Who Reads Your @nospam Mail? 259
pjbrewer writes: "Ever use an address like name@nospam.com when filling out a form on the web or registering software? Think thats safe?
Somebody is surely receiving messages destined for these fake nospam emails... and for curiosity or boredom, I checked it out.
Nospam.com is owned by Anything.com, which is apparently, as it says on their web page, based in the Cayman Islands. Their page gives a short bizspeak blurb about what the company does (provide strategic advice to internet companies and vc-types).
Offshore corporations can be as legitimate as any other, so why does this suggest concern? Could it be that the owners or managers of nospam.com want to avoid US laws for some reason? The Caymans sound like a place to incorporate rather than a place to set up offices and a T1. Am I overly paranoid, or is there something interesting that could be done to analyze people's use of *@nospam.com type addresses or some other interesting use of this content they must be receiving?
Nospam.org and Nospam.net appear to be net malls owned by BestOfTheNet."
Re:Hey, Fine With Me (Score:1)
however, my MTA has this odd ability to figure out what to do with RCPT-TO and MAIL-FROM so i'm golden. i don't remember the command but an SMTP server can 'suggest' an alternate address if a user doesn't exist on your system, which means the spammer either forwards it to the new victim (ie. your system doesnt accept it then bounce it somewhere else) or gives up. either way you dont get it, and the new victim will not have any evidence that your system passed the buck...
Another "fake" address problem (Score:1)
I guess the moral of the story is to choose your primary email address carefully, because even if you aren't deliberately registering domains to catch phony email addresses, you might do it anyway!
Re:I have an approach to dealing with spam (Score:1)
Re:Email suggestions (Score:1)
Re:So don't do that. [IANAL] (Score:1)
Interesting. What is the definition of a carrier? I would have guessed Yahoo is not a carrier, since its servers are merely clients on the net, and is not directly "above me" in the net's "hierarchy". Whereas my ISP is a carrier.
I am going to look up the ECPA right now.
I just use... (Score:1)
Re:send me spam! c'mon! (Score:2)
Mike Roberto (roberto@soul.apk.net [mailto]) -GAIM: MicroBerto
Re:So don't do that. (Score:1)
I thought "billc@whitehouse.com" was more appropriate, given his proclivities...
_/_
/ v \
(IIGS( Scott Alfter (remove Voyager's hull # to send mail)
\_^_/
Re:Darn. Thanks, though. (Score:1)
I contacted the US domain people about allowing, for instance, the delegation of the MX record for NC.US (my state) to me. No go. They're pretty strict about usage. It has to be [city|county].state-code.US. You're allowed to make up stuff four levels down, but no higher. Other countries have whatever.com.uk, for instance, but not here.
Cayman for offices and Internet connectivity (Score:1)
If you think that Grand Cayman is a poor choice for Internet connectivity then you are sorely mistaken.
In the past years, Cable and Wireless has invested hundreds of millions of dollars into their Cable and Wireless: Cayman Islands [candw.ky] subsidiary. They offer nearly every high-tech Internet solution that you would expect in a well-funded area.
Although many companies simply use the Cayman Islands as a place to incorporate, there is significant business presence there, so the viability of locating there is not out of the question.
-dbaker
--
Daniel Baker - dbaker@(cuckoo.com|distributed.net|FreeBSD.org)
Re:So don't do that. [IANAL] (Score:2)
Yahoo is a carrier.
They better hope they do nothing to jeopardize that; it's the only thing that prevents them from being liable for the content of every email that passes through their system, like your employer is.
--
Use [a-z].[com|org|net]! (Score:2)
Domain Name: K.COM
Registrar: REGISTER.COM, INC.
Whois Server: whois.register.com
Referral URL: www.register.com
Name Server: No nameserver
Updated Date: 12-feb-2000
Organization:
Reserved Domain
(ICANN) Internet Corporation for Assigned Names and Numbers
4676 Admiralty Way, Suite 330
Marina del Rey, CA 92092
US
Phone: 310-823-9358
Fax..: 310-823-8649
Email: res-dom@iana.org
Domain Name: K.COM
Created on..............: Wed, Dec 01, 1993
Expires on..............: Fri, Dec 07, 2001
Record last updated on..: Fri, Jun 02, 2000
Its the same for all [a-z].[com|net|org] domain names. No nameserver, no way to get the mail, and I would hope that ICANN wouldn't find some covert way to read spam.
--
"my" @nospam mail? It's not -mine-. (Score:4)
Think about it folks. If you don't actually put your email address in the field, why in gods name would you consider the email yours?
You TOLD them where to deliver it. They're doing exactly what you wanted. Don't complain when that actually goes someplace! :)
Get filtering (Score:2)
This nospam business is getting really annoying. If you don't want to get spam, start doing agressive filtering.
Another nice thing is to give an email in the form name+domain@yourdomain.com where domain is the domain of the people you're giving your email address to. Lets you track down where the spammers got your address and then filter it all out.
