×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Who's Trading Your E-mail Addresses?

CmdrTaco posted more than 6 years ago | from the checking-the-nasdaq-now dept.

Privacy 355

Bennett Haselton is back with another piece on e-mail privacy. He starts "On April 14, 2007, I signed up for an AmeriTrade account using an e-mail address consisting of 16 random alphanumeric characters, which I never gave to anyone else. On May 15, I started receiving pump-and-dump stock spams sent to that e-mail address. I was hardly the first person to discover that this happens. Almost all of the top hits in a Google search for "ameritrade spam" are from people with the same story: they used a unique address for each service that they sign up with, so they could tell if any company ever leaked their address to a spammer, and the address they gave to AmeriTrade started getting stock spam. (I don't actually do that with most companies where I create accounts. But after hearing all the AmeriTrade stories, I created an account with them in April just for the purpose of entering a unique e-mail address and seeing if it would get leaked.)" Bennett continues on if you're willing to click the link.

What's surprising is that as far as I can tell, AmeriTrade has taken almost no heat in the media for letting this happen. Despite the abundant testimonials from bloggers who had their addresses leaked, the story never crossed over into the "mainstream" Internet press. In a recent Bloomberg News story, the FBI warned that E*Trade and AmeriTrade users were vulnerable to spyware installed by criminals in hotels and cybercafes to capture accounts and run pump-and-dump stock spams; no mention of the fact that all AmeriTrade e-mail addresses were apparently already in the hands of spammers anyway (although no one knows if usernames and passwords were leaked to the spammers as well).

This doesn't bode well for anyone who uses any type of online service and wants that service to keep their personal information secure. If AmeriTrade got skewered in the media for leaking customers' personal information to spammers, other companies would see that and learn the lesson. On the other hand, if AmeriTrade gets away with it with barely a whisper in the mainstream news, other companies are going to take note of that, too. Besides, spam and identity theft hurt everyone, not just the victims, because the costs are passed on to all of us in terms of higher ISP charges, higher payment processing fees, and more mail lost due to stringent spam filters.

AmeriTrade disclosed in April 2005 that a tape containing some customer information might have been stolen in February of that year, and many spam victims who blogged about their AmeriTrade addresses being stolen, referenced that incident as the likely cause. But after Bill Katz's blog post became a clearinghouse of sorts for complaints about stolen AmeriTrade addresses (probably as a result of being the first match on Google for "ameritrade spam"), several users posted that they had received spam at accounts that were only created with AmeriTrade in summer 2006. And then my e-mail address got leaked between April 14 and May 15, 2007. So it's pretty clear that some attacker has access to the AmeriTrade customer database on an ongoing basis, and the February 2005 tape theft probably had nothing to do with it.

AmeriTrade says that California law required them to notify their California customers of a potential security breach after the tapes were stolen, and that they went further and notified all of their customers anyway. Since there is now proof that their database is more or less perpetually open to some outside attacker, will they send out another notification letter to customers?

An accidental security breach can happen to any responsible company, especially if they are compromised from the inside. But the trail of blogosphere and UseNet posts indicates that several times AmeriTrade has concealed the full extent of the problem from customers who asked them about it, or has given out information that they already knew was wrong. In one thread in October 2005, a user reported that they wrote to AmeriTrade asking why their AmeriTrade-only e-mail address was getting spammed, and AmeriTrade replied that the spammer might have guessed the address using a dictionary attack, adding:

We have no reason to believe that any of our systems have been compromised. Ameritrade deploys state of the art firewalls, intrusion detection, anti-virus software as well as employs a full time staff of employee's dedicated strictly to Information Security and protecting Ameritrade's systems from unauthorized access.
But that was long after February 2005, when AmeriTrade said that tapes containing customer data were stolen. (Even if that turned out not to be the cause of the spam after all, by that point AmeriTrade knew that their customers' addresses had been leaked somehow.)

Then when my friend Art Medlar complained to AmeriTrade this year about the same thing happening, he got a response saying that even if he was getting spammed by an address that he only gave to AmeriTrade, that could be the result of hackers "implanting 'bots' that have the ability to extract e-mail addresses from your computer, even when you have protective spy software engaged". But of course this makes no sense -- if this were the source of the problem, it would affect everyone's e-mail addresses equally, and would not explain why a disproportionate number of complaints were coming from people who created addresses that they gave to AmeriTrade specifically.

When I sent AmeriTrade my own inquiry, I got a response that was identical to a forwarded message that someone else posted to news.admin.net-abuse.email in April. (To their credit, in this version of the message, AmeriTrade is acknowledging responsibility for the problem instead of attributing it to dictionary attacks or botnets. But the e-mail contains the curious piece of advice: "Please be sure to delete any spam you might receive, then empty your e-mail's trash so that it's no longer kept there, either." Huh? As one reader replied to the UseNet thread: "Cynical Translation: Please don't retain any independent evidence.") At first I didn't realize this was a boilerplate response, so I sent back some more questions, asking, for example, whether they would notify their California customers of the data security breach as required by that state's laws. The second response I got was a copy of the old boilerplate that they were sending out two years ago, blaming "dictionary attacks".

Now, compared to the 1,000 spams I already get every day (pre-filtering), the AmeriTrade spams were just a drop in the bucket, and many of their customers are probably in the same boat. And unlike most AmeriTrade customers, at least I can stop all AmeriTrade spam just by de-activating those addresses, since they aren't used for anything else. (Right now I'm keeping them open just to see what else comes in.) But AmeriTrade's database also contains much more valuable information such as names, PIN numbers (do you use the same PIN number everywhere that you sign up?), and Social Security Numbers. When I signed up for my account, informed by dire warnings that federal law required accurate information "to help the government fight the funding of terrorism and money laundering activities", I gave AmeriTrade my real SSN, address, and other personal data, figuring that if I gave them false information, I might get in more trouble than the experiment was worth. But now that the attacker has my e-mail, they might have all of my other information as well. In the coming months I'll probably start checking my credit report more often than I used to.

