Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Spam

Some Spammer Has a Crush on You 283

Posted by Hemos from the i've-got-a-crush-on-you dept.
ewhac writes "Salon is running an article about how that cryptic email saying someone has a crush on you may not be what it seems. Portrayed as services to foster romance, some voice concern that some such sites -- two with falsified WHOIS records -- are preying on people's insecurities to build spam lists and directed relationship graphs (who knows who). One site in particular, SomeoneLikesYou, has the temerity to demand you subscribe to an affiliate marketing program or cough up $14.90 before it will hand over the email address of your alleged crush.

A friend of mine and I were bit by SomeoneLikesYou in the last week. The scam is elegant in its simplicity. The site teases you with an email claiming to know someone who likes you, then makes you guess who it might be by submitting their email address(es). Each of those addresses receives a teaser email just like yours. Rinse, repeat. I ignored the message -- obviously a fake; I couldn't possibly be anyone's crush :-) -- but my friend took the bait and fed it some demographic data and email addresses. Once she realized what was going on, she wrote to everyone apologizing for any spam they may have received. She also sent a nastygram to the site's operators.

It should be pointed out that there is no proof that SomeoneLikesYou is doing anything nefarious with the data they're collecting. However, their credibility is not strengthened by their faked WHOIS records and their meaningless doubletalk on privacy issues (the declaration, "We send precisely zero e-mail advertisements," says nothing about the behavior of their partners/affiliates.)"
This discussion has been archived. No new comments can be posted.

Some Spammer Has a Crush on You More

Some Spammer Has a Crush on You

Comments Filter:

  • awwwww damn (Score:5, Funny)

    by gatesh8r ( 182908 ) on Thursday August 08, 2002 @06:49AM (#4031776)
    I sent in my money and all she sent me was spam. And here I thought she was going to send me a nude pic and hours of hardcore action.
  • I've seenthese, and have wondered if these sites ever really tell you where they got your address. I.e., I suspect that they start with a list like every other spam-oriented site or company, but if I enter my friends email, and she guesses correctly that I'm the one with the crush, does the site say so? Or does it let you keep dumping email addresses in there till you tire of it (and they have more addresses)...something tells me it's the latter. ;)
    • That should be easy to test... just create 2 hotmail accounts and 2 fake accounts on the crush site.

      • I got one of these the other day, so I did the logical thing. Being a sysadmin knowing how to use both useradd and for loops, I quickly created 30 email addresses on one of the servers I admin (after I found out it wouldn't accept bouncing addresses), then mined it for all the information I could. Eventually, it just ran out of hints to give me. I was about to delete all the accounts I created, but out of curiousity over your very question, I responded with one of them and listed myself as someone I like.

        Now, the site just gave me another one of those "Try again" or "Think Harder" messages, however, a few hours later, both my real account and the fake one received a message saying there was a match on the list I'd submitted. One assumes the delay is to keep you entering email addresses even after you've entered the correct one.

        It should be noted, however, that the match message didn't say who it was. It promised to reveal that if I signed up for some service. Since I already knew, I didn't bother, my best guess would be that, yah, once they've managed to get you to provide them with a big list of working addresses, and signed up for a service, generating income for them, they probably would have told me who it was.

        Incidently, they don't tell you it someone removes you from their match list. Presumeably they don't want you to know they someone doesn't like you anymore. Perhaps we need a SomeHatesYou.com for this vital service... :)

        As for the original message, this is problematic. The address is unfortunately both one that a lot of people, particularly someone matching the profile I got back mining for hints, might send me mail at. At the same time, it's also listed on a college website I admin, so it may have just been harvested. Who knows. If someone in that particular circle of friends likes me, they're going to have to be a bit more forward. The hints are vague enough to be almost useless if you have a large enough circle of friends. Basicly, if it's real, it's one of my "college friends", which I already knew based on the email address they used...

        Eh bien, c'est la vie...

    • Re:i wonder if you ever find out... (Score:4, Interesting)

      by langed ( 142123 ) on Thursday August 08, 2002 @09:12AM (#4032517)
      I was fortunate enough so far in my 23 years to have filtered away from my usual existance most of the people who would pilfer my email for such frivolous purposes.
      So when my address was spammed by SomeoneLikesYou, I got on the phone. Sure enough, the one person who actually did it was my not-so-security-minded girlfriend.


      So when I hit the site, I entered only one email address--hers. The site didn't like that, and since it doesn't like bounces either, I just started registering aliases on my linux box. So we had a@mybox.net, b@mybox.net, c@mybox.net, and d@mybox.net.

      And, sure enough, when it finally accepted that, it said I had a match! (I also had some 4 more emails popping up in my inbox....)

      Since the site demanded that I pay up-front or sign up for affiliate info, I went on my merry way, happy to know I hadn't offended anyone else.

