Forgot your password?
typodupeerror
Spam The Internet

Spam Research Six Month Report 193

Posted by CowboyNeal
from the porn-nigeria-and-unrequited-crushes dept.
Zoomer writes "Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as 'spam.' Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address? In the summer of 2002, CDT embarked on a project to attempt to determine the source of spam. To do so, we set up hundreds of different e-mail addresses, used them for a single purpose, and then waited six months to see what kind of mail those addresses were receiving. The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam." Update: 04/12 15:47 GMT by CN : About a minute after this went live, I found that michael posted this earlier. Mea culpa.
This discussion has been archived. No new comments can be posted.

Spam Research Six Month Report

Comments Filter:
  • spam is a killer (Score:4, Insightful)

    by Anonymous Coward on Saturday April 12, 2003 @11:45AM (#5716130)
    you can't just put your email address on your website like you once did
    you can't add your email address to your usenet posts
    even if you email someone and they get an email virus, then you're on every spam list this side of Mars faster than you can say kazaa
    spam is harrasment, spam is bad, spam is undermining the internet. What would my mother think if she suddenly received "cum see horny l0litas" just because someone she emailed got a virus
    Legally treat spammers like vandals I say.
    • What would my mother think if she suddenly received "cum see horny l0litas" just because someone she emailed got a virus
      Hard to say. I don't really know your mother's interests that well.

    • by invenustus (56481) on Saturday April 12, 2003 @12:09PM (#5716211)
      .... is the profile of the average spammer. Most of my spam is poorly spelled and frequently points to sites that don't have anything to sell. My suspicion, and I have no way of verifying it, is that most of these messages are sent by people who get suckered into a "Make Money From Home!" offer, send a few messages to a giant list of addresses, and then give up when they're not living in MC Hammer's mansion by the end of the week.

      Does anyone know who the average spammer is?

      Another cool piece of spam research I've never seen mentioned on Slashdot is the Bot Trap [kloth.net], which I learned about from this Little Green Footballs entry [littlegreenfootballs.com]. If you're the admin for any web server, I strongly recommend setting this up. You probably don't make a huge dent in spam, but you get the satisfaction of seeing the list of IP's you thwarted.
      • They have to get past the content filters.. that is step 1.. mis-spell so that HUMANS know what is meant, but the filter cant figure it out.
      • yup (Score:2, Interesting)

        by lysium (644252)
        I think spammers are the same kind of people that get stuck working for one of those quasi-pyramid sales companies. Those "Make Money from Home" ads usually require the purchase of the spamming software (reliable revenue stream of suckers), and I would suspect that most people do not make back the money they spend on it.

        I doubt these folks' internet connections stay valid for very long once they start spewing email through their accounts, so that might have something to do with it....

        -----------

      • I knew a porn company in Romania that sent spam. They made quite a bit of money from it - certaintly enough to pull them up from the poorest parts of romania to the richest parts. I went and visited them - a beautiful country.
        It is kinda hard to moralize too much with them. I realise it causes ppl trouble etc, but that all seems very wishy washy when you see the living conditions of the poor parts of romania...

        • This kind of story is the same nonsense spewed by pornographers, "you will be a millionaire just like me if you license our media." One website devoted to such suckers is gofuckyourself.com [gofuckyourself.com] These people discuss the merits of popup ads and promoting other atrocities. Want to know who spammers are that destroyed the free nature of alt.sex newsgroups to promote business models? There you go.
      • by McDutchie (151611) on Saturday April 12, 2003 @03:38PM (#5717025) Homepage
        .... is the profile of the average spammer. Most of my spam is poorly spelled and frequently points to sites that don't have anything to sell. My suspicion, and I have no way of verifying it, is that most of these messages are sent by people who get suckered into a "Make Money From Home!" offer, send a few messages to a giant list of addresses, and then give up when they're not living in MC Hammer's mansion by the end of the week. Does anyone know who the average spammer is?

        At Spamhaus [spamhaus.org] they know. Not only does Spamhaus run the SBL [spamhaus.org], the most widely used blocklist of spam sources in existence, they also run ROKSO [spamhaus.org], the block-on-sight public database of notorious spam gangs. This database is used by many ISPs for background checks when signing up clients. It's also used by the FTC and state Attorney General offices [google.com].

        According to Steve Linford, head of the Spamhaus team, 90% of the spam originating from America is sent by some 150 top spammers [google.com]. If these were eliminated, our spam problem would virtually vanish overnight. This seems to contradict your suspicion that most spam is sent by suckers. In reality it's a small number of committed criminals that send most of it, and you can see all the publically available data on them at ROKSO. Go check it out - very educational indeed. So are many of Steve Linford's postings in news.admin.net-abuse.e-mail [google.com].

    • by DrMrLordX (559371)
      With all that sodium and saturated fat, it's just not safe to eat it. And it's not cheap anymore, either, so it'll ruin your budget too! I guess it's okay baked in a brown sugar glaze with raisins, though. If you're desperate for meat.

      Support your local troll.
    • by rmdyer (267137)
      ...I just don't understand how some people are having so much trouble with it.

      I've had the same email address since Sept 1992. We don't use any filtering on the mail server. I only get about 5 or 6 spam messages a day. On a bad day I might...might get up to 10. Granted, I have seen a marked increase in spam in the last year. True, it's probably going to get worse. I sometimes get more telemarketer calls a day than email spam tho...that says something.

      I can only surmise that some people don't know ho
      • There's no good reason you should have an obligation to hide your email address because of spammers. They're a burden to the internet - and just because you personally don't get any/much (I don't see your email in your slashdot id...) doesn't mean that there isn't tons out there. I don't use email alot and don't post mine publically and I get a half dozen a day. To mind, that's just unacceptable.

        By some reports, and certainly in some areas, spam traffic outnumbers legitimate internet traffic. That's just

    • You can't? ;)
      I only get ~4 pieces of spam per day, if that, and it gets filtered by SpamAssassin. And look! My addy is unobfuscated on /. and my site :P
  • Hotmail (Score:2, Interesting)

    by obotics (592176)
    I think if the government or something was to just do a raid on Hotmail servers and shut them all down, this would cause a heavy reduction on the amount of spam. It is amazing how much my Hotmail account receives. If I don't check the account for a whole day, the account will reach the storage limit and bounce incoming e-mail.

    PS if anybody needs some good spam to help Mozilla Bayesian Junk Mail filters learn, just set up a Hotmail account and copy those e-mails into Mozilla :)

    • Re:Hotmail (Score:5, Insightful)

      by Servants (587312) on Saturday April 12, 2003 @12:05PM (#5716200)
      No... that just means Hotmail receives a lot of spam. So many people use it that a reasonable proportion of possible usernames are taken, and that means spammers can and do use "dictionary" attacks, where they send e-mail to random usernames and then just hang onto the addresses that don't bounce.

      I believe that big providers like Hotmail and Yahoo try reasonably hard to prevent people from sending spam from their accounts, as it uses up bandwidth and creates ill will, so they do things like limit number of recipients per message, or recipients per day, that sort of thing. (Can anyone confirm that?)

      But a spammer can make their e-mails appear to come from whatever address they want, and if there's a URL in the message they don't need to worry about whether people can reply.
  • Dupe (Score:2, Redundant)

    by SuperQ (431)
    http://slashdot.org/article.pl?sid=03/03/19/173624 9

    atleast this one is in html form, not pdf.

    I saw it in the Mysterious Future, but there still isn't a good way to report dupes before they go live. I think you should open the thread for comments before it goes live, and nuke/archive/whatever those comments after it's live.
    • I see the parent "Dupe (Score:1, Redundant)" was modded "redundant" by some twat of a moderator. The following post "Duplicate (Score:3, Informative)", was psoted one minute later.

      ... moderators on crack...

      • this is why i meta-mod all redundants with a +2. it usually allows me to read them. Anyway, Moderators should check the timestamp before modding down as redundant.

        But what pisses me off is the over-rated mod. If you think that my opinion is invalid, then respond to it with your own insightful remarks (and don't be suprised when no one mods you up). If i have a +funny post, and you mod it redundant, then ask yourself this .. "Is this actually no funny, or do I just lack the sense of humor to realize just ho
        • Re:Dupe (mod) (Score:3, Interesting)

          by mbogosian (537034)
          I use hotmail, I never get span (except from MSN, but it is THEIR damned webspace i'm using). Now, i am worried that i will get spam blasts from having my address on my website, but it hasnt happened yet. hopefully it never will.

          It would be interesting if the authors of the study published the the names of the companies which refused to honor the opt-in/opt-out preferences or who sold e-mail addresses inappropriately. I'm not sure how "ethical" this is, but I'd really like to know....
  • Duplicate (Score:1, Informative)

    by forged (206127)
  • by iconian (222724) <layertwothree&gmail,com> on Saturday April 12, 2003 @11:49AM (#5716142) Journal
    .... E-mail addresses composed of short names and initials like bob@ or tse@, or basic combinations like smithj@ or toms@ will probably receive more spam. E-mail addresses need not be incomprehensible, but a user with a common or short name may want to modify or add to it in some way in his or her e-mail address.