Use EXAMPLE.COM for this purpose (Score:4)
@nospam.tld addresses. (Score:3)
---
Finding out who's selling e-mail addresses (Score:2)
Would there be anyway to make automate this & make it really convenient so that we could create a online "hall of shame" database of companies who are responsible for selling our e-mail addresses?
Check out asdf.com too: (Score:5)
Check out this page at asdf.com, too:
http://www.asdf.com/asdfemail.html [asdf.com]
So don't do that. (Score:2)
I use billg@microsoft.com if I don't care who reads it, and an alias that is procmailed into
Get a free Yahoo account, and then never check it and just let 'em delete it for you when it fills up. Since it's actually your account, it'd be a felony for Yahoo to reveal the contents of the email, so you're set.
--
I usually use (Score:2)
Like i'd want to buy THAT.
user@host (Score:2)
Of course there is about one or two machines that actually use TLDs. I seem to remember a guy with the user@cx domain who posted on /. Everyone he gave his address to freaked out.
The moral of the story? Just use user@host for your fake email. Or better yet, the slicker root@localhost for an evil loopback effect.
Re: drug smugglers need data havens too (Score:3)
The guy down the street got shot through his window a few months back. Is someone going to do that if price competition can bring the margins down to under 50%?
I decided against it, though. Even if it isn't strictly illegal, I wouldn't want the hassle of being disliked by the police.
--Kevin
Spamido - The art of stopping spam. (Score:4)
http://www.yelm.freeserve.co.uk/spamido/
Re:So don't do that. (Score:3)
"In 1986, Congress passed the Electronic Communications Privacy Act ("ECPA"),[13] which protects electronic communications from interception and disclosure to third parties.[14] This act was passed ostensibly because the common law protections for individual privacy were deemed insufficient. The problem in our context occurs because is it unclear whether e-mail is covered at all by this act. The hearings concerning the act showed that the House and Senate acknowledged the existence of e-mail, but did not address those technologies in the wording of the act. Regardless of whether e-mail was implied to be covered by the act, the exceptions tend to create large loopholes for employers to find relief in. Thus, although the ECPA would seem to protect workers from e-mail interceptions, it is not explicit when it comes to the workplace, and the exceptions contained may exclude employee protection.[15] These exceptions may limit the protection of employee e-mail, and include interstate systems, prior consent, and business use.
First, the ECPA only protects messages sent over public networks, because the definition under the act specifies only such communication that affects interstate or foreign commerce.[16] Thus, an inner-company e-mail system would not be covered, although a company voice mail would. This ambiguity will only require court interpretation, but under the statute itself, it appears that the exception would shelter the employer. Thus, an employer who provides an inner-company e-mail system could read and disclose employee's e-mail messages freely. Yet an employer who merely provides standard e-mail service from an outside provider does not appear to be protected by the provider exemption. Legislative history suggests the rational for the exemption was to allow providers access to the contents of stored electronic communications to back up messages as protection for system failure.[17]
Second, the ECPA allows interception and monitoring where one of the parties has given consent. Although an employee may not give explicit consent to the employer to read specific message "A," some prior aspect of the employer/employee relationship, such as signing an employee agreement which gives consent, or accepting an employee handbook, may defeat this claim. Courts have found that consent may be inferred from circumstances indicating that the party agreed to the surveillance.[18] However, in Watkins v. L.M. Berry & Co., the court noted that mere knowledge of the capability of monitoring does not imply consent.[19]
Third, the business use exception is the broadest exception of all, and allows the company the right to make interceptions under the ordinary course of business. Analyzing this exception courts usually take one of two approaches. The first approach is based on context and the second on content. Under the context approach the key to limiting employer liability is employee notice and a legitimate business purpose for the monitoring.[20] For example, the employer can probably successfully argue that in order to maintain productivity, decrease fraud, etc., they must intermittently monitor employee e-mails. It would be very difficult for the employee to argue successfully against this exception. "
Spamido. (Score:2)
Add a centralised LDAP server that can be used to check the senders address and spammers will be put out of business big time.
Well.. (Score:2)
There is no 'law' that says how to use email..
queue it for hunting down later (Score:2)
Set up a mailing list. People forward spam there. Everything sent to the mailing list is stored for
It's much more effective for one person to track down the people involved and threaten to blow up their offices if they don't stop spamming than it is for 100 people to forward it to abuse@nonexistantdomain.cx.
--Kevin
Re:I have an approach to dealing with spam (Score:3)
The bizland account redirects to an iname.com account, so if the spam ever starts mounting I can kill it fairly easily.
(Note that 'foo' is NOT my Bizland name!)
So far I haven't received anything I shouldn't have. Which is nice to know.
Re:Email suggestions (Score:3)
MAILER-DAEMON@example.com
Sometimes when they ask me to "tell a friend!" about something or other, I'll tell the postmaster, and give mailer-daemon as my address. Lonely postmasters like getting mail from their mailer-daemons.
