Where Does Spam Come From? No, Really? 310
jnazario writes "The Center for Democracy and Technology has recently put together a really neat paper studying the methods by which spammers get your email addresses. The report posted otherwise unused email addresses in a variety of locations, using different techniques for visibility (ie HTML encoding vs plaintext) and then watched what accumulated after six months. They generated some interesting results into the methods by which spammers can track you (with publicly available websites containing your bare email address being the most popular method) and even some techniques to stop spam, such as HTML encoding your email address. A very interesting read."
Woah (Score:5, Funny)
Blasting Spammers with URLs (Score:5, Funny)
I like to have fun with this one. Make sure that you take out any "serial numbers" which might be embedded in the link. Call as many dynamic scripts on the page as you can.
#!/bin/bashCOUNT=0
while [ $COUNT -lt 2000 ]; do
lynx -dump $1?YOU_FILL_MY_MAILBOX_WITH_UNSOLICITED_CRAP_AND_
let COUNT=COUNT+1
echo $COUNT
done
Okay, it's ugly. And who knows if they actually check their weblogs? But it makes me feel better.
Besides, they were warned on my webpage, which outlines all the policies with regard to sending e-mail to my domain.
A really neat extension would be to have a script which parses the e-mail for links, de-fluffs them (to remove redirects through Yahoo and obfuscators like that) and automatically hits each and every one of the URLs given... but I haven't gotten around to it yet.
Re:Blasting Spammers with URLs (Score:5, Interesting)
I currently am suffering from somebody pulling a joe-job on an account at my company. Somebody is sending out e-mail ads for a penile enlargement scheme and forging one of our addresses as the sender.
Legally, where would I stand if I started scripting 1000 e-mail complaints a day to the advertiser?
I wonder...
Mirror (Score:4, Informative)
Mirror [inoffensif.com]
Re:Mirror (Score:5, Funny)
Re:Mirror (Score:3, Funny)
BTW, CN even recognized that he duped the article last time! Geez, is Memento running this website or what?
Re:Woah (Score:5, Funny)
Re:Woah (Score:5, Funny)
Re:Woah (Score:3, Funny)
Only one icon?
Re:Woah (Score:2)
Re:Woah (Score:4, Funny)
Mini Me. It's a perfect clone, but only 1/8th as interesting.
Re:Woah (Score:3, Funny)
Re:Woah (Score:2, Funny)
Re:Woah (Score:4, Funny)
Iraqi Information Minister on Double Posts (Score:4, Funny)
TheInformationMinister.com [theinforma...nister.com] Slashdot really needs to hire this guy. (Note: Opera seems to have a problem with the way the Flash on the site works, but Netscape or IE seem fine.) Worth seeing at least once.
Re:Woah (Score:2, Funny)
update Oh well, its a dupe. Whatever, it gives people something to complain about I guess
Why is evil stronger? (Score:2, Interesting)
Re:Woah (Score:3, Funny)
Oh my god, Slashdot is Spamming us!
(FYI: the original definition of spamming included (was) multiple (usenet) posting of the same article).
Everyone knows.... (Score:5, Funny)
Re:Everyone knows.... (Score:3, Funny)
Dupe (Score:3, Funny)
Tripe (Score:5, Funny)
tripe n.
1. Stomach tissue of a ruminant and especially of the ox used as food
2. Something poor, worthless, or offensive
Re:Tripe (Grade A Morons) (Score:2)
tripe n.
1. Stomach tissue of a ruminant and especially of the ox used as food
2. Something poor, worthless, or offensive
Hmm, apparently the editors think that we are "Grade A morons" who graduated from "Bovine University".
Where Does Spam Come From? (Score:5, Interesting)
No wait, better - it comes from those companies who profit from the utilisation of bandwidth. People who sell email servers marketed as coping with massive volumes of email too. Oh, and lets not forget the people spam filters!
Cynical? Me?
Re:Where Does Spam Come From? (Score:5, Interesting)
Re:Where Does Spam Come From? (Score:2)
hrm (Score:3, Interesting)
Even with a black-list implementation, spam has been through the roof lately, almost too much to keep up with submitting even.