    For further information, please contact Ari Schwartz at the Center for Democracy & Technology, 202-637-9800, ari@cdt.org.


    Anybody see the irony in that?
  • I've got roughly 2500 spam emails....
  • WHOIS (Score:5, Interesting)

    by SamMichaels (213605) on Saturday April 12, 2003 @11:49AM (#5716144)
    They mentioned that no spam was received from emails listed in the WHOIS database...

    I'd be interested in seeing a study for companies that harvest snail mail addresses from the database.

    I've received junk snail mail from every shady company on the face of the planet when I register a new domain or when it's up for renewal...plus I've even received phone calls (back when I used a real phone) about "we're ready to setup your web hosting and web design. Call us back immediately!" Persistant bugger, too...he kept calling back.
    • Speaking personally and based on one source (my current work address), so far we've received no junk snail mail pertaining to our domains we registered on Dotster last year sometime. Of course, we don't actually *use* the domains, we just registered them. The owner of the company thinks that by doing this alone we have a web presence.
    • Re:WHOIS (Score:3, Interesting)

      by juuri (7678)
      I get a bit of spam related to domains registered through netsolutions, this is around 25 domains. At last count it was about 10 emails a week, far higher than the single email received during this study.

      Domains registered with other registrars have yet to generate spam. Weird.
    • by swb (14022)
      This cracks me endlessly. I have two domains registered, one has a vaguely professional sounding name associated with it and the other has a crypto-anarchist name associated with it.

      Both of them get sent junk snail mail, and I've even gotten some sales calls to the crypto-anarchist name.

      Sales: I'd like to know if ____ is interested in updating their postage meter to a new Pitney-Bowes Mailmaster 1000.

      Me: Actually, ____ is more interested in burning Pitney-Bowes machines in the street as part of our wo
      • Re:WHOIS (Score:3, Funny)

        by Pharmboy (216950)
        It's pretty funny. I wonder if people with domains like "fuckoffasshole.com" get called, too...

        On a similar note, I personally own a few dozen domain names, many of which do not even have any DNS entries, no site, etc. I just love getting those

        "I saw your website at www.????.com and really liked it. We think we can help you get more exposure."

        Well yea, like maybe I could get more exposure if I the bloody domain had a web site to begin with.....
    • Re:WHOIS (Score:2, Informative)

      by the uNF cola (657200)
      Whois records are definitely sources of spam. It depends on

      1. How secure the whois information is from automated stuff.

      2. Does the company sell your info to other companies?

    • " They mentioned that no spam was received from emails listed in the WHOIS database... I'd be interested in seeing a study for companies that harvest snail mail addresses from the database."

      For the addresses that I use for domain name registration, I actually get more snail mail spam than e-mail spam! The snail mail is generally about paying to have someone submit your domain name to search engines. I've never gotten one of those fake verisign domain registration scam forms.

  • Really good report (Score:5, Interesting)

    by dtolton (162216) on Saturday April 12, 2003 @11:50AM (#5716145) Homepage
    It's interesting to see those results. While I knew that spammers
    harvested e-mail addresses from Web Sites, I didn't realize the
    magnitude of it.

    of the 10,000 spam messages they received over the six month period,
    8,609 of them were from simply posting it publicly to a web site. I
    always opt out of the subscription services where I can, and most of
    the time I avoid posting any of my e-mail addresses publicly, now I
    will redouble that effort.

    They had some really useful suggestions also, my favorite was using
    multiple "disposable" e-mail addresses and forwarding them to a main
    e-mail address that you keep private. When you sign up for a site,
    create a new disposable e-mail address and use that. If you start
    getting spam from it, just shut off that disposable e-mail. That is
    incredibly good advice.

    I like the idea of disguising or masking your e-mail address,
    although I think using HTML characters or a "Human readable"
    equivalent is something that spammers will easily be able to
    circumvent if the practice becomes widespread. They don't bother now
    because not many people do it.

    What I would like to see is a standard practice of generating your
    posted e-mail address into an image. This would make it
    *significantly* more difficult to harvest e-mail addresses in mass,
    while remaining easy for a single use of sending someone an e-mail message.
    • Think of the blind (Score:2, Insightful)

      by yerricde (125198)

      What I would like to see is a standard practice of generating your posted e-mail address into an image.

      This would shut out people with less acute vision and would shut you out from contracting for the U.S. government [section508.gov].

