My Short Life As An Unintentional Spammer

from the leave-me-be dept

Regular readers of Techdirt will remember that two months ago I got hit with a "spam attack" of sorts where a spammer put my personal email address as the "reply-to" in a series of porn spam emails - meaning that approximately 500 bounce messages, autoresponders, and angry replies all came directly to my inbox in approximately 36 hours. It was not a fun experience, and I wouldn't wish it on anyone - but it does appear to be happening with increasing frequency to plenty of people. Two weeks ago, a friend of mine contacted me, afraid that someone had hijacked her email when she was a victim of such an attack. All the major news articles talking about spam seem to ignore this sort of attack. I've decided that since this does appear to be a growing issue, I would simply publish the article I wrote about it here. Click "Read More" below to read the entire story about my short-life as an unintentional spammer - where I explain just what sorts of people actually do reply to spam, and what they say.

My Short Life As An Unintentional Spammer
by Mike Masnick

Ever wonder what sorts of emails end up in a spammer's email database? Want to know who actually responds to spam and what they say? Want to know the myriads of formats (and languages) a bounced email message can take? I can now tell you all of this. Without my knowledge, I recently became an accidental porn spammer.

When I got home one evening a few weeks ago, I noticed that I had more than the expected amount of email waiting for me. A quick glance through the inbox showed about fifty "bounced" emails - saying that email addresses of people I had emailed did not exist. The problem with this, of course, was that I hadn't actually emailed anyone.

It did not take long to figure out what happened. While some bounces simply told me that the recipient didn't exist, others included the original text of the email I had supposedly sent. It claimed to be from someone named "Chris" or "Ali" and was a reply to an alleged message from an online dating site. Chris and Ali apologized for taking so long to reply, and nervously suggested that the recipient find out more information about them by going to a website. Clearly, this was porn spam. Out of principal I won't visit the websites that were in the spam messages.

The problem was, I hadn't sent these messages at all. I'm not Chris or Ali. I don't use dating sites. I don't have a porn website. I don't send spam.

One of the popular "tricks" among spammers nowadays is to set the "reply-to" address as the same as the recipient's email address. That cuts out on the problems of bounce mails, and also has a psychological effect on recipients who are curious what email they've sent themselves. Most spam filters have figured out ways to still capture these spam messages (though, I'm now hearing stories of legitimate emails that people send to themselves being classified as spam). I've received plenty of these types of spam, and most are filtered away, never to be bothered with.

It seems that this particular spammer took things one step further, and made the "reply-to" address for all of his spam message set to my personal email address. If anyone looked at the headers, it was clear that I had nothing to do with the email whatsoever. However, most mail servers aren't so smart.

With any spam list, there's a certain percentage of "bad" or outdated email addresses. Generally speaking, a server that receives an email for someone they don't have an account for will "bounce" the message. Those bounces go to the person who sent the message - normally found in the "reply-to" line. Since my email address was in the reply-to line, all those bounces started coming my way, regrettably informing me that my pornographic spam emails had not found their intended recipient.

After dealing with the rapidly growing desire to reach through the internet and strangle whatever lower-than-life scum did this to my email address, I resigned myself to looking at this from an anthropological perspective. Suddenly, I was in a position to offer information on things that few others would (hopefully) ever willingly have access to.

Should anyone want it for research purposes, I now have a fairly large collection of bounce messages. It appears there is no standard format for a bounce message (which, by the way, makes them painfully difficult to filter). They have infinitely different subject lines. They say different things in the body of the message, sometimes nicely, sometimes rudely. They show up in different languages with different explanations. Some admit that the account has been closed due to too much spam. Others simply don't exist any more (if they ever did at all). Some bounces quote the original message; some don't. Some include full headers; some don't. Who knew there was such variety in how mail servers bounce their email?

Beyond the bounce messages were all sorts of auto-responders. It seems that some of the email addresses in the spammer's database were emails people used to send responses to those who "request more info". Suddenly I was receiving huge files of information that I really had no use for whatsoever. I also found out about a number of people who were on vacation that week, or who had recently switched jobs. One even had an auto-responder saying "this is closed...I am tired of the internet... all internet access for me is closing". Some of the addresses were to subscribe to various mailing lists. Many bounced back confirmation emails, asking to prove that I really wanted to subscribe, while others just subscribed me automatically (which will now force me to manually unsubscribe).

While most of the "information" was fairly useless, I suddenly had the opportunity to peek into the lives of people I had no association with whatsoever - connected only by spammer. I felt like reaching out and commiserating with those who were sick of the spam and wondered if I should congratulate those with new jobs. However, there was no time for that, I had more erroneous spam fallout to deal with.

Next, came the responses. I, like many people, often wonder what sorts of people actually respond to spam emails. For years, it has been beaten into my head that you never, under any circumstance, respond to a spam email. It just shows that you're a live human being, making your email address more valuable. I'm still shocked when I come across people who haven't heard this. However, they are out there, and they come in all different shapes and sizes. I have their emails to prove it.

There are the confused, but polite people. One woman wrote me a nice message saying that a "horrible" mistake had been made, and that she had not replied to my online dating ad. She did warn me, however, that there are "plenty of strange people out there" and that I should be careful. How nice. Another woman couldn't remember what she had said in her reply to my non-existent online dating profile and wanted to be reminded. A few others just asked who I was.

Then there are the unsubscribers, who are under the unfortunate delusion that asking spammers to take them off their list will help. They send simple messages saying simply "unsubscribe" or "unsubscribe, please", as if that will ever get to the actual spammer, or that they would actually pay any attention to it.

Lastly, are the angry, but clueless. I feel their pain, but they need to find a better outlet. I received emails telling me things I never knew (and find unlikely) about my lineage and suggesting I go places I have no interest in going, using all sorts of language you wouldn't use in polite company. I also received a threatening letter saying that I would be hearing from some company's corporate lawyer.

None of these people stopped to think that it was odd that my email address includes, pretty clearly, my name - which is neither Chris nor Ali. With the number of spam messages that go out every day, I wonder if these people reply to them all. I guess, for some people with anger management problems, this is a kind of outlet. All day, every day, respond angrily to spam messages, and maybe it will have a calming effect on your life.

What's scary is that, for the most, part, I only saw the bounced messages. They continued for approximately 36 hours, and then stopped abruptly. In the end, about 500 email messages bounced back to me, so I can only guess at how many thousands of poor, unsuspecting email boxes are currently dealing with spam sent with my email address as the reply-to. I apologize to all of you, even if I had nothing to do with it. I don't want to date you, and please, feel no compulsion to look at the web page in the email.

Most people agree that spam is evil. It's a waste of time and a general nuisance. I can argue against spam from a variety of levels. It's bad for the internet. It's bad for users. It's bad for business. It's just bad. Luckily, there's a rapidly growing industry of companies (and simply concerned individuals) creating software solutions to help stop the spam menace. While there are debates over how well any of these systems work, it is possible to at least reduce your spam intake. Personally, I use a spam filter that is pretty effective in reducing my spam load to a mostly manageable level.

However, with something like this, there simply is no effective preventative measure in place. The spammers spoof the reply-to, making it whatever they want - so it never even touches my mail server at all. My inbox gets bombarded because there's no simple way to filter out the bounced messages since they are all so different. It's difficult to track down a spammer normally - and more so when the spam isn't even sent to you. Despite the fact that my address was the reply-to, it seems the spammer never sent me the message directly. I found a bounce message that showed the full headers and tracked it back. The email came from a mail server in the Philippines, and pointed to a website hosted in China, owned by a company in London. Tracking down the actual spammer would likely be close to impossible. Assuming they could be found, suing them would be nearly impossible as well, not to mention costly.

One potential solution to this would be to require every outgoing email to have a verified identifier of some sort, so that any email can automatically be traced back to the original sender. This (as does every solution) brings up other problems. There are benefits to anonymous email, and we wouldn't want to take that away (though, perhaps you could limit the number of emails that could be sent anonymously to prevent bulkmailers from abusing the system).

In the end, though, this sort of stunt has killed off the tiniest amount of support I had for spammers. These spammers stand behind their First Amendment rights to speak their minds (which is an argument that can be shot full of holes in a second). In this case, though, the spammer made no use of any First Amendment rights. What they did was just mean and nasty and a complete waste of my time.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Chris, Feb 11th, 2003 @ 4:58am

    No Subject Given

    This happened to me (again) just last night. I found 50 bounces on the server last night, and about 30 more this morning. Ugh.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Phibian, Feb 11th, 2003 @ 5:00am

    1st Amendment Rights

    The best rebuttal I ever read is as follows (NY Times, "Tangled Up in Spam" by James Gleick.

    "Many people who hate spam believe, honorably enough, that it's protected as free speech. It is not. The Supreme Court has made clear that individuals may preserve a threshold of privacy. ''Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit,'' wrote Chief Justice Warren Burger in a 1970 decision. ''We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another.''"

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Ed, Feb 11th, 2003 @ 9:53am

    No Subject Given

    I am currently working with a guy that is getting 2-3 hundred a day, for the last 6 months we are going to try and sue under the anti-spam law in MD.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Sharon, Feb 11th, 2003 @ 11:13am

    yeah, but on AOL........

    If you use AOL and this happens to you this is what you get, first, kicked off. Your password is no longer valid. Puzzled, you call AOL. AOL informs you that your password has been scrambled because you were reported for sending out pornographic mass mailings to other AOL members. You say, "say what?" They then tell you that someone using one of your screen names was logged on at such and such time, and you say, "ha?, no one was even here at that time." "Oh well", says AOL, "you must have a virus." At this time AOL doesn't acknowlege the fact that spammers use "bots" to get passwords. I have Nortons System Works, Firewall, and Trojan Hunter. There is NO WAY I have a virus. "Ok," says AOL, we will change your password to blah blah blah, then you go back in and change it, this is your first offense, two more times this happens and you will be kicked off for violation of TOS." (Thats Terms of Service although it means absolutely nothing as far as action) And you say "say what? I just told you I didn't do this." So angrily you tell AOL, "do you realize how much porn I delete everyday from my mailbox? Ok, if this is how you want to play the game, from this moment on, I will forward EVERY piece of mail that OFFENDS me, to TOSmail at AOL. I think I'll clog YOUR mailbox with the crap I get everyday and see how many other INNOCENT people get reported for spamming they had nothing to do with, then terminate YOU!"

    Yes, this is a personal story, I know how it feels.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    David, Feb 11th, 2003 @ 2:31pm

    Me too!

    Yup, had the same thing happen to me, twice. I get any email with my domain on the end of it. Some spammer made up a name like "adelstre", tagged it onto my domain email, and sent the spam off. Got a few hundred bounces. What really amazed me was that *not one person* wrote back to complain that I'd sent them spam. All I got were the bounces... I tracked the stuff down to a server somewhere in China. Sent a few abuse reports to the ISP, but heard nothing back.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Tim, Feb 11th, 2003 @ 9:41pm

    Nice article

    I remember when it started happening to you. As I recall, it took you a while to "resigned [your]self to looking at this from an anthropological perspective". Nice article. I'm sorry that you weren't able to sell it, but I am glad you wrote it and posted it.

    How many people actually wrote you?

    What do you use for a spam filter?

    Thanks,
    Tim

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Mike (profile), Feb 12th, 2003 @ 12:39am

    Re: Nice article

    I remember when it started happening to you. As I recall, it took you a while to "resigned [your]self to looking at this from an anthropological perspective". Nice article. I'm sorry that you weren't able to sell it, but I am glad you wrote it and posted it.

