Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Spam Your Rights Online

My Short Life As An Unintentional Porn Spammer 570

Posted by timothy
from the you've-got-spam dept.
Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can now answer the questions 'who replies to spam?' and (should anyone ever wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."
This discussion has been archived. No new comments can be posted.

My Short Life As An Unintentional Porn Spammer

Comments Filter:
  • by Anonymous Coward on Wednesday February 12, 2003 @01:36PM (#5289223)
    Spammers have been spoofing legit addresses for a while. I know a lot of times they'll simply use webmaster@somelegitdomain.com and basically cause that person a bunch of grief and headaches. Most users are too clueless to realize it's really not coming from that address.
  • by Sheetrock (152993) on Wednesday February 12, 2003 @01:43PM (#5289290) Homepage Journal
    This adds more weight to my assessment of spam as being a technical problem with a need for a technical solution. Why are address spoofing and open mail relays still a problem after over a decade of spam-related problems?

    Obviously, legislation isn't catching up and as evidenced by the junk fax law is useless when it does. Technical minds built the Internet, and I have little doubt that a solution could be found once we quit looking for the quick fix.

  • by Mustang Matt (133426) on Wednesday February 12, 2003 @01:44PM (#5289303)
    Sure you can filter it, but you haven't stopped the bandwidth that you paid for from being sucked up.
  • by Mustang Matt (133426) on Wednesday February 12, 2003 @01:46PM (#5289321)
    I gave Testimony [pingalingadingdong.com] to the Missouri House of Reps on Jan. 29th.

    It's easy to get things in motion, everyone is too lazy to try though.
  • and in other news (Score:4, Insightful)

    by mark_lybarger (199098) on Wednesday February 12, 2003 @01:48PM (#5289336)
    it's now illegal to provide any false information while using oral communication. specifically related to, but not limited to, false information regarding the name of the communicator.

    spam spam spam. if spam should be illegal, so should any form of unsolicited communication. that includes conversing to persons without their permission at the local pub.

    i'm personally in favor of a more liberated
    government system, but if we want our legislatures to make rules, let's make it a level playing field , not just fix the annoying problem we have of spam (that is created because of a technical deficiency in the overall system of itself).
  • by Argyle (25623) on Wednesday February 12, 2003 @01:52PM (#5289375) Homepage Journal
    If so, perhaps spamware like SpamAssassin could be modified to intentionally bounce mail?
  • Flowers.com (Score:3, Insightful)

    by The Turd Report (527733) <the_turd_report@hotmail.com> on Wednesday February 12, 2003 @01:52PM (#5289380) Homepage Journal
    This domain was used by a spammer, they sued and won. http://www.mids.org/mn/803/spamset.html [mids.org]
  • by Mustang Matt (133426) on Wednesday February 12, 2003 @01:53PM (#5289391)
    I pay every penny of my T1 cost and we're already looking at jumping to T3 for more bandwidth.

    So just to put things into perspective... Every piece of spam comes through:
    1. Eats a little bandwidth
    2. Eats up a little CPU doing filtering.
    3. Eats up a little bit of CPU doing virus filtering.
    4. Eats up a little bit of disk space.

    Now you say most americans don't pay by the bandwidth, this is true, but they do pay FOR the bandwidth. For instance, all of my customers pay for the shared resources on my server. If one customer gets 50 million pieces of spam in an hour my server has come to a crawl and all of the customers who paid for hosting service are interrupted.
  • by entrylevel (559061) <jaundoh@yahoo.com> on Wednesday February 12, 2003 @02:01PM (#5289477)
    What is even less interesting about this is that the Reply-To header can be set to anything you want by most e-mail clients and processors. There are plenty of legitimate reasons for doing this, such as wanting all incoming mail to go to one account, or making people have to think about whether they want to reply to a mailing list or just the default of the original poster. The From header is the one that requires a tiny bit of knowledge to "forge".

    This sounds to me sort of like referring to someone who discovers an unpublished URL by trial and error as a "hacker". Of course, I didn't RTFA, but I will once it is un-slashdotted.
  • by robbo (4388) <slashdot@noSPaM.simra.net> on Wednesday February 12, 2003 @02:03PM (#5289497)
    or the source IP address of the sender is not registered to the same domain that the mail originates from

    Do you mean that the server should ensure the source IP isn't masqueraded, or that the originating domain in the From: header should match the domain of the IP address? In the latter case, refusing mail from mismatched domains would prevent me from using my email address at school when I send mail from home via my ISP. That's an important convenience I wouldn't want to give up, and I suspect that many more people use this feature.

    I do agree with the rev DNS lookups and I think most well-configured SMTP servers already do that.
  • by Drakonian (518722) on Wednesday February 12, 2003 @02:04PM (#5289511) Homepage
    Can I turn off HTML email in Outlook? Sorry for the stupid question that Google would probably answer for me.
  • by Fluffy the Cat (29157) on Wednesday February 12, 2003 @02:08PM (#5289545) Homepage
    spam spam spam. if spam should be illegal, so should any form of unsolicited communication. that includes conversing to persons without their permission at the local pub.

    Spam is grossly different to most other forms of unsolicited communication in one simple respect - the total cost to the recipiants is hugely larger than the total cost to the sender. This isn't true of (say) unsolicited email from an individual directly to you, unsolicted junk mail, unsolicited telephone calls or unsolicited personal conversation.
  • by FuzzyBad-Mofo (184327) <fuzzybad@nOSPaM.gmail.com> on Wednesday February 12, 2003 @02:19PM (#5289626)

    if spam should be illegal, so should any form of unsolicited communication

    This is not insightful. In the US, you have the right to freedom of speech. You do not have the right to force anyone to listen. Spammers try to force people to listen to them by faking headers, ect.

    To use your pub analogy, you have the right to strike up conversation with anyone you choose. However, persisting when the conversation is clearly not desired by the other party, and going as far as masquerading as someone else to get their attention would be harassment, and possibly stalking.

  • by karlandtanya (601084) on Wednesday February 12, 2003 @02:20PM (#5289635)
    Now, all we have to do is get the super spamfilter to think that all the reply-to addresses are JacksonRoyKirk@ufp.mil
  • Re:3 little words (Score:5, Insightful)

    by ahrenritter (187622) <deinspanjer@gmail.com> on Wednesday February 12, 2003 @02:22PM (#5289654) Homepage
    Um.. those are three very pretty all caps words... but they don't have a lot to do with this article. They aren't talking about open-relay abuse here.. During the course of an SMTP transaction, there are two important identifying lines:
    HELO
    and
    MAIL FROM:

    Many SMTP servers will do some sort of verification on the HELO line, but very little can be done about the FROM line. You can't easily kill addresses that don't match the HELO domain because legitimate mail relays would be unable to forward your mail on then.

    I can send you a piece of mail that will display bob.hope@whitehouse.gov as the from address. If Bob had that address, and people replied to the forged address, he'd be getting the blame for my spam.

    It sucks.
  • State laws? (Score:3, Insightful)

    by MacAndrew (463832) on Wednesday February 12, 2003 @02:41PM (#5289812) Homepage
    The FBI routinely sets a high threshold before it will get involved, and it sounds unfair until you consider they are *tiny* compared to local law enforcement. Similarly, the entire federal judiciary has fewer judges than California.

    Did you look at state law remedies, call the attorney general, that sort of thing? I'm not faulting you if you didn't, I'm just ignornant of whether there a meaningful alternatives.

    You could have sued the guy personally in small claims, although the dollar value was low. But there's nothing wrong with a little spite. :)
  • You could actually do something, like filing a request for support at Sourceforge. Their support guys are extremely responsive. You should've done so as soon as you had noticed the problem instead of blaming "sourceforge" as a whole for some technical glitch that was correctable.
  • by mojotooth (53330) <.moc.liamg. .ta. .htootojom.> on Wednesday February 12, 2003 @03:10PM (#5289999) Journal
    I was the target of a joe-job since last April. A spammer advertising a Human Growth Hormone website based in China was sending out tens of thousands of spams over a long period, with my long-held email addy in the From: address.

    The vast majority of the mails you get back are administrative emails saying that "the user does not exist." There is also a small amount that you get that are ill-informed, ignorant, and often very inflamed responses from people who respond.

    At the peak of the attack, I got over 14,000 emails in a single day. It almost caused me to have to give up my email address, which I had held for almost seven years at the time. I didn't want to give it up so easily.

    My solution was to install and use the Tagged Message Delivery Agent (http://www.tmda.net), which is a whitelisting service. It has my admiration for rejecting 100% of the unwanted emails for two reasons. First administrative accounts don't reply to their whitelisting requests, and second, ignorant angry users don't bother to reply to get whitelisted anyways.