Probably someone inside AmeriTrade is selling customer data to an outside spammer. (It seems less likely that an attacker would keep breaking into AmeriTrade repeatedly to get updated copies of the customer list. Once you've broken in and gotten the customer database from 2006, why bother breaking in a year later, taking the risk all over again of getting caught and going to jail, just to get the updated 2007 database? Surely the 2006 list would be enough to run any pump-and-dump stock scam that you want!) Two suggestions to AmeriTrade to tighten their security: First, the number of people within the company who can access the customer database, is probably a lot larger than the number who actually need to access the customer database. Limit access to the e-mail database to people who actually need it. Second, in any cases where different employees really need to have access to the list, try giving them different versions of it, where each version is "seeded" with spamtrap addresses at Hotmail and Yahoo Mail. If the spamtrap addresses that start receiving spam are all ones that were used to seed one particular employee's copy of the list, then you've found the source of the leak. That won't stop the spam being sent to addresses that have already been stolen, but it could prevent further leaks from happening.

The SEC recently announced that they would suspend trading of companies whose stocks had been the target of spam campaigns to manipulate the price. Perhaps AmeriTrade could do something similar -- once a stock is identified as being promoted in spams sent to AmeriTrade customers, any customer attempting to buy that stock would be presented with a message saying that AmeriTrade was blocking the transaction for security reasons. (If this runs afoul of some SEC regulation that a brokerage has to let you buy any stock you want any time you want, then at least display a big warning when AmeriTrade users try to buy it through their system, saying that the stock has been the subject of a fraudulent promotion scheme and is an extremely high-risk buy.) However, while this would remove the incentive for stock spammers to target AmeriTrade customers, it's also really just covering up a symptom of the problem, rather than addressing the problem itself, which is that a spammer was able to steal the customer information from AmeriTrade's database in the first place.

But whatever they do, AmeriTrade should stop blowing off the people who complain about the spam, with messages about "dictionary attacks" and "botnets". When customers create specialized spamtrap addresses to detect if their e-mails ever get leaked, those are the tech-savvy customers who (a) know what they're doing, and (b) hate spam more than most people, and giving them misleading information is just poking a stick in their eye. Not a smart move when AmeriTrade has been leaking private customer information and is based, as their name indicates, in the most litigious country in the history of the world.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

355 comments

Hrm. (2, Interesting)

grub (11606) | more than 6 years ago | (#19322665)


I use TDWaterhouse for trading (I'm in .ca) and have never had a problem.

From what I can tell the only sites where unique addresses seem to get out are from BitTorrent trackers. Not a complete surprise I guess.

Protip: if you run your own mail server generate a whack of aliases (ie: bogus000 through bogus999) so you always have a disposable address available.

Re:Hrm. (4, Interesting)

rherbert (565206) | more than 6 years ago | (#19322847)

If you run your own mail server, set up a subdomain where every address goes to your inbox.... That way, it's fairly obvious when you get spam to ameritrade.com@bills.mydomain.com. I caught EmigrantDirect that way, although I was simply shocked when they never responded to my e-mail about it.

Re:Hrm. (3, Interesting)

grub (11606) | more than 6 years ago | (#19322923)

I just use aliases :) That way if the spam starts to flow I just comment out that alias and that address no longer works.

Re:Hrm. (2, Funny)

rherbert (565206) | more than 6 years ago | (#19323159)

I just blacklist the address if spam starts to flow... anything coming in to that address gets sent directly to uce@ftc.gov.

Re:Hrm. (1)

omeomi (675045) | more than 6 years ago | (#19323161)

I've used aliases with both Fidelity and E*Trade...I haven't gotten any spam from either of them yet.

Re:Hrm. (3, Insightful)

CastrTroy (595695) | more than 6 years ago | (#19322993)

I used to do that, but found that I got a lot of extra spam from people just sending email to random addresses at my domain. It was too much trouble so, I went back to configuring my addresses individually. That way it's easier to block certain addresses when they get too much spam, and you know who is sending you the spam.

Re:Hrm. (0)

Anonymous Coward | more than 6 years ago | (#19322907)

Here's another tip: use the services of temporaryinbox.com and temporaryforwarding.com. Free, too. I have no connection with this service, beyond finding it useful.

This comment is like the captcha, unsigned.

Re:Hrm. (0)

Anonymous Coward | more than 6 years ago | (#19323003)

what's way better than creating a bunch of email aliases is to just have the catchall forward to your regular email address and then you can make up as many DESCRIPTIVE email addresses that you like and if you start getting spam on any of them then just create that account to forward to nowhere (or a spam account if you feel the need to go through them occasionally)

I use email addresses that tell me what store or website I'm giving it to, like slashdot.org@example.com or BestBuy-Charlotte@example.com. then not only can you stop it, but you can know who gave out your email address. (plus it blows people mind, I always have people ask me if I work for their company)

Re:Hrm. (3, Insightful)

spyrochaete (707033) | more than 6 years ago | (#19323187)

If you create throwaway addresses, don't forget to disable any catchall address so you don't get bombarded with 50 addresses worth of spam!

Re:Hrm. (2, Insightful)

grub (11606) | more than 6 years ago | (#19323215)

yeah. I think catchalls are over-rated. I see so much spam that's aimed at random user names a catchall would be driving me nuts.

moo (-1, Troll)

Anonymous Coward | more than 6 years ago | (#19322677)

Not a smart move when AmeriTrade has been leaking private customer information and is based, as their name indicates, in the most litigious country in the history of the world.

France?

Phew! (5, Funny)

CrazyTalk (662055) | more than 6 years ago | (#19322687)

I'm as guilty as the next person for not always RTFA, but his is the first time I couldn't even make it through the posting

Re:Phew! (1, Insightful)

99BottlesOfBeerInMyF (813746) | more than 6 years ago | (#19322959)

I'm as guilty as the next person for not always RTFA, but his is the first time I couldn't even make it through the posting

Years of television with shorter and shorter times between cut scenes has destroyed your attention span. Why don't you go watch some TV now? Maybe there will be a 30 second blurb on the subject ala "Ameritrade implicated in SPAM delivery... incompetent or criminal... you decide!!!"

Re:Phew! (1)

Paradoks (711398) | more than 6 years ago | (#19323123)

I only read through the posting because I actually complained to Ameritrade about the same thing. I blogged [livejournal.com] about it back about a year ago. Frankly, I thought Ameritrade's response was decent:

Please know that even though you provided your e-mail address only to Ameritrade, it does still sit on a server that other people can see and may gain access to. If you receive an e-mail from one of the following addresses, it is ours:

...

In the case you are speaking of, we have not yet been able to rid ourselves of the spam. The issue is still being worked on.