    Thanks. It did take some adjustment period... I'll admit the article was a tough sell because it's not clear what sort of news organization it fits with. However, the responses I did get from a couple were kind of amusing. I was told that since there's no way to prevent it from happening "why should we bother publishing this?" and another news organization told me that the spam story has been done and "this doesn't further the story in any meaningful way"... I disagree, since clearly this is different than the thousands of spam stories that still get published and this particular thing is happening more often (sometimes confusing the hell out of its victims)... but, it's not my call.

    How many people actually wrote you?

    How many wrote me to say the same thing happened, or who responded to the spam?

    What do you use for a spam filter?

    SpamCop. It has it's problems, but it does the job.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Charles, Feb 12th, 2003 @ 9:00am

    So who is the London-based company?

    Tell me the details (email as well as here, please) and maybe I'll drop by if I get a chance. At least it won't be a transatlantic call for me.

    Copy of the spam with headers would be fun too.

    best
    Charles (technology journalist)

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Tim, Feb 12th, 2003 @ 9:23am

    Re: Nice article

    How many people wrote back to "the spammer."

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Mike (profile), Feb 12th, 2003 @ 9:37am

    Re: Nice article

    How many people wrote back to "the spammer."

    Somewhere between 15 and 20 I think.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Brian, Feb 12th, 2003 @ 11:01am

    Can you make the bounce messages available?

    I'm trying to integrate some bouncing features into POPFile (a great open source spam filter btw, popfile.sourceforge.net, which uses bayesian word counting, so catches things that "hardcoded" filters can't) and could use some examples of the automatic bounce messages. Is there any chance you could make them available? Perhaps via ftp, or in a zip file that you could email?
    I have no interest in any of the addresses in them, just the formatting, so if you have any concerns, feel free to mangle the mentioned addresses (it's a shame that search and replace can't do random substitutions).
    And I can sympatize with you. I own a domain as well (mooman.com) and someone did the same thing a while back, using one of my email addresses as the "reply-to". Thankfully it must have been a small mailing (or a relatively clean address list) because I only got a few bounces from it. But I'd like some more samples to improve my own spamfilter...
    Thanks!
    (the above "ZZN" address is a throwaway one I just signed up for given how often my preferred ones seem to get harvested..)

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Jesse, Feb 12th, 2003 @ 11:03am

    Only two things to do...

    There's really only two things to try in this situation, neither of which seem to do much good:

    1) Trace the headers back. Send e-mails to the admins of that (probably open) mail server as well as the upstream ISP.

    2) Find out to whom the domain of the 'advertised' web site is registered. They might be less likely to let spammers do their mailings (or do it themselves) again if they have real live people calling with threats of litigation.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 11:09am

    Re: No Subject Given

    We have one?!?!

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 11:13am

    No Subject Given

    This happened to me two weeks ago. Over five thousand bounces, most of them before I had a chance to get to my mailbox. Over ten megabytes of mail.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Antonio, Feb 12th, 2003 @ 11:24am

    Hypothetically speaking..

    Imagine that maybe spammers don't spam you directly but spoof your email so you get bouces off of their servers. The actual spam would be bounces off their servers. Why you ask? Well, for one thing, it is difficult to filter spam that has your reply-to address. Most filters just let email with your reply-to address through. Devious and very very annoying. :(

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    anonymous, Feb 12th, 2003 @ 11:26am

    Re: random search and replace.

    of course you can do random substitutions with search and replace. try perl.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    aNonMooseCowherd, Feb 12th, 2003 @ 11:28am

    envelope information vs.

    You're wrong about servers using the "reply-to:" field for bouncing email. They normally use the envelope information (see RFC 2821), which does not have to match anything in the header or the body of the email. The "reply-to:" field is intended for the mail user agent (the recipient's email program), not the mail transfer agent (the email server).

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Jimmy the Geek, Feb 12th, 2003 @ 11:29am

    Why do mail servers allow people to lie about who

    The mail server should be the one attaching the from mail header to the email, and only after authenticating a valid user.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Brian, Feb 12th, 2003 @ 11:31am

    Re: random search and replace.

    Well, that's true, but I was picturing like in a text editor. I didn't think it was fair to ask someone to cobble a perl script on top of collecting all these messages for my request.

    "Oh, and could you spell check them all for me too?" ;) It's "gift horse" syndrome.


     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Dazz, Feb 12th, 2003 @ 11:34am

    Re: yeah, but on AOL........

    Stop using AOL... it sux anyway

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    rama r, Feb 12th, 2003 @ 11:38am

    spam filter

    Why didn't SpamCop catch the bounces? They should be routed through the filter just like anything else, and should contain the body of the original spam, which I assume matched enough rules for SpamCop to properly classify it?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Jim, Feb 12th, 2003 @ 11:44am

    Re: yeah, but on AOL........

    This happened to me too. I got my account restored after getting someone on the phone, but they said the same thing -- "must have been a virus." I know there was no virus for the same reason as you: Norton scans, sw firewall, and a router that's the only thing visible to the Internet.

    Scanning bots are ceratinly one possiblility, but there is another: "trojan" sites. A few days after my spam experience, I remembered getting an e-mail with an Instant-kiss or other such greeting. Clicking on the link without looking carefully at the URL, I was given a sign-on screen that looked like AOL. I enetered my name and password and got an innocuous message that I soon forgot. Unfortunately, whoever ran the site now had my AOL name & password.

    Since my screenname was hijacked, I've been more careful. I have gotten more notices of Instant-kisses and such (at least five this week), but have taken the time to read the URLs -- each was hosted somewhere other than AOL. I now forward any such message to AOL's Community Action Team in the hopes that they can get the sites shut down (one of my neighbors is an AOL lawyer, and she has plenty of colleagues.)

    Just a word of caution. Even one careless moment can open your account to SPAM senders.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    William Nett, Feb 12th, 2003 @ 11:45am

    You're not alone

    This has happened to me as well. My hotmail account was the 'from' address that the spammer faked. All the bounced e-mails just filled my inbox... and they wonder why I turn them in to their ISP every chance I get?

    W!ll

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Richard Remer, Feb 12th, 2003 @ 11:45am

    I'd like to get a copy

    Mike,

    If you've still got the spam could you send it to me at nospam@wwnet.net?

    (Yes, that is a real e-mail address). I work at an internet service provider and while you said yourself there were no discernible patterns on bounced messages, I'd still like to peck through them and see if I find anything usefull for spam filtering.

    BTW, I use spamassassin for my spam filtering and all I have to say is this: 6 months, one spam has got through, and I haven't missed an e-mail (that I know of; if I missed it then I missed it).

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Lose Weight Fast!, Feb 12th, 2003 @ 11:46am

    Take off those inches

    Hey

    Are you struggling with weightloss? Losing the battle of the bulge. Well, your hope is here friend.

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    Lee T, Feb 12th, 2003 @ 11:47am

    spam spoofing

    One of my email accounts is currently suffering the same plight. I get 20-50 undeliverables a day from all over the world and there is nothing I can do about it. I think very detailed information should be included in e-mail headers, screw anonymous. I would be willing to give up that right in order to make people accountable for their actions. Spammers seek out poorly secured systems and exploit them for personal gain, is that not "cyber terrorism?" What makes them any different than Kevin Mitnick or any other "hacker" who has ever been prosecuted? The difference is most of the "hackers" never did any harm, whereas the spammers cost businesses money for bandwidth, disk usage and time. America has a really twisted idea of right and wrong, that's my 2 cents.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 12:09pm

    Those volumes were pretty low

    I was getting hit at a rate of about 1500 emails per 6 hours...and that's pretty much when it filled up my 10mb mailbox. This happened for several weeks in a row. And since these are only the bounced emails, I can't imagine how many spams were sent and actually got through as well.
    Since this was a web mail interface, I was able to delete only 100 at a time, the limit of the web mail interface. After a while, I just let the inbox stay full because it was taking too much time to delete.

    500 in 36 hours is almost nothing.

    :)

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Nathan, Feb 12th, 2003 @ 12:22pm

    Half a dozen addresses of mine...

    I get on average 20-30 of these "bounces" or replies per week. The thing is sometimes the replies are threatening lawsuits.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Matthew Stein, Feb 12th, 2003 @ 12:36pm

    Re: 1st Amendment Rights

    My last job was the webmaster for a campaign and our organization got both the positive and negative side of spam. As the webmaster, I received hundreds of viruses and spam at the webmaster account daily, and when we made a mistake re-configuring our SMTP server for access from a second office, our SMTP server was innundated by spam and therefore got it blacklisted.

    However, we also opted to send out non-commercial spam right before the election. While our ISPs insisted that we violated their Acceptable Use Policies (which was debatable), we certainly did not brake the law. Political speech is protected by the Constitution, and the Courts have consistently ruled that it is immune from any such restrictions - in other words, campaigns and other political organizations can legally ignore don't call lists and (if it ever happens) don't e-mail lists. However, it's worth noting that campaigns are harmed by bad press in a way that firms (or fly-by-night organizations) aren't.

    Of the messages I received back from our political spam, the majority were positive interest in receiving more information and liked our initiative. A few wanted to know how we got their e-mail address, and a few (for no good reason, really) sent us back death threats and obscene writing.

    (However, for a campaign to use the political excemption from don't call lists, etc., it must identify itself truthfully. Otherwise it's in violation of FEC and state-based committee regulations, which result in heavy fines and perhaps even jail time.)

     

    reply to this | link to this | view in thread ]

  30.  
    identicon
    Brian S, Feb 12th, 2003 @ 12:36pm

    Happened to me as well....here is what I did...

    Happened about 6 months ago to me. I did a lookup on the website that the spam was pointing people to, in the logic that ultimately, they could be held responsible, because either they personally, or through a marketing contract to someone else, was using my email address as the reply for sending out spam.

    They were nice enough to have had full information in the website DNS registration. I contacted both their ISP as well as the website owners/operators, with the jist of the message being, I know who you are, I will sue you for defamation of character as sending these messages with "MY" identity, makes many people believe that I am sending the message. If you immediately stop using my address and remove me from any and all lists, I may consider not bringing the lawsuit to court.

    In all seriousness, a defemation of character suit could very well hold up in court in a case like this. Because of their actions, people believe that you are a) a spammer, b) a porn monger, c) disgusting person whom they will never do business with. Could be easily seen to meet the requirements of a defimation of character suit.

    Recieved a VERY quick response saying that they would take care of everything. And I have not had a problem since.

    P.S. Sorry about the spelling, I am a programmer, not an english major or teacher :)

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Sean Reifschneider, Feb 12th, 2003 @ 12:36pm

    Only 500?

    It sounds to me like they are clearly sending out their message using a huge group of Reply-To addresses, of which yours is one... 500 bounces is nothing...

    I've had this sort of thing happen to me several times in the past, though not for a few years currently. One Saturday morning I woke up to find my mail server chugging along trying to deliver me over 10,000 messages, and still going strong. I set up a filter to prevent those messages from coming in but it took a while for the currently queued messages to finally get delivered to me.

    Another time I got nearly 30,000 messages when someone in Texas sent out an advertisement for a cookie recipe...

    Unfortunately, we're probably going to have to do something like confirming every message, signing messages, or smarter filters that understand not only the sender address but also the path that was taken to get to you.

    Sean

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    brian, Feb 12th, 2003 @ 12:48pm

    Re: 1st Amendment Rights

    i dont mind spam, i know it wont leave, but i want it pre-sorted/not faked as a personal email. Cali made a law to put ADV: in the beginning of the subject line at leaste. we just need a new mail platform. i get spam from myself allot, so i blocked my own email address

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 12:48pm

    Re: yeah, but on AOL........