      • Okay, then use a vector format. :)
      • by dtolton (162216)
        While I symphathize with the blind, there has to be a better way to make e-mail addresses available without publicly disclosing the information in text format. If we are forced to always disclose e-mail addresses in this way, there is simply no way to stop spammers.

        Typically when you are posting it for some type of a government contract or any type of business page, the actual membership consists of a fairly closed set of individuals. If you have that set, you could easily make the e-mail address displa
    • Why would you use images? ASCII art is great:

      $ banner -w 40 joe@foobar.baz

      It is a bit large, though.
    • by wass (72082)
      People have long been putting the NOSPAM identifier in your their address to be displayed publically, but I'm pretty sure spammers robots are by now regex'ing these attempts out.

      What I have done in the past is to disguise the @ and . chars with other characters and include instructions how to fix it. For example, sign your posts like : email address me at "johndoexfakeyemailycom" and change the x to @ and the y to .

      That technique might eventually fail if a large database of domains is built up such tha

  • How about... (Score:2, Offtopic)

    by pr0nbot (313417)
    How about a "dupe" category on slashdot? That way the editors could mark stories as dupes and users could filter the category.
    • No no, I wasn't being funny... I meant, once an editor has realised that something is a dupe, they change the category, at which point it drops off the slashdot page of anyone who's filtering dupes.
  • 400 spam emails in the period of 2-apr upto 12 - apr. That's 40 a day. My spamfilters can cope with that, but it is annoying.

    What I don't understand is how it is financially still possible. Someone has to pay the bill for the used bandwidth/server usage..

    • 400 spam emails in the period of 2-apr upto 12 - apr. That's 40 a day. My spamfilters can cope with that, but it is annoying.

      What I don't understand is how it is financially still possible. Someone has to pay the bill for the used bandwidth/server usage..

      In my case, my 40/day translates into at least 120/day total transactions, because every spam I get ends up getting shoved to uce@ftc.gov (go ahead, spammers, copy that!) and a Spamcop.net address. That makes 120 mails even before Spamcop starts sending

    • What I don't understand is how it is financially still possible. Someone has to pay the bill for the used bandwidth/server usage..

      Well, that's entirely the point. The spammers don't have to pay for it, the recipients' ISPs do. That's why so many people regard spamming as a criminal activity, and not merely annoying antisocial behavior. They are literally stealing bandwidth.
  • Bad Addresses (Score:4, Informative)

    by mongus (131392) <mongus@mongus.net> on Saturday April 12, 2003 @11:51AM (#5716152) Homepage
    Almost all of the spam I get is to invalid addresses. I get all of the incorrectly addressed email for about 10 different domains - somewhere around 1000 messages per day. I don't know if the spammers just made up the addresses or if someone intentionally filled out forms with bogus addresses.

    I'm happy to get all of this spam because it increases the effectiveness of my anti-spam system Herbivore [herbivore.us]. Herbivore is a distributed anti-spam system. Everybody that uses it increases it's accuracy. If you're interested, any Slashdot readers can get two years for free by entering "slashdot" as the promotional code. Help us fight spam!

  • Hrmm... (Score:4, Funny)

    by acehole (174372) on Saturday April 12, 2003 @11:52AM (#5716154) Homepage
    We might look at this from a different perspective, if we eliminate all spam the 'penis enlargement' and 'hot barely legal lolitas that want you!' industries might collapse overnight.

  • Fight SPAM. (Score:3, Interesting)

    by termos (634980) on Saturday April 12, 2003 @11:54AM (#5716155) Homepage
    I recently registred a new e-mail adress, two days later I already had spam in my inbox. I noticed that I had been releasing my e-mail on a few web-pages, and came to think of something. The spammers "scan" webpages for e-mail addresses, and automaticly send commercial mail to them.
    If you are sick of this - as I am - add your e-mail address with NOSPAM in the middle of it like name@NOSPAMhost.com, or write it like this; name at host dot com. I have started doing that, and as I can see spam has acually increased a little bit.
    • How about setting up the email name@NOSPAMhost.com, and using that as a trap for emails. People will truncate the NOSPAM, spammers will lose time.
      • I've always wondered what would happen if your actual address was JohnDoeNOSPAM@server.com The spambots would truncate the text, but your friends wouldn't because you would tell them to leave it in. The spambots would eventually catch on but it would be much harder to figure out, & in the process, they may end up getting fooled by addresses which actually should be truncated.
    • Re:Fight SPAM. (Score:1, Insightful)

      by Anonymous Coward
      I see this a lot. People who think they're beating the spammers by putting "NOSPAM" as part of their email address.