      About a month later, though, I got this email "Are you sure this loser Sara is right for you?" which told me to come back and visit the site again, threatening to remove my information and promising not to spam me again. I received a second mesage, again titled "Are you sure this loser Sara is right for you?", before I created a new procmail rule.

      I figured I was lucky, I got everything I wanted to know without it costing me anything but the time. I doubt many others were so lucky.

  • Oh No! (Score:3, Funny)

    by thogard ( 43403 ) on Thursday August 08, 2002 @06:52AM (#4031786) Homepage
    I just checked my logs and it appears that my antispam software just deleted a message about someone who likes me without me getting a chance to read it. Maybe its time to go back to the old method of just hitting delete now that the carpal tunnel syndrome is almost gone on the finger I use on the delete key.

  • Those things are spam + social engineering (Score:5, Informative)

    by Montag2k ( 459573 ) <<moc.liamg> <ta> <egamagj>> on Thursday August 08, 2002 @06:53AM (#4031793)
    I have an e-mail address that I have used to register for exactly one thing: AOL Instant messenger. I've never sent any other e-mail through this account, I've never published the address on the internet, or anywhere else for that matter. Yet apparently someone who has a crush on me has managed to get that e-mail address and report it to Crushlink! I don't even want to log on to the site to get onto their opt-out list because I don't trust them enough not to sell my address once they have verified that there is an actual person behind it.

    Argh, I hate spam.
    • I use my own email address for AIM. I have never recv'd a piece of spam from them. I have posted about this before I believe, but I must be one of the ONLY people in the world that recv's less than 5 pieces of spam a year.

      Lucky me I guess.
      • Nope, I also get zero spams a year.

        How?

        If you don't give the spammers your e-mail address, they can't spam you!!

        The only provisio's are that your e-mail address isn't guessable, that you don't use your primary e-mail address with companies/sites that you don't trust (almost all web forms that you fill in for any purpose), and that your e-mail provider isn't scum (like Hotmail).

        • Just don't give away your email address (Score:5, Insightful)

          by mosch ( 204 ) on Thursday August 08, 2002 @12:30PM (#4034000) Homepage
          Not giving your email address works works really well, unless:
          • you have a job that requires that you post on public, technical mailing lists.
          • you have a job where your email address ends up in whois records.
          • you're the postmaster, hostmaster or any other sort of contact for a company.
          • you don't need your email address to be publicly available for business reasons.
          • somebody forwards an email that you sent them to a public mailing list.
          • you've had the same, well-known email address since the days when it was considered a good thing to publicize your address.
          • one of your friends or business associates gets a virus that causes your email address to end up getting sent off to a mailing list or something.
          • your dipshit ISP allows VRFY.
          • etc, etc, etc.
          There's not always an easy way to keep from getting spam, even if you're relatively careful with your addresses.
      • I use my own email address for AIM. I have never recv'd a piece of spam from them. I have posted about this before I believe, but I must be one of the ONLY people in the world that recv's less than 5 pieces of spam a year.

        I don't know who hosts your email, but it's quite possible they already have a spam filter in place. Evidently a quite good one. ;)

    • Disposable addresses and Spamgourmet (Score:5, Informative)

      by Balinares ( 316703 ) on Thursday August 08, 2002 @09:23AM (#4032565)
      Never sign up anywhere with a real email address.
      Instead, get an account on Spamgourmet [spamgourmet.com], and you'll have as many disposable email addresses as necessary, that will work only as many times as you want. Then they become a direct link to /dev/null, and you never hear about them again.

      Seriously. This service rocks.
      • I use tagged email addresses to make it easy to tell who is selling my info. I'll put things like 'slashdot.org@mydomain.com' in for my slashdot email address, and 'yahoo.com@mydomain.com' for yahoo, and so on.

        This system makes it relatively easy for me to receive email from people who don't abuse the fact that they know my address, and extremely easy to filter the spammers to /dev/null, or better yet, set them up as spamassassin spamtraps, which will make it so incoming mail messages get automatically added to things like Vipul's Razor before they delete them.

      • That's one of the things I do whenever I give an address to someone I don't trust, but it still doesn't stop other people from giving out a main address that you want to use.

        That's one of the irritating and arguably unethical things that sites like crushmaster and someonelikesyou do -- they corner people in such a way that they can't find out if it's you without entering your real address.

  • This is obviously a ploy. (Score:4, Funny)

    by yeoua ( 86835 ) on Thursday August 08, 2002 @06:54AM (#4031798)
    This is obviously a plot... who the hell in their right mind would have a crush on me?!?!
  • SOME GIRL: I know somebody who's got a crush on you
    ME: Oh yeah? Who?
    SOME GIRL: Will you pay me if I let you have a guess?
    ME: I don't care, I'm rich, there you go. Is it SHE?
    SOME GIRL: No. Nice try, though.