To view Ameritrade's privacy policy, please click the link below:

http://www.ameritrade.com/privacy.html [ameritrade.com]

Terrence B.
Client Services, TD AMERITRADE
Division of TD AMERITRADE, Inc.
It's still annoying, and TDAmeritrade certainly deserves some amount of heat over this, but I'm guessing that they have slightly tighter standards over their use of social security numbers than they do with the e-mail.

At least I hope they do.

Re:Phew! (0)

Anonymous Coward | more than 6 years ago | (#19323195)

Post your email, I'll send you a summary.

Re:Phew! (0)

Anonymous Coward | more than 6 years ago | (#19323423)

I agree. People like to hear themselves talk, and apparently they also like to watch the words pop up on the screen as they type.

Solution? (4, Insightful)

daeg (828071) | more than 6 years ago | (#19322691)

Drop AmeriTrade. I did and couldn't be happier. I couldn't trust my stock (and thus, some of my savings and part of my future financial well-being) to a company that can't even keep an e-mail address secure.

Abusable fix? (3, Insightful)

Ruprecht the Monkeyb (680597) | more than 6 years ago | (#19322715)

Perhaps AmeriTrade could do something similar -- once a stock is identified as being promoted in spams sent to AmeriTrade customers, any customer attempting to buy that stock would be presented with a message saying that AmeriTrade was blocking the transaction for security reasons. (If this runs afoul of some SEC regulation that a brokerage has to let you buy any stock you want any time you want, then at least display a big warning when AmeriTrade users try to buy it through their system, saying that the stock has been the subject of a fraudulent promotion scheme and is an extremely high-risk buy.)


Wouldn't this also be abusable? Pick a stock, short it, spam the hell out of everybody, watch Ameritrade or whoever blacklist it, and watch the price drop.

Re:Abusable fix? (3, Informative)

UbuntuDupe (970646) | more than 6 years ago | (#19322861)

Based on the comments on other threads on this topic, the flaw with such a plan is in "short it". To short-sell a stock, you must borrow it. To borrow it, someone must be willing and able to lend it. To be able to lend stock, you have to be a large institution, which are generally prohibited from buying (and thus holding) thinly-traded penny stocks. And it's exactly the penny stocks that are targeted by pump-and-dump schemes.

CORRECTION (1)

UbuntuDupe (970646) | more than 6 years ago | (#19322971)

Okay, maybe I should take that back. While spammers pick thinly-traded penny stocks, you, as an architect of such a plan, wouldn't necessarily be constrained to do so. But nevertheless, the higher the volume of the stock, the more wrongdoing you need to halt trading. You think someone could halt trading in ExxonMobil just by spamming people to buy it?

Re:Abusable fix? (1)

RingDev (879105) | more than 6 years ago | (#19323231)

I think what the parent was trying to say is that IF there were a system in place that trading companies had to warn you that a stock had been the target of a fraudulent advertising campaign prior to selling you the stock, it would cause a lower trading rate for that stock, which could drop the price is people were trying to unload the stock while purchasers were being warned about buying the stock.

The purpose I would imagine would be to attempt to limit a competitor's financial flexibility. Even if it doesn't tank their stock, it could reduce growth possibilities.

-Rick

Re:Abusable fix? (1)

moderatorrater (1095745) | more than 6 years ago | (#19323315)

You could also abuse it with options and just to harm a competitor. In my opinion its absolutely wrong to let the spammer and other people with bad intentions have power over a stock's price. If people fall for these pump and dump scams a lot, contact them and let them know that doing so is really dumb. If they continue, have something in place where those people specifically cannot buy/sell as stock that's being targeted by a pump and dump.

Re:Abusable fix? (0)

TheCarp (96830) | more than 6 years ago | (#19323043)

Heh, and don't you think the SEC will start looking for who is shorting the stock and investigate?

Overall though, this could work. Frankly, this seems to me to be the end result of turning finances into a game. Someone will look for a loophole or other problem with the way the game works, and exploit it. So you make new rules to try to fix it, and they find new ways to game the game.

Reminds me of Magic. New edition/expansion comes out. Someone builds a deck that can hit you consistantly for 300 points on the third turn. Cards end up restricted, or banned. New edition comes out... someone builds a new deck that can hit you consistantly for 300 points on the third turn... Cards get restricted or banned...

Honestly, I really think the stock market, in general, is a corrupting influence. It encourages the use of money for no other reason than to make more money with no social responsibility or ethics... and they wonder why it attracts the attention of every crook and shady dealer with a few bucks to toss into a scam.

-Steve

Re:Abusable fix? (0)

Anonymous Coward | more than 6 years ago | (#19323457)

> Honestly, I really think the stock market, in general, is a corrupting influence.

Money is a corrupting influence. Water and oxygen are also two incredibly corrosive things, but I'm told they do have their uses.

Re:Abusable fix? (1)

jmv (93421) | more than 6 years ago | (#19323061)

Wouldn't this also be abusable? Pick a stock, short it, spam the hell out of everybody, watch Ameritrade or whoever blacklist it, and watch the price drop.

You're forgetting a detail here. Pump&dump works because an idiot sees the spam and buys. The reverse wouldn't work because the said idiot cannot sell stocks he doesn't have. It's not like someone will see "oh, transactions are discouraged -- let's sell short".

Re:Abusable fix? (2, Informative)

FasterthanaWatch (778779) | more than 6 years ago | (#19323081)

Wouldn't this also be abusable? Pick a stock, short it, spam the hell out of everybody, watch Ameritrade or whoever blacklist it, and watch the price drop.
I'm pretty sure you can't short those stocks.

Re:Abusable fix? (2, Informative)

mcrbids (148650) | more than 6 years ago | (#19323415)

Wouldn't this also be abusable? Pick a stock, short it, spam the hell out of everybody, watch Ameritrade or whoever blacklist it, and watch the price drop.

Thoughts like this are the kind of thoughts that convince Libertarians that the marketplace will ALWAYS correct itself. Notice that a protection against one type of unscrupulous behavior becomes an enabler for another type of behavior - which is then protected against.

The net effect of this continuous spy-vs-spy type war is a balanced marketplace that does an amazingly good job of equating equity and earnings. What few Libertarians really grasp, however, is the role of infrastructure on the enablement of the marketplace.

