My Short Life As An Unintentional Porn Spammer 570
Freerange writes "Mike Masnick wrote up his experience getting slammed by a somewhat new kind of spam attack that doesn't get much hype (yet?). A spammer spoofed his personal email address as the 'reply-to' for a batch of spam, with interesting results for Mike: "I can
now answer the questions 'who replies to spam?' and (should anyone ever
wonder) 'what are the hundreds of variations on bounced messages?'" From Politech."
Not New @ All (Score:5, Interesting)
Sucks when it happens, but isn't new.
Probably the same idiot in Minnesota:(
I hear ya! (Score:2, Interesting)
Yeah, us too (Score:3, Interesting)
For those that have experienced this... (Score:2, Interesting)
I'd be pretty upset if this happened to me.
Why? (Score:5, Interesting)
Why not just put some bogus made-up address there?
Are the spammers just trying to cause as much chaos and unpleasantness for as many peoples as is humanly possible?
Happened to Me, Too (Score:5, Interesting)
Happened to Me 3 Times (Score:2, Interesting)
First you get millions of bounces. Then you get hundreds of angry replies. "TAKE ME OFF THIS LIST!" (Which only ensures that they get put ON more lists because it proves that it is a valid e-mail and that they OPEN AND READ their e-mail!)
AND you get the orders! You don't get that many, compared to how many e-mails were sent, but since the RECEIVER pays to receive the stuff, who cares?
Fix it with PGP. (Score:5, Interesting)
Am I missing something? (Score:3, Interesting)
Why wouldn't that work to vastly reduce the amount of SPAM?
Re:Why? (Score:2, Interesting)
> Why intentionally spoof someone's legitimate email address in the reply-to field?
Who knows? Once in a while I get spam faked to look like I sent it to myself.
Spammers are the only "businesses" in the world who think it's best to be as offensive as possible to potential customers. The mentality is astonishing.
This is old news for me (Score:4, Interesting)
Curiously, I almost never get anyone writing to me complaining about the spam. That used to happen, but I think most folks have figured out not to reply. I also don't seem to have been blacklisted anywhere (faughnan.com); the blacklist maintainers are apparently smart enough not to be fooled by spoofed fields.
Why did they pick me? I think they like to take addresses that are present in the registrar databases. Or maybe they picked me because I complained about spam and write about ways to stop it (not that hard really, we just need to authenticate the sending service [faughnan.com] rather than the harder task of authenticating the sender).
In any event, sadly this is old news. Good to know it's starting to make its way into the public consciousness though.
Internet growth halted protocol refinement? (Score:4, Interesting)
IPv6, which includes security, ummm, mechanisms that could be utilized to curtail spoofing, some forms of DDOS and net abuses in general, but rolling it out seems too be gracial.
New RFC's could be authored that extend, modify or replace those upon which our present mail server's are based, but would... could anyone get them pushed through? Or is the Internet infrastructure so massive that any major advances in concept run smack into the issue of interoperability?
Re:No way to contact spammer (Score:4, Interesting)
I don't know if this actually works for anybody trying the spam technique, as I'd hope most people getting these messages would either be too smart to fall for it or too afraid of the stock market to set up and manage their own account.
Re:Reverse spam really isn't that new... (Score:5, Interesting)
Re:No way to contact spammer (Score:3, Interesting)
Or perhaps it's a counter strategy by antispammers - they send spam to make people hate spam.
Or maybe that's a counter counter strategy by spammers, erm nevermind.
It happened to my wife! (Score:5, Interesting)
Holy crap the email she got! Emails came from people all over the world. An incredibly rare number of them included clothing and were simply introductions. Most of them included an attached nude picture of (I assume) themself (either that or there is a cast of nude pictures of incredibly ugly people floating around somewhere). Some of them demonstrated their sexual experiences with animals. But every single one of them seriously pursuing some sort of sexual relationship with someone that
This whole experience turned my wife off of the internet for a long time.