Nobody@site.com (Score:2)
If you use nobody@ address, all the email never leaves the offending site and does not use up the bandwidth.
detecting spammers the sophisticated way (Score:2)
makes identifying spammers even more fun
(IIRC, you can make a catch-all in sendmail by using *@domain as a recipient in the virtusertable)
have fun
nc
example.(com|net|org) is reserved for this stuff. (Score:3)
They have a similarly reserved set of IP addresses that are only to be used as 'examples' in documentation. This is more important than you might think, there are several class-B's that are unusable on the modern internet because CISCO used them (instead of the real 'example IP's') in their documentation for setting up their routers. And more than a few admin's have used them verbatim.
So, for everyone who writes documentation, or wants an address/DNS that's reserved and will never be used in the global internet, use example.(com|net|org) and the appropriate IP ranges.
rot13 (Score:2)
Geek places like /. [slashdot.org] get my rot13 address because (at least for now) geeks (at least the UNIX derived subset) know how to deal with that. Other places get addresses that have my real domain, and actually get delivered to a distinct mailbox. That way I can see not only what spam picks up that address, but also how many people fail to correct the address (many, actually). My usenet postings are like that.
But the idea of unique codes for every submission of an e-mail address is very intriguing. I may have to do that.
Re:send me spam! c'mon! (Score:2)
A few simple rules, you can juggle with the rules to create more mailaddresses. One or more might be the true one:
ignore mails lacking @, at or a substitute. You MUST have an @. The same with dot.
at = @ , dot = . , plus = + especially with spaces in the text
attempt stripping everything after
attempt stripping everything in caps, and vica versa (lowercase)
attempt stripping certain keywords: SPAM, REMOVE, IGNORE. Attempt to widen the scope of this, checking for same caps or until a special symbol occurs.
strip illegal symbols and sequences of symbols, like spaces, question-marks, dollar-signs, paranthesis, [ , ] , @. ,
ignore addresses resolving to localhost, localdomain, root, webmaster, abuse, admin. These will only get you in trouble for little gain.
This is only on top of my head, I'm sure someone looking at a list of fake addresses can come up with more "rules". I'm also sure that if you apply this to the addresses you find here on
Of course you have to be pretty sick in your head for doing this, but spammers probably are already.
- Steeltoe
Re:I have an approach to dealing with spam (Score:2)
--
Paranoid / Rude / Usenet / Good munge (Score:2)
Suppose I use a nospam.com email address on slashdot. Suppose some spammer harvests the address from slashdot.org, and sends a spam to it. Does that say *anything* about what the email address was *ever* used for? Naah.
Even when I use it to subscribe to hmmm let's say mp3.com or some, and they send me a newsletter. Does that say anything about me? Can they collect any information that's valuable to advertisers that way? Naah.
Anyways, it's just plain *rude* te use an existing domain in an anti-spam munge. Those people get the junk that's meant for you.
On Usenet, RFC1036 tells you to use a valid email address. It's rude not to check the email, people can have a valid reason to email you. Discussions can become off-topic, or a one on one discussion, perhaps your article got canceled for some reason and the canceler wants to send you a cancel notice, etcetera.
If you really want to munge the email address, simply use something that never can and will exist (like a non-existing tld, or a domain name with an underscore in it) and put
Email clients with some clue will recognize the
Example: fake.email@slash_dot.invalid
One Usenet, it's best to munge your From address and use a valid Reply-To address. From addresses are very easy to harvest very rapidly from the overview database, while you'd have to retrieve all headers seperately to harvest the Reply-To headers. A friend of mine tested it by using spamtraps, and after three months, out of +- 550 spams.... 550 were send to the From address.
It's Happening to Me Right Now (Score:5)
It would NOT be fun.
Since June 5, I've been the person of which you speak.
If you have done a gnutella (or clone) search in the past few days, you probably have seen my name...
gnut> find anything CURRENT RESPONSES ----------------- 1) email matt@steinhoff.net for kiddie porn and anything 216.10.33.21:6345 size:80.854M ref:84279680 speed:10000It all started when I noticed that every query I submitted returned an html file. In that html file was a link to http://www.cybergirlsex.com/raw cash/click.cgi?tella [cybergirlsex.com]...
gnut> find anything and everything CURRENT RESPONSES ----------------- 1) anything and everything.html 216.100.51.42:6345 size:2.83K ref:234946611 speed:10000 gnut> find nothing at all CURRENT RESPONSES ----------------- 1) nothing at all.html 216.100.51.42:6345 size:2.83K ref:117638272 speed:10000I figured that an ambitious person had hacked gnutella in order to promote the web site so that he'd get some extra cash. I sent email to the the owner of 216.100.51.42 and they promptly shut off the user's connection. I also sent email to cybergirlsex.com in hopes that they wouldn't pay the user 'tella' for the referrals. Spam shouldn't pay no matter how it is done, right?