3rd time: charming (Score:5, Informative)
Definition: SLAM (Score:5, Funny)
Duplicate of March 19th article (Score:3, Informative)
CDT Releases New Report on Origins of Spam [slashdot.org]
From here (Score:2)
Spam is mainly dupes (Score:2, Funny)
From and Reply-To address forging (Score:2)
Just had one of my domain names used in the fake from address (you know, siusd3874@mydomain.com) kind of thing, where the bit infront of the @ changes in an attempt to combat filtering.
Pain in arse - i've even had to put a page up on the website trying to explain that the SPAM is nothing to do with me.
Noticed a sharp rise in non-referred hits to the www.mydomain.com - which I can only assume is people trying it - probably to find out who spammed 'em.
This is despite the SPAM
Re:From and Reply-To address forging (Score:3, Interesting)
Some of these guys think that saying this will protect them from the lawsuits they so richly deserve.
Oh and it happend to me too.
On a related note, Alyx Sachs, spammer, says... (Score:5, Informative)
"By contrast, she said, '70 million people have bad credit. Guess what? Now I can't get mail through to them to help them.'"
The whole story is available at:
http://www.nytimes.com/2003/04/22/technology/22
Also available at
http://www.chron.com/cs/CDA/ssistory.mpl/busine
Is Alyx Sachs the female Alan Ralsky?
Re:On a related note, Alyx Sachs, spammer, says... (Score:4, Interesting)
I liked the quote from AOL: America Online says the amount of spam aimed at its 35 million customers has doubled since the year started and now approaches 2 billion messages a day, more than 70 percent of the mail its users receive. I make that 2000 spam messages per user per day! (even if you use the American Billion, and not the British).
Thank god for ISP filters, I don't quite feel so bad about the 20 or so I get per day now. (not that I use AOL, so I don't know if those spams get through to their users).
Re:well look what I found! (Score:4, Informative)
http://www.hcdonline.com/jobs/DisplayJob.asp?ID=3
Category: New Media
Job Title: eMail ad designer
Job Description: Need a techy or ad person who can jam out killer ads using front page for eMail campaigns. Easy gig for someone who knows how to write and cut and paste. Good op for freelance, college, or veteran Internet or Advertising guru
Job Location: Los Angeles
Phone Number: 323-871-2000x11
Fax Number: 323-871-0625
Email: yurontv@netglobalmarketing.com
Enjoy!
--rhad
At my expense... (Score:5, Insightful)
Tough luck. I pay for my Internet connection, you have no right to cost me money. Does telemarketers call collect? Does the postman demand cash for delivering me mail? No. Why the hell should I let you run a business at my expense?
Kjella
Re:On a related note, Alyx Sachs, spammer, says... (Score:5, Insightful)
"The legislation introduced recently in the Senate would try to make many practices used by spammers illegal. It would force commercial e-mail to identify the true sender, have an accurate subject line and offer recipients easy removal from marketing lists. And it would impose fines for violators.
For her part, e-mail marketer Sachs says that any such move will only end up making it harder to run a legitimate business."
So Ms. Sachs, tell me, what kind of "legitimate business" necessitates hiding the true sender of those email?
Re:On a related note, Alyx Sachs, spammer, says... (Score:2)
Junk mail can't look like notices from bill collecters
Spam must be labled as an ADV: filtering made easy
telemarketers must not block caller id and need an ADV: tag in their id
door to door sales people must wear bright red targets (especially if selling religeon)...
Re:On a related note, Alyx Sachs, spammer, says... (Score:2, Informative)
Alyxsandra Sachs
112 Catamaran St
Marina Del Rey, CA 90292-5769
(310)578-1728
(Courtesy of Switchboard.com)
Re:On a related note, Alyx Sachs, spammer, says... (Score:3, Informative)
Or, their site's WHOIS record...
Registrant:
Albert Ahdoot (NETGLOBALMARKETING-COM-DOM)
Net Global Marketing Inc.
18375 Ventura Blvd
Suite 326
Tarzana, CA 91356
USA
3238459660
2069841344
aahdoot@yahoo.com
Domain Name: NETGLOBALMARKETING.COM
Administrative Contact:
Richard Stewart support@usmnet.net
219 North Main
Suite 210
Bryan, TX 77803
USA
97
Re:On a related note, Alyx Sachs, spammer, says... (Score:2)
I wonder if we should see if Ms Sachs fingers would hurt from throwing away all the physical junk she would get should someone post her address here... hmmmm.