    It gets even better than that. Imagine this url:
    http://www.aol.com/%73%6e%6f%77%70%6c%6f%77%2e%6f%72%67/martin/
    Now, this url certainly looks like it's on aol. In fact, the url above is on aol, but the link is pointing you somewhere different. (in internet explorer; mozilla throws up an error, even though it clearly decodes things properly) Unless you see that the linked url is different from the one that the link claims to be pointing at (and different only in that subtle "@" character), you'll think that the page is on aol.
    In fact, it's just my personal page, but I could easily replace that with something that looked just like an aol signon page.

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Scott Nelson, Feb 12th, 2003 @ 12:48pm

    Bounced messages


    Should anyone want it for research purposes, I now have a fairly large collection of bounce messages.


    I would like such a collection, though it's for the purpose of improving my mail server,
    which is not exactly research.

    Scott Nelson

     

    reply to this | link to this | view in thread ]

  35.  
    identicon
    Anymouse Custard, Feb 12th, 2003 @ 12:50pm

    Re: 1st Amendment Rights

    Well, it may or may not be within your first ammendment rights, but an ISP's TOS is a contract you sign - not the constitution. I don't know or care which party you support, but the political climate these days is that a contract has more power than the constitution.

    That aside, if you spam me with your "non-commercial" spam, you will have an effect. That of making me much more likely to vote for the opposition, as I have no respect for someone who feels the only way to get their opinion out is to shove it down everyone's throat.

     

    reply to this | link to this | view in thread ]

  36.  
    identicon
    Adam, Feb 12th, 2003 @ 12:58pm

    Partial solution..

    This has happened to me twice now, although I only received only 5-8 bounces each time (no telling how many actually were sent, of course).
    A partial solution I'm thinking about trying is simply to have my SMTP server keep track of the message-ids of the mail that I send out, store the ids for some number of days, verify against received bounce messages' ids, and flag mismatches as being spam (more likely, anyway).
    Of course, determining if something is a bounce message isn't perfect, and this assumes that the message ids aren't mangled on the way back, but it _should_ help somewhat for this sort of spam spoof problem.

     

    reply to this | link to this | view in thread ]

  37.  
    identicon
    mja, Feb 12th, 2003 @ 1:01pm

    Re: No Subject Given

    This happened to me. I was so angry. I did a little more than figurativily reach into the internet and wring their mangy necks.

    I went to their grubby little site (which turned out to be litle more than a scam to get credit card numbers) and shut them down.

    They made the mistake of not properly trapping responses to their on their form meaning you could get rubbish into their database.

    Boy did I get them some rubbish. Their site was almost unaccessable on a bandwidth basis with me filling their database with hundreds of thousands of crappy entries, the script changing format every hundred or so , so there would be no easy way to filter it out.

    They tried blocking the address range I was on, I simply moved the attack through another ISP. 4 ISP's later they went down and stayed down.

    Not proud. And think I should have shown more self control. No one has used my email address as a return to again though.

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    anonymous, Feb 12th, 2003 @ 1:04pm

    Re: Nice article

    If you want to get published, you need a snazzy title, like "Cyber E-Spam Incident Analysis"

    :-)

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    fluffy, Feb 12th, 2003 @ 1:10pm

    Re: 1st Amendment Rights

    Spam is not illegal in most states, and sure, probably political campaigns will always be legally able to spam for 1st amendment reasons, but I would certainly never vote for that candidate again. In fact, I would be likely to vote against that candidate no matter what his qualifications, simply because he a/dor his campaign showed such poor judgement. What kind of judgement would the candidate show while in office?

    On the other hand, prohibiting spam is a time-and-place restriction on free speech that just might withstand 1st amendment scrutiny. You can't drive your campaign station wagon down my street at 3AM blasting out "Vote for me!" on a loudspeaker. Not only would my neighbors come after you with shotguns, but the police would arrest you for violating noise ordinances and probably for disorderly conduct. Prohibiting spam is basically the same thing, IMHO. It's not the content of the message that trips the restriction, but the manner of delivery, and manner of speech *can* be restricted.

     

    reply to this | link to this | view in thread ]

  40.  
    identicon
    Moira, Feb 12th, 2003 @ 1:10pm

    Urgh...deja vu

    I had this happen, and was highly concerned that spam messages were reaching people from my account! My husband and I responded to one of them that had a URL in the body of the message (which was, as it turned out, a site to help people become spammers.) I politely but firmly informed them that if they did not stop using my domain immediately, I would take legal action. The e-mail I received in return was one of the crudest, most vulgar (and, I might add, laughable) things I've ever read. My husband was very offended, however, and responded...leading to a brief e-mail war with someone who apparently possessed limited linguistic skills.

    However, I did stop getting bounced messages.

    *sigh*
    M.

     

    reply to this | link to this | view in thread ]

  41.  
    identicon
    Bill Stewart, Feb 12th, 2003 @ 1:30pm

    Better than spam laws

    Spam laws can be useful, because they've usually got a relatively low threshold of proof required, as long as you can really identify the spammer. But in your case, assuming you can really demonstrate that it's the spammer, why not use an approach with more teeth - criminal forgery charges don't get you any money, but there's probably some tort like defamation of character or even conversion (if MD lets you do that for intangibles) that you could use to collect (ideally in addition to the spam charges...)

     

    reply to this | link to this | view in thread ]

  42.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 1:35pm

    Re: envelope information vs.

    Beware however, some Outlook Express 'mail-program' sends replies to the *sender*-address (sometimes preserved as Return-Path in the header).

    Oh, the joy of Microsoft.

    And oh, the joy of systems sending bounces to a 'reply-to' address.

     

    reply to this | link to this | view in thread ]

  43.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 1:48pm

    Be careful about fighting back...

    My company was guilty of running an open relay about 6 years ago. When it was first used by a spammer (which ate up all our bandwidth at the time), we tracked them down and reported them to their ISP.
    About 3 months later, another pornographic spammer (who I'm assuming to be the same individual) used two non-existent email addresses at my company as the both the to and from addresses in their message. All the recipients were BCC'd. Not only did we get all the non-delivery receipts, but we got two copies of every message sent. To make matters worse, since the To address was an invalid email address, each message was returned to the "sender". Since the sender was also a bad address at our company, the returned message got returned as well, this time to postmaster@our domain. All in all, each initial message created 4-5 messages in our e-mail system (until we created the bogus accounts which reduced it to two). We received over 200,000 messages (including the duplicates) in just a couple days. It was extremely difficult to keep our server up and running for our business mails.
    Next came the rash of angry letters from the people who thought we sent the message. We got about 200 responses from the original mailing, a noticeable percentage of which threatened bodily harm for sending their kid on AOL an inappropriate e-mail. After that the most interesting responses came from the people that felt it was necessary to send us "Make Money Fast" schemes since we were obviously disreputable anyway.
    It hasn't happened since, and I'm VERY thankful.

     

    reply to this | link to this | view in thread ]

  44.  
    identicon
    C E, Feb 12th, 2003 @ 1:55pm

    A quick and dirty fix

    This is why my firewall blocks all access to all of asia and south america. They can't deliver if I don't let them. Every ISP in America should do the same.

     

    reply to this | link to this | view in thread ]

  45.  
    identicon
    Anonymouse, Feb 12th, 2003 @ 1:59pm

    Re: yeah, but on AOL........

    Actually AOL is doing you a favour... have you ever tried to quit their service? It's next to impossible.

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    ben, Feb 12th, 2003 @ 2:00pm

    Re: No Subject Given

    AHAHAHA...makes me want to learn to hax0r.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Me, Feb 12th, 2003 @ 2:00pm

    SPAM

    This happened to me once. I immediately closed that email address and created a new one. I only told the people I like my new email and I never get spam to that address.

    1. Create a throwaway email account that you input for any website that demands it.
    2. Never post your email. Always write it so a bot can't use it (or better, type it into MS Paint and post the picture of your email address)

    Simple.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    A. Nonymous, Feb 12th, 2003 @ 2:13pm

    What would happen if the "reply-to" was also inval

    For example:
    Spammer sends message to joe@six-pack.com, with a "reply to" of jim@foobar.com.

    Joe's account is invalid, so the six-pack.com mail server bounces a message to jim@foobar.com. The foobar.com mail server does not have a "jim" account, so it bounces the message back to joe@bloe.com.

    Would this continue on forever?

     

    reply to this | link to this | view in thread ]

  49.  
    identicon
    a system administrator, Feb 12th, 2003 @ 2:22pm

    The importance of good passwords...

    "spammers use "bots" to get passwords"
    Crackers and script kiddies use password crackers to find the most vulnerable and easy to guess passwords. My accounts (being a system administrator, I have access to lots of different servers with lots of different passwords) have never been cracked by password crackers, and I'm fairly confident they never will. Be careful with your passwords and follow these rules:
    • never give your passwords to others, including system administrators. sysadmins don't need your password to do their work; people who claim they need your password to do their job are lying -- if they are sysadmins, they have full access to your account anyways. Sometimes tech support people ask for your password (they're usually no sysadmins themselves); never tell them, especially if you use the same password for other accounts (not recommended, but with a lot of accounts, it can be hard to keep track of all the different passwords
    • never write your password down, send it in an e-mail or store it unencrypted in a computer.
    • Don't use your name, a friend's name, you pet's name, or any other name as a password. Don't use any ordinary word or brand name. Crackers try to crack your account using huge dictionaries of words and names which they process automatically in a short time. Like thousands of tries per second.
    In spite of what you might think after reading the strict rules above, a password that is hard to guess doesn't have to be hard to remember. A trick I use sometimes is thinking of a sentence (of at least 8 words) and taking the first characters of every word as my password. It also helps if you can sneak in a number or a punctuation symbol. The last part of the previous sentence would get you 'Sianoaps' with this trick -- a password that won't be found with dictionary crackers. Don't think I'm being overly paranoid about this. There are a lot of password cracking tools available, and a lot of script kiddies worldwide want to play with them. regards, a system administrator

     

    reply to this | link to this | view in thread ]

  50.  
    identicon
    Dave, Feb 12th, 2003 @ 2:24pm

    Re: The importance of good passwords...

    Been the victim of one tonight in the UK. some alias @gilliananderson.net got forged into a massive spam run, as the from/reply-to fields.

    Mailbox flooded.

    Regards

     

    reply to this | link to this | view in thread ]

  51.  
    identicon
    benedict, Feb 12th, 2003 @ 2:38pm

    misinformed

    It sounds to me like the spam was sent out with
    your address as the envelope sender. This has
    nothing to do with the Reply-To header. Sheesh.

     

    reply to this | link to this | view in thread ]

  52.  
    identicon
    John Champion, Feb 12th, 2003 @ 2:39pm

    receiving end of guy claiming virus

    a couple of weekends ago, a guy spammed a whole bunch of rr users from his rr account and then from a hotmail account sent via his rr account.

    the emails pitched his realty services.

    he got so many calls and complaints that he began to lie and claim that this was a virus.

    and those of us who are technically literate think he's lying. no virus would create an email targetting the users of rr in his city, point them to a website touting his realty services and asking the user to do business with the spammer.

    we gave him so much grief i don't think he'll ever use email again. i still call him and harass him right back.

    i want him to think twice before he sells my email address to other spammers.

     

    reply to this | link to this | view in thread ]

  53.  
    identicon
    Jeb Philson, Feb 12th, 2003 @ 2:40pm

    Re: Take off those inches

    Please send me some of them pills.
    My credit card number is 4876 1761 2610 9213, exp 09/04.

    Jeb

     

    reply to this | link to this | view in thread ]

  54.  
    identicon
    John, Feb 12th, 2003 @ 2:42pm

    I can track that sucker down...

    Mike, contact me, I can track that sucker down. I do it all the time. If I can't, then I can shut down their Domain name.

