Forgot your password?
typodupeerror
Spam Your Rights Online

My Short Life As An Unintentional Porn Spammer 570

Posted by timothy
from the you've-got-spam dept.
Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can now answer the questions 'who replies to spam?' and (should anyone ever wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."
This discussion has been archived. No new comments can be posted.

My Short Life As An Unintentional Porn Spammer

Comments Filter:
  • It's nothing new (Score:5, Informative)

    by Anonymous Coward on Wednesday February 12, 2003 @01:40PM (#5289268)
    It's referred to as a "Joe Job" or that you've been "joe jobbed"

    an article about it [techtv.com]

  • by adamruck (638131) on Wednesday February 12, 2003 @01:43PM (#5289296)
    the site seemed to be going pretty slow for me.. so Ill put the info here if it gets slashdotted

    My Short Life As An Unintentional Spammer
    by Mike Masnick

    Ever wonder what sorts of emails end up in a spammer's email database? Want to know who actually responds to spam and what they say? Want to know the myriads of formats (and languages) a bounced email message can take? I can now tell you all of this. Without my knowledge, I recently became an accidental porn spammer.

    When I got home one evening a few weeks ago, I noticed that I had more than the expected amount of email waiting for me. A quick glance through the inbox showed about fifty "bounced" emails - saying that email addresses of people I had emailed did not exist. The problem with this, of course, was that I hadn't actually emailed anyone.

    It did not take long to figure out what happened. While some bounces simply told me that the recipient didn't exist, others included the original text of the email I had supposedly sent. It claimed to be from someone named "Chris" or "Ali" and was a reply to an alleged message from an online dating site. Chris and Ali apologized for taking so long to reply, and nervously suggested that the recipient find out more information about them by going to a website. Clearly, this was porn spam. Out of principal I won't visit the websites that were in the spam messages.

    The problem was, I hadn't sent these messages at all. I'm not Chris or Ali. I don't use dating sites. I don't have a porn website. I don't send spam.

    One of the popular "tricks" among spammers nowadays is to set the "reply-to" address as the same as the recipient's email address. That cuts out on the problems of bounce mails, and also has a psychological effect on recipients who are curious what email they've sent themselves. Most spam filters have figured out ways to still capture these spam messages (though, I'm now hearing stories of legitimate emails that people send to themselves being classified as spam). I've received plenty of these types of spam, and most are filtered away, never to be bothered with.

    It seems that this particular spammer took things one step further, and made the "reply-to" address for all of his spam message set to my personal email address. If anyone looked at the headers, it was clear that I had nothing to do with the email whatsoever. However, most mail servers aren't so smart.

    With any spam list, there's a certain percentage of "bad" or outdated email addresses. Generally speaking, a server that receives an email for someone they don't have an account for will "bounce" the message. Those bounces go to the person who sent the message - normally found in the "reply-to" line. Since my email address was in the reply-to line, all those bounces started coming my way, regrettably informing me that my pornographic spam emails had not found their intended recipient.

    After dealing with the rapidly growing desire to reach through the internet and strangle whatever lower-than-life scum did this to my email address, I resigned myself to looking at this from an anthropological perspective. Suddenly, I was in a position to offer information on things that few others would (hopefully) ever willingly have access to.

    Should anyone want it for research purposes, I now have a fairly large collection of bounce messages. It appears there is no standard format for a bounce message (which, by the way, makes them painfully difficult to filter). They have infinitely different subject lines. They say different things in the body of the message, sometimes nicely, sometimes rudely. They show up in different languages with different explanations. Some admit that the account has been closed due to too much spam. Others simply don't exist any more (if they ever did at all). Some bounces quote the original message; some don't. Some include full headers; some don't. Who knew there was such variety in how mail servers bounce their email?

    Beyond the bounce messages were all sorts of auto-responders. It seems that some of the email addresses in the spammer's database were emails people used to send responses to those who "request more info". Suddenly I was receiving huge files of information that I really had no use for whatsoever. I also found out about a number of people who were on vacation that week, or who had recently switched jobs. One even had an auto-responder saying "this is closed...I am tired of the internet... all internet access for me is closing". Some of the addresses were to subscribe to various mailing lists. Many bounced back confirmation emails, asking to prove that I really wanted to subscribe, while others just subscribed me automatically (which will now force me to manually unsubscribe).