Mysterious Future (Score:2)
Re:Mysterious Future (Score:3, Insightful)
I'm now convinced this is the case. If Rob and crew don't even bother to read the headlines on their site, then maybe they should remove themselves from the day-to-day and focus on the backend. At one point in the distant past, Rob and Neal lent some personal flavor to slashdot, I'm not sure that's the case anymore.
Re:Mysterious Future (Score:4, Interesting)
Seems to be the case. Her's a reply to an email I sent Malda a few weeks ago:
How is this Interesting? (Score:4, Funny)
Do Spammers read these articles? (Score:2)
All SPAM comes from.... (Score:4, Funny)
"Americans are not in Baghdad"
or
"Loose wieght in just 2 weeks"
or
"Make money fast"
or
"Requested information"
All SPAM comes from Terrorists! (Score:2)
HEY! thats what we need to do, we need to convince our politicians thats where spam is from, that spamning is terrorist attacks on the US.
I mean, they are technologically inept enough to get suckered into accepting DMCA, this ought to be nothing. If all spammers are terrorists, then spammers can be hunted down with terrorists.
The slogan could be "When you spam, you spam with Saddam!"
Re:All SPAM comes from.... (Score:5, Funny)
"Loose wieght in just 2 weeks"
He was misquoted: he actually said "Lose Kuweight in two weeks...
spam report (Score:2, Funny)
How to signal spam (Score:2, Funny)
Where do dupes come from? (Score:4, Funny)
Slash code addition (Score:3, Interesting)
My spam experience (Score:2)
Mirror, of the conclusions... (Score:5, Informative)
1. E-mail addresses harvested from the public Web are frequently used by spammers. By an overwhelming margin, the greatest amount of spam we received was to addresses posted on the public Web.
When an address has been posted on the public Web, it can potentially be viewed by hundreds of millions of users. People who develop spam lists exploit this feature by using address-harvesting programs to surf across thousands of web sites, collecting any e-mail addresses that they encounter. Most users have no idea that their addresses have been harvested until they begin receiving spam.
2. The amount of spam received by an address posted on the public Web is directly related to the amount of traffic that Web site receives. The more visitors a Web site has in a given period of time, the greater the likelihood that an address-harvesting program used to send spam will scour it. As a result, addresses posted on high-traffic Web sites are likely to receive a greater amount of spam than address posted on smaller sites -- popular Web sites are more frequently "harvested," and addresses posted on those Web sites are added to a greater number of spam lists.
3. E-mail addresses harvested from the public Web appear to have a relatively short "shelf life." When e-mail addresses we posted on the public Web were removed, there was a pronounced drop in the amount of spam they received each day. The change was not absolute -- on a given day, an address might receive a few spam messages even months after it had been removed from the public Web. But such spam was on the order of 2 or 3 messages per day, compared to the thirty or more messages received by addresses still on the public Web.
4. Addresses posted in the headers of USENET messages can receive significant spam, though less than a posting on the public Web. Like most Web sites, USENET postings are publicly accessible and may be targeted by e-mail address-harvesting programs. When a user includes his or her address in the heading of a USENET message, that address can be harvested and used to send spam. Our preliminary data indicates that some USENET newsgroups are more frequently harvested for e-mail addresses than others.
5. Obscuring an e-mail address is an effective way to avoid spam from harvesters on the Web or on USENET newsgroups. Even when posted in publicly accessible areas, none of the addresses we obscured -- whether in English ("example at domain dot com") or in HTML -- received a single piece of spam. Users who want to avoid spam should consider obscuring their addresses when possible.
6. Sites that publish their policies and make choice available to users generally respected those policies. A major element of the CDT project was to submit e-mail addresses to a number of popular businesses and other organizations on the Web. Many of these sites had privacy policies describing how they handle e-mail addresses and other potentially sensitive pieces of information. While the terms of these policies varied, we found that almost all sites followed their policies. In addition, when consumers were offered choices about how their personal information would be handled, those choices were respected.
7. Domain name registration does not seem to be a major source of spam. Despite the fact that the WHOIS database is publicly accessible, our project received just a single spam message to an address that was in WHOIS for six months. This leads us to believe that, at least for some people registering new domain names, listings in the WHOIS database may not be a major source of spam. However, because our project had a relatively short duration, we were not able to examine whether additional spam would be received as a domain name approached its renewal date.