     

    reply to this | link to this | view in thread ]

  55.  
    identicon
    John, Feb 12th, 2003 @ 2:43pm

    Re: No Subject Given

    I can give you the name of an attorney that's well practiced at sueing spammers.

     

    reply to this | link to this | view in thread ]

  56.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 2:45pm

    Re: What would happen if the

    Yes, it's a mail loop. Eventually they get killed, I think there's a TTL on bounce messages, but we had a mail server go down because some joker sent a message to someone who didn't exist with the same address as a reply to. It's even better when he does it to a mailing list, then you get 500 bounces at the same time.

     

    reply to this | link to this | view in thread ]

  57.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 2:51pm

    One word... ASK (Active Spam Killer)

    It requires a one time confirmation from all new email addresses that email you. EMail from yourself to yourself requires an identifier in the email you send. All emails that do not get a reply from the sender stay in a queue on the server and you never have to see them(you can if you want by sending a special command to the server).

    You need a *nix mail server though :).

     

    reply to this | link to this | view in thread ]

  58.  
    identicon
    CRasch, Feb 12th, 2003 @ 2:53pm

    They did something similar to me.

    Spamer spoffed my domain name without my permision. They edited thier LMHost file to match my domian name with thier email server and sent a whole bunch of spam. So I got all the bounce messages and some replies.

     

    reply to this | link to this | view in thread ]

  59.  
    identicon
    Vadim Makarov, Feb 12th, 2003 @ 2:59pm

    Re: Be careful about fighting back...

    Two years ago a spammer used a non-existent address @ our department domain name in a "send your unsubscription requests to" clause. It must have been a very powerful spam, because our mailserver was DDOSed to the knees by manually mailed unsubscription requests only.

     

    reply to this | link to this | view in thread ]

  60.  
    identicon
    DogMeat, Feb 12th, 2003 @ 3:00pm

    How I beat back the spam

    I use SneakEmail.com religiously for my email addresses and it's allowed me to not only reduce to almost nil the amount of unwanted spam but also to pinpoint exactly WHO gave out my address in the first place!
    --quoted text from sneakemail.com site--
    The original disposable email service, created for email users to regain power over their email from commercial forces and catch them spamming.

    Fully user supported and operating free of exploitable commercial ties. No debt, no operating loss, fully self sustaining... a virtual vault for your email address.
    Quick Start
    1. Create an account: Providing a username, a password, and an email address you wish hidden from spammers.
    2. Every time you need to give out your email address to somebody you don't trust, log in to Sneakemail and create a new Sneakemail address.
    3. Give this Sneakemail address to them instead.
    Mail sent to this Sneakemail address is rerouted to your real address, and when you reply it is rerouted back to the sender. Your real address is never seen. If you receive unwanted mail through this Sneakemail address, such as spam, you can take control by either filtering incoming mail using the Sneakemail filters, disabling the Sneakemail address itself, or disposing of it permanently. You also now know where a spammer got your address.
    --end quoted text--
    And for those email accounts that are already spammed but I just can't bear to get rid of (like my ancient hotmail addy) I use MailWasher from mailwasher.net Works on POP3/HotMail/MSN with support for IMAP/AOL/Yahoo coming later.
    I still need to try SpamAssassin on my little Linux firewall, I hear good things about it but haven't had the chance. But between SneakEmail and MailWasher I can quickly kill almost all of my spam.

     

    reply to this | link to this | view in thread ]

  61.  
    identicon
    somebodytotallyanonymous, Feb 12th, 2003 @ 3:00pm

    only one right thing to doo....

    DDOS the fuckers whose site is advertised in the porn spam. That's all you can really do, right?

     

    reply to this | link to this | view in thread ]

  62.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 3:02pm

    Re: 1st Amendment Rights

    Spam is not about non-commercial! Spam is about consent. If you don't have my consent I don't care if you are the President, you don't have the right to spam me. I also don't care if its legal or not - we all know that the reason spam pisses people off is not that its illegal - its that its really annoying.

    Its simple, if a politician spams me I will vote against them and I will tell all my friends to vote against them.

     

    reply to this | link to this | view in thread ]

  63.  
    identicon
    Paul, Feb 12th, 2003 @ 3:05pm

    Re: Me too!

    Many people are aware that you do not reply to spam as that often means you are confirming that your address is a live address, thus ensuring it will never be purged from email lists..

     

    reply to this | link to this | view in thread ]

  64.  
    identicon
    Dale, Feb 12th, 2003 @ 3:06pm

    Re: 1st Amendment Rights

    The First Amendment does not apply to your ISP, your employer, the newspaper, etc. It applies to the federal gov't, its institution,s and by the 14th the states and its institutions.

     

    reply to this | link to this | view in thread ]

  65.  
    identicon
    Boudewij, Feb 12th, 2003 @ 3:06pm

    You were lucky...

    About a year ago, one spammer decided to do the same
    trick to me. I got thousands of bounces a day for weeks on
    end. It completely clogged up my uucp connection.

    Then it ended -- but only a few days later, it started again. And then again. And then, suddenly, it stopped. Never happened again. Touch wood.

     

    reply to this | link to this | view in thread ]

  66.  
    identicon
    John Draper, Feb 12th, 2003 @ 3:17pm

    Spam Conference

    For anyone who might be reading this forum, I was one of the speakers at the Spam Conference in Cambridge.

    I talked about how I tracked down some of the really nasty spammers. Go to "spamconference.org" for a recording of my talk, but with only 20 mins speaking time, I just barely was able to cover the material.

    I'm trying to find time next month to kick off the SMS project. Spam Management System. It empowers the ability of Spam haters to track these suckers down, and make it very expensive for them to do their Dirty deeds.

    I don't have time to explain it here, but anyone can individually contact me if they want more information.

    If you use things like POPFile, or other SpamBayes type technolgies, then this is something you might want to look into.

    John
    crunch@shopip.com

     

    reply to this | link to this | view in thread ]

  67.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 3:19pm

    BF Clue Stick

    Spam is theft. You steal my computing resources and personal time. I don't give a rats ass what your cause is, or what criminal (polotician) you are representing. Unless I have a prior personal relationship with you, I don't want to hear from you.

    Political spam still comes postage due. This is NOT PROTECTED. YOUR right to speach ENDS when I HAVE TO PAY FOR IT. GET IT?????

    When YOU pay my ISP bill, THEN you have the right to send me crap. Until then, bugger off!

    You cannot justify spam for ANY reason. None. There is no defense. All spammers must die (figurativly speaking.)

     

    reply to this | link to this | view in thread ]

  68.  
    identicon
    Tim Stone, Feb 12th, 2003 @ 3:24pm

    Re: Can you make the bounce messages available?

    Popfile and Spambayes are both sourceforge.net projects designed to deal with spam in a "machine learning" style of filtering. Simple filtering technology is becoming less effective in dealing with wiley spammers. Bayesian filtering technology, which is trained as you go, is very effective. I would encourage anyone to check out these projects at sourceforge, and find out what a joy spam-free living can be :) Look at spambayes.sourceforge.net and popfile.sourceforge.net for more information.

     

    reply to this | link to this | view in thread ]

  69.  
    identicon
    John Draper, Feb 12th, 2003 @ 3:31pm

    Re: 1st Amendment Rights

    I attended the conference. It was awsome. The only problem was that it was only one day.

     

    reply to this | link to this | view in thread ]

  70.  
    identicon
    John Draper, Feb 12th, 2003 @ 3:34pm

    Re: Me too!

    You won't.... Even with contacts in China, it's virtually impossible to get the Chinese to work with anyone in getting the ISP's to stop spamming.

     

    reply to this | link to this | view in thread ]

  71.  
    identicon
    John Draper, Feb 12th, 2003 @ 3:42pm

    Re: Can you make the bounce messages available?

    There are so many cool features you can add to a "pop3proxy" to do all of what you want to do.

    You might want to go to spambayes.sourceforge.com and check it out. It's written in Python (my favoriate language - no flames please), and it has a really nice web based GUI, and interfaces with the SpamBayes Classifier and Tokensizer.

    As part of our proposed SMS (Spam Management System) we intend to also develop an SMTP proxy that's going to be really awsome.

    Also, if you are running OpenBSD servers, you might be interested to know that Theo (author of OpenBSD) has added some really cool anti-spam features down at the really low Packet Filter level that can cause spammers huge headaches if they target OpenBSD systems.

    Details on the OpenBSD.org web site.

     

    reply to this | link to this | view in thread ]

  72.  
    identicon
    SysKoll, Feb 12th, 2003 @ 3:48pm

    It's called a Joe Job

    Sending a spam with a fake return address is called a Joe Job in anti-spam circles. This is why you should never, ever reply to a spam.
    The only effective countermeasure I found was to use SpamGourmet. It's a web site that allows you to define disposable addresses forwarded to your real (secret) address. The disposable addresses can be disabled. They automatically shutdown after 20 messages from unknown senders (not in your whitelist). So, a Joe Job would generate, at most, 20 replies into your forwarded mailbox. After that, you'd have to re-enable the disposable email, although you'd rather leave it disabled because it WILL be spammed again.
    -- SysKoll

     

    reply to this | link to this | view in thread ]

  73.  
    identicon
    John Draper, Feb 12th, 2003 @ 3:50pm

    Re: Only two things to do...

    Tracking down through the domain registration is a really good way to get to the Site owners.

    However, in my endeavers, I find that a large percentage of the site owners are not even aware that spammers are hawking their site.

    However, you can put a lot of pressure on them to assist you in tracking them down, but don't be surprised to find that MOST domain owners are totally unaware and powerless to do anything aboout it, assuming they would even be willing to cooperate.

    In some cases, we discovered a rather elaborate "stock pump up scam" where spammers would target a company through their web site, spam the heck out of them, with the company totally unaware this is taking place, and only leaving them wonder why they are getting a lot of interest.

    Prior to the massive spamming binge, they buy out a lot of stock at their low opening price, and when the stock increases they sell it. How do they sell it? By spamming of course.

    They would target companies just going IPO.

    But most of the "fly by night" companies will hire spammers living outside the country, stealing open gateway service.

    It's perfectly legal of course, and most of the spammers live in the USA, are filthy rich, and need to be "exposed".

    I'm in process of developing the tools to make that easier to do.

    JD

     

    reply to this | link to this | view in thread ]

  74.  
    identicon
    Mike, Feb 12th, 2003 @ 3:54pm

    Similar experience

    I had a similar experience. The spammer used randomly generated addresses at my domain. I was getting 20K SMTP connections a day mostly bounces. With a fair number of complaints. It was a painfull experience, and it lasted for almost 2 weeks.

     

    reply to this | link to this | view in thread ]

  75.  
    identicon
    John Draper, Feb 12th, 2003 @ 4:05pm

    Re: spam spoofing

    One of the really cool things we're going to be able to do with the SMS, is to "generate" honeypot addresses. Then infiltrate their spam lists with them. We can generate an infinate amount of "honeypot" addresses, all are perfectly valid (No bounces), but go into a single folder.

    So each spam coming in, is entered into a database, and "assigned" a honeypot address. So as mail starts coming in, a single click on the address looks up the specific spammer, and we can instantly tell if the spammer sells our Email address.

    This is great for using in Opt out attempts, and instantly points the finger to the spammer.

    All this is automatic, as the spam being processed is added to the database. Each record in the database allows for notes to be added, so when time permits, the spam hater can add other bits to the database record like the "Domain name" contact information (which is also automatically added to the database record).

    It can also go in and attempt to Opt out, and failed attempts would then classify the spam into a special section that automatically sends it to "uce@ftc.gov", and others can be "classified" to be sent to SpamCop automatically. But you still would have to individually give each one your attention for the final spamcop submission.