      I'll give you a little tip: it doesn't work.

      Despite what you may want to believe about spammers, they have some pretty darn good scumbag software behind them. You don't think they go to every web page and write down addresses they see on a piece of paper, do you?

      The spammer himself may not be that bright, but he most certainly has a geek who knows his perl and how to hack up sendmail co

      • I will attest that by the time about the 5th person started putting "NOSPAM" as part of the email addresses, some smart person started regexp'ing that out.

        Hmm, maybe I should go register nospam.cx then ;-)
    • I find it hard to believe that spammers aren't already accustomed to these techniques, and haven't had stuff built into their software to remove phrases like "NOSPAM". Apparently they haven't, but...

      What I like to do, and what I see as a future-proof way of handling this, is to reverse the @ and the . in my email address (see comment header for example). That way if there is a "clever" spam harvesting program at work, it'll either throw it out (domain name too short) or it'll start sending spam emails to

    • So if I put the addresses of my good friends here--such as jvalenti@mpaa.org and csherman@riaa.org --then they would get lots of spam? Good to know.

    • I own the domain NOSPAMHOST.COM

      How DARE YOU recommend that people use my domain name just so YOU get less spam!

      In all seriousness--if you use a munged email address, make sure it has an invalid TLD, like name@REVERSEMOCmyhost.moc so someone won't get your mail. I (seriouosly) own the domain yahoot.com. It gets about 50K emails a day, because people think that they can disguise their email addresses by adding a "T" at the end of it. I wish I had the resources to go sue everyone who does this.

      But I thin

  • by MondoMor (262881) on Saturday April 12, 2003 @11:59AM (#5716175) Homepage Journal
    "Spam" ought to be CmdrTaco's category to update all by himself. It appears to be some weird obsession with him, since most people in his position just use one of the many freely-available tools and live with it.

    Spam, the religion of CmdrTaco, who will soon declare SpamJihad on the troll community here, unleashing his SpamFedaykin-Slashbots! SPAM!
  • Mailshell.com (Score:3, Interesting)

    by blackmonday (607916) on Saturday April 12, 2003 @12:03PM (#5716191) Homepage
    Mailshell.com tells me who spams me. You can assign yourself a "new" email address anytime, just by making it up when you give it to someone. The fake email is forwarded to your real address. So I have addresses like amazon@me.mailshell.com, etc. You can also direct any email that comes from a particular address to the trash, and never see it. I like it, I don't think it's too expensive. When I signed on it was still free.
  • AI... (Score:2, Interesting)

    by Anonymous Coward
    This still doesn't tell us WHERE spam comes from... i.e. what kind of losers are distributing it. Havent they realised that spam is now an ineffective advertising method? If someone wants pr0n, they damn where know where to get it. They're not just going to one day say "Oh, I think I will 'try' pr0n just because I got an email about it" as someone would try a car if they saw an ad on TV...

    OR perhaps spam doesnt come from any one person - perhaps its the beginning of a dormant AI within the internet that no
  • by GregBildson (316305) on Saturday April 12, 2003 @12:10PM (#5716216) Homepage
    We found that posting our contact email addresses on a well known website was definitely the worst thing to do. There are some very aggressive email harvesters out there that just eat up website content and easily parse out the email addresses. Using some simple javascript tricks to assemble and display your email address piece by piece will defeat the current generation of harvesters.

    Some of our old email accounts are now firmly planted in the email lists that these companies sell to each other and will "be in play" forever. Having received numerous offers to assemble and sell email lists (which we will never do), I know a little about these companies. Once your email is known by one of the big players, it will be sold to others in units of thousands for as little as pennies but sometimes up to a buck per thousand.

  • by ne0nex (612727) on Saturday April 12, 2003 @12:14PM (#5716226)
    The /. effect on webservers. Obviously starting with their own.
  • CDT tested two methods of obstructing address harvesting:
    • Replacing characters in an e-mail address with human-readable equivalents, e.g. "example@domain.com" was written "example at domain dot com;" and
    • Replacing characters in an e-mail address with HTML equivalents.

    Another method I have seen used effectively is creating an image file (.gif, .jpg, etc.) of one's email address. I guess a truly devious spammer could write a program to check all image files on a website and try to read them if they have

  • Worth saying again. (Score:4, Informative)

    by JKConsult (598845) on Saturday April 12, 2003 @12:19PM (#5716242)
    It seems every article (dupe or not) on spam returns a thousand people throwing out their personal solution to fighting it. Most involve mail-server solutions, such as SpamAssassin, but I've read about MailWasher [mailwasher.net] a number of times. After the last article (the original of this dupe, actually), I finally decided to try it.