    While most of the "information" was fairly useless, I suddenly had the opportunity to peek into the lives of people I had no association with whatsoever - connected only by spammer. I felt like reaching out and commiserating with those who were sick of the spam and wondered if I should congratulate those with new jobs. However, there was no time for that, I had more erroneous spam fallout to deal with.

    Next, came the responses. I, like many people, often wonder what sorts of people actually respond to spam emails. For years, it has been beaten into my head that you never, under any circumstance, respond to a spam email. It just shows that you're a live human being, making your email address more valuable. I'm still shocked when I come across people who haven't heard this. However, they are out there, and they come in all different shapes and sizes. I have their emails to prove it.

    There are the confused, but polite people. One woman wrote me a nice message saying that a "horrible" mistake had been made, and that she had not replied to my online dating ad. She did warn me, however, that there are "plenty of strange people out there" and that I should be careful. How nice. Another woman couldn't remember what she had said in her reply to my non-existent online dating profile and wanted to be reminded. A few others just asked who I was.

    Then there are the unsubscribers, who are under the unfortunate delusion that asking spammers to take them off their list will help. They send simple messages saying simply "unsubscribe" or "unsubscribe, please", as if that will ever get to the actual spammer, or that they would actually pay any attention to it.

    Lastly, are the angry, but clueless. I feel their pain, but they need to find a better outlet. I received emails telling me things I never knew (and find unlikely) about my lineage and suggesting I go places I have no interest in going, using all sorts of language you wouldn't use in polite company. I also received a threatening letter saying that I would be hearing from some company's corporate lawyer.

    None of these people stopped to think that it was odd that my email address includes, pretty clearly, my name - which is neither Chris nor Ali. With the number of spam messages that go out every day, I wonder if these people reply to them all. I guess, for some people with anger management problems, this is a kind of outlet. All day, every day, respond angrily to spam messages, and maybe it will have a calming effect on your life.

    What's scary is that, for the most, part, I only saw the bounced messages. They continued for approximately 36 hours, and then stopped abruptly. In the end, about 500 email messages bounced back to me, so I can only guess at how many thousands of poor, unsuspecting email boxes are currently dealing with spam sent with my email address as the reply-to. I apologize to all of you, even if I had nothing to do with it. I don't want to date you, and please, feel no compulsion to look at the web page in the email.

    Most people agree that spam is evil. It's a waste of time and a general nuisance. I can argue against spam from a variety of levels. It's bad for the internet. It's bad for users. It's bad for business. It's just bad. Luckily, there's a rapidly growing industry of companies (and simply concerned individuals) creating software solutions to help stop the spam menace. While there are debates over how well any of these systems work, it is possible to at least reduce your spam intake. Personally, I use a spam filter that is pretty effective in reducing my spam load to a mostly manageable level.

    However, with something like this, there simply is no effective preventative measure in place. The spammers spoof the reply-to, making it whatever they want - so it never even touches my mail server at all. My inbox gets bombarded because there's no simple way to filter out the bounced messages since they are all so different. It's difficult to track down a spammer normally - and more so when the spam isn't even sent to you. Despite the fact that my address was the reply-to, it seems the spammer never sent me the message directly. I found a bounce message that showed the full headers and tracked it back. The email came from a mail server in the Philippines, and pointed to a website hosted in China, owned by a company in London. Tracking down the actual spammer would likely be close to impossible. Assuming they could be found, suing them would be nearly impossible as well, not to mention costly.

    One potential solution to this would be to require every outgoing email to have a verified identifier of some sort, so that any email can automatically be traced back to the original sender. This (as does every solution) brings up other problems. There are benefits to anonymous email, and we wouldn't want to take that away (though, perhaps you could limit the number of emails that could be sent anonymously to prevent bulkmailers from abusing the system).

