Spam Replacing Postal Junk Mail?

TheOtherChimeraTwin writes "I've been getting spam from mainstream companies that I do business with, which is odd because I didn't give those companies my email address. It is doubly strange because the address they are using is a special-purpose one that I wouldn't give out to any business. Apparently knotice.com ('Direct Digital Marketing Solutions') and postalconnect.net aka emsnetwork.net (an Equifax Marketing Service Product with the ironic name 'Permission!') are somehow collecting email addresses and connecting them with postal addresses, allowing companies to send email instead of postal mail. Has anyone else encountered this slimy practice or know how they are harvesting email addresses?"

Do you shop online?

[Old97]

Every time I buy something on-line I have to provide my billing address so now the e-mail address I use and possibly more (can it read cookies?) is known to the vendor who can turn around and sell that information to others. How easy is it for some Javascript or something to poke around for e-mail addresses when you are at a site? Also, my e-mail providers know my address - i.e. yahoo, google, aol, apple and comcast. Could they be selling that information? I wouldn't be surprised.

Re:Do you shop online?

[aj50]

A given site can only read cookies which have been set by the same site (well, domain). There are various exploits to get around this called Cross Site Scripting (XSS) attacks which involve somehow putting javascript onto someone else's page (such as a slashdot comment). This type of attack can be thwarted by properly escaping any dynamic content.

Allowing access to other site's cookies is a problem because most sites which allow you to log in tell users apart by giving each of them a different cookie. By stealing someone else's cookie you might be recognised as them without having to log in.

Re:Do you shop online?

[aztracker1]

Just a clarification. A site can only see cookies set *TO* that domain. Sub-domains can see cookies set to the parent domain as well. Beyond this, any site can *SET* a cookie *FOR* another domain, they just can't read it.

Re:

[Jurily]

How easy is it for some Javascript or something to poke around for e-mail addresses when you are at a site?

Decent browsers don't expose data not created by the site, aside from the standard browser ID, and even that can be turned off. And if you use a browser with the security profile of swiss cheese, your email adress is not your main problem.

Also, my e-mail providers know my address - i.e. yahoo, google, aol, apple and comcast. Could they be selling that information? I wouldn't be surprised.

That's just about the only thing I trust Google not doing. If you want to know how they get it, try giving out different adresses to different sites and see which ones get what spam.

Re:

[LowlyWorm]

Javascript can indeed "poke around" for email addresses or any other information you provide while on a given site as well as non-personally identifiable information such as connection speed, browser, etc. The main thing to understand is javascript can only access that which you provide. It cannot (at least not alone in a client-side environment) actively coerce such information. It can actively record just about anything you do on a page but state information (information between sessions on a site) is ver

Re:

[Anonymous Coward]

My standard email address for sites I dont wish to give my real details to is bill@microsoft.com

I used to give the local recycling centre as my real address.

Fake email

[Cassander]

My standard email address for sites I dont wish to give my real details to is bill@microsoft.com

I like to use nospam@foo.com or abuse@foo.com, where "foo.com" is the actual domain of the site I am entering my info to. (For example, microsoft gets nospam@microsoft.com).

have your own domain-get universal forwarding

[way2trivial]

I have my own domain- EVERYONE except family gets a different email address
one gets caught by spammers- the address gets killed.

I understand gmail allows using a + in the address line to sort mail in a similar fashion
googleid+identifyingstring@gmail.com and you still get it-- only you know the source.

Re:have your own domain-get universal forwarding

[ticklemeozmo]

Many websites which require email addresses discourage and in fact prevent the use of + while signing up.

Re:have your own domain-get universal forwarding

[Zerth]

Not so much that they discourage it, they just have badly coded email validators. The allowable characters in an email address is much broader than most systems' valid usernames, but the lazy just assume people will only have a username as their mailbox.

Re:

[SpammersAreScum]

Yup. I suspect this is a case where Hanlon's Razor [wikipedia.org] should be remembered.

Re:

[maxume]

You may have a hard time telling where it came from (they could accept address+marker@gmail.com and then scrub the +marker, it isn't exactly a secret).

Re:

[shogun]

Then you setup that account to only accept an email with + in the address its sending to. Anyone who strips the + would be attempting to spam you anyway.

Re:

[wik]

Someone tell that to Verizon. They seem to think it's best practice to send the same marketing email to both the original address with the + and the same address without. Better yet, their unsubscribe facility refuses to accept the +.

I wish more people understood the +. I've used it to make incoming mail self-sorting for well over a decade.

Re:have your own domain-get universal forwarding

[AnalPerfume]

If I need to reply to an email to join a site I'm dubious about, in other words actually receive it, I use the Trashmail addon for Firefox. It expires after a couple of emails. If they turn out to be OK, I can then change the email to a more permanent one in the options.

Re:

[Jane Q. Public]

While using the + in this fashion is a great idea, it breaks the specification for email addresses in the RFC.

If Google wants to use email addresses this way, they should submit their own RFC, and maybe change the specification... for the better.

