Damn Spam posts!

Lessss said:
Ask em for a free sample, they'll stop emailing.
:lol: <snort>
I wished all spam-drop requests worked that easy! :wink:

Touché and nods in your direction, KF
 
Funny thing, I got two spam E-mails today from China. Sent them to dev/null after letting Spam Assassin know about them.
 
I'm just wondering how they got my email since it's not really posted anywhere.
 
Greetings -

I think now it the time to begin construction of a Directory of companies known to share emails with Spammers. Allow me to be the first:

DinoDirect
I recently purchased two Hi-Powered LED flashlights from DinoDirect. The transaction was paid using paypal. Recently I changed the email account with pp as part of a larger effort to constrain spam. This was the first purchase using pp with the new account.

  • On 8/11/2012 – I made the purchase from DinoDirect and since then – almost daily – I’ve been getting emails directly from them using the email address I provided to pp; no isolation, no privacy, here’s all my virtual dirt shared to the merchant. I haven’t received my flashlights yet, and I’m tired of the nearly daily drivel from Dino, so I elected to unsubscribe from their marketing list – Yesterday.
Today, in my inbox is spam supposedly sent from Facebook from a company called "Americanflashlight Whosale 希望与大家分享照片和更新状态"

Coincidence? I think not since I use a different account for FB, and not only that – but my page is empty; I don’t use it except for Development. The address this spam used was the one given to paypal and shared with DinoDirect.

I just filed a complaint with pp. Once again, I will have to change my email address because once this starts... it's like a snowball rolling downhill.

In addition, eBay is also as guilty as pp for exactly the same reasons. Fortunately I have eBay isolated and am able to fix the problem at my end.

There it is. Know your enemy. Report Spam.
Buggered, KF
 
Jason27 said:
I'm just wondering how they got my email since it's not really posted anywhere.

Merchants you've done business with perhaps? I just assume anytime I use an email addy for buying anything it WILