Spammers email addresses

[Leprakawn]

You wanted to race? Maybe you should have looked at mine before you even started... I already accomplished that, and I included a nice subject line, too. Ha, ha!

EDIT: Oops... at least mine work. Yours are still inactive.

[Allen]

here is what im thinking - let's setup a "spam" forum - charge the spammer $500 per spam. then we can split the money amongst us

[Arctic Fox]

*grumbles - forgot to upload the page*

$500 per spam? Why would they pay that when they send it to me for free anyway?

[Leprakawn]

Allen, good idea!!

And Arctic, smooth move, X-Lax!

[Arctic Fox]

Quote:

Originally Posted by Leprakawn

And Arctic, smooth move, X-Lax!

OMG, like gag me with a spoon!

LOL!

[Leananshee]

Like a fool, I let my addy be harvested by putting it in a maito: link on my page. I've made up for that sin by putting it in an image only, and paid back in spades by putting the spammers' addressed I've gathered in mailto: links, just empty between the tags so they don't show(I don't think the spambots care--do they?).

But I want to take it a step further--what about generating random addresses by the domains of known spammers, running those through a verifier, and posting the good ones in mailto: links to be harvested? If enough people did it, wouldn't the net effect be that spammers would start ddos-ing one another? Not sure about the legality of it, but methinks it would work.

Vatcha think?

Tim (king of the run-on sentence)

[Leprakawn]

Feed their own crap right back to'em.

The sad thing is that a lot of spammer e-mails are fakes... as in <fake-mail@html center . com>. I have seen a number of legit URLs with spammer accounts added to them, so that is the only downside to this in my opinion. (We cannot get back at those inds.)

[Leananshee]

True enough, the ones who hide behind legit domains can't be gotten this way, but there's plenty of easily spotted domains that are anything but. For those, this tactic would be ideal, IMHO, because having to change domain names costs them cash.

Thing is, in certain cases where someone's been roped into a botnet and doesn't know it, the sudden loss of bandwidth would be a big red flag to check out what's going on and reveal the hijack.

Sure, it sounds extreme, but keep in mind that most spammers out there these days are criminals. The end result of trying to play nice with them is never positive.

Tim (my 50x50 avatar rules!)

Springs hop eternal in the hearts of the eccentric....

[Leananshee]

Quote:

Originally Posted by Leprakawn

Okay, I find this to be completely pointless. If they make some dummy account, what incentive do they have to go back and use it for anything they need?

--They don't. But bogging down the account renders it unusable after a fashion whether it's checked or not. Same thing with disabling a botnet--Take away enough nodes in the net, you make it more difficult, more expensive, less attractive a prospect.

Springs hop eternal in the hearts of the eccentric....

[ehbowen]

Some low-life scum-sucking spammer has just hijacked my domain name for his deranged work. My catch-all email account picked up 2500 "Delivery failure" (or similar) messages just this morning, all from bogus email accounts in my domain.

Question: Is there anything I can do about this? If so, what?

[Leprakawn]

I talked to my Web host after my URL was being used, and they said I could not do anything about it. Welcome to the new world.

[Arctic Fox]

Yep, I had that happen to me a couple times. Once they were sending spam messages through my email form until I upped security on it, and another was just emails using a return address with a random name from basestationzero.

I didn't have anyone complain to me about it - I'm assuming that the recipients would just visit my site and realize I don't sell "v1ag.ra" or offer home loans.

[Leananshee]

Quote:

Originally Posted by ehbowen

Some low-life scum-sucking spammer has just hijacked my domain name for his deranged work. My catch-all email account picked up 2500 "Delivery failure" (or similar) messages just this morning, all from bogus email accounts in my domain.

2500? Ouch, but you were lucky it was just that. It is, however, sufficient to go after the scum-sucking individual in question for fraud on a level that FTC would take notice of. Your post prompted me to do a bit of research. See below.

Quote:

Originally Posted by ehbowen

Question: Is there anything I can do about this? If so, what?

Do the bounce notices carry the original message? If so, burn a copy of them on disc and contact the Federal Trade Commission (this, alas, will only work if the spammer is in the U.S.). Alternately, check out www.knujon.com (they allow bulk uploads) who can trace the source of the spam using a forward traceroute using the links in the message itself (which have to be good if the spammer wants to be profitable). But even if the original messages are not present, contact them and ask if they can trace it anyway. I'd be curious myself.

[Leprakawn]

Good post, Tim. Too bad I have not kept any that bounced back... supposedly coming from me. However, I know what to do next time it happens.

[Leananshee]

Quote:

Originally Posted by Leprakawn

Good post, Tim. Too bad I have not kept any that bounced back... supposedly coming from me. However, I know what to do next time it happens.

Thanks.

It's easy for these folks to spoof a domain and do a dictionary deluge of e-mails based upon it. That's how they generate address lists to send to, as well (and sometimes they actually verify them, but not often).

I could easily buy their software and generate lists by their domains to poison their lists, but I'm not giving money to these wags anytime soon.

So, any of you know of something out there that can generate a list of addresses by domain, customizable to how these spammers put their addresses out (ie number of letters, random names, etc) that can then put same in a mailto: link (either empty or the address repeated between the a tags)?

In this, I'm not ashamed to admit I am a complete novice.