    As for the question of why someone would do this, I have thought of three reasons:

    - To make their spam look more legitimate.
    - Just to cause general havoc
    - Because I have, in the past, not hesitated to complain to service providers about spam. This was probably retribution.

    I did attempt to bring some form of legal action into the fray. I talked informally to Scott Frewing, a US attorney (one of the prime players in the Skylarov case), about the attack. He referred me to the FBI's online fraud folks, but couldn't really give me much encouragement on the chance of the success, since the spammer's website was located in the China Telecom domain, although the company it claimed to represent was in New Jersey. In fact, he told me I would probably be better off pursuing the case strictly on the basis of fraud and possible identity theft (the use of my email address) rather than as a spam case.

    I stopped pursuing it after talking to Frewing.

    In any event, I have won the battle in the sense that I will never see the unwanted mails. But I have lost the war in the sense that I can't really make the F*CKER stop doing it, and it does consume resources on my linux box.
  • by scottm52 (544690) <winmaclinblog AT gmail DOT com> on Wednesday February 12, 2003 @03:14PM (#5290020) Homepage
    Read your stuff... pretty good, actually. However, your assumption that a "do not call" type list would be unusable is slightly off target.

    It can be done....

    From my post of last Friday Evening...

    "I'm from Missouri "And this version of the proposed law sucks big-time. How about they put a million bucks in a pool, open up 50 or 60 tracking bank accounts, and buy whatever it is the spam is selling.... Thus creating a $$$ trail that can be followed, and a judge can just take and put back into the state coffers. Him em where it hurts... in the pocket!

    Think about this now....

    1) Recieve Spam
    2) Report Spam (forward to spam-abuse somewhere official)
    3) More than X number received complaints, State goes into action.
    4) State dude/dudette actually buys whatever the spam is selling...
    5) state office then traces the $$$, get's a judge to freeze the $$$, apply an ADMINISTRATIVE FINE and keep the spammers frozen $$$ til the fine is paid.
    6) spammer learns to not screw with Missouri if they can help it (tough, but doable).

    Is this easy? No.. Can it be done? Yes, absolutly... If they're gonna write a law, write one that works...
    And yes, I'm chatting with several MO Reps and State Senators about it too.
  • Spam or DDOS? (Score:2, Insightful)

    by Xenna (37238) on Wednesday February 12, 2003 @03:23PM (#5290094)
    I had a different but similarly disturbing experience recently. A domain I host has the same name as a fairly large ISP in a neighbouring country (just the tld is different). A spammer started sending floods of messages with made up rcpt (aaa@domain, aab@domain, etc) addresses to it.

    The sender address was a similar auto-generated hotmail address. When I found out what was going on (on a sunday night) because the sysload went up, my mailqueue contained over 50000 undeliverable messages.

    I blocked the sending address with an ip table rule and mailed the Irish ISP. The next morning the connection attempts were still bouncing of my firewall and the ISP never replied.

    These guys are beginning to do more and more damage...

    Xenna
  • Re:IQ Test (Score:5, Insightful)

    by gidds (56397) <slashdot@@@gidds...me...uk> on Wednesday February 12, 2003 @06:25PM (#5291592) Homepage
    LOL!

    I've never understood why people don't put "Press a key" instead. The intelligence-challenged can search out the `a' key, which will work, and the rest of us will know that all the others'll work too. Plus it's two characters shorter -- benefits all round!

  • Re:IQ Test (Score:3, Insightful)

    by Bastian (66383) on Wednesday February 12, 2003 @07:12PM (#5291861)
    There's a huge difference between can and should.

    Anyone can use a computer.

    Some people shouldn't.
  • by AndroidCat (229562) on Wednesday February 12, 2003 @11:42PM (#5293083) Homepage
    but instead forged the whole thing so the send from is my email address

    Including the Received lines? Learning how to read those, backstepping from the last (trusted) one takes a bit of practice, but will get you to the spammer or the open proxy that he's hijacking.

    The main thing to track is the web site that most spammers have as the "payload" of their spam. Disposable accounts to send the spam are easy to replace, but getting the web site killed hurts the spammer. (Alas, too many ISPs are wearing the Enormous Foam Helm of Stupidity [userfriendly.org] about spam-support web sites.)

The meta-Turing test counts a thing as intelligent if it seeks to devise and apply Turing tests to objects of its own creation. -- Lew Mammel, Jr.

Working...