What Makes You "High Risk" For SPAM? 259
sexykitty writes "What exactly is it that we do to invite unsolicited email to our inboxes? CNET contributor Matt Lake opened 12 free email accounts online in an experiment aimed at determining just that, and here are the results. See the risks involved in disclosing your email address through various methods. " Yeah, running a relatively well known website with your e-mail address all over doesn't exactly help out in the spam avoidance department either.
Re:This one ain't hard... (Score:2)
you've been looking at the wrong sort of porn then.
Re:Have to disagree about Ebay. (Score:2)
I have a confession. (Score:5)
opt-out? (Score:2)
Most places if you follow the link to opt-out it'll just let them know you that you are active and you'll be added to more lists.
Re:What's your experience for archived mailing lis (Score:3)
this is why i changed my address to abuse@att.com... i figure why not let the spammers report themselves?
--
Re:the big guys? (Score:2)
If you take a look at the source for the main linux.com page, you'll find a comment that contains the address spampoison@linux.com, both bare, and in the form of an HTML link. It is accompanied by a warning not to send mail to that address.
I suspect that what they're doing is collecting spam at that address, and then if a similar message arrives at one of their other addresses, it can be recognised and refused/blackholed immediately.
Re:My Mother's Practice Would Be High Risk :-) (Score:2)
Re:Actually (Score:3)
It's not that the concepts behind the code is bad, but numerous perl experts have pointed out weaknesses and lack of checks in those codes that could easily break a system. Sure, others have improved the security of those codes as well, but most people take blind faith that because they're at Matt's Script Archive, the code is 'secure'.
And saying that thousands of sites use formmail.pl is like saying that thousands of sites use an unpatched IIS.
Re:I have a confession. (Score:2)
Any human reading that will immediately know it's not real.
Any spambot reading it will try to send email to that address, and it will bounce since NOONE in their right mind has a machine name that long.
Admittedly, the bounce will cause traffic...but I'd much rather it be a bounce than my real address.
Re:If you think you might get Spam... (Score:2)
I don't give out addresses @ my domain to any company that I buy/order/sign up for something from -- they get my hotmail address.
Sonce noone who I *really* want to hear from ever emails me at the hotmail account - I can be reasonably sure the email there came from:
- MS's Spam Farm (IE: the master Hotmail list that quite obviously gets sold every couple of months to a lucky set of spammers -- despite what the article says, I open a new hotmail account every few months, and generally within a couple weeks of not doing anything with it (no mail sent, no address given out to anyone) there's about 5-10 a day - the longest this has ever taken was 2 months.)
- Companies I've signed up for stuff with
- Spammers
Thus, it's easy to contain, and about 5 minutes every month or two, I skim over the email there to make sure nothing legit came in (it never does).
My real email address gets obfuscated everywhere but on my webpage -- which is low-traffic anyway. All mail coming into me gets passed through a filter which weeds anything NOT directly addressed to me into a "suspect" mailbox.
My main mbox gets MAYBE one spam a month. The "suspect" mbox gets about one a day, two a day on Sundays (don't know why, but that's how it goes). My hotmail account gets at LEAST 40-50 a day, about half of which are generally caught by the filters there. MAYBE one legit message comes into my hotmail address every two or three months.
Have to disagree about Ebay. (Score:2)
-----
My God, it's full of source!
Re:And people wonder why we despam our emails... (Score:2)
It's a painless and effective way to create new email addresses when you want to register with a new service. Then, when you get email sent to one of those addresses from an unknown party, you know precisely who to blame. I have been following this practice for over a year now, and -- knock on wood -- I haven't had a single address leaked, and I've registered with some pretty obscure places. I have about 50 aliases setup. Jason.
Re:What Makes You "High Risk" For SPAM? (Score:2)
Strangely enough, I've had one of my email addresses in the clear (yes, that's it, right up there) for over three years on Slashdot, and I've posted at least a couple hundred times during that period. I get relatively little spam to that address. (Well, a piece or two a day, which is "little" compared to the dozen or two a day I get to the address listed as my domain contact.)
The way I figure, so many folks obscure their addresses or are aggressively anti-spam that few spammers even bother harvesting here. On the other hand, I usually get a series of script kiddies knocking at my door every time I post. Kind of goes with the neighborhood...
What's your experience for archived mailing lists? (Score:2)
I currently get maybe a few spams a week, whereas I used to hardly get any at all before when I was more careful about having my address on the web anywhere.