    In the end, though, this sort of stunt has killed off the tiniest amount of support I had for spammers. These spammers stand behind their First Amendment rights to speak their minds (which is an argument that can be shot full of holes in a second). In this case, though, the spammer made no use of any First Amendment rights. What they did was just mean and nasty and a complete waste of my time.
  • Re:Why? (Score:4, Informative)

    by stratjakt (596332) on Wednesday February 12, 2003 @01:44PM (#5289308) Journal
    >> Are the spammers just trying to cause as much chaos and unpleasantness for as many peoples as is humanly possible?

    Perhaps some, but it's also a way to get past some spam filtering app, or to make you think its a legit e-mail. I remember there was a big whoopty-doo a year or so ago about spammers using someone@linux.org as the reply to.

    Which goes into the trashbin first, hotsex69@sexparty.ru or ltrovalds@linux.org?
  • by wobblie (191824) on Wednesday February 12, 2003 @01:52PM (#5289373)
    Some spams are purely for confirmation that your email address works. I repeatedly see spams which have 1x1 pixel gif's that link to a script to call the image and pass your email address off to that script. Biggest reason not to use HTML mail.
  • Re:Why? (Score:5, Informative)

    by Neon Spiral Injector (21234) on Wednesday February 12, 2003 @01:55PM (#5289405)
    Hanging out on some anti-spam news groups I've seen this happen to people who go after spammers. In this case the spammer quite intentionally selects the FROM: address to make the bounces and irrate replies cause trouble for someone who has been causing trouble for the spammer. This is called a "Joe-job".
  • by Entrope (68843) on Wednesday February 12, 2003 @01:59PM (#5289458) Homepage
    That would vastly reduce the amount of USEFUL EMAIL as well. You would not believe what a large fraction of the Internet is configured to fail that kind of test -- or else you would not seriously contemplate that solution. Sometimes there are good reasons to configure a mail server that way.

    DNS is not a terribly useful authentication mechanism for this kind of thing. Much more useful is origin-authenticated SMTP: the originator (either user or mail server) calculates a signed hash of the message, and attaches that when sending it. The receiver can verify that the signature is valid for the person (or mail server) that claimed to originate the message.

    Obviously things lose in the transition period before every sender does that. You also get a huge fight over which algorithms to use, how to distribute and verify the public keys, and so forth. Welcome to Internet politics.
  • Bounces (Score:2, Informative)

    by kooganani (646567) on Wednesday February 12, 2003 @02:00PM (#5289469)
    36 hours is about right for receiving bounces. Many messages bounce immediately, mainly the 'user unknown' or 'mailbox full' variety. For errors like 'connection refused' or 'server timed out', the sending mail server will attempts to deliver the message periodically over the course of 36 hours. This period of time is generally configurable can change from mail server to mail server.

    The specifications for bounce messages are extremely loose, and while many mailservers adhere to the definitions, many do not. Most bounces are sent to the 'envelope from' address listed in the header as the 'Return Path:' address, but some go to the header 'To:' or the 'Reply-To:'.
  • Re:Why? (Score:5, Informative)

    by Fluffy the Cat (29157) on Wednesday February 12, 2003 @02:01PM (#5289480) Homepage
    In general, it's not a good idea to accept mail unless you think you can correctly generate a bounce message if you fail to deliver it. As a result, many mail servers will refuse to accept mail if the

    MAIL FROM:

    section of the SMTP exchange doesn't include a domain that exists. Some will go further and do some checks to see if the localpart exists, too. If the spammers want to get to as many addresses as possible, they have to use a real address rather than a made up one. In some cases, they'll pick the address of someone who's irritated them (anti-spammers, for instance).
  • by Anonymous Coward on Wednesday February 12, 2003 @02:02PM (#5289491)
    how often do I send mail from my account TO the same account.

    I used to do it all the time - general reminders / memos to self.
  • Re:Fix it with PGP. (Score:5, Informative)

    by Enry (630) <`enry' `at' `wayga.net'> on Wednesday February 12, 2003 @02:04PM (#5289509) Journal
    There was a discussion on my local lug.

    PGP/GPG only ensures that you did send it, not that you did not. Since you can send e-mails without being signed, unsigned e-mails don't prove a thing.

    Those that know you (or have your key) would know
    enough about you that any non-PGP e-mails would be
    suspect, but that's what, .000001% of the internet?
  • 3 little words (Score:4, Informative)

    by Proc6 (518858) on Wednesday February 12, 2003 @02:05PM (#5289518)
    POP
    BEFORE
    SEND

    Seriously, if your mail server has that, turn it on. It means no one can relay mail through your server, unless their IP has made a successful mail-check. Some mail servers let you "authenticate" by checking to see that the reply-to address is valid on the local server, that, as you can see, does nothing and can be spoofed easily. Pop-before-send is quite a bit stronger and doesnt really require the clients to do anything. No, its not perfect, Im not saying it is, but it will help 99% of the time.

  • Re:and in other news (Score:2, Informative)

    by Entrope (68843) on Wednesday February 12, 2003 @02:08PM (#5289542) Homepage
    Yes .. obviously, being able to talk to millions upon millions of people (at least potentially) is a deficiency in the Internet. The lack of strong cryptographic authentication in a 20 year old protocol is a deficiency in the late Jon Postel's design abilities. Finally, the not-so-commonness of common courtesy is a deficiency in the human species.

    SMTP and email format are both essentially 20 year old protocols. There are two reasons they are still used. First, it is expensive to replace that much software (and sometimes hardware). Second, it basically works. Can you imagine how much less productive the world would be without email being so ubiquitous?

    If you want a level playing field, apply the common rules of postal service to email: The sender must accurately identify themselves. The origin must be labelled (you know, the postmark). Sending huge volumes of mail to harass someone is against the law. Sending huge volumes of mail costs the sender considerably more than the receivers.

    Do not claim that email is exempt from being legislated in ways specific to its new capabilities. It is different than what came before, and deserves to be treated as such.
  • by Anonymous Coward on Wednesday February 12, 2003 @02:08PM (#5289543)
    >What the Internet needs: A proprietary mail protocol by a major power (MS?) to eliminate IP address/e-mail address spoofing.

    Yeah right. The last thing I want is to need a Microsoft client to read my email just because "somehow" their new proprietary protocol isn't compatible with their own specifications...

    I'd rather keep on deleting that useless spam for now (if ONLY spam was targeted... Give me MP3 players offers, web hosting offers, etc... I can find my pr0n myself, thank you).

  • by camusflage (65105) on Wednesday February 12, 2003 @02:09PM (#5289554)
    Just ask Rodona Garst [sec.gov] or her "customer" who paid for the pump and dump, Mark Rice [sec.gov] for what their take on this scheme is. Details of their pump and dump can be found here [freewebsites.com].

    And since everyone loves to see spammers get theirs, go visit Behind Enemy Lines [freewebsites.com]. Be sure to visit the Lets Get Brutal [freewebsites.com] section to see what spammers look like in various states of undress!
  • Re:I hear ya! (Score:1, Informative)

    by Anonymous Coward on Wednesday February 12, 2003 @02:11PM (#5289566)
    He probably had an open relay. Not a relay intentionally left open, possibly not even opened by him. Rogers is smart enough not to cancel your account for spam reports forged with your email address as the From address.
  • by frostfreek (647009) on Wednesday February 12, 2003 @02:13PM (#5289578)
    I had this happen to me. It was "www securedrugs net" I thought for a while of using some recent attack as revenge, such as the anonymous UDP Gamespy DOS attack, to take down the perp's website for a few weeks. However, I don't really have the time or experience for this sort of thing. If anyone else feels like it, Go right ahead! Now that this has happened, my inbox has seen a doubling of spam. From a Yahoo account, it is not so easy to filter this stuff. Soon I may very well have to pay for Yahoo mail, to get better filtering. Perhaps some of these recipients have signed me up for more? J
  • by Neophytus (642863) on Wednesday February 12, 2003 @02:14PM (#5289584)
    I mirrored it. [myby.co.uk] Read away.
  • by camusflage (65105) on Wednesday February 12, 2003 @02:14PM (#5289585)
    Try this [ostrosoft.com].
  • by DrSkwid (118965) on Wednesday February 12, 2003 @02:14PM (#5289589) Homepage Journal
    Even Outlook Express sets any From: you want
  • /.'ed again (Score:1, Informative)

    by Anonymous Coward on Wednesday February 12, 2003 @02:17PM (#5289614)
    A.C.K.W pOsTeRs

    My Short Life As An Unintentional Spammer
    by Mike Masnick

    Ever wonder what sorts of emails end up in a spammer's email database? Want to know who actually responds to spam and what they say? Want to know the myriads of formats (and languages) a bounced email message can take? I can now tell you all of this. Without my knowledge, I recently became an accidental porn spammer.