I was able to track down the original post to alt.bestiality.whatever it was, and tracked it to a posting through deja news. (This was about 5 years ago). But ironically, there was nothing in that post that included "go to this website" or anything like that. The only contact information in it was my wife's email address. At the time, I assumed that the person who did this wanted us to change email addresses so he/she could have the one that we had (which was simply my wife's first name@iname.com).
After tracking it down I sent deja the information and asked them to pursue it. And I changed my wife's email address. We have our own domain now. BUT I still, occasionally login to the iname.com account and empty it. I want that account to stay active forever so that whoever tried this doesn't win.
What would you do if this happened to you? What are the defenses for this kind of thing? The email that came in wasn't spam. It was real email from real people who had real mailboxes. How do you prevent this kind of thing? So most of the antispam techniques that I know of wouldn't have worked. Additionally, we occasionally get emails w/attachments from friends who want to show us pictures of their kids. So blocking all attachments won't work. What should be done?
Replying can help stop spam... (Score:5, Interesting)
This is a letter I sent off to a company who offered me ways to enlarge my breasts. Being male and having no desire for hooters I felt obliged to reply.
----------
Do you people simply not bother to see to whom this message is going to? Do you not bother to do market research to see if I'm even going to be able to use the product? I am a man. I have a penis and not breasts. I am a guy, a bloke packing a "willie", a "johnson", "meat and two veg", a "one-eyed trouser snake", a "little fellow", a thingie, the "outy" parts to match up with the "inny" bits of the people to whom you should be sending this spam to and not me and my "Collection of dangly bits".
To put it simply people..."A DICK"
I have no interest in your product for the enlargement of breasts and request that you remove me from your list.
Thank You,
[name removed]
BTW: I'm also happy with the size of my naughty bits and request that you not send me information on that product should you offer that as well.
----------
To which I actually got this as a response:
----------
ROFL
Sir we are deeply sorry that you have recieved this advertisment and we are taking you off our contact list. We thank you for your polite and amusing letter.
Again sorry for the inconvience
----------
That was in August and to this day I have not seen any messages offering to give me "Huge...tracts of Land" since that date.
Sometimes it pays to answer a spam
Phoenix
Happened to my wife (Score:4, Interesting)
If it had been porn I would have looked into the possiblity of filing a defamation of character lawsuit. It was in your case and if it was written in the first person singular ( "come see me nekkid...") and had *you* as the reply-to I'd imagine you'd have an excellent chance of winning such a case - it would certainly be worth talking to a lawyer about.
A novel approach to killing spam. (Score:2, Interesting)
Instead of putting the effort of defining spam on the user, put the effort to defining non-spam.
This could be be done quite easily, maybe in a method that would be "expensive" to spamitize.
Create an algorithm, similar to sha1, but that can be calculated with any given number of calculations. Perhaps make it easier to decompute than compute.
So, when sending a mail, attach a CPU cost of lets say 20 seconds. (X number of calculations)
When your friend receives the mail, he spends 2 seconds checking the calculation (or maybe 20, does it matter?) And then accepts it is probably not spam.
Thus, a spammer, in order to spam, would need a reallly fast computer! This would cost money, etc. I'm guessing that spammers probably have cheap equipment anyway, so calculating their message tag would be much more time-consuming than an average joe?
-- What do you think?
Swift and effective retribution... (Score:5, Interesting)
You have no right to complain /. (Score:2, Interesting)
Since that time, sourceforge has been spamming me EVERY DAY, asking me to deal with the mailing list request. I am unable to log in and deny the request, even using the mailing list admin password that I am spammed with once a month. Does anybody else see the irony here?
Merlin
It's called a "Joe Job" (Score:5, Interesting)
The term Joe-Job got it's name originally from Joes.com when a spammer decided to get revenge in this fashion. Information can be found here:
Spam Attack! [joes.com]
I can say from having had this done to me, it absolutely sucks. It creates a huge mess that takes weeks to clean up, plus the joy of dealing with people who decide to attack you for something you didn't/would never do. If I were to ever get my hands on those responsible....