    All of this is handled automatically of course, and as it's processed, it logs everything, identifies any errors and when I have time, I can go in and see how it's doing.

    Ahhhh! the wonderful things you can do with 'real expressions'....

    John

     

    reply to this | link to this | view in thread ]

  76.  
    identicon
    John Draper, Feb 12th, 2003 @ 4:19pm

    Re: Only 500?

    I know how the spam programs work. I collect them to analyse them so I can develop pattern recognition to combat them.

    One such program is "mail-safe.com" - and each of these spammer programs allow for anyone to put anything they want in the "reply-to" field, and forge any of the headers in any way they see fit. Some can get this information from large files of other Email addressed they "harvest" from the web.

    I've developed a good collection of "spam rules" that can catch these programs, and not only identify where they are used, but also positively identify anything they send out as spam.

    Most of these programs come from "Spam Packages" sent to people who reply to yet more spam like "Make money at home"... there are literally MILLIONS of these spam packages out there, complete with lists of open gateways, specific spam to send, and how to find more.

    If anyone wants to go after spammers, then these would be the first ones I would want to go after.

    Of course what can you do..... NOTHING... except flood the uce@ftc.gov with your spam, and continue the time consuming process of spamcop submissions.

     

    reply to this | link to this | view in thread ]

  77.  
    identicon
    ScooterBoy, Feb 12th, 2003 @ 4:31pm

    Re: Only 500?

    boo.

     

    reply to this | link to this | view in thread ]

  78.  
    identicon
    Edward Scissorhands, Feb 12th, 2003 @ 4:31pm

    Re: 1st Amendment Rights

    Remember, that the first amandment applies only to the constitution of the United States of America.
    Other countries ( Phillipines, China, and England ) their own constitutions that grant other constitutional rights for their citizens. Whether these rights include the right to send spam is a matter for constitutional lawyers who know about those countries.

     

    reply to this | link to this | view in thread ]

  79.  
    identicon
    Ykaens, Feb 12th, 2003 @ 4:32pm

    No Subject Given

    Hello,

    First I see all the e-mail addresses are published on this site as regular
    e-mail addresses. Talking about easy e-mail address harvesting! What about
    my DOT name AT hotmail DOT com ? Damn.. THINK!!!!!!!!

    But anyway, I was a postmaster for a newswire company that sends out
    aprox.. 50.000 to 230.000 e-mail messages every 24 hours. Just to make
    CLEAR: these are valid newspaper subscription e-mail-lists I do not want to
    be associated with spam in any supportive way.

    I have A lot of experience with e-mail and spam because I studied AI (data
    mining) and worked in several data mining companies.

    The SPAM problem will NEVER be solved because people can and will make
    money of it.

    Other thing, look at the ip addresses in the headers of spam. Want to hack
    a e-mail server ?

    Receive as many spam as you can get, have a script filter out the ip
    addresses and voila, you will come up with at least two cracked servers a
    day. Which can be accessed by you just like the spammer did. I automated
    these steps in just 20mins .. If I can do it, anyone can do it.

    My point: Large spam amounts never get send by the advertising company's
    themselves... So it is impossible to do something about it in any legal
    way.

    People might argue that a lot of people are using the Internet in terms of
    numbers. But if one looks at the world-population, only a couple percent
    is using the Internet. Try to imagine if 80 percent of the world
    population has access to the Internet. Than spam will rise also with a
    huge factor. I get about 67 spam e-mails a day, the average Internet user
    24, hmmzzz.. 24 * 6.. That will become a lot of spam in the next upcoming
    years.

    You mention the company's who produce anti-spam tools in a good way. This
    should be forbidden to my view. Because they make money of spam and
    turning spam into a industries which will grow BIG and has grown BIG in the
    past few years.

    Anti-spam tools should be produced by the open-source community or issued
    by the government to ensure every Internet citizen is protected in their
    right to say NO effectively..

    You mention that there are no standards for SMTP 550 bounces. You are
    correct.The standards are at least 10 years old and one could hardly call
    them standards. Who looks after the SMTP standard, every BIG IT company
    can implement just as they wish new standards. should not our legal
    representors the government be watching over this ? So that future
    implementation of e-mail will be come less faulty?

    I can continue for hours like this.. But if we really look down in our
    common sense we will feel that unless OUR LEGAL REPRESENTORS (the
    government) will take a stand, we will never get rid of ADVERTISING.

    The computer has grown from a calculator to a medium............ and it deserves the same rights.....

    Good night..

    Yaekns

    p.s.
    I saw some people searching for spam archives..
    I have over 600 GIG's of clean spam..

    Contact me.. or search google for spam archive..

     

    reply to this | link to this | view in thread ]

  80.  
    identicon
    Philip Olson, Feb 12th, 2003 @ 4:33pm

    What do we do about it?

    Okay so this is a problem. Can someone write a detailed article on solutions/bandaids/caveats? Simply deleting them is getting old. In the meantime I use a combination of spamassassin, procmail, and my overused delete button. Am also learning how to understand email headers and related goodies but it's a bit overwhelming. Btw, I don't have a porn site nor do I sell Ganja balls from Russia.

     

    reply to this | link to this | view in thread ]

  81.  
    identicon
    John D, Feb 12th, 2003 @ 4:35pm

    Re: No Subject Given

    One really cool trick we did to "get their attention"... is that if you go to a website advertized by the spammer, and if they are stupid enough to have a forms page, you can spam the spammer.

    But in order to do this, you have to have access to a server that can run CGI programs.

    First, copy the HTML forms page to your server. Replave the ACTION tag with one of your own, but save the "real one" in a variable in the CGI code.

    Add a button "SPAM" to the forms page, and also a text field so you can enter in how many times you want to submit the form.

    Then build up a file of various ficticious accesses and forms field values you want inserted in the forms page.

    Access the page through your browser, and put in some very large numerical value in the new text field you added, and press the "SPAM" button.

    your CGI would them make multiple submissions to their forms page (as many as you want), and it would then either get the field data from a file somewhere on the server, or you can just put in things like:

    Name: Mr No Spam
    Address: 1234 No Spam Ave
    City: NoSpamsVille, USA
    Phone:
    Email:
    (So they can contact you)

    Believe me, they WILL contact you... but be careful when you write the CGI script, to put in a 2 - 3 sec delay between each "submission" so's not to DDOS their server (we wouldn't want to do that, legal reasons).

    Remember, you would be doing them a favor - by showing them how interested you are in wanting to enlarge the anatomy between your legs, and providing them with an infinite supply of honeypot addresses.

    Of course they may get pissed off, but then you can make is clear that YOU are pissed off at them for not providing a way to opt out.

    It DOES get their attention....

    DONT ask me to write the script, I'll leave that up to you.

    JD

     

    reply to this | link to this | view in thread ]

  82.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 4:37pm

    Re: No Subject Given

    Have the ISP rename the mailbox and then cancel the forwarding from the old name to the new name. Problem gone. After about 6 months you can rename it back.

     

    reply to this | link to this | view in thread ]

  83.  
    identicon
    John Draper, Feb 12th, 2003 @ 4:48pm

    Re: 1st Amendment Rights

    I have no beef with spammers, as long as they follow the rules.... which are:

    1) Honor all opt out requests... and don't give my Email to other spammers

    2) Provide valid contact information in the event I MAY be interested in what they have to sell, and can contact them if I want more info.

    3) And use ONLY opt in addresses.

    And when I find something I'm interested in, and want to recieve ocassional Emailings of events, announcements, and such, to deploy a DOUBLE OPT-IN mechanism (one which asks for confirmation).

    If people would follow these simple rules, then spam would never be a problem in the first place.

    But they don't - and their greed will be their downfall.

    JD

     

    reply to this | link to this | view in thread ]

  84.  
    identicon
    Mark Ritchie, Feb 12th, 2003 @ 4:51pm

    Re: Me too!

    yeah, my girlfriend is chinese, and her father runs a few websites, similar thing happened to him, and he contacted people in china and it stopped, so if you can speak the lingo, i guess you'd have more success,

    :)
    xie xie, :)
    (thankyou) hehe picked up a little

     

    reply to this | link to this | view in thread ]

  85.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 4:59pm

    Re: 1st Amendment Rights

    By your "conditions", it's no longer spam - basically it's no different than signing up for a normal mailing list.

    Spam by definition is stuff you DIDN'T ask for - it's unsolicited.

     

    reply to this | link to this | view in thread ]

  86.  
    identicon
    Ominous Coward, Feb 12th, 2003 @ 5:01pm

    My technique

    I have a link at the bottom of every page on my website that says "If you would like us to read email for USD$1000 per page, _payable_ in advance, send it _here_."

    The link "_payable_" goes to a page of terms and conditions. The link "_here_" is mailto:Bill-me-USD1000-and-read-this-######@domain" where "######" is a randomly-generated serial number which is databased and correlated with incoming email.

    If I get email to one of those addresses, I respond with an invoice for USD$1000.00, terms and conditions attached, and a statement thanking them for establishing a business relationship with me, offering bulk rates for reading lots of their emails, and reminding them that until they came to a bulk-rate arrangement, the fee is USD$1000 per email to any address in the domain, payable in advance.

    I could concievably add details of the mail to a spam database, since only spam goes to those addresses.

    I have not yet seen a second spam from any of them. (-:

     

    reply to this | link to this | view in thread ]

  87.  
    identicon
    Anonymous Coward, Feb 12th, 2003 @ 5:21pm

    Re: yeah, but on AOL........

    Then you get a real isp...

     

    reply to this | link to this | view in thread ]

  88.  
    identicon
    Stephen Samuel, Feb 12th, 2003 @ 5:45pm

    Re: Better than spam laws

    why not use an approach with more teeth - criminal forgery charges don't get you any money, but there's probably some tort like defamation of character or even conversion

    Defamation of Character is a definite one there -- making people believe that yhou're a spammer, and porn-muffin.

    Also: I'm pretty sure that criminal action that directly affects you is usually an acceptable basis of a tort for recovery from the results of the criminality.. Add an extra $400K in punitive damages, and .....

     

    reply to this | link to this | view in thread ]

  89.  
    identicon
    nSpectre Anatomy, Feb 12th, 2003 @ 5:47pm

    Re: Spam Conference

    John Draper... THE John Draper? Right on. Was wondering what you've been up to these days. I met you eons ago when you gave a talk at Electronic Cafe in L.A., on a different subject. *cough* =8-)

    As an 0ld sk00l IT Wrangler, I'm very interested in what you're working on. More info would be greatly appreciated. I'll fire off an e-mail toot sweet.

    ^5^

     

    reply to this | link to this | view in thread ]

  90.  
    identicon
    Lawrence, Feb 12th, 2003 @ 6:06pm

    Chinese and Spam

    Not totally true.

    More and more providers here in China have no spam as part of their terms of service. Some of the smarter ones are starting to realise that spam degrades their service and are putting in enforced server authentication for sending messages. This stops the majority of spam through open servers in china isp's (which is sent by you US users mostly).

    The main problem is the people who have clue are not usually the people who run things.
    It can be difficult getting to the right people in the states too (as experience tells).

    Lawrence.

     

    reply to this | link to this | view in thread ]

  91.  
    identicon
    Gene, Feb 12th, 2003 @ 6:44pm

    Re: 1st Amendment Rights

    ...and a few (for no good reason, really) sent us back death threats and obscene writing.

    No good reason huh!

     

    reply to this | link to this | view in thread ]

  92.  
    identicon
    Greg, Feb 12th, 2003 @ 6:54pm

    Re: A quick and dirty fix

    This is why my firewall blocks all access to all of asia and south america. They can't deliver if I don't let them. Every ISP in America should do the same. I looked at that for our corporate connection, but my employer has trading partners in asian countries.