8. Even when an e-mail address has not been posted or shared in any way, it is still possible to receive spam through various "attacks" on a mail server. In our study, a "brute force" attack on the mail server generated a t
Mirrors (Score:2)
What would have helped... (Score:5, Informative)
Useful insofar as it goes, but what would be much more helpful is an objective take on how spam gets to the end-system. It's very hard to generate this information. You can come up with the list of final-hop relays, but that's not as useful as you might think, since most of the really crappy spam software out there finds open relays dynamically and routes through them.
Slightly smarter software is now making it out there that performs some simple testing to determine how / if a given relay of choice can reach other sites. So for example, AOL's recent blocking of Commcast customers will help them in the short term, but over time they'll find that spammers simply stop using those relays and start using the ones that can get through. As new relays pop up, they will be used... eventually you would have to simply stop accepting mail in order to correctly prevent spam.
Like I say, it would have been useful to have the data on where spam is actually originating, but even without it, you can block spam with a very high degree of certainty based on the sender and relays with a much lower false positive (failure) rate than any of the bogus blacklist schemes out there. I'm about to add a module to SA [spamassassin.org] to do just this, so stay tuned....
I'm down to two a week now (Score:4, Informative)
The bulk of what I was getting was from the URLs that I have registered - those URLs were setup to forward all mail at that address that didn't have an actual e-mail address to my address. So I disabled that feature to some extent, and it dropped my daily spam count down to a little over 120 or so a day.
So I then got curious and went through and "unsubscribed" from a bunch of them just to see what happened. My spam went down to about 30 a day. Hot damn, it worked.
But then it came back up over time - not sure if the unsubscribing just got my name on other lists, or if it just grew over time.
So I installed spamassassin [spamassassin.org], at the time 2.5 was in devel, so I used that. Various builds were better than others, and it got me down to about 1 or 2 spam that snuck through everyday.
Since then I have installed 2.6 and haven't kept up with the development builds as often since the changelog wasn't... well, wasn't changing much over the time that I was watching it.
I run it as the perl script, not the faster c daemon. I am on a shared server and scripts have to time out after 30 seconds of cpu time. So if the perl script is doing a lot of stuff, it gets killed, and the mail gets sent through.
So that was the bulk of the spam I was getting - not that spamassassin mistagged it - but that it was dying and letting it through that way.
So I went in and changed my settings. I disabled all of the blacklist checks (score RAZOR_CHECK 0 and score RAZOR2_CHECK 0). I raised the autolearning threshold to be higher so that it would do that less frequently. I have my good contacts on a whitelist. I made the required_hits spam score to be 3.5 instead of the default 5. I went in and made the 90% bayes score 3.5 and the 99% score to 4. I skipped the rbl checks and made the max attempts on anything that would try multiple times if there was any failure to be low (1-2).
As a result, it rarely kills the process now unless the server is under a lot of load - and now I get about 1 or 2 spam in a week instead of in a day.
I am a very big fan of spamassassin.
Re:I'm down to two a week now (Score:2)
Here's the email I sent: (Score:2)
Is daddypants [slashdot.org] ro
What gets me about all these dupes... (Score:4, Insightful)
What I find impossible to believe is that out of all the submissions that enter into the possible queue these are the ones that stick out so well they end up getting posted. That almost 9% of the time we see the same article get put up.
Think of it this way, if your department at your company, hell if your company, messed up 9% of the time what would happen to you? In the case of slashdot nothing happens because no one is accountable and anytime anything shoddy happens everyone clamors about with "it's rob's personal site!@#!@#!@ he can post whatever he wants!@#". Except that isn't the case anymore and hasn't been for years. This is a FOR-PROFIT site with readers who create the value, yet time and time again we are shown and told (Hi Michael!) how little we are valued or mean to the staff at slashdot. Answer me this Rob, do you care so little about your creation now? Where is your sense of pride?
Unfortunately just departing is a hard thing to do because of the absolute power in the meme of "/.". It is a lot like CNN, you know the news sucks, you know it is biased, but it is always there so in a moment of weakness you give in.
Re:What gets me about all these dupes... (Score:4, Funny)
Yes, but I got them back: I don't read the ads and I only post uninformed CRAP! MUAHAHAHAHHAAAAAA!