Unfortunately, the problem with tracking down those responsible for this dispicable act is the same one with tracking spammers down in general. It is time consuming, costly and may not yield a desireable result.
If you want to see more on this, just Google Search for "Joe-Job" [google.com]
It is good to bust/report spammers, but when you do, look at the spam and the site being spamvertized. You might have received a joe-job email and by reporting them, you're playing into the spammer's hands.
If you ever get joe-jobbed, I would say one defense on the web is to change your page to one similar to the "Spam Attack" page I reference above.
Re:Why? (Score:5, Interesting)
Revenge.
I've had several spammers disconnected by reporting them to their ISP. One of the ISPs I reported to was stupid enough to send the report (along with my email address) to the spammer (before they disconnected them.)
Next thing I know, I'm getting tons of bounce messages for spam I didn't send.
It stopped after a week or so.
This happened to me... Here's what I did... (Score:4, Interesting)
I tried to find where they were coming from, some of the bounces were more informative than others... The originating IP ended up being someone(intentionally or unintentionally) running an SMTP proxy server... And the IP was out in the middle of nowhere... (Came back to a B-class set of addresses... Not much help in tracking down a network admin...)
Some of the bounces had the actual message... Which were linking people to a site which in turn asked them to buy something (saying that their order page was secure when it wasn't)... I tracked down who had registered the domain (the admin and billing contacts...) addresses ended up being in China (domain was cnmailads.com)... Sent email, no response... I set up procmail to redirect the hundreds of bounces to them, plus I had some simple spam filters, and redirected all of my spam to them as well...
The order page contained a form that had an email address for where the orders were really going... I made my own personal copy of the form, and began sending megs of data through... Entering bogus info to corrupt any real entries (who would order this crap over the Net from a website in China??? Who knows...) Email address was a yahoo account, which it didn't take long for me to fill it up... All added the yahoo address to my procmail redirector as well...
I went to a couple of spammy sites (cooldeals.com or something like that)... Signed them up to receive all sorts of valuable emails... Signed them up for some mailing lists too... Easy to sign up, and pain to get off of...
It had been going on for about a week before I started this, and stopped after about 2 days... Checked back to the link that was sent and the site was gone... Probably moving on to the next sucker email address and site...
Re:Spam needs a technical solution. (Score:5, Interesting)
It was kind of a cross between usenet and standard email. When you "sent" an email, it was in reality uploaded to your message store (the idea of the inbox was removed). Then notifications were sent to each person that a message was in the To field. That meant that for instance you could edit messages after they were sent, you could bring people in on threaded conversations half way through preserving the threading and so on. It also meant the attachment limit was decided by the senders account, not the receivers. Want to send a 200mb video to your hotmail using friend? No problem.
One of the features of this system was that key signing was built in from the start. That meant, you could opt to trust certain "roots", probably international ISPs. If you wanted to setup a newMail server, you'd have to get your hosting ISP to sign it for you, probably requiring a contract to be signed saying you'd shut down any abusive accounts etc.
Mailing lists were dealt with specially, I've never been happy with the way they currently work.
Combined with send limits (how often do you email >100 people?), that meant that spam could be cut down quite significantly. In particular, because it could be shut off at the source, if a spammer did somehow manage to spam lots of people at once, all it'd take is one report and the email would magically disappear from peoples message stores, before they'd even seen it in some cases. If the spammers were running their own servers, revoking their certs would do a similar trick.
It wouldn't eliminate spam of course, that's not possible. Smart enough people will figure out ways around it. However, having accountability built in from the start would help curb the situation a lot.
Originally I was going to write the client as a commercial app, but make the protocols open (with a non-commercial free license available). However, I ended up working on autopackage instead, so I never got around to it. If somebody thinks it'd be cool, contact me and I'll fill you in.
