Forgot your password?
typodupeerror
Spam

The Story of "Nadine" 270

Posted by timothy
from the not-a-porn-story dept.
Guinnessy writes: "We've all accidentally typed in a wrong email address sooner or later. But can it all go horribly wrong? On http://www.spamresource.com there is the story of Nadine, an account of what happened after an Internet user accidentally gave a wrong email address when she visited a web page and signed up for a sweepstakes. Live in fear...."
This discussion has been archived. No new comments can be posted.

The Story of "Nadine"

Comments Filter:
  • Old News (Score:3, Informative)

    by netfox39 (572148) on Thursday May 09, 2002 @05:32PM (#3493274) Homepage
    http://www.honet.com/nadine/
    • ./ effect. Here [216.239.33.100] is the google cache.
    • The other link seems to be in the process of being slashdotted, especially since it referrs to the link given in the posting as having "greater bandwith"
    • /. server part 1 (Score:2, Informative)

      Nadine -- The Story Begins Once upon a time, there was a senior citizen in one of the Southeastern United States who was apparently confused about what her email address was. Because I have no desire to cause this lady the slightest inconvenience, I will call her "Nadine", which is not her real name. I'm also going to change her surname to "Smith", which is likewise false. (NOTE: Because I have no desire to avoid inconveniencing any of the other players in this tale, hers is the only identity that has been altered in any way.) On or about the second day of March in the year 2000, Nadine visited a web site belonging to an outfit called delivere.com. While there she apparently entered a sweepstakes, gave delivere.com some personal information and (I presume) agreed to receive email advertisements from various parties from time to time. The email address she gave them consisted of her first name and the domain honet.com. What the actual email address should have been is something about which I can only speculate. To confirm (to Nadine) that she had signed up, delivere.com sent a message to nadine@honet.com. (This was the First Big Mistake: the message should have asked the real owner of "nadine@honet.com" to confirm that the sign-up was genuine.) A semi-automated process at honet.com noticed the message and sent a "No such user" message to the appropriate addresses (at least one of which was bogus). Normally, that is all it takes to stop any further traffic. Such was not to be the case here, however.
      • More Stuff Arrives Nothing more came in for about two weeks. When the first real advertising payload arrived it went into the "bad message" sump and it was several days before I had enough spare time to deal with the accumulated sludge. Since this was just one of dozens of bogus accounts that receive occasional messages, I made a note of the "nadine" name and archived the message with the intent to take further action if the traffic volume climbed. Which it did. Harris Polls Nadine began to receive messages from other entities. Harris Polls sent their first blast about two weeks later, and swiftly became the most prolific sender. After a few of these arrived, I followed the "how did you end up on our list" link and determined that Harris had apparently obtained Nadine's information from delivere/matchlogic. Now there was a breathtaking surprise. Harris ignored the "no such user" notice, so after the first four messages I dropped them into the mail server's deny list, where they remained for a number of months. Despite the fact that every message to nadine@honet elicited a "553 domain tesp.com does not accept mail from HARRISPOLLONLINE.COM" response, they were still pounding away months later, when I removed the block in order to collect evidence for some legal proceedings that were under way. Harris continued to send Nadine several messages per month until 9 August 2001, when the stream unaccountably stopped. In all, 79 messages were received, in addition to the ones that were rejected during the four months when Harris were in the local deny list. Update: on 23-Jan-2002 a request to confirm arrived, indicating the start of yet another round. Perhaps this time they have instituted real confirmation procedures, and nothing more will arrive. 01-Feb-2002: Apparently no answer doesn't mean a "NO" answer. Is this what is meant by "double opt out"? Ourhouse.com Ourhouse.com hired enlist.com to send Nadine a message. A second one, identical to the first, arrived the next day. Perhaps Ourhouse.com changed their minds about this method of advertising, because Nadine never heard from them again. Webstakes.com Next to step up to the plate were webstakes.com/idialog.com. They sent a total of five messages, each one entirely HTML, one each in May, July and August, and then two in September. Perhaps they were convinced that Nadine would never use a simple text email client, or they just didn't mind making the recipient wade through crufty HTML to get to the exceedingly valuable content. SmarterKids.com smarterkids.com was another one-shot wonder, sent by enlist.com. AT&T Only one message was sent (by enlist.com) directly on behalf of AT&T. A few others during the later deluge mentioned AT&T or associated products. Next: Question: Why send mail to somebody who doesn't exist?
        • /. server part 3 (Score:1, Informative)

          Question: Why send mail to somebody who doesn't exist?

          The spam from enlist.com for AT&T finally caused me to do some research. Visiting the enlist.com web site, I found what seemed like an appropriate person to contact, and sent this official-looking message, complete with ticket number and RBL references. Naturally I had some hope that a [possibly fruitful] discussion might ensue.

          Once again my hopes were shown to be unrealistic.

          Answer: We Believe In You, Even If You Don't.

          Some readers might not be astonished by what followed, but I was. In the surreal reply that arrived the next day, the "ePrivacy Coordinator" at
          247Media revealed personal information about a subscriber to a complete stranger. The details included full name, complete address with 9-digit ZIP code, and date of birth.

          Fortunately, 247Media are "members of both TRUSTe and the Direct Marketing Association" and "strictly adhere to the privacy guidelines they provide". One can only speculate about what horrifying breaches of confidence might have occurred had this not been the case. Also a note of encouragement was the "exclude from future mailings from our partners" promise. As we shall see, alas, that was as empty as the promise of privacy.

          Always ready to grab for the last word in any debate, no matter how one-sided, with some asperity I offered a rejoinder.
          • /. server part 4 (Score:1, Informative)

            It's Worthless, But We'll Sell It Anyway.

            There was a bit of a lull in the non-Harris onslaught until September 2000, when Home Shopping Network decided to join the party. Note that they obtained Nadine's information just over one month after Nadine had been assured that it would take three to five days to make certain that she would not receive any further mailing from 247Media's "partners". HSN apparently was prepared for this, as the end of their message suggests that opting out of their blasts is not as easy as one would hope. Until their last blast on 14 December 2001 they averaged one message every seven to ten days. Update: on 21-Mar-2002 HSN reappeared. Perhaps we will soon have some idea how effective the bounce processing is at 4at1.com.

            Our breathless wait for new material was prolonged until October, when enlist found another sterling client, viz. thirdvoice. Nothing has been heard from them before or since.

            In November, it was Hewlett Packard who elected to become the next object of derision. They likewise appear to have chosen other advertising channels.

            The parade of one-time enlist.com clients continued with half.com, enews.com and finally SimplyHealth.com. After that, enlist.com sank beneath the waves. The last mention of enlist, matchlogic or delivere came in April, 2001, in a couple of bleats from peopliknow.com, who share a ZIP code with them.

            Then things took a darker turn.
            • /. server part 5 (Score:1, Informative)