What are other people's experiences with subscribing to obscure web-archived mailing lists, or, for that matter, with posting your email address in cleartext on Slashdot?
And people wonder why we despam our emails... (Score:3)
The account I have above (which is a junk account), I have had for the last 3 years. I have had it on slashdot for over two years.
Up until the last 6 months, I had not recieved a single spam message in my inbox at hotmail. My address appeared on the newsgroups, and on slashdot, but it was de-spammed to confuse the spambots. (I still love the
Then I decided to register for a few online services with this email account.
Bad move.
I got hit with about 20 spam mails per day.
I don't know which one it was, but as the article says take the "we take your privacy seriously" statements, often are pure B.S.
Re:My Mother's Practice Would Be High Risk :-) (Score:2)
Risky Subnets (Score:2)
--
Re:Important factor: your email address (Score:2)
They generate a unique email address for any / every different situation that you need an address for.
Re:Why run your own domain? (Score:2)
xcizjev55jf55t001@NOSPAM.sneakemail.com
That address agan:
xcizjev55jf55t001@NOSPAM.sneakemail.com
I always wonder how much crap you get from posting slasdot with a spammified address....
Cheers,
Jim in Tokyo
Have no clue about firewalls? [mmdc.net]
My own Final Solution (tm) to spam (Score:5)
Due to an unfortunate accident of ancestry, my initials happen to be ADS. When I got my first dialup shell account, I chose to use my initials for my login name in the style of one of my then-heroes, Robert Tappan Morris (of RTM Worm fame). Thus did I become ads@netcom.com.
You can imagine the sort of traffic this generated for me, from day one! Every yokel with a half-brained scheme and a university mail account decided that this miraculous 'ads' address must be a special mailing list for thousands of Netcom customers who sat with baited breath, waiting to learn how they could lose weight fast, get rich quick or get rid of debt.
I fought this torrent of spam for almost 5 years before I finally had the technical proficiency and computing resources to come up with a solution. The solution I finally found is elegant and simple. It keeps the spam down to three or four messages per day. More importantly, it lets me know who is distributing my name to whom, and when.
I have a host alias tracker.xeger.net. Mail sent to any address @tracker.xeger.net is subjected to extra-bitchy filters, and mail that makes the cut is forwarded to one of my normal mail accounts, address intact.
Whenever I go to a new web site, or give my email address out to anyone, I give them an address of the form 'domain_dom@tracker.xeger.net'. CNN gets 'cnn_com@tracker.xeger.net'; Amazon gets 'amazon_com@tracker.xeger.net' and so forth. When the spam comes rolling in, I know from whence it came. I know how they got my mail address. And I know who to hunt down and disembowel.
To this date, I have been solely responsible for more than 200 cancelled accounts and at least two blacklistings. The count goes up daily.
Re:My own Final Solution (tm) to spam (Score:5)
my own spam experiences (Score:2)
No big surprises in the article, although it was nice to see somebody do a little semi-formal research to quantify where the most spam comes from.
I have a personal email address that I do not publish on the net at large, and have been remarkably successful at keeping it spam-free. I have another email address I don't publish, which came free with my dial-up account at home, that gets between 10-20 pieces of spam per day. I guess some ISPs (even good ones) sell their customer lists. I also have a couple of yahoo/geocities emails that have been getting spammed since day one, and I don't care. Work email gets about 3-5 pieces of spam a week, almost all semi-work related (notices of developers conferences, seminars, etc.)
One thing I *do* try to do is not publish my email directly on web message boards like slashdot. I've done so in the past and noticed a definite increase in spam as a result. Instead, I'll link to my web page and list my email there -- this makes it a little harder for automated email harvesting programs. Of course, I also post on usenet, so I'm not that fanatic about stopping every last piece of spam. As long as I have one email address I can maintain as a "clear channel", I don't mind as much if the others get a little clogged with junk.
The SIZE of spam also is a factor as to how much it annoys me. I'm much less likely to get bothered by 3 lines of "Make Money Fast" than I am by a 30K HTML monstrosity that looks like crap in mutt or pine. I've recently been getting spammed by some club/rave promoter in the UK (presumably because I run an electronic music site) with large HTML emails, several times a week. I don't even live in the UK, so this is particularly stupid and annoying.
Important factor: your email address (Score:3)
Once she changed to a yahoo account, with the address nancy94376@yahoo.com, the flow of spam has almost stopped. Of course, perhaps yahoo does a better job of filtering than hotmail.
It might be a good experiment to open up several accounts at the same service with names of varying "commonness", and see which ones get the most email, e.g.
fjkflfjk78@yahoo.com
nancy74384738@yahoo.com
nancy1@yahoo.com
All email addresses have been changed to protect the innocent.
Re:My own Final Solution (tm) to spam (Score:2)
Re:My own Final Solution (tm) to spam (Score:5)
"Rumplestiltskin" Attacks (Score:3)
Thats right, if you happen to be jeff@somewhere.com or sally@somewhereelse.com or bill@ or steve@ or smith@ or jones@ your gonna get a lot of spam. They try every username they have ever seen on anybody's server -- on your server.
A big problem is that a lot of people leave EXPN (expand) on their sendmail servers turned on. That means joe spammer can go to your server and try expanding every common username on his list and quickly he can get every user on the system to spam. Even if that is turned off, during the normal SMTP process, sendmail will generate an error code if the username is invalid... which means they can cancel that email and try the next name.
This and a lot more spam-avoidance stuff can be found in Brett Glass's paper Stopping Spam and Trojan Horses with BSD [brettglass.com], which contains a lot of good information, even if you are not using BSD.
--
Hotmail (Score:2)
--
Re:And people wonder why we despam our emails... (Score:5)
Anyway. I have to say I find Usenet is the greatest cause of spam around. Bots regularly trawl both From: and Reply-To: headers, so I get most of my spam that way.
I've found the best bet is to have complete ownership over your own (sub)domain; you can easily enough choose one or two real usernames at that subdomain to use for yourself, and then when you sign up for given services online, invent a single word (egg@, asserta@, slash@, aol@, chat@, whatever) on a per-site basis. That way you can track exactly where a given spam got your email address if you want.
I'm not convinced of the timing in the guy's article; I started getting spams to usenet@ my domain only a couple of weeks from starting using it; it wasn't even that long that the throw-away account started getting these things from
The moral is simple: beware of what things you publish. Not only will advertising an email address bring you spam, but sticking your box in DNS as `www' will bring you loads of packets, and appearing in an NNTP-Posting-Host: header will bring you *loads* of news-port scans as well.
~Tim
--
What Makes You "High Risk" For SPAM? (Score:5)
I'd guess "Posting on Slashdot".
Awww shit....
--
Give a man a match, you keep him warm for an evening.
Left off the worst one (Score:2)
There must be hundreds of harvesters running, collecting e-mail addresses there. Users are required to have a valid e-mail address to keep their eBay account, and by being there, you're showing a willingness to trust strangers in net commerce to some extent. This makes eBay address collections golden.
I created a rather obscure new address at my personal domain, intending to use it for eBay only. Within a few weeks, I was up to a dozen spam messages a day.
How to stop most crawlers (Score:3)
--
Friends (Score:2)
I mean really. Probably the worst way to get spam is to have a 'friend' submit your email address in those 'free porn-a-day' spam collection thingies. That, and those horrible email forwards that get your email address in them.
-------
Caimlas
Funny, but... (Score:2)
Alpha spammers... (Score:4)
A friend of mine has an login name that's both short and is made up of the first five letters of the alphabet. She gets upwards of 100 pieces of spam each day.
J. Random Spammer, like an orangutang with an assault rifle, could care less if spam arrives at a valid e-mail address. As long as the client can be billed for "1,000,000 direct marketing messages sent". That's all that matters.
The real problem is all of the brain dead system administrators that leave port 25 open for anyone who wants to drop trou and take a huge dump in everyones' In Box. Korea, Ireland, Brazil, China...and the good ol' USA. Idiots.
Fetch my LART gun, boy.
k.
--
"In spite of everything, I still believe that people
are really good at heart." - Anne Frank
Don't get put in a user directory (Score:3)
There were two of them that I never used, but which included me in their user directory. These boxes quickly filled up with spam.
So in some cases, just opening a free email account can get you spammed.
Re:My own Final Solution (tm) to spam (Score:2)
Then, once the spam starts pouring in you can procmail that address (real+bogus@domain.tld) to
-Peter
Email address harvesting from your own server! (Score:5)
How can you fight this type of harvesting? I can't figure out how... having some sort of feedback when an legitimate email has a mistyped username is useful, so I don't want to accept and route to
Should I post anon? (Score:5)
Every time I fill out any kind of registration for crap that I don't want to get actual email about I put in hemos@slashdot.org. I don't even remember why, I think Hemos pissed me off at some point about something mundane and it just stuck in my mind. I'm thinking that dave@dave.com gets a lot because of me too.
Re:Hotmail (Score:2)
I've had it for a week and now have over 100 pieces of spam (a lot of it caught by the spam filters mind you). I haven't used it for anything at all.
Re:AOL SUCKS! (Score:2)
So, yeah, not being on chat *does* seem to help.
Here's a reason (Score:2)
For instance, I have amazon@mydomain.com, timezone@mydomain.com, ebay@mydomain.com, nlug@mydomain.com, etc.
This way, if an address goes rogue and gets inundated with spam, I set my filter to bounce it, which clears things up within a month or two. It's also a good way to check to see if someone is violating their privacy policy by selling my email address when they promise not to.
Re:customize your email address (Score:2)
Amazing how much of my spam comes from network solutions.
A great way to get more spam (Score:2)
I used to get tons of jokes or chain letters forwarded to me (which I never read), but then I noticed I started getting spam in my private email account (I have a public account I use for emailing people I don't know, and a private one for people that I know). then I figured it out. If someone sends you a chain letter or joke forwarded to a bunch of people, and anyone on that list forwards it to someone else, before long you'll have a great source of email addresses. and good luck suggesting that they list addresses using BCC, instead of To. If you can't get them to stop sending you "fwd:fwd:funny joke", how are you going to get them to use BCC?
So not only are chain letters annoying and stupid, but they'll breed spam to boot.
Watch yourself online. (Score:2)
1) Use Google to search for your own email address every couple of months. This makes sure that you or no one else has intentionally or accidentally posting your address too publicly. Contact the webmasters to encourage them to take them down or munge the address. If they refuse or ignore, the only way to start fresh is to get a new address.
The biggest culprit that I've found? Private mailing lists! You'd be surprised how many mailing lists are archived on the web with unmunged adresses. Sure, the list doesn't spam you, but if they archive everything in plain text, you will be eventually.
2) Plead with your family to only the use your private email address only for personal correspondance. Personal correspondence means email that you send yourself. The intent is to keep them from typing your name into those stupid webpages like shakin-baby-butts.com. Tell them to use your alternate spamtrap email (e.g., Yahoo with filters on) if they must type your name into anything EXCEPT the mailer's "To:" field.
3) Zap any mailto links in personal webpages. Someone suggested using a picture of the address, but I've found a nicer solution. Use HTML entities to screw up your name. For example, from my homepage, the HTML source is this:
s<!-- die spammers -->cott
<!-- die spammers --> <!-- die spammers --> @
<!-- die spammers --> <!-- die spammers --> t&<!-- die spammers
-->ringali.or<!-- die spammers -->g
This allows visitors to cut and paste the mail address. The only bot that seems to be able to parse this is Google.
that URL really IS a valid one... (Score:2)
i.e. http://3519285059/remove.html
is in fact a working URL. Perhaps the nature of it leads people to believe that it is not, but visit http://packetstormsecurity.org/papers/general/obs
Re:web forms (Score:2)
Having your email address on a web site in any way (mailto link, body text, form element, or even just a comment tag) is an open invitation to spam harvesting.
Consider that the lowly Sircam worm will read through web page caches to find email addresses -- spambots are at least that smart.
Don't use generic e-mail names (Score:4)
Get an e-mail address like [a-z][a-z][{insert generic family name}]@[hotmail|yahoo|bigfoot|whoever].com and you won't be able to stop the deluge.
I did that once at Hotmail and I had to stop reading the account. Now I am using it only for cases where I have to register with an e-mail address.
-Martin
AOL SUCKS! (Score:3)
My Yahoo address, in comparison, gets maybe 1/10th as many spams, nearly all from identifiable sources (e-tailers I've used before, for example). So, making a "chat only" address probably won't help much with AOL spam.
The only "intuitive" interface is the nipple. After that, it's all learned.
Consider the source (Score:2)
Maybe the spammers were trying to email him some clues.
_O_
Re:And people wonder why we despam our emails... (Score:2)
Usenet does not cause spam, spammers, and only spammers, cause spam.
Unscrupulous message board? (Score:3)
It should be pointed out that it's not Deja/Google that spam, but spammers. Email addresses get attached to articles, in a similar way to slashdot articles. Those addresses get harvested and mailed.
Bill, no spam I.
You should still never opt out. (Score:4)
Remove me addresses, put remove in the subject, global opt out lists, etc.
Go to http://mail-abuse.org/rbl/reporting.html instead.
Re:Here's a reason (Score:2)
Why run your own domain? (Score:5)
I use Sneak Email [sneakemail.com] to direct my mail. Any time I need to enter my e-mail address, I create a new one. Worried about Amazon.com going bankrupt and selling your e-mail address? Worry no more. You can adjust the filters to block domains, all mail, or just delete the address from existence. Why bother configuring your own host to filter when you can use SneakEmail for free.
Of course it helps to spamproof your address when posting to message boards (see mine above).
Filling in a needless registration form? I started putting 'abuse@theirdomain.com' instead. If Real.com wants to spam me, they'll just spam themselves.
Re:My own Final Solution (tm) to spam (Score:2)
thousands of Netcom customers who sat with baited breath...
Unless Netcom supplies services to some of the aquatic talent at Sea World, I'm betting you meant to use the term "bated breath".
If you think you might get Spam... (Score:2)
...for registering for something somewhere get a free temporary email address at Spamh0le [spamhole.com].
You can set up your account to forward email to your real address for as long as you want, and from then on it gets forwarded to their /dev/null. Handy, to say the least.
Hotmail has a new spam filter (Score:2)
However, since last week end hotmail not only has a new design, but also a new spam filter. It is disabled by default, but you can enable it in the 'Options' section by setting the inbox protector filter to "High"
And it works very well so far (ok only 5 days is a bit short for an experiment). My 10-spams-a-day trash hotmail account that I only used to register on sites where you need to is now usable!
Well, it is until the spammers find a new way to circumvent it
Responsible marketers? (Score:2)
How is this unsolicited mass email, in any way shape or form, responsible?
It's this line of thinking, that anybody is fair game for a deluge of unwanted ads until they tell each and every individual sender to cut it out, that brings us the ridiculuous opt-in vs. opt-out argument. This shouldn't even be a debate. The answer is obvious, and I'll use small words for marketeers who don't get it and are currently lobbying our elected representatives:
Re:mp3.com not as "nice" as he claims (Score:2)
Of course, if you use a fake e-mail address, you can still listen and download as much as you like without using all the extra features!
BAD web forms (Score:5)
Be careful! Your example [topfloor.com] demonstrates every mistake it possibly could. One, it requires putting your email address in the HTML, where a spammer could find it. Two, it does not appear to restrict the recipient, meaning it is effectively an open relay. Three, there is no indication that it performs effective logging, meaning it is effectively an anonymous open relay.
Not to mention that any programmer so thoughtless probably didn't think much about security, so you may be creating a new vulnerability without solving the old one.
Re:My own Final Solution (tm) to spam (Score:2)
---
Re:Alpha spammers... (Score:2)
Webforms too. (Score:5)
Re:This one ain't hard... (Score:2)
To me, the main sources seem to be USENET (I'm still getting spam sent to an email address I used _once_ over 4 years ago), website greppers and the Network Solutions Domain Registration Database (search for a random domain, grep the WHOIS entry for email and violia!).
Richy C.
What gives? (Score:2)
Why do you guys think you have to make some sort of gratuitous self-important comment after EVERY article posted? Your own self-importance is beginning to wear mighty thin.
Michael: Mod this down, censor.
Here's a couple more (Score:3)
First, I have a hotmail account. When I get mail in my box that is addressed to every variant before and after my name, alphabetically, I figure that's just a buckshot approach to hitting a few addresses that might work. 'Course, I have no scientific way to demonstrate this except the suspiciousness of such CC: headers.
Second, what about email forwards? My mother-in-law is big on forwarding cutesy stories and inspirational things, as well as those fake virus warnings (when some guy was first telling me about Melissa, before he said he saw it on TV, I thought that was another one of those) and "email tracking for money/candy/cure for cancer/etc" messages. We all know someone who constantly sends stuff like that, likely. While some people even consider that borderline spam, I think the larger problem is the long list of headers, containing addresses, that end up in nefarious hands at some point or another. Again, I have no proof, but I'd bet that this kind of thing is a good way for spammers to get email addresses, when my name has been included in a long string of names on somebody's chain letter.
The problem with the second method could be greatly alleviated if people would a) clean up messages they forward; b) learn not to forward the obvious junk (a nice story or good joke occasionally is ok); and c) use BCC: instead.
"I say consider this day seized!" -Hobbes
customize your email address (Score:5)
That way, when I get mail to me+realplayer@example.com, I know that I gave that address out when I downloaded realplayer. If email to that address starts getting out of hand, it's simple to just block to that specific address.
YMMV, as I don't know if all mailing software supports it, but for our Sendmail+Cyrus setup it works fine.