Every American is born with almost half a million dollars in pre-existing infrastructure that is directly available to him/her. This includes roads, schools, etc. This infrastructure is what's used to generate the earnings - society usually gets about 8% return on investment for its infrastructure, based on the national average income.

But who wants to WORK for a living? Despite having the highest standard of living in human history, people would rather cheat and game the system to avoid even the pitiful 40-hour work week. And so the spy-vs-spy game continues, people try to get money for nothing, and the inherent laziness of mankind, which is our never-ending drive to resource efficiency, continues.

Was I saying something? /QUIT

Why is this on the frontpage? (-1)

aabxx (1108623) | more than 6 years ago | (#19322717)

This has got to be the most boring submission in a LONG while...

404 File Not Found (0)

Anonymous Coward | more than 6 years ago | (#19322729)

404 File Not Found
The requested URL (yro/07/05/30/1444236.shtml) was not found.


Baaaadddd slashcode bug, when not logged in, if a story has no comments you will consistently get a 404 error. This has been the case for some time now. Most irritating. No sense reporting it as all bug reports are summarily ignored anyway...

Ameritrade is bunk (5, Insightful)

linzeal (197905) | more than 6 years ago | (#19322735)

As someone who has used both Ameritrade, Etrade and Banc of America for stock trading I would say stick with a company who has more on the line than just a Web 1.0 company. Bricks and mortar Bank of America is not going to fuck over customers to get 10 bucks an email address and their security is run through a group of people who have to protect 100's of billions of dollars. It might cost more but you will sleep better at night.

Re:Ameritrade is bunk (0)

Anonymous Coward | more than 6 years ago | (#19322927)

stick with a company who has more on the line than just a Web 1.0 company


Any credibility your comment had disappeared with the use of that phrase, especially the way you used it. I'm supposed to trust a javascript heavy site more than a plain html one? Riggghhhttt. I'd only trust a stock trading site that uses plain html output from its scripts on an SSL server with a certificate signed by Entrust. I would trust nothing else.

Re:Ameritrade is bunk (0)

Anonymous Coward | more than 6 years ago | (#19322999)

uh yeah, right. that would be why BOA has spambots INSIDE THE FIREWALL sending spam - because they spend so much money on security... BOA is just as bad as the other companies, they just put a more expensive face on it.

Re:Ameritrade is bunk (5, Funny)

arodland (127775) | more than 6 years ago | (#19323209)

Yeah, you're right. BoA expects to make a lot more money while they're fucking their customers over.

Re:Ameritrade is bunk (1)

f1055man (951955) | more than 6 years ago | (#19323305)

No, BofA just fucks over their customers every other way. They've charged me hundreds in overdraft because it took them weeks to deposit a check. They have the worst customer service reputation in the industry.

Re:Ameritrade is bunk (1)

mpapet (761907) | more than 6 years ago | (#19323405)

Bank of America is not going to fuck over customers

You must be new here.

Please, examine carefully BofA's role in the U.S. financial system before making such a careless statement. Look carefully at who controls Visa and Mastercard.

Among other important things to understand is that BofA profits quite handsomely while consumers bear increased costs for everything purchased at retailers that accepts card payments.

"Despite merchant discontent, card issuers have incentives to maintain or increase interchange fees. Issuers are marketing credit cards with reward or loyalty programs that encourage greater card use and reinforce customer loyalty to the brand. An estimated 12 to 24 percent of cards held by consumers have rewards associated with them,26 and in 2003 an estimated 60 percent of credit card spending was attributed to cards with rewards.27 Card issuers are funding these increasingly popular reward programs through interchange fees."

http://www.fdic.gov/bank/analytical/banking/2005no v/article2.html [fdic.gov]

I would argue that this one excerpt alone is enough to be concerned about BofA's impact on our economy.

BofA's Agressively Anti-Competitive (2, Insightful)

mpapet (761907) | more than 6 years ago | (#19323541)

This excerpt will probably have more impact.

"... when Visa and MasterCard were building their dominant credit card networks, they imposed exclusionary rules and restrictions on other parties to credit card transactions. In two cases, whose outcomes are described in this section, merchants and the U.S. Department of Justice (DOJ) successfully challenged some of these practices. The decisions in the two cases29 weakened some barriers to competition and reduced the control exercised by the card associations, thus influencing the future of the credit card industry. In fact, the aftereffects of the decisions have already begun appearing."

http://www.fdic.gov/bank/analytical/banking/2005no v/article2.html [fdic.gov]

I wish more people understood how badly de-regulation has screwed the average American banking/stock trading customer.

Downloadable software Kip Barron? (1)

Dude McDude (938516) | more than 6 years ago | (#19322755)

arrester attains

weekly discounts xxchempii.com
toponym amidines bylined grubs aquifer transept.
ariose, groveled armoured tarpaper.
stay hagadic anatto swathe.
asswaged assent cambered tarring.
areal, calloses handymen atamans sunlight.
tomography aneurin anomic thistledown.

Your Cathleen.

May be related to TD Waterhouse merger (5, Insightful)

hksld99 (1097707) | more than 6 years ago | (#19322795)

I have been a long time AmeriTrade customer and, like the author, used a unique email address for my AmeriTrade account. I never received any spam on that email address until a few weeks after the TD Waterhouse merger last year. Suddenly I started getting tons of pump&dump spam on that address.

Checking the "privacy" settings in my account revealed that somehow my account had been changed from "opt-out everything" to "opt-in everything" -- certainly not by me. I changed everything back to opt-out, assigned a new email address and have not received any spam on that new address since then. The old email address keeps getting spam, so I am hard-filtering it on my SMTP server now.

To me it looks like the TD Waterhouse merger triggered a change in their privacy policy or account handling that caused "opt-in" to be set on at least some accounts.

Re:May be related to TD Waterhouse merger (-1, Troll)

UbuntuDupe (970646) | more than 6 years ago | (#19322909)

Troll-speak translator: Blame Canada!

(TD Waterhouse is Canadian.)

Re:May be related to TD Waterhouse merger (1)

bugnuts (94678) | more than 6 years ago | (#19323169)

it looks like the TD Waterhouse merger triggered a change in their privacy policy or account handling that caused "opt-in" to be set on at least some accounts
Nevertheless, stock brokers should not be in the business of assisting fraudulent schemes. This is almost certainly illegal, but ianasb.

No, more likely their database was compromised, possibly from the inside, and continues to have a mole or hole.

Re:May be related to TD Waterhouse merger (2, Funny)

omeomi (675045) | more than 6 years ago | (#19323289)

The old email address keeps getting spam, so I am hard-filtering it on my SMTP server now.

Me too...I receive 0% of my email from my SMTP server...

;-)

In related news (5, Funny)

eebra82 (907996) | more than 6 years ago | (#19322807)

I am shocked to say that after signing up to a news letter on a few porn sites, I am now receiving non-porn content e-mails.

I doubt email addresses (3, Insightful)

sholden (12227) | more than 6 years ago | (#19322821)

count as a big enough leak to trigger disclosure laws. If they are just selling email addresses without any other personal details they may be violating there privacy policy but probably not disclosure laws.

My vote goes to spyware! (0, Flamebait)

isa-kuruption (317695) | more than 6 years ago | (#19322827)

All of these "tech savvy" people who think they know all there is to know are probably also too arrogant to think they can get infected with spyware, so have absolutely no way to detect and remove it. So, what happens? Ooops, spyware on their PC figured out their AmeriTrade email address and they started getting spammed.

And, no, it's not AmeriTrade's fault you got spyware on your PC after visiting that black on blond porno site.

Re:My vote goes to spyware! (1, Troll)

lixee (863589) | more than 6 years ago | (#19322935)

You must have "tech savvy" confused with "using IE on Windows".

Re:My vote goes to spyware! (1)

Billosaur (927319) | more than 6 years ago | (#19322945)

Another culprit would certainly be if any of these folks used public terminals to log in and check their portfolios, or even Wi-Fi in public places that a hacker could sniff out. Trading needs to be done in the privacy of your own home, behind an excellent firewall, through a physical connection or encrypted Wi-Fi.

Re:My vote goes to spyware! (1)

omeomi (675045) | more than 6 years ago | (#19323363)

Another culprit would certainly be if any of these folks used public terminals to log in and check their portfolios, or even Wi-Fi in public places that a hacker could sniff out.

With a public terminal, it is possible that there's a keylogger installed on the computer, but since all of the online trading companies that I've seen use SSL, I don't think there's much chance your email address could fall into the hands of a hacker via a public wifi connection just because you logged in to check your portfolio. Now, if you checked your email, that's a different story...

Re:My vote goes to spyware! (0)

Anonymous Coward | more than 6 years ago | (#19323509)

Trading needs to be done in the privacy of your own home, behind an excellent firewall, through a physical connection or encrypted Wi-Fi.,
...In the basement in a disused lavatory in a locked filing cabinet bearing a sign saying "beware of the leopard".

If it requires all that, then what is the advantage of doing it online again?

Re:My vote goes to spyware! (0)

Anonymous Coward | more than 6 years ago | (#19323165)

If you've got spyware on your PC that is sniffing your Ameritrade account info, you've got a much bigger problem to worry about than spam.

Re:My vote goes to spyware! (4, Interesting)

JeffL (5070) | more than 6 years ago | (#19323205)

A virus and spyware is certainly a possibility for leaking an address, and I know I've had my address leaked when somebody elses computer, who has received an e-mail from me, gets infected with spyware.

In this case though, both a friend and myself started getting spam to our unique Ameritrade addresses at the same time. Both of us use Linux for our primary desktop OS (no e-mail reading from a Windows vmware session, etc.) Neither of us received spam to our many other unique addresses. If it had been spyware infecting one of our machines and stealing our e-mail list, then I would have expected spam to my e-trade, amazon, newegg, etc. unique addresses, but only the ameritrade address received the spam.

It could still be a spyware or virus infection at a machine at Ameritrade. Somebody keeps the full list of e-mail addresses on their laptop, which goes outside all the fancy firewalls and IT oversite and gets infected, and has the data stolen.

gmail mail tracking trick (5, Insightful)

TheGreatOrangePeel (618581) | more than 6 years ago | (#19322871)

Gmail has got a neat trick you can use to learn who sells your email address...

If your email is xyz@gmail.com and you're registering at site ABC, you can register at that site with the email address xyz+ABC@gmail.com. Gmail still delivers it to you and at the same time allows you to see who sold your email information.

Re:gmail mail tracking trick (4, Insightful)

UbuntuDupe (970646) | more than 6 years ago | (#19323009)

Couldn't spammers circumvent this by purging +-type suffixes, (i.e., converting "xyz+ABC@gmail.com" to "xyz@gmail.com") since the email will still get to you?

Re:gmail mail tracking trick (1)

Monsieur Canard (766354) | more than 6 years ago | (#19323035)

That trick only works sometimes.

I tried it with one site (Amazon IIRC) and got back an error message saying "No no you ninny, we said enter a VALID e-mail address. What are you, an idiot?" or something French like that. Apparenlty some forms are smart enough to check for invalid characters.

Re:gmail mail tracking trick (2, Insightful)

swillden (191260) | more than 6 years ago | (#19323317)

Apparenlty some forms are smart enough to check for invalid characters.

You mean: Apperently some forms are dumb enough to deny valid characters.

Re:gmail mail tracking trick (4, Informative)

egypt_jimbob (889197) | more than 6 years ago | (#19323567)

...invalid characters.
Read the rfc [faqs.org] . Specifically sections 3.2.4 and 3.4.1; "+" is an atext character that is valid in the local-part (the junk before "@") of an address.

And to the grandparent: gmail is not the only mail client that allows this. Mutt and pine definitely do and I am sure there are others, since the use of "+" is perfectly valid. In fact, the ones that don't are non-compliant.

Re:gmail mail tracking trick (0)

Anonymous Coward | more than 6 years ago | (#19323051)

That is actually a standard feature of many (most?) mail systems.
Any clever spammer will remove the part between + and @ before using the address...

But then, are there any clever spammers?

Re:gmail mail tracking trick (2, Informative)

TheThiefMaster (992038) | more than 6 years ago | (#19323059)

You're assuming that said site knows that email addresses containing a + are valid.

Lots of places check for alphanumerics, dot and @ and reject anything else.

Re:gmail mail tracking trick (1)

JM78 (1042206) | more than 6 years ago | (#19323259)

He isn't assuming anything at all! All he did was post an interesting feature about GMail. It's retarded programmers who don't know how to properly check for valid email addresses who are to blame. Good grief; don't kill the friggin' messenger - especially when his reports are educational and completely unbiased.

