Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

The Story of "Nadine"

timothy posted more than 12 years ago | from the not-a-porn-story dept.

Spam 270

Guinnessy writes: "We've all accidentally typed in a wrong email address sooner or later. But can it all go horribly wrong? On http://www.spamresource.com there is the story of Nadine, an account of what happened after an Internet user accidentally gave a wrong email address when she visited a web page and signed up for a sweepstakes. Live in fear...."

Sorry! There are no comments related to the filter you selected.

Bow! (-1)

Klerck (213193) | more than 12 years ago | (#3493264)

Bow before me! [msnbc.com]

YBHT! [petitiononline.com]

Re:Bow! (-1, Offtopic)

josh crawley (537561) | more than 12 years ago | (#3493364)

You're number 3351 right?

If thats true, here's the whole list.

3351 Phil McCrevis b[r{ * K L E R C K ' D * }r]b (F your shacktags I say!)

It'd be fun to torture you and do interesting things with that name.... If it was your real name. Idiot troll wanabees are a waste of time. If you wanna troll effectively, do what I do. Have good articles that PISS people off.

Might as well list all the links (0)

Anonymous Coward | more than 12 years ago | (#3493377)

If you're going to list it, list all of them.

http://www.msnbc.com/news/749507.asp
http://www .petitiononline.com/twotower/
http://www.petition online.com/antirnm/petition.htm l

Re:Bow! (-1)

Anonymous Cowrad (571322) | more than 12 years ago | (#3493595)

Harley David, son of a bitch.

I like girls with big big tits.

Old News (3, Informative)

netfox39 (572148) | more than 12 years ago | (#3493274)

http://www.honet.com/nadine/

Re:Old News (0)

reflexreaction (526215) | more than 12 years ago | (#3493289)

It's a good thing because it's /. already

Re:Old News (1)

Drishmung (458368) | more than 12 years ago | (#3493325)

And the mirror appears to be /. as well.

However, a Google on "Nadine" gets the story top of the list and you can work you way through the Google cache.

Slashdot effect (1)

IIRCAFAIKIANAL (572786) | more than 12 years ago | (#3493375)

If anyone else wants to see a webserver go down, add it to this thread

I think I'll try load-testing our e-commerce server ... http://www. - nah, better not :)

Re:Old News (1)

discstickers (547062) | more than 12 years ago | (#3493321)

./ effect. Here [216.239.33.100] is the google cache.

Ony problem is... (1)

hackwrench (573697) | more than 12 years ago | (#3493613)

All the good stuff in on another page and Google doesn't cache-thru, that is to say the links on a cached Google page point to real addresses and not cached Google pages. I tried archive.com that probably doesn't have it cached yet and got: We're sorry, but due to the overwhelming response, the Internet Archive Wayback Machine is temporarily down for maintenance. Access to the past will be available in the future. Please check back with us at 4:00PM Pacific Time.

Re:Old News (1)

SteakandcheeseUm (191173) | more than 12 years ago | (#3493329)

The other link seems to be in the process of being slashdotted, especially since it referrs to the link given in the posting as having "greater bandwith"

/. server part 1 (2, Informative)

reflexreaction (526215) | more than 12 years ago | (#3493336)

Nadine -- The Story Begins Once upon a time, there was a senior citizen in one of the Southeastern United States who was apparently confused about what her email address was. Because I have no desire to cause this lady the slightest inconvenience, I will call her "Nadine", which is not her real name. I'm also going to change her surname to "Smith", which is likewise false. (NOTE: Because I have no desire to avoid inconveniencing any of the other players in this tale, hers is the only identity that has been altered in any way.) On or about the second day of March in the year 2000, Nadine visited a web site belonging to an outfit called delivere.com. While there she apparently entered a sweepstakes, gave delivere.com some personal information and (I presume) agreed to receive email advertisements from various parties from time to time. The email address she gave them consisted of her first name and the domain honet.com. What the actual email address should have been is something about which I can only speculate. To confirm (to Nadine) that she had signed up, delivere.com sent a message to nadine@honet.com. (This was the First Big Mistake: the message should have asked the real owner of "nadine@honet.com" to confirm that the sign-up was genuine.) A semi-automated process at honet.com noticed the message and sent a "No such user" message to the appropriate addresses (at least one of which was bogus). Normally, that is all it takes to stop any further traffic. Such was not to be the case here, however.

Re:/. server part 2 (1, Informative)

reflexreaction (526215) | more than 12 years ago | (#3493350)

More Stuff Arrives Nothing more came in for about two weeks. When the first real advertising payload arrived it went into the "bad message" sump and it was several days before I had enough spare time to deal with the accumulated sludge. Since this was just one of dozens of bogus accounts that receive occasional messages, I made a note of the "nadine" name and archived the message with the intent to take further action if the traffic volume climbed. Which it did. Harris Polls Nadine began to receive messages from other entities. Harris Polls sent their first blast about two weeks later, and swiftly became the most prolific sender. After a few of these arrived, I followed the "how did you end up on our list" link and determined that Harris had apparently obtained Nadine's information from delivere/matchlogic. Now there was a breathtaking surprise. Harris ignored the "no such user" notice, so after the first four messages I dropped them into the mail server's deny list, where they remained for a number of months. Despite the fact that every message to nadine@honet elicited a "553 domain tesp.com does not accept mail from HARRISPOLLONLINE.COM" response, they were still pounding away months later, when I removed the block in order to collect evidence for some legal proceedings that were under way. Harris continued to send Nadine several messages per month until 9 August 2001, when the stream unaccountably stopped. In all, 79 messages were received, in addition to the ones that were rejected during the four months when Harris were in the local deny list. Update: on 23-Jan-2002 a request to confirm arrived, indicating the start of yet another round. Perhaps this time they have instituted real confirmation procedures, and nothing more will arrive. 01-Feb-2002: Apparently no answer doesn't mean a "NO" answer. Is this what is meant by "double opt out"? Ourhouse.com Ourhouse.com hired enlist.com to send Nadine a message. A second one, identical to the first, arrived the next day. Perhaps Ourhouse.com changed their minds about this method of advertising, because Nadine never heard from them again. Webstakes.com Next to step up to the plate were webstakes.com/idialog.com. They sent a total of five messages, each one entirely HTML, one each in May, July and August, and then two in September. Perhaps they were convinced that Nadine would never use a simple text email client, or they just didn't mind making the recipient wade through crufty HTML to get to the exceedingly valuable content. SmarterKids.com smarterkids.com was another one-shot wonder, sent by enlist.com. AT&T Only one message was sent (by enlist.com) directly on behalf of AT&T. A few others during the later deluge mentioned AT&T or associated products. Next: Question: Why send mail to somebody who doesn't exist?

/. server part 3 (1, Informative)

reflexreaction (526215) | more than 12 years ago | (#3493363)

Question: Why send mail to somebody who doesn't exist?

The spam from enlist.com for AT&T finally caused me to do some research. Visiting the enlist.com web site, I found what seemed like an appropriate person to contact, and sent this official-looking message, complete with ticket number and RBL references. Naturally I had some hope that a [possibly fruitful] discussion might ensue.

Once again my hopes were shown to be unrealistic.

Answer: We Believe In You, Even If You Don't.

Some readers might not be astonished by what followed, but I was. In the surreal reply that arrived the next day, the "ePrivacy Coordinator" at
247Media revealed personal information about a subscriber to a complete stranger. The details included full name, complete address with 9-digit ZIP code, and date of birth.

Fortunately, 247Media are "members of both TRUSTe and the Direct Marketing Association" and "strictly adhere to the privacy guidelines they provide". One can only speculate about what horrifying breaches of confidence might have occurred had this not been the case. Also a note of encouragement was the "exclude from future mailings from our partners" promise. As we shall see, alas, that was as empty as the promise of privacy.

Always ready to grab for the last word in any debate, no matter how one-sided, with some asperity I offered a rejoinder.

/. server part 4 (1, Informative)

reflexreaction (526215) | more than 12 years ago | (#3493376)

It's Worthless, But We'll Sell It Anyway.

There was a bit of a lull in the non-Harris onslaught until September 2000, when Home Shopping Network decided to join the party. Note that they obtained Nadine's information just over one month after Nadine had been assured that it would take three to five days to make certain that she would not receive any further mailing from 247Media's "partners". HSN apparently was prepared for this, as the end of their message suggests that opting out of their blasts is not as easy as one would hope. Until their last blast on 14 December 2001 they averaged one message every seven to ten days. Update: on 21-Mar-2002 HSN reappeared. Perhaps we will soon have some idea how effective the bounce processing is at 4at1.com.

Our breathless wait for new material was prolonged until October, when enlist found another sterling client, viz. thirdvoice. Nothing has been heard from them before or since.

In November, it was Hewlett Packard who elected to become the next object of derision. They likewise appear to have chosen other advertising channels.

The parade of one-time enlist.com clients continued with half.com, enews.com and finally SimplyHealth.com. After that, enlist.com sank beneath the waves. The last mention of enlist, matchlogic or delivere came in April, 2001, in a couple of bleats from peopliknow.com, who share a ZIP code with them.

Then things took a darker turn.