"I say consider this day seized!" -Hobbes
Spam (Score:2)
The overall outcome of the article? Don't give your e-mail address to advertisers. As if that shouldn't be obvious.
Re:my own spam experiences (Score:2)
I get very little spam at my 'real' address too... there are a few people who've mined official web pages or other locations where one does not get to choose whether one's address appears, though. I get some of that on two or three work-related mailing lists (sent to the list address itself), and the rest from the canonical Evil Toner-Supplies Freak (being single-minded, he is at least not real hard to filter; and since I can't think of anything else "nice" to say about this person I had better say nothing at all).
Re:This one ain't hard... (Score:2)
Re:Have to disagree about Ebay. (Score:2)
Re:More comprehensive (Score:5)
the big guys? (Score:2)
if anyone care, mod this up so they see it. if not, i will party down here with the +1'ers
NEWS: cloning, genome, privacy, surveillance, and more! [silicongod.com]
Re:localhost (Score:2)
Re:Don't get put in a user directory (Score:2)
Replying to spam (Score:3)
Wow! (Score:2)
(How not to frame a question: go to national video game competitions, use the contestants as subjects in your study and trumpet your findings as proof that "gamers are comparable to top athletes". Also not to do: have Jon Katz post a long article on it days after Slashdot has already covered it, lift lengthy paragraphs from a newspaper article without using quotes or proper attribution and then add his own, even more overblown, conclusions.)
The most interesting thing, I thought, was how responding to "Remove" addresses didn't seem to be the disaster everyone says it is.
Unsettling MOTD at my ISP.
Re:And people wonder why we despam our emails... (Score:2)
judyl@BRAyahoo.com
with the sig
to email me, remove my bra
MMF Spammers; their wares & methods. (Score:4)
Here's some of the nefarious companies and their creations...know your enemy :)
This [attainwealth.com] company has an "Atomic Harvester" [attainwealth.com] that fishes for email addressen and if that's not annoying enough, they also have a program that automatically spams newsgroups [attainwealth.com]. And for the spammer that's too lazy or too cheap to pay for the software, then This company [mediate.com] will harvest email addressen for a fee.
To thwart the above methods, check here [private.org.il] for ways of protecting against those harvesters.
Re:My own Final Solution (tm) to spam (Score:5)
A better way to do this is to give amazon.com "xeger232524272" instead of amazon_com, and then associate xeger232524272 with amazon.com on your end of the line. You can have a simple script give you another number every time you need a name. Do you need to register something with "Marigolds Inc?" simply execute this at your bash prompt:
#redirectoradd
Short nick: Marigolds Inc
Reason/description: signed up for their "infrequent" newsletter -- once per month they said.
xeger65134556132
In other words, xeger65134556132@tracker.xeger.net is now an active mailbox, and you can cut and paste it over to the web form. Associated with this new mailbox is a date and time (which the "redirectoradd" script adds), a description, the knowledge that it couldn't just be "guessed" (since an 11 digit number is not simply guessable).
Any spam tracker.xeger.net gets that's not associated with an active number is bounced, except for "xeger@tracker.xeger.net", which autoresponds so:
Subject: I haven't seen your email!
Body:
Hi, sorry for the inconvenience, but for security reasons this isn't actually my real email address. To get a real email address, you need to reply to this email with "get real address" as your subject and the body a description of who you are and why you need my email address.
I repeat, your email has NOT been delivered. For your convenience, it is attached in this reply, and any text portion is included below. It will also be included with the email notifying you of my real address, where you can simply forward it.
You wrote:
>Hi Xeger!
> How would you like to get in on this ONCE
> IN A LIFETIME opportunity??? Yes, that's
> right...[etc]
That way, if you need to give out your email address when you're not at your computer, you can still do so. You can have various levels of this, where mail to xeger1 never gets looked at, but xeger2, which you put on your resume, actually does let you look at the mail that you receive there, even while you wait for your prospective employer to establish a "formal" address. If this doesn't strike you like a good idea, you can create a few "spare" addresses with no descriptions associated with them, so that when you give it out to somebody on the spot you can cross that one off of your list and the person can email you directly, while that address is still only associated with one person and you can know if it's ever given out. for instance:
#redirectorblanklist 5
xeger6513455512123
xeger4351234214985
xeger1215437214963
xeger9467248121546
Which you can then print on a few cards and give them out whenever somebody needs an email address. You can carry around a bunch of preprinted addresses this way, and write down a description every time you give one out, even if it's just at a credit card promotion at the mall. You can write a description next to the name and put it into your database when you get home. Sure it's a LITTLE more involved than giving out billbrady@redirector.xeger.net, but then billbrady can't submit the name "asdfasdf@redirector.xeger.net" to sign you up for the Daffodils Promotion Program at daffodils.com, which mysteriously gets you a lot of spam from a bunch of people you don't know. Moreover, if everyone started doing what you do currently, then spammers could just guess email addresses and always have them delivered (if they sneak by the spam filter). Not a good idea.