    When I got home one evening a few weeks ago, I noticed that I had more than the expected amount of email waiting for me. A quick glance through the inbox showed about fifty "bounced" emails - saying that email addresses of people I had emailed did not exist. The problem with this, of course, was that I hadn't actually emailed anyone.

    It did not take long to figure out what happened. While some bounces simply told me that the recipient didn't exist, others included the original text of the email I had supposedly sent. It claimed to be from someone named "Chris" or "Ali" and was a reply to an alleged message from an online dating site. Chris and Ali apologized for taking so long to reply, and nervously suggested that the recipient find out more information about them by going to a website. Clearly, this was porn spam. Out of principal I won't visit the websites that were in the spam messages.

    The problem was, I hadn't sent these messages at all. I'm not Chris or Ali. I don't use dating sites. I don't have a porn website. I don't send spam.

    One of the popular "tricks" among spammers nowadays is to set the "reply-to" address as the same as the recipient's email address. That cuts out on the problems of bounce mails, and also has a psychological effect on recipients who are curious what email they've sent themselves. Most spam filters have figured out ways to still capture these spam messages (though, I'm now hearing stories of legitimate emails that people send to themselves being classified as spam). I've received plenty of these types of spam, and most are filtered away, never to be bothered with.

    It seems that this particular spammer took things one step further, and made the "reply-to" address for all of his spam message set to my personal email address. If anyone looked at the headers, it was clear that I had nothing to do with the email whatsoever. However, most mail servers aren't so smart.

    With any spam list, there's a certain percentage of "bad" or outdated email addresses. Generally speaking, a server that receives an email for someone they don't have an account for will "bounce" the message. Those bounces go to the person who sent the message - normally found in the "reply-to" line. Since my email address was in the reply-to line, all those bounces started coming my way, regrettably informing me that my pornographic spam emails had not found their intended recipient.

    After dealing with the rapidly growing desire to reach through the internet and strangle whatever lower-than-life scum did this to my email address, I resigned myself to looking at this from an anthropological perspective. Suddenly, I was in a position to offer information on things that few others would (hopefully) ever willingly have access to.

    Should anyone want it for research purposes, I now have a fairly large collection of bounce messages. It appears there is no standard format for a bounce message (which, by the way, makes them painfully difficult to filter). They have infinitely different subject lines. They say different things in the body of the message, sometimes nicely, sometimes rudely. They show up in different languages with different explanations. Some admit that the account has been closed due to too much spam. Others simply don't exist any more (if they ever did at all). Some bounces quote the original message; some don't. Some include full headers; some don't. Who knew there was such variety in how mail servers bounce their email?

    Beyond the bounce messages were all sorts of auto-responders. It seems that some of the email addresses in the spammer's database were emails people used to send responses to those who "request more info". Suddenly I was receiving huge files of information that I really had no use for whatsoever. I also found out about a number of people who were on vacation that week, or who had recently switched jobs. One even had an auto-responder saying "this is closed...I am tired of the internet... all internet access for me is closing". Some of the addresses were to subscribe to various mailing lists. Many bounced back confirmation emails, asking to prove that I really wanted to subscribe, while others just subscribed me automatically (which will now force me to manually unsubscribe).

    While most of the "information" was fairly useless, I suddenly had the opportunity to peek into the lives of people I had no association with whatsoever - connected only by spammer. I felt like reaching out and commiserating with those who were sick of the spam and wondered if I should congratulate those with new jobs. However, there was no time for that, I had more erroneous spam fallout to deal with.

    Next, came the responses. I, like many people, often wonder what sorts of people actually respond to spam emails. For years, it has been beaten into my head that you never, under any circumstance, respond to a spam email. It just shows that you're a live human being, making your email address more valuable. I'm still shocked when I come across people who haven't heard this. However, they are out there, and they come in all different shapes and sizes. I have their emails to prove it.