Re:have your own domain-get universal forwarding

[Matt Perry]

While using the + in this fashion is a great idea, it breaks the specification for email addresses in the RFC.

No it doesn't. Using the plus sign in an email address is already specified in the RFC and has been for quite some time.

Re:

[Jane Q. Public]

You have misunderstood me. The "+" character, like so many other characters (many more than most people think) has always been a valid character in email addresses. Using it in this non-standard manner, however, has not as far as I know been part of the specification.

I believe that using it in this way is a good idea. So why not submit an RFC, and try to make it part of the standard?

Re:

[MagicM]

RFC 5233 [ietf.org] mentions it.

Re:

[Jane Q. Public]

Well, I'll be darned. Learn something new every day.

Funny, though, how this works opposite to the way subdomains do, i.e., name + detail rather than subdomain + domain. Backwards if you ask me.

Or, rather...

[Jane Q. Public]

you did not misunderstand me, I just worded that poorly. Using "+" does not break the specification, it just extends it in an non-standard manner.

Re:have your own domain-get universal forwarding

[KlaymenDK]

Which RFC, though?

821 (from 1982) does not allow it.
822 (also 1982) does.
2821 and 2822 (2001) also respectively don't and do.

Re:

[Anonymous Coward]

Which RFC, though?

821 (from 1982) does not allow it.
822 (also 1982) does.
2821 and 2822 (2001) also respectively don't and do.

Ancient relics. It's all about RFCs 5321 and 5322. Don't you get a feed of all the latest RFCs?

Re:have your own domain-get universal forwarding

[93 Escort Wagon]

Ancient relics. It's all about RFCs 5321 and 5322. Don't you get a feed of all the latest RFCs?

I've got it set up as a podcast in iTunes.

Re:

[palegray.net]

I think I'd rather listen to Nails n' Chalkboards Greatest Hits.

Re:

[Guido von Guido]

I think I'd rather listen to Nails n' Chalkboards Greatest Hits.

Let me make a recommendation: Lou Reed's Metal Machine Music. [allmusic.com] Makes Nails 'N Chalkboard sound almost pleasant.

Re:

[E IS mC(Square)]

"+" sign is part of RFC, ffs.

Re:

[MagicM]

That's not true. Per RFC 2822 (only relevant pieces quoted):

section 3.4.1:
addr-spec = local-part "@" domain
local-part = dot-atom / quoted-string / obs-local-part

section 3.2.4:
dot-atom = [CFWS] dot-atom-text [CFWS]
dot-atom-text = 1*atext *("." 1*atext)
atext = ALPHA / DIGIT / ; Any character except controls,
"!" / "#" / ; SP, and specials.

Re:have your own domain-get universal forwarding

[number11]

While using the + in this fashion is a great idea, it breaks the specification for email addresses in the RFC.

Wrong, wrong, wrong.

RFC5321 is the relevant RFC.

Wikipedia [wikipedia.org] summarizes the permitted characters in a somewhat more human-readable fashion. The "local-part" is the part of the email address to the left of the @:

>The local-part of the e-mail address may use any of these ASCII characters:
>
> * Uppercase and lowercase English letters (a-z, A-Z)
> * Digits 0 through 9
> * Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
> * Character . provided that it is not the first nor last character, nor may it appear two or more times consecutively.

A "+" does not break the RFC. It may break some buggy address validators. (Note that there are also other interesting possibilities for breaking non-compliant software, such as case-sensitive addresses.)

Re:

[skeeto]

It is definitely not breaking the spec in any manner. When you register an account with Google mail, they give you literally a google (10^100) different e-mail addresses. That's a hell of a lot of addresses. Most people only use one of them.

Re:have your own domain-get universal forwarding

[KlaymenDK]

I understand gmail allows using a + in the address line to sort mail in a similar fashion
googleid+identifyingstring@gmail.com and you still get it-- only you know the source.

Only until someone 'helpfully' sends you something from a postcard site, joke list, or lottery draw. Then you'll get spammed at the "root" address (sans "+") and almost never again at any "+" address.

Don't ask me how I know this.

Re:have your own domain-get universal forwarding

[techno-vampire]

I have my own domain

So do I. I also have * addressing as a catch-all. When I have to provide an email address to register at a dubious site, I make one up that tells me something about where I used it; e.g., to sign up at example.com, it might be examplejunk@mydomain.com. That way, if I ever get anything sent to that email address and not clearly from example.com, I know exactly who sold my email address, and can add a filter deleting everything sent to that address. It hasn't happened, yet, but maybe I've just been lucky.

Re:

[lewko]

I used to do this, but can now say that 'catchall' addresses suck.

Firstly, some spammers brute-force addresses, so you will receive spam sent to john@yourdomain, nancy@yourdomain etc.

Secondly, if you ever decide you want to kill your catchall, you'll find it impossible to find all the sites which have their own addresses.

I just use Gmail now.

Re:

[mcelrath]

I've been doing that for years and years, and as another commenter notes, many websites are not compliant with the RFC, and refuse to allow + in email addresses. Not complying with the RFC should be a prosecutable offense, but I digress...