              The Post-delivere/MatchLogic Late Comers: New Hogs At the Trough How the list[s] containing Nadine's supposed email address propagated from here on is a matter of conjecture. None of the items received from this point on mention any of the original culprits. It may be that financial challenges accompanying the general bursting of the net.fantasyland bubble caused fire sales of various magnitudes. Ombramarketing.com First amongst the new gathering shadows was Ombra Marketing Corp., who began to bombard Nadine with a variety of offers on 18 April, 2001. They sent an average of four blasts per month. They are currently in the local deny lists, and are discussed in a number of other areas of the World Wide Web, for example here. itsImazing: Is It a Threat or Merely a Menace? Cometh now the "itsImazing.com Network" by and through its first spewer, (apparently) ted2.net. Especially touching are the parts that thank Nadine for "registering at www.mindsetinteractive.com", proclaiming that these valuable messages will only infest the mailboxes of those "...who have specifically requested or agreed to receive our special offers...". Who can imagine the spewage that might occur should the senders be minded to send their stuff to just any old address? (NOTE: on 13 December 2001 I personally began receiving itsImazing spew from etoll.net, directed to an address used only for registering Palm Pilot software. Time to update the deny list.) Rumors on various anti-spam forums were that the "ted2" operation encountered some difficulties in maintaining its network connectivity. This is plausible, because subsequent detritus has issued from m-ul.com and TargitMail (see below). We did get one subsequent delivery attempt from ted2.net on 21 December 2001. m-ul.com are currently in the local block list, but these stout-hearted troupers were not dismayed by this minor contretemps -- until 16-Jan-2002 they continued to exhibit earnest hope that eventually I would let them back in to molest Nadine. Hah. Meanwhile, the itsImazing menagerie continues to expand, with coopt.com making its long-expected arrival on 23 December 2001. itsImazing appears also to have attempted to sneak in on 27 December 2001 through the facilities of virtumundo.com. On 17 Jan 2002, PO-1.COM began their spew on behalf of itsImazing. On 20-Feb-2002 Nadine heard from gossipflash.com. Oh joy. Yet another threat of more "exciting promotional offers". Without a helpful local deny list, Nadine would be receiving several itsImazing announcements per day. Imazingly prolific and persistent folks. The Grouplotto Flood On the same day as the first itsImazing blast came not one but two vital messages from "Grouplotto", sent from networkpromotion.com. This was just the nose of the camel, as more than thirty messages containing the string "grouplotto" arrived between that date and 12 December 2001. (This does not take into account the ones that would have arrived had the senders not been blocked.) Grouplotto are apparently more resourceful than some of the other contenders, since they appear to share their databases amongst an agglomeration of senders with diverse offerings (although itsImazing definitely gives them some crushing competition here). Senders and product types identified so far include: networkpromotion.com -- Gambling (what else?) and a special product (see below). etracks.com -- Consumer products (phones, Motorola Talkabout radios, VISA cards, satellite TV systems, digital camera [oops, that's a premium for switching long distance service], a sports wagering system, foreclosed merchandise, DVDs from Columbia House, and a "Start A Profitable Home Business and Become Rich Using the Internet" opportunity that would have been hard to pass up. And one additional product, also sent from networkpromotion, which deserves its own separate section below. ProcessRequest.com -- only one from them got through before they were chucked into the deny list: an offer for the American Express(R) Platinum Cash Rebate Card. They made two more tries on 12 December 2001, then nothing more arrived until 10 February 2002, when the envelope sender was "reedscienc@ProcessRequest.com". All of the senders above are in the local deny list, so there may be other valuable commodities on offer that Nadine will never hear about, at least not from the Grouplotto Borg. etracks.com made multiple tries nearly every day until 13-Feb-2002. networkpromotion.com tried a little less frequently and apparently gave up after 26-Jan-2002. Miss Cleo's Psychic Insight Blows a Fuse The GroupLotto product singled out for special treatment was a series of breathlessly vital disclosures from Miss Cleo. She Who Knows All was so convinced of Nadine's existence that she took the trouble to send a personal note. A short time later, apparently unfazed by the lack of response, Miss Cleo sent another enticing missive. Perhaps the puzzling lack of response (should we assume that psychics can be puzzled?) led Miss Cleo to send a poorly formatted rerun of Message Two, this time through networkpromotion.com rather than etracks.com. Who can fathom the mysterious ways of the Gifted? Gumshoes in Florida, perhaps? TargitMail (GTMI, Walt Rines) Here we have a true relic of the rip-roaring early days of unsolicited broadcast email. I will make no comments, other than to suggest that the reader who wants to know more may submit the strings "Walt Rines", "IEMMC" and "picklejar" to www.google.com and especially to Google's Usenet Newsgroup search engine, looking in the news.admin.net-abuse.* groups. TargitMail began sending itsImazing stuff from various tm0[digit].net addresses on 28 November 2001, beginning with tm03.net. They subsequently have sent from tm01.net, tm02.com and tm04.com as well. All of these domains are in the deny list. They made their last successful delivery on 09 Jan 2002 with a nice itsImazing offer of great deals from Fingerhut, sent from the heretofore-not-blocked tm02.com. They were last seen in the server logs on 09 Feb 2002. customoffers.com As uninvited spewers go, customoffers.com is pretty unremarkable. They first showed up on 9 November 2001 and managed to blap in 17 messages before I finally blocked them. Like most of the others, however, being rejected with a "553 Depart Ye Cursed Spammers" message initially did not impress their infrastructure. They appeared to have given up after 22 Dec 2001, but then something arrived from the Scott Hirsch operation claiming to be an advertisement for stuff from Sears. em5000.com, em5000.net On 28 November 2001 em5000.com began sending touts for ImazingOffers, winfreestuff, ItsAllAboutGreatOffers, Chase Manhattan Bank, gambling and college scholarships. Five messages in three days caused them immediate admission to the elite ranks of the blocked. There is reason to believe that this was not the only list they have ended up in, as they changed IP blocks and reappeared as em5000.net, managing to slip two more in on 12 December before I noticed and updated their listing. Like so many others, they tried frequently for quite a spell. 02-Feb-2002: They are now using a new envelope sender, jdrmedia1.net 11-Feb-2002: This time they have decided to abandon even the pretense of using a valid envelope sender, and claim to be something "@bounce.37.121.144". This would appear to be a seriously dim move, given the number of systems that now refuse mail from an invalid envelope sender. But then, the whole operation seems to be characterised by a significant lack of wattage. intervolved.net This player sent the usual "thanks for signing up with us" note in late November, 2001. I am personally fascinated by the "if you don't opt out, you have agreed to our terms" bit. I'm also somewhat intrigued by their "This message is not intended for anybody living in a state that has an anti-spam law" clause. What do you suppose that means? They went into the bozo bin after the third blast on 04 Dec 2001 and were last heard from on 06 Feb 2002. ixs1.net, ixs2.net Before joining the Chorus of the Banned, this domain pair sent Nadine four "winfreestuff.com" adverts, beginning with this one, in which the senders claim that Nadine visited their web site and entered a sweepstakes. I suppose it is indeed possible that the real "Nadine" was still giving out the same wrong email address 613 days after committing the first error. Personally, I have confidence that she would by this time have noticed that nobody ever responded (at least not in a way that she could observe). After a long hiatus, they made another attempt on 11-Jan-2002. ROI1.NET (Img Direct) Their first one is a keeper: entirely HTML, work-from-home opportunity, web tracking bugs. Plucky though blocked, they kept trying until 11 Feb 2002. oii1.net, oi2.net, oihost.net (Optin Inc) The first piece is an IMPORTANT NOTICE reminding Nadine that "per our TOS (Terms of Service), you wisely agreed to receive third party promotions from our network's preferred affiliates". I was so overawed by a mention of Terms of Service from this well-known Florida operation that I somehow managed to leave the web bug in while trimming the HTML portion. A few days later, two copies of a "Confirmation" arrived, identical except that the second one fails to mention "Custom Offers". Perhaps I was too hasty in blocking customoffers.com and missed all of the valuable information about Nadine's voluntary subscription to this wonderful service. Life has its unexpected setbacks. sendoutmail.com Nadine received one message and a couple of subsequent blocked delivery attempts originating from this domain. A responsible party from this domain has contacted me personally, and I have responded to his request for the details of the messages sent to Nadine. Being convinced that sendoutmail.com is making a determined effort to adopt the most effective list management practices, I have removed the IP and envelope sender blocks against sendoutmail.com. topica.com This message was surprising and profoundly disappointing. I had been led to believe that topica.com were rather strict in their list verification standards. If they would like help in diagnosing the point of failure, I'll be happy to assist. Unfortunately they were still trying to deliver email as of 14- Feb-2002, despite numerous rejections (and several visits to this page from topica's corporate IP space). DM360.com The list is sold yet again. On 19 December comes an advert apparently for REI sent by dm360.com on behalf of network60.com. Visiting the link, however, just gets you to www.freebieclub.com, with no obvious REI involvement. What a tangled web. This sender has made a sufficient number of subsequent attempts after being blocked to rate their own reject log page. Later on in the piece (30-Jan-2002), we find that their erstwhile client, network60.com, has decided to take things into their own hands and do their own polluting of the general netspace. (Or, perhaps, the two entities are really joined at the hip. Who can fathom these mysteries without buying a programme from a passing vendor?) Postmaster General (pm0.net) This sender's customer at least doesn't bother to try the "thanks for signing up at our web site" prevarication or the "you visited a 'marketing partner' and requested drivel" pretense. The lack of HTML is also a redeeming feature. pm0.net was added to the parade of unwelcome intruders, and they hammered away until 02-Jan-2002. I removed them from the deny list on 15-Jan-2002 after having a conversation with the Mindshare Design Standards & Practices people, who convinced me that changes are afoot at pm0. If this turns out to have been an incorrect impression, I will note it here. Bigfoot Interactive (bfi0.com) I've always been fascinated by a "this message is confidential -- don't do like we did and send it to a completely unrelated party" clause in email and FAX messages. What exactly does the sending party in this case have to hide, might one ask? Virtumundo.com / vmadmin.com Here is an organism that