Google Cache. (Score:2)
A Mummy SPAM and a Daddy SPAM (Score:5, Funny)
Re:A Mummy SPAM and a Daddy SPAM (Score:2)
We concluded that he would most like "use someone else's open port" to make this happen.
Re:A Mummy SPAM and a Daddy SPAM (Score:2)
I just knew that SPAMMING somehow involved necrophilia.
Where does SPAM come from? (Score:2)
Theory 2: A mommy SPAM and a daddy SPAM, well...um...are you old enough to hear this?
Theory 3: Giving out a real email address, or replying to SPAM.
Sorry, that's all I can think of for now.
Iraqi Information Minister Mohammed Saeed al-Sahha (Score:3, Funny)
"THIS STORY IS NOT A DUPE! IT IS NOT A TRIPE! IT IS ORIGINAL AND YOU WILL READ IT YOU FILTHY INFIDELS!!!
I am still alive!!
Html encoding doesn't solve the problem (Score:3, Insightful)
Even the HTML encoding of addresses can not stand up to this exploitation. When scouring a website for addresses, everyone knows you look for all occurrances of '@' in the source. Encoding it with HTML merely substitutes one search character with the short string '@
Probably the best defense is to randomly insert undisplayed '@'s and '@
Like I said, as long as addresses are advertised, this battle will 'never' end.
Millions of spam (Score:5, Funny)
It was put there by a man,
In factory downtown.
And if I had my little way,
I'd get spammed every day!...
I still have mirrors from the last two times (Score:2)
I wondered the same thing (Score:4, Interesting)
Where does DDOS come from? No, Really? (Score:2)
Effect of Spam (Score:5, Funny)
People who get spammed, kill people.
Advice for Taco... (Score:2)
Re:Advice for Taco... (Score:2, Funny)
I know I'll probably get modded to heck for this, but what the heck...
Re:Advice for Taco... (Score:5, Insightful)
except that the other articles were posted by Cowboy Neal and Michael, respectively.
In any case, part of the problem is that in reading the submissions they will undoubtedly see the same story many times, so a link would show as visited if you'd scanned through a bunch of those, published or not. The same goes for just trusting your memory, there must be a serious deja-vu problm. But there's no fucking excuse at all for such unprofessionalism. Just type "spam" into the search box on the Slashdot front page and you see the earlier stories (along with both "AOL sues spammers" of a few days ago). More specifically, typing in "cdt.org" shows all three dupes at the top of the list.
I can't think of any explanation except serious drug abuse in the workplace.
The Spam Museum, of course. (Score:2, Interesting)
Home of SPAM [hormel.com]
A tip for to find sellers... (Score:2, Insightful)
When you get mail adressed to Mr./Ms. Real Player then you know who is doing what with your e-mail, so far i received quite some e-mail this way, apperantly the sites that actually state promises about not sellign addresses seem to be doing just the opposite. More so than sites which don't state promises.
Short addresses (Score:5, Funny)
For further information, please contact Ari Schwartz at the Center for Democracy & Technology, 202-637-9800, ari@cdt.org.
Did anyone else find that rather funny?
Let's make spammers spam each other (Score:5, Informative)
So let's beat them with their own weapons. Sugarplum [devin.com] is a WWW spambot poisoner feeding them with lots of email addresses which are faked, spam traps or addresses of known spammers and spamfriendly people - collected from spam emails or experience with spamfriendly ISPs. As a motivation, a lot of spamfriendly institutions don't see the problem "spam" as serious until they get a really high dosis of unwanted email per day.
My Sugarplum installation gets scanned really often. At the moment, the French superspammer Artmarket is coming back almost every day, harvesting my Sugarplum site and dumping about 100 spams each time into my spam trap box. My ratio between spam trap and spammer is 1:50, so each time Artmarket will spam about 5000 spammers.
Some German dialer operators who had a really big spam problem half a year ago are actually trying to hire people to fight against spam they are getting on their own - no wonder, their domains were about the first to be spambaited massively in Usenet newsgroups and on WWW sites. Some 419 scam gangs who spamvertise their email addresses have to change them about once a month, as they will get flooded with "counterspam", and what is worse, they rely on the availability of their email addresses to get replies from their victims - that's why they spam.