So I added underscores too. Everyone accepts underscores. In sendmail.cf you need to modify OperatorChars and add a rule copying the + rule. Look for 'R$+ +' starting a line.

But in practice, I've never actually done anything with these tagged email addresses. I ge

Re:

[aztracker1]

the problem is, most browsers transcode a literal space to a plus(+) when transmitting information, and a literal plus doesn't get translated. This means that most web server framework on the other end translate the plus in the original form to a space. meaning "yourname+filter@gmail.com" becomes "yourname filter@gmail.com" which is invalid. The issue is that web developer really need to take emailFromForm.Trim().Replace(' ', '+'); before they run other validity filters on the input, which they simply d

Re:

[zorg50]

You can also use Spam Gourmet at http://www.spamgourmet.com/ [spamgourmet.com]. It has several features that go above and beyond what GMail has (to my knowledge).

First, it will forward the e-mails to any address, so you don't have to use GMail. Second, it lets you include an identifying string, like GMail. Finally, however, is the best feature: in the address you give you can specify the number of e-mails that you want forwarded to you before they start getting sent to /dev/null. You can also whitelist addresses if you c

Any free domain?

[antdude]

Are there any free domain that will let me use multiple e-mail addresses?

I know on my EarthLink dial-up account, I can get five random disposable e-mail addresses, but I can't name it as "slashdot@antdude.edu" or whatever.

Re:

[mrsquid0]

>Yeah, because spammers are too stupid to s/+[^@]//.

I think that most serious spammers are too smart to do that.

I had enough

[Krneki]

I use 2 emails, one for spam and one for private mails.
Now both my emails are full of junk, but while google spam option are working my old yahoo email is beyond saving.
Just keep clicking on "this is spam". It's not worth your time to understand why it's happening, and even if you do understand, you will find out it's impossible to avoid.

Hell, I can't even check my old SMS because it's full of spam.

Re:I had enough

[Tubal-Cain]

I use 2 emails, one for spam and one for private mails. Now both my emails are full of junk...

It should be:
One for email from IT persons.
One for registration confirmation and chainmail-forwarders.

Mod parent up: +5, Truth

[berend botje]

Everytime I got a new email adres, there is always that one clueless git that adds my address to one of those cute 'send something funny every week' sites.

Never got that funny, but the spams just starts flooding in.

Now I'm a lot more picky about who gets to see my real address. The rest goes to my temporary catch-all of the month.

Re:

[Jane Q. Public]

I have 6 email addresses, basically for the same reasons, I just divide them up more finely.

--
Your tagline reminds me of Google: Love money, trust a few, do harm only to developing countries.

Re:I had enough

[nomadic]

I have 13 e-mail addresses. E-mail the public one, and you get sent a riddle, which if you answer correctly gets you the next e-mail address. Each riddle is more fiendish than the last, and nobody has reached the 13th e-mail address.

Re:

[Midnight Thunder]

I have 13 e-mail addresses. E-mail the public one, and you get sent a riddle, which if you answer correctly gets you the next e-mail address. Each riddle is more fiendish than the last, and nobody has reached the 13th e-mail address

I just redirect them all to dev null. Now everyone just ignores me :)

Re:

[Z00L00K]

I'm using sendmail with some extra anti-spam measures that seems to work really well:

FEATURE(`access_db')dnl
FEATURE(`require_rdns')dnl
FEATURE(`block_bad_helo')dnl
FEATURE(`enhdnsbl', `zen.spamhaus.org', `"Message from $&{client_addr} rejected - see http://www.spamhaus.org/query/bl?ip="$&{client_addr}', `t')dnl
FEATURE(`enhdnsbl', `bl.spamcop.net', `"Message from $&{client_addr} rejected - see http://spamcop.net/bl.shtml?"$&{client_addr}', `t')dnl
FEATURE(`dnsbl',`combined.njabl.org',`Message f

ISP ?

[johnjones]

first person I would suspect is the ISP or your webmail

without knowing any details of even the country your in it's kind of hard to guess...

but ISP's use deep packet inspection and even easier I am guessing you fill in your email address for their webmail and they bill you...

regards

john jones

What I do...

[Mr. Conrad]

I just handle electronic spam like normal junk mail. Hit Ctrl+P and then throw the damn thing away. Good riddance.

Email honeypot traps

[peterofoz]

I use a special domain name which maps all aliases (*) to my mail box. Nearly every email I use for online purchases or registrations is custom for that site so when I receive email from an unexpected source I can trace it back to where I originally used it. I also always opt out of companies sharing info. I recently caught out SCE having passed my email to a government energy program and called them out on it. If I get spammed on one 'channel', I can reroute it to the /dev/null mailbox.

Re:

[MWoody]

I used to do this, too, but it won't last. Eventually, a spam site will get one of your domain names, and they will begin guessing people/positions/etc. at your "company." Once the tide of spam has struck an account that maps all mail aliases to a single box, the entire domain will become worthless within a week.

Re:

[pongo000]

I use a special domain name which maps all aliases (*) to my mail box.