     

    reply to this | link to this | view in thread ]

  93.  
    identicon
    Karl Stephens, Feb 12th, 2003 @ 6:56pm

    Re: It's called a Joe Job

    An explanation can be found in the TechTV article Beware the 'Joe Job' - http://www.techtv.com/news/culture/story/0,24195,3415219,00.html .

    I'd like to solicit your opinion on using technology to stop spam. I've choosen a technical solution because it's too difficult to change human behaviour short of a big stick and hunting down every spammer - (hey, what you do with the stick once you've found the spammer is your own idea).

    Do you believe that these messages would be helpful?

    1. Joe Jobs – Internal Return Address Control - Discard all mail with a return address in your realm that originates from outside of your network. Your clients/staff must use authenticated SMTP.
    2. Kill UCE from open relays using the RBL just behind your SMTP gateway
    3. Kill explicated unwanted mail (on a user-by-user basis) with a black-list.
    4. Filter sender addresses not explicated trusted using a user controlled white-list to a quarantined area then respond with a request to verify the validity of the address by visiting a web site and performing a minor hand spring/Turing test (such as type the number you see in the graphic).
    5. Next is the anti-virus scanner (off topic I know but essential to stop your address book being stolen) to catch harmful mail from a trusted sender address [where the sender is using an email client with an exploited address book – not mentioning any names here 8-)]
    6. Stop Faked Headers by allowing users to explicted decline email not using a digital certificate (freebies from Thawte - http://www.thawte.com) by issue users (and their corrospondants) with a free digital certificate.

    This should ensure that the following types of mail doesn’t hit my users mailboxes:

    • Joe Jobs replies and removal requests stopped at the gateway by step #1.
    • Spam with faked return addresses stopped at the whitelist server in step #4

    Pardon me but I'm off to visit http://www.spamgourmet.com - (Corrected link from original message).


    Karl Stephens - karl.stephens_AT_ihug.co.nz
    Change the '_AT_ to the "@" symbol.

     

    reply to this | link to this | view in thread ]

  94.  
    identicon
    David Horrar, Feb 12th, 2003 @ 7:15pm

    Re: 1st Amendment Rights

    Mr. Stein:

    Although your comment that political speech is immune to the rules applied to commercial messages is correct (thanks to a self serving set of the government), you and whomever you were representing seem to be missing the point.

    If I have registered that I would rather not receive spam, telemarketing, etc. types of communications, what would make you or anyone else think I would appreciate getting political propaganda? Pushing the cost of receiving your messages off onto me is not likely to make me think much of the person being so presented. In fact, I deal with politicans that do such things the same way I do spammers. You don't get my money, you don't get my vote and I will take every opportunity to spread that message to everyone I know, (without sending undesired email).

    There is a difference between what is legal and what is ethical. As an Information Analyst at a university, I take every opportunity to point this out to the uniformed. I'm surprised that you, posting from such well regarded institution, don't do the same.

     

    reply to this | link to this | view in thread ]

  95.  
    identicon
    steve, Feb 12th, 2003 @ 8:50pm

    Re: The importance of good passwords...

    If you don't want to give your password to tech support, fine. But don't be surprised if they can't help you with your accunt after that.

     

    reply to this | link to this | view in thread ]

  96.  
    identicon
    Brian Davenport, Feb 12th, 2003 @ 8:51pm

    Re: Me too!

    I say, all the US and Euro ISPs should just firewall out china, then they might get the idea.

     

    reply to this | link to this | view in thread ]

  97.  
    identicon
    dominik, Feb 12th, 2003 @ 9:09pm

    Re: My technique

    Yes, very smart ;-)
    I am a victim of joe job and I in addition to bounced messages I got such bills too.

     

    reply to this | link to this | view in thread ]

  98.  
    identicon
    Pete, Feb 12th, 2003 @ 9:17pm

    There is a way (sort of)

    I think it would be safe to assume that each batch of emails would originate from the same IP, or same subnet at least.
    So just use mailwasher and put in a filter rule to delete (probably not worth bouncing) any email with the ip in the header once they start coming in. You said some bounces didn't contain the full header info so I guess it wouldn't work for them but for the rest it would. Reduce the amount anyway.
    I filter out 64.70.53. 64.70.44. 64.70.20. and 12.158.240. as I very frequently got spam from hi-speed-mail which use a ton of different domain names. I see pretty much none from them now. It seems to go through cable and wireless but since I live in Australia not the US I feel I can pretty safely block these.

     

    reply to this | link to this | view in thread ]

  99.  
    identicon
    Lazyllama, Feb 13th, 2003 @ 12:19am

    Happened to me too

    They stopped when I started auto-forwarding all the bounces to the email address of the owner of the IP addreses of the advertised web site. They used an obfuscated URL, but there are tools around to decode these.

     

    reply to this | link to this | view in thread ]

  100.  
    identicon
    Tim, Feb 13th, 2003 @ 12:53am

    Re: Nice article

    Popular thread, eh?

    So much for "its been done before".

     

    reply to this | link to this | view in thread ]

  101.  
    identicon
    Roger, Feb 13th, 2003 @ 1:33am

    Someone got your password

    My guess is that someone got your password, and used your account to send the spam. Is that possible? Even if you kept the password secret, someone might have guessed it, or stolen it from your ISP, or something.

     

    reply to this | link to this | view in thread ]

  102.  
    identicon
    Stoat, Feb 13th, 2003 @ 1:49am

    Revenge

    A couple of years ago I got some spam from a company in the UK (where I live), advertising their services. They'd even included full contact details and a FREEPOST address, meaning that they would pay the postage on any correspondance. So I used it and posted them a large bag of gravel, weighing a few kilograms, and a short message explaining why they should stop spamming. :)

     

    reply to this | link to this | view in thread ]

  103.  
    identicon
    zcat, Feb 13th, 2003 @ 2:01am

    Re: What would happen if the

    It's not a mail loop. The first bounce will be from "Mailer Daemon", not joe.

    And usually the second mailer will recognise that anything from a "Daemon" address shouldn't be replied to. If it does reply, that will go back to the mailer daemon address which is usually a black hole or sometimes an alias for postmaster. Either way it'll always be a valid address and not generate any more automated replies.


     

    reply to this | link to this | view in thread ]

  104.  
    identicon
    Harald, Feb 13th, 2003 @ 2:02am

    Spam filters should look at the content!

    Attempt to use "spam filters" that don't look at the actual content of the mail is futile. Microsoft, for one, just doesn't get it, as don't most webmail services. If you can afford it use something like Spamassassin, utilizing Bayesian filtering and sending reported spam to Razor and other fingerprinting services. I was on the Spamcop route for a while but with 30-50 spams per day it took me more time than just deleting all the crap. Spamassassin gives me > 99% success and no false positives so far.

    Unfortunately, Spamassassin requires Perl, and I don't know if it runs on non-Unix systems. But if you use M$ stuff you're doomed anyway.

     

    reply to this | link to this | view in thread ]

  105.  
    identicon
    Config.sys, Feb 13th, 2003 @ 2:42am

    No Subject Given

    Happend to me too,
    Everybody take it easy, you can't do enything.

     

    reply to this | link to this | view in thread ]

  106.  
    identicon
    Brian, Feb 13th, 2003 @ 4:10am

    Re: My Short Life As An Unintentional Spammer

    This happened to our domain exactly one year ago.
    Over three hundred BOUNCED emails per day for about a week.
    Our domain belongs to a professional company so it added insult to injury by tarnishing our image.
    I hate to think how many emails actually got to their targets.
    We did as much tracking down as we possibly could and contacted the server owners, etc.
    We even contacted the FBI who told us that "Unfortunately you are not within our jurisdiction".

     

    reply to this | link to this | view in thread ]

  107.  
    identicon
    Jason, Feb 13th, 2003 @ 5:54am

    Unsubscribing

    I know that replying to the message with "unsubscribe" tell the spammer that there is alive person there, but I have followed the unsubscribe in some spams, and it has reduced my spam slightly. Strangely enough, some spammers actually do honor unsubscribe requests. Keep in mind that this wasn't porn spam. This was probably legitimate commercial spam to buy a product.

     

    reply to this | link to this | view in thread ]

  108.  
    identicon
    JJ, Feb 13th, 2003 @ 6:58am

    Re: yeah, but on AOL........

    May I reccommend you try an ISP whose tech support staff have a hope of understanding the computer systems they work with?

     

    reply to this | link to this | view in thread ]

  109.  
    identicon
    Evil, Feb 13th, 2003 @ 7:20am

    Re: The importance of good passwords...

    >> If you don't want to give your password to tech support, fine. But don't be surprised if they can't help you with your accunt after that. << br>
    That is, for lack of a better word, stupid.

    NEVER... EVER... give your password to ANYone.

    The tech support guys at your ISP/Company can simply *change* your password if its use is really required. They shouldn't even need it in the first place - THEY'RE the one with administrator rights.

    If you tell anyone your password, the conversation is open to interception. Also, it means you plan to be slothful and not change the password afterward: Do you want some part-time ISP Admin going home, having a few drinks, and then deciding it might be fun to read through your personal correspondence (since he still remembers your password)?

    Always make them reset it, then change it back when they're done.

     

    reply to this | link to this | view in thread ]

  110.  
    identicon
    Scott, Feb 13th, 2003 @ 8:18am

    Re: 1st Amendment Rights

    Yes, you're right. We don't have to listen to or view it. But we are still left unprotected when it comes to recieving it. That's why spam and junk mail are so effective - they are inseperable from wanted email and mail, which doesn't force you to look at them - unless you want the non-spam.

     

    reply to this | link to this | view in thread ]

  111.  
    identicon
    Sheila, Feb 13th, 2003 @ 8:48am

    Re: The importance of good passwords...

    I do tech support -- I neither want nor need their password to help with our users' accounts.

     

    reply to this | link to this | view in thread ]

  112.  
    identicon
    Brian, Feb 13th, 2003 @ 9:07am

    Geez, these addresses are already being harvested

    The email address above that I used here was the first and only time I've ever published this particular address. And I've already gotten 3 spams to it.

    Some people just have no ethics...

     

    reply to this | link to this | view in thread ]

  113.  
    identicon
    John, Feb 13th, 2003 @ 9:34am

    Re: My Short Life As An Unintentional Spammer

    Thanks to Mike Masnick for a great article.
    I just had the same thing happen to me, although the number of bounces I recieved was far less than he experienced. It was nice to read about someone else's similar experience with the growing, unethical spam industry.
    Let's find a solution to end the madness!

     

    reply to this | link to this | view in thread ]

  114.  
    identicon
    John, Feb 13th, 2003 @ 9:45am

    You've got to be kidding me !!

    enought said.

     

    reply to this | link to this | view in thread ]

  115.  
    identicon
    John Draper, Feb 13th, 2003 @ 11:50am

    I did some investigation, and came up with this..

    Thanx for all the Email, and with your help, I came up with this following information.

    First of all, these Bozo's are already in my database and are way up there as far as the baddest of the bad.

    With the spam sample that was provided to me, I dug up the following dirt on them....

    This is who owns the domain name of the site advertized in the spam mail.

    Registrant:
    Quiksilver Enterprises
    816 Elm Street, #472
    Manchester, NH 03101
    US
    401-722-6043


    Domain Name: LOAKING.COM

    Administrative Contact:
    Milton, John aaru109@yahoo.com
    816 Elm Street, #472
    Manchester, NH 03101
    US
    401-722-6043 ---- Calls to this number reveals the person is Chinese, and they don't speak
    english.