My thanks to TheGreatOrangePeel for informing those of us who were unaware about this pretty neat feature.

Re:gmail mail tracking trick (1)

Tronster (25566) | more than 6 years ago | (#19323063)

A similar feature is offered to users of Spamcop accounts. Unfortunately I've had mixed results...

The official RFC for e-mail addresses say that a plus symbol is valid; but roughly half of the web-forms I've interacted with do not consider a plus in a name to be a valid address. Some bigger web-sites (i.e., Xbox Live) don't allow this, and those that do may break if the e-mails they sent are from a listserv. (e.g., unable to unsubscribe, change passwords over e-mail, etc...)

Re:gmail mail tracking trick (4, Interesting)

horatio (127595) | more than 6 years ago | (#19323181)

You're right, and that works great except for most sites that I've come across use a regex which disallows the use of a '+' sign in the email address.

What I've done instead is to create a catch-all email address in a subdomain and sign up as, ie amazon@subdomain.domain.com. I suppose I could first create a unique 16-character string for each one and add a new address before creating any accounts, but a) that requires additional effort and management and b) when you call, for example, amazon customer support they ask for your email address to identify your account. Good luck communicating 16 random letters and numbers over the phone to level-1 customer support.

Eventually a "dictionary" attack might end up forcing me to shut down the catch-all and be explicit.

there is another possibility (1)

SaberTaylor (150915) | more than 6 years ago | (#19323201)

which is that in poorer parts of the world, selling email addresses is more profitable than Internet network integrity.
That is to say, sniffing email addresses off the routers with no collusion on the part of your paid services.
Or the email servers that you are communicating with.

instantspam09319467@hotmail.com

Re:gmail mail tracking trick (1)

AshPattern (152048) | more than 6 years ago | (#19323269)

Uh, sendmail and postfix do to. This is a very common MTA feature (in the *NIX world, anyway :)

Re:gmail mail tracking trick (0)

Anonymous Coward | more than 6 years ago | (#19323325)

The problem with this is most sites won't allow '+' in the email address because it is considered invalid by their email validation scripts. This is highly annoying as that is how I use my labels in gmail.

Re:gmail mail tracking trick (1)

ReekRend (843787) | more than 6 years ago | (#19323341)

Um, couldn't you abuse this "feature" to screw your competitors?

Scan for + in email, replace after + with competitor name.
Sell for profit AND f your competitor.

Re:gmail mail tracking trick (1)

nuzak (959558) | more than 6 years ago | (#19323529)

Using a tagged address is for your convenience in tracking a leak. It's hardly presentable as ironclad evidence. Most spammers strip tagged addresses anyway, so this trick will only catch the dumbest mainsleaze e-penders.

Other explanations (3, Interesting)

Craig Ringer (302899) | more than 6 years ago | (#19322947)

The test you did is not conclusive by any means. You must also prove that the address was never exposed in any other way (stolen by malware on your machine, leaked through other communications, sold by a corrupt mail server administrator, etc), OR you need to find conclusive evidence that the leaked address came from the company's end.

I've seen addresses turn up in spam that I wouldn't have believed if I hadn't seen it.

Now, if you are able to confirm that several addreses created by different people & never shared get similar scams that addresses not given to the company DO NOT get, then that might be something interesting.

Who's trading e-mail addresses? Everyone! (3, Insightful)

TheWoozle (984500) | more than 6 years ago | (#19322949)

I always assume that any business that I give my e-mail address to will sell it; that's why I don't give it out. Surprisingly enough, I don't get any spam.

This is why many pundits are saying "email is broken"; and it makes sense if you think about it. The setting up of different accounts for each company/person you interact with goes against the whole point of having an e-mail *address* (i.e., a not-too-frequently-changing place to find you).

Really, the spam problem is a symptom of human nature (look up "tragedy of the commons"), and if any of you think you have the secret of changing *that*, then please share...

Re:Who's trading e-mail addresses? Everyone! (1, Insightful)

UbuntuDupe (970646) | more than 6 years ago | (#19323101)

No no no, you're hastily attributing the problem to the wrong market failure story! I think the one you're looking for is path dependence [wikipedia.org] : that is, we could convert an email system in which you can't forge sender information, but the costs are too great and the market participants too uncoordinated to make the transition.

Oh, and as a bonus, I'm going to repeat the myth about the Dvorak keyboard as proof of the harms of path dependence.

Re:Who's trading e-mail addresses? Everyone! (5, Insightful)

DavidTC (10147) | more than 6 years ago | (#19323163)

Yes, but the story here is that Ameritrade is not only spamming, they are spamming stock tips, or at least they are causing that to happen.

A brokerage firm that randomly gives stock tips with the intent of buying the the stock low beforehand, and selling it after a bunch of people purchase it, thus passing the loss on to their customers, is in violation of half a dozen laws and can be subject to large fines and lose its ability to trade stock, which, considering that's all Ameritrade does, would kill it. A firm that lets someone at that firm do it is, instead of the firm itself, is just as culpable.

Screw involving Ameritrade or the media in this, someone needs to inform the SEC of what's going on.

MOD PARENT UP! (1)

Derling Whirvish (636322) | more than 6 years ago | (#19323489)

This is the really outrageous part of the story and I'm amazed that it took this long for someone to point it out. Surely the SEC would be interested in a brokerage house being involved in a "pump-and-dump" scheme.

It's not always the company -- (1)

foolinator (611098) | more than 6 years ago | (#19322955)

There's a lot of danger with providing an email address.

1) Companies have partnerships with marketing firms. Often, it's these marketing firms that are the evil ones.
2) Spammers setup sniffers on networks to sniff incoming and outgoing email. often times they sniff a router close to the source of where the marketing emails are sent out and then they have all the email addys.

Email sent out today is NOT encrypted. ANYONE can read it, including the email addys.

Just because it's unique to the website does not always mean that the company had a lone person who stole the addys.

Re:It's not always the company -- (1)

mulvane (692631) | more than 6 years ago | (#19323153)

Just because it's unique to the website does not always mean that the company had a lone person who stole the addys. You think the company had 2 or 3, maybe even more people stealing addys? The pure deviousness of it is to much to contemplate even...

Devil's advocate (1)

Orig_Club_Soda (983823) | more than 6 years ago | (#19322963)

Could it be that they store the account info online and it isnt secure and a crawler go it? Such as tech support or something?