    There are the confused, but polite people. One woman wrote me a nice message saying that a "horrible" mistake had been made, and that she had not replied to my online dating ad. She did warn me, however, that there are "plenty of strange people out there" and that I should be careful. How nice. Another woman couldn't remember what she had said in her reply to my non-existent online dating profile and wanted to be reminded. A few others just asked who I was.

    Then there are the unsubscribers, who are under the unfortunate delusion that asking spammers to take them off their list will help. They send simple messages saying simply "unsubscribe" or "unsubscribe, please", as if that will ever get to the actual spammer, or that they would actually pay any attention to it.

    Lastly, are the angry, but clueless. I feel their pain, but they need to find a better outlet. I received emails telling me things I never knew (and find unlikely) about my lineage and suggesting I go places I have no interest in going, using all sorts of language you wouldn't use in polite company. I also received a threatening letter saying that I would be hearing from some company's corporate lawyer.

    None of these people stopped to think that it was odd that my email address includes, pretty clearly, my name - which is neither Chris nor Ali. With the number of spam messages that go out every day, I wonder if these people reply to them all. I guess, for some people with anger management problems, this is a kind of outlet. All day, every day, respond angrily to spam messages, and maybe it will have a calming effect on your life.

    What's scary is that, for the most, part, I only saw the bounced messages. They continued for approximately 36 hours, and then stopped abruptly. In the end, about 500 email messages bounced back to me, so I can only guess at how many thousands of poor, unsuspecting email boxes are currently dealing with spam sent with my email address as the reply-to. I apologize to all of you, even if I had nothing to do with it. I don't want to date you, and please, feel no compulsion to look at the web page in the email.

    Most people agree that spam is evil. It's a waste of time and a general nuisance. I can argue against spam from a variety of levels. It's bad for the internet. It's bad for users. It's bad for business. It's just bad. Luckily, there's a rapidly growing industry of companies (and simply concerned individuals) creating software solutions to help stop the spam menace. While there are debates over how well any of these systems work, it is possible to at least reduce your spam intake. Personally, I use a spam filter that is pretty effective in reducing my spam load to a mostly manageable level.

    However, with something like this, there simply is no effective preventative measure in place. The spammers spoof the reply-to, making it whatever they want - so it never even touches my mail server at all. My inbox gets bombarded because there's no simple way to filter out the bounced messages since they are all so different. It's difficult to track down a spammer normally - and more so when the spam isn't even sent to you. Despite the fact that my address was the reply-to, it seems the spammer never sent me the message directly. I found a bounce message that showed the full headers and tracked it back. The email came from a mail server in the Philippines, and pointed to a website hosted in China, owned by a company in London. Tracking down the actual spammer would likely be close to impossible. Assuming they could be found, suing them would be nearly impossible as well, not to mention costly.

    One potential solution to this would be to require every outgoing email to have a verified identifier of some sort, so that any email can automatically be traced back to the original sender. This (as does every solution) brings up other problems. There are benefits to anonymous email, and we wouldn't want to take that away (though, perhaps you could limit the number of emails that could be sent anonymously to prevent bulkmailers from abusing the system).

    In the end, though, this sort of stunt has killed off the tiniest amount of support I had for spammers. These spammers stand behind their First Amendment rights to speak their minds (which is an argument that can be shot full of holes in a second). In this case, though, the spammer made no use of any First Amendment rights. What they did was just mean and nasty and a complete waste of my time.

  • by Gunzour (79584) <<slashdot> <at> <tycoononline.com>> on Wednesday February 12, 2003 @02:18PM (#5289616) Homepage Journal
    If an email bounces, the bounce is supposed to go back to the sender, not to the Reply-to: address. (I believe this is in RFC 2821) It's amazing how many commercial mail servers out there use Reply-to: to send postmaster notifications.
  • by hpulley (587866) <hpulley4@Nospam.yahoo.com> on Wednesday February 12, 2003 @02:19PM (#5289622) Homepage