    Technical Contact:
    Milton, John aaru109@yahoo.com
    816 Elm Street, #472
    Manchester, NH 03101
    US
    401-722-6043

    Calls to the phone number reach a person sho only speaks Chinese. Their Yahoo address is BOGUS - Totally in violation of the policy of their domain name registrant.

    Domain Name: LOAKING.COM
    Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
    Whois Server: whois.directnic.com
    Referral URL: http://www.directnic.com
    Name Server: NS1.GOTDAY.COM
    Name Server: NS2.GOTDAY.COM
    Status: REGISTRAR-LOCK
    Updated Date: 26-jan-2003
    Creation Date: 26-jan-2003
    Expiration Date: 26-jan-2004

    Going to the domain registrant's site, I obtained their "abuse" Email address and brought it to their attention.

    I would say that within 2 weeks, they will loose their domain name.

     

    reply to this | link to this | view in thread ]

  116.  
    identicon
    John Draper, Feb 13th, 2003 @ 12:00pm

    Re: There is a way (sort of)

    Pete writes:

    >I think it would be safe to assume that each batch of emails would originate from the same IP, or same subnet at least.

    No - that's not true at all. They skip around using different ISP's to avoid getting traced. At least the software they use does.

     

    reply to this | link to this | view in thread ]

  117.  
    identicon
    John Draper, Feb 13th, 2003 @ 12:07pm

    Re: Spam filters should look at the content!

    With such an amazing amount of interest in stopping spam, and even more people wanting to contact spammers, I'm almost compelled to offer a service to the anti-spam community. Some of the things I'm considering are:

    1) POP Proxy spam filtering - Of the Baysian type, for those who want web based mail like "hotmail" who just cannot run Perl scripts or have access to their own UNIX box.

    2) WEB based access to their Email like "hotmail".

    3) Spam management and reporting services

    4) Spammer tracking services - where we track them down for you.

    Obviously, I cannot offer these services for free, but I'm open for suggestions on what is a reasonable amount to charge.

    Any comments?

    John

     

    reply to this | link to this | view in thread ]

  118.  
    identicon
    Stew LG, Feb 13th, 2003 @ 12:46pm

    As they say on Slashdot, Mod this one up


    This gentleman is correct: we are innocent victims in an arms race that neither party is truly motivated to fix.
    The anti-spam guys are not really on your side. In all of these arms races, both sides contribute to the problem. Why are there so many security firms falling over themselves to release exploits? Why are so many viruses being written? Money isn't the only reason, but it might be the principal one. People make money selling junk or selling cures for junk, not eliminating the entire problem.
    Look at SSL web transactions. People got off their duffs and solved that problem. Why? So that people wouldn't be afraid of using their credit cards on the internet. So that people would spend money. (And, hey look, companies like Verisign & Microsoft got to make money on the certificate infrastructure too, bonus.) The whole thing was a t risk of being a bad medium, so they fixed it.
    Nobody stands to benefit as directly from clean email as spam senders and spam defenders do from bad email.
    A set of RFCs for secure DNS and secure SMTP surely already exist. Why aren't we already moving to them? Why aren't they already here?
    Oh, sure, naysayers will say that installed base is too big an issue. It isn't trivial. But having a beefy gateway that provides the secured SMTP interface *IS* way the hell possible.
    SMTP is a perfectly adequate protocol for its time - 1982 - 1989. Let's move on.

     

    reply to this | link to this | view in thread ]

  119.  
    identicon
    Ozmiroid, Feb 13th, 2003 @ 1:45pm

    If this happens to you...

    Another term for this is "joe job".
    If this happens to you, there are some things you can do - take a look at
    http://groups.google.com/groups?selm=3C703AAC.3923EDA5%40tls.msk.ru
    (helps to read it with a Russian accent :-)
    and try to get help from your ISP. Often your ISP can do things to stop, slow, or divert the flood of bounce messages. Your ISP and many sites (examples www.spamcop.net, www.stopspam.org) can help you figure out where the original spam came from.

     

    reply to this | link to this | view in thread ]

  120.  
    identicon
    C Medler, Feb 13th, 2003 @ 5:25pm

    Re: envelope information vs.

    If the writer was "wrong" about servers' use of the reply to field, then why am I getting about 10 "failed delivery" messages per day from servers?
    Like other people, when I have tried to trace the origin of the original spam, I find servers in China or, in one case, in South America. Up to now, the careful letters containing complete headers I've sent to the tech response people for those ISPs have not resulted in the spam being halted.

     

    reply to this | link to this | view in thread ]

  121.  
    identicon
    shrikel, Feb 13th, 2003 @ 7:30pm

    Re: Bounced messages

    Why? Are you running out? ;)

     

    reply to this | link to this | view in thread ]

  122.  
    identicon
    Chris (NOSPAM) Wiltshire, Feb 13th, 2003 @ 9:55pm

    Re: My technique

    If I get email to one of those addresses, I respond with an invoice for USD$1000.00, terms and conditions attached, and a statement thanking them for establishing a business relationship with me...

    I have not yet seen a second spam from any of them. (-:

    Not seen any replies? - Do you assume you've ever managed to send your invoice to the originator??


    On another note, it puzzles me why so many people who have posted replies to this column have used what would seem to be their own, unmasked email addresses.

    Also, don't think that masking your email in humanly removable character additions will save you. - Given a list of the email addresses in this forum so far, it would take someone around 3-4 minutes to filter through the obviously bogus emails, correct the masked ones, and apply the remainder and fixed ones to a new list.

    I have a question for those people who say: "Never reply to a SPAM email"..? - Systems which respond automatically to SPAM which request an end user to perform a human recognition test (such as entering the numbers seen in a graphic etc..) ARE performing exactly this REPLY action...

    Does anyone have any decent information on the effect of this kind of system on an email account's long term SPAM hit-count? Does this auto reply system actually go to AID the long term propogation of the email address through more and more spam lists? Or does it slowly reduce the number of spam attempts made on an account?


    Another item worth some thought if we are forced to use an accessible email address to register software with / register for services it IS worth using a mail system which allows you to identify each subscription / sign up:

    My mail server allows me to suffix my username with a - then a mailbox name, this will file those emails directly into a sub folder of my mail account. I used chris-MORPHEUS@... to sign up for Morpheus. - This is the WORST affected abuse from a known product I have EVER seen! I get 60+ a day to this address alone.! Needless to say, they are deleted in bulk and never read.

    I have a mail protection system in place on my inboxes (3 main accounts..) - one which I wrote myself.. It simply requests the end user to visit a webpage, and enter their email address into my acceptance list, then re-send the email. - I've YET to ever have a spammer add and resend. (-It's too much effort, and I'm guessing that most of my auto replies never reach the originator too...)

    The net result is that I've ended up with a nice long list of all of my friends from whom I love to accept emails... - I'd be happy to sell this list for a small fee? ;) - Joking..!


    Last point: DON'T ever use fake emails to sign up to anything, you MAY hit someone else's legit email address.. - I was horrified to see someone here had used 'nospam@nospam.org' - Well guess what?... I'm PRETTY sure that could well be an active account?

    Don't ever use a fake email address with an active TLD ie: anything.com or anything.org etc if you HAVE to use a bogus email address use something@rubbish.invalid

    - Just my 2.854cents worth (I tried to keep it to just 2, but I get carried away.. - I HATE SPAM!)

    Chris.

    (If you really want to reply to me by email, see if you can track me down.. Google is a wonderful thing isn't it?...)

     

    reply to this | link to this | view in thread ]

  123.  
    identicon
    Anonymous Coward, Feb 14th, 2003 @ 11:33am

    Re: 1st Amendment Rights

    >However, we also opted to send out < br>>non-commercial spam right before the election.
    >While our ISPs insisted that we violated their
    >Acceptable Use Policies (which was debatable),
    >we certainly did not brake the law.

    You even spell like a spammer.

    You may or may not have broken the law. If the ISP's AUP says "No spam", as most do, then you did break violate the AUP.

    And no matter how you look at it, you admit that you were spamming. That means you're a slimeball.



     

    reply to this | link to this | view in thread ]

  124.  
    identicon
    Anonymous Coward, Feb 15th, 2003 @ 2:03pm

    Re: 1st Amendment Rights

    ...and to entities contracted by the Federal Government.

     

    reply to this | link to this | view in thread ]

  125.  
    identicon
    Adrian Ng, Feb 17th, 2003 @ 5:23am

    If only....

    Things could have been controlled at the mail server level. Spammers send out their emails through open relays (normally one at a time, with thousands of "rcpt to:" commands or maximum possible), the open relays connect to the mail servers of the recipients, the recipients' mail server do a reverse DNS using bl.spamcop.net and found the open relays to be blacklisted, deny it. The open relays bounce the mail back to the victim (you).

    Here you deal only with the open relays and no fustrated spam recipients. Your steps for recourse is very much simplified. Unfortunately though many mail servers cannot handle that, plus many mail admins do not want to implement it because of worries about bouncing legit mails.

    If only...

     

    reply to this | link to this | view in thread ]

  126.  
    identicon
    Gary Garner, Feb 17th, 2003 @ 7:52pm

    Re: I did some investigation, and came up with th

    John,

    They appear to have changed the domainname, but not lost it...

    Gary Garner

    Registrant:
    Quiksilver Enterprises
    816 Elm St., #472
    Manchester, NH 03102
    US
    877-289-7300x112


    Domain Name: LOAKING.COM

    Administrative Contact:
    Moore, Alan info@never-paymore.com
    816 Elm St., #472
    Manchester, NH 03102
    US
    877-289-7300x112


    Technical Contact:
    Moore, Alan info@never-paymore.com
    816 Elm St., #472
    Manchester, NH 03102
    US
    877-289-7300x112


    Record last updated 02-13-2003 07:20:22 PM
    Record expires on 01-26-2004
    Record created on 01-25-2003

    Domain servers in listed order:
    NS1.GOTDAY.COM 218.246.33.64
    NS2.GOTDAY.COM 218.5.77.19

     

    reply to this | link to this | view in thread ]

  127.  
    identicon
    DogMeat, Feb 18th, 2003 @ 8:49pm

    Re: How I beat back the spam

    What's funny is I've already recieved two pieces of SPAM thru the email address I used here, check out this snippet of message header:

    From: "nova12-at-ms41.hinet.net |techdirt.com spam article/1.0-Allow|"

    The subject immediately tells me where the spammer got my address so I can go block future emails from them.

     

    reply to this | link to this | view in thread ]

  128.  
    identicon
    John-Hans Melcher, Feb 19th, 2003 @ 10:30am

    thank you guys

    I just got a Grant Pitch for $19.95.....and before I paid....I decided to do a google search...and came upon this site....

    thank you for your diligence....

    You saved me $20....

    I'm lookng for a guide to Grants for my kids reading program....

    so I'll look elsewhere...

    Hope Your Wednesday is Wonderful!

    John-Hans Melcher
    johnmelcher@juno.com
    The 21st Century Learning Technique ©
    www.21stCenturyThinking.com

     

    reply to this | link to this | view in thread ]

  129.  
    identicon
    Henning, Feb 24th, 2003 @ 4:30am

    Bounce messages

    I would like to get a copy of those 500 bounce messages. Are they available for download anywhere or is it possible for someone to email them to me? It's for a project on spam mails and I'd be interested in studying the bounce messages.

     

    reply to this | link to this | view in thread ]

  130.  
    identicon
    Alex, Feb 25th, 2003 @ 2:16pm

    Re: Bounce messages

    This has just happened to me. All day today I have been getting bounced back spams that appear to have originated from my account, just as the original article describes.

