices would increase. The Royal Mail don't have any way to transfer delivery from paper to email, so they couldn't recoup those loses. Since email is free, nobody would make any money from these mass email contracts.

On the other hand it would cut down on a LOT of wasted paper, which 99.99999999999999% people take from door to bin, bypassing the eyeballs, some people do recycle but not enough.

While email is great for most communications, snail mail is sometimes required so it can't be allowed to die. I doubt it would die if they lost the junk mail contracts.

For me, the worst offenders are the magazines and newspapers you have to pinch at the spine and shake over a bin before opening, to release all the leaflets stuffed inside. Is it not enough that for every 5 pages of a publication, 3 pages worth are adverts? If that's the state of the magazine industry, maybe it deserves to die too. The internet has already steamrolled over many business models, what's another one to add to the list?

Perhaps a solution would be a commercial / personal email distinction at an ISP level with a legal backing. Personal email is always free, commercial email costs say 1p per email. Charities / schools etc would be exempt from charge too. Make it something you have to declare with your ISP and legally stand by. Spammers using botnets wouldn't be affected since they operate illegally anyway, but it'd regulate the "normal" "legal" marketing companies. Make it a legally enforceable requirement to ONLY email people who have opted in, and fine them for ALL breaches.

Re:I wish spam replaced postal junk mail

[RoboRay]

There is a trash can right next to my mailbox, which enables me to deal with paper spam about as easily as the electronic kind.

I do keep the little response cards with "return postage guaranteed" stamps, though. Those are great for gluing to bricks or other heavy objects you want to dispose of. Drop them in a mail box, and they not only get wind up in a mailbox at the company that spammed you, but that company gets billed for the postage, by weight. The heavier the object, the better!

Re:Email Append - BINGO!

[TheOtherChimeraTwin]

Yes, I think you've hit the nail on the head. Experian eMail Append overlays deliverable email addresses onto your active customer file and contacts customers via email on your behalf to obtain permission to communicate with them online.

By "permission" they mean they send you email until you complain. If they happen to pick an email address that is normally not read by a person, they don't get any complaints. (Not that I opt-out of spam; I block it.)

Further on, they state Retain your customers by keeping your brand top-of-mind through consistent, relevant and interactive email communications. Yeah, good luck with that. I know four companies that have just lost my repeat business.

Thanks to all for an excellent discussion.

Re:GMail

[Sephr]

It seems you think spam is always all caps. All-caps spam is a trademark of the makers of that lunchmeat: http://www.spam.com/about/internet.aspx

I love freenode

[myspace-cn]

Every time someone asks a question on how to stop spam, there's always some smartass expert that say's, "This is the year 200X, you should be able to filter it." Yet the reality is not everyone can lock down their exim, sendmail, etc. It is complex, and spam is still a vector for hell of problems.

A sysad could have all the orbs, dnsbl, spamhouse, etc filters in their system, and still the spam will make it through.

There's a lot of reasons the "volunteer" experts in irc on #debian, #ubuntu, #suse advice is bunk.

A user who has an exploitable web form mail script.
Outdated server software on unmanaged server. (ex: Fedora Core Version 4 running)
cPanel exploits.
Rootkits.
Broken SMTP server.
No Iptables firewall. (Don't laugh I've seen servers like this, with no firewall at all!)
Financially impossible.
Multiple binaries. killall -9 exim exposing extra binaries running.

Unless your willing to sit down 24/7 and monitor your /var/log looking for patterns, and flushing the /var/cache/mail to see what came in, searching through all your users directories for exploits, the chances are these experts advice will not work. Many hosting companies, individuals, have no idea how to deal with email servers, in fact they should just shut the port off and remove the server. Having hundreds of spam connections to your email server every second, doesn't make grepping the logs any easier. CIDR blocking networks of the top 100 spam connections, can ease it some. Blocking entire countries can help also.

I have watched spam destroy a hosting company financially. From trying to get off blacklists to forced outsourcing.

Frankly, the free advice and elitist attitudes for help isn't working.

At the same time, people should be able to send anonymous mail --IMO
And furthermore, the same volunteer experts are helpful with nearly everything else linux.

Anyway what works for you in your setup may not work for others.
CAN-SPAM has not worked. (if you ask me it's a place for a spammer to build a list)

In my final opinion here, I am not going to leave you without a potential solution.

My solution is, put your fucking unmanaged server behind a firewall. For example ipcop.
Somebody from germany hitting your FTP server every morning at cron time? iptables their ass and never see a packet again.

This goes contrary to the popular APF, BFD scripts. You could get a user complain they can't get mail from some server in china or .br but ...... You can always OPEN that back up for them, as opposed to the hundreds of hits every second, taking your entire server (with low ram) into PEGGED HIGH CPU, with the fucking exim/processing/var/mail snafu.

truth be told, I have not personally ever found a way to stop spam from a server, except by CIDR'ing their entire network's ass up until they behave. Not a fucking packet from them after that. Yeah hundreds of thousands of other piddly ass fucking servers IP from countries on the entire planet still come in. Get rid of the TOP ones though...

The other thing is, even if you do catch, or ping some fucking server in the USA, you can't stop them. Or get paid. I was told I could get paid for each spammer I caught. Problem is there's no way to legally stop them and prove you caught them. (That's a LAW problem) Or I would be doing this every day, as my primary source of income!!!

On one server, I blocked, .Cn, .Ru, .BR, .FR Some germans..um, the bogans, and using log statistics to sort the top spam sources . I managed to get the CUSTOMERS HAPPY, and the CPU from 99% to 2% idle. Not one complaint about an email not reaching the Falun Gong.

A user who fucks up and hits an email list accidentally is not spam. (though assholes out there try to make it like it is, with solicitors and lawyers) But at the same time ANONYMOUS should pass though, and at the same time the real spammers need LIFE in prison.