claims that somebody who doesn't exist went to a web site (the same one the itsImazing folks claim she visited) and gave permission for them to send bunches of advertising. What makes this all the more fascinating is that somebody from Virtumundo apparently visited us here a few hours before the spam started. Interesting news: Virtumundo has announced a lawsuit against two list vendors, including Mindset Interactive, who provided the list for the message discussed above. Scott Hirsch (edirect.com, offermail.net, eDirectNetwork, optin-offers.net) This submission arrived in the wee hours of 30 December 2001. These notes were originally slotted to appear in the "Spamming Scum" section, in view of eDirectNetwork's colorful history of adding unwilling participants to its list of targets for valuable offers. Upon reflection, I decided that eDirectNetwork meets many but not all of the criteria set forth there -- at least, not recently. So, eDirectNetwork joins the other Florida operations here in the slightly more prestigious "Hogs" section. The apparent proprietor, one Scott Hirsch, has been mentioned in the press from time to time. A brief Google search for this entity nets quite a bit of discussion of their, uh, methods. Those who want an example of the great care taken by this organization to verify that the recipients really want the advertising may observe eDirectNetwork spamming the abuse address here. As for offermail.net, you have to admire the earnest, honest sincerity of a firm that in its domain registration gives its business address as the White House and its telephone number as toll-free information. Spiffy folks, to be sure. (And not entirely on the mark when it comes to research. An Authoritative Source has sent me tidings to the effect that the White House ZIP is actually 20500.) I held off chucking offermail into the bozo bin because, I freely confess, I wanted to see what would happen next. I speculated that Scott might read this and spoil my fun. It has been several months since he has hit one of my personal addresses. However, on 03-Jan-2002 "what happens next" was not at all unusual as spam goes (although I do have to wonder whether the return-path account name is a bit spelling-challenged). So, I blocked offermail and waited to see: would they pay any attention to bou[n]ces? Nope. (But they did eventually fix Irma La Bouce). Then, on 09-Jan-2002, our dear comrades at CustomOffers apparently leaped into the hammock with our friends at eDirectNetwork and sent Nadine an important custom offer for Sears Custom Fit Windows. Shades of Diana Mey. And then, sent to the "Tagged by SPEWS" sump by an incorrect mail sorting filter, there is this gem, in which Scott urges Nadine to consider plastic surgery for breast augmentation. Time to bung eDirectNetwork into the deny list and give them their own rejection log. On 13 Jan 2002 another metamorphosis occurred, and stuff started arriving with an envelope sender of optin-offers.net. I was not particularly quick on the deny list entry update, and ol' Scott managed to slip in two more that afternoon. The first was a delightful Path to Sudden Wealth blandishment, which offers yet another Work From Home and Make Big Bux opportunity. The other one was sent apparently on behalf of Gevalia Coffee, who certainly should know better. PO-1.COM Yet another itsImazing tentacle put its suckers on the window on 17-Jan-2002, with threats of even more exciting offers soon to festoon the lonely inbox. Into the bin with them. Mediatrec Transmissions with an envelope sender of something@MEDIATREC.ROI1.NET were a regular occurrence here until they halted suddenly on 3 January 2002. Then on 19 January 2002 this mysterious piece arrives, with its peculiar "sorry to see you go" clause, but with links that appear to point strictly to an opt-out function. Curious to see what their list management practices might be, I visited their web page, signed up for their mailings and waited to see what would happen. A short time later this confirmation message arrived, inclining me to the belief that they do indeed practice safe mailing, at least as far as new subscribers at their own web site are concerned. Time will tell. 24-Jan-2002: What time tells us is that they don't practice safe mailing when purchased lists are involved, as they dropped this item in the hopper on behalf of VoiceStream Wireless. So, into the deny list they go. Bon voyage. The record of their rejected delivery attempts is here. 16-Mar-2002: They've been averaging more than one futile attempt per day for quite some time, sending from the myz.com IP block at 65.105.159.*. Perhaps others have blocked myz.com and/or the mediatrec.com envelope sender, and they needed to find something that would temporarily let them get through. Regardless of the reason, they are now sending from mediatreclists.net, from their own IP space. Since they dumped five days of pent-up traffic on Nadine this morning, it seems likely that they saw a high non-delivery rate with myz.com and needed to make up for lost time. Here is one for Full Access Medical, the subject of many a search-engine visit to this site. Those interested in an exclusive money- making program need go no further than here. Maybe a free cellphone? Fancy an unsecured credit card (of unspecified type and issuer)? DVDs from Columbia House? It's all here, whether you have the sense to ask for it or not (assuming that you exist at all, of course). So, into the Plonk-O-Matic with mediatreclists.net. DirectNet Advertising (dnadv.com, valudesk.com, valudesk1.com) These folks have enjoyed some popularity amongst those who receive and report spam. Nadine also received the "Free Chocolates" spam mentioned in some of those reports. In the non-HTML portion, they began their Nadine involvement with no attempt to explain how they came into possession of Nadine's address. Only if you browse down to the web-encumbered portion do you see the shift of blame to "valued marketing partners" and the typical threat to continue the bombardment if no opt-out action is taken. Before the opportunity arose to add this section to the story, somebody from a network address belonging to dnadv.com spent half an hour or so reading Our Saga. I hope they come back, now that they are a featured character. NETWORK60.COM On 30-Jan-2002 there comes a "Membership Confirmation for NADINE" from an already-familiar denizen of the swamp. We first encountered network60.com as an apparent client of DM360.COM. One is tempted to speculate about the tendency for apparent clients of spewers-for-hire to begin doing their own spewing, as is for example the case with Mediatrec and ROI1.NET. When the spewing for RadioStakes apparently began in earnest on 08-Feb-2002, the envelope sender "NETWORK60.COM" went into the bozo bin. Two-River.com (Harvest Marketing, GDTRFB.COM) On 16-Feb-2002 we first hear from the Two-River Co-op, formerly known as Prime Offers but calling itself Harvest Marketing in the domain registry. We receive the welcome assurance that "Two-River Co-op never sends unsolicited email", but are forced to ponder: if the commercial relationship is launched with such a transparently fraudulent statement, what sort of confidence shall we have in the worth of the commercial offers? Again on 15-Mar-2002 we see that things haven't changed much. And on 20-Mar-2002 it would appear that AOL needed some assistance with their sales programme, with a little help from dnadv.com, for reasons best known to those who best know reasons. Alas, it looks like it is time for the bin for Two-River Co-op. The envelope sender on the most recent atrocity was . River.com is apparently an unrelated domain in Colorado, whereas two-river.com is in New Hampshire and gdtrfb.com claims to be in New Jersey. Considering that the delivering server calls itself "two.river.com" when in fact it is listed as "jupiter.gdtrfb.com" by its own DNS server, and looking at the river.com web site one may perhaps be forgiven for exhibiting a modicum of doubt that river.com has any involvement with these misdeeds. And in fact my communication with the actual owner of river.com confirms that river.com has no connection with two-river.com and has not authorized them to use a river.com address or host name. mxsys.net (dandyoffers.com, youclickhere.net) on behalf of memolink.com, dreammates.com et al. Pretty ordinary. First a mailing for memolink.com, then another one that seems less than fully suited to the demographic information that DandyOffers presumably purchased along with a bogus email address. On 25-Feb-2002 there was another spam for Sonix Systems / AT&T. Since I'm getting spam from mxsys.net for the "imesh" list to another bogus address @honet.com, there's no obvious reason not to award mxsys.net a prime spot in the bin forthwith. And since they've persisted in knocking at the gates, let's give them their own reject log. sign2002.com The presence of links to www.opt-track.net in this piece suggests that sign2002.com is just a new disguise for the masters of opt-in-ness, Optin Inc. Regardless, it has the exceedingly tiresome mendacity "This message was not sent unsolicited. You are currently subscribed to the Open2Win mailing list". As if "you are subscribed" somehow transforms an unsolicited message to a nonexistent person into a legitimate, requested communication. Gag. Then again, I'm interested in whether the folks at discounts.com, who don't seem to be affiliated with anybody mentioned in this message, would approve of the apparent sender being "HotelDiscountCard@discounts.com". Hmm... staff@webmagic.com seems to be the place to knock. 27-Feb- 2002: Email from webmagic.com gives me the distinct impression that they aren't too happy with this use of their domain name. Imagine that. Meanwhile, on 26-Feb-2002 the next piece arrives, signaling that The Hour of The Bozo Bin has arrived for sign2002.com. Exactis As a proud carrier of the "Motel Six Discount Card" (or AARP membership, as it is sometimes called) I note that in this piece The Hartford makes some sensible use of the demographic information that somebody fraudulently sold them. Although they wisely chose exactis.com to send their advertisement for an AARP-branded insurance plan, all was not entirely well in this particular shot. For instance, the valuable quartz clock is not available in Nadine's home state (and apparently only in Nadine's home state). One would expect greater diligence from these professionals. Additionally, this message is the first one in ages to make an explicit reference to delivere.com. The HTML version of the payload attempts to retrieve an image from the server consumer.delivere.com, which is strange, since the name servers for delivere.com are unreachable (at least from any network to which I have access) and have been for quite some time. Odd. valoffers.com What can we say about this initial salvo (other than a minor carp about a missing ">" in the Message-ID)? Not much. We'll just have to wait for the inevitable Drizzle of Irresistible Offers. Which began to arrive on 19-Mar-2002, manifesting as Yet Another Free Cellphone Offer (YAFCO). Time for a new deny list entry. dartmail3.net On 22-Mar-2002 Nadine received a "privileged and confidential" offer of magazine subscriptions by Synapse Group Inc, from dartmail3.net, through flonetwork.com. tinglobal.com This is apparently an IMG Direct (optin-inc) operation. More information here. Sample here. The "strict Code of Ethics" bit is a hoot. jobsonline.com (emailoffersondemand, Toplander Corporation) One is tempted to speculate just who has demanded the email offers, of which Nadine received four in the three days that elapsed before the sender was carefully inserted into the deny list. Since three of them were very similar YAFCO advertisements -- two for AT&T Wireless, one for Voicestream -- on three successive days, the use of the phrase "this recurring mailing" was particularly apt. Sample here.
            • /. server part 5 (Score:1, Informative)

