Forgot your password?
typodupeerror
Spam The Internet

Tech Reporter Pursues Spammer 183

Posted by michael
from the idle-hands-do-the-devil's-work dept.
girish writes "Technology reporter extrordinaire, Mike Wendland, is at it again tracking down spammers. Wendland conducted the infamous interview with Alan Ralsky, the alleged mega-spammer, a few years ago. That article spawned a lively discussion on Slashdot and eventually resulted in hundreds of pieces of junk postal mail flooding Ralsky's million-dollar home. Now Wendland is using a new tool from a service called Project Honey Pot to track email address harvesters. He posted on his technology blog this morning about catching a company that is holding itself out as a legitimate bulk mailer, but appears in fact to be sending to harvested addresses and conducting on the side some other seemingly seedy businesses. Interesting stuff."
This discussion has been archived. No new comments can be posted.

Tech Reporter Pursues Spammer

Comments Filter:
  • by bigberk (547360) <bigberk@users.pc9.org> on Sunday November 21, 2004 @04:03AM (#10879624)
    Honeypots are lurking all over the net... spammers don't have a chance. They are so indiscriminate and stupid with their harvesting that they are just announcing their presence through a digital loudspeaker, "I AM A SPAMMER".

    There might even be some on slashdot! Who knows?!
    • by commodoresloat (172735) on Sunday November 21, 2004 @04:04AM (#10879629)
      There might even be some on slashdot! Who knows?!

      That's crazy talk. This place is spam free. And your website can be spam free too! I'll show you how for just $19.95!!

      • by Phattypants (469233) on Sunday November 21, 2004 @04:16AM (#10879664) Journal
        What do you mean? Since I started reading my webmail, I've put all my company's mail-security needs into these miraculous services called hotmail and or yahoo! Why, it was but ten years ago that my penis was two inches shorter! Not only that, but now all of my debt has been consolidated! I can just pass on the tab to my next of kin! I decided contact you, Because I believe you are a reputable person and I feel You can help me and my mother over this confidential matter.
      • That's crazy talk. This place is spam free.

        I was spam free until I followed the lst three article links, where the pages promptly scanned my gmail and yahoo cookies and added me to their list.

        Oh wait; I pressed "insightful" when I meant to press "funny" on my /. comment generator. here's what I was going for:

        No, that's my brother, crazy talk.

  • One of my honeypot email addresses has received several trojan horse messages from our friends at the spamhausen.
  • Seems to me that this kind of thing should be fairly straight forward. I mean, sending millions of e-mails can't exactly be done "quietly" can it?
    • by Beryllium Sphere(tm) (193358) on Sunday November 21, 2004 @04:21AM (#10879681) Homepage Journal
      >Seems to me that this kind of thing should be fairly straight forward. I mean, sending millions of e-mails can't exactly be done "quietly" can it?

      Sure it can.

      Creepy spammer approaches creepy trojan writer. Creepy trojan writer rents creepy spammer access to 10,000 compromised PC's on DSL and cable. Creepy spammer commands each compromised PC to send three emails per minute from 11PM to 7AM. Creepy spammer has now sent 1.44 million pieces of email without an obvious flood anywhere and without an obvious IP address to block.
      • by Anonymous Coward
        But, with a honeypot address(es), you know it's been harvested, and who the mail was sent for. If you can keep track of all of the people that used the spammer, you may eventually find the spammer through his own ineptitude.
      • by Anonymous Coward
        Creepy slashdot poster unwittingly reveals his creepy plan for spamming...
      • But repeat this across a few sites that check the sender, and ith crosscorrelation you can very fast get the addresses of those 10000.
      • Creepy spammer approaches creepy trojan writer. Creepy trojan writer rents creepy spammer access to 10,000 compromised PC's on DSL and cable. Creepy spammer commands each compromised PC to send three emails per minute from 11PM to 7AM. Creepy spammer has now sent 1.44 million pieces of email without an obvious flood anywhere and without an obvious IP address to block.

        After a while this activity develops a pattern that shows which broadband providers to block because they allow this to happen. This cause
        • haha. "which broadband provider so block". LOL
          How about ALL? Or do you think all people with vulnerable machines are grouped with one ISP, and the crackers only target one?
          • Responsible providers have their users remove or clean infected machines (or the users ar disconnected), which reduces the number of zombies available on a network. The biggest difference is what the provider does to prevent spam from leaving it's network. The single most effective measure is for broadband providers to block outgoing port 25 and require that all users who wish to send email via port 25 use the provider's mail relays. Responsible providers also take action to prevent it's relays from bein
      • Don't forget the creepy port scanner who looks for installed trojans and exploits them to install his own software. For months now, every morning at 7:42 & 8:42 EST a port scanner checks ports 5554, 9898, 1023 and 445 using several zombies per scan, mainly from Korean and Japanese IP addresses. (There are plenty of other scanners but none so damned punctual as :42 Zombie Charlie!)
  • by MichaelCrawford (610140) on Sunday November 21, 2004 @04:09AM (#10879638) Homepage Journal
    Harvest this, infidels: A long time ago I decided I wanted to make it as easy as possible for potential clients to email me, so I have never spam-protected my email. It's all over a lot of different websites. It's all over Usenet too.

    On the other hand, I get a lot of spam. It's only just beginning to bother me. I have a friend, she gets maybe ten spams a day, and she gets so outraged that she reports them all to the abuse@ addresses and so on. Me, I get a few thousand spams a day. I read my email with elm because it's the only email client that can handle the huge mailboxes I get.

    What's getting me down though are the viruses. At one point I was getting 400 MB a day of viruses. Now I've decided I'm going to set up a virus filter on my home linux box, and use fetchmail and spamassassin and clamav and what have you to filter it, and serve it with imap to my other computers.

    My hosting service tried to filter all the viruses with clamav, but they got so many viruses that it was too much of a CPU load, so now they do only very simple virus filtering, to catch the most obvious viruses without much CPU consumption.

    • by bigberk (547360) <bigberk@users.pc9.org> on Sunday November 21, 2004 @04:16AM (#10879668)
      My hosting service tried to filter all the viruses with clamav, but they got so many viruses that it was too much of a CPU load
      This is why renattach exists [pc-tools.net]. You run that baby in kill mode, and you can handle millions of viruses a day without breaking a sweat (load average wise). This filter just drops mail when certain types of attachments (by file extension or file names inside a ZIP attachment) are found. Not as proper protection as a virus scanner, but coupled with spamassassin it will do the job.
    • by Pseudonym (62607) on Sunday November 21, 2004 @06:52AM (#10879996)

      Spam this:

      I figure anyone who spams SpamCop [spamcop.net] deserves what they get.

    • Well, my "public" email box gets about 5000 spam/virus messages a day having been active for 16 years. But ony a few get through the filters I was forced to setup three years ago. I think that address must be on every spammers list.
    • Address hiding (Score:4, Interesting)

      by Craig Ringer (302899) on Sunday November 21, 2004 @08:30AM (#10880234) Homepage Journal
      I'm in a similar situation - a search [google.com] for 'craig@postnewspapers.com.au' on Google returns a fairly hefty number of hits. Slightly more than your address, in fact :-P

      I get massively less spam than you - around 300 a day, though most of it gets stopped dead at the mail gateway by ordb.org and dsbl.org checks. I get about 100 or so spam actually delivered, and SA (set to be pretty forgiving) filters out all but 10 or so per day. I don't envy being in your position.

      Viruses, however, are another story. I haven't seen one in six months - it's fantastic. A combination of some postfix rules and ClamAV on the internal (sendmail) mail server did the trick. If you run postfix at your mail gateway, you can get it to check incoming mail for suspicious filenames before it even accepts the mail:
      main.cf:
      -----
      mime_header_checks = pcre:/etc/postfix/maps/mime_header_checks_pcre

      mine_header_checks_pcre:
      ----
      # Try to kill common Windows executables early, and give a useful message
      /^Content-(Disposition|Type):.*name="?([^ >;]*)\.(exe|bat|com|pif|vb|lnk|scr|reg|chm|wsh|js| inf|shs|job|ini|shb|scp|scf|wsc|sct|dll)"?/ REJECT Microsoft Windows Executables (like suspect file "$2.$3") not accepted here. If you were sending a self extracting zip file, please send a non-self-extracting version instead.
      (note: the regexp and message are all on one line, though I should move to an extended regex and split it up).

      *blam*. There goes 99% of your incoming virus mail. ClamAV gets the rest, so I just don't get viruses anymore. Best of all, you're not generating bounces for virues, you're rejecting them instantly - so unless they're using some dumb bastard to relay, there won't be any mess of bounces to falsified addreses to worry about.

      What about the new waves of self-zipping viruses, you ask? Yeah, that's an issue. I cheat and quarantine all zip files. I rarely have to retrieve one, and it's well worth the saved fuss.

      As for mail programs, I'm happily using Evolution with IMAP over a 512k/256k effective link to work's Cyrus IMAPd server (all this stuff is set up for work). It works great, and I'm able to use 20,000 message mailboxes without noticable stress. Sieve (the cyrus IMAPd filter language) filters everything into the right mailboxes server-side, so if I'm in a hurry I just read my (always small and managable) INBOX without worrying about my lists.* folders, the (server-side filtered) Junk folder, or anything else.

      It's great.
      • by Inoshiro (71693) on Sunday November 21, 2004 @01:47PM (#10881491) Homepage
        /^\s*Content-(Disposition|Type).*name\s*=\s*"?(.+\ .(ad[ep]|asd|ba[st]|c[ho]m|cmd|cpl|crt|dbx|dll
        |e xe|hlp|hta|in[fs]|isp|lnk|js|jse|lnk|ocx|md[etw]|m s[cipt]|nws|ocx|ops|pcd|pi|pif|prf|reg|scf
        |scr|s ct|sh[bms]|swf|uue|vb|vb[esx]|vxd|wab|ws[cfh]))"?\ s*$/ REJECT Files attached to emails
        that contain or end in "$3" are prohibited on this server as they may contain viruses. The fil
        e named "$2" was rejected.
        This covers more executable types and is a bit more permissive in the matches to the content line.
    • >What's getting me down though are the viruses

      I can recommend running VirusSnag (http://www.spamless.us/vsnag) before spamassassin.
  • spamtraps... (Score:4, Informative)

    by mmThe1 (213136) on Sunday November 21, 2004 @04:15AM (#10879657) Homepage
    An relevant note here would be to mention Spamikaze [linux.org] system (intro here [linux.org]).

    In a nutshell, it sets up spamtrap e-mail addresses, and any IP that sends mail to that address is automatically added to the blacklist, and further mails from it are rejected at SMTP level. A false positive can be easily removed from the blacklist manually (example, PSBL [surriel.com]).

    • Re:spamtraps... (Score:2, Interesting)

      by BP9 (516511)
      One very minor problem with spamikaze is they do not (did not?) advertise SPF records for their honeypots. This leads to some bounces and 'ASK' style replies ("did you send this?" queries to get on a whitelist) getting ones mail server on the black list. Sure its easy to remove, but since T-Mobile and Danger use their blacklist it means everyone in my company loses email going to their wireless devices.

      The guy running it is friendly, but I can't say I agree with the notion of these honeypots allowing spamm
      • Most of the spamtrap domains (for PSBL [surriel.com], at least) do have SPF records. However, they get ignored by a lot of Challenge/Response Authentication Protocol (hey, that spells CRAP - coincidence?) software...

        Whenever a false positive is pointed out to me, I add a regular expression to the software to make sure that challenge/response software, mailing list manager or MTA bounce type will not result in future listings. It doesn't help that many MTAs appear to be sending out bounces that aren't RFC compliant.

        N

    • Note that while Spamikaze is still pretty early in its development (we've got some fancy ideas on how to make it really fly), PSBL [surriel.com] already seems reasonably popular.

      I hope that means Spamikaze [linux.org] is going in the right direction... ;)

  • by Anonymous Coward on Sunday November 21, 2004 @04:22AM (#10879684)
    the university where I work has some fairly effective spam-killing filters set up.

    We frequently see the following interesting fun:
    a) People emailing us from blacklisted domains asking what's up. We inform them to complain to their ISP or use a different one.

    b) spammers wanting through our filters so they can spam the 20k folks on our network. These are the most fun. I got to watch as the senior network engineer composed a 4000 word message to totally demolish any sort of hope the spammer had, and actually locate the physical address of the spammer. We got an "oh, sorry" reply, and heard nothing since.
    • To some extent this is delusional thinking that suits the sysadmin - not business.

      We, unfortunately, have this situation happen to us from time to time. In the worst cases the email is just dumped (not bounced) and we only find out about it when the client complains.

      We are unable to change our ISP because they "own" the building but the real problem is further up line - again it cannot be changed by us or our ISP. Up-line they are presumably too busy running spam for US based spammers to care.

      We
      • We are unable to change our ISP because they "own" the building but the real problem is further up line - again it cannot be changed by us or our ISP. Up-line they are presumably too busy running spam for US based spammers to care.

        Perhaps it would be far more savvy of you to contract with a Good(TM) company on a clean network to run a mail server for you. It wouldn't matter who your ISP was.
  • by gtoomey (528943) on Sunday November 21, 2004 @04:37AM (#10879716)
    I recently changed to Postfix as my Mail Tranfer Agent.

    The Postfix Spam Controls [postfix.org] have reduced my spam by 95% without using compex spam filters like Spamassassin.


    • Uh...huh ....You let me know when postfix is easier to config than SpamAssassin ... I am betting that you will never call.

      Sera

      • With Postfix, you just configure the spam controls once. It works straight away. Postfix is VERY easy to install/configure from sourfce.

        With Spamassassin, you need to train/fiddle with rules after installation.

      • It'd be nice if Postfix was as simple as SpamAssassin. Unfortunately, MTAs are complex - mostly because the Internet and eMail are complex, and because of all the ugly hacks and workarounds required to actually get mail to and from lots of the the utterly broken garbage that claim they're mailservers.

        Postfix can, however, be a fantastic front line of defence for people who get so much spam that SpamAssassin alone can't cope, or who want to reduce the considerable system loads imposed by running SpamAssassi
  • by Serious Simon (701084) on Sunday November 21, 2004 @04:42AM (#10879732)
    During the past months I have been receiving on average 3 to 4 spams per day from the IP range of Media Dreamland. These spams are cleverly constructed so that they are difficult to filter out automatically, and as they use a whole range of IP adresses and varying domain names, these are not likely to wind up on a blacklist.

    I added rules in my .procmailrc file to block all e-mails from the IP range of this company, this has worked very well for me (100%/0% positives/negatives)

    Interestingly, since a few days I was again receiving quite similar spams, and this time they originate from the IP range of a company called Big Time Fiber. It turns out that the spams from Media Dreamland abruptly stopped after 10 november (spammer kicked out?) and after a few weeks the spammer apparently found a new hosting service.

    I put the following lines in my .procmailrc:

    :0 H
    * ^Received:.*\[204\.9\.24[0-7]\.
    {
    LOG = "[!!!! Big Time Fiber] "
    :0
    /dev/null
    }
    and just this morning I found the following entries in my procmail log:

    [!!!! Big Time Fiber] From rolffarris@newssign.net Sun Nov 21 00:16:08 2004
    Subject: Would you like to stop smoking?
    Folder: /dev/null 1550
    [!!!! Big Time Fiber] From benniemilburn@minisaver.net Sun Nov 21 01:55:43 2004
    Subject: Apple 17" iMac G5 Desktop!
    Folder: /dev/null 1705
    [!!!! Big Time Fiber] From rhettsmallwood@bigtopsavings.com Sun Nov 21 03:36:04 2004
    Subject: Mortgage interest rates are at their lowest point ever.
    Folder: /dev/null 1739
    [!!!! Big Time Fiber] From bruce.tillery@e-goodstuff.com Sun Nov 21 05:20:55 2004
    Subject: Women, something to rock your world
    Folder: /dev/null 1565
    [!!!! Big Time Fiber] From donovanragland@e-goodstuff.net Sun Nov 21 07:06:03 2004
    Subject: Test & Keep an IBM Laptop - Product Testers Wanted
    Folder: /dev/null 1623
    [!!!! Big Time Fiber] From gilcolvin@bigfoodsavings.com Sun Nov 21 08:46:04 2004
    Subject: You can be smart! Folder: /dev/null 1563

    As you can see from the type of domain names these spams are probably from one spammer.

    In the past I have received spams using the same trick from Webhostplus, Pharmakon and Aphrodite Marketing, but the spammer (now) operating from Big Time Fiber IP range appears by far the most active.

    See also http://ws.arin.net/cgi-bin/whois.pl (fill in "204.9.240.164" in the search box)

    • As far as I can tell, bigtimefiber is media dreamland.
      www.bigtimefiber.com resolves to 69.42.98.5 which resolves to host-98-5.approvednews.com.