    In Starfish by Peter Watts, some of the book is centered around genetically programmed pseudo-AIs used to patrol the net for spam, virii, worms, etc. I won't say more as it might spoil the book for you but read it and I'm sure you'll enjoy it! What you said in your message has something to do with it ;-)

  • by rerunn (181278) on Wednesday February 12, 2003 @02:19PM (#5289624)
    Spammers have been resorting to guessing email addys now. This isnt new but I've just started seeing more and more of this shit lately:

    Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <dclark@mydomain.com>... User unknown
    Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <paladin@mydomain.com>... User unknown
    Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <mbrown@mydomain.com>... User unknown
    Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <viper@mydomain.com>... User unknown
    Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <kelley@mydomain.com>... User unknown
    Feb 12 13:39:27 warthog sendmail[21909]: h1CIdQK21909: <rbrown@mydomain.com>... User unknown
    Feb 12 13:39:28 warthog sendmail[21909]: h1CIdQK21909: from=<joe@nowhere.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[200.162.240.168]

    I tried to post all 65 attempts in this batch but the damn lameness filter said:
    "Your comment violated the "postercomment" compression filter. Try less whitespace and/or less repetition. Comment aborted"

    Nonetheless you get the picture.
  • New Mail System (Score:3, Informative)

    by macboy2k3 (556693) on Wednesday February 12, 2003 @02:19PM (#5289629)
    It seems to me that as long as we have no authentication method for sending e-mail and verifying where it is coming from we will continue to have problems with SPAM. Most mail servers will believe whatever you tell them; this has got to stop. The Reply-To and From fields need to be set on the mail server. Users should also log in to send mail from their smtp server and you should be able to use the same smtp server from anywhere instead of just within its domain. There are other details involved in verifying the smtp server when receiving mail to prevent people from using their own sendmail in an inapropriate manner. This can be solved techinically; especially if there was one global e-mail database but we all know how much everyone wants a global database of anything; let alone e-mail to ID.
  • by SoCalChris (573049) on Wednesday February 12, 2003 @02:22PM (#5289655) Journal
    Can I turn off HTML email in Outlook?

    As far as I know, there is no way built into Outlook to do this.

    I spent some time searching on how to do this a while ago, and the only way I know of is to use a COM add in. It doesn't work through the rules wizard, you have to go into your advanced email settings and register the DLL before it will work. Search Google, and you'll find the answer. A word of warning though... The one I found a while ago made Outlook painfully slow, so I ended up uninstalling it.

    It is a huge pain the way Outlook has it set up. You can't set up a rule that strips the HTML, you can't set your email to automatically convert HTML mail to plain text, and you can't even use the VBA scripting language built in to automatically strip the HTML. What a pain...
  • by sireasoning (576345) <si&mindspring,com> on Wednesday February 12, 2003 @02:35PM (#5289754) Homepage
    For a situation like this, the best bet may be something like Tagged Message Delivery Agent (TMDA). In essence, it blocks all incoming email first. It has a whitelist (for email from people you know), a blacklist, and a reply form for the unknown.

    In your case, a bestiality enthusiast would reply to your email. Instead of ending up in your email box, the sender would get an email from you confirming that they intended to send you an email (this blocks most unsolicited email since this email would end up at the forged email address), and you could put in an additional warning along the lines that any person replying to a forged post to bestiality.whatever will be turned over to the proper authorities.

    You should then be unencumbered by any other such annoyance.

    TMDA can be found at http://tmda.net/
  • Re:and in other news (Score:3, Informative)

    by FuzzyBad-Mofo (184327) <fuzzybad@gmail.cBALDWINom minus author> on Wednesday February 12, 2003 @02:35PM (#5289755)

    I think you misunderstood. I just stated how the law currently is, at least in the USA. People have the right to privacy. As stated in the recent NYT article, "Tangled Up in Spam" by James Gleick:

    "Many people who hate spam believe, honorably enough, that it's protected as free speech. It is not. The Supreme Court has made clear that individuals may preserve a threshold of privacy. ''Nothing in the Constitution compels us to listen to or view any unwanted communication, whatever its merit,'' wrote Chief Justice Warren Burger in a 1970 decision. ''We therefore categorically reject the argument that a vendor has a right under the Constitution or otherwise to send unwanted material into the home of another.''"