              The Post-delivere/MatchLogic Late Comers: New Hogs At the Trough

              How the list[s] containing Nadine's supposed email address propagated from here on is a matter of conjecture. None of the items received from this point on mention any of the original culprits. It may be that financial challenges accompanying the general bursting of the net.fantasyland bubble caused fire sales of various magnitudes.

              Ombramarketing.com

              First amongst the new gathering shadows was Ombra Marketing Corp., who began to bombard Nadine with a variety of offers on 18 April, 2001. They sent an average of four blasts per month. They are currently in the local deny lists, and are discussed in a number of other areas of the World Wide Web, for example here.

              itsImazing: Is It a Threat or Merely a Menace?

              Cometh now the "itsImazing.com Network" by and through its first spewer, (apparently) ted2.net. Especially touching are the parts that thank Nadine for "registering at www.mindsetinteractive.com", proclaiming that these valuable messages will only infest the mailboxes of those "...who have specifically requested or agreed to receive our special offers...". Who can imagine the spewage that might occur should the senders be minded to send their stuff to just any old address? (NOTE: on 13 December 2001 I personally began receiving itsImazing spew from etoll.net, directed to an address used only for registering Palm Pilot software. Time to update the deny list.)

              Rumors on various anti-spam forums were that the "ted2" operation encountered some difficulties in maintaining its network connectivity. This is plausible, because subsequent detritus has issued from m-ul.com and TargitMail (see below). We did get one subsequent delivery attempt from ted2.net on 21 December 2001.

              m-ul.com are currently in the local block list, but these stout-hearted troupers were not dismayed by this minor contretemps -- until 16-Jan-2002 they continued to exhibit earnest hope that eventually I would let them back in to molest Nadine.

              Hah.

              Meanwhile, the itsImazing menagerie continues to expand, with coopt.com making its long-expected arrival on 23 December 2001. itsImazing appears also to have attempted to sneak in on 27 December 2001 through the facilities of virtumundo.com. On 17 Jan 2002, PO-1.COM began their spew on behalf of itsImazing.

              On 20-Feb-2002 Nadine heard from gossipflash.com. Oh joy. Yet another threat of more "exciting promotional offers".

              Without a helpful local deny list, Nadine would be receiving several itsImazing announcements per day. Imazingly prolific and persistent folks.

              The Grouplotto Flood

              On the same day as the first itsImazing blast came not one but two vital messages from "Grouplotto", sent from networkpromotion.com. This was just the nose of the camel, as more than thirty messages containing the string "grouplotto" arrived between that date and 12 December 2001. (This does not take into account the ones that would have arrived had the senders not been blocked.)

              Grouplotto are apparently more resourceful than some of the other contenders, since they appear to share their databases amongst an agglomeration of senders with diverse offerings (although itsImazing definitely gives them some crushing competition here).

              Senders and product types identified so far include:

              networkpromotion.com -- Gambling (what else?) and a special product (see below).
              etracks.com -- Consumer products (phones, Motorola Talkabout radios, VISA cards, satellite TV systems, digital camera [oops, that's a premium for switching long distance service], a sports wagering system, foreclosed merchandise, DVDs from Columbia House, and a "Start A Profitable Home Business and Become Rich Using the Internet" opportunity that would have been hard to pass up. And one additional product, also sent from networkpromotion, which deserves its own separate section below.
              ProcessRequest.com -- only one from them got through before they were chucked into the deny list: an offer for the American Express(R) Platinum Cash Rebate Card. They made two more tries on 12 December 2001, then nothing more arrived until 10 February 2002, when the envelope sender was "reedscienc@ProcessRequest.com".

              All of the senders above are in the local deny list, so there may be other valuable commodities on offer that Nadine will never hear about, at least not from the Grouplotto Borg. etracks.com made multiple tries nearly every day until 13-Feb-2002. networkpromotion.com tried a little less frequently and apparently gave up after 26-Jan-2002.

              Miss Cleo's Psychic Insight Blows a Fuse

              The GroupLotto product singled out for special treatment was a series of breathlessly vital disclosures from Miss Cleo.

              She Who Knows All was so convinced of Nadine's existence that she took the trouble to send a personal note. A short time later, apparently unfazed by the lack of response, Miss Cleo sent another enticing missive.

              Perhaps the puzzling lack of response (should we assume that psychics can be puzzled?) led Miss Cleo to send a poorly formatted rerun of Message Two, this time through networkpromotion.com rather than etracks.com.

              Who can fathom the mysterious ways of the Gifted? Gumshoes in Florida, perhaps?

              TargitMail (GTMI, Walt Rines)

              Here we have a true relic of the rip-roaring early days of unsolicited broadcast email. I will make no comments, other than to suggest that the reader who wants to know more may submit the strings "Walt Rines", "IEMMC" and "picklejar" to www.google.com and especially to Google's Usenet Newsgroup search engine, looking in the news.admin.net-abuse.* groups.

              TargitMail began sending itsImazing stuff from various tm0[digit].net addresses on 28 November 2001, beginning with tm03.net. They subsequently have sent from tm01.net, tm02.com and tm04.com as well. All of these domains are in the deny list. They made their last successful delivery on 09 Jan 2002 with a nice itsImazing offer of great deals from Fingerhut, sent from the heretofore-not-blocked tm02.com. They were last seen in the server logs on 09 Feb 2002.

              customoffers.com

              As uninvited spewers go, customoffers.com is pretty unremarkable. They first showed up on 9 November 2001 and managed to blap in 17 messages before I finally blocked them. Like most of the others, however, being rejected with a "553 Depart Ye Cursed Spammers" message initially did not impress their infrastructure.

              They appeared to have given up after 22 Dec 2001, but then something arrived from the Scott Hirsch operation claiming to be an advertisement for stuff from Sears.

              em5000.com, em5000.net

              On 28 November 2001 em5000.com began sending touts for ImazingOffers, winfreestuff, ItsAllAboutGreatOffers, Chase Manhattan Bank, gambling and college scholarships. Five messages in three days caused them immediate admission to the elite ranks of the blocked.

              There is reason to believe that this was not the only list they have ended up in, as they changed IP blocks and reappeared as em5000.net, managing to slip two more in on 12 December before I noticed and updated their listing. Like so many others, they tried frequently for quite a spell.

              02-Feb-2002: They are now using a new envelope sender, jdrmedia1.net

              11-Feb-2002: This time they have decided to abandon even the pretense of using a valid envelope sender, and claim to be something "@bounce.37.121.144". This would appear to be a seriously dim move, given the number of systems that now refuse mail from an invalid envelope sender. But then, the whole operation seems to be characterised by a significant lack of wattage.

              intervolved.net

              This player sent the usual "thanks for signing up with us" note in late November, 2001. I am personally fascinated by the "if you don't opt out, you have agreed to our terms" bit. I'm also somewhat intrigued by their "This message is not intended for anybody living in a state that has an anti-spam law" clause. What do you suppose that means?

              They went into the bozo bin after the third blast on 04 Dec 2001 and were last heard from on 06 Feb 2002.

              ixs1.net, ixs2.net

              Before joining the Chorus of the Banned, this domain pair sent Nadine four "winfreestuff.com" adverts, beginning with this one, in which the senders claim that Nadine visited their web site and entered a sweepstakes.

              I suppose it is indeed possible that the real "Nadine" was still giving out the same wrong email address 613 days after committing the first error. Personally, I have confidence that she would by this time have noticed that nobody ever responded (at least not in a way that she could observe).

              After a long hiatus, they made another attempt on 11-Jan-2002.

              ROI1.NET (Img Direct)

              Their first one is a keeper: entirely HTML, work-from-home opportunity, web tracking bugs. Plucky though blocked, they kept trying until 11 Feb 2002.

              oii1.net, oi2.net, oihost.net (Optin Inc)

              The first piece is an IMPORTANT NOTICE reminding Nadine that "per our TOS (Terms of Service), you wisely agreed to receive third party promotions from our network's preferred affiliates". I was so overawed by a mention of Terms of Service from this well-known Florida operation that I somehow managed to leave the web bug in while trimming the HTML portion.

              A few days later, two copies of a "Confirmation" arrived, identical except that the second one fails to mention "Custom Offers". Perhaps I was too hasty in blocking customoffers.com and missed all of the valuable information about Nadine's voluntary subscription to this wonderful service. Life has its unexpected setbacks.

              sendoutmail.com

              Nadine received one message and a couple of subsequent blocked delivery attempts originating from this domain. A responsible party from this domain has contacted me personally, and I have responded to his request for the details of the messages sent to Nadine. Being convinced that sendoutmail.com is making a determined effort to adopt the most effective list management practices, I have removed the IP and envelope sender blocks against sendoutmail.com.

              topica.com

              This message was surprising and profoundly disappointing. I had been led to believe that topica.com were rather strict in their list verification standards. If they would like help in diagnosing the point of failure, I'll be happy to assist. Unfortunately they were still trying to deliver email as of 14- Feb-2002, despite numerous rejections (and several visits to this page from topica's corporate IP space).

              DM360.com

              The list is sold yet again. On 19 December comes an advert apparently for REI sent by dm360.com on behalf of network60.com. Visiting the link, however, just gets you to www.freebieclub.com, with no obvious REI involvement. What a tangled web.

              This sender has made a sufficient number of subsequent attempts after being blocked to rate their own reject log page.

              Later on in the piece (30-Jan-2002), we find that their erstwhile client, network60.com, has decided to take things into their own hands and do their own polluting of the general netspace. (Or, perhaps, the two entities are really joined at the hip. Who can fathom these mysteries without buying a programme from a passing vendor?)

              Postmaster General (pm0.net)

              This sender's customer at least doesn't bother to try the "thanks for signing up at our web site" prevarication or the "you visited a 'marketing partner' and requested drivel" pretense. The lack of HTML is also a redeeming feature. pm0.net was added to the parade of unwelcome intruders, and they hammered away until 02-Jan-2002. I removed them from the deny list on 15-Jan-2002 after having a conversation with the Mindshare Design Standards & Practices people, who convinced me that changes are afoot at pm0. If this turns out to have been an incorrect impression, I will note it here.

              Bigfoot Interactive (bfi0.com)

              I've always been fascinated by a "this message is confidential -- don't do like we did and send it to a completely unrelated party" clause in email and FAX messages. What exactly does the sending party in this case have to hide, might one ask?

              Virtumundo.com / vmadmin.com

              Here is an organism that claims that somebody who doesn't exist went to a web site (the same one the itsImazing folks claim she visited) and gave permission for them to send bunches of advertising.