      A lookup on approvednews.com shows that it is owned by:

      Media Dreamland Inc
      5546 Camino Al Norte #2-278
      N. Las Vegas, NV 89031
    • ::snip:: Folder: /dev/null ::snip::

      ::snip:: Folder: /dev/null ::snip::

      ::snip:: Folder: /dev/null ::snip::

      ::snip:: Folder: /dev/null ::snip::

      ::snip:: Folder: /dev/null ::snip::

      ::snip:: Folder: /dev/null ::snip::


      Wow! I think that bit bucket might need to be emptied soon!
  • we just ignore spammers, will they go away?
    • if "we" as in the slashdot crowd...no. We're peons when it comes to "the world".

      If "we" as in the entire world...yes
    • Yes, they will go away once Cisco makes spam rejecting routers and all ISPs use them to drop spam packets in /dev/null.

      Spam and viruses only works because the majour ISPs are stupid and don't give a hoot.

  • Unlike the harvester, there's lots of information about the outfit behind the spam. The whois information points to an Illinois-based direct marketing company, Expedite Marketing Corporation.

    Look at the output of "whois foo.com.au". It has absolutely no information at all. Yes, it gives two email addresses, but for the bulk of the domains the information of incorrect or outdated.

    Ab-so-lu-te-ly useless if you're chasing problems.
  • What if you find some old domain that used to get substantial mail traffic, but hasn't been used in like 5 years or something (expired). Spammers don't stop sending spam when addresses disappear (contrary to intuition), so if you purchased that domain you would start getting a huge amount of spam, using a wildcard. Also, it would be virtually guaranteed pure spam! Would be neat... anybody know of any old domains like this?
    • sure just pay attention to myownemail.com the're bad about renewing, I bought one domain they didn't want because I wanted my email address back. Tons of spam. And tons of complains about spam from people who don't read headers and don't know there's ZERO outgoing mail from the domain
  • I read the article. (Score:3, Informative)

    by bs_02_06_02 (670476) on Sunday November 21, 2004 @04:49AM (#10879748)
    Curious, I punched up the IP address (69.6.66.17) in my web browser, and I get the default IIS page, telling me there is not a default web page... blah-blah-blah.

    So this clown is either stupid and someone really has hacked his box and it's a zombie, or he's playing dead, and has set up the box to appear hacked, and is happily harvesting email addresses anyway. Either way, boxes like these should be shut down. Who leaves an unprotected IIS box exposed to the internet?

    I'm curious if anyone is able to resolve that IP address to a street address. It has to be static. Get someone over to that address, see what's going on with this clown.
    • The default page on my IIS server does not look like that, someone has made it. The line break is grey on mine (not blue) and the 'i' image is much smaller. Not to mention the content is different.
    • by Anonymous Coward on Sunday November 21, 2004 @05:14AM (#10879804)
      They have a gateway page to keep prying eyes out. I've seen it quite a few times in recent spam. For example, the spammer can include links like:

      spamsite.com/?code=A2LKJ34AOD012LNVLA9OO38

      The codes can be generated in such a way that they are unique to each message sent (for example, they could be a hash of the TO address). Without a valid code, you get a page like that one you saw. Lets the spammers track who's visiting their sites, and block the prying eyes of anti-spam activists.

      I bet there's a good chance that's what's happening here.
    • Anybody run a trace route to the IP address 69.6.66.17? My pings are stopped at my ISP border. Routing information may give hints to the physical location.
      • 21 papa.emcmailserve.net (69.6.66.17) 228.349 ms 227.518 ms 227.642 ms

        21st hop from Auckland/NZ through AT&T

        • Forgot this:

          Registrant:
          Expedite Media Group
          (DOM-1307088)
          245 West Roosevelt Rd West Chicago
          IL
          60185 US
          Domain Name: emcmailserve.net
          Registrar Name: Alldomains.com
          Registrar Whois: whois.alldomains.com
          Registrar Homepage: http://www.alldomains.com

          Administrative Contact:
          Expedite Media Group
          (NIC-1586933)
          Expedite Media Group
          245 West Roosevelt Rd West Chicago
          IL
          60185 US
          abuse@expeditemg.com +1.6308768066 Fax- +1.6308768146
          Technical Contact, Zone Contac
    • The 69.6.0.0/16 subnet has SO many spam sites in it that our policy is to "soft bounce" anything coming from within that subnet until we can determine if it is legitimate. If it isn't, we introduce a hard bounce on the /24 subnet in question. If it real, though, we add a bypass for the affected IP (sometimes subnet), so it can go through.