Ever since I sent the email message to the domain admin for the porn site, my name and server address has been showing up in each and every gnutella response. Cause and effect (and a bit more) leads me to believe that the porn site was 'tella' and they are not happy that I've cut into their revenue stream.
With a bit of investigative work I was able to tie the user who is spamming gnutella with the user who admins the porn site and more than two dozen other domains.
I've got the guy booted off a number of services in the past few days but that isn't much help (though it does make me feel a bit better). It's like playing wack the mole; hit him in one place and he pops up again elsewhere. I'm getting hundreds of email messages from people either looking for child porn or wanting me dead for supplying child porn. (Of note, of course, I don't have any child porn so stop asking.)
I've contacted the FBI's computer crimes division and they are far more interested in the folks emailing me looking for kiddie porn than they are in getting rid of the slime ball spamming my email address. At least the kiddie porn angle got their attention or I imagine this wouldn't have even made their radar.
So, what can I do? I'm already filtering my email so that I don't have to read through hoards of email. (Did I mention that he has also signed me up to dozens of mailing lists?) What's next? While tracking and smacking the first day was exciting, today it's a bit of a drag.
Any good ideas will return my eternal gratitude. (Any especially nasty ideas and I'll give you the guy's email address. {grin})
Matt Steinhoff [steinhoff.net]
(I had posted this as an 'Ask Slashdot' a few days ago and, of course, Slashdot would rather post Anime Moves on DVD.)
Re:So don't do that. (Score:2)
That's not what the top-rated law firm in the state told them, and it's not what my home-town lawyer told me.
If the contents of those packets are private email, it's a felony to read them unless they're in the company's email system. The fact that they're traversing the company's network doesn't change that, according to all the research everybody involved did.
--
localhost.net has address 127.0.0.1 (Score:2)
Too Much Info (Score:2)
I also fill out all contact information:
Bill Gates
C/O Microsoft Corp.
1 Microsoft Way
Redmond, WA 98052
1 (425) 882-8080
And I check the check box "Please Send Me Spam"
I figure no one really gets the emails (at least not after I started this
I was just checking on Yahoo Maps [yahoo.com] to double check the zip code (I rarely get that right) and I noticed that http://encarta.msn.com [msn.com] is listed as their website not http://www.microsoft.com [microsoft.com] as I would expect.
Devil Ducky
OT: blah.com (Score:2)
Moral: When using a fake address, at least keep the domain to something you know.
Re:I have an approach to dealing with spam (Score:2)
--
Maybe we can use this power for good.... (Score:3)
Of course, it probably wouldn't be moral to do that. So who would be a valid target for this kind of treatment? In my opinion, a company that does nothing to stop spammers is fair game (since it's their fault most spam gets out here). And since I'd love the irony of them recieving spam from their own servers, I'm seriously considering changing my
help@uu.net root@uu.net postmaster@uu.net abuse@uu.net
I can just see them now! "Where the hell is all this spam coming from?" "Um... it look like it's coming from us!"
Serves 'em right!
Works for Mailing Spam too (Score:2)
That got really boring, though. =)
Re:Plus is your friend (Score:2)
bang-path addresses used to work too, and they slowly faded away.
So.. if it's not part of the RFC.. then it would be wrong to say a server that doesn't support it is a 'piece of crap' server.
Re:Get filtering (Score:2)
I personally use root@localhost.somedomain.com. That one resolves to 127.0.0.1 in many domains, and it's a DNS-resolvable host name for sites that require that to consider an email address valid. (Note: Newer domains don't seem to be including a "localhost" entry, so run "host localhost.somedomain.com" to check beforehand. Or, if you don't have host, you can try nslookup or some other utility.)
--Joe--
Gut reaction to nospam.com (Score:3)
But looking at the web site, it seems amazingly bland, almost to the point of parody. Amazing amount of corporatespeak. (Reading it, I was reminded of The Tubes' Sell Out album liner notes.)
Hrmf. Another mystery on the Internet, a land of countless mysteries.
Geoff
Apologies to foo@foo.org (Score:2)
when filling in forms.
No doubt your email account is filled every
morning with email from 'hot chicks doing
it hardcore' because of me.
A solution? (Score:2)
For all those forms, I simply reply with the following address:
privacy@them.tld.
That way, they can get their own mail to their privacy account and I don't get bothered. Maybe if they get annoyed enough, they'll stop asking for your email just to download a piece of 'free' software. Of course 'free' means "If you sell^H^H^H^Hgive your e-mail address to us
Is this polite? Probably not. Neither is sending junk mail to people or selling your "private" databases when you go bankrupt.
Regards,
Matt Heckaman
Governments Can't Do What Numbers Can (Score:3)
Seriously, I would prefer no control over government control, when it comes to spam. As much as I hate spammers, I hate government beauracracy and scheming more.
Besides, the government can't do anything more than those of us who actually use the internet can do. We can take it upon ourselves to deal with spam - report it, log it, prosecute it (based on existing not-quite-net-related laws) and pressure the spammer into ceasing his behavior.