    [later...]

    SOME GIRL: Hey OTHER GIRL, I know somebody who likes you
    SHE: Oh yeah? Who?
    SOME GIRL: Will you pay me if I let you have a guess?
    SHE: There you go. Is it stere0?
    (note: I didn't have facial hair in primary school)
    SOME GIRL: No.

    I overheard them, and this is how SOME GIRL got rich by doing this to the whole school and how I got my first kiss a couple of weeks later. :-D
    • What school was this, Ponzi Elementary?
    • Okay, leave us in suspense then...

      Which one did you get your first kiss from,
      SOME GIRL, or OTHER GIRL?

      And no, I'm not gonna pay you for a hint...

      • It was from the other girl, Caroline. We were both nine; she had brown hair that went down to her neck, good grades in class, brown eyes and a gorgeous smile. We started "going out together" (read: spending time together holding hands and being too embarassed to say anything) after I sent her a love letter I had written on thick, orange paper. I think I still have the reply she sent me somewhere.

        Anyway, we started spending time together, and one day we went up to her bedroom. We were both standing in a corner; she convinced me that I should go first. We closed our eyes and I gave her a peck on the cheek, then a rash kiss on her mouth. I didn't know what to say for a couple of minutes, and neither did she.

        Well, that's it. I haven't seen her for a couple of years but I still remember how we both felt. What about you?

        P.S.: This will probably get moderated down, but thinking about it made me feel great. Thanks! :-D

  • It's FAKE?! (Score:3, Funny)

    by joshua404 ( 590829 ) on Thursday August 08, 2002 @06:57AM (#4031808)
    I spend $15,000 on this engagement ring for nothing?!

  • in Germany they do this on mobile phones (Score:5, Interesting)

    by mario ( 94577 ) on Thursday August 08, 2002 @06:59AM (#4031817) Homepage
    funny, some weeks ago I received a SMS on my mobile with the same content, telling me: Someone who is too shy has a crush on you.
    To find out dial: 0190-whatever

    0190 is in Germany the dialing prefix for Premium rate-services (from 1 to 10 euros/minute)

    I didn't call but looked in the newsgroups if someone has: works exactly the same way you described:
    - please give us some mobile numbers from persons you guess that might be it..

    • Someone's operating the scam in Holland too (Score:4, Funny)

      by hrm ( 26016 ) on Thursday August 08, 2002 @07:45AM (#4032005)
      A couple of weeks ago I received a SMS message that started with "Iemand vindt je leuk, en heeft ons jouw nummer achtergelaten..." ("Someone likes you and has left your number with us", original Dutch maintained for Google searches).

      Oh, speaking of googling, there was a hilarious spelling mistake at the end "Wil je weten wie je geheime *aanbieder* is?" ("Do you want to know who your secret admirer is", except they put an 'e' in "aanbidder" where a 'd' should be, "aanbieder" means "provider")

      I couldn't find a reference on the internet to this operation, so I figured it might be legit. I called to the number they gave: 09062001372 (couple dozen eurocents a minute). They pulled the same routine as described above. I had to enter my own phone number (as if they didn't have it) then take a guess as to who left my number in the first place (I gave a bogus number). Then I was promised they'd SMS the number of my secret provider, but of course they never did.

      I suppose this scam pays off quite well. I'm a pretty suspicious person as a rule, but in this case, especially after I couldn't find any information about it on the internet, I just had to check it out. They got about 3 minutes worth of high phone rates out of me.

    • Yes, I had that on my mobile here as well, only it was an 0960 number (premium rate)...

      I tracked Googled for the postcode, tracked the number down to somewhere in a shady area of London where - how shall this? - desperate single folks would be guaranteed a choice from a variety of alternative "good times"... Quite a few interesting organizations all within the same block of town.

      Funny that, they didn't get my business... :)

  • One time e-mail addresses (Score:3, Informative)

    by Fuzzums ( 250400 ) on Thursday August 08, 2002 @07:01AM (#4031826) Homepage
    If some lame service requires you to supply them with an e-mail address, use a one-time address.
    Read is once for your password. If you start receiving spam you know the originator and can iglore that address.

    Spammotel provides in such a service. Also some providers allow you to use alias@your_name.your_isp.com, making it simple to track the origin of spam and making it easyer to filter (loveletter.com@my_name.my_isp.com)

    Hotmail serves the purpose of one-time accounts very well. How hard is it to forget about a hotmail account anyway?

    • Re:One time e-mail addresses (Score:5, Informative)

      by DeadSea ( 69598 ) on Thursday August 08, 2002 @07:20AM (#4031909) Homepage Journal
      You can't do that for this service. Your *friends* give them your email address. I'd like to find out which of my "friends" gave my personal email address to crushlink.com (a similar service) and beat them. However it looks like the only way I can find out is by entering the email addresses of all my friends so they all get spammed.
      • You should be giving unique email addresses to your friends...