              What makes this all the more fascinating is that somebody from Virtumundo apparently visited us here a few hours before the spam started.

              Interesting news: Virtumundo has announced a lawsuit against two list vendors, including Mindset Interactive, who provided the list for the message discussed above.

              Scott Hirsch (edirect.com, offermail.net, eDirectNetwork, optin-offers.net)

              This submission arrived in the wee hours of 30 December 2001. These notes were originally slotted to appear in the "Spamming Scum" section, in view of eDirectNetwork's colorful history of adding unwilling participants to its list of targets for valuable offers. Upon reflection, I decided that eDirectNetwork meets many but not all of the criteria set forth there -- at least, not recently. So, eDirectNetwork joins the other Florida operations here in the slightly more prestigious "Hogs" section.

              The apparent proprietor, one Scott Hirsch, has been mentioned in the press from time to time. A brief Google search for this entity nets quite a bit of discussion of their, uh, methods. Those who want an example of the great care taken by this organization to verify that the recipients really want the advertising may observe eDirectNetwork spamming the abuse address here.

              As for offermail.net, you have to admire the earnest, honest sincerity of a firm that in its domain registration gives its business address as the White House and its telephone number as toll-free information. Spiffy folks, to be sure. (And not entirely on the mark when it comes to research. An Authoritative Source has sent me tidings to the effect that the White House ZIP is actually 20500.)

              I held off chucking offermail into the bozo bin because, I freely confess, I wanted to see what would happen next. I speculated that Scott might read this and spoil my fun. It has been several months since he has hit one of my personal addresses.

              However, on 03-Jan-2002 "what happens next" was not at all unusual as spam goes (although I do have to wonder whether the return-path account name is a bit spelling-challenged). So, I blocked offermail and waited to see: would they pay any attention to bou[n]ces?

              Nope. (But they did eventually fix Irma La Bouce).

              Then, on 09-Jan-2002, our dear comrades at CustomOffers apparently leaped into the hammock with our friends at eDirectNetwork and sent Nadine an important custom offer for Sears Custom Fit Windows. Shades of Diana Mey.

              And then, sent to the "Tagged by SPEWS" sump by an incorrect mail sorting filter, there is this gem, in which Scott urges Nadine to consider plastic surgery for breast augmentation.

              Time to bung eDirectNetwork into the deny list and give them their own rejection log.

              On 13 Jan 2002 another metamorphosis occurred, and stuff started arriving with an envelope sender of optin-offers.net. I was not particularly quick on the deny list entry update, and ol' Scott managed to slip in two more that afternoon. The first was a delightful Path to Sudden Wealth blandishment, which offers yet another Work From Home and Make Big Bux opportunity. The other one was sent apparently on behalf of Gevalia Coffee, who certainly should know better.

              PO-1.COM

              Yet another itsImazing tentacle put its suckers on the window on 17-Jan-2002, with threats of even more exciting offers soon to festoon the lonely inbox. Into the bin with them.

              Mediatrec

              Transmissions with an envelope sender of something@MEDIATREC.ROI1.NET were a regular occurrence here until they halted suddenly on 3 January 2002. Then on 19 January 2002 this mysterious piece arrives, with its peculiar "sorry to see you go" clause, but with links that appear to point strictly to an opt-out function.

              Curious to see what their list management practices might be, I visited their web page, signed up for their mailings and waited to see what would happen. A short time later this confirmation message arrived, inclining me to the belief that they do indeed practice safe mailing, at least as far as new subscribers at their own web site are concerned. Time will tell.

              24-Jan-2002: What time tells us is that they don't practice safe mailing when purchased lists are involved, as they dropped this item in the hopper on behalf of VoiceStream Wireless. So, into the deny list they go. Bon voyage. The record of their rejected delivery attempts is here.

              16-Mar-2002: They've been averaging more than one futile attempt per day for quite some time, sending from the myz.com IP block at 65.105.159.*. Perhaps others have blocked myz.com and/or the mediatrec.com envelope sender, and they needed to find something that would temporarily let them get through. Regardless of the reason, they are now sending from mediatreclists.net, from their own IP space. Since they dumped five days of pent-up traffic on Nadine this morning, it seems likely that they saw a high non-delivery rate with myz.com and needed to make up for lost time. Here is one for Full Access Medical, the subject of many a search-engine visit to this site. Those interested in an exclusive money- making program need go no further than here. Maybe a free cellphone? Fancy an unsecured credit card (of unspecified type and issuer)? DVDs from Columbia House? It's all here, whether you have the sense to ask for it or not (assuming that you exist at all, of course).

              So, into the Plonk-O-Matic with mediatreclists.net.

              DirectNet Advertising (dnadv.com, valudesk.com, valudesk1.com)

              These folks have enjoyed some popularity amongst those who receive and report spam. Nadine also received the "Free Chocolates" spam mentioned in some of those reports. In the non-HTML portion, they began their Nadine involvement with no attempt to explain how they came into possession of Nadine's address. Only if you browse down to the web-encumbered portion do you see the shift of blame to "valued marketing partners" and the typical threat to continue the bombardment if no opt-out action is taken.

              Before the opportunity arose to add this section to the story, somebody from a network address belonging to dnadv.com spent half an hour or so reading Our Saga. I hope they come back, now that they are a featured character.

              NETWORK60.COM

              On 30-Jan-2002 there comes a "Membership Confirmation for NADINE" from an already-familiar denizen of the swamp.

              We first encountered network60.com as an apparent client of DM360.COM. One is tempted to speculate about the tendency for apparent clients of spewers-for-hire to begin doing their own spewing, as is for example the case with Mediatrec and ROI1.NET.

              When the spewing for RadioStakes apparently began in earnest on 08-Feb-2002, the envelope sender "NETWORK60.COM" went into the bozo bin.

              Two-River.com (Harvest Marketing, GDTRFB.COM)

              On 16-Feb-2002 we first hear from the Two-River Co-op, formerly known as Prime Offers but calling itself Harvest Marketing in the domain registry. We receive the welcome assurance that "Two-River Co-op never sends unsolicited email", but are forced to ponder: if the commercial relationship is launched with such a transparently fraudulent statement, what sort of confidence shall we have in the worth of the commercial offers?

              Again on 15-Mar-2002 we see that things haven't changed much.

              And on 20-Mar-2002 it would appear that AOL needed some assistance with their sales programme, with a little help from dnadv.com, for reasons best known to those who best know reasons.

              Alas, it looks like it is time for the bin for Two-River Co-op. The envelope sender on the most recent atrocity was . River.com is apparently an unrelated domain in Colorado, whereas two-river.com is in New Hampshire and gdtrfb.com claims to be in New Jersey. Considering that the delivering server calls itself "two.river.com" when in fact it is listed as "jupiter.gdtrfb.com" by its own DNS server, and looking at the river.com web site one may perhaps be forgiven for exhibiting a modicum of doubt that river.com has any involvement with these misdeeds. And in fact my communication with the actual owner of river.com confirms that river.com has no connection with two-river.com and has not authorized them to use a river.com address or host name.

              mxsys.net (dandyoffers.com, youclickhere.net) on behalf of memolink.com, dreammates.com et al.

              Pretty ordinary. First a mailing for memolink.com, then another one that seems less than fully suited to the demographic information that DandyOffers presumably purchased along with a bogus email address.

              On 25-Feb-2002 there was another spam for Sonix Systems / AT&T. Since I'm getting spam from mxsys.net for the "imesh" list to another bogus address @honet.com, there's no obvious reason not to award mxsys.net a prime spot in the bin forthwith. And since they've persisted in knocking at the gates, let's give them their own reject log.

              sign2002.com

              The presence of links to www.opt-track.net in this piece suggests that sign2002.com is just a new disguise for the masters of opt-in-ness, Optin Inc. Regardless, it has the exceedingly tiresome mendacity "This message was not sent unsolicited. You are currently subscribed to the Open2Win mailing list". As if "you are subscribed" somehow transforms an unsolicited message to a nonexistent person into a legitimate, requested communication.

              Gag.

              Then again, I'm interested in whether the folks at discounts.com, who don't seem to be affiliated with anybody mentioned in this message, would approve of the apparent sender being "HotelDiscountCard@discounts.com". Hmm... staff@webmagic.com seems to be the place to knock. 27-Feb- 2002: Email from webmagic.com gives me the distinct impression that they aren't too happy with this use of their domain name. Imagine that.

              Meanwhile, on 26-Feb-2002 the next piece arrives, signaling that The Hour of The Bozo Bin has arrived for sign2002.com.

              Exactis

              As a proud carrier of the "Motel Six Discount Card" (or AARP membership, as it is sometimes called) I note that in this piece The Hartford makes some sensible use of the demographic information that somebody fraudulently sold them.

              Although they wisely chose exactis.com to send their advertisement for an AARP-branded insurance plan, all was not entirely well in this particular shot. For instance, the valuable quartz clock is not available in Nadine's home state (and apparently only in Nadine's home state). One would expect greater diligence from these professionals.

              Additionally, this message is the first one in ages to make an explicit reference to delivere.com. The HTML version of the payload attempts to retrieve an image from the server consumer.delivere.com, which is strange, since the name servers for delivere.com are unreachable (at least from any network to which I have access) and have been for quite some time. Odd.

              valoffers.com

              What can we say about this initial salvo (other than a minor carp about a missing ">" in the Message-ID)? Not much. We'll just have to wait for the inevitable Drizzle of Irresistible Offers.