    A week later, spam to my hotmail account has dropped from 30 or so a day to about 2. (Warning: Hotmail support is only provided in the pay version, but there's a 30-day trial.) Preview the spam on the server, and you're able to delete it, blacklist it, and best of all, bounce it back to the sender. In my wildest dreams, I never thought it would work so well. YMMV.

    Another kick-ass product is Spam Gourmet [spamgourmet.com]. Some website wants your email address? Give them (unique identifer).(some number).(your user name)@spamgourmet.com . The number is the number of emails they can send before the address is killed, and the user name is your user name at spamgourmet. Go sign up, and you never have to go back to the site again. It works.

    I'm sure many people are like me, and read these testimonials and figure that they're hype. Trust me. They're not. I wish I had done it the first time I read about them.

    • spampal [spampal.org] is pretty cool too. It's also open sourced.
    • It seems every article (dupe or not) on spam returns a thousand people throwing out their personal solution to fighting it. Most involve mail-server solutions, such as SpamAssassin, but I've read about MailWasher [mailwasher.net] a number of times. After the last article (the original of this dupe, actually), I finally decided to try it.

      A week later, spam to my hotmail account has dropped from 30 or so a day to about 2. (Warning: Hotmail support is only provided in the pay version, but there's a 30

    • Don't bounce it! (Score:3, Insightful)

      by mccrew (62494)
      ... and best of all, bounce it back to the sender...

      For the love of God, don't do that! All of a sudden you stop being part of the solution and become part of the problem.

      Repeat after me, spammers lie. The return path to the sender is intentionally set wrong, and because they go through open HTTP proxies, you cannot believe that the IP addresses in the Recieved headers.

      Bouncing back e-mail to a non-existant sender just generates needless traffic and load on your victim's server. Yes, you become th

      • NO! Do bounce the spam! Especially if it's a hotmail or othersuch account.

        A new method of email adress harvesting come from brute forcing random strings "@hotmail.com". The spammers then take all the emails that didn't bounce and voila: a long list of valid email addresses. As for the victims of spammers, I figure that if someone's getting joe-jobbed, they probably stand a decent chance in the courts. Furthermore, if they take it to some of the newsgroups online that are used to help track down spammers wh
        • NO! Do bounce the spam! Especially if it's a hotmail or othersuch account.

          Let's see if your arguments below support this thesis...

          A new method of email adress harvesting come from brute forcing random strings "@hotmail.com". The spammers then take all the emails that didn't bounce and voila: a long list of valid email addresses.

          That's a pretty interesting definition of "new". New to you, perhaps.

          As for the victims of spammers, I figure that if someone's getting joe-jobbed,

          "Joe-jobbed?" Is that

  • I missed this story the first time it was posted. Taco: thanks for posting the dupe! It's useful information!
  • by phillymjs (234426) <slashdot AT stango DOT org> on Saturday April 12, 2003 @12:24PM (#5716254) Homepage Journal
    Just this past Wednesday night I discovered that I left the PDF version of this report sitting on my iBook from the last time this article was posted. Before I deleted it, I actually read the entire thing. Here's pretty much all you need to know:

    1. Don't give out your e-mail address any more freely than you have to.

    2. For the love of God, NEVER put it in unadulterated form (i.e. user@domain.com) in a Usenet posting or in a publicly-accessible HTML page-- even in the comments or other places that it won't appear on the final, rendered web page. If you do, it WILL get picked up and you WILL get an assload of spam.

    3. If you MUST provide your address on a web page or Usenet posting, slightly obfuscating it (i.e. "user at domain dot com") is, for now, 100% effective against fooling the spambots. Which frankly I find amazing, because that trick has been around for years.

    ~Philly
    • To be fair though - using a mailto link (and the original e-mail address on the page) makes it easier for people to get in touch. You can include a subject line in the mail to tag which if kept by the user is an effective spam filter. Spam is easy to spot - when all the spam hasn't got the correct subject line. ;o)

      The alternative - things like formail.pl and php e-mail scripts have zero-day exploits that can be abused by spammers too. You'll know when that happens when you get about a hundred e-mails back
      • by phillymjs (234426) <slashdot AT stango DOT org> on Saturday April 12, 2003 @02:14PM (#5716711) Homepage Journal
        To be fair though - using a mailto link (and the original e-mail address on the page) makes it easier for people to get in touch.