        Get a domain, with catch-all email. If you mail to joe, send it with a return address of joe@myemaildomain.com. If you fill out a web form at sears, mark your address as sears@myemaildomain.com. My personal favourite is to mark the email address on my WHOIS form as dontspam@myemaildomain.com. When I go after a spammer, I can refer to that email address, and say that it only exists on my WHOIS form, and that they must be scooping emails from the WHOIS database. Poetic justice.
        • Sure, I do this with web forms and the like, but come on, are you going to tell your mom that she should email you at mom@yourdomain.com? And that dad should mail you at dad@yourdomain.com? And that if Aunt Bea asks for your email address, they should tell her it's auntbea@yourdomain.com? That's unrealistic and if you tried to explain why you do it like this, your famaily is going to think you are nuts and/or be really insulted that you think they will give your address to some spammer.

          Like it or not, your close friends and family have to have your correct address, and in my family's case they are clueless enough to a) include that address in the cc line of some dopey "pass it on" email that goes to a bunch of stupid lamers that don't trim the headers and then my email address goes all over AOL and onto the spammers' lists and b) they use all this dopey poll site where you have to enter the email address of your friends and family so they can go answer your poll about what your favorite flavor of ice cream is. Conveniently, the privacy policy of that site even says (if you read it closely) we can use the info you submit however we want, but does the family read or even care about the privacy policy? Noooooooooo, and when I point it out they call me paranoid. Yeah, that's right kids, there are people out there who have made this nifty little poll site just so you can have fun, it doesn't have anything to do with them selling ads or collecting email addresses... and Santa put all those nice presents under the tree last year.

          There is NO way to protect your preferred email address, but thank TPTB for good filters. And if the occasional "This is funny" email from my sister in law ends up in the junk bin, unread... well, that's where it belongs anyway.
      • Your *friends* give them your email address. I'd like to find out which of my "friends" gave my personal email address to crushlink.com

        All my "friends" just happen to be spammers themselves.

        "Here's my list of friends."
    • Give them a working .gov address, might not do anything good in the scheme of things, but maybe, just maybe, they will get tons of spam and start to reconsider their stand on letting spam be legal.

      And, american spammers, I don't give a shit about your laws on spam when you send me an email to my _swedish_ address. Come on people, there is something wrong here...
      • All those lines in spam claiming to be compliant with some US law are bogus, even in the US. Those laws were proposed, but never passed. (AFAIK)
      • Actually, the best address to provide scammers is uce@ftc.gov, especially if they are too dumb to know what that address is. [ftc.gov]

        The FTC is acting against spam, at least scamming spammers, though not as much as you or I might like. I used to post in newsgroups with .gov addresses, but really -- what benefit is there in further bogging down the agencies that we'd like to help us?

    • Re:One time e-mail addresses (Score:4, Informative)

      by Jugalator ( 259273 ) on Thursday August 08, 2002 @07:53AM (#4032046) Journal
      I've tried Spamgourmet [spamgourmet.org]. Excellent free service where you can do this:

      1. Register a username like "foo".
      2. Register at the MegaSpam forum.
      3. Tell them your e-mail address is megaspam.2.foo@spamgourmet.com.
      4. You will be forwarded the next 2 mails from the MegaSpam forum, probably containing password details as such things.
      5. Spamgourmet will then eat all mails from the MegaSpam forum.

      They also allow you to list trusted senders, which don't advance the message count for your temporary address, reply address masking, and password prefixes so others can't make up new addresses with your username.

      Pretty nice, especially as it's free and no ads or other catches. They have around 14,000 accounts as of today and eats about 12,000 spams/day. :-)

      And there's also despammed.org where any mails to that address will be filtered from spam before it's sent to your primary address or the web service. Everything on that site is free (and ad free) as well.
      • 14,000 accounts and only 12,000 spams a day? I've got 46 users in my passwd file and about 10 real users and my filters have killed 4660 spams since the start of the month.

        Of course I've been using the same userid online since 95 and its in every spamer database in the world but I've also have a few thousand fake address that are out there just to slow down the spamers.
      • Ive been using sneakemail.com [sneakemail.com].

        It is pretty good. You can create a fake e-mail address like osifj823494@sneakemail.com and allows unlimited number of e-mails forwarded to your real email address.

        You can easiliy detect if you are receiving spam from the fake e-mail address you created and easily realize which website sold your e-mail address to spammers. You can later delete that fake e-mail address and stop the spam.

  • First law on spamming: Spammers Lie. Which is, in this case, once again true because there is no one at all who has a crush on you. Just some dark-side marketeer who has a crush on your mailaddress so they can start shipping spam. Bah.