              Which began to arrive on 19-Mar-2002, manifesting as Yet Another Free Cellphone Offer (YAFCO). Time for a new deny list entry.

              dartmail3.net

              On 22-Mar-2002 Nadine received a "privileged and confidential" offer of magazine subscriptions by Synapse Group Inc, from dartmail3.net, through flonetwork.com.

              tinglobal.com

              This is apparently an IMG Direct (optin-inc) operation. More information here. Sample here. The "strict Code of Ethics" bit is a hoot.

              jobsonline.com (emailoffersondemand, Toplander Corporation)

              One is tempted to speculate just who has demanded the email offers, of which Nadine received four in the three days that elapsed before the sender was carefully inserted into the deny list. Since three of them were very similar YAFCO advertisements -- two for AT&T Wireless, one for Voicestream -- on three successive days, the use of the phrase "this recurring mailing" was particularly apt. Sample here.
    • I feel bad for the "mirror" site you just provided. On the page:

      PLEASE NOTE: A mirror of this page is also available with better bandwidth courtesy of Al Iverson at spamresource.com.

      As a side note, I didn't realize Iverson was such a big anti-spam proponent. That must be what is keeping him from going to practice.
    • Re:Old News (Score:4, Funny)

      by gambit3 (463693) on Thursday May 09, 2002 @06:06PM (#3493483) Homepage Journal
      yeah, but at least it was the SAME Old news [slashdot.org] that it was yesterday!
  • by Telastyn (206146) on Thursday May 09, 2002 @05:34PM (#3493284)
    Apparently the story is about a slashdotted webserver...
  • nice job! (Score:5, Funny)

    by flynt (248848) on Thursday May 09, 2002 @05:35PM (#3493291)
    We've all accidentally typed in a wrong email address sooner or later.

    Classic Slashdot grammar!
  • Cant access anything.

    it couldnt be /.ed so soon?

  • by PEN15 (571763) on Thursday May 09, 2002 @05:36PM (#3493306)
    Several years ago, I made a typo in my email address when I was updating the contact info for a domain name. Without double-checking I sent the confirmation back to InterNIC. It wasn't till the next day that I realized the mistake. In order to get things back under control, I actually had to register the typoed version of my domain name, so that I could receive InterNIC's mail there.

    It's the kind of expensive mistake you only make once! :)

    I kept the typo'd domain for esoteric value, and yes, I now get plenty of spam there. Some things never change.
    • A bit OT but...

      If you made a mistake in your contact info, you could've rectified the problem by voice phone and fax. That's what I did when the contact info for a domain I registered had to be updated because the email was an expired domain for a now-defunct company. Network Solutions had surprisingly good customer service and once they verify the credentials via fax (or even snail-mail) they will make any changed required without the use of email.

      That way seems low-tech and backwards, but you don't need to register an otherwise useless domain and it costs nothing more than your time (certainly mot much more than the trouble of registering a domain and setting up the DNS).

      Us techie types should be careful not to overlook the most simple solution because it is low tech...

      OTOH, the useless domain could be useful to keep track of how many OTHER people make that typo...kinda like the Slashdor site [slashdor.org]...
    • kind of like mistyping a stock ticker? Buying 100 shares of SUN versus SUNW can be pretty pricey (and no, I wouldn't know anything about such an incident. I'll deny it all).
      • by mshomphe (106567) on Thursday May 09, 2002 @07:19PM (#3493838) Homepage Journal
        Dragging this offtopic, a good friend of mine was told to invest in Cisco Systems a few years ago. But he just heard the name and, being a non-techie, bought a bunch of shares in Sysco [sysco.com], the food services company.

        Cisco went down, Sysco went up. Talk about pulling a Homer....
        • lol my dad did that too when I gave him an insider tip

          my colleague watched his £3000 turn to dust as the company went bust and my dad made a few quid when he bought the "wrong" stock!

          The company had gambled their future by planning to finance a deal with the stock rise they would get when they announced the deal to the markets. Unfortunately the price went down instead and about a week later we were all out of a job!
      • "kind of like mistyping a stock ticker? Buying 100 shares of SUN versus SUNW can be pretty pricey (and no, I wouldn't know anything about such an incident. I'll deny it all)."

        Depressed prices for heating oil and jet fuel have hit SUN pretty hard, but if gasoline prices rise sharply this summer (which many analysts are expecting), Sunoco could hit $45 or so within the next few months. Plus, they pay 0.25/share in dividends per quarter. Not a bad stock to be in, IMHO.

        Disclosure: Long SUN.
    • Several years ago, I made a typo in my email address when I was updating the contact info for a domain name.

      Good thing this law [loc.gov] hadn't passed yet, or you might be in jail!

  • by Debillitatus (532722) <devillel2@ h o t m a i l . c om> on Thursday May 09, 2002 @05:37PM (#3493317) Journal
    We've all accidentally typed in a wrong email address sooner or later.

    What you say?!?

  • Now, people can use these rogue websites to their advantage and spam the hell out of people they don't like. So one way or the the others spammers will get to you.

    I think the next big invention in internet and computing is a fool proof way to detect and stop spam.

    "Resistance is futile"
  • Prevention measures (Score:5, Interesting)

    by yoyoyo (520441) on Thursday May 09, 2002 @05:38PM (#3493324)
    This sort of thing could be avoided if companies used confirmed opt-in. That is, when you enter your email address they send an email address to that account with a unique url in it. They only email you their newsletters if you you click the link.

    That also prevents your email address from being maliciously signed up to these sorts of lists, so it's the sort of thing every reputable mailing list should do.

    Of course, no spammer is going to bother with confirmed opt-in, so we need to go after ISPs that allow these non-confirmed lists to remain on their net-space.

    --

    • How about - if you enter your address they send you an HTML email with an embedded web bug that automatically gets a link with an ID?

      You don't even have to click any link...just opening the email is enough.

      Of course I block my email client from getting external images... ;)
      • by Dwonis (52652)
        The whole idea of confirmed opt-in isn't to confirm *if* there is an address on the other end, but to confirm that the recipient is really the one who signed up. The "web bug" you propose doesn't address that problem.
    • That might stop the crap going to wrong address in the first place, but the story demonstrates that even if you did voluntarily opt-in, you'd find it very hard to opt out.


      Besides, if I wanted to get someone spammed I would just stick their email addresses in a few usenet posts, webpages etc. and it would soon get noticed.

  • by jeanluisdesjardins (577209) on Thursday May 09, 2002 @05:40PM (#3493341) Homepage
    Lets start slashdoting spammers!
  • by Seth Finkelstein (90154) on Thursday May 09, 2002 @05:42PM (#3493349) Homepage Journal
    Bandwidth-choked.

    Read it off the Google cache [google.com]

    (Note to people accusing me of karma-whoring: The search formatting above is non-obvious)

    Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

  • I "accidentally" type my email address in wrong all the time when I'm filling in those dam free registration required so we can send you spam/special offers/propaganda web forms.
  • reminds me of a commercial. I gave my email address to a friend. And they gave it to a friend.... And they gave it to a friend... One way to block spam that works for me is to filter "good" emails instead if bad ones. i.e. all your friends emails will wind up in one inbox, all the more uncommon emails will end up in another. Then deletion is much easier. Separate the wheat from the chaff.
  • by smoondog (85133) on Thursday May 09, 2002 @06:03PM (#3493464)
    Perhaps I'm confused (or maybe it is because I got bored and only read 10 of the many links on that page), BUT, I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.

    In my experience, trying to follow up or research these spammers is generally a useless waste of time. Bounce them, sue them or further change the law. Doing more is just going to frustrate yourself, IMO. Remember when you call around and get put on hold and follow the paper/isp trail you are wasting a lot more of your time than theirs.

    -Sean
    • by gorbachev (512743) on Thursday May 09, 2002 @06:14PM (#3493514) Homepage
      The real point of the Nadine story is demonstrating how spammers are reselling and distributing spam lists.

      Some of the spammers hitting Nadine's Email address are trying to act as responsible members of the bulk emailing industry, while at the same time blatantly violating online privacy policies (their own, and their list suppliers') left and right.

      The point of the story is to point out how effective "industry self regulation" really is.

      Proletariat of the world, unite to kill spammers
    • by Mr.Intel (165870) <mrintel173.yahoo@com> on Thursday May 09, 2002 @06:26PM (#3493557) Homepage Journal
      I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.

      Perhaps the story itself is not so unique, but I find his analysis very important to understand.

      From the essay [honet.com]:

      "Subject only to the agreements and contracts that an Internet entity has with its providers and customers, that entity is absolutely sovereign within its own domain. Service providers and system administrators are completely free to decide to accept or reject any network traffic they choose; they simply must accept whatever reactions such decisions may evoke from those with whom they have agreements.

      An individual consumer's service providers have absolutely no economic incentive to provide transit and storage for advertising, especially advertising delivered by email. On the contrary, many providers have discovered that swift remedial reaction to consumer complaints about unwanted communications can both increase customer loyalty and decrease operating costs. As a result, the unwritten "I will carry your traffic if you will carry mine" agreement is subject to re-evaluation, with the possible conclusion "I don't care whether you carry my traffic or not, so I won't carry yours." And there are many ways to say "I Won't".