Mirror (Score:2)
My Mom's Low-Tech version of this study (Score:2, Interesting)
Before the days when SPAM was a big problem, my Mom already didn't like getting physical "junk mail" through the USPS. She knew different organizations were selling and trading her address, but she decided to track it to see who was passing what info. She started using false middle initials when she subscribed to magazines, bought things from catalogs, etc.
So when she subscribed to Cosmopolitan (I know, but it was the 70s and she's a woman. What can you do?), she used the name "June C Cleaver"
Spam trap? (Score:2)
I did a smaller scale experiment like this... (Score:2)
The bizarre thing was that one of the messages I got was for a volunteer FireFighter meeting in California. I'm in Oregon. Heh.
I want email to work like ICQ. I want to have an authorization list. When somebody contacts me, they have to request permission first. Right now, I'm manually doing that.
How I solved my spam problem (Score:5, Informative)
Works for me, anyhow.
Re:How I solved my spam problem (Score:3, Interesting)
I use a similar method, but without the wildcard address. I specifically add the address(s) to the forward list [yes, zoneedit also lets you do that]... Just be sure to be rfc compliant... {postmaster, abuse, etc to forward to your ISP box as well}
How do spammers find open relays and open proxies? (Score:4, Interesting)
What spam? (Score:3, Informative)
Moral: If you are careless with your email adress, expect spam.
E-Cloaker for HTML-encoded addresses (Score:3, Informative)
Re:why not (Score:5, Informative)
The more common strategy is to either use a fake return address, or just choose a more or less random return e-mail address either belonging to someone else (an anti spammer, perhaps?) or that has been registered for the purpose at a free e-mail service.
I used to be involved in running a fairly large free e-mail service, and our main spam problem was people using addresses from our system in the from field, not people spamming our user. When a spammer sends a few million messages to invalid AOL or Hotmail accounts and one of your addresses is in the From field, you sort of notice the bounce traffic....
Making the spammers crawl invalid e-mail addresses can reduce the amount of spam to real recipients they manage to send, though, which is why there's quite a few spamtrap scripts out there that generate pages containing lots of e-mail addresses and links to other pages generated on the fly by the script.
Re:why not (Score:5, Informative)
Yes it would, but there in lies the problem. Say for example you are on someISP.net as your internat provider. Some one else decides to start spamming through someISP.net (either by an open relay, spoofing or even by actually having an account there. Buhzillions of bouncebacks start swarming someISP.net's servers and BAM! You dont get that e-card from your mother on your birthday.
The other problem is by having all those fake addresses. Let's say that spamboy sends out that proverbial "buhzillion" messages. That's all traffic that the backbones have to route. NOW since those e-mails are fake they have to bounce back...that's a "buhzillion" autogenerated nessages that the servers have to route again.
Congrats, we've just doubled the spamload.
Phoenix
Re:why not (Score:3, Insightful)
There are a bunch of scripts out there that will do what you are looking for. To wit:
Sugarplum: SPAM poison [devin.com]
Searches for stuff like "spam harvest poison script" should turn up more. There are also honeypots and tarpits designed to mire SPAMmers attempts to pump out spam by acting like an open relay, but sen
Re:Dupe (Score:2)
Re:harvesting the addresses from the webpage (Score:2, Informative)
>>at the Center for Democracy & Technology,
>>202-637-9800, ari@cdt.org.
>hmm.. I'll be interested to know how
>much spam that generates for him/her....
First note that Ari is probably male... and then...
RTFA !!
Ari heavily insists on encoding your email adress in crude HTML ASCII codes which robots don't detect yet (matter of weeks I guess - I guess not everybody on slashdot is an angel, as everywhere) but are perfectly human
Re:Obscured email addresses (Score:3, Insightful)
But none of the addresses that were obscured, whether in "human-readable" or "HTML-obscured" form,
received a single piece of spam, leading us to conclude that e-mail address "harvesters" are not presently
capable of collecting such addresses. While this may change as time passes and technology develops, for the
time being it appears that obscuring an e-mail address is an effective means of avoiding spam.
It's not that the harvesters can't figur
Pattern recognition (Score:3, Insightful)
Perhaps, perhaps not... The 'blah at blah dot com' is a real easy one to fix in a spider (at=@, dot=., you're done), but there are quite a few ways to do it that are either human-parseable only, or require a LOT of codin
Re:SPAM, SCRIPTS & SPIDERS Oh my. (Score:2)