/. server part 5 (1, Informative)

reflexreaction (526215) | more than 12 years ago | (#3493386)

The Post-delivere/MatchLogic Late Comers: New Hogs At the Trough How the list[s] containing Nadine's supposed email address propagated from here on is a matter of conjecture. None of the items received from this point on mention any of the original culprits. It may be that financial challenges accompanying the general bursting of the net.fantasyland bubble caused fire sales of various magnitudes. Ombramarketing.com First amongst the new gathering shadows was Ombra Marketing Corp., who began to bombard Nadine with a variety of offers on 18 April, 2001. They sent an average of four blasts per month. They are currently in the local deny lists, and are discussed in a number of other areas of the World Wide Web, for example here. itsImazing: Is It a Threat or Merely a Menace? Cometh now the "itsImazing.com Network" by and through its first spewer, (apparently) ted2.net. Especially touching are the parts that thank Nadine for "registering at www.mindsetinteractive.com", proclaiming that these valuable messages will only infest the mailboxes of those "...who have specifically requested or agreed to receive our special offers...". Who can imagine the spewage that might occur should the senders be minded to send their stuff to just any old address? (NOTE: on 13 December 2001 I personally began receiving itsImazing spew from etoll.net, directed to an address used only for registering Palm Pilot software. Time to update the deny list.) Rumors on various anti-spam forums were that the "ted2" operation encountered some difficulties in maintaining its network connectivity. This is plausible, because subsequent detritus has issued from m-ul.com and TargitMail (see below). We did get one subsequent delivery attempt from ted2.net on 21 December 2001. m-ul.com are currently in the local block list, but these stout-hearted troupers were not dismayed by this minor contretemps -- until 16-Jan-2002 they continued to exhibit earnest hope that eventually I would let them back in to molest Nadine. Hah. Meanwhile, the itsImazing menagerie continues to expand, with coopt.com making its long-expected arrival on 23 December 2001. itsImazing appears also to have attempted to sneak in on 27 December 2001 through the facilities of virtumundo.com. On 17 Jan 2002, PO-1.COM began their spew on behalf of itsImazing. On 20-Feb-2002 Nadine heard from gossipflash.com. Oh joy. Yet another threat of more "exciting promotional offers". Without a helpful local deny list, Nadine would be receiving several itsImazing announcements per day. Imazingly prolific and persistent folks. The Grouplotto Flood On the same day as the first itsImazing blast came not one but two vital messages from "Grouplotto", sent from networkpromotion.com. This was just the nose of the camel, as more than thirty messages containing the string "grouplotto" arrived between that date and 12 December 2001. (This does not take into account the ones that would have arrived had the senders not been blocked.) Grouplotto are apparently more resourceful than some of the other contenders, since they appear to share their databases amongst an agglomeration of senders with diverse offerings (although itsImazing definitely gives them some crushing competition here). Senders and product types identified so far include: networkpromotion.com -- Gambling (what else?) and a special product (see below). etracks.com -- Consumer products (phones, Motorola Talkabout radios, VISA cards, satellite TV systems, digital camera [oops, that's a premium for switching long distance service], a sports wagering system, foreclosed merchandise, DVDs from Columbia House, and a "Start A Profitable Home Business and Become Rich Using the Internet" opportunity that would have been hard to pass up. And one additional product, also sent from networkpromotion, which deserves its own separate section below. ProcessRequest.com -- only one from them got through before they were chucked into the deny list: an offer for the American Express(R) Platinum Cash Rebate Card. They made two more tries on 12 December 2001, then nothing more arrived until 10 February 2002, when the envelope sender was "reedscienc@ProcessRequest.com". All of the senders above are in the local deny list, so there may be other valuable commodities on offer that Nadine will never hear about, at least not from the Grouplotto Borg. etracks.com made multiple tries nearly every day until 13-Feb-2002. networkpromotion.com tried a little less frequently and apparently gave up after 26-Jan-2002. Miss Cleo's Psychic Insight Blows a Fuse The GroupLotto product singled out for special treatment was a series of breathlessly vital disclosures from Miss Cleo. She Who Knows All was so convinced of Nadine's existence that she took the trouble to send a personal note. A short time later, apparently unfazed by the lack of response, Miss Cleo sent another enticing missive. Perhaps the puzzling lack of response (should we assume that psychics can be puzzled?) led Miss Cleo to send a poorly formatted rerun of Message Two, this time through networkpromotion.com rather than etracks.com. Who can fathom the mysterious ways of the Gifted? Gumshoes in Florida, perhaps? TargitMail (GTMI, Walt Rines) Here we have a true relic of the rip-roaring early days of unsolicited broadcast email. I will make no comments, other than to suggest that the reader who wants to know more may submit the strings "Walt Rines", "IEMMC" and "picklejar" to www.google.com and especially to Google's Usenet Newsgroup search engine, looking in the news.admin.net-abuse.* groups. TargitMail began sending itsImazing stuff from various tm0[digit].net addresses on 28 November 2001, beginning with tm03.net. They subsequently have sent from tm01.net, tm02.com and tm04.com as well. All of these domains are in the deny list. They made their last successful delivery on 09 Jan 2002 with a nice itsImazing offer of great deals from Fingerhut, sent from the heretofore-not-blocked tm02.com. They were last seen in the server logs on 09 Feb 2002. customoffers.com As uninvited spewers go, customoffers.com is pretty unremarkable. They first showed up on 9 November 2001 and managed to blap in 17 messages before I finally blocked them. Like most of the others, however, being rejected with a "553 Depart Ye Cursed Spammers" message initially did not impress their infrastructure. They appeared to have given up after 22 Dec 2001, but then something arrived from the Scott Hirsch operation claiming to be an advertisement for stuff from Sears. em5000.com, em5000.net On 28 November 2001 em5000.com began sending touts for ImazingOffers, winfreestuff, ItsAllAboutGreatOffers, Chase Manhattan Bank, gambling and college scholarships. Five messages in three days caused them immediate admission to the elite ranks of the blocked. There is reason to believe that this was not the only list they have ended up in, as they changed IP blocks and reappeared as em5000.net, managing to slip two more in on 12 December before I noticed and updated their listing. Like so many others, they tried frequently for quite a spell. 02-Feb-2002: They are now using a new envelope sender, jdrmedia1.net 11-Feb-2002: This time they have decided to abandon even the pretense of using a valid envelope sender, and claim to be something "@bounce.37.121.144". This would appear to be a seriously dim move, given the number of systems that now refuse mail from an invalid envelope sender. But then, the whole operation seems to be characterised by a significant lack of wattage. intervolved.net This player sent the usual "thanks for signing up with us" note in late November, 2001. I am personally fascinated by the "if you don't opt out, you have agreed to our terms" bit. I'm also somewhat intrigued by their "This message is not intended for anybody living in a state that has an anti-spam law" clause. What do you suppose that means? They went into the bozo bin after the third blast on 04 Dec 2001 and were last heard from on 06 Feb 2002. ixs1.net, ixs2.net Before joining the Chorus of the Banned, this domain pair sent Nadine four "winfreestuff.com" adverts, beginning with this one, in which the senders claim that Nadine visited their web site and entered a sweepstakes. I suppose it is indeed possible that the real "Nadine" was still giving out the same wrong email address 613 days after committing the first error. Personally, I have confidence that she would by this time have noticed that nobody ever responded (at least not in a way that she could observe). After a long hiatus, they made another attempt on 11-Jan-2002. ROI1.NET (Img Direct) Their first one is a keeper: entirely HTML, work-from-home opportunity, web tracking bugs. Plucky though blocked, they kept trying until 11 Feb 2002. oii1.net, oi2.net, oihost.net (Optin Inc) The first piece is an IMPORTANT NOTICE reminding Nadine that "per our TOS (Terms of Service), you wisely agreed to receive third party promotions from our network's preferred affiliates". I was so overawed by a mention of Terms of Service from this well-known Florida operation that I somehow managed to leave the web bug in while trimming the HTML portion. A few days later, two copies of a "Confirmation" arrived, identical except that the second one fails to mention "Custom Offers". Perhaps I was too hasty in blocking customoffers.com and missed all of the valuable information about Nadine's voluntary subscription to this wonderful service. Life has its unexpected setbacks. sendoutmail.com Nadine received one message and a couple of subsequent blocked delivery attempts originating from this domain. A responsible party from this domain has contacted me personally, and I have responded to his request for the details of the messages sent to Nadine. Being convinced that sendoutmail.com is making a determined effort to adopt the most effective list management practices, I have removed the IP and envelope sender blocks against sendoutmail.com. topica.com This message was surprising and profoundly disappointing. I had been led to believe that topica.com were rather strict in their list verification standards. If they would like help in diagnosing the point of failure, I'll be happy to assist. Unfortunately they were still trying to deliver email as of 14- Feb-2002, despite numerous rejections (and several visits to this page from topica's corporate IP space). DM360.com The list is sold yet again. On 19 December comes an advert apparently for REI sent by dm360.com on behalf of network60.com. Visiting the link, however, just gets you to www.freebieclub.com, with no obvious REI involvement. What a tangled web. This sender has made a sufficient number of subsequent attempts after being blocked to rate their own reject log page. Later on in the piece (30-Jan-2002), we find that their erstwhile client, network60.com, has decided to take things into their own hands and do their own polluting of the general netspace. (Or, perhaps, the two entities are really joined at the hip. Who can fathom these mysteries without buying a programme from a passing vendor?) Postmaster General (pm0.net) This sender's customer at least doesn't bother to try the "thanks for signing up at our web site" prevarication or the "you visited a 'marketing partner' and requested drivel" pretense. The lack of HTML is also a redeeming feature. pm0.net was added to the parade of unwelcome intruders, and they hammered away until 02-Jan-2002. I removed them from the deny list on 15-Jan-2002 after having a conversation with the Mindshare Design Standards & Practices people, who convinced me that changes are afoot at pm0. If this turns out to have been an incorrect impression, I will note it here. Bigfoot Interactive (bfi0.com) I've always been fascinated by a "this message is confidential -- don't do like we did and send it to a completely unrelated party" clause in email and FAX messages. What exactly does the sending party in this case have to hide, might one ask? Virtumundo.com / vmadmin.com Here is an organism that claims that somebody who doesn't exist went to a web site (the same one the itsImazing folks claim she visited) and gave permission for them to send bunches of advertising. What makes this all the more fascinating is that somebody from Virtumundo apparently visited us here a few hours before the spam started. Interesting news: Virtumundo has announced a lawsuit against two list vendors, including Mindset Interactive, who provided the list for the message discussed above. Scott Hirsch (edirect.com, offermail.net, eDirectNetwork, optin-offers.net) This submission arrived in the wee hours of 30 December 2001. These notes were originally slotted to appear in the "Spamming Scum" section, in view of eDirectNetwork's colorful history of adding unwilling participants to its list of targets for valuable offers. Upon reflection, I decided that eDirectNetwork meets many but not all of the criteria set forth there -- at least, not recently. So, eDirectNetwork joins the other Florida operations here in the slightly more prestigious "Hogs" section. The apparent proprietor, one Scott Hirsch, has been mentioned in the press from time to time. A brief Google search for this entity nets quite a bit of discussion of their, uh, methods. Those who want an example of the great care taken by this organization to verify that the recipients really want the advertising may observe eDirectNetwork spamming the abuse address here. As for offermail.net, you have to admire the earnest, honest sincerity of a firm that in its domain registration gives its business address as the White House and its telephone number as toll-free information. Spiffy folks, to be sure. (And not entirely on the mark when it comes to research. An Authoritative Source has sent me tidings to the effect that the White House ZIP is actually 20500.) I held off chucking offermail into the bozo bin because, I freely confess, I wanted to see what would happen next. I speculated that Scott might read this and spoil my fun. It has been several months since he has hit one of my personal addresses. However, on 03-Jan-2002 "what happens next" was not at all unusual as spam goes (although I do have to wonder whether the return-path account name is a bit spelling-challenged). So, I blocked offermail and waited to see: would they pay any attention to bou[n]ces? Nope. (But they did eventually fix Irma La Bouce). Then, on 09-Jan-2002, our dear comrades at CustomOffers apparently leaped into the hammock with our friends at eDirectNetwork and sent Nadine an important custom offer for Sears Custom Fit Windows. Shades of Diana Mey. And then, sent to the "Tagged by SPEWS" sump by an incorrect mail sorting filter, there is this gem, in which Scott urges Nadine to consider plastic surgery for breast augmentation. Time to bung eDirectNetwork into the deny list and give them their own rejection log. On 13 Jan 2002 another metamorphosis occurred, and stuff started arriving with an envelope sender of optin-offers.net. I was not particularly quick on the deny list entry update, and ol' Scott managed to slip in two more that afternoon. The first was a delightful Path to Sudden Wealth blandishment, which offers yet another Work From Home and Make Big Bux opportunity. The other one was sent apparently on behalf of Gevalia Coffee, who certainly should know better. PO-1.COM Yet another itsImazing tentacle put its suckers on the window on 17-Jan-2002, with threats of even more exciting offers soon to festoon the lonely inbox. Into the bin with them. Mediatrec Transmissions with an envelope sender of something@MEDIATREC.ROI1.NET were a regular occurrence here until they halted suddenly on 3 January 2002. Then on 19 January 2002 this mysterious piece arrives, with its peculiar "sorry to see you go" clause, but with links that appear to point strictly to an opt-out function. Curious to see what their list management practices might be, I visited their web page, signed up for their mailings and waited to see what would happen. A short time later this confirmation message arrived, inclining me to the belief that they do indeed practice safe mailing, at least as far as new subscribers at their own web site are concerned. Time will tell. 24-Jan-2002: What time tells us is that they don't practice safe mailing when purchased lists are involved, as they dropped this item in the hopper on behalf of VoiceStream Wireless. So, into the deny list they go. Bon voyage. The record of their rejected delivery attempts is here. 16-Mar-2002: They've been averaging more than one futile attempt per day for quite some time, sending from the myz.com IP block at 65.105.159.*. Perhaps others have blocked myz.com and/or the mediatrec.com envelope sender, and they needed to find something that would temporarily let them get through. Regardless of the reason, they are now sending from mediatreclists.net, from their own IP space. Since they dumped five days of pent-up traffic on Nadine this morning, it seems likely that they saw a high non-delivery rate with myz.com and needed to make up for lost time. Here is one for Full Access Medical, the subject of many a search-engine visit to this site. Those interested in an exclusive money- making program need go no further than here. Maybe a free cellphone? Fancy an unsecured credit card (of unspecified type and issuer)? DVDs from Columbia House? It's all here, whether you have the sense to ask for it or not (assuming that you exist at all, of course). So, into the Plonk-O-Matic with mediatreclists.net. DirectNet Advertising (dnadv.com, valudesk.com, valudesk1.com) These folks have enjoyed some popularity amongst those who receive and report spam. Nadine also received the "Free Chocolates" spam mentioned in some of those reports. In the non-HTML portion, they began their Nadine involvement with no attempt to explain how they came into possession of Nadine's address. Only if you browse down to the web-encumbered portion do you see the shift of blame to "valued marketing partners" and the typical threat to continue the bombardment if no opt-out action is taken. Before the opportunity arose to add this section to the story, somebody from a network address belonging to dnadv.com spent half an hour or so reading Our Saga. I hope they come back, now that they are a featured character. NETWORK60.COM On 30-Jan-2002 there comes a "Membership Confirmation for NADINE" from an already-familiar denizen of the swamp. We first encountered network60.com as an apparent client of DM360.COM. One is tempted to speculate about the tendency for apparent clients of spewers-for-hire to begin doing their own spewing, as is for example the case with Mediatrec and ROI1.NET. When the spewing for RadioStakes apparently began in earnest on 08-Feb-2002, the envelope sender "NETWORK60.COM" went into the bozo bin. Two-River.com (Harvest Marketing, GDTRFB.COM) On 16-Feb-2002 we first hear from the Two-River Co-op, formerly known as Prime Offers but calling itself Harvest Marketing in the domain registry. We receive the welcome assurance that "Two-River Co-op never sends unsolicited email", but are forced to ponder: if the commercial relationship is launched with such a transparently fraudulent statement, what sort of confidence shall we have in the worth of the commercial offers? Again on 15-Mar-2002 we see that things haven't changed much. And on 20-Mar-2002 it would appear that AOL needed some assistance with their sales programme, with a little help from dnadv.com, for reasons best known to those who best know reasons. Alas, it looks like it is time for the bin for Two-River Co-op. The envelope sender on the most recent atrocity was . River.com is apparently an unrelated domain in Colorado, whereas two-river.com is in New Hampshire and gdtrfb.com claims to be in New Jersey. Considering that the delivering server calls itself "two.river.com" when in fact it is listed as "jupiter.gdtrfb.com" by its own DNS server, and looking at the river.com web site one may perhaps be forgiven for exhibiting a modicum of doubt that river.com has any involvement with these misdeeds. And in fact my communication with the actual owner of river.com confirms that river.com has no connection with two-river.com and has not authorized them to use a river.com address or host name. mxsys.net (dandyoffers.com, youclickhere.net) on behalf of memolink.com, dreammates.com et al. Pretty ordinary. First a mailing for memolink.com, then another one that seems less than fully suited to the demographic information that DandyOffers presumably purchased along with a bogus email address. On 25-Feb-2002 there was another spam for Sonix Systems / AT&T. Since I'm getting spam from mxsys.net for the "imesh" list to another bogus address @honet.com, there's no obvious reason not to award mxsys.net a prime spot in the bin forthwith. And since they've persisted in knocking at the gates, let's give them their own reject log. sign2002.com The presence of links to www.opt-track.net in this piece suggests that sign2002.com is just a new disguise for the masters of opt-in-ness, Optin Inc. Regardless, it has the exceedingly tiresome mendacity "This message was not sent unsolicited. You are currently subscribed to the Open2Win mailing list". As if "you are subscribed" somehow transforms an unsolicited message to a nonexistent person into a legitimate, requested communication. Gag. Then again, I'm interested in whether the folks at discounts.com, who don't seem to be affiliated with anybody mentioned in this message, would approve of the apparent sender being "HotelDiscountCard@discounts.com". Hmm... staff@webmagic.com seems to be the place to knock. 27-Feb- 2002: Email from webmagic.com gives me the distinct impression that they aren't too happy with this use of their domain name. Imagine that. Meanwhile, on 26-Feb-2002 the next piece arrives, signaling that The Hour of The Bozo Bin has arrived for sign2002.com. Exactis As a proud carrier of the "Motel Six Discount Card" (or AARP membership, as it is sometimes called) I note that in this piece The Hartford makes some sensible use of the demographic information that somebody fraudulently sold them. Although they wisely chose exactis.com to send their advertisement for an AARP-branded insurance plan, all was not entirely well in this particular shot. For instance, the valuable quartz clock is not available in Nadine's home state (and apparently only in Nadine's home state). One would expect greater diligence from these professionals. Additionally, this message is the first one in ages to make an explicit reference to delivere.com. The HTML version of the payload attempts to retrieve an image from the server consumer.delivere.com, which is strange, since the name servers for delivere.com are unreachable (at least from any network to which I have access) and have been for quite some time. Odd. valoffers.com What can we say about this initial salvo (other than a minor carp about a missing ">" in the Message-ID)? Not much. We'll just have to wait for the inevitable Drizzle of Irresistible Offers. Which began to arrive on 19-Mar-2002, manifesting as Yet Another Free Cellphone Offer (YAFCO). Time for a new deny list entry. dartmail3.net On 22-Mar-2002 Nadine received a "privileged and confidential" offer of magazine subscriptions by Synapse Group Inc, from dartmail3.net, through flonetwork.com. tinglobal.com This is apparently an IMG Direct (optin-inc) operation. More information here. Sample here. The "strict Code of Ethics" bit is a hoot. jobsonline.com (emailoffersondemand, Toplander Corporation) One is tempted to speculate just who has demanded the email offers, of which Nadine received four in the three days that elapsed before the sender was carefully inserted into the deny list. Since three of them were very similar YAFCO advertisements -- two for AT&T Wireless, one for Voicestream -- on three successive days, the use of the phrase "this recurring mailing" was particularly apt. Sample here.

/. server part 5 (1, Informative)

reflexreaction (526215) | more than 12 years ago | (#3493403)

The Post-delivere/MatchLogic Late Comers: New Hogs At the Trough

How the list[s] containing Nadine's supposed email address propagated from here on is a matter of conjecture. None of the items received from this point on mention any of the original culprits. It may be that financial challenges accompanying the general bursting of the net.fantasyland bubble caused fire sales of various magnitudes.

Ombramarketing.com

First amongst the new gathering shadows was Ombra Marketing Corp., who began to bombard Nadine with a variety of offers on 18 April, 2001. They sent an average of four blasts per month. They are currently in the local deny lists, and are discussed in a number of other areas of the World Wide Web, for example here.

itsImazing: Is It a Threat or Merely a Menace?

Cometh now the "itsImazing.com Network" by and through its first spewer, (apparently) ted2.net. Especially touching are the parts that thank Nadine for "registering at www.mindsetinteractive.com", proclaiming that these valuable messages will only infest the mailboxes of those "...who have specifically requested or agreed to receive our special offers...". Who can imagine the spewage that might occur should the senders be minded to send their stuff to just any old address? (NOTE: on 13 December 2001 I personally began receiving itsImazing spew from etoll.net, directed to an address used only for registering Palm Pilot software. Time to update the deny list.)

Rumors on various anti-spam forums were that the "ted2" operation encountered some difficulties in maintaining its network connectivity. This is plausible, because subsequent detritus has issued from m-ul.com and TargitMail (see below). We did get one subsequent delivery attempt from ted2.net on 21 December 2001.

m-ul.com are currently in the local block list, but these stout-hearted troupers were not dismayed by this minor contretemps -- until 16-Jan-2002 they continued to exhibit earnest hope that eventually I would let them back in to molest Nadine.

Hah.

Meanwhile, the itsImazing menagerie continues to expand, with coopt.com making its long-expected arrival on 23 December 2001. itsImazing appears also to have attempted to sneak in on 27 December 2001 through the facilities of virtumundo.com. On 17 Jan 2002, PO-1.COM began their spew on behalf of itsImazing.

On 20-Feb-2002 Nadine heard from gossipflash.com. Oh joy. Yet another threat of more "exciting promotional offers".

Without a helpful local deny list, Nadine would be receiving several itsImazing announcements per day. Imazingly prolific and persistent folks.

The Grouplotto Flood

On the same day as the first itsImazing blast came not one but two vital messages from "Grouplotto", sent from networkpromotion.com. This was just the nose of the camel, as more than thirty messages containing the string "grouplotto" arrived between that date and 12 December 2001. (This does not take into account the ones that would have arrived had the senders not been blocked.)

Grouplotto are apparently more resourceful than some of the other contenders, since they appear to share their databases amongst an agglomeration of senders with diverse offerings (although itsImazing definitely gives them some crushing competition here).

Senders and product types identified so far include:

networkpromotion.com -- Gambling (what else?) and a special product (see below).
etracks.com -- Consumer products (phones, Motorola Talkabout radios, VISA cards, satellite TV systems, digital camera [oops, that's a premium for switching long distance service], a sports wagering system, foreclosed merchandise, DVDs from Columbia House, and a "Start A Profitable Home Business and Become Rich Using the Internet" opportunity that would have been hard to pass up. And one additional product, also sent from networkpromotion, which deserves its own separate section below.
ProcessRequest.com -- only one from them got through before they were chucked into the deny list: an offer for the American Express(R) Platinum Cash Rebate Card. They made two more tries on 12 December 2001, then nothing more arrived until 10 February 2002, when the envelope sender was "reedscienc@ProcessRequest.com".

All of the senders above are in the local deny list, so there may be other valuable commodities on offer that Nadine will never hear about, at least not from the Grouplotto Borg. etracks.com made multiple tries nearly every day until 13-Feb-2002. networkpromotion.com tried a little less frequently and apparently gave up after 26-Jan-2002.

Miss Cleo's Psychic Insight Blows a Fuse

The GroupLotto product singled out for special treatment was a series of breathlessly vital disclosures from Miss Cleo.

She Who Knows All was so convinced of Nadine's existence that she took the trouble to send a personal note. A short time later, apparently unfazed by the lack of response, Miss Cleo sent another enticing missive.

Perhaps the puzzling lack of response (should we assume that psychics can be puzzled?) led Miss Cleo to send a poorly formatted rerun of Message Two, this time through networkpromotion.com rather than etracks.com.

Who can fathom the mysterious ways of the Gifted? Gumshoes in Florida, perhaps?

TargitMail (GTMI, Walt Rines)

Here we have a true relic of the rip-roaring early days of unsolicited broadcast email. I will make no comments, other than to suggest that the reader who wants to know more may submit the strings "Walt Rines", "IEMMC" and "picklejar" to www.google.com and especially to Google's Usenet Newsgroup search engine, looking in the news.admin.net-abuse.* groups.

TargitMail began sending itsImazing stuff from various tm0[digit].net addresses on 28 November 2001, beginning with tm03.net. They subsequently have sent from tm01.net, tm02.com and tm04.com as well. All of these domains are in the deny list. They made their last successful delivery on 09 Jan 2002 with a nice itsImazing offer of great deals from Fingerhut, sent from the heretofore-not-blocked tm02.com. They were last seen in the server logs on 09 Feb 2002.

customoffers.com

As uninvited spewers go, customoffers.com is pretty unremarkable. They first showed up on 9 November 2001 and managed to blap in 17 messages before I finally blocked them. Like most of the others, however, being rejected with a "553 Depart Ye Cursed Spammers" message initially did not impress their infrastructure.

They appeared to have given up after 22 Dec 2001, but then something arrived from the Scott Hirsch operation claiming to be an advertisement for stuff from Sears.

em5000.com, em5000.net

On 28 November 2001 em5000.com began sending touts for ImazingOffers, winfreestuff, ItsAllAboutGreatOffers, Chase Manhattan Bank, gambling and college scholarships. Five messages in three days caused them immediate admission to the elite ranks of the blocked.

There is reason to believe that this was not the only list they have ended up in, as they changed IP blocks and reappeared as em5000.net, managing to slip two more in on 12 December before I noticed and updated their listing. Like so many others, they tried frequently for quite a spell.

02-Feb-2002: They are now using a new envelope sender, jdrmedia1.net

11-Feb-2002: This time they have decided to abandon even the pretense of using a valid envelope sender, and claim to be something "@bounce.37.121.144". This would appear to be a seriously dim move, given the number of systems that now refuse mail from an invalid envelope sender. But then, the whole operation seems to be characterised by a significant lack of wattage.

intervolved.net

This player sent the usual "thanks for signing up with us" note in late November, 2001. I am personally fascinated by the "if you don't opt out, you have agreed to our terms" bit. I'm also somewhat intrigued by their "This message is not intended for anybody living in a state that has an anti-spam law" clause. What do you suppose that means?

They went into the bozo bin after the third blast on 04 Dec 2001 and were last heard from on 06 Feb 2002.

ixs1.net, ixs2.net

Before joining the Chorus of the Banned, this domain pair sent Nadine four "winfreestuff.com" adverts, beginning with this one, in which the senders claim that Nadine visited their web site and entered a sweepstakes.

I suppose it is indeed possible that the real "Nadine" was still giving out the same wrong email address 613 days after committing the first error. Personally, I have confidence that she would by this time have noticed that nobody ever responded (at least not in a way that she could observe).

After a long hiatus, they made another attempt on 11-Jan-2002.

ROI1.NET (Img Direct)

Their first one is a keeper: entirely HTML, work-from-home opportunity, web tracking bugs. Plucky though blocked, they kept trying until 11 Feb 2002.

oii1.net, oi2.net, oihost.net (Optin Inc)

The first piece is an IMPORTANT NOTICE reminding Nadine that "per our TOS (Terms of Service), you wisely agreed to receive third party promotions from our network's preferred affiliates". I was so overawed by a mention of Terms of Service from this well-known Florida operation that I somehow managed to leave the web bug in while trimming the HTML portion.

A few days later, two copies of a "Confirmation" arrived, identical except that the second one fails to mention "Custom Offers". Perhaps I was too hasty in blocking customoffers.com and missed all of the valuable information about Nadine's voluntary subscription to this wonderful service. Life has its unexpected setbacks.

sendoutmail.com

Nadine received one message and a couple of subsequent blocked delivery attempts originating from this domain. A responsible party from this domain has contacted me personally, and I have responded to his request for the details of the messages sent to Nadine. Being convinced that sendoutmail.com is making a determined effort to adopt the most effective list management practices, I have removed the IP and envelope sender blocks against sendoutmail.com.

topica.com

This message was surprising and profoundly disappointing. I had been led to believe that topica.com were rather strict in their list verification standards. If they would like help in diagnosing the point of failure, I'll be happy to assist. Unfortunately they were still trying to deliver email as of 14- Feb-2002, despite numerous rejections (and several visits to this page from topica's corporate IP space).

DM360.com

The list is sold yet again. On 19 December comes an advert apparently for REI sent by dm360.com on behalf of network60.com. Visiting the link, however, just gets you to www.freebieclub.com, with no obvious REI involvement. What a tangled web.

This sender has made a sufficient number of subsequent attempts after being blocked to rate their own reject log page.

Later on in the piece (30-Jan-2002), we find that their erstwhile client, network60.com, has decided to take things into their own hands and do their own polluting of the general netspace. (Or, perhaps, the two entities are really joined at the hip. Who can fathom these mysteries without buying a programme from a passing vendor?)

Postmaster General (pm0.net)

This sender's customer at least doesn't bother to try the "thanks for signing up at our web site" prevarication or the "you visited a 'marketing partner' and requested drivel" pretense. The lack of HTML is also a redeeming feature. pm0.net was added to the parade of unwelcome intruders, and they hammered away until 02-Jan-2002. I removed them from the deny list on 15-Jan-2002 after having a conversation with the Mindshare Design Standards & Practices people, who convinced me that changes are afoot at pm0. If this turns out to have been an incorrect impression, I will note it here.

Bigfoot Interactive (bfi0.com)

I've always been fascinated by a "this message is confidential -- don't do like we did and send it to a completely unrelated party" clause in email and FAX messages. What exactly does the sending party in this case have to hide, might one ask?

Virtumundo.com / vmadmin.com

Here is an organism that claims that somebody who doesn't exist went to a web site (the same one the itsImazing folks claim she visited) and gave permission for them to send bunches of advertising.

What makes this all the more fascinating is that somebody from Virtumundo apparently visited us here a few hours before the spam started.

Interesting news: Virtumundo has announced a lawsuit against two list vendors, including Mindset Interactive, who provided the list for the message discussed above.

Scott Hirsch (edirect.com, offermail.net, eDirectNetwork, optin-offers.net)

This submission arrived in the wee hours of 30 December 2001. These notes were originally slotted to appear in the "Spamming Scum" section, in view of eDirectNetwork's colorful history of adding unwilling participants to its list of targets for valuable offers. Upon reflection, I decided that eDirectNetwork meets many but not all of the criteria set forth there -- at least, not recently. So, eDirectNetwork joins the other Florida operations here in the slightly more prestigious "Hogs" section.

The apparent proprietor, one Scott Hirsch, has been mentioned in the press from time to time. A brief Google search for this entity nets quite a bit of discussion of their, uh, methods. Those who want an example of the great care taken by this organization to verify that the recipients really want the advertising may observe eDirectNetwork spamming the abuse address here.

As for offermail.net, you have to admire the earnest, honest sincerity of a firm that in its domain registration gives its business address as the White House and its telephone number as toll-free information. Spiffy folks, to be sure. (And not entirely on the mark when it comes to research. An Authoritative Source has sent me tidings to the effect that the White House ZIP is actually 20500.)

I held off chucking offermail into the bozo bin because, I freely confess, I wanted to see what would happen next. I speculated that Scott might read this and spoil my fun. It has been several months since he has hit one of my personal addresses.

However, on 03-Jan-2002 "what happens next" was not at all unusual as spam goes (although I do have to wonder whether the return-path account name is a bit spelling-challenged). So, I blocked offermail and waited to see: would they pay any attention to bou[n]ces?

Nope. (But they did eventually fix Irma La Bouce).

Then, on 09-Jan-2002, our dear comrades at CustomOffers apparently leaped into the hammock with our friends at eDirectNetwork and sent Nadine an important custom offer for Sears Custom Fit Windows. Shades of Diana Mey.

And then, sent to the "Tagged by SPEWS" sump by an incorrect mail sorting filter, there is this gem, in which Scott urges Nadine to consider plastic surgery for breast augmentation.

Time to bung eDirectNetwork into the deny list and give them their own rejection log.

On 13 Jan 2002 another metamorphosis occurred, and stuff started arriving with an envelope sender of optin-offers.net. I was not particularly quick on the deny list entry update, and ol' Scott managed to slip in two more that afternoon. The first was a delightful Path to Sudden Wealth blandishment, which offers yet another Work From Home and Make Big Bux opportunity. The other one was sent apparently on behalf of Gevalia Coffee, who certainly should know better.

PO-1.COM

Yet another itsImazing tentacle put its suckers on the window on 17-Jan-2002, with threats of even more exciting offers soon to festoon the lonely inbox. Into the bin with them.

Mediatrec

Transmissions with an envelope sender of something@MEDIATREC.ROI1.NET were a regular occurrence here until they halted suddenly on 3 January 2002. Then on 19 January 2002 this mysterious piece arrives, with its peculiar "sorry to see you go" clause, but with links that appear to point strictly to an opt-out function.

Curious to see what their list management practices might be, I visited their web page, signed up for their mailings and waited to see what would happen. A short time later this confirmation message arrived, inclining me to the belief that they do indeed practice safe mailing, at least as far as new subscribers at their own web site are concerned. Time will tell.

24-Jan-2002: What time tells us is that they don't practice safe mailing when purchased lists are involved, as they dropped this item in the hopper on behalf of VoiceStream Wireless. So, into the deny list they go. Bon voyage. The record of their rejected delivery attempts is here.

16-Mar-2002: They've been averaging more than one futile attempt per day for quite some time, sending from the myz.com IP block at 65.105.159.*. Perhaps others have blocked myz.com and/or the mediatrec.com envelope sender, and they needed to find something that would temporarily let them get through. Regardless of the reason, they are now sending from mediatreclists.net, from their own IP space. Since they dumped five days of pent-up traffic on Nadine this morning, it seems likely that they saw a high non-delivery rate with myz.com and needed to make up for lost time. Here is one for Full Access Medical, the subject of many a search-engine visit to this site. Those interested in an exclusive money- making program need go no further than here. Maybe a free cellphone? Fancy an unsecured credit card (of unspecified type and issuer)? DVDs from Columbia House? It's all here, whether you have the sense to ask for it or not (assuming that you exist at all, of course).

So, into the Plonk-O-Matic with mediatreclists.net.

DirectNet Advertising (dnadv.com, valudesk.com, valudesk1.com)

These folks have enjoyed some popularity amongst those who receive and report spam. Nadine also received the "Free Chocolates" spam mentioned in some of those reports. In the non-HTML portion, they began their Nadine involvement with no attempt to explain how they came into possession of Nadine's address. Only if you browse down to the web-encumbered portion do you see the shift of blame to "valued marketing partners" and the typical threat to continue the bombardment if no opt-out action is taken.

Before the opportunity arose to add this section to the story, somebody from a network address belonging to dnadv.com spent half an hour or so reading Our Saga. I hope they come back, now that they are a featured character.

NETWORK60.COM

On 30-Jan-2002 there comes a "Membership Confirmation for NADINE" from an already-familiar denizen of the swamp.

We first encountered network60.com as an apparent client of DM360.COM. One is tempted to speculate about the tendency for apparent clients of spewers-for-hire to begin doing their own spewing, as is for example the case with Mediatrec and ROI1.NET.

When the spewing for RadioStakes apparently began in earnest on 08-Feb-2002, the envelope sender "NETWORK60.COM" went into the bozo bin.

Two-River.com (Harvest Marketing, GDTRFB.COM)

On 16-Feb-2002 we first hear from the Two-River Co-op, formerly known as Prime Offers but calling itself Harvest Marketing in the domain registry. We receive the welcome assurance that "Two-River Co-op never sends unsolicited email", but are forced to ponder: if the commercial relationship is launched with such a transparently fraudulent statement, what sort of confidence shall we have in the worth of the commercial offers?

Again on 15-Mar-2002 we see that things haven't changed much.

And on 20-Mar-2002 it would appear that AOL needed some assistance with their sales programme, with a little help from dnadv.com, for reasons best known to those who best know reasons.

Alas, it looks like it is time for the bin for Two-River Co-op. The envelope sender on the most recent atrocity was . River.com is apparently an unrelated domain in Colorado, whereas two-river.com is in New Hampshire and gdtrfb.com claims to be in New Jersey. Considering that the delivering server calls itself "two.river.com" when in fact it is listed as "jupiter.gdtrfb.com" by its own DNS server, and looking at the river.com web site one may perhaps be forgiven for exhibiting a modicum of doubt that river.com has any involvement with these misdeeds. And in fact my communication with the actual owner of river.com confirms that river.com has no connection with two-river.com and has not authorized them to use a river.com address or host name.

mxsys.net (dandyoffers.com, youclickhere.net) on behalf of memolink.com, dreammates.com et al.

Pretty ordinary. First a mailing for memolink.com, then another one that seems less than fully suited to the demographic information that DandyOffers presumably purchased along with a bogus email address.

On 25-Feb-2002 there was another spam for Sonix Systems / AT&T. Since I'm getting spam from mxsys.net for the "imesh" list to another bogus address @honet.com, there's no obvious reason not to award mxsys.net a prime spot in the bin forthwith. And since they've persisted in knocking at the gates, let's give them their own reject log.

sign2002.com

The presence of links to www.opt-track.net in this piece suggests that sign2002.com is just a new disguise for the masters of opt-in-ness, Optin Inc. Regardless, it has the exceedingly tiresome mendacity "This message was not sent unsolicited. You are currently subscribed to the Open2Win mailing list". As if "you are subscribed" somehow transforms an unsolicited message to a nonexistent person into a legitimate, requested communication.

Gag.

Then again, I'm interested in whether the folks at discounts.com, who don't seem to be affiliated with anybody mentioned in this message, would approve of the apparent sender being "HotelDiscountCard@discounts.com". Hmm... staff@webmagic.com seems to be the place to knock. 27-Feb- 2002: Email from webmagic.com gives me the distinct impression that they aren't too happy with this use of their domain name. Imagine that.

Meanwhile, on 26-Feb-2002 the next piece arrives, signaling that The Hour of The Bozo Bin has arrived for sign2002.com.

Exactis

As a proud carrier of the "Motel Six Discount Card" (or AARP membership, as it is sometimes called) I note that in this piece The Hartford makes some sensible use of the demographic information that somebody fraudulently sold them.

Although they wisely chose exactis.com to send their advertisement for an AARP-branded insurance plan, all was not entirely well in this particular shot. For instance, the valuable quartz clock is not available in Nadine's home state (and apparently only in Nadine's home state). One would expect greater diligence from these professionals.

Additionally, this message is the first one in ages to make an explicit reference to delivere.com. The HTML version of the payload attempts to retrieve an image from the server consumer.delivere.com, which is strange, since the name servers for delivere.com are unreachable (at least from any network to which I have access) and have been for quite some time. Odd.

valoffers.com

What can we say about this initial salvo (other than a minor carp about a missing ">" in the Message-ID)? Not much. We'll just have to wait for the inevitable Drizzle of Irresistible Offers.

Which began to arrive on 19-Mar-2002, manifesting as Yet Another Free Cellphone Offer (YAFCO). Time for a new deny list entry.

dartmail3.net

On 22-Mar-2002 Nadine received a "privileged and confidential" offer of magazine subscriptions by Synapse Group Inc, from dartmail3.net, through flonetwork.com.

tinglobal.com

This is apparently an IMG Direct (optin-inc) operation. More information here. Sample here. The "strict Code of Ethics" bit is a hoot.

jobsonline.com (emailoffersondemand, Toplander Corporation)

One is tempted to speculate just who has demanded the email offers, of which Nadine received four in the three days that elapsed before the sender was carefully inserted into the deny list. Since three of them were very similar YAFCO advertisements -- two for AT&T Wireless, one for Voicestream -- on three successive days, the use of the phrase "this recurring mailing" was particularly apt. Sample here.

/. server part 6 (1, Informative)

reflexreaction (526215) | more than 12 years ago | (#3493419)

Nadine's Address Escapes Into the General Domain of Spamming Scum

Before the messages below arrived, there was still a slim but tangible pretense that this stream of offal was some how "opt-in". The senders sent from their own equipment at [relatively] stable IP addresses; most of the senders were contactable by one means or another. Some of them even made detectable efforts to be legitimate, ethical businesses. Some of those appear to have failed more through lack of competence than lack of ethics (although it is important to note that the net effect is the same, in the end).

Such is not the case with the senders in this section.

Demonstrably they are fully aware that

Their material is unwanted.
The addresses they send to are largely scraped from public forums such as Usenet newsgroups, web pages and user profiles -- places where people reveal their email addresses with no expectation whatever that they will become the victims of postage-due electronic advertisers.
System owners will take measures to block their transmissions.

With this set of facts in mind, they take steps to evade, whenever possible, efforts to stop them from blowing their trash into people's mailboxes. These steps include

Sending from "throw-away" dial-up accounts. Eventually enough complaints will arrive at the dialup provider that the account they are using will be deactivated for network abuse. But they expect this, and have opened a large number of such accounts; when one account is cancelled, they merely proceed on to the next.
Hijacking email servers -- there are still many email servers that will allow anybody to use them to send email. By setting their spewing software to send through these open relays, spammers gain several benefits, chief amongst which is that they can consume someone else's bandwidth to do their dirty work. By rotating their spews through a large number of servers, they increase the likelihood that they will be able to bypass countermeasures in place at their targets' providers.
Adding "filter busters" (strings of nonsense characters) to the subjects and bodies of their messages, in the hope of confusing filters that look for known spam messages.

The "AmyWilson@btamail.net.cn" Spammer

Messages with this "From:" address (and multitudes from other addresses taking the form "[some female name with surname]@btamail.net.cn") have arrived here before, all sent to addresses that either were scraped from Usenet posts or were the targets of spammers before honet.com was even registered as a domain.