What do you think?
--
Despite NEVER using my 'real' Email account (Score:2)
I'm more inclined to think they sell their lists. Not to mention the security at the ISP is attrocious.
I check my 'real' account about twice a week. There are always at *LEAST* 50 messages in the inbox. All spam.
The account I actually use, however, is on my *OWN* mail server. I use dyndns.org for my domain name and to provide the MX record that points to my own mail server.
The account on my own mail server gets 1, maybe 2 spam mails a month.
In summary...I think it's the fscking ISP's lack of security and selling of it's userlists that leads to spam.
btw...I post DAILY to the usenet, using the real email address that is hosted on my own mail server. The fact that I don't get spam leads me to believe that this is no longer a problem. Then again, I only post to a single alt.* group that seems to not be a target of the spambots.
A Couple Missing Variables (Score:2)
One of the policies that my university has is that for students, there is no, for example "jsmith@...edu". Our E-Mail addresses are actually our social security numbers somehow made into a four letter code; sure spammers could guess combinations, but most won't put in the effort.
I can testify that registering two domains was the beginning of spam on my university accounts; for months I would literally go spam free until getting put into the whois database. Contrary to what some people here have found, Hotmail and Yahoo have produced no spam for me, except their own... I think what protected me was having a unique name that wasn't easily gussed by spammers.
Usenet produced *some* spam for me, but nowhere near the amount this guy is reporting. It probably has *a lot* to do with what groups you're posting to, and whether you're crossposting.
He could have mentioned more solid ways of getting off of spam lists, like checking headers to see where spam is originating from. 50% of the spam I've seen comes from someone with a dial-up account and a mail server. Once E-Mailing abuse@, and postmaster@ these people generally go away, either because they don't want to deal with someone like me (a hostile 'customer'), or because their ISP's pull the plug.
If you have a box of your own it's fun sometimes to create a bunch of E-Mail accounts, and see which ones get spammed from who.
Re:More comprehensive (Score:2)
Spammimic.com (Score:3)
Dear Friend ; We know you are interested in receiving cutting-edge news . If you are not interested in our publications and wish to be removed from our lists, simply do NOT respond and ignore this mail . This mail is being sent in compliance with Senate bill 1916 , Title 7 , Section 302 ! Do NOT confuse us with Internet scam artists . Why work for somebody else when you can become rich within 20 months . Have you ever noticed nearly every commercial on television has a
Other ways it can happen ... (Score:3)
I have recently (about 2 months ago) opened an account on another ISP (this one for Cable). I chose and e-mail address like r[some-other-letter]@terra.com.br (just to put a finger on the culprid). Once I have lots of addresses, I simply chose not to use this one. Well, one would support that I would never get a spam on this addres, right ? wrong.
Only 3 days after, I received my first spam on this account. Of course I though "this darn bastards are selling e-mail addresses", and complained like hell to them. They went on swearing they did not sell addresses and so on and on. Well, that settled the matter was a spam I received which stated the name of the target
Dear Roberto
Well, my name is not Roberto (even tho it starts with "R"). What caused the spam ? They were recycling (reissuing?) e-mail addresses. Someone in the past had that same username on terra.com.br, did some dump things, and his address got in some spam lists. He was the target, not me. But once this address now belongs to me, I receive his spam.
I don't know if this recycling of usernames is a common practice elsewhere, but this is surely a good way to have you mailbox filled with spam
---
Here's what gets you embarassing spam... (Score:2)
A friend goes to every embarassing website he can think and enters the email address for his wife's ex-boss. Pron sites, embarassing drugs, on and on.
It has been 2.5 years and he still does it!
Re:My own Final Solution (tm) to spam (Score:2)
Re:SPAM vs. spam (Score:2)
Annoying Forwards (Score:4)
A month later, I got forwarded one of those "send this to x people and Bill Gates will send you $3,014 for each 3rd person... no really, it's true, just the other day I recevied my $10 million dollar check from
I replied and told her never to do that again or she will be blocked and I'll never email her. I explained to her why she shouldn't do that. It's because someone somewhere along the line will get the 30 times forwarded message and will glean the 100's of emails that are a part of the message body from all the forwards and put you on a list.