      He states that this goes against the very flow of information that transpires in other forms of media. I find it fascinating that people expect to have a captive audience on the Internet because they did on TV, radio and magazines. Frankly, this is a new world and it isn't governed by the same rules.

    • by qrys (153769)
      I think I am under that same impression as you are. Someone's getting a lot of spam? Who cares. I get tons of spam. My hotmail account (as listed above) gets at least 20 spams a day probably more- but that's why I still have it around. (Although my main e-mail still gets some spam).

      Are there people out there that really care?

      I thought there was supposed to be something gone terribly wrong in this article (like someone killed as a result of spammers)...

      Much ado about butt-kiss..
      • 20 isn't a lot. I probably don't get 20 an hour, but ...

        Of course, it's partly a matter of how long you have your e-mail address, and how well you secure it and keep it hidden. I don't really go in for that, and I'm also on a lot of mailing lists. I suppose that at some point I'll switch email addresses, and drop most of the accumulated links. But I see spam more as a reason to use a non-html mail program (like kmail) than as a reason to really get upset about things. I may eventually even construct a bot, and use spam to train it. (That might make for some amusing exchanges. I wonder if spammers harvest the cc lists? I could get them talking to each other. :-) )

        • Of course, it's partly a matter of how long you have your e-mail address, and how well you secure it and keep it hidden.

          Not on hotmail. I've set up email addresses on hotmail such as "sdjkleiojsel" and never used them for anything. Within a week I am receiving spam. The addresses are leaking out somehow.

          • Not on hotmail. I've set up email addresses on hotmail such as "sdjkleiojsel" and never used them for anything. Within a week I am receiving spam. The addresses are leaking out somehow.

            There was actually an experiment [cnet.com] done along these lines. 12 email addresses started with various providers. Some left untouched, some used exactly once with things like message boards, registering a domain, using an AOL chatroom, that kind of thing. Interesting results.

            I also seem to recall an article about someone who designed a webpage with a mailto: on it such that every person who visited it saw a different email address. I can't remember where I saw it or what the results were, though. :(

    • For you newbie spam fighters out there, here a few links:

      http://www.samspade.org
      http://www.spamhaus.org /rokso/index.lasso
      http://www.spamcop.net
      http:/ /www.spamfaq.net/spamfighting.shtml

      There's no reason to get upset or frustrated when looking for spammers. Rule 3 says they're stupid so they're usually rather easy to trace down, if you know what you're doing. Once you've taken the time to educate yourself on how to read email headers, trace through them to find the originating ISP, open relays/proxies that forwarded the email, and decode the spamvertised URL, rooting out any redirection services or encryption used to obfuscate the spammers actual website (read cash generator), it's like anything else and can become second nature. It only took me about six months to get a good handle on all of the above and then another year to refine it to a science. I'm currently administering my own Linux mail server. I'm also pulling mail out of two POP accounts, one of which gets the majority of my spam, the other which has never been published anywhere and hasn't received spam... YET. I'm using a combination of DNS-based blocklists on postfix, iptables and a procmail filter to keep my spamload down to about 1-2 messages a day.

      The only thing I can say is use the above links and get familiar with the process. Read news.admin.net-abuse.email and ask questions of the inhabitants on how to fight spam. Make certain you stock up on Nomex underwear as it can be a pretty rough group to follow. A speed reading course may be helpful to keep up with the flow of articles.

      Hope this help....

      Rich
      --
      Consumer Watchdog! Yes, we're rough on bogus businesses! And today,
      Consumer Watchdog reports on protecting you, the consumer, from being
      consumed by dangerous products and phony packaging. -- Firesign Theatre
      TINLC Unit #2309 Death to all spammer accounts.
    • by mcc (14761)
      This is important *because* it is so common.

      It is a good general view of something that happens every day, all over. It is a good forensic analysis of what can happen from just *one instance* of submitting an e-mail address to a single sweepstakes site.

      It may not have helped most of the people on slashdot right now to have read this, but i think this is a good, well-written article to give to someone who doesn't read slashdot, doesn't know any sysadmins, doesn't have to deal with spam, doesn't incessantly read web message board posts by sysadmins who have to deal with spam, and doesn't know the extent to which this stuff goes on.

      More importantly, it is a good article to show businesses who are considering using spam to advertise.

      If you read all the way through the nadine chronicles (a good part of the middle could probably stand to have a "you can just skip this part" disclaimer, really..), the end is actually targeted directly at businesses considering advertising with spam, telling them why they should not and why their money will most likely be wasted if they give it to a bulk-email-advertising firm.

      Just because you and i know (or think we know) everything there is to know about spam doesn't mean that everyone in the entire world does. And this is one of these issues where the people who are most important to reach are the ones who are currently uninformed..
  • Tip (Score:2, Informative)

    by slugo3 (31204)
    Sign up for a Yahoo email address and use that address when signing up for anyting. Dont most people do this? I know i do and it keeps my real address relitivly clean where my "sign up" address gets hundreds of emails a week.
  • Spamcop (Score:2, Interesting)

    by dankinit (131249)
    I'm using spamcop.net [spamcop.net] and it's cut down on my spam by about 85%. Cost is $30/year for having your email filtered. Some spam (15%) still gets through but you can submit that to them to ensure others don't get the same spam as well.

    (I have no affiliation with spamcop.net except as a satisfied customer.)
  • That these spammers are sharing e-mail address.. or could Nadine be using the same bogus email all over the internet? I know I do. I go to a site that requires my e-mail address for nothing more then spamming purposes (like to dl some software, Acrobat for example) and I type in a bogus email address.. And I usually use the same one. It seems logical to me that Nadine could be doing the same thing.. And this poor guy owns the domain that she picked.

    Sure, some of it could be from spammers sharing addresses and lists, but some of it might not be.

    • I don't use bogus addresses, just the work addresses of the guys I went to college with.

      And they wonder why the spammers seem to keep finding them every time they switch jobs...

  • by indiigo (121714) on Thursday May 09, 2002 @06:30PM (#3493587) Homepage
    I purposely have done this.

    See, I signed up for a hotmail in it's early stages ('97). I used it for everything, including online purchasing, friends, family, you name it. At some point something happened-- one of the forms I filled out, or someone sold my same, and I started to get mail addressed to my real name, at that address. This semi-scared me.

    So recently I went to cancel the account. Hotmail by default will consider your account "cancelled" after inactivity of 90 days. I cannot click something that says "Forever, never use this e-mail" My fear is that others will get this e-mail after I have cancelled it, and they will see my real name.

    The best solution I have come up with is to fight fire-with-fire. I now sign up for every mailing list I can, each with a different real name. I now belong to over 400 mailing lists(including /.), some legit commercial businesses, some obvious spam. The mailbox fills up roughly every 30 hours. I plan to continue this for a few months, until it will be impossible to distinguish my real name from the fake names. Whomever picks up the account next will be in for a treat as they open their account and start getting thousands of messages a day, random names, and all.

    It's so sad it's come to this.
  • Sounds hard to beleive, but it's true!

    I have a domain that's ONE LETTER OFF from Yahoo. (Well, it has one extra letter).

    Very often, wise-asses mutate their email addresses when posting to USENET with this additional letter, thinking they've stopped their spam. They haven't. *I* get it.

    Of course, I don't see 99% of it--it's thrown in the bit bucket. However it is disturbing how much I get. Not only from email address grazers on USENET, but from people who use fake email address--often in my near-miss domain, and sites that gladly add it to their mailing list without a confirming email. Some of these are otherwise "reputable" companies, too. (This is so they can claim they have 4 billion registered users--easy to do if you don't verify!)

  • by crawdaddy (344241)
    Years ago, I registered the email account crawdaddy*AT*hotmail*DOT*com. Since then, several other "crawdaddy" accounts have been opened on hotmail. Many of these people forget to tell their friends/services they're signing up with that there is a number that follows their name, ie. crawdaddy69@hotmail.com. I have gotten several misdirected emails, including personal invitations to join someone on a trip, details of someone's personal life, two very detailed accounts of someone's sexual exploits, and one highly suspicious email that indicated something very illegal and fraudulent was going on somewhere and that the "crawdaddy" that should have received it is involved somehow. Of course, I also get exponentially more spam on this account that I do on any other account that myself or my friends have had for the same period of time. I now check my inbox twice a day just to clean out spam so that my hotmail account isn't temporarily disabled because it's reached its limit!
    • I feel your pain. As you can see, I was stupid enough to use my name for my hotmail login (circa 1997).

      In addition to the mountains of spam (some "legitimately" my spam, much of it not), I have received personal email for about 6 (IIRC) distinct individuals. Three are military-affiliated. I got mil-school grades for one kid (who did not do very well...), casual remarks about ... erm... let's say "adventures" in Columbia, and a (former?) military woman who signed up for some wedding site's list (among other lists).

      The first time I realised people were mistakenly using the account I owned was when I signed up to download an MS-Office97 patch. I was told by the server that I already had signed up... would I like to have my password emailed to me? Why sure! So I signed in (pw was a woman's name), changed the pw, and got my download.

      The worst quasi-spam was when some teenage girl gave "her" email out to all her friends, causing me to be put on what may have been the world's biggest forward list... and on the forward lists of other girls on the forward list... and so on...

  • Make you wonder just how many *millions* of trash email addresses and fake names are in many databases that collect info from web forms.

    How often does a person enter false info because one *has* to to download, proceed, etc.
    • A lot of them are trash -- probably most. I (unitentionally) have some experience with that. You may be next.