In this case, we see a message with classic "spammer" hallmarks -- origination from a dialup, sent through hijacked servers. It claims to have been sent on behalf of Sonix Systems, LLC, an AT&T wireless dealer.

Random spam through ptt.ru

Those who track spammers as a hobby or a full-time job will recognize a number of familiar things here, assuming they want to wade through atrocious quoted-printable-mangled HTML.

Inept Pump-and-Dump Stock Scam from optinservices.com

Here we have an exceptionally incompetent attempt at shady activity. First, the spammer unwisely chose to steal relay services from a Korean server that failed to mask the sending IP address (65.213.157.9), which belongs to optinservices.com, supposedly in Pompano Beach, FL. Then, the HTML payload appears to have been prepared with Microsoft Word, which inserts abominable amounts of cruft but also embeds intriguing information, including the apparent original author's names, which in this case appear to be "Natalie Morgen" and "ECogen". Finally, it was sent with an unreachable domain, offers4utoday.com, in the envelope sender; this will cause lots of well-run systems to reject it immediately. As spammers go, this lot are not leading the league.

And of course, in keeping with the Sacred Traditions of Spamming, the usual "Murkowski" S1618 disclaimer demands that we accept this piece as legitimate communication, even though this legislation was never enacted into law (and even if it had been, this spam doesn't actually comply with it).

Wanting to share the joys this gem has brought, I sent a copy to the "enforcement" mailbox at sec.gov. Perhaps they will find it valuable.

4optinonly.com: The Buffoonery Continues

The next day after the optinservices.com fiasco, we hear directly from 4optinonly.com, the domain that appeared in the "remove from list" link above. Oddly enough the sending server called itself "optinservicesco" when it connected here, even though its IP address carries the whimsical name "optin2.4optinonly.com". Ah, well, at least both of the supposed senders are named "Debra" and they both tell us that Nadine is a subscriber to the eNetwork mailing list.

The overwhelming impressions of honesty and competence here would certainly motivate me to seek an unsecured gold card through their ministrations. I'd probably make some investments, too. Yep.

13-Mar-2002: Not wanting to leave any doubt about who was responsible for the first stock fraud missive, but keen to clean up the MS-Word-to- HTML disaster, they resend a less-crufty version of the original not-from-a-Kim-and-Eddie-Marin-IP tout. Oofta. Hyphen city.

Then on 26 Mar 2002 the menagerie is augmented by a piece from addmeat.com/addmeat.net for quickenloans.quicken.com, and on 29 Mar 2002 a new but still MS-Word-cruft-infested version of the LKNG pump-and-dump stock tout.

Re:/. server part 6 (0)

Anonymous Coward | more than 12 years ago | (#3493535)

Please don't mod this 'Redundant.' This was the only way I could read it, and now.

POOR MODDING!!! (1)

crawdaddy (344241) | more than 12 years ago | (#3493547)

This is not redundant! This is the easiest way to read the whole thing!

Re:Old News (1)

spood (256582) | more than 12 years ago | (#3493339)

I feel bad for the "mirror" site you just provided. On the page:

PLEASE NOTE: A mirror of this page is also available with better bandwidth courtesy of Al Iverson at spamresource.com.

As a side note, I didn't realize Iverson was such a big anti-spam proponent. That must be what is keeping him from going to practice.

Re:Old News (1)

leviramsey (248057) | more than 12 years ago | (#3493400)

As a side note, I didn't realize Iverson was such a big anti-spam proponent. That must be what is keeping him from going to practice.

ROTFLMAO!

For those Slashdotters who do not follow US Sports, Allen Iverson [nba.com] is a guard for the Philadelphia 76ers [nba.com] .

Re:Old News (1)

spood (256582) | more than 12 years ago | (#3493467)

I thought that might go over most /. heads. But it was worth a shot. His half-hour interview this week cracked me up.

Re:Old News (1)

leviramsey (248057) | more than 12 years ago | (#3493597)

It took me a second to get it....

I'm kind of ashamed to admit it, but I was watching The Best Damn Sports Show, Period last night, and their interview with Iverson for an unpaid internship was priceless.

GO CELTICS!

Re:Old News (4, Funny)

gambit3 (463693) | more than 12 years ago | (#3493483)

yeah, but at least it was the SAME Old news [slashdot.org] that it was yesterday!

I've read this before (spoilers) (4, Funny)

Telastyn (206146) | more than 12 years ago | (#3493284)

Apparently the story is about a slashdotted webserver...

nice job! (5, Funny)

flynt (248848) | more than 12 years ago | (#3493291)

We've all accidentally typed in a wrong email address sooner or later.

Classic Slashdot grammar!

Um... Rather... (0)

Anonymous Coward | more than 12 years ago | (#3493320)

you mean "total lack of knowledge of grammar and/or spelling", don't you?

indeed.

even better. (1)

www.sorehands.com (142825) | more than 12 years ago | (#3493405)

Back in 1995, I started getting email from this woman who was having an affair with a married man.

The email talked about their time together and how she was having second thoughts when she called his house and his wife answered.

I responded that she must have the wrong email address. No more messages.

good (-1)

LOTR Troll (544929) | more than 12 years ago | (#3493302)

careless people deserve what they get.

.. _ ..| | ..| | __| | ||||||||||

The site is already down.... (1)

happyhippy (526970) | more than 12 years ago | (#3493304)

Cant access anything.

it couldnt be /.ed so soon?

Re:The site is already down.... (1)

slackerweb (313212) | more than 12 years ago | (#3493563)

Why are people always surprised when a site gets /.ed ?

Typoing your email address can be a drag (5, Interesting)

PEN15 (571763) | more than 12 years ago | (#3493306)

Several years ago, I made a typo in my email address when I was updating the contact info for a domain name. Without double-checking I sent the confirmation back to InterNIC. It wasn't till the next day that I realized the mistake. In order to get things back under control, I actually had to register the typoed version of my domain name, so that I could receive InterNIC's mail there.

It's the kind of expensive mistake you only make once! :)

I kept the typo'd domain for esoteric value, and yes, I now get plenty of spam there. Some things never change.

Re:Typoing your email address can be a drag (0)

Anonymous Coward | more than 12 years ago | (#3493401)

Your could have faxed in an approval for a change to correct the error, either on official letterhead or with a copy of your photo ID...

Why not fix it the old-fashioned way? (3, Informative)

WebCowboy (196209) | more than 12 years ago | (#3493431)

A bit OT but...

If you made a mistake in your contact info, you could've rectified the problem by voice phone and fax. That's what I did when the contact info for a domain I registered had to be updated because the email was an expired domain for a now-defunct company. Network Solutions had surprisingly good customer service and once they verify the credentials via fax (or even snail-mail) they will make any changed required without the use of email.

That way seems low-tech and backwards, but you don't need to register an otherwise useless domain and it costs nothing more than your time (certainly mot much more than the trouble of registering a domain and setting up the DNS).

Us techie types should be careful not to overlook the most simple solution because it is low tech...

OTOH, the useless domain could be useful to keep track of how many OTHER people make that typo...kinda like the Slashdor site [slashdor.org] ...

Re:Why not fix it the old-fashioned way? (1)

Juggle (9908) | more than 12 years ago | (#3493555)

I'm even more screwed. The e-mail address for my main personal domain is for an account I no longer have. The phone number they have is for a cell phone I no longer have. And the address is a house I no longer live at (But since it's my parents I still get mail that's sent there).

When I contacted NSI they said the only way they'll let me update my info is if I can provide them will a bill in my name sent to the address I have the domain registered with. But I no longer have any bills going to that address!

I'm half tempted to just use one of the snailspam credit card offers I keep getting to get a bill at that address so I can change my registration info.

For now thankfully the bill from NSI still comes to that address and gets forwarded to me but they won't accept their own bill it's got to be from someone else. So I can still pay and keep the domain but I can't make any changes or get it back under my control.

Re:Why not fix it the old-fashioned way? (0)

Anonymous Coward | more than 12 years ago | (#3493564)

It's not about high-tech vs. low tech solutions, it's about basic geek-psychology. Geeks need to hide behind their technology. Speak on the phone? Not when you can register another domain through the WWW!

Typoing email address for slashdot (0)

Anonymous Coward | more than 12 years ago | (#3493457)

I made a typo while changing my email address in slashdot's preferences. Now I cannot change my email or password. Go figure....

Re:Typoing your email address can be a drag (3, Funny)

brer_rabbit (195413) | more than 12 years ago | (#3493529)

kind of like mistyping a stock ticker? Buying 100 shares of SUN versus SUNW can be pretty pricey (and no, I wouldn't know anything about such an incident. I'll deny it all).

Nadine walks into a bar..... (0)

YoPt (172577) | more than 12 years ago | (#3493307)

with a server under her arm......

One comment and Nadine is down (0)

Anonymous Coward | more than 12 years ago | (#3493314)

This is the fastest I've seen a site get slashdotted. There was one comment and one "reply beneath me". Sad.

All your base... (5, Funny)

Debillitatus (532722) | more than 12 years ago | (#3493317)

We've all accidentally typed in a wrong email address sooner or later.

What you say?!?

Re:All your base... (0)

Anonymous Coward | more than 12 years ago | (#3493359)

all your email addy's belong to...

yeah whatever...

w00t.

Re:All your base... (0)

Anonymous Coward | more than 12 years ago | (#3493476)

there is no chance to survive, make your time?

Now what about spam-terror? (1, Interesting)

Geekonomical (461622) | more than 12 years ago | (#3493319)

Now, people can use these rogue websites to their advantage and spam the hell out of people they don't like. So one way or the the others spammers will get to you.

I think the next big invention in internet and computing is a fool proof way to detect and stop spam.

"Resistance is futile"

Re:Now what about spam-terror? (1)

ackthpt (218170) | more than 12 years ago | (#3493513)

I think the next big invention in internet and computing is a fool proof way to detect and stop spam.

You may be on to something there.

Forward into the future 5 years...

In Today's News, National Spam Destructor Corporation has tendered an offer of 20 billion in stock to buy out the remainder of Hewlett Packard (HPQ); Spamtek insiders have revealed shreading of documents, while Spamtek replacement legal counsel Bernard Fritzman has released a memo, detailing how email routers were arranged to send spam from California into Nevada and back, allowing the scandal rocked corporate giant to increase the cost of filtering spam over the California intra-state price caps, congressional hearings will resume next week; Chinese officials claim their missile attack and attempted invasion of Taiwan was warranted by spam barrages which originated from a Taipei elementary school open relay and had suitably paralyzed mainland communications networks, justifying military action; NASA, Inc's CEO Jeb Bush states that the Hubble Space Telescope is working again after it had been hijacked by a worm in company email which redirected it to Betty Lou Frimple's unshaded bedroom window and her interlude with her significan other was broadcast over the internet via an AOL/TW/Pr0ncomm web page...