Works great until some spammer just starts generating random aliases to your domain. Definitely not time-efficient to deal with that.

Look...spam is here to stay. I laugh when I see articles like this on Slashdot, from idealists who believe that their actions are somehow contributing to the banishment of spam on the planet. I'm calling for a moratorium on all Slashdot posts that whine about spam. A couple things should be clear by now:

Re:

[peterofoz]

Further to this, I use the aliases to filter/sort email into a number of folders depending if its for a project, different customer, family, neighbors, scouting, whatever. Just about everything that ends up in my main mailbox as unidentified mail is spam so its easy to get rid of.

Re:

[jez9999]

I use a special domain name which maps all aliases (*) to my mail box. Nearly every email I use for online purchases or registrations is custom for that site so when I receive email from an unexpected source I can trace it back to where I originally used it.

I've been doing this for a few years now, because I thought it was a good idea, and here's what I've discovered: very few companies actually seem to sell my e-mail address to spammers. What I tend to get from them is dumb newsletters that they honour my

Re:

[peterofoz]

Ya, I've thought about this. The SPAM I get seems to come mostly to my main email address which makes it impossible route.

I had an idea to build some kind of simple web service tied to a Mozilla or IE add-on/plug-in that lets me allocate a unique email alias. Then we just need a mail service that supports temporary or permanent registered aliases set up via a web service.

I was going to build something like this but just don't have time right now. Anyone go for it!

Use temporary addresses

[Anonymous Coward]

Yahoo lets you create temporary addresses that you can disable at the drop of a hat.

I use those for most of my business correspondence.

Your mail provider may offer something similar.

Re:

[Tubal-Cain]

Gmail uses +'s. As in, username+foo@gmail.com will come to username's inbox. You can then use the filters to sort mail on that address (such as to the spam or trash folders.

Re:

[shentino]

Unfortunately some signup forms get wise and consider + to be an invalid character in an email address.

I wonder if it's

1. Overzealous syntax checking, or
2. Shenanigans

E-mail is Preferable, it can be Filtered

[CodeBuster]

Although it would be best if email marketers were simply swallowed by the earth and sent directly to wherever it is the bad people go, if they are going to continue annoying us then I would prefer that it be through email and not postal mail. At least with email they are competing on our playing field where we have a decisive technical advantage in filtering. If the choice is between them stuffing my post box with paper or trying to stuff my inbox with spam (they will fail due to ThunderBayes [mozilla.org] among others. What's the word? Thunderbird [mozillamessaging.com]) then I say bring on the spam, we are ready.

Re:E-mail is Preferable, it can be Filtered

[fl!ptop]

if they are going to continue annoying us then I would prefer that it be through email and not postal mail

i disagree, with postal spam at least if they provide a pre-paid return envelope i have the satisfaction of putting everything they sent me in that envelope, along w/ a few rusty washers (to add weight), and maybe a sunday paper glossy ad or two (more weight, and thickness) and sending it back to them on their dime.

Re:

[techno-vampire]

Not only that, they have to pay to have the material designed, printed and mailed so it's not exactly free for them as it is with spam. Not only that, but even though they're using the bulk mail rate, all that junk mail stuffing your mail box each day is helping subsidize the cost of first class postage. In the case of spam, the spammers are being subsidized by the rest of us which is what makes it so bad.

Re:

[techno-vampire]

You've got that backwards. First-class postage subsidizes bulk mailing; that's why, in part, that bulk mail costs a fraction of what 1st class mail costs.

Not according to what I've read, although I can't locate a cite at the moment. One of the reasons it costs less, BTW, is that much of the Post Office's work has to be done ahead of time, such as sorting out the mailing by zip code. However, just to pick a nit, if bulk mail cost .9944 the cost of first class postage, it would still "cost a fraction of wh

Re:

[mauthbaux]

i disagree, with postal spam at least if they provide a pre-paid return envelope i have the satisfaction of putting everything they sent me in that envelope, along w/ a few rusty washers (to add weight), and maybe a sunday paper glossy ad or two (more weight, and thickness) and sending it back to them on their dime.

Obligatory bash.org anecdote:

#127039 +(10530)- [X]
[wolf] 1. Save every Free Credit Card Offer you get, Put it in pile A
[wolf] 2. Save every Free Coupon You get, put that in pile B
[wolf] 3. Now open the credit card mail from pile A and find the Business Reply Mail Envelope.
[wolf] 4. Take the coupons from pile B and stuff them in the envelope you hold in your hand.
[wolf] 5. Drop the stuffed to the brim envelopes in your mail and walk away whistling.
[wolf] I have now received two phone calls from the credit card companies telling me that they received a stuffed envelope with coupons rather then my application. They informed me that it they are not pleased that they footed the bill for the crap I sent them. I reply with "It says Business Reply Mail" I'm suggesting coupons to you to ensure that your business is more successful. They promptly hang up on me.
[wolf] Now, I did this for about a month before it got boring, so I got an added idea! I added exactly 33 cents worth of pennies to the envelope so they paid EXTRA due to the weight. I got a call informing me about the money, I said it was a mistake and I demanded my change back. After yelling at the clerk and then to the supervisor they agreed to my demands and cut me a check for the money. I hold in my hand at this very moment a check from GTE Visa for exactly 33 cents.

