DSLReports Study: 8 Hours 'til the Spam Hits

Masem writes: "In a rather interesting study at DSLReports, it was observed that email addresses published on a web site recieved spam within 8 hours of being posted, showing how aggressive the harvesters are working. In particular, a special link was set up on the main page that by following the link, the site generated an email address that was trackable to the IP that called the link, and not published anywhere else at any time. In the specific case, in only 8 hours after the email address was created, it had recieved spam; since that time about 9 months ago, it's gotten around 100 pieces. Given the time and source of most of the emails, the authors believe that they've simply got someone at one end of a home broadband pipeline using open relay mail servers, and most likely being paid to redistribute spam on the email addresses they harvest."

Vigilante Justice

[Alban Caradoc]

...would be for their ISP to go thru their logs and tell you the subscriber name and address of the offending little turd and kick their door in within 10 hours ;)

That's nothing...

[gUmbi]

What's the average length of time between a slashdot posting and the subsequent DoS attack on the linked site?

Jason.

Spammed by the best

[reparteeist]

Damn that Bernard Shifman! Will he never learn?

This + Giant laser of death

[Qwerpafw]

The solution to spam is that Giant laser of death the airforce just got. Tie it to the email system, so once a spammer is identified, they become toast. Literally.

Sheesh, though, I hate spam. I get like 10 spam a day at my real email address, which people only can discover by talking to me (I don't post it or give it out for obvious reasons).

Maybe some kind of bulk-email tax could be imposed.... Even though I am firmly against internet tax, I think making the spammers pay for the mail (ala-junk mail via postal system) is the only solution.

telemarketers

[Beowulf_Boy]

I rarely ever got telemarketing calls.
Last week I applied for a telemarketing job.
Within hours I started getting calls, and I've gotten 5 a day since.

Re:To Spammer, please Harvest these addresses:

[TRoLLaXeR]

Years ago, I had been using bob@bob.com as a generic email address to enter whenever I feared receiving spam. As I recently discovered, there really is a bob@bob.com. (The address was formerly owned by someone at Microsoft, if I recall correctly.)

I'm sorry, Bob. So very, very sorry.

Re:To Spammer, please Harvest these addresses:

[Roundeye]

I always use real addresses, just those of the people I think more likely to be interested in cheap Viagra, weight loss, and 12-year old girls:
hotline@mpaa.org and cdreward@riaa.org.

Have some fun

[nodrip]

Make their lists worthless. Compile this, run it, and put the result up on your favorite web site. Hide a link to it in your pages. Also add a disalow in your robots.txt so Google doesn't waste time on it.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <math.h>

#define MAX_DOMAINS 8

static char * domains[MAX_DOMAINS] =
{
"com", "edu", "biz", "net", "gov", "it", "ru", "info"
};

int getRandomLength( void )
{
float val = (float)rand();
val = val / RAND_MAX;
val = val * 20;
return (int)val;
}

char getRandomChar( void )
{
float val = (float)rand();
val = val / RAND_MAX;
val = val * 26;
return (char)( ((int)val) + 0x61 );
}

int main(int argc, char* argv[])
{
char c;
char buf[1000];
FILE * fp;
int accountLength;
int subDomainLength;
int bufIndex;
int i, g;

int gencount = atoi( argv[1] );

printf( "Generating %i accounts.\n", gencount );

fp = fopen( "emaillist.html", "w" );

if ( fp == 0 ) return 0;

for ( int dcount = 0; dcount < MAX_DOMAINS; dcount++ ) {

g = gencount;

while ( g > 0 ) {

memset( buf, 0, sizeof( buf ) );
bufIndex = 0;

accountLength = getRandomLength();
subDomainLength = getRandomLength();

for ( i = 0; i <= accountLength; i++ ) {
c = getRandomChar();
buf[bufIndex] = c;
bufIndex++;
}

buf[bufIndex] = '@';
bufIndex++;

for ( i = 0; i <= subDomainLength; i++ ) {
c = getRandomChar();
buf[bufIndex] = c;
bufIndex++;
}

buf[bufIndex] = '.';
bufIndex++;

strcat( &buf[bufIndex], domains[dcount] );

fprintf( fp, "%s ", buf );

g--;
}
}

fclose( fp );

return 0;
}

Why not....

[malkman]

I think we could combine the technologies outlined in the article below this (laser of death) with the problems in this article (spammers)! Think of the possibilities!

One guy?

[blair1q]

One guy is the source of all the spam on the Internet?

I say we've found a perfect target for testing that AC-130 Death Ray.

--Blair