A way to kill the competition! (2, Interesting)

DoohickeyJones (605261) | more than 6 years ago | (#19322969)

From the article:
The SEC recently announced that they would suspend trading of companies whose stocks had been the target of spam campaigns to manipulate the price.

Does anyone else see the problem with that?
If I want to kill my competitor's stock, all I have to do is launch a pump and dump scam using it as the target?

Re:A way to kill the competition! (2, Informative)

nelsonal (549144) | more than 6 years ago | (#19323461)

Pump and dumps are for little bitty companies that don't really do anything (most aren't operating) think Infinium Labs (maker of the Phantom console). It would take billions to pump and dump a listed stock.

Strangely enough (3, Informative)

zappepcs (820751) | more than 6 years ago | (#19322983)

I met someone not long ago that wanted some DB work. They were wanting to organize and sell phone numbers, street addresses, email addresses, and they attempt to collect/gather as much meta information as possible. Various relationships tell them whether you are a good target for any given spam type email or direct mail campaign.

Someone with your address on their list will try to sell it for $.50 or up to $5/10 if they can get it providing it is a valid address. There is money in selling such information. THAT is why you get spam. If they could figure out how to make all drivers of any vehicle made before 2000 as they drive down the highway, people would sell that to autodealers... Its all about Ad revenues, and your email address is just another pageview sort of thing for people buying the lists.

There is no method to prevent this. If one person at company X illegally sells a list of clients of that company, it will be out in the wild, nothing to stop it from being resold dozens of times.

I almost always do this (1)

Yaksha42 (856623) | more than 6 years ago | (#19322991)

Since I own my own domain, whenever I sign up for a site, I usually put the site name in the e-mail address. I have all of my domain mail forwarded to my Yahoo account.

So if I were to sign up for SA, I would use yaksha_sa@domain.com. Now if I ever get any mail from someone sending to yaksha_sa@domain.com, I know where they got my e-mail from.

Who says they are trading your email address? (0)

Anonymous Coward | more than 6 years ago | (#19322995)

Is it not possible that other websites are exploiting your browser and grabbing cookies set finding that email address?

long time customer (3, Interesting)

hb253 (764272) | more than 6 years ago | (#19323001)

Lone anecdotal datapoint: I'm a long time TD Ameritrade customer. I don't get any spam to the email address I've registered with them.

There's another possibility (4, Informative)

drgroove (631550) | more than 6 years ago | (#19323007)

AmeriTrade is simply selling your information to third parties.

Dell does this. I know this for a fact - I gave Dell my information while setting up a business account for a small consultancy that I was running a few years back out of my house. I hadn't yet formalized the business legally, but gave Dell the name that I was going to use for my business. Within weeks, I began to receive snail-mail spam using the business address that I had only given to Dell. No one within Dell was stealing my information - Dell sells information about their customers to make a buck.

AmeriTrade very likely does the same thing. After you give your email, snail mail, phone, etc info to them, they turn around and earn a buck or two by selling your information to other companies.

Never attribute to malice... (4, Insightful)

JoeD (12073) | more than 6 years ago | (#19323033)

...what can be explained by stupidity.

It's possible that Ameritrade itself is selling the email addresses. What's their privacy policy?

In large companies, it's very easy for someone in one division to do something that people in other divisions don't know about.

note to self: (0)

Anonymous Coward | more than 6 years ago | (#19323047)

time to cancel my Ameritrade account...

Seems to be a consistent problem (2, Insightful)

chrisgagne (605844) | more than 6 years ago | (#19323053)

This isn't limited to Ameritrade, either. I've had similar experiences with eMusic [chrisgagne.com] , eBay, and AccuChat (a decently-sized telco).

It seems to me that there are three possibilities here:

a) They sold/traded/gave away my email address in violation of their privacy policy
b) They got h4x0red (what other data about me got compromised, huh)?
c) The email was seen in transit by some malevolent ISP and had the envelope-to captured

The first two possibilities are the ones that we're looking at the most, but what is the likelihood of the third possibility?

Domain. (1)

MoOsEb0y (2177) | more than 6 years ago | (#19323167)

This is why I have my own domain, and sign up every new account setting the email address to the domain @ my domain e.g.:
slashdot_org@mydomain.com
Naturally, all the mail @ mydomain.com forwards to my real email account which is elsewhere. Thus, if someone is sleazy and starts spamming my account, I can easily setup a filter to get rid of it. This is akin to andy rooney's use of creative misspellings of his own name in the 70s to track down junk mail.

Who's spamming me (1)

genecutl (470280) | more than 6 years ago | (#19323199)

I use a different email address for each company I ever give an email to. So far, I have had three email addresses end up as spam targets. These were used for the following companies:

MacMall
NetBank
21st Century Insurance

The 21st Century Insurance one I only just now noticed while checking my logs. The other two I have contacted about this matter, MacMall several times, with never a response. Regardless of whether they purposely gave/sold my address to untrustworthy parties or had them stolen through lax security, I have no plans to ever do business with them again.

As you can see... (1)

BandwidthHog (257320) | more than 6 years ago | (#19323203)

I do similar stuff with a catchall address, and for places like slashdot I also change them monthly. Seems a Japanese spam shop did some harvesting here in November, 2006 and that list is still seeing heavy use. It generally takes a few months after using an address on slashdot comments for the spam to start flowing.

The good news is I haven’t seen any spam from any of the other addresses I’ve used, meaning that of the hundred or more distinct entities I’ve given an email address to, only public discussion boards have generated any spam, and the vast majority of that has been from slashdot. So the problem is not nearly as bad as I imagined it would be.

Inside Job (4, Informative)

interstellar_donkey (200782) | more than 6 years ago | (#19323213)

Probably someone inside AmeriTrade is selling customer data to an outside spammer

That would be my guess. There's probably not a whole lot Ameritrade (or any company) can do about it other than figure out a way to deeply restrict access to the email addresses. But when you need customer service/marketing/administration departments to have access to customer's email addresses, it can get a little hairy.

I can remember back in '99 going to work for a rather large ISP. My first day there they created an email account for me. After four days of orientation and I started to actually do work, I checked my email and found it loaded with spam. This account had been on no mass mailings, has had nothing sent out, and had received no communication from within the company. The name wasn't anything close to what you'd find in a dictionary. As far as I could tell, the only way spammers could have gotten their fingers on the address was if someone inside the company was selling the address out.