    (In case you're wondering, the other laws on spammers:
    2 - Recursive, If spammer seems to be telling the truth, see Rule 1.
    3 - Spammers are stupid.
    And ofcourse, the uberrule (rule 0): Spammers are thieves)
  • I'm sorry, but anyone who falls for this is either young and stupid, or just a plain moron.
    How many, "I love you's", "look at my pics", etc. does it take before the suckers of the world wake up??
    • I'm sorry, but anyone who falls for this is either young and stupid, or just a plain moron.

      or just plain lonely.

      There are a lot of extremely lonely people around who figure "what have I got to lose; it's worth a try" and there you go.

      You don't have to be stupid to be lonely.

  • Nothing immoral about this at all (Score:5, Funny)

    by Brento ( 26177 ) <brento AT brentozar DOT com> on Thursday August 08, 2002 @07:02AM (#4031838) Homepage
    There really is someone who likes you. In fact, here's the original personal ad involved:

    "Mass email marketer ISO young, wealthy singles with low self-esteem and money to burn. Low IQ is a plus, gullibility even better. Turn-ons: making telephone calls at dinnertime, taking long walks on the beach with your money."

  • This is great (Score:2, Interesting)

    by secondsun ( 195377 )
    As much as we hate spam, this one is really good. Get people to give you 20 or so emails from their address list voluntarily. Then spam those 20 to get 20 more. the those 400 to get 20 more then etc etc...

    Despite the fact people are getting unsolicited email from a company that they have had no business dealings with (and the fact that that is illegal...) this does seem to be an unique business tactic. Unique but sleazy and underhanded as well.
    • MAKE MAILING LISTS FAST!

      This is NOT a scam. It is NOT a pyramid selling scheme. Use this proven technique and you could soon have a mailing list full of people to spam!

      All you have to is follow the steps listed and you could turn your pathetic mailing list into as much as 30,000 or 40,000 people desperate to be spammed. I know it sound incredible but it's simple mathematics if you follow the steps listed.

      Step 1.
      Send an e-mail with a valid e-mail address attached to each person on the list.

      1. XXX Teens! Animals! Wireless Networking! XXX
      madeupname5435843529843@hotmail.com

      2. Hey, just responding to your mail! fyt74
      funkyluvva_98@yahoo.com

      3. Great business opportunity!
      bruoigf3@scam.com

      4. Make $$$ FAST!
      <>

      5. Viagra onling!
      <The Internet Chemist>

      Step 2.
      Now remove the top name from the list and add your name to the bottom of the list in the #5 position and move the other names up accordingly.

      Step 3.
      Post the article to at least 250 e-mail marketing companies. There are at least a million of these scum at any given time so try to post to as many of them as you can. Remember, the more you post to the bigger your potential return.

      Step 4.
      You are now an evil spammer yourself and should be seeing a huge list of victims within 7 to 14 days of your postings.

      REMEMBER--- Honesty is the best policy! You really don't need to cheat to make this investment work for you. Please play fair and you too can and will make some real money by fleecing the gullible.
  • Seems a pretty inefficient way to build a spam list. Sounds more like a variation of the classic chain letter, but fishing directly for suckers willing to cough up the $14.95.

    Karma: NaN (mostly due to meddling Slashcode programmers)

  • And they have no morals either. I once got an email saying I received an e-card sent from someone using this service [cardwish.com]. I went there and they claim to donate a cent to charities everytime someone sends a card through them. - should've realized it was bullshit during these dot.bust days. They asked for my name and email address to retrieve the card, so I typed them in and clicked "Get my Card", to only receive an error page in return. Only then that I realized that I just gave my information to some fucking spammers!

    Now I sometimes get junk from them, or from > their other alias [greetingwishes.com] in my hotmail account, which - interestingly - gets very little spam otherwise. Maybe because it 10+ chars long. Some of them were from legitimate companies too - some college in the UK even got duped into using their service to advertise itself.
  • I'm shocked! Totally shocked! A spammer who is a dishonest crook? Who could have anticipated such a thing?!

  • Funnycard (Score:3, Informative)

    by Spackler ( 223562 ) on Thursday August 08, 2002 @07:08AM (#4031866) Journal
    Funnycard is also just an email harvester! It has the subject:

    Message from person_you_know via the FunnyCard Network.

    It comes with a forged header, that says it's sent from the person_you_know (of course it was my sister). Clicking on the link then requires you to put in 4 (fake of course) email addresses to see the card. As soon as you submit it, it sends the same email to all 4 addresses with a forged return address of YOU (you get back the send errors that the fake users you sent to, don't exist). Displays some lame joke (that the sender never saw), and says goodbye.
  • I've had a few of these emails recently. The first time one arrived, I was curious. Was it real or a fake ? The email asked me to dial a certain number to find out who it was who 'had a crush on me'.