  • by blackbear (587044) on Wednesday February 12, 2003 @02:37PM (#5289775)
    Can I turn off HTML email in Outlook?

    You don't need to turn off HTML e-mail to protect yourself. Though it is a good idea if you can stand it.

    All you need to do is tell your mailer not to automatically download images. This will result in readable text with no images, and no indication that you read the mail. You should also turn off auto return reciept (less widely, but more correctly known as DSN notification,) and javascript in e-mail as those can be used against you as well.

    I don't know how to do these things in Outlook, since I use evolution where the default setting is not to download automatically.
  • by Carnage4Life (106069) on Wednesday February 12, 2003 @02:44PM (#5289838) Homepage Journal
    Service Pack 1 of Office XP (which contains Outlook 2002) adds a feature for disabling HTML mail which is described in Microsoft KB Article # 307594 [microsoft.com]. Users of previous versions of Outlook can use the macros provided here [slipstick.com]
  • Re:3 little words (Score:5, Informative)

    by Fluffy the Cat (29157) on Wednesday February 12, 2003 @02:50PM (#5289873) Homepage
    POP before send is a hack to get around the poor level of authenticated SMTP support in most clients. A correctly configured SMTP sever will only relay for clients with IP addresses in the local network - authenticated SMTP or POP before send allow people who aren't on the local network to relay mail through the SMTP server. This has very little to do with spam - POP before send just allows you to do something that wouldn't otherwise be possible without running an open relay. How on earth would it prevent someone from forging somebody else's email address? There's no way to pass that authentication information to remote machines, and POP before send generally allows you to use arbitrary email addresses once you've authenticated.
  • by greed (112493) on Wednesday February 12, 2003 @03:00PM (#5289950)
    Any idea how to reject messages that have bogus domains in the Received: headers?

    You're going to have trouble with any mail that passes through non-routable hosts inside a firewall. All my mail will have something like "Received: ... by gateway.localdomain (10.0.0.1)".

    It will be even worse for mail that travels though something other than SMTP for a bit.

  • New Mail RFC (Score:5, Informative)

    by Ayanami Rei (621112) <rayanami@@@gmail...com> on Wednesday February 12, 2003 @04:12PM (#5290520) Journal
    You mean like this?

    RFC 2487 [nyc.ny.us]: SMTP Service Extension for Secure SMTP over TLS.

    SMTP [RFC-821] servers and clients normally communicate in the clear over the Internet.... Further, there is often a desire for two SMTP agents to be able to authenticate each others' identities. For example, a secure SMTP server might only allow communications from other SMTP agents it knows, or it might act differently for messages received from an agent it knows than from one it doesn't know.
  • by SysKoll (48967) on Wednesday February 12, 2003 @07:02PM (#5291790)
    Sending a spam with a fake return address is called a Joe Job in anti-spam circles (see the posts above). This is why you should never, ever reply to a spam. A reply will either enrich the database of the spammer (if the Reply-To address is genuine) or will annoy an innocent user. Spammers don't read replies.

    The only effective countermeasure I found was to use SpamGourmet [spamgourmet.com]. It's a web site that allows you to define disposable addresses forwarded to your real (secret) address. The disposable addresses can be disabled. They automatically shutdown after 20 messages from unknown senders (not in your whitelist). So, a Joe Job would generate, at most, 20 replies into your forwarded mailbox. After that, you'd have to re-enable the disposable email, although you'd rather leave it disabled because it WILL be spammed again.

    -- SysKoll
  • by Necronomicant (520844) on Wednesday February 12, 2003 @07:31PM (#5291972)
    In the course of day to day work (I do helpdesk work at a company that contracts out to multiple ISPs) I've frequently run across this situation in the past two or three months. It's not terribly common *yet* but it seems to be happening with much more frequency. One individual that I spoke with was receiving about 50 emails an hour, and, whilst out of town for 3 days, received 350 - 400 emails. All of these were bounced.

    My solution has always been to renamed the account and cancel the forwarding from the old name to the new one. Seems to do the trick. I wonder what happens to the bounced emails then.. :)

Nothing will dispel enthusiasm like a small admission fee. -- Kim Hubbard

Working...