     

    reply to this | link to this | view in thread ]

  131.  
    identicon
    I_Hate_AOL, Mar 25th, 2003 @ 11:36pm

    Re: yeah, but on AOL........

    I had AOL when I got my first PC. I used the then 100 free hours to access the net until I could get a real ISP.
    My son liked AOL (IM I guess) so I kept it for a while. After he moved out I tried to terminate the service.
    Each time instead of terminating the service AOL would give me two free months.
    This went on for several months, each time on the third month when I received a charge and my American Express card I would call AOL again to end the service.
    After dealing with AOL 3 or 4 times and not getting the service ended as I wanted I called AMEX and explained the situation and did a charge back.
    I thought the ordeal would be over at that point after AMEX removed the charges but that wasn't the case.
    AOL sent me several letters showing usage times and dates. True the account was being used but not by me or anyone in my household.
    The master account was in my name and being charged to mt CC. If I wanted the account terminated for what ever reason it should have been done at the time of
    my request.
    A couple of months later I received an AMEX statement with ALL the AOL charges back on my account again.
    I called AMEX and asked about the charges and was told that AOL did not respond to their requests so the charges were reinstated on my account.
    I told AMEX that was absurd, to do nothing and they are rewarded for it when I took the time to make copies af all the emails I sent to AOL requesting to end the
    service and faxed them to AMEX as per their instructions showing the dates and times I requested the AOL service to be ended.
    AMEX told me the charges would remain, they had made their decision and it was final, I would have to pay the charges.
    At that time I had an A1, 100% spotless credit rating for more than 20 years.
    I decided that I wasn't going to make another payment on my AMEX account and didn't.
    I will never have anything to do with AOL or AMEX again, not even if they paid me.
    Most credit card Companies will side with the customer, AMEX will side with the merchant in almost every instance.

    That's how I ended my AOL service.

     

    reply to this | link to this | view in thread ]

  132.  
    identicon
    mike anonymous, Apr 4th, 2003 @ 10:57am

    Re: 1st Amendment Rights

    You really shouldn't knock spamming until you've tried it. It paid for my early retirement and my hummer!

     

    reply to this | link to this | view in thread ]

  133.  
    identicon
    Nick, Apr 11th, 2003 @ 11:36am

    spam fighting

    Unfortunately ISP abuse desks are understaffed and so getting a response regarding spam is almost impossible. I spent 18 months tracking and reporting every piece of spam I received, and the only headway i made was to go for the originating spammer, then target the email addresses they use, and the web hosts of any sites they advertise. This is a 3 pronged attack to cut their communications, and their finances. Afterall, people won't hire spammers if they no-longer have a website to advertise in the first place. The onyl alternative is to contact the police in some cases if the spammer is ofering perscription only medicine or pornography that is illegal. Unfortunately, spam crosses national boundaries. As a UK citizen I regularly get spam which is country specific, and therefore worthless to me even if I was interested in the principle. Other people I know from reading ISP support newsgroups on Usenet found themselves bombarded with 40+ emails per day from Korea, written in korean, during the months leading up to the 2002 World Cup. Maybe changing the SMTP protocol is one answer, but anonymous email does have its uses as you said.

     

    reply to this | link to this | view in thread ]

  134.  
    identicon
    Miguel, May 1st, 2003 @ 11:49pm

    Re: Urgh...deja vu

    Could you send us that answer you got from the spammer?

     

    reply to this | link to this | view in thread ]

  135.  
    identicon
    Anonymous Coward, May 30th, 2003 @ 8:53am

    What I do

    SPAM in my inbox got so bad that I set my preferences to block everything that didn't have :cardkey: in the subject line.

    Sad that such things are needed, but it works marvelously. All my friends can reach me, and no spammer can. Granted, I probably loose a lot of e-mail that way. But everyone I care to recieve e-mail from knows this, so it's mostly okay.

     

    reply to this | link to this | view in thread ]

  136.  
    identicon
    Antony D, Oct 20th, 2003 @ 2:57am

    HappenING to me right now

    Just a note - it's been happening to me for the last 4 days. Doesn't seem to be a joe job because the name is obviously not a match with my email address. So far I've had 37041 of these pass through my inbox! (that's the actual number)

    What surprises me is that so for I have had NO verified human replies (angry or otherwise), a change from when it happened a year or two ago when many, many people vented their frustration in many, many ways.

    Nevertheless, it's no fun having to download spam just because there's not enough bandwidth left to run the spam filter AND mail prog.

     

    reply to this | link to this | view in thread ]

  137.  
    identicon
    Levi, Jan 24th, 2004 @ 3:03am

    Re: 1st Amendment Rights

    I'd be the one who sent no reply.
    But started a stealth portscan on your
    domain in a search for exploitable holes.
    I hate all spam regardless if it's content.
    Since most of it comes from juristictions
    where it'd be a pain to prosecute (ie china).
    Note I'm smart enoug to trace headers, and will
    do the smart thing and target the webserver
    advertized in the spam. 99.99% of spam has
    as it's main content, a link to a website.
    The website is where I'll attack first.
    Most abuse addresses point to competant
    adimns that'll shut down accounts and
    even thank you, except chinanet. Most spam
    I get is routed through china net, and I've
    never had any success reporting abuse to
    chinese admins. Mabey they don't speak english,
    but I don't speak chinese, so it can't be helped.
    Woe-to-the-spammer-whos-bot-snarfs-my-edress-ly yours,
    -Levi

     

    reply to this | link to this | view in thread ]

  138.  
    identicon
    Piet in China, Feb 11th, 2004 @ 9:56am

    Re: A quick and dirty fix

    Now that is a great solution! NOT
    How about ppl who do business in Asia and/or South America???
    Yeah right, great advice u give for all ISP's in the States. Do u actually have a brain cell working in your head or what? Do you have the slightest idea on how much business is conducted between the US and mentioned continents?

     

    reply to this | link to this | view in thread ]

  139.  
    identicon
    monica vasquez, Feb 24th, 2004 @ 3:11pm

    Re: Someone got your password

    i just want to know who got my password i can not get into yahoo chat room?

     

    reply to this | link to this | view in thread ]

  140.  
    identicon
    TimG, Apr 2nd, 2004 @ 1:01pm

    Re: No Subject Given

    I'm only now seeing this page a year later, but I'm ROTFLMAO
    Good on ya mate

     

    reply to this | link to this | view in thread ]

  141.  
    identicon
    Timg, Apr 2nd, 2004 @ 2:06pm

    Re: No Subject Given

    Re: No Subject Given
    by mja on Wednesday, February 12th, 2003 @ 01:01PM
    The above post was in response to the post made which starts like this.

    This happened to me. I was so angry

    I wish I knew enough to do the kind of stuff mja did to torment a site supporting a spammer

     

    reply to this | link to this | view in thread ]

  142.  
    identicon
    pissedoffbobby, Dec 18th, 2004 @ 7:49pm

    about viruses

    I just got that 232pestky virus i think Its call from a chick with an email of 3cmichelle@cds-stl.com I have no Idea whom this person was or why the bitch wanted to send me an email with a virus attached I guess she thinks everybody will open It without scanning It

     

    reply to this | link to this | view in thread ]

  143.  
    identicon
    kataz, Mar 21st, 2005 @ 9:29pm

    Re: yeah, but on AOL........

    Yeah, I got kicked off AOHELL years ago for this kind of thing. Devastated me at the time. Now cox.net just tells me to send it to a different email address there - that one can 't do anything about it either...ho, hum...

     

    reply to this | link to this | view in thread ]

  144.  
    identicon
    saal, Apr 4th, 2005 @ 5:44am

    Re: No Subject Given

    loooooooooooool its so cool ..(isn`t it ):s any way if u want ...u can add me

     

    reply to this | link to this | view in thread ]

  145.  
    identicon
    Nicole Gricius, Jul 24th, 2005 @ 9:14pm

    my dirt

    I spam people all the time ha ha

     

    reply to this | link to this | view in thread ]

  146.  
    identicon
    Alex, Dec 19th, 2005 @ 6:41am

    Re: my dirt

    You pig

     

    reply to this | link to this | view in thread ]

  147.  
    identicon
    aligirl, Mar 12th, 2006 @ 6:18am

    being a claus

    Hi i have always wanted to be a claus not a bleiweiss!

     

    reply to this | link to this | view in thread ]

  148.  
    identicon
    aligirl, Mar 12th, 2006 @ 6:18am

    being a claus

    Hi i have always wanted to be a claus not a bleiweiss!

     

    reply to this | link to this | view in thread ]

  149.  
    identicon
    tony, Jun 30th, 2006 @ 7:13pm

    when it's ok to spam

    I feel there are times when it is ok to spam. For example I constantly get notifications that I have won some non-existant lottery. These are sent by thieving fraudsters. I see no reason why I shouldn't sign these scumbags up to as many freenewsletters as possible to spam them out of business.

     

    reply to this | link to this | view in thread ]

  150.  
    identicon
    http://www.blay65.com, Sep 28th, 2006 @ 1:02am

    http://www.blay65.com

    Eight thirty play65 MADGE (on tape) backgammon online Marty shifted the music to Rock Around the Clock noting in online backgammon machine Do you know what they are.

     

    reply to this | link to this | view in thread ]

  151.  
    identicon
    Alan Doherty, Mar 7th, 2007 @ 5:08am

    Re: Why do mail servers allow people to lie about

    sorry but the above commenter obviously has no idea of the distributed nature of e-mail
    it is impossible for an smtp server to check wheither the e-mail address on the recieved mail is/is-not forged hell most of the people and isp's on the internet don't even use the same servers to send and recieve e-mail god knows i wouldn't allow any of my customers to send outgoing mail via my servers {i'll tet the pickup but its their isp that can handle their outgoing and any subsequent abuse complaints}

     

    reply to this | link to this | view in thread ]

  152.  
    identicon
    Alan Doherty, Mar 7th, 2007 @ 5:26am

    Re: What would happen if the "reply-to" was also i

    shouldn't be posisible without a BADLY broken mailserver at both ends as all bounces are sent with an envelope_sender {the address bounces would be returned to} of to ensure this never happens
    so bounces can't generate bounces
    that said if an mailserver is ignoring the smtp rules and sending bounces with a real envelope sender then yes bounces can create further bounces
    , but even then a loop can only happen if the bounce messages are sent from a non-existant envelope sender
    , even on mis-configured systems bounces are sent from mailer-daemon@ postmaster@ or somesuch

    so to get a loop both servers have to illegally send bounces from an envelope sender of say postmaster@....
    and both admins have to be stupid enough to delete the postmaster@ address from the server
    {so returned bounces also generate bounces that will be returned etc.}

    so unlikely and will only work if used against the most idoticly setup systems

     

    reply to this | link to this | view in thread ]

  153.  
    identicon
    teenytotstales, Sep 25th, 2007 @ 1:12am

    Currently a victim of joe jobbing

    Hi all, been reading through the comments to try to find a solution to this "joe jobbing" thing. I have about 120 bounce backs and its depressing. I hate to think about all the people/companies that have received emails from these low life spammers with teenytotstales name on it.
    I never sent any emails and am scouring the web for a viable solution.
    If anyone can help It would be greatly appreciated. Thanks!

     

    reply to this | link to this | view in thread ]

  154.  
    identicon
    Gerald Lenhard, Jan 26th, 2009 @ 10:13am

    Re: No Subject Given

    For 5 days last week, all my outgoing/incoming emails went to someone else. Fortunately, changing my password seemed to work for a couple days. Then, I started getting emails bounced back to me. On a hunch, I sent a REPLY stating; "you have stolen my password for illegal use. I have reported it to the proper authorities & hope you hear from them soon". Haven't had a "bounceback" since & have my fingers crossed.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This