      One of the SPAM generators out there seems to take the mailing list in batches, using the first name of a batch as the "From:" address and the rest as the "To:" addresses. This has two rather evil effects: the first address gets (1) bounce notices and (2) complaints.

      I was the unlucky victim of this program a few days ago. I got about ten bounce messages, some of them for a half dozen or so bad addresses (the program was smart enough to group messages by receiving domain), for about 30 bogus addresses in all. But I only got one complaint...

      -Ed
  • I need a lawyer... (Score:3, Interesting)

    by gnovos (447128) <gnovos.chipped@net> on Thursday May 09, 2002 @07:06PM (#3493775) Homepage Journal
    The thing that I find amazing is that these spammers are flat out lying. They claim that ficticious entities "opt in" when they clear could not have done so. Doesn't this constitute some kind of fraud? Is there no legal recourse?
  • Yes, it's true -- the very single-opt-in mailing lists that are used by spammer scan be used to fight back.

    Spam Can Be Fun [aardvark.co.nz]
  • by P!erCer (578708)
    Whenever I am asked for an email address from an non-reputable site, I simply give a fake one such as wigglebroggle@frogtoggle.com. My friends do the same thing, except they always do randomaddress@hotmail.com. I know a lot of people who do that. Hotmail must be swamped with invalid emails... Also, I bet some of the "fake" addresses turn out to be real and some poor people start getting spam they don't deserve. "Accidently" type the wrong address...ha!
    • by rgmoore (133276)

      If that's the case, you should use a known invalid address. Just use something like nobody@127.0.0.1, which is guaranteed not to go to anyone who doesn't deserve it. ISTR that there are even some reserved names that are guaranteed not to work, and I seriously doubt that most software actually checks for address validity before letting you proceed. Or you could always use something like postmaster@theirname, so they wind up bombarding themselves with spam if they try to use it.

    • Whenever I am asked for an email address from an non-reputable site, I simply give a fake one such as wigglebroggle@frogtoggle.com.

      Making up domain names still pollutes the namespace, though -- imagine if people made up telephone numbers the same way. Why not use example.com instead?

      The example.com, example.net and example.org domains are reserved by IANA for use in testing and documentation; they're the equivalent of a telephone 555 prefix, only less obvious. See RFC 2606 [rfc-editor.org], or visit the example.com web page [example.com].

    • I do this too. I pity the poor bastard who has fuck@yougys.com

      :)
  • Say I receive a spam mail from spamcompany.com, I could go to alsospam.com and register to receive mail at doesnt.exist@spamcompany.com. Do that a couple times and you endup with spam companies using their resources to spam eachother...
  • by Kamel Jockey (409856) on Thursday May 09, 2002 @08:52PM (#3494190) Homepage

    I really hope that the author of the article implied sarcasm when he was "not worried" that the spam sender had a "privacy policy" registered with that TrustE or whoever the authority of the week happens to be. I can't believe people actually believe any site's privacy policy. Sure it says all the BS about how they won't sell your info, but of course it also says they can change it at their discretion, which is how they get around it. Call it the "Darth Vader" rule of contracts.

    This reminds of a friend of mine who was outraged that her supposedly private email address (which she only gave to 3 friends and never posted it online anywhere) received spam. I told her it must have been her ISP that sold her email address to a spammer, if none of her friends indeed didn't give it out. She told me it couldn't have been them because it was "illegal" for the ISP to do that. Of course its "illegal"... doesn't mean they won't do it though!

    IMHO, no privacy policy is worth the paper on which it is written (which is true because most are not printed out). No matter what any site's policy says, it is safe to assume that they can and will sell all of your personal information to the highest bidder (along with everyone else). We need to stop being naive enough to believe that companies actually care about our privacy. As long as its profitable for companies to sell information, it will always happen.

    I hope I didn't come off as a troll, but this cynical view is based on many years of experience dealing with online and offline vendors. None of them has ever respected my privacy, and none ever will. But knowing this, I can adjust my buying habits to ensure my privacy isn't compromised too badly.

    • IHDAOS (I have done analysis of spam)

      It is very likely not the ISP- the money they spend on help-desk complaint people would outweigh the cents received from a spammer.

      Spammers will make up lists of names. If you are a john smith, you will get spam. period. Because their lists will have john.smith@X, johnsmith@, jsmith@, johns@... they take lists of the most common names and put together all possible variants. I've seen many cases where they forgot to BCC the list... "asmith, bsmith, csmith...aasmith, absmith..."

      Unless your friend's email address is unguessable. Then its likely someone cracked into their system and got the list. Selling it? they'd have to be desparate idiots.
  • by pyrrho (167252) on Thursday May 09, 2002 @09:09PM (#3494235) Journal

    I read the whole thing and I still don't know if she won the sweepstakes and then the poor dear didn't even hear about it or get her oodles of cash.
  • I'm a firm believer in Sneakemail and customizing email addresses for each site you visit. This shows that, unfortunately, even non-existant email addresses still get spammed. That drags down their resources. What we need to do is get rid of the open relays and the like. Its obvious that MAPS and RBL will only be able to do a certain amount of blocking. Spammers are very creative and have minimal costs.
  • by Ars-Gonzo (14318) <willsmithNO@SPAMgmail.com> on Thursday May 09, 2002 @09:39PM (#3494328) Homepage
    I've been the technical editor for Maximum PC magazine for almost two years. Before I worked here, I worked for Ars Technica. At some point or another all of my email addresses have been posted on high traffic, public websites. Heavy spam has been a part of my day-to-day life for the past 4 years.

    It's gotten much worse lately. On any given day, I get about:
    20 viagra sales pitches
    20 penile/breast enlargement ads
    20 get rich quick schemes
    30 different porn ads
    10 you've won something messages
    and another 20 or so messages that don't fit a category

    Add anywhere from 3 to 20 assorted virus infected messages, the 20 or so press releases that come in every morning, and I don't know why email's even worth fooling with for the four or five messages that I actually read every day. Most of the repeat spam gets filtered and stored in a special folder, but I still end up seeing 25% of the total spam in my inbox every day.

    Does anyone actually think that spam control legislation would help at this point? Most of the stuff I receive comes from the Pac rim countries or Russia. Anyone know any Congressmen or Senators who are pro-spam control?

    As a short term solution, does anyone know a spam-filtering good POP3 client, or preferably a proxy I could use to filter spam that uses the MAPS or SPEWS lists?

    ///Will Smith
  • by Animats (122034) on Thursday May 09, 2002 @09:42PM (#3494334) Homepage
    I'm only vaguely aware that there's advertising on the Internet. Mail goes through SpamCop, web browsing goes through WebWasher, and searches go through Google. What ads?

    There are some e-commerce sites that don't work right behind a WebWasher proxy, but most do, and I buy from the ones that work, so there's no problem there.

  • Geez, back in 1998, I consulted for MatchLogic on their email system. They seemed on the up-and-up, but of course that was four years ago.
    -russ
  • spamcop helper (Score:4, Informative)

    by dickens (31040) on Friday May 10, 2002 @12:20AM (#3494812) Homepage
    I move my spam to the "spam" folder on my imap server. So it never even wastes bandwidth coming down to my workstation (over a dialup).

    Then I use this script to fire it all off to spamcop once a day:


    #!/usr/local/bin/perl
    $reporting_addr = 'submit.yourspamcopidhere@spam.spamcop.net';
    $/ = undef; #slurp mode
    $buf = &LT #slurp
    @spams = split(/\nFrom /,$buf); # split on message header
    for ($i=1; $i&LT=$#spams; $i++) {
    open (MAILER,"| mail $reporting_addr");
    $msg = "From " . $spams[$i];
    print MAILER $msg;
    close MAILER;
    }

    Not perfect, and you still have to visit the spamcop site to finish the reporting thing, but it's semi-automated at least. And forgive my clunky perl idioms.

  • Poor Nadine... (Score:3, Interesting)

    by ScooterComputer (10306) on Friday May 10, 2002 @01:05AM (#3494958)
    Just wanted to pass along a funny that relates to the "Nadine" story. It doesn't get much funnier than this...

    My grandmother is 75; her birthday was in October. Just prior, she suffered a heart attack, and I decided to resurrect an old Performa 6360 for her so that she could email and ICQ with my mother and aunt. I provided her an email address at a domain I own. The address had never been used prior. My grandmother had never used a computer, and even getting her to be comfortable turning it on was a challenge. I don't believe she EVER successfully sent my mother a message by herself...although I could be wrong. I would bet that she used that computer a grand total of ten times.

    A few months had passed, and I had a sneaking feeling that she wasn't using it. I would ask her, and she'd sheepishly admit that she "didn't have time" to sit and work on it. (Yeah, right. She's 75.) So one day in February I decided to peek into her mailbox to see if there was any mail in there that MIGHT be important...I was FLOORED by what I found.

    I now have a mail folder sitting in Entourage that consists of 767 (!!!) unread messages. I simply can't bare to get rid of them. The first is from September 20th, 2001, and the last was sent on February 21, 2002, when I killed the account. None of them were "for" her (from people she knows). And some of the products being offered would probably cause her to keel over.

    I am currently simply /dev/null-ing any mail incoming for her address...and I'm sure that if I'd remove that filter, the mail would still be flowing. If anyone (say a reporter, member of Congress, or FTC) would like to have a copy of this archive, I'd be happy to pass it along.

    767...I love the internet!

Genius is ten percent inspiration and fifty percent capital gains.

Working...