Now, everyday I get 1 or 2 Univerity Diplomas emails, they just don't stop sending them, Every day Janna wants to know what I was doing last night, King Kong keeps wanting me to buy some Herbal Viagra alternatives, FBI snooper detection prevention software, and a chance to win a free 3 carot dimand after I send $2,000 to sponser some foundation... yeah... uh huh...
I'll tell you, those funnies you send and recieve everyday is a really good way.
The other way is to reply to a spam to be removed from a mailing list. In the same mail account, I replied to a few to be removed from the list and shortly after the volume of messages recived almost doubled. Now it's a useless email account that receives over 600 emails per week. It's sad because I've only sent and recieved less than 10 legitimate messages from that account in the past 5 years and this is what I get in return for it.
Bottom line:
* Warn your friends and family not to send
you forwarded email. Explain to them
that most of those messages are hoaxes,
anyway. Companies don't pay to you to blast
the Internet with messages.
* Second, don't reply to spams when you do
receive them or it will just confirm an
active account. I used to spoof returned
mail notices but those don't help any,
they also make it worse.
* Third, if you do recieve a mass-forward,
you're already at odds.
* Each time you sign up to a new web-site, read
the privacy statement. Usually, you're info
will be shared with a partner. Check that
partners privacy, because usually that partner
will share your info with a partner and so on.
Your email address is usually not kept secret
anymore. They make too much money by selling
to people. If they are European based, then
it might be more secure because of privacy
laws.
* Opt-out of those "important updates from the
company and their partners". This will just
generate more unwanted messages than you'll
care about. I've opted-in to some in the past
that were supposed to be monthy tech news
updates on important issues. Well, one day it
became daily. They changed their policy with
out notifying me.
* Most sites reserve the right to change their
privacy policies at-will and with no obligation
to notify you. They expect you to keep up
on this yourself. The best advice is to do
so. I've cancelled membership to some sites
because of this. My data is not theirs to
profit from while I profit nothing from it.
* Obvious names, such as "kitty@domain.com,
bmwlover@domain.com, studmuff@domain.com, etc"
are likely culprits. Sometimes they perform
dictionary based attacks on many domains and
it may just be your lucky number. What's
worse, is that they CC so all emails are there
and other spammers gather those emails and then
you are placed on another list.
* Anything else not mentioned. Keep in mind,
these are only spam "reduction" techniques. I
think it's very difficult and next to
impossible to not be spammed. Being aware of
certain actions that will trigger a result and
preventing those actions, will help greatly.
* If they leave a return address, sometimes you
can complain and have their account revoked.
This won't stop them, they'll open another
account and continue.
* Push for a law that allows the sponsor of the
spam to be sued for damages and inconveniences
rather than the sender. For example, I've
recived over 200 unvirsity diplomas messages
which all have the same phone number, but each
message is from a different sender. If we can
sue the owner of the phone number, than that
would go a great distance because it would
make people afraid to market in that mannor.
Well, hope this helps,
Leabre
web forms (Score:3)
I switched to these way too late though, so I still get lots of spam.
Here's an example of a web mail form:
http://www.topfloor.com/pr/examples/cgimail.htm [topfloor.com]
--
Re:Amusing - but it only afirms what we already kn (Score:2)
I'll synopsise it further: don't use AOL.
Further still: don't be the sort of induhvidual who uses AOL.
god knows where it comes from on hotmail (Score:2)
considering i hadnt used it yet (to put in forms/pasted on a site etc) i was kinda suprised (or maybe i wasnt) that it came from me. albeit at msn.com
although that spam was probably funding hotmail :]
Re:Don't use generic e-mail names (Score:2)
Everything (Score:2)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
My Mother's Practice Would Be High Risk :-) (Score:5)
So, meanwhile, my mother and I'm sure countless other novice computer users will continue to complain about spam, but those chain letters will keep getting sent. I wish this report would have gone into more depth about this practice - I think it's one of the quickest ways to get spam.
Email Address Encoder (Score:2)
This nifty web page will convert your email address into Character Entities so you can display it on your site and not get harvested by spammers: Email Address Encoder [wbwip.com]
Will this fit in my /. user profile? webma ster@ super flipp y.net
26^3 (Score:2)
This has to be the funniest spam.... (Score:3)
Spam-proofing (Score:3)
______________________________________
More comprehensive (Score:3)