      Checking our filters, there were 120 subnet listings within 69.6.0.0/16, and none are marked "OK"! I say "were", because I just took the time to consolidate a lot of the

  • by tmk (712144) on Sunday November 21, 2004 @04:51AM (#10879753)
    Why should a spammer harvester mail addresses by himself? There are so many viruses, trojans etc out there: The Army Of Lamers can do it for him.

    Have a look at this. [sans.org]
  • by Ge10 (803950)
    All the spammers have to do is to filter out the domains of known honey pots. Even with the donation of additional IP's by vounteers, this would be trivially easy to do.
    • Except that:
      1) How do they know the IPs of honeypots? Unlike harvesters, honeypots are passive.
      2) All it would mean is that as long as you're hosting a honeypot too, the rest of your site is safe.
    • What are they to do when the "honey pot" addresses are for the domains they're also targetting for spam? Our web pages serve up one trackable, but undeliverable, spam trap address per page view, which isn't visible to humans, but would be caught by any harvester. They're within the domain of the page being viewed, and would be obvious to a human as being fake.

      One of these days, I'll automate the blacklisting of domains and IPs when these spam trap addresses are hit... Would save me a dozen manual postings

  • You know, I think it's really cool that this guy is getting his jollies going after these scum but he may want to tone down his direct involvement with these people or at least do it more quietly. Why? Until recently, jail time wasn't even discussed as a possible punishment - now it's a harsh reality.

    Faced with jail time I wouldn't be surprised to hear of some spammer tracker getting killed (or beat up) for his efforts to report them. We already know the kind of people that are mixed up in spam so it doesn
    • Frankly, I suspect it might be easier to find people who would do that to the spammer...
    • That's part of what journalism is about - taking that risk.

      Beating up journalists is hazardous to your health. Some crooks have tried. What happens then is that hundreds of other journalists start investigating the story. TV trucks start showing up in front of the bad guy's house. Stories like "Why isn't this guy in jail yet" appear. Soon, there's heavy police attention focused on the crook.

      Few crooks survive heavy press coverage. It's hard to stay in the shadows when there's a TV light in your fac

    • I think it's really cool that this guy is getting his jollies going after these scum but he may want to tone down his direct involvement with these people or at least do it more quietly

      The real risk is getting DDOS's by angry spammers. It is hurtful, costly, and yes it does happen a lot! Remember, spammers already have the zombie networks to conduct the attacks from. Victims to date include monkeys.com, osirusoft.com, SPEWS, Spamhaus, and even SpamCop. The first two services died as a result, but the re

  • Education? (Score:4, Interesting)

    by miyako (632510) <miyakoNO@SPAMgmail.com> on Sunday November 21, 2004 @06:01AM (#10879889) Homepage Journal
    What I don't understand is, with all of the negative publicity that spam gets, why do people still buy stuff from spammers? Although everyone claims to hate spam, I recall reading an article on /. a while ago that said as many as 10% of people buy stuff from spam, this just seems ridiculous to me. If I were walking down the street and I saw what looked like a delapedated, possible condemned building, and as I walked by 50 guys with crudely made signs ran outside surrounded me screaming "buy our product" I sure as hell would do whatever I could to get out of the situation, spam is the digital equivilent of this, yet people still buy into it. I guess it's that too many people think GIGO means Garbage In Gosple Out. As long as there are people buying the products though, there will never be a technological solution to the problem of spam.
    I guess stories like this could help by showing what creeps spammers are, but the only people who are going to read articles like this already know the evils of spam. Perhaps we need to get a bunch of donations and run a commerical during prime time reality tv equating spam to terrorism?
    Anyway, sorry for the somewhat offtopic rant, just been rather upset with spam more than usual lately, an email address that i've had for almost 4 years that never got a single spam has finally been getting inundated with it because some fucktard had to go and put my address in a CC with 100 other people for some stupid chain letter, and then one of those machines got pwnd and now the address is out there (BCC PEOPLE, IF YOU HAVE TO SEND THOSE DAMNABLE CHAIN LETTERS TO SO MANY PEOPLE LEARN TO USE BCC FOR $diety SAKE).
    • Re:Education? (Score:5, Insightful)

      by adzoox (615327) * on Sunday November 21, 2004 @09:01AM (#10880307) Journal
      The interesting thing is Slashdot seems to be the #1 place (that I have seen) that readers regularly bash SPAM, but that also participate in one of the the MOST MASSIVE email campaigns I have ever seen - the FREE iPOD DEALS.

      Look in just about any thread here on slashdot - you'll see a dozen signatures with people linking to THEIR free iPod link so they can get their required 5 people to join.

      What happen is your email is INSTANTLY sold to OptInRealBig when you sign up for this page. OptInRealBIg in turn - is also a harvester - but they can legitimately prove they buy email addresses. So, if quetioned by novice understanding authorities - they can prove they are legit.

      Point is - the very people that complain about it [slashdotters] - as far as I can see - are the main contributors to it.

      People also fall for these emails from websites like wotch.com that have little funny flash cartoons. People forward these sites to dozens of their friends - which in turn - each of those emails are harvested.

      It kinda is like the election scenario - the people that complained the most either didn't vote or couldn't vote!

      • What sigs? I don't ever see poster sigs...oh wait, that's probably because I chose not to...
      • OK, so I once got suckered in by one of those "free iPod" affiliate sites. And when my inbox went from one spam a week to 30 a day, I knew what happened.

        Anyway, if you really want to get your free iPod, this is what you have to do:

        • Sign up for AOL 9.0 for Broadband
        • Buy $39.95 worth of miracle pills
        • Subscribe to the New Yourk (sic) Times
        • Opt in to about 412 "mailing lists"
        • Enroll in about 32 other shady programs
        • Wait 3 months

        And if you've done all of that, you're a complete idiot who is going to get w

      • You think of humans/slashdot as a group who all think the same. We are not. Not all /. members are intelligent. Just read at -1 and you will see what I mean.

        As for the wider public. In holland we got a tv program "ook dat nog" wich is a copy of a bbc program that highlights people problems with businesses and goverment with what some call humor.

        It is/was a pretty popular program with very high viewer ratings. It also been on for years.

        At least once per season it would show the hosts informing us about pe

      • There are a few flaws in your analysis.

        1) You assume all slashdot readers are alike. While we are are all much more alike than a random cross-section of the population, we are far from being alike. Some of us could be seen to contribute to it while others are fighting against it.

        2) You've say we're hypocrites for complaining about spam that we've caused, yet the two examples you give of us 'causing' spam have only the most tenuous causation link. Apparently by not reading the fine-print on the iPod dea
    • Re:Education? (Score:3, Informative)

      by hugesmile (587771)
      There are some SPAM's that will continually entice people, regardless of the amount of education. And unfortunately, I think that there are reputable companies that are unwittingly behind them.

      Spammer sends out millions of emails touting an unbelievably low "m or tga ge | r ate". Are you interested in a 30 year, no points fixed 1% interest rate? If you're shopping for a loan, then absolutely.

      Suckers check it out. "Want information? Someone will be contacting you shortly. Just give us a little info

    • Re:Education? (Score:3, Informative)

      by fdiskne1 (219834)
      I was giving someone help with their email, saw a spam in their mailbox and commented that if they sent it to me, I'd adjust the filters so it doesn't get through in the future. This was most definitely from a spammer. They said, "No, I ordered something from them. I expect their email." When I told them the reasons they should never, ever buy anything from spam, they said, "But that's where I get the best deals." I re-iterated the reasons against it, but they didn't care. As long as they got a good deal, t
  • Yuhu! (Score:1, Funny)

    by Anonymous Coward
    That particular spammer offers a newsletter on his homepage. Please wait, I will just sign in...
  • by adzoox (615327) * on Sunday November 21, 2004 @08:52AM (#10880284) Journal
    I have been doing a little tracking down of a Spammer myself from my state.

    A few months back, when the free iPod craze started - a company in my state started sending out emails from:

    Product Test Panel
    Consumer Research Corporation
    Subscriberbase.com

    Saying, "Product Testers Wanted". They would go from hot product to hot product. Sometimes, not even released products - like the Nintendo DS was advertised almost 2 months ago - claiming immediate shipment.

