Eat Spam - rants about email based spam

A houseful of bears and then Runi

2007-09-13T14:44:00.000-07:00

Hello all,

Well I have to say I loved Sydney!!!! This city is brilliant! Ed and Steve have been great hosts and have shown us a lot of the local neighborhoods. We have checked out Kings Cross, New Town, Waterloo, Crown Street, Downtown, Darling Harbor, The Rocks and also have gone to the Opera House and the Botanical Gardens. Everything is so pretty here and the weather has been great. The food also is amazing and you can get all kinds of food from anywhere in the world. After being in New Zealand which has a slightly weird take on food, it is great to be able to have more choice. The boys took us to a vegetarian traditional Indian restaurant that Runi loves!!!! I even tried it and it was pretty good , although I missed my meat curries!

It has been a real treat to not be rushing around ragged as well. It is more like we are living here for a few weeks as our hosts go off to work, we can hang around the house all morning and even stay at home if we want. I haven't been in any hurry to see the city and have been taking it slowly at my own pace. This is a lot different than the traditional American "vacation" where you rush around at breakneck pace seeing as much as possible in as short a period of time as possible. Having the home base, Internet access and local friends really has helped a lot to do this as a proper vacation!

This weekend I think we are going to do the spa and probably watch the Wallabies world cup Rugby match at Midnight on Saturday. We are also going to check out some of the local city stuff that is a bit outside of the city. Next week is more of checking out Sydney and maybe taking a ferry ride. Also next weekend we are going to the countryside to see some nature and get even more relaxation in!

Will keep everyone posted and put up some pictures soon.

Matthew

What's so bad about bouncing spam?

2007-06-04T20:37:00.000-07:00

Today's article is about an anti spam technique known as bouncing and some of the problems inherent in it.

First off a bit of background about what email spam bouncing is. All mail that is sent on the Internet has various fields. Most people are aware of the From: To: and Subject: fields and almost everyone is aware of the CC: (carbon copy) field. A lesser know cousin of the CC: field is the BCC: field (Blind Carbon Copy). This BCC: field is great for sending messages to groups of people without exposing everyone on the list in the To: or CC: fields. Often these emails get into the wrong hands or some how get accessed by viruses and spyware and can be harvested for email addresses. If everyone is hidden in the BCC field then no problem, only one address is compromised.

The field most people don't know about is the Return-Path: field. What this field does is show the return address that the mail server should use in the case of an undeliverable piece of mail. The big problem with this field is three fold.

This address is often faked.
It can be blank
It is almost always not a real mailbox or email address.

In most cases, the fake return address can be anything from a fake made up email address, like fdasfhdjsahfdsja@fdsajfd.com, usually generated by random means, to creative fakes like your OWN email address, or email addresses of friends or people on the same server as you (especially in the cases of small business domains or ISPs).

This kind of bouncing almost always results in an innocent 3rd part receiving the spam if you reject or bounce it and a real email address was the return-path. Best case scenario is it generates a lot of extra network traffic bouncing between fake addresses. In the end you don't get the spam, but someone else may or it loads down the whole Internet costing everyone more response time and eventually more money to pay for better infrastructure.

In the short term, I am sure most of the readers here don't care too much about possible infrastructure problems what with all the porn that is being downloaded on the Internet, so the best course is if you are going to bounce spam you should make up a really random address. I used to send my spam to dev ~ at ~ null ~ dot ~ com and I am sure that the person there wasn't thrilled. I hope by admitting this and publicly apologizing (I am sorry) they won't send out a henchman to break my typing finger). Karma is a bitch and I have had the favor returned by many messages to ~ fake user AT eatspam dot com ~ over the years. This happens when people try to think of clever "geeky" places to send their spam. Now I use fdksjfdlksajfdska@fdsakjfsdlajfdas.com or something like that. The funny thing is that spam robots are harvesting this fake email as you read this and adding it to their email system to spam me.

I will close this installment with a tip. If you sign up for various services on the Internet using a "throw away address" (more on this in my next installment), you can usually tell who is sending you spam and to what address they are using. Let's say you sign up for Alamo rent a car .com and they sell your address to deepthroat.com and you start getting spam at alamo at ~ yourdomain from porn sites... you can do a fun little trick where you bounce the mail to webmaster@deepthroat.com

This is done by forwarding your mail (not using the fake return-path:) via the use of an alias or
forward. Various mail servers have different ways to accomplish this and some can be a bit technical, but it is almost always possible.

This is one of the few situations that I think bouncing spam is not only justified, but fun. The bastards that sold you out will now get their spam mail sent back to their webmaster. If you want to take it a step further, try to find out some "real" addresses of people at the company, possible by calling their company or other techniques. Imagine routing these spams through a system that would call the CEO of the company and read the spam over their home phone number... the technology is there!

Thanks for dropping by and if you like what you see here, please help support this site by posting a link to http://www.eatspam.com/ and subscribing to our RSS feed.

Thanks,

Matthew

The world needs another website like...it needs more spam.

2007-05-31T20:42:00.000-07:00

Greetings,

Well I finally got off my butt and decided to start writing about the ever increasing problem of email based spam. The problem got so bad at one point that I was getting 1000-1500 spams per DAY. Almost half a million a year, rain, sleet or snow! They would come pouring in while I slept. When I went to the gym, bam there would be 100 more. Went out to eat, I could count on another 10 minutes of my life wasted reading 73 more when I got back. The worst was when I didn't check email for a long weekend or a mini vacation. OMG, I would have thousands waiting for me.

Needless to say, I got really good at filtering and scanning the messages. I often use techniques like sorting on Subject or Sender and also by Date/Time. Spammers use all kinds of techniques to mask spam they send you. They make up fake names, send from fake dates in the past or future, send from people on the same server or "friends" accounts that may have been hijacked or exploited via address book viruses. Because I had so many email accounts and received so much duplicate spam, I was able to often eliminate large chunks through this simple sorting methodology. Stopping spam became an almost full time job and the more filters and programs I set up to help me, the more likely I would have a false positive (an email that gets incorrectly tagged as spam). As you can imagine, looking through 10,000 emails in my spam box for a "real" message is not practical.

In the coming weeks and months I will talk about various problems facing the world of legitimate email users and various solutions to those problems including lots of effective tips and tricks. In the meantime, please check out the rest of http://www.eatspam.com/ for info, free products and services and news. Please link to me and bookmark this site.

Thanks a lot and I look forward to telling you how I went from 500,000+ spams a year down to about 10 per day.

Matthew

http://www.eatspam.com/