    It was then it dawned on me that there was no identification code in the message ! If I dialed this number, how would the service know who I was ? How would it identify me, so that I could listen to my personal message ?

    After that realisation, I dumped the message straight in trash, as I have done with the numerous follow ups.

  • And thanks, too, for linking directly to the "printable" form of the article. One page is better than 3 or 4, and no advertising!

    Very cool. (:
  • My numbers come from here. [12.108.175.91]

    $100 gets 10 million addresses. It costs $3,000 to send these 10 million messages. Let's assume a capital outlay of $3,100 per week, which seems reasonable.

    A "positive response rate" of 0.1% to 1% is expected. Say 0.1%, since this scam is especially egregious, that's 10,000 responses per week, is 10,000 suckers per 60 * 24 * 7 = 10,080 minutes.

    That means a sucker is born every minute (every 59.52 seconds, actually), which we already knew.
    • This is a fun formula you got going there, but the cost to send email is unreasonable. Assuming 2K per email message, you're talking 20 gigs of data transfer. Even with a capped cable modem connection at 128kbps, you're talking 14 days. So for the cost of two cable modem connections or one dsl line with better upstream, you can push that out easily in a week for less than $100 a month. Or less than $25 a week.

      Even if you are forced to buy a T1 line to do it, at $1500/mo, you're still talking only $350-$400 a week, and you'll be able to send out about 8 times as much spam. Of course, all the costs go up with the size of the email, but you get the idea.

      At these low rates, its obvious why you see so much spam. As long as the operating costs are so obscenely low, they don't need a high response rate. 1 out of 10,000 is enough. And there will always be enough suckers to satisfy the spammers. One of my ex girlfriend's family would spend around $300/mo on get rich quick schemes that were mailed to them (in the pre-spam days). They never seemed to get the hint. I'm sure there are are plenty of others who are the same way. Heck, I've even known people who make 6 figures who have bought into this crap. Not the same TYPE of crap mind you, but scams and spams all the way.

      There's always enough gullible people out there who will believe anything. And as long as they have money to spend, the spammers will be out there fishing.

      -Restil
  • Yesterday, I received five e-mails from "inlove@lovebox.com" - a spam campaign apparently going since May. The Love Box Company [lovebox.com] is less than impressed. The text of the e-mail is along the lines of "Someone you know has asked us to send you this e-mail. They think you are: sweet, attractive, charming, exciting. To find out who this person is, call this number: 090xxxxxxxx. (calls charged at 2.5p/sec)

    However, I have managed to trace this guy to a limited company, and trace the premium rate number that he asks you to dial. Hopefully, the premium rate number will be shut down, his company can be had for false advertising, and his ISP's account will also be shut down.

  • Only on Slashnerd (Score:2, Insightful)

    by snatchitup ( 466222 )
    Leave it to nerds to be the only ones falling for the "Somebody has a crush on you gag." Yeah right, as if anybody thinks they need to secretly admire your bolonga tits, when they know all they have to do is walk up and say, "If you eat me, you can treat me to dinner."

  • If you think about it, the is a great business model (in some eyes). They send out emails to people who have crushes and it sends them to a website where they have to sign up for things to learn who it is. Since crushes are secret and be for jokes even, they can randonly send it to arbitrary people to get them to sign up for things even if there is no real crush because nobody knows there is no person on the other end. Bam, spam but with a seemingly legit premise. I get emails all the time but I'm a nerd so I know it isn't legit :)

  • Does this mean... (Score:5, Funny)

    by Wdomburg ( 141264 ) on Thursday August 08, 2002 @07:40AM (#4031986)
    Noone really has a crush on the support alias for my company? I don't know how I'm going to break the news to it.
  • I received an email along these lines from sendacrush.com [sendacrush.com] only a couple of weeks ago, on one of my spam-only hotmail accounts that I've never given out to a human being.

    I sent a complaint to an address I found on the site, but quite predictably got no response. The sending of unsolicited email is illegal; all we have to do is prove they've been doing this beyond reasonable doubt. I think a class-action full of slashdotters who quite evidently nobody has a crush on will more than fulfil that requirement. Who's up for it? :)
  • because Miss Cleo told me not to answer these things. She's saved me a lot of money, let me tell you!

  • Well, if it's addresses they want, why not give them some addresses to play with...

    • uce@ftc.gov
    • billg@microsoft.com
    • hostmaster@verio.net - their hosting provider
    • root@someoneyouknow.com
    • nccs-sf@fbi.gov

    This could be "educational"...

  • My solution (Score:5, Interesting)

    by dr_dank ( 472072 ) on Thursday August 08, 2002 @08:09AM (#4032144) Homepage Journal
    I got these stupid e-mails too, but they wouldn't release the address of your so-called crush until you furnish them with e-mail address after e-mail address.