Re:Now what about spam-terror? (5, Informative)

reaper20 (23396) | more than 12 years ago | (#3493536)

It's not perfect, but Spamassassin [spamassassin.org] is pretty damn close.

Re:Now what about spam-terror? (1)

shawdog (128341) | more than 12 years ago | (#3493542)

Just the next big invention? I think finding a fool proof way to detect and stop spam is the HOLY GRAIL of the internet and computing!!

Prevention measures (5, Interesting)

yoyoyo (520441) | more than 12 years ago | (#3493324)

This sort of thing could be avoided if companies used confirmed opt-in. That is, when you enter your email address they send an email address to that account with a unique url in it. They only email you their newsletters if you you click the link.

That also prevents your email address from being maliciously signed up to these sorts of lists, so it's the sort of thing every reputable mailing list should do.

Of course, no spammer is going to bother with confirmed opt-in, so we need to go after ISPs that allow these non-confirmed lists to remain on their net-space.

--

Re:Prevention measures (2)

Wolfier (94144) | more than 12 years ago | (#3493575)

How about - if you enter your address they send you an HTML email with an embedded web bug that automatically gets a link with an ID?

You don't even have to click any link...just opening the email is enough.

Of course I block my email client from getting external images... ;)

Re:Prevention measures (0)

Cenam (567580) | more than 12 years ago | (#3493584)

it could also be stopped if we just put all the spammers(and thier malicious software, and the people who wrote it) on the island of cuba then nuke the bastards to hell:)

In case of /. effect: Nadine the first part (0, Redundant)

kernelfoobar (569784) | more than 12 years ago | (#3493327)

Background Information honet.com is the Internet domain owned by Home Office Networks, a tiny network service and consulting company located in Frisco, Texas. For various reasons that seem good to its owners, its mail server accepts any and all email sent to addresses at honet.com, whether or not the accounts exist. There are many other organizations, both small and large, for which this is true. (For example, the domain honet.be also accepts mail for invalid accounts and later issues a "delivery failure" notice.) Because there are quite a few similar domains scattered all over the Earth, honet.com gets a steady trickle of misdirected email -- contracts, confidential product marketing plans, shipping manifests, students' homework, embarrassingly intimate personal notes, family holiday photos... and mailing list spam. Mailing list spam happens when somebody gives an email address that they don't actually own to the owner of a mailing list. This may occur by accident (a typing error, perhaps) or intentionally (for example, giving a false address to avoid receiving unwanted email). If the mailing list is properly administered, this is not really a problem -- when the "please confirm that you have signed up" message arrives, nobody exists to respond to it, and the address drops off the list. Unfortunately, there are still a great many lists that are not managed responsibly. As a result, quite a few bogus honet.com accounts regularly receive email that is being sent to a nonexisting person. If the mailings persist I eventually toss the sending domain into the local mail server's deny list. Alas, the list owners often will continue sending email no matter how many "No Such User" bounce messages they receive, and no matter how long all attempts at communication from their domain to this one are rejected. This is a serious problem for the Internet's email system, and it will become even more serious as time goes on, if nothing is done to awaken the many thousands of owners of legitimate (but unconfirmed) email lists. This web page recounts the ongoing story of one undead and undying bogus account, created by mistake but gathering ever more and more useless advertising traffic. I offer it in the hope that some of those who are laboring to preserve the Internet email system as a tool of business and personal communication may find its lessons useful. Next: Nadine -- The Story Begins

Vick Nardoza! (-1)

LOTR Troll (544929) | more than 12 years ago | (#3493330)

The Michael Richards show 4 ever!

/. ed (0)

unixmaster (573907) | more than 12 years ago | (#3493334)

Damn if you want to DDOS a website just post some fake news about it. lol

That Site is KAPISHED! (-1, Redundant)

Mike Mentalist (544984) | more than 12 years ago | (#3493337)

Wow. I pop onyo Slashdot, see this story is top of the page, and it only has one reply.
I try to read the article, and...

For 30 seconds Opera says 'Sending Request to www.spamsource.com'. It finally starts loading at a measly 3k/sec on my 512k connection. Obviously, I am part of the 'Slashdot Effect' statistic by trying to read the article, but still...

No wonder all the trolls and 'frist spots' are the first to post, as no one CAN read the article until the poor sod who owns the site rings up their ISP (probably AOL), and cries down the phone at tech support.
Meanwhile, AOL cancel this persons account for violating their T&C's, and it all goes pearshaped from the on...

Idea!!! Lets get revenge! (3, Funny)

jeanluisdesjardins (577209) | more than 12 years ago | (#3493341)

Lets start slashdoting spammers!

Re:Idea!!! Lets get revenge! (0)

Anonymous Coward | more than 12 years ago | (#3493374)

Well post a link to a "remove" list then. If we each add ten bogus addresses to the same remove list, it could be badly damaged. click here to be removed [mouse-potato.com]

Try this.... (0, Offtopic)

crumbz (41803) | more than 12 years ago | (#3493342)

To block unsolicited spam, try a front-end filter service like MailWatch.com

google cache of slashdotted article (0)

Anonymous Coward | more than 12 years ago | (#3493343)

http://216.239.51.100/search?q=cache:PzYbVLt75vYC: www.honet.com/Nadine/default.htm+&hl=en&start=1

starwars episode 2 script here (-1, Offtopic)

Anonymous Coward | more than 12 years ago | (#3493346)

http://www.script-o-rama.com/

Both sites choked - Google to the rescue (5, Informative)

Seth Finkelstein (90154) | more than 12 years ago | (#3493349)

Bandwidth-choked.

Read it off the Google cache [google.com]

(Note to people accusing me of karma-whoring: The search formatting above is non-obvious)

Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

Re:Both sites choked - Google to the rescue (5, Informative)

jafuser (112236) | more than 12 years ago | (#3493416)

I happened to catch this article just as it came up on Slashdot so I managed to get most of the pages before they disappeared.

Mirror [pantherweb.org]

Your link no workie (0)

Anonymous Coward | more than 12 years ago | (#3493442)

no workie I say

a summary, please, anyone? (1)

chocolatetrumpet (73058) | more than 12 years ago | (#3493499)

Could anyone sum up this story for me? I had a hard time trying to understand what's happening based on a bunch of disjunct google cache pages. I don't know why a single page could have been used.

All I can get at now is that someone mistyped an email address, and that mistyped address was spammed to hell. What's the loss besides some unnecesary traffic?

What you say? (0)

Anonymous Coward | more than 12 years ago | (#3493362)

Nadine set us up the bomb. She get signal.

Message to Al Iverson: (0)

Anonymous Coward | more than 12 years ago | (#3493371)

While I appreciate the service you provide the Internet community in running www.spamresource.com, I think I speak on behalf of all Sixers fans when I say that that time would be better spent showing up for team practices.

I do it all the time (1)

Target Drone (546651) | more than 12 years ago | (#3493379)

I "accidentally" type my email address in wrong all the time when I'm filling in those dam free registration required so we can send you spam/special offers/propaganda web forms.

Re:I do it all the time (0)

Anonymous Coward | more than 12 years ago | (#3493439)

or jamie@mccarthy.org
or pater@slashdot.org

for telephone numbers I use the telephone of the judge who couldn't tell the difference between an operating system and a desktop:
"Honorable" Charles F. Eick [uscourts.gov] know what you think of his decision:
give him a call at (213)894-5234, fax to(213)894-3335, or write him:
The Honorable Charles F. Eick
United States Magistrate Judge
United States District Court
United States Courthouse
312 North Spring Street
Los Angeles, CA 90012

The judge, is the ideal customer. He has signed up for many mortages, penis enlargers, and various other goodies.

You too? (0)

Anonymous Coward | more than 12 years ago | (#3493441)

Wow, here I thought I was alone.

=+=+=+=+=+=+=+=+=+=+
Bob@bob.com
Internet Scapegoat
Phone: 977-882-2515
Fax: 977-882-2514
=+=+=+=+=+=+=+=+=+=+

Re:I do it all the time (1)

zaren (204877) | more than 12 years ago | (#3493493)

I hope there isn't actually a foo@bar.com out there, because I use that name quite often when I need to feed a form an email. That, or uce@ftc.gov...

Re:I do it all the time (1, Informative)

Anonymous Coward | more than 12 years ago | (#3493554)

Looks like bar.com belongs to Mike O'Connor of St. Paul, MN. Every time somebody sends mail to your "joke" address, Mike suffers -- just like honet.com in the example above.

I'd suggest using example.com (which is reserved, so nobody will ever suffer) or else the domain name of the company you're sending the form to (which will encourage them to start confirming subscriptions.)

Re:I do it all the time (1)

nusuth (520833) | more than 12 years ago | (#3493589)

I suddenly felt sorry for the owner of joe@home.com

spam - the phone game (1)

codingbytes (577572) | more than 12 years ago | (#3493387)

reminds me of a commercial. I gave my email address to a friend. And they gave it to a friend.... And they gave it to a friend... One way to block spam that works for me is to filter "good" emails instead if bad ones. i.e. all your friends emails will wind up in one inbox, all the more uncommon emails will end up in another. Then deletion is much easier. Separate the wheat from the chaff.

An actual link to the Google cached copy. (1)

amarodeeps (541829) | more than 12 years ago | (#3493396)

Re:An actual link to the Google cached copy. (0)

Anonymous Coward | more than 12 years ago | (#3493590)

I am sick of you karma whores always mentioning that you are karma whoring.

I'm no email antispam guru... (1)

tonywong (96839) | more than 12 years ago | (#3493413)

But why doesn't someone do this deliberately? That is, create a domain for the sole purpose of receiving spam only, and automating a banned email list to other servers.

Of course the true domain name would have to be kept secret, but it should cut down on a significant amount of spam to the other servers, and reduce the workload on email admins.

Re:I'm no email antispam guru... (1)

Wild Wizard (309461) | more than 12 years ago | (#3493523)

a domain with the MX record set to 127.0.0.1 so that it sends the spammers mail server spastic

Re:I'm no email antispam guru... (2, Informative)

Caradoc (15903) | more than 12 years ago | (#3493532)

You mean, like SPEWS? http://www.spews.org

I am not SPEWS.