A government only has control over it's physical jurisdiction -- but users of the internet have absolute control. We can, in numbers, put a crimp in the activities of people in places where their governments (or lack thereof) allow them to continue their spamming.
The problem with this is that there are so many organizations out there working on this, but none of them are working together. If we had an army of 100,000 volunteers worldwide, we could do some serious damage.
This is a bunch of dreamy -- in the perfect world sort of stuff following, so take it all with a bucket of salt. I'm allowed to day-dream, right?
100,000 out of the the combined global 'net population is less than one one-hundredth of a percent (.01).
If 100,000 people each processed 10 spam messages in Usenet or email per day, you suddenly have millions of people being ratted-out to their ISP's and upstream providers on a weekly basis. From experience, I know that you have a 10% chance of toasting someone's account when you bring to light their infringement of the provider's TOS. Those are decent odds, if you have enough people to pursue them.
And we aren't talking a lot of time. Not all of us can sit at our computers fighting spam each day, but if we knew we were actually helping out (a lot of us feel like people have given up, so who gives a fuck if we try), that two minutes per email would be well worth it.
And just imagine if we could get a full percentage of netizens to do the right thing and help out? We'd be talking 100,000,000 small skirmishes conducted; almost a billion per week.
There are two concerns with this, of course. The first is "won't this alone generate a lot of wasted bandwidth?" and "what about rogue ISPs?"
The answer to the first question is, yes. A lot of bandwidth, but with a legitimate purpose. Further, the amount will decrease as success is made and spam in general is diminished.
The answer to the second question is a bit complex, because there will certainly be some people who will continue to spam, no matter what ever happens.
If you have 7,000,000 messages processed each week (or in the better case of a full percent of users fighting spam, 1,000,000,000), we could imagine that perhaps 50% of the messages are duplicates. That, is 3,500,000 (or in the best case, 500,000,000) unique messages. The higher the number processed, the higher the number of duplicates, of course.
So with the lower number of 3.5 million messages (generating higher response for duplicates, in the neighborhood of 7 million), let's say that half come from every day John Q Public's who haven't quite figured out that spamming is BAD. The other half come from the top 100 known spammers.
The John Q Public half has a higher chance of being incinerated, because their 20$/mo ISP isn't going to cut them much slack when several dozen complaints are filed. Whammo. Figure a 20% success rate on that alone, minimum. Say goodbye to 300,000 spammers.
The rogue-ISP and known-spammer half is a lot more difficult. We'll figure we have what... a 1% chance of shutting them down? If 3.5 million messages are sent to these top 100 and their providers or upstreams, (we're talking AOL and upstream providers from rogues), it's only 35,000 messages per entity. Not a lot to deal with. Even over a year, it's only a couple million messages and complaints each.
This is where that fraction of a percent of anti-spammers would have to recruit people to help out, until we had that full percent battling with us. That full percent cranks that 35,000 into 3.5 million per week, per entity. This is a lot of mail. I believe it would crunch all but the actual spammers themselves, who have absolutely to reliance on other servers or services for the processing of their own spam, into submission. Jim Bob, running a box at a co-lo will be shot into flames by the service giving him the feed pretty damned fast. Jill Bob with her own server and own direct connection is going to be black holed in a heartbeat by all the other admins and postmasters watching their mailboxes fill with complaints each day. At some point, the entrace points for messages to be propegated and stuffed into your mailbox will be squeezed into a trickle for these people, which is as good as none for a lot of us.
But, as I said -- this is all a utopian, let's do this ourselves -- all it takes is some time and a group of people who give a fuck, idea. I don't actually expect it to ever happen.
---
seumas.com
Re:So don't do that. [IANAL] (Score:3)
Nope. Yahoo is a carrier, not your employer.
Read the ECPA. That provision has never been ruled unconstitutional, it's been sitting there quietly in effect since 1986.
Only U.S. Postal Service mail is protected with the felony mail tampering law.
Different law.
However, I mention this because it brings up an interesting point; FedEx and UPS packages aren't mail, and aren't subject to that law. Keep that one in mind...
--
Hey, Fine With Me (Score:2)
If you're concerned that someone may send you important email and accidentally forget to remove the 'nospam' or whatever other element you've dropped into your email address, set your domain up so that it has an appropriate subdomain such as: nospam.mydomain.org, where 'mydomain.org' is your domain. Then route everything that comes into 'nospam.mydomain' right to /dev/null. Get's rid of your spam just as well as the other alternative would have, but without the possibility of having any of it fall into someone else's hands.
I used to think I got a lot of spam. Perhaps a dozen or two dozen messages a day. But compared with the almost two hundred messages per day from customers I support, spam isn't quite such a big deal to me.
I used to take the time to track spammers down and collect a few severed heads, but with such a busy life, few of us actually have time to do so -- even with fairly reliable services like spamcop.org.