Re:

[nachoboy]

if they provide a pre-paid return envelope i have the satisfaction of putting everything they sent me in that envelope, along w/ a few rusty washers (to add weight), and maybe a sunday paper glossy ad or two (more weight, and thickness) and sending it back to them on their dime.

Don't bother. Business reply envelopes that are clearly not used for their intended purposes are discarded by the Post Office as waste [straightdope.com]. So now all you've done is annoy your local letter carrier and increase the burden on the postal

Re:

[nine-times]

Also, at least email is probably more environmentally friendly then manufacturing the paper, the ink, any other chemicals involved, and then shipping the stuff across country. It's really sad, when you think about it-- all that trouble just to deliver trash to my doorstep.

I know, that's not a novel thought; that's why they call it "junk mail". But it still strikes me funny whenever I really think about it. People almost literally manufacture trash and send it to your address against your wishes, just fo

I wish spam replaced postal junk mail

[SirLurksAlot]

It is a hell of a lot easier to deal with digital spam than the paper kind. The paper kind accumulates in my house and clutters the place up. It wastes dead tree and plastic. At least with the digital kind I can press a button and *poof* it's gone. I can only hope that more businesses will switch to 100% digital spam.

On a related note this is pretty much the same reason I don't get my news from a paper newspaper (well, among others). I got sick of having newspapers piling up in my home. I get 99% of al

Re:

[berend botje]

I certainly don't mind people sending me paper junkmail.

I've got a good use [alternativ...g-info.com] for it!

Re:I wish spam replaced postal junk mail

[RoboRay]

There is a trash can right next to my mailbox, which enables me to deal with paper spam about as easily as the electronic kind.

I do keep the little response cards with "return postage guaranteed" stamps, though. Those are great for gluing to bricks or other heavy objects you want to dispose of. Drop them in a mail box, and they not only get wind up in a mailbox at the company that spammed you, but that company gets billed for the postage, by weight. The heavier the object, the better!

Re:

[alexo]

I do keep the little response cards with "return postage guaranteed" stamps, though. Those are great for gluing to bricks or other heavy objects you want to dispose of.

I'm only getting preprinted envelopes. They're kind of small and I'm not sure that if I fill it with heavy junk (rusty nails?) they will get delivered.

Re:

[Z00L00K]

Just glue the envelope to a heavier package and you are fine.

Old car batteries contains lead, just cast it into a suitable form that you can place in a reinforced envelope and drop in a mailbox.

Re:

[93 Escort Wagon]

On a related note this is pretty much the same reason I don't get my news from a paper newspaper (well, among others). I got sick of having newspapers piling up in my home.

If I followed that logic, I'd never order pizza. Plus those boxes can't be used as emergency furniture as effectively as a stack of newspaper can.

BTW newspaper recycling has been available for the past 50 or 60 years - you might want to check it out sometime.

(This being Slashdot, I should probably mention this is all said pretty much tongue-in-cheek.)

Re:

[SirLurksAlot]

BTW newspaper recycling has been available for the past 50 or 60 years - you might want to check it out sometime.

See, and that is the thing. The newspapers piled up because I was loathe to throw them out knowing they would end up in a landfill somewhere. On the other hand (and this might come off as just plain lazy on my part) I didn't/don't recycle because the process as a whole is simply too much trouble to bother with. I know, I know, separate your plastics, papers and aluminum, etc. The problem with

I am a database direct & email marketer

[Anonymous Coward]

What's happening here is that there are companies that aggregate profile information, and they're able to link your email to your profile information. They then sell append services so the marketing company can add that email to your existing full name and address (FNA).

It is wrong for companies to append an email address and then market to it.

Companies do a lot with their (your?) customer data, including hygienization, appends, completion, profiling, etc. Most of this happends under the sheets, and most customers don't really want to know the details.

However, I advise clients to NEVER use an email append service for a variety of marketing and spam/technical reasons. Most clients will listen, some will choose not to. However, I'm seeing that more stupid companies will forge forward like its nothing, and companies with dwindling budgets are too suckered in by the cost savings.

Its only going to get worse.

GMail

[Aladrin]

Once again, GMail is my solution to this. Prior to GMail, I used spamgourmet to keep my inbox clean. The oldest email I have used to get 30,000 emails per month that were all SPAM. Right now, it's getting about 11,000. (I haven't really used that address in a long time.

I have had maybe 10 SPAM emails in the last year make it to that inbox. (It's hosted under Google Apps.)

So once I found out how well Google's SPAM filters work, I quit caring about giving out my main email address. I give it to everything now, and if a company SPAMs me, I just mark it as SPAM. When enough people do that, it seriously hinders their ability to contact their legit customers, and they learn a valuable lesson.

There's a little bit of fallout from people who use the SPAM button incorrectly, but I think Google does its best to account for that, too.