Ok, that was weird (0)

Anonymous Coward | more than 12 years ago | (#3493414)

By chance I happened to be reading that site when it got slashdotted. I couldn't figure out why it stopped responding...

I had been looking for info about a spammer called customoffers.com (they spammed nadine). Anybody else being suddenly bombarded by these clowns? Anybody else notice that exodus.net is ignoring abuse reports?

-Andy

Re:Ok, that was weird (0)

Anonymous Coward | more than 12 years ago | (#3493425)

Can you say "pink contract," boys and girls?

Actually, this is a bit better: (1)

amarodeeps (541829) | more than 12 years ago | (#3493427)

A link to a Google search of pages which link to the original page. Since the original is all links, this will probably be more helpful. Obviously, try clicking on the cached version, duh...

http://www.google.com/search?hl=en&lr=lang_en&num= 30&q=link:PzYbVLt75vYC:www.honet.com/Nadine/defaul t.htm [google.com]

nadine /. (1)

n4zgl (578195) | more than 12 years ago | (#3493446)

now it IS /., :)

Mirror (1)

Kizzle (555439) | more than 12 years ago | (#3493459)

Google mirror [216.239.51.100] of the article.

Red and puffy (-1, Offtopic)

Estevan (454147) | more than 12 years ago | (#3493462)

This happened to me once, the doctor said to simply use some over-the-counter ointment 3 times a day for a week and that would clear it up.

EDIT: Wups! I thought this was a different message board. Sorry about that , heh :)

I hate spam, but ... (5, Insightful)

smoondog (85133) | more than 12 years ago | (#3493464)

Perhaps I'm confused (or maybe it is because I got bored and only read 10 of the many links on that page), BUT, I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.

In my experience, trying to follow up or research these spammers is generally a useless waste of time. Bounce them, sue them or further change the law. Doing more is just going to frustrate yourself, IMO. Remember when you call around and get put on hold and follow the paper/isp trail you are wasting a lot more of your time than theirs.

-Sean

Re: The point of the Nadine story (5, Insightful)

gorbachev (512743) | more than 12 years ago | (#3493514)

The real point of the Nadine story is demonstrating how spammers are reselling and distributing spam lists.

Some of the spammers hitting Nadine's Email address are trying to act as responsible members of the bulk emailing industry, while at the same time blatantly violating online privacy policies (their own, and their list suppliers') left and right.

The point of the story is to point out how effective "industry self regulation" really is.

Proletariat of the world, unite to kill spammers

Re:I hate spam, but ... (4, Informative)

Mr.Intel (165870) | more than 12 years ago | (#3493557)

I don't find the story of Nadine all that unique or interesting. I get piles of spam everyday and I haven't opted-in to anything. My most spammed address gets over 100 messages a day.

Perhaps the story itself is not so unique, but I find his analysis very important to understand.

From the essay [honet.com] :

"Subject only to the agreements and contracts that an Internet entity has with its providers and customers, that entity is absolutely sovereign within its own domain. Service providers and system administrators are completely free to decide to accept or reject any network traffic they choose; they simply must accept whatever reactions such decisions may evoke from those with whom they have agreements.

An individual consumer's service providers have absolutely no economic incentive to provide transit and storage for advertising, especially advertising delivered by email. On the contrary, many providers have discovered that swift remedial reaction to consumer complaints about unwanted communications can both increase customer loyalty and decrease operating costs. As a result, the unwritten "I will carry your traffic if you will carry mine" agreement is subject to re-evaluation, with the possible conclusion "I don't care whether you carry my traffic or not, so I won't carry yours." And there are many ways to say "I Won't".

He states that this goes against the very flow of information that transpires in other forms of media. I find it fascinating that people expect to have a captive audience on the Internet because they did on TV, radio and magazines. Frankly, this is a new world and it isn't governed by the same rules.

Re:I hate spam, but ... (3, Informative)

qrys (153769) | more than 12 years ago | (#3493583)

I think I am under that same impression as you are. Someone's getting a lot of spam? Who cares. I get tons of spam. My hotmail account (as listed above) gets at least 20 spams a day probably more- but that's why I still have it around. (Although my main e-mail still gets some spam).

Are there people out there that really care?

I thought there was supposed to be something gone terribly wrong in this article (like someone killed as a result of spammers)...

Much ado about butt-kiss..

Could someone summarize this story with one word? (1)

Neil Blender (555885) | more than 12 years ago | (#3493490)


Oh, wait, I can:

Spam.

Move along, nothing to see here. Nothing you haven't seen already or will continue to see for the rest of your lives.

Tip (2, Informative)

slugo3 (31204) | more than 12 years ago | (#3493508)

Sign up for a Yahoo email address and use that address when signing up for anyting. Dont most people do this? I know i do and it keeps my real address relitivly clean where my "sign up" address gets hundreds of emails a week.

What to do (1)

WillSeattle (239206) | more than 12 years ago | (#3493518)

1. Use uce@ftc.gov as your browser email address while surfing.
2. Use president@whitehouse.gov as your login address when signing up for something.
3. Use spamcop.net if you have the time.
4. If using PINE, then BOUNCE all spam to at least uce@ftc.gov
5. If using Microsoft email - um, well, you've got problems - you might as well give up now.

-

Re:What to do (1, Informative)

Anonymous Coward | more than 12 years ago | (#3493568)

Pine's "bounce" feature will modify the headers of the message, with the result that it's harder for the recipient to figure out who sent you the spam. Always better to forward (including full headers, of course) instead.

Here's an idea... (0)

Anonymous Coward | more than 12 years ago | (#3493528)

Let's go register billg@microsoft.com on every "sweepstakes" page we can find out there, and then let those geniuses in Redmond figure out how to filter the resulting spam! As a variant, try inventing random names in the microsoft.com domain. (Actually, I already do this every time I encounter a web page that REQUIRES my email address before continuing. I can only imagine that Microsoft has procedures in place to deal with the flood of spam they must already receive.)

Spamcop (2, Interesting)

dankinit (131249) | more than 12 years ago | (#3493539)

I'm using spamcop.net [spamcop.net] and it's cut down on my spam by about 85%. Cost is $30/year for having your email filtered. Some spam (15%) still gets through but you can submit that to them to ensure others don't get the same spam as well.

(I have no affiliation with spamcop.net except as a satisfied customer.)

Are you sure? (2)

Sc00ter (99550) | more than 12 years ago | (#3493572)

That these spammers are sharing e-mail address.. or could Nadine be using the same bogus email all over the internet? I know I do. I go to a site that requires my e-mail address for nothing more then spamming purposes (like to dl some software, Acrobat for example) and I type in a bogus email address.. And I usually use the same one. It seems logical to me that Nadine could be doing the same thing.. And this poor guy owns the domain that she picked.

Sure, some of it could be from spammers sharing addresses and lists, but some of it might not be.

Idea: Damaging alternative to MAPS (1)

ryanhos (125502) | more than 12 years ago | (#3493574)

Why not make the spammers combat the spammers?

My idea has two parts. The first is awful and dirty, but the second is excellent.

First: Build a list of known ways to get an address into the spammer's hands. Build a tool that can fill out a web form and post it and another tool that can subscribe via an email. Subscribe thousands of fake hotmail, msn, yahoo, juno, excite, etc addresses to the spam lists. Spammers can only send so much spam. If they're sending half of it to addresses that don't work, they'll send you less. Second, these companies have real clout and could get something done about these spammers. Sure, it will cost them money, but they'll just lobby, get a government task force and some FBI help and all will be done.

Second: Most spam has an unsubscribe email. About half of those actually resolve to a real domain and sometimes a real account. Subscribe the unsubscribe emails to spam too! The spammers's return mail servers and connections will be clogged!

Just a thought.

This = Great way to kill off a hotmail account ... (3, Funny)

indiigo (121714) | more than 12 years ago | (#3493587)

I purposely have done this.

See, I signed up for a hotmail in it's early stages ('97). I used it for everything, including online purchasing, friends, family, you name it. At some point something happened-- one of the forms I filled out, or someone sold my same, and I started to get mail addressed to my real name, at that address. This semi-scared me.

So recently I went to cancel the account. Hotmail by default will consider your account "cancelled" after inactivity of 90 days. I cannot click something that says "Forever, never use this e-mail" My fear is that others will get this e-mail after I have cancelled it, and they will see my real name.

The best solution I have come up with is to fight fire-with-fire. I now sign up for every mailing list I can, each with a different real name. I now belong to over 400 mailing lists(including /.), some legit commercial businesses, some obvious spam. The mailbox fills up roughly every 30 hours. I plan to continue this for a few months, until it will be impossible to distinguish my real name from the fake names. Whomever picks up the account next will be in for a treat as they open their account and start getting thousands of messages a day, random names, and all.

It's so sad it's come to this.

I get 10,000 spams a day! (2)

newerbob (577746) | more than 12 years ago | (#3493588)

Sounds hard to beleive, but it's true!

I have a domain that's ONE LETTER OFF from Yahoo. (Well, it has one extra letter).

Very often, wise-asses mutate their email addresses when posting to USENET with this additional letter, thinking they've stopped their spam. They haven't. *I* get it.

Of course, I don't see 99% of it--it's thrown in the bit bucket. However it is disturbing how much I get. Not only from email address grazers on USENET, but from people who use fake email address--often in my near-miss domain, and sites that gladly add it to their mailing list without a confirming email. Some of these are otherwise "reputable" companies, too. (This is so they can claim they have 4 billion registered users--easy to do if you don't verify!)

Misdirected spam, etc (2, Insightful)

crawdaddy (344241) | more than 12 years ago | (#3493598)

Years ago, I registered the email account crawdaddy*AT*hotmail*DOT*com. Since then, several other "crawdaddy" accounts have been opened on hotmail. Many of these people forget to tell their friends/services they're signing up with that there is a number that follows their name, ie. crawdaddy69@hotmail.com. I have gotten several misdirected emails, including personal invitations to join someone on a trip, details of someone's personal life, two very detailed accounts of someone's sexual exploits, and one highly suspicious email that indicated something very illegal and fraudulent was going on somewhere and that the "crawdaddy" that should have received it is involved somehow. Of course, I also get exponentially more spam on this account that I do on any other account that myself or my friends have had for the same period of time. I now check my inbox twice a day just to clean out spam so that my hotmail account isn't temporarily disabled because it's reached its limit!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?