I guess it's the price we pay for having as free an internet as possible. I dislike it, but I feel better knowing that it's all part of dealing without legislation. And that's fine with me.
---
seumas.com
Use example.[net|com|org] (Score:5)
Of course, loads of domain name registrars and ISPs advertise with yourname.com.. Which is of course a competitor! Doh!!
--
Re:OT: blah.com (Score:2)
Santa Claus
North Pole
Canada
H0H 0H0
you will receive a reply back. Tho' perhaps you need to enclose a SASE.
It's run by Santa's elves, in the form of retired postmen/mistresses and a ton of other volunteers.
Please don't Slashdot 'em!
--
Re:This is annoying (Score:2)
Nobody's used my domain for that purpose yet, but if they do, I'll check usenet, find out their actual address, and then set up a forwarding rule so they get their mail.
--
Re:Governments Can't Do What Numbers Can (Score:2)
Yes, most respectable ISPs will delete accounts that send out spam. However, it's not hard for a person to create a new account -- even with the same ISP. The real problem is with people new to the ways of the internet who simply don't think about what they are doing -- they "don't know no better." (I've dealt with too many of these people.) Most of the "professional spammers" have disappeared -- it's just too expensive and much more likely to make your car explode (with you in it.)
Re:Canonical '127.0.0.1' list? (Score:3)
--
Re:Maybe we can use this power for good.... (Score:2)
>someone's e-mail that I don't like in my message, to get them spammed to oblivion?"
I had the same idea many years ago, & used ``cyberpromo" as a munge string.
I never heard how well it worked (except for getting a terse note from my ISP telling me to stop that), & Sandford Wallace doesn't spam any more . . .
Geoff
Too Paranoid... (Score:4)
"I will gladly pay you today, sir, and eat up
O the humor... (Score:5)
root@127.0.0.1 works for me. That way they end up spamming themselves.
Of course, the funniest part is when i am told that someone already registered it.
Use a fake Microsoft addr instead... (Score:2)
Hey Spam is ILLEGAL in CA!!!! (Score:2)
07/09/00 21:50:32 whois !NETBLK-PBI-CUSTNET-4056@whois.arin.net
whois -h whois.arin.net !netblk-pbi-custnet-4056
BRE Properties (NETBLK-PBI-CUSTNET-4056)
1700 Promontory Lane
San Ramon, CA 94583
USA
Netname: PBI-CUSTNET-4056
Netblock: 216.100.51.0 - 216.100.51.255
Coordinator:
Campillo, Doug (DC199-ARIN) DCAMPILLO@BREPROPERTIES.COM
415 445-6575
Record last updated on 12-Feb-1999.
Database last updated on 7-Jul-2000 17:53:46 EDT.
>>>>>>>>>>>>>>>>>>>>
HEY! Spam is ILLEGAL in California!!!!!
contact your local attorney general!
Cyberstalking (Score:2)
There's an article on this at sfgate [sfgate.com]. Your case sounds like Jane Hitchcock's--she was spammed and signed up for magazine and CD subscriptions by a phony literary agency that she had had a dispute with.
There's a watchdog group called Cyberangels [cyberangels.org] that has a division devoted to fighting this sort of childish crap.
---
Zardoz has spoken!
Re:Finding out who's selling e-mail addresses (Score:2)
Even if most e-mail addresses culled by spammers are from newsgroups, there are very likely at least SOME companies which sell e-mail addresses which they collect from their web sites - and it would probably be a good precedent if their names were splashed far and wide as privacy violators.
Re:So don't do that. (Score:2)
What that statistic doesn't show you is that in the vast majority of such cases, they settle out of court, because they know they're on shaky ground.
You're just seeing the cases where they weren't on shaky ground, and took it to court.
My ex-employer folded like a house of cards 'cause they knew I had 'em by the short and curlies.
--
Re:send me spam! c'mon! (Score:2)
Nothing, nada, zilch.
The From: address gets deluged with crap.
Also, having a real email address diaplyed on
dave
Re:Maybe we can use this power for good.... (Score:2)
Re:OT: blah.com (Score:2)
You do not need to send a SASE for the simple reason that no six year old is going to understand the concept.
Oh, and if you ask for Manitoba like I did for business english, they won't send a reply.
Annoying (Score:2)
People should either use a non-valid e-mail address or simply don't enter one. If you are using a valid e-mail address all that does is push the spam on someone else.
Re:Use example.[net|com|org] (Score:2)
Re:send me spam! c'mon! (Score:2)
Dear Bill:
My name is Ineyo Montoyota. You have me in your 'spam database' as [address-du-jour].
As much as I find spam in general distasteful, I try to ignore it. In fact, I tend to get a laugh of your messages in particular. See, I'm a nudist living in Grable Community near Parsippany.
You'll never get a sale from me, so knock it off..
Sincerly,
Ineyo Montoyota
Re: drug smugglers need data havens too (Score:2)
I dunno. They seem to be universally disliked by governments everywhere, & was the first example that came to my mind.