    Instead of putting down bogus addresses, I submitted every abuse@{$insert ISP here} address and anti-spam address that I could think of. That'll give them something to think about.
  • no one really has a crush on my ferret? I guess that's good, though. She's not really one for long walks on the beach or snuggling while watching movies.
  • This one really bugs me. I've been dealing with these bastards' emails for what feels like forever. Every time I go to pine and hit that favorite key combo, M-S-R-F-A, I get more incensed. These companies prey on my friends' insecurities, then usurp *my* time and resources, all so they can build an addition to their garish Malibu beach houses.

    I want revenge. I want to make them pay. I want to find a hole in their system that allows me to exploit *their* resources. Why not write a bot that logs on to their website and enters believable, false email addresses, making their spam lists worthless and chewing up their processor time? There must be a legal way to exact at least an ounce of flesh from these manipulative, bottom-feeding insults to civilized human beings, and I want to hear suggestions.
  • .. a crush on me. Turns out she was only after me for my p4 processor.

    Alice [slashdot.org] is a tease!
  • Think of someone gathering headers from mail servers over a period of time: Marketers, corporate IT depts, law enforcement, whatever else.

    They could learn a lot about you and your contacts without much effort: It's completely automated; no human interaction required.

    Is there any rule against it? You're not opening the e-mails.

    What would you do with the info? I can't think what marketers would do -- maybe target people who have more friends. A business might benefit from a study of how communication and info really flows in their company. For law enforcement, the info could be invaluable in trying to put together a picture of a criminal organization. And don't forget the true innovators, virus writers!

    • Reminds me of a law enforcement tactic that they bring out every few years.

      Publish in the newspaper a list of names that include some people wanted on outstanding warrants that can't be tracked down, have no fixed address, etc.

      But the advertisement is not "Wanted" rather, it's "Winners of Prizes in our Store Competition! Show up Saturday at 10 am to claim your prize!"

      People actually deliver themselves to the right address, where they are cuffed.

  • I have officially blocked any e-mails coming from crushlink or their servers into my servers because they are basically spam. This happened after two incidents. One day I received 25 e-mails all saying someone had a crush on me... I was a little suspicious, considering I had a girlfriend at the time and none of the e-mails matched with hers.

    Another day I received almost 50 e-mails (I have multiple addresses) including one at an address I haven't used since 1995. And yet, amazingly I am still single.. :-P Obviously, crushlink was just a spammer. So I blocked them as such. Luckily all of their e-mails usually have valid headers (saying they are from an @crushlink.com address). Just in case though, I also went to the effort of blocking the entire range of servers owned by crushlink.

  • After reading the article, several questions arise - what the hell is mitre.org up to and what culpability do they share in propagating this spam? Did Tseng and Schleier-Smith conduct any of their dot-com building on the federal dime? If so, can they be sued for recovery of wasted tax dollars?

    The main worry here is Mitre. If they are involved in government research, what are these guys up to? Is our government playing games with spam or is there some real, nefarious purpose here?
    • The main worry here is Mitre. If they are involved in government research, what are these guys up to? Is our government playing games with spam or is there some real, nefarious purpose here?

      I've worked for MITRE [mitre.org] for the past 11 years. We don't do spam. We do systems engineering, R&D, and IT support for the government: originally for the Air Force, then the other armed services, the FAA, and the IRS. MITRE is not an ordinary defense contractor; it comprises three Federally Funded Research and Development Centers [mitre.org]. The idea is to provide expert, unbiased technical advice which the customers can't keep in-house and which they can't get from for-profit contractors.

      We always have a bunch of part-time undergraduate co-op students around -- I had one working for me in 2000. The two people named in the Salon article were co-ops in the nanotech research department in 1999. I'm quite sure that their duties didn't include a "someone likes you" spam engine, and I imagine they'll get an earful -- if they are still working for us, three years later -- from their unlucky manager.

      I don't think it was very nice of Salon to link MITRE into this story. If you google for Tseng and Schleier-Smith, you find the MITRE link. If you paste that link into your story, it looks like MITRE is somehow connected. But we aren't.

  • And its not like you can even trust the answer it gives! If I enter the email address of somebody I know, but don't like, for curiosities sake, they will recieve an email saying 'somebody likes you'. If they guess my email, it will say that I like them, which is not the case.

    I almost worked for one of these companies, but I remembered that I have a concience.

    How do these companies manage not to get blacklisted by lots of mailservers?

    "See my vest see my vest, made from real gorilla chest"
  • ... three years ago. Same scam. Tracked it down via domain registry and whois, and called the fellow at home. It was being run out of a dorm at UC Berkeley, and the guy claimed that the guess-and-email technique was to save peoples' privacy. I pointed out that he had to be lying because of the cascading emails, and he claimed that it was a bug that would be fixed ``very soon''.