Re:What the Internet needs: (Score:4, Interesting)
I agree with you, and these morons are missing the point. The email protocol is fucked, millions could be saved if we moved to something new. And it is no secret that MS and a few other major companies could have the power to do it.
Anyways, I gave you a few extra points. The question should be how. And, how on earth can we enforce the destruction of today's email protocol while introducing another? How can we even stop spam with a new one?
Re:Reverse spam really isn't that new... (Score:3, Interesting)
Have any other people that manage a domain run into this problem?
Re:Reverse spam really isn't that new... (Score:2, Interesting)
The sad thing is, some of 'em refuse to believe us about what's really happening even after we spend 20 minutes explaining it to them...and others insist that we have to stop whoever is doing it immediatly...
DennyK
Re:Reverse spam really isn't that new... (Score:4, Interesting)
The easiest way of me getting data (Word docs, code, etc) to and from a place of business where I'm freelancing and my home is by emailing the files from one web-based email address to that same email address.
Because the data is being sent from and to the same server, there's no chance that the email won't be delivered. So, you know that (barring a major server or internet breakdown) your data will be there waiting for you at the other end - no need to carry around any media at all.
It can even be made practically secure - just zip up your files and attach a password to the transmitted zip file.
Also, should you get side-tracked and not make it home (eg, if you get lucky and score, despite being a geek) then you don't have to worry about carting around a floppy disk or CD-R all day, or worry about losing it (leaving it at her place).
Temporary online storage like this works wonders.
Operate an 'ANTI' website and see what happens (Score:3, Interesting)
Someone who does not like the idea of my operation of a website critical
of our company forges e-mails with my E-mail Address.
Instead of porn or spam this person includes Virus files.
Same said person also sends me 2 or 3 Klez infected e-mails everyday.
Yet Another Forged Email (not SPAM!) Solution (Score:5, Interesting)
First, inplement some SSL or other public/private key crypto into the server software.
When sending server A contacts server B, authenication is attempted. If B as yet does not trust server A (no public key yet on file), then the message is simply marked as questionable (or, say on the SpamAssassin point scale , give it 5 points). A failed authenication attempt should be marked a bit more. A successful authenication would not be marked. Otherwise, the message continues through with the usual routing.
Then you need to set up a way to give public keys between mail servers. I'd start with having the major ISPs talk to either such that MSN has AOL's key, AOL has MSN's key, etc. Basically anyone that acts as a major pipeline provider with mail servers needs to be involved in this step.
Then you get those ISPs and net providers to work at their customers; second tier network providers need to let their ISPs know of their server public keys, and same with business and residental customers with their ISPs. At this point there would need to be some careful authenication checks by the ISPs to watch for spoofers, as this is part of the Web of Trust.
Now, the idea is that if you want to make sure that your message from your email server reaches the reciever without being flagged, you just have to make sure the email goes along the path that you know is Trusted. So your email goes from your server to your ISP, where your ISP should now trust your server; from your ISP to the receiver's ISP, again with Trust, then from reciever ISP's server to the reciever's personal server, again with Trust. Everything authenticated, so the reciever should be able to trust everything in the headers.
Now say you haven't yet gotten the Trust of your ISP's server; then when you send, there's a mark on it from the lack of trust of your email server to the ISP server. The rest of the transport changes nothing, but the reciever will be able to notice the mark and can assume that there's some question to it. Or say that you send from your email server directly to the reciever ISP's server (removing your ISP's server); again there's no trust between you and the reciever ISP's server, so your message gets another mark. (That's how one can deal with 'rogue' email clients).
Another possiblity is that mail servers can apply different scores if the sending server is already on a blacklist, is otherwise unknown, or on the whitelist of public keys. This would make mail from blacklisted servers get huge marks against it.