Whyn't we just Godwinize this line of argument, & say that anyone seeking secrecy is obviously in the business of trafficing in kiddie pr0n? that's right, all of those folks who just want to be left alone are trading pics about how they made Junior do it with Fido!
(Except that there aren't enough child molestors out there on the 'Net trading pics to make it worth the law enforcement agencies' while to ask for an international agreement to watch the 'Net for dirtbags abusing the fiber in this way. They'd rather argue that drug dealers are encrypting all of their dealings with PGP, rot-13, & other computer generated cyphers, & that's why they need to be able to decrypt every communication out there.)
Geoff
My tricks, including the 'plus hack' (Score:2)
After I got my own domain, I found out that only works properly if the nospam DNS exists. Otherwise sendmail will reject it, even if it's a subdomain of a valid domain. I didn't feel like adding a nospam address because I had learned a better trick.
But what I use now is the "plus hack". See, the user name part of e-mail addresses (at least if you use Sendmail) can have a plus sign added to it, followed by some unique identifier for further routing (or procmailing) of the mail. So I simply use, say, +usenet1 on usenet posts, and once that starts getting spammed, I'll move on to +usenet2.
Some interesting results of that have appeared in my logs. One spammer's software simply removed the plus sign, and another removed everything before and including the plus sign. Either way, "User unknown".
And speaking of logs, I've noticed something VERY wierd in my logs. At first, I thought it was because someone owned my domain before, but now I'm not sure. I would notice "user unknown" bounces of the form "lusername@domain.net", where the domain was four obscure characters (definitely NOT a word). Just random user names. Now maybe a few people were clueless and put ".net" instead of ".com". But I'm not so sure. I think there may be some spammers out there trying random user names at domains for some reason I can't comprehend, probably because the reasons truly are incomprehensible. Anyhow, a bounce is a bounce.
And now with what little spam I get (about 0.5/day, mostly through my someday to be dropped texas.net address), I make a point of reporting to the abuse address of the spammers IP domain, since even most open relay mailers bother to log the source IP address. Hopefully this will help get a few more chickenboners shut down in this eternal game of whack-a-mole.
Re:I don't get it. (Score:2)
It's probably a Prisoner joke at any rate. "I am not a number, I am a human being!"
best to use non-existant domain (Score:2)
--
Re:not so easy (Score:2)
Go to your mail, click the options, click filters, and set it up.
Re:It's Happening to Me Right Now (Score:4)
On a related note, you might want to contact the makers of ShareZilla [flatplanet.net]. They claim to be selling software that intercepts Gnutella requests and responds with ads related to the search requests. Any search result I get back includes the above URL for their website. This product seems vile and frighteningly abusive enough in its own right, but it may be the tool that the scum ruining your name may be using. You may wish to inquire with them about that.
To be honest, though, I think Gnutella needs to be reworked or replaced if something like this or what happened to you can go on there. It sickens me to see this being done.
Have you considered trying to nail the bastitch under stalking or harrasment laws? How about libel or defamation if people searching for illicit materials are pointed your way? This jerk has to breaking several laws doing this. Forget civil litigation -- file criminal charges.
Re:Canonical '127.0.0.1' list? (Score:2)
The first I ever heard about this was warez.blackdown.org (net?), which I read about on the blackdown site. 'twas an IRC log, with some semi-unqualified sysadmin threatening legal action if they didn't stop pointing that adress to "his" machines.
eventually he clued on, but not until he made a severe jackass of himself.
A google search for warez.blackdown.org should be good for a laugh, but I'm lazy.
I have an approach to dealing with spam (Score:5)
(2) I know how the spammer got my email address. If the email address was given to a service that promises not to give out addresses I'll know exactly who to blame.
Basically I can track the spammers like doing cookies in reverse. Even if you don't have access to your mail server you can use 'plus' userids at many ISPs although that isn't quite as powerful. Of course I don't want to feel like I'm just a number and that's why the addresses all start with 0x7ff (geek joke - think about it!--
Could be a good thing (Score:2)
What for? Sevral things. For one exaples of what NOT to do. Who to avoid and maybe just what to add to filters.
As ALL the e-mail to those domains are 100% spam a simple catch and filter system could create an effective filter.
If they go the extra mile they could be looking for scams and reporting them.
We don't know but harvesting spam is hardly an invasion on us.
Whatever they are doing they know spam isn't welcomed and thie spammers are crooks. So from there they are probably just using it for internal use.
hay... know thy enemy... Keep your friends close.. keep your enemys closer...
Chances are good they have some dark and sinister motive... one we'd aprove of... along the lines of "nuke em"....
Email suggestions (Score:2)
but when I'm feeling nasty, I use the root account's email address on that system. I.e. if I'm signing up for foobar service's something-or-other, my email address is root@foobar.com. Most web forms (if not all) don't catch this, and the BOFH gets the spam.
Sure, that's not exactly kind, but you can also put your email address as abuse@yourisp.com which will forward all spam to the spam account.