Re:

[Sephr]

It seems you think spam is always all caps. All-caps spam is a trademark of the makers of that lunchmeat: http://www.spam.com/about/internet.aspx [spam.com]

One more reason

[AnalPerfume]

Why tech savy people should be making tech policies in government. How many politicians know what data mining is other than that magical sheet of paper their advisors tell them will turn into votes when they mention specific words at a specific news conference. This was one inevitability of marketing / data mining to reach even further into our lives for the sole purpose of persuading us to empty our wallets in their direction.

Like any other scumbags, they will exploit it for all it's worth until enough peo

Re:

[Scrameustache]

Data mining = fighting terrorism.

BOOM, no politician can oppose it.

Popular Domain?

[pgn674]

Is your special purpose email address @ a popular domain name? I noticed that when I opened my Gmail account, I was getting unsolicited spam within a few hours, and I had not shared the email address with anyone at all.

My main email address is at a university's domain. I've used it for years and give it out on any half reputable site, but I get absolutely no spam on it. I know that my university uses blacklists and some heuristics to delete spam before they get to any inbox, but I've heard it only gets abo

Re:

[Fumus]

I have two GMail accounts. One has the same login as the one I used for my account on DeviantArt, and the second is just random gibberish. As one can guess, the first one gets ton of spam (though it's filtered, but I don't use webmail) and the second doesn't get any spam at all.

Re:

[Zancarius]

So, does Gmail post any new email addresses in a sort of anonymous phone book, or was my user name easy to guess (I had used the same set of letters and numbers on very many sites before I got the Gmail account)? I don't know, but in my case, the popular domain seemed to bring spam.

I'd imagine you don't even need to worry about someone giving out your e-mail address. Spammers could potentially crawl Slashdot for usernames, then try those @gmail.com. If they work and match up, there's a new address for them

Email Append

[Anonymous Coward]

It's a service called an "email append", offered by the major credit reporting companies. The purchaser gives them a list of names and addresses, and the credit reporting company finds matches with email addresses. They send an opt-out mailing, and the email addresses of everyone who doesn't opt-out are returned to the purchaser.

Re:Email Append - BINGO!

[TheOtherChimeraTwin]

Yes, I think you've hit the nail on the head. Experian eMail Append [experian.com] overlays deliverable email addresses onto your active customer file and contacts customers via email on your behalf to obtain permission to communicate with them online.

By "permission" they mean they send you email until you complain. If they happen to pick an email address that is normally not read by a person, they don't get any complaints. (Not that I opt-out of spam; I block it.)

Further on, they state Retain your customers by keeping your brand top-of-mind through consistent, relevant and interactive email communications. Yeah, good luck with that. I know four companies that have just lost my repeat business.

Thanks to all for an excellent discussion.

Re:

[John Hasler]

> Further on, they state Retain your customers by keeping your brand top-of-mind through
> consistent, relevant and interactive email communications. Yeah, good luck with that. I
> know four companies that have just lost my repeat business.

Did you tell them why? They won't stop doing this unless a) they lose business because of it and b) they know they are losing business becuase of it.

Prediction: lots of people will complain loudly about this to everyone but the companies involved, and almost all w

An interesting change

[AnalPerfume]

In the UK, junk mail does subsidize the postal service, so although you can opt out, they plead with you not to, as it would increase the cost of normal post by quite a margin. How much of this is real and how much is just them desperate to hold onto an income from companies paying them to shovel shit through our letterboxes is open to question. I do accept it in principle though.

If that switched en-masse to email, those contracts would expire, meaning snail mail prices would increase. The Royal Mail don't have any way to transfer delivery from paper to email, so they couldn't recoup those loses. Since email is free, nobody would make any money from these mass email contracts.

On the other hand it would cut down on a LOT of wasted paper, which 99.99999999999999% people take from door to bin, bypassing the eyeballs, some people do recycle but not enough.

While email is great for most communications, snail mail is sometimes required so it can't be allowed to die. I doubt it would die if they lost the junk mail contracts.

For me, the worst offenders are the magazines and newspapers you have to pinch at the spine and shake over a bin before opening, to release all the leaflets stuffed inside. Is it not enough that for every 5 pages of a publication, 3 pages worth are adverts? If that's the state of the magazine industry, maybe it deserves to die too. The internet has already steamrolled over many business models, what's another one to add to the list?

Perhaps a solution would be a commercial / personal email distinction at an ISP level with a legal backing. Personal email is always free, commercial email costs say 1p per email. Charities / schools etc would be exempt from charge too. Make it something you have to declare with your ISP and legally stand by. Spammers using botnets wouldn't be affected since they operate illegally anyway, but it'd regulate the "normal" "legal" marketing companies. Make it a legally enforceable requirement to ONLY email people who have opted in, and fine them for ALL breaches.

Re:

[mellon]

Do you have Fedex in the UK? I assume so. The cheapest rate Fedex charges is a good indicator for how expensive paper mail could possibly get if everybody opted out of junk mail. How much mail do you send in a year? Would you seriously mind spending the extra money, if you knew that it was saving swaths of forest all over the world? Seems like a pretty cheap investment in the future, to me.