Over time, an ISP or other organization can tally the Trust levels from various ISPs and see if a lot of untrustful message fall through. If that happens, they can simply remove/disable the public key of the ISP that is sending them. This won't stop the mail from going through, but it will start flagging everything as being untrustful. Presumably there would be some way to the ISP at fault to know that this happened, and can take steps; maybe they can look at their logs and see that a mail server upstream of them is sending too many untrusted messages, and then they can disable that public key, and letting the original ISP know that they've dealt with the issue such that the original disabling is removed. This is how one can deal with ISPs that are "spam havens".
At some point with the Web of Trust fully in place, email servers can then start blocking messages that lack sufficient trust, or basically scored too high already. While this point can be a problematic step in the question of free speech and false negatives (blocked legit messages), if the Web of Trust is given fully enough time to develop before this blocking begins, I'm pretty sure that you'd find no false negatives from this method.
Since someone with forged headers are most likely going to be either using their own email server, and/or using open relays on the net, it would be expected that these servers would never be trusted by the ISP that hosts them (much less other ISPs), the server operator would never try to establish any trust with an ISP, or that no ISP would ever want to trust these email servers, thus leading to effectly 'ignoring' of these servers.
Key here is that besides putting such software in place, it's a system that can be used to gracefully implement the Web of Trust instead of a cold-turkey approach (that is, maybe initially untrusted messages get only low points against them, but once the web's in place, that point value goes up). It's adaptable when new "spam havens" are found, or ex-"spam havens" take steps to reduce their problems. And it would seem to me (though I do not consider myself a guru on network problems or the email protocol) a simple thing to modify the existing email clients to handle this new function cleanly. Most importantly, it would be necessary to get word of these Web of Trust servers into the sysadmin world such that it can be implemented in a rather short period of time as to get the fully functioning Web in place.
My Long Life: 500 bounces? try 200,000 and growing (Score:3, Interesting)
The website being advertised is the same (penis enlargment), and the IP remains the same (always www.fundamentalbusiness.net, served from China). At present, they're using http://www.fundamentalbusiness.net/x2/index.html [fundamentalbusiness.net] (/. away).
I have a done the following:
1) The company is a fraud (says I), geared to collect credit cards for fraudulent purposes. The name registration was done with a US company, and the contact information on the reg. is all fraudulent (bizarrely, it is only a few miles from my home). I emailed the registration company, pointing out that they probably were paid with a fraudulent credit card number, and so should "shut off" the name registration. No response. 2) The original website (since changed) had an actual address with phone numbers. Reverse lookup showed that the phone number is a land-line, and so likely leads to a real person (it could have been a cell-phone, which could be a person anywhere in the world, or to a non-existent phone). Phone calls gave a non-committal vmail service, and messages left were unanswered. 3) The website and emails are being served from a Chinese IP. Didn't even bother trying to contact.
Legal approaches: A) The original phone number/address on the website (no longer there) lead to Florida, which has no anti-spam laws. B) I live in California, which claims a $50/spam law. However, see below. C) I contacted two attorneys -- one (it turned out) who I knew personally, and found that to pursue a claim would require $15K-$20K retainer, which is substantially greater than real damages (and more cash than I have to sink into a speculative legal wrangle). The second attorney said the same, AND that even though I live in CA, the $50/spam law would only pay to an ISP (yahoo). N.B. the above was not told to me as a client, and did not constitute legal advice (i.e. could be wrong). C) Several email contacts to yahoo.com went unanswered. D) Complaint has been filed with the California Attorney General, with no response.
Solutions: A) My (apple) mail tool now has about 8 rules which sort out nearly all the bounces. Exceptions include bounces which have chinese subjects (can't translate, and the From keeps changing). B) Wait. Hope. Pray.
Why not just abandon my email address? Because it is my last name, registered at yahoo.com like 2 weeks after yahoo started in 1992 (or so). It's a damn cool address and I want to keep it!
Re:Most users too clueless... (Score:4, Interesting)
I figure it isn't my space so I'll let Earthlink deal with it. They're probably the ones who sold me out in the first place.