    Too bad to see that he's still scamming -- he was very smooth, and I hoped he'd graduate and go into something more innocuous, like pimping.

  • According to the article the 2 guys who run this work at Mitre. I wonder how Mitre would feel knowing 2 of it's nanotechnology staff were engaged in fraud.
  • If so, let him know -- I was pretty surprised when someone had a crush on junk@rpgexchange.com, a dummy address I have never used or published ever :)

    "Disclosure to Third Parties [crushlink.com]

    We may occasionally, for entertainment purposes, disclose non-personally identifiable information to registered Crushlink users about other users.

    We do not share our mailing list with any other company, person or entity."

    For your entertainment purposes, the CrushLink founder Greg Tseng's contact emails at Stanford (physics dept.) and his Harvard alum email:

    gytseng@stanford.edu [mailto]

    gtseng@post.harvard.edu [mailto]

    Show him you have a crush on him too by offering him things like "Free Inkjet Printer Cartridges", the "Lowest Mortgage Rates Around", how to make "$204,000 in 2 months", and hell how to "Increase Your Energy and Sex Drive!" :)

    -fren

  • Old news... to me, anyway (Score:4, Insightful)

    by Chmarr ( 18662 ) on Thursday August 08, 2002 @11:08AM (#4033347)
    I've been onto their particular game for about half a year now, as evidenced in a warning I wrote here [ctrl-c.liu.se].

    In general, you should never give anyone's email address out. Ie, treat it like a phone number; it's not yours to give out, it's the owner's.

    I treat the 'send this to a friend' thing in the same way. If you read the privacy statements of a lot of web sites, you'll see that it refers to your privacy, but doesn't mention anything about the privacy of your friends' email addresses that you happen to type into those 'send this to a friend' boxes.
  • Have you heard about that Richard Stallman guy...? He's working on a full-featured text editor for Unix! We won't have to use ed anymore!
  • Just create a bunch of email addresses whose sole purpose is to catch SPAM to feed your own blacklist. Its great cause you don't need to worry about finding SPAM, it is automatically sent to you.
  • Something I started doing recently was replying to spam with a message that contained web bugs. The web bugs were links to Linux ISO images. If only a couple of those spammers clicked the OK button (or if their MUA didn't ask and just downloaded) their BW would be wasted for hours. :)
  • ...is in bed with RackSpace?

    I got "bit" by SomeoneLikesYou repeatedly. Someone (who I don't even know) sent someone a legitimate crush, and they guessed a friend's address, who guessed me and all my friends... In my idiocy, I put in a list of addresses. They all got mail. I figured it out, and had a friend with his own domain setup some test accounts. I "guessed" their addresses, and, sure enough, they got mail right away.

    I quickly sent mail to RackSpace, informing them that it was sending 'fraudulent' mail, and that I was 95% sure that it was being used for nothing other than address harvesting. I also mentioned the clearly-falsified headers. All I ever received was an automated reply. And... The site is still up.

    Other people have said before that RackSpace knowingly harbors a bunch of spammers. I really would have no regrets blocking the entirety of RackSpace's netblocks.

    This is surprisingly brilliant for a spammer, but that only makes me more angry. However, I created an account with them, and checked "Do not send me mail" option -- and have not received mail from them since. (In addition, the account they have gets NO spam.) So, while it's likely that they're making a huge database of spam addresses, I haven't gotten spammed yet (or else my hosting company has some REALLY good spam filters that I don't about), and they even seem to take removal requests.
  • Yeah, I know this is kind of off topic...but directed relationship graphs remind me of something kind of amusing.

    Back in school, one evening, for entertainment, a few of us made a directed relationship graph of the people in our student house (about 60 or 70 people). An arrow from X to Y meant that X was interested in Y in more than a just friendly way.

    We then made a copy, with the vertices of the graph unlabeled, and posted it on the house bulletin board, as a puzzle.

    People did a lot better than I would have expected at finding their vertice on the unlabeled graph.

  • Skimmed the article on Salon. Found where the article listed the domains. My sendmail access file now includes:
    # Other SPAM senders
    moneyworld.com REJECT
    ...
    mystarworld.com REJECT
    crushlink.com REJECT
    someonelikesyou.com REJECT
  • Thus must be how winners of the Darwin Award meet up.
    • Generally its a little too late for them to meet if they've already won....
      • (* Generally its a little too late for them to meet if they've already won.... *)

        Okay then, "contestants". Actually the award does not say they have to die, only ruin their reproductive organs thru dumb but purposeful behavior.

Slashdot Top Deals

Do you suffer painful hallucination? -- Don Juan, cited by Carlos Casteneda

Close