Also, chances are that if paper mail got that expensive, a lot of things people use it for now would go out o

Re:

[AnalPerfume]

I'm not sure if we have Fedex in the UK, I don't think so. There are private delivery services apart from the Royal Mail but the issue is about entire country coverage. A large part of the Royal Mail costs are about rural areas where they lose money but have to cover as part of their charter. Large parts of Scotland, Ireland and Wales are rural, where a village can be 50 miles from anywhere and have 10 houses and a corner shop which doubles as lots of things. It still needs a postal and bus service.

The pri

Reducing paper use.

[aztracker1]

I always find it interesting how interested people are in reducing the amount of paper we use. While I find it wasteful in and of itself, I don't think it's a net negative. Firstly, as to trees, we can and do grow more to handle paper production. As to waste in landfills, paper being a natural living material breaks down better than almost everything we put into landfills and the byproducts help to break down other materials. I don't really see much point in recycling paper, as it's costly to separate a

Wierd connection in SPAM

[whoever57]

I have recently noticed spam coming in to an invalid email address in one of my domains. Since I was curious abut this, I redirected these emails to an actual mailbox. I was the first registrant of the domain that receives these (the TLD only became available 3-4 years ago), so the address has never been valid.

What is really odd about these emails is the the "To:" address (not the envelope address, but the To address listed in the header text of the email) is a valid email address in another of my domain

Egham is "spam capital" of UK

[David Gerard]

Email filtering company MessageLabs reports that Egham, Surrey, on the suburban outskirts of London, is the town that receives the most spam in Britain [today.com].

"It's not like there's much else to do," said Boris Busybody, 77 (IQ), of Egham Hythe, idly whirling his four-foot penis around his head in a desultory fashion. "Expanding your manhood, growing your breasts, increasing your sperm ... the Lib Dem phone calls get a bit much. That's Doctor Busybody, by the way. My Ph.D arrived last week."

Spam has revitalised the local economy. Mr Busybody has given up cab driving and is now working a lucrative job processing payments from home after he sent them his bank details in response to an urgent security message. "I had that King Otumfuo Opoku Ware II in the back of my cab once. Very generous and helpful fellow."

The Egham Tourist Board has seized the day, with plans for a 50 foot tall penis sculpture at Junction 13 of the M25 on the exit ramp to the town. The sculpture will be encircled by a genuine imitation Rolex and spray a fountain of Spermamax, obtained at a very reasonable rate from a Canadian pharmacy. "You will search an hour for your underwear in the ocean of our spam!" is to become the new town motto.

"I did get a good one the other day," says Busybody. "Barrister Matthew Sergeant Busybody of MessageLabs said we could promote our town to millions of people just by sending them an advance fee to process our incoming email. The stuff they try! 'Scuse me, V!k@grk@ kicking in, got to go have sex again. Sorry."

Not here

[nurb432]

The last year or so i have seen a big rise in postal spam. For a long time it was almost nil.

"Semi-legitimate" spam

[Animats]

I'm seeing a bit more "semi-legitimate" spam, that is, spam from senders who properly identify themselves. Much of it seems to be associated with the domains below. The sending domain varies, but messages will contain the following domains in the body:

• constantcontact.com
• inxserver.com
• touchpointec.com
• verticalresponse.com (which, suprisingly, isn't a Viagra spammer, but a vertical marketing company)

These outfits find some vaguely legitimate business relationship and then open the spam floodgates.

Two questions:

[kheldan]

One, can you live without email? I know I could.
Two, if email was a new idea, how would you build it from the ground up, to prevent this sort of abuse?

ReplacING?

[Chas]

Wrong tense.

Of COURSE it was going to. The economics are just better (from the spammer's POV).

NIC handles are used

[logicTrAp]

I get a fair amount of "legitimate" spam to an email address which I only ever had in the InterNIC database. So, there's at least one company tying addresses to emails based on domain name contacts.

Let me guess, whois contact info?

[ameyer17]

If I had to guess, the special purpose of the email address you're recieving spam at is in the WHOIS contact info of a domain you own.
1) Scrape WHOIS database
2) ???
3) SPAM!!!

Re:E-Stamps, the only way to reduce spam

[Matt Perry]

E-stamps are the only effective way to reduce spam. Bulk spammers will go from paying something like 0.1 cents per message to say 25-cents, making it uneconomical, and more trace-able. When you buy an e-stamp, 1/3 of the amount goes to the recipient (usually as credit), 1/3 to the ISP, and 1/3 to a monitoring agency. "Approved" recipients could send for free.

Your post advocates a

( ) technical ( ) legislative (X) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
(X) Nice try, assh0le! I'm going to find out where you live and burn your
house down!

Re:

[techno-vampire]

( ) Outlook

I find it interesting that the only program named in this form is also (probably) the world's most popular email program. How much of this is because it's as full of security holes as the rest of Windows and how much is because it is, in fact, so popular. Granted, if everybody switched to (let's say) Thunderbird, the Black Hats would start hunting down and exploiting Thunderbird vulnerabilities, but my personal opinion is that they'd find them few, far between and rapidly patched.