Re:Reverse spam really isn't that new... (Score:5, Interesting)
More often than you might think. This is how a lot of mail systems support people like me who like to keep a copy of everything they have sent.
I do wish that more of the spam filtering people would take notice of these tactics however. Quite a few of the more clueless ones have all sorts of hack-back features that can end up slamming innocent people.
The only unusual thing in this case is that it was porn. The porn senders tend to be rather more discrete than most since they know that if there is an FBI type investigation they are sure to make examples of porno senders first. This tactic tends to be more common amongst the con-artists that the FBI are completely uninterested in prosecuting.
One of the big problems is that there is no agency that has an analogous operation to the mail-inspectors role in the post office. In theory this is wire fraud but the wire fraud investigators tend to be busy dealing with cases with a few really big transactions. They are much less interested in a case where the amounts are $30 or so, even though the totals might be millions.
Re:Reverse spam really isn't that new... (Score:5, Interesting)
But that isn't the most disgusting part about it. All the bounced addresses were coming from one particular domain, which happens to be the domain my parents are on so I really don't want my email address blacklisted from their servers. Nor do I want my account closed by Yahoo, as I've had the account for a long time. Since I don't want this, and I hate spam as much as the next guy, I decided that I should send that domain owner's operators, which happen to be an ISP, an email message explaining what was going on and that if they could retrieve the headers from my message they'd have another relay they should add to their list to block.
On to the disgusting part. I get a message back telling me that I have a virus. A virus of all things, sending spam, to alphabetical lists of people on a single domain. Right. I try again, explaining the situation in detail so they can see what's going on. I include the bounce message, etc. They tell me they'll take care of it in that sort of message you know means they'll delete any correspondence we've had to this point and ignore it. Luckily enough I haven't gotten any more such signs that my email address is being forged, but I'm still put out that the people who should care, because it's their bandwidth and customers, first insulted me and then told me in so many words to bugger off.
Happened to my Sweetie Two Weeks Ago (Score:4, Interesting)
My sweetie got Joe-Jobbed a couple of weeks ago. 20K bounces over the course of the day. Thankfully, the payload of the spam was only two lines of text, containing a URL to a (non-existent) pr0n site. So the bounce messages were comparatively short. A cursory look at the headers in the bounces suggested that the attacker -- 'spammer' is too genteel a term for this -- was using a constellation of open relays to spread the stuff.
She came into my office, saying, "Make it stop!" Sadly, there turns out to be little one can do to stop it. The emails were coming from thousands of different legitimate sites, all serving a legitimate bounce to an illegitimate spam. It was very distressing for her. Fortunately, the attack stopped, and things settled down after about 24 hours.
I wrote up the experience [kuro5hin.org] on Kuro5hin. Feel free to have a look.
Schwab
Happened to me (Score:3, Interesting)
Unfortunately, posting to /. can generate spam.... (Score:5, Interesting)
I submitted an article to
Less than two hours later, I started getting weird email, complete with
I haven't received any today at that address but I'm still kicking myself. Moral: spammers hoover slashdot, so don't post your email here, ever.
Story two: For almost five years I had the email bruce@altavista.net. In November, I got mail from Mail.com stating that the Altavista.net domain was being closed down and they were replacing my long-used address to something like bruce@way-cool-dude.com. Um, no thanks I said, I use this account for business and that doesn't work for me.
Ok, they said, how about we reactivate bruce@mail.com and you can have that? "Hmm, neat addy, easy to remember," so I agreed. They activated it on a Monday night.
Tuesday morning I woke up to more than 400 mails. Maybe 20% were typical Hotmail "make your penis so big you need a hose reel" spams but a full 80% were Joe jobs: spammers who had used that address as a reply-to. I knew I was going to shut it down but I watched it for three days just to see.
Total Joe job spams, almost four thousand (in three days) before I had them cut the damn thing off. Said fuck it, and bought a domain for business mail, and ended that adventure.
Someone oughta make a law.....
