SPAM anyone?

Sun Oct 27 21:51:22 EST 2002

At 8:47 PM -0800 10/27/02, Mark Vogt wrote:
>Fellow listers,
>Has anybody been getting an unusual amout of SPAM lately?
>On top of a bunch of other young-demographic stuff for the past month, I
>just got an offer from the US Marines that is about 33 years late. They
>could'nt get me then either.
>Who monitors this stuff?

Umm...

Spam doesn't come from the list.  It may come from email address
harvesters going through the archives, but I don't think much of that
goes on, we're not exactly high profile.

Spam comes almost entirely from places you've submitted your email address.

-Job sites.  Monster.com.  Dice.com.  Wait, did I mention dice.com? :-)
-big internet providers/sites.  Yahoo.  MSN.  Etc.  My grandmother,
who had yet to use her little MSN "internet" appliance, had spam
waiting for her the first time she logged in- 3 days after the
account was set up.
-software downloads.  RealVideo truly wants you to know about their
product updates.  And they want to sell your information to anyone
and everyone.
-news websites and the like.  Used that "send an email to a friend
about this" link? Guess where both sender and recipient addresses
just went.  They're not doing out of the kindness of their hearts :-)

Gets better.  Now there are brute-force name-guessing spammers.  They
basically pick a domain, and then try all the popular account names.
Thank god I have a fairly unusual name- watch out if your account
name is scott etc :-)  Any addresses that don't bounce get marked as
valid.

Spammers use all sorts of tricks to figure out if they actually got someone.

-images buried in the email that often have some sort of ID coded
into the URL; the purpose isn't to retrieve an image, its to
communicate back to the spammer's server that you viewed the message.
I have my mail program(Eudora) set to not automatically load any
images or content in HTML emails, as a result.

-Click here to unsubscribe links.  I had a friend who was dumb enough
to click on one such link, and within a day, she was getting swarms
of spam.  To her dismay, most of it was...well...useless for
HER(apparently, if anybody comes up with a herbal supplement for
women, they'll get at least one customer :-)

-Some spammers even bury ID numbers/codes(I've seen emails with
several) into all sorts of places- headers, the message body, hidden
in the HTML.  This is mostly to catch people like me who report most
of the spam they get(I use spamcop.net)  Spamcop does all the
detective work to figure out the guilty parties and sends out the
nasty notes- minus anything with your email address.  Didn't take
spammers long to figure out all they had to do was embed a ID
number/letter string that uniquely ids your email to the them.  I
scan any spam and remove such IDs before forwarding.

Some fun comes from tracking all this stuff, if you run your own mail
server.  I have a lot of "dash" addresses(brett-something) on a
private mail server.  Each is named for the source it was given to-
it is fascinating to see where they end up :-)

By the way- 90% of the spam I get now comes from China; it is my firm
belief that most US spammers have simply contracted Asian companies
to do the actual spamming; virtually, if not completely, untraceable.
Most of the time, the host ISP's contact emails are completely bogus
or bounce.  Everybody else is moving 'manufacturing' there, why not
spammers?

Brett
--
----
"They that give up essential liberty to obtain temporary
safety deserve neither liberty nor safety." - Ben Franklin
http://www.users.cloud9.net/~brett/
http://www.apple.com/switch/