    I found that they were in my state by reading the actual email and seeing a location in my state and then by confirming it with whois information.

    I then sent off an email to the contact. I got an email from a guy named Brian Benehaley. In typical fashion, all of my accusations were denied.

    Turns out, if you Google this guy's name - he has written a well respected piece [respected amongst bulk emailers] about how the Can Spam Act will bring a new renaissance in email marketing.

    I have since written the Better Business Bureau about him, found the record for the company is now in the 1000's of complaints

    I have contacted my state attorney general which is conducting thorough investigation

    I contacted the host ISP - Exodus - they have over 12000 complaints lodged against Subscriberbase.com

    I have written a piece that has gotten into Google searches [blogspot.com] - that receives a few emails and comments each week.

    More info about Product Test Panel [adzoox.com]

    It has been quite fun to research this guy and put various internet tools to my disposal.

    This was a good story to see what techniques Mr. Wendland used.

    Google, Whois, MY BLOG, The BBB online, My attorney general all helped me ...
  • How I stay spam free (Score:5, Informative)

    by Examancer2 (606336) <slashdotnew&examancer,com> on Sunday November 21, 2004 @09:08AM (#10880325) Homepage

    This is how I keep spam from ruining my email while also catching spammers in the act:

    I have a domain (examancer.com) and a cheap hosting company that allows unlimited email accounts. Every time I give out an email address I make up one that will remind me why I gave it out (like slashdot@examancer.com, nytimes@examancer.com, someotherservice@examancer.com, etc...). I don't actually have to set up each account because I have all undeliverable mail sent right to my main account. If I start receiving spam, I just look at which address its sent to and I know right away which company sold my address or which online forum my email was harvested from. If the spam gets too bad, I actually go and create a real mailbox for that address and route it to a black hole... viola, no more spam.

    • I also do this. Sometimes it is tough when spammers spoof the recipient address. How do you know which address it is going to when the header is spoofed? Sorry if that sounds stupid, but I have never been able to figure it out.
      By the way - here is a great quote from the spam website:


      "I've got one thing to say about Expedite Internet Marketing, WEBTASTIC!"
      -- Merry Black

    • If I start receiving spam, I just look at which address its sent to and I know right away which company sold my address or which online forum my email was harvested from. If the spam gets too bad, I actually go and create a real mailbox for that address and route it to a black hole... viola, no more spam.

      I do almost the same thing. The mail to abandonded addresses is sent to a spam filter to help train it.

      That way if the same spam gets sent to a good address, it gets filtered out.

  • What's with the alleged part? When Al Ralsky alleges it, and so does everyone else, and there's massive proof that he did, you can skip alleged.

    Don't make the mistake that if it's not covered by the U.S. CAN-SPAM law, that it isn't spamming, or that someone has to be convicted in a court of law before they can be called a spammer. He hasn't been convicted of being a major asshole, but it's quite safe to call him that.

  • anti-spamming (Score:2, Interesting)

    by Dorsai65 (804760)

    Personally, I use a combination of tarpits [turnstep.com], poisoning their databases [turnstep.com], and a website [odinsrealm.com] that is rumored to kill the little bastages.

    On the same page where I do all this, I also include links to the House and Senate email address pages, figuring if I get spammed, Congress should, too :-)

  • [...] 550 EBuyer spams customers
    [...] 550 Comp-U-Plus spam customers
    [...] 550 Yahoo! turned to spamming

    And more. So what if Yahoo! is not peddling "herbal viagra"? They are still spamming -- oh, yes, you can always unsubscribe -- but since I never subscribed in the first place, I don't see why I should be unsubscribing.

    I keep a Yahoo! mailbox around -- just in case, and clean it up every once in a while. Yahoo!'s spamguard is a useful tool to keep the outside spam out, but Yahoo!'s partner Motley Fo

  • When it comes to spammers and their email harvesting software, why not fight fire with fire?

    Set up your own payback page [aardvark.co.nz] then check your server logs and smile every time those on that page get added to another spammer's list :-)
  • ...in the harvesting programs? I mean, how seriously cool would that be...instead of publishing the ip addresses for blocking, circulate them for buffer overflowing?

    Anyone comment on the practicality of exploiting the harversters?

    Anyone know the harverster programs that are most used??

"Say yur prayers, yuh flea-pickin' varmint!" -- Yosemite Sam

Working...