Re:E-Stamps, the only way to reduce spam

[Helix150]

To understand why this won't work you have to understand how e-mail works. We start from when you hit 'send' in outlook.

Your message first goes to your ISP's or company's outgoing mail server. Let's ignore that for a moment.

That outgoing mail server looks at the recipient- user@domain.com. So it uses DNS (the thing that converts a name like www.google.com into an IP like 74.125.93.147) and asks what the MX (mail exchanger) servers are for domain.com. Domain.com has those listed in its DNS.

The outgoing mail server then connects to the domain.com MX server. It says "i have a message from person@company.com for user@domain.com". If the MX agrees to take it, your outgoing mail server transmits the message, and the MX sends a confirmation that it is accepted. They then disconnect.

If you're running your own mail server, or are using a company mail server, or a different email system, your ISP has nothing to do with this other than moving your packets around.

The point is that email is not a single system that can be changed like raising the fare on the subway. If you're the city and you want higher subway fares, you just reprogram a few thousand turnstiles (all of which you own) and you're done. Email/SMTP isn't like that, SMTP is an agreement, a protocol which millions of networks and servers have chosen to implement. Email is just another internet protocol, no different than AIM, skype, HTTP/wwww, FTP, etc. It's just one of the most widely used protocols.
There is no central authority to enforce anything like e-stamps. For this to be enforced, the domain.com MX would have to say 'please give me a tenth of a cent before I deliver your mail'. The only useful way to handle that would probably be with a 3rd-party clearinghouse for exchanging the 'stamps', so your mail server would say 'i give you stamp ID (long stamp id number)', the destination MX looks that up with the clearinghouse, approves it, then accepts the message for delivery.

For that to happen, both your SMTP server and the recipient's MX would have to be modified to deal with these payments, and optionally require them for mail delivery. There are many different mail server programs out there, this would require all of them to be updated to support payments, and then (heres the hard part) all the people who run them would have to install those updates. Then anybody who runs a mail server would have to do some financial setup to let them accept payments and send payments for email. IE, every random geek and company and IT department and ISP that runs a mail server now has to jump through a financial hoop. If I run my own mail server, does that mean i get 2/3 of the payment (the recipient fee and the ISP fee)? Does my ISP get it even though I'm not using their servers? There will be great resistance to this.

The main issue is, it would *NOT* be transparent, not to anybody. This would be a large, time-consuming and very expensive implementation.

Now let's say best case scenario, lets say you get all the major isps and webmail providers on board (msn, aol, yahoo, google, comcast, timewarner, verizon, cablevision/optimum, charter, adelphia, etc).
Let's say they immediately set up their system to start dealing with these micropayments.
What happens to the (literally) millions of companies in the US and abroad who run thier own mail servers, but whos systems are NOT updated? Can they no longer send mail to all of the above networks, or is there a break in period? If the payments are optional, what incentive does anybody have to adopt them?

Also you say approved senders can send for free. Who is an approved sender? What is the qualification? If it's difficult and expensive, some of the large bulk-mailing companies will try it anyway, and the smaller legit companies are shut out. If it's easy to get one even for a small biz, then the spammers will get them too. If extensive investigation is performed on the applicants, that money has to come from somewhere, so it'll be expensive.

Zombie Tax (re: E-stamps)

[Tablizer]

The new system would slowly REPLACE the existing system. Companies would start advertising that "we support E-stamp system also, in addition to traditional email". People will WANT to use e-stamps when the cost of cleaning spam is greater than the cost of E-stamps. ISP's may even subsidize it for their customers to avoid having to play cat and mouse with illegal spammers.

You say that the people with infected computers would patch if it cost them money-- no they wouldn't. Many of those machines are in Asia w

Optimstic but Wrong

[Zancarius]

I'm assuming you didn't see the humor in Matt Perry's [slashdot.org] post [slashdot.org]. I hate to sound like such a pessimist, but your solution and response is naively optimistic. Let's examine why.

(X) No one will be able to find the guy or collect the money

It becomes the credit-card co's or ISP's problem, not yours. It's like any other $ transaction.

ISPs already have a lot on their plate insofar as legislation and (potential) filtration goes. Forcing them to operate as a collection agency simply won't work. I also doubt anyone would

Re:

[Zancarius]

I just realized I forgot to include a link to the article I mentioned about Gates. Here it is [zdnet.com.au]. It explains his idea of using computationally intensive challenges to limit the flow of large quantities of e-mail.

I thought I had included it, but I must have forgotten.

Re:

[Endo13]

How can anyone sound so "tech savvy" yet be so incredibly misinformed.

They don't need to "find" your email to send spam to it. They find the domain, and then they have the spam computer send test spam messages to the most common addresses at that domain (ie. webmaster@domain.com) and possibly even a few thousand (possibly even millions) of the most likely email addresses and/or permutations. Remember, a lot of spam comes from botnets, so they're not even using their own resources to do it. They can certain