        The way I look at it, if someone is too lazy to type in my e-mail address into a "To" field, they must not have something very important to tell me. And having to weed through a lot of spam inconveniences me a lot more than an inability to just click on a mailto on my site inconveniences them.

        The alternative - things like formail.pl and php e-mail scripts have zero-day exploits that can be abused by spammers too.

        The servers for my domain run on Mac OS 9.1. The best way I've come up with for easily-accessible feedback to an e-mail address is via a form that sends the message to an undisclosed (to the submitter) account on my mailserver. (The mailserver is also set up to not accept any mail to that account except messages originating from the webserver's IP.)

        I have a helper app [sentman.com] on my server that allows me to embed AppleScript into my web pages which is executed when the page is accessed, so the e-mail is sent via AppleScript commands from a scripting addition. [24usoftware.com] In testing, I'm seeing some oddities with messages sent from my scripting addition which I'm currently trying to work out with the developer-- but once that happens I'll have a pretty secure and spamproof means of convenient feedback.

        ~Philly
    • Take email off of business cards, too!

      While it's certainly not where the bulk of email comes from, I no longer have my email address on my business cards. If someone wants to reach me they can call.

      It's all to easy for companies to decide I want to receive their daily press releases and add me to their spam list after I give them a business card.

    • Back in my time... (Score:4, Interesting)

      by Pseudonymus Bosch (3479) on Sunday April 13, 2003 @01:18AM (#5719642) Homepage
      For the love of God, NEVER put it in unadulterated form (i.e. user@domain.com) in a Usenet posting or in a publicly-accessible HTML page

      I still remember when guides for newbies told that not providing an usable return address was a breach of netiquette.
  • by dragons_flight (515217) on Saturday April 12, 2003 @12:35PM (#5716285) Homepage
    I operate a domain, so it is easy to substitute a unique email address when I register for some suspect activity.

    To my shock, one of the single greatest sources of spam that I have gotten is from an email address placed on a CA voter registration form. I've never actually used that address or given it out for anything before or since, and yet a year later I am still getting 3 or so emails a day showing up in my spam filter from that address.

    To my knowledge not one of these spams actually came from the CA governement, but I can only infer that either they sold it, or there is some big public list of voter registration emails that spammers know about.
    • They're probably part of the public record and anyone can view them. Pretty sad
      • That it is part of public record wouldn't bother me (much), though I would certainly like to have a disclaimer saying that listed somewhere on the form.

        Even so, that would imply millions of records, in CA alone. I would be very upset if someone could go up and request a copy of all of the email addresses contained therein in a nice electronic format. If a spammer wants the info, let them process a million pieces of paper. Not impossible, but I'd at least like to know that the spammers had to put in a li
  • by roalt (534265) <[moc.tlaor] [ta] [gro.todhsals]> on Saturday April 12, 2003 @12:40PM (#5716298) Homepage Journal
    I have an own domain, so when I give away my email address I just put the name of that website before the @ (at) sign. All mail is forwarded to my real e-mail address.

    I noticed some time ago I received a lot of spam from musiccity@, an e-mail address I provided for the once-popular peer-to-peer network morpheus.

    The funny thing is, I just redirected this e-mail address mail towards sales@musiccity.com. It helped!

  • Maintain a list of those with whom you want to collaborate via e-mail. Tell your prog to only download e-mails from these people, and inform you of SPAM with a message, asking you to check the server. When you feel like it, you can check the server (if you want).

    Alternatively, use SpamAssasin, which uses Bayesian filtering. Btw, if you're going to be throwing the term Bayesian filtering around, please at least find out what Bayesian Inference and Bayes Factors are, and maybe understand MCMC.

    A good place t
  • by ZaPhOd42 (60796) on Saturday April 12, 2003 @12:48PM (#5716327)
    I love spam!

    Since I've had an e-mail address I've had my penis extended 6 times, my breasts enlarged 8 times, I own the worlds supply of viagra and, and I get to have hot teen sex every night with 18 year old nymphos!

    And to top it all off I've just received £3498435784354085 from Senator Hamza Kalu from Nigeria just for opening a bank account! ;)

  • Active Spam Killer (Score:3, Informative)

    by Isldeur (125133) on Saturday April 12, 2003 @02:02PM (#5716656)
    This has probably been posted before, butI think a fantastic little tool is the Active Spam Killer [paganini.net]. I'm using 2.3 beta 3 which is very stable and worthwhile.