Was this a rigorous test? (2, Interesting)

ReekRend (843787) | more than 6 years ago | (#19323233)

I feel like there needs to be more information about the "test". Did the Ameritrade-unique addresses *only* get stock spam, or spam in general (including stocks)? The former would of course be highly suspicious, but the latter would indicate all possibilities should be fairly examined.

Another example, this logic seems flawed...

he got a response saying that even if he was getting spammed by an address that he only gave to AmeriTrade, that could be the result of hackers "implanting 'bots' that have the ability to extract e-mail addresses from your computer, even when you have protective spy software engaged". But of course this makes no sense -- if this were the source of the problem, it would affect everyone's e-mail addresses equally, and would not explain why a disproportionate number of complaints were coming from people who created addresses that they gave to AmeriTrade specifically.

How would anyone know if or how much other email was affected? Most likely it would be trashed by a spam filter anyway, and even if it wasn't how could they compare "everyone's" email spam to see who gets what?! And obviously the "explanation" of the Ameritrade complaints being prominent is because those people were specifically looking for spam on those accounts to complain about. That says nothing else about which other email addresses also got spam or even the same spam.

Furthermore why is a large company like Ameritrade any more suspect of selling out (or having a leak) than any given email provider? Was there a control group of email addresses created and not being given out to at all?

I'm not saying TFA is wrong, but if they wanted to publicly prove guilt they need to provide more thorough evidence.

Customers have no recourse (1)

HangingChad (677530) | more than 6 years ago | (#19323295)

Anyone signing up for an Ameritrade account has to sign away their right to sue the company for damages. They're all like that now. So, who cares if customer data slips out? It's not like you can sue them for the actual cost of the loss or credit monitoring.

It's just a big yawner to Ameritrade. You can't do anything and they know it. So they can BS, soft shoe, deny and all you can do is have a passive-aggressive little snit fit.

Somewhat common problem. Dell.com, too. (1)

spazoid12 (525450) | more than 6 years ago | (#19323335)

I use Thunderbird, and before that I used Eudora, both of which allow me to manage dozens of email address "personalities" into a single inbox. On the mail server side of things I configure things in virtualmailrc and a few scripts to help automate stuff. So, when I bought a DVD drive for my PC years ago from Dell.com and then was surprised to see that, within a couple weeks, my largest influx of spam was addressed to the unique address I provided to Dell... Well, I complained a couple times but knew it wouldn't help. So, I changed my config to direct all incoming mail addressed to that address back to cs@dell.com. I never see it. I don't log it. I don't care... their problem. I'm sure they don't care either. Too bad there isn't a simple way to make them feel some pain.

Edited for the time impaired (2, Funny)

rueger (210566) | more than 6 years ago | (#19323401)

1. Signs up for an Ameritrade account using a unique e-mail address.
2. Gets pump and dump spam at that address.
3. Profit!

The balance of the article:

a) outlines a variety of conspiratorial possibilities
b) finds that other Ameritrade customers get pump and dump spam
c) makes repeated reference to a lost customer data tape from 2005.
d) Ameritrade has poor customer service.

I reported this to the SEC, but not much happened (3, Informative)

JeffL (5070) | more than 6 years ago | (#19323421)

The first time I received spam, not ads for "partner" companies, but pump-and-dump image spam, and such, I reported Ameritrade to the SEC. After contacting Ameritrade and receiving a big "so what" from them, I filled in the SEC's online complaint form, detailing the problem. A week or two later I received a letter (on paper) from them asking me to e-mail them more information and any additional evidence. I sent them a detailed explanation of the problem, along with information about why it was extremely unlikely that the e-mail address was stolen from my end (none of my other unique addresses were receiving spam), and a copy of all of the spam messages that had been sent to my ameritrade address.

Since that time I've not heard anything back from the SEC. I didn't really expect to, but I was hoping that if 10-20 people complained about the same thing, and provided evidence, they might actually start an investigation. That was August, 2006, so maybe they really are doing something, and I should just be more patient.

A friend who was also receiving the ameritrade spam convinced ameritrade to waive the account transfer fee, and moved all of his stuff to Scottrade. I changed my ameritrade e-mail address, and haven't received spam to the new address, so I thought perhaps the leak had been fixed. Now that I see the problem is still occurring, I'll take the time to move my accounts.

Assume the worst... (4, Informative)

wowbagger (69688) | more than 6 years ago | (#19323559)

Assume the worst:
  • Assume that any business to which you give an email will immediately sell it to every spammer on the planet.
  • Assume that any individual to whom you give your email will be trojan'ed and harvested by spammers.
  • Assume that any web site to which you give an email will be scraped by spammers.
  • Assume that every mailing list to which you sign up will be scraped by spammers.

In other words, for any email address you use, assume that it will at some point fall into the hands of spammers.


So, given these assumptions, what are you to do?

  1. Never get too attached to any given email address. Be prepared to drop any address like a hot rock.
  2. Thus, try to have one address for each role in your life: one for friends, one for close friends, one for work, one for each mailing list, one for each business with which you do business, etc. Use sites like SneakEmail or SpamGourmet as needed.
  3. Refuse to give your email where-ever possible. Most places that want it don't need it, but ask for it so that they can spam it. Ask yourself "Do they REALLY need to be able to email me?" If you cannot think of a good reason why they should, refuse.
  4. For entities which will NOT allow you to refuse to give your email, give them a disposable email, and revoke it as soon as possible. Alternatively, use an email which has become compromised and is now worthless.
  5. Make up a list of disposable emails, print it out, and carry it with you, to deal with those Big Blue Room incidents where you need to fork over an email. Make the print-out have 2 parts — one to tear off and hand to the requester, one to keep for yourself (with a space below the email into which you enter the entity assigned to it.)
  6. Use email hosts which have the best possible spam filtering. I suggest setting up an account with Spamcop and using them.
  7. Don't use the email assigned by your ISP for anything if at all possible: that way if you need to change ISPs you can do so without any big issue.
  8. When creating an email address, don't use your name or any other unique identifying information (e.g. a ham radio call sign) - those are too easy to guess.


Yes, this may sound paranoid. But unfortunately until the technology is changed to allow tracking spammers down, and the laws are changed to allow dealing with spammers effectively (.30-06 is effective), these are the sorts of measures needed to keep your inbox relatively clean.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...