Re:I hear ya! (Score:2, Interesting)
at least my nic is thought provoking (unless that isn't your sort of thing
It's about ADVERTISING (Score:3, Interesting)
The message almost certainly contained some sort of serial-numbered link to the spammer's web site. That way if your serial number shows up in their web server's log, they know that you've opened their message.
Doesn't sound like a big win for them... until you know that advertising is big business. By proving that you opened the message, they can claim that their spam will make one more "impression". Initially, they'll want to do a little profiling because audiences "targeted" by interest areas can be sold for higher rates, something like [US]$10 per 1000 impressions in general and up around [US]$20 or more for 1000 targeted impressions.
Once you've opened one of those dumb spams with a mail client that will load images from HTML IMG tags, you become part of the "audience" which that spammer can sell to advertising clients.
And by the way... five hundred e-mails is nothing compared to the number of hits the spammer probably got back.
My 2 cents. (Score:2, Interesting)
ISPs and mail providers following these recommendations can prevent most illegitimate spam(forged headers, open relays), and completely prevent what happened here. Unfortunately, large providers cannot follow these recommendations, due to the large volume of legitimate mail that gets blocked from systems with ignorant admins. The former ISP I worked for decided to implement some of the measures in RFC 2505 and began verifying PTR records (reverse DNS)....I never had to take so many calls from pissed customers not recieving their mail. I was threatened by an admin US Department of Education, who, in a most impolite fashion told me to fix our problem(we don't need no stinkin PTR records).....not to mention the University of Texas, Texaco, and so on. Soon the ISP relented, the spam came flooding back in and we were back where we started. I don't see the need for a new system.....just better admins.
Re:Spam needs a technical solution. (Score:3, Interesting)
it would require that a hash be made based on the content of the message and that checksum be the message ID. so you could only fuck with messages that you know the explicit content of....
Re:er, get a better email client (Score:3, Interesting)
Almost the only thing you can't change is the Recieved-By: headers. All the ones from your own mailer to the open relay (usually just two hops) will be correct, and even when spammers add their own fake ones it's trivial to follow the chain back to where it 'breaks'.. The spammer's real IP address is usually the first (from the bottom) IP in the chain that doesn't answer an SMTP connection, and usually it's also the first one where the hostname and IP don't match.
Re:Reverse spam really isn't that new... (Score:5, Interesting)
Reverse spam (Score:2, Interesting)
By now i got the conclusion that Sylpheed and Evolution dont sign the same way.
Whatever, its useful
This happened to my girlfriend too (Score:5, Interesting)
Instead of writing a witty retort on a website though, I took care of it the way everyone else should from now on: (READ THIS) I looked up the registration info on the website that was being advertised in the spam....luckily it was a US registrant.
I then immediately called the technical contact listed for that company. After a few tries, I managed to get him to answer the phone. I told him politely but firmly that whomever he had hired to advertise his website/product was using questionably legal and certainly unethical tactics to do so and was making a lot more enemies than customers. He seemed genuinely upset that this was going on and gladly gave up the name, address, email address, and telephone number of the spam-mercenary he had hired. I called the spammer and left a voice mail telling him I hope he didn't really enjoy his email address or phone number a whole lot and proceeded to sign up for any and every mass marketing, porn, magazine subscription, and telemarketing form I could find.
Sometimes the operator of the website is the one doing the spamming, and if this were the case I would have chewed him a new one when I talked to him. Either way, you'll get a pretty good idea of where the spam is coming from if you just call the webmaster for the advertised site. I've been saying for years that this is how they need to enforce spam legislation....bring charges against the website operator rather than trying to track down the spammer. No customers to spam for, the spammers will dry up and blow away. Legally, it makes sense...if you hire someone to kill a person for you, you're legally culpable...so hiring someone to spam for you should get you into trouble as well. Make the first offense a "warning" in case they hired a marketing company and didn't know they were spammers. A slap on the wrist and warnings of heavy fines for future infractions will most certainly make them choose more wisely when picking a marketing company.