    Basically it requires a once-off confirmation from any non-whitelisted and non-blacklisted user who sends you something. I haven't gotten one spam since I installed it. It's impossible to loose a real email and it's dead easy to install.
  • by ziriyab (549710) on Saturday April 12, 2003 @02:13PM (#5716706)
    from the article:
    While [posting to] "alt.sex.erotica" generated twice as much spam as the next newsgroup, we do not believe that this data supports any strong conclusion regarding which newsgroups are the most susceptible to spam.

    Now, is that just wishful thinking on the authors' part :)

  • by Kaz Riprock (590115) on Saturday April 12, 2003 @02:52PM (#5716837)

    Just having an account can get you spam these days. Even at a university...especially at a university. Like any good system, my school's mail/student server is organized by year and/or alphabetized.

    If any user changes up a directory...does an ls -1p > spamlist.txt and then mails said spamlist.txt to their friendly neighborhood spammer who pays them 20$...then all of those users just got added to somebody's hit parade, even if they never submitted their address to a public or private outlet.

    I know this, because my email address is a bit ambiguous. One could email me at fake@university.edu or fake@xxx.university.edu and it would arrive in my mailbox. I have *NEVER* used this email address in any forum other than work-related issues and have *NEVER* used the "xxx" portion of the email when I have submitted it (in interest of brevity).

    I currently procmail filter about a dozen different spammers (each sending different revisionary mails of each of their products) and invariably the address used is fake@xxx.university.edu (NOT the one I have ever used). Clearly someone determined what my account was named and then determined the mail server to be xxx.university.edu and put the two together. It's easy enough if you have an account on the server to simply list the home directories into a file and submit.

    fake@xxx.university.edu is not listed on any google-indexed site or usenet article which furthers my belief that this came from within. Also, some spammers send the mails to about 15-20 university accounts at a time (they don't always hide the headers correctly and I get a cc list of about a dozen other users on my university's student server...ALL using xxx.university.edu).

    These inside jobs are easy, do not negatively affect the committed party (unless the school is logging every ls command), and probably earn you enough money to buy a six-pack. A few beers for the inconvenience of your fellow students...great job, jerky.
    • If any user changes up a directory...does an ls -1p > spamlist.txt and then mails said spamlist.txt to their friendly neighborhood spammer who pays them 20$ [...] These inside jobs are easy, do not negatively affect the committed party (unless the school is logging every ls command)...

      Actually even if they are logging the ls command you can still get a directory listing without it appearing in your command history. "ls /home/[TAB][TAB]" without pressing [RETURN] is the most obvious. Also writing a quic
  • I have suspected for some time that lots of spam gets sent to people who send (or recive) lots of forwards. This is the only explaination I can think of for some of the spam I've seen to some "private" (given only to friends) addresses. This implies, I suppose, that some friends, or friends of friends, or their friends are giving my address to spammers.

    They also didn't test viruses as a method of address-harvesting. (Viruses like Klez that send mail to random people with forged From: addresses.) I have

  • A bit off topic, but recently I started to receive some spam that consist of mostly only a gif or jpg. Off course, spamassassin did not catch it. Spam of images instead of ascii are quite efficient to bypass spam filters.

    ISP could detect spam being posted because of the sheer bandwith used, but its not implemented yet.

    Anybody has some insight of this new kind of spam?
    • Anybody has some insight of this new kind of spam?

      Well, if the image was on a remote server, then if your mail client loaded remote images when you read the email (many do) then you've just verified that your email address is valid. This is known as a Web bug [privacyfoundation.org]. Web bugs are great for tracking when people read your emails,as even if they disable return replies, most still allow image loading.

      Disable remote image loading in emails!
      • I would STRONLY second the above suggestion! I'm working in a spam-fighting company right now, so I see a ton of spam. I'd guess that somewhere between 30 and 40% of all spam does exactly what the above poster is talking about, sending back a user-id or e-mail address attached to a remote image URL. Just opening that URL to grab the image will let the spammers know that they've got a live one.

        If you have remote image loading in email turned on, it doesn't matter too much what else you do, you're going t
  • I am so pleased to hear that most spammers get their target addresses from the web because I've been running my PAYBACK PAGE [aardvark.co.nz] for some time now and it's nice to know it must be working.

    Let those who live by the spam, die by the spam I say!

    A note for neophytes: Never assume that the "from" address in a spam is valid or actually belongs to the spammer. Always go to the website being promoted and find some form of contact address there (often hidden in an HTML reference to a formmail script).

    Then add em to

It's a poor workman who blames his tools.

Working...