Or maybe sales@microsoft.com. I'm sure they can use some more...
Re:Regular expressions (Score:2)
I've also done the technique of using custom addresses for downloads. Then I can easily kill the address if they start spaming it.
Re:OT: blah.com (Score:2)
You can check out the places website at www.northpole.com
not so easy (Score:2)
However, often legitimate mailing lists don't put your email address in To: or Cc:. I subscribe to several.
--
Re:So don't do that. (Score:5)
That has been incorrect since 1986. There is a specific law against it in the United States, and it is a seperate felony count for *EACH* email.
Just like at work, you're employer has rights to read and do what they want with your email since it's on their equipment.
That is a specific exception in the law; your employer can read email that exists in their mail system, and they can prohibit you from accessing your private mail from work (and fire you if you do), but they can't look at your private email even if you access it from their equipment.
Trust me on this one; it's what my last employer's lawyers told them shortly before I left.
--
This is annoying (Score:2)
Last time this happened, I looked at the headers of the usenet reply, went to the usenet newsgroup in question, and asked the person to not use my domain for nospam email addresses. The person, rather embarassed, was nice about it and changed his fake email address.
The proper way to make a "nospam" email address is to use "name@example.com", or if you can not do that, use an invalid ".gov", ".edu", or ".mil" domain, such as "compost.gov".
- Sam
Re:Email suggestions (Score:2)
Registrant:
Mike O'Connor (BAR-DOM)
2168 W. Hoyt Ave.
St. Paul, MN 55108
Domain Name: BAR.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
O'Connor, Mike (MO35) mike@HAVEN.COM
O'Connor Company of St Paul
2168 W. Hoyt Ave
St Paul, MN 55108
651-647-6109
Record last updated on 21-Apr-2000.
Record expires on 23-Apr-2001.
Record created on 22-Apr-1994.
Database last updated on 8-Jul-2000 18:43:43 EDT.
Domain servers in listed order:
NS.GOFAST.NET 209.46.63.1
NS.MR.NET 137.192.240.5
--
Let them have it (Score:2)
If they've vounteering to receive a similiar amount of crap, fine. Let them. It's not like they're ever going to see anything important.
Re:not so easy (Score:2)
mojo@jojo.com (Score:2)
Pope
Freedom is Slavery! Ignorance is Strength! Monopolies offer Choice!
send me spam! c'mon! (Score:5)
The address is spambox1 through 4 @atlas.cz, that is:
spambox1@atlas.cz, spambox2@atlas.cz, spambox3@atlas.cz, spambox4@atlas.cz
spambox2 is dedicated to spam for porno sites, so please be nice and respect that.
When I have enough spam, I'll try to find some really interesting pieces and post 'em somewhere!
Thanks in advice
tom
Forged return address (Score:3)
If you want a spam drop account, at least create one yourself and do not fill other peoples mailboxes. This is just as offensive as sending SPAM.
© Copyright 2000 Kristian Köhntopp
If you must provide a fake address... (Score:3)
You can read more about it here [privacy.net].
--
Re:O the humor... (Score:2)
Re:Hey, Fine With Me (Score:2)
You could also, using your postSMTP UBE filter, apply a rule to not only reject messages sent to 'nospam.mydomain.com', but to rewrite the headers so that the message is delivered back to the postmaster of the IP's found in the envelope.
Of course, envelopes can be forged, too -- so you run the risk of pissing uninvolved parties off.
---
seumas.com
Re:Hey, Fine With Me (Score:2)
By giving a valid domain address that you know will receive Spam, aren't you complicit in the bandwidth waste?
If you are going attempt to block Spam with a bad email address, it's best to use an illegal/invalid address or something that will cause the Spam to loop back (root@[127.0.0.1]).
Personally, Spam doesn't bother me that much. I'd much rather make it easier for people who really want to contact me than by giving out valid email address.
It generally only takes a few extra seconds for me to delete the UCE when I'm deleting all the Spam that I actually signed up for.
-Jordan Henderson
Re:Check out asdf.com too: (Score:2)
THEY'RE STEALING OUR SPAM! (Score:2)
Re:Hey, Fine With Me (Score:2)
How much of the "push for fatter pipes" is the result of ever increasing worhtless shit flying around the internet? (and of course, the resulting emailed complaints) I would venture a guess that 40% of the bits flowing around the globe shouldn't be... from spam to badly written, uncachable HTML to lame-ass streamed media that cannot be cached.
As someone's signature said... Who are you? Where are you taking me? And why am I in this basket?!
Re:send me spam! c'mon! (Score:2)
Incidentally you might want to create a more generic address. If I were a spammer, I'd be figuring that any address that had the string 'spam' in it is a diversion, and I'd code my script to either ignore it or attempt to derive the 'real' address from it. It's also possible that spammers figure anyone living in Czechoslovakia isn't going to be a good candidate for musical toilet seats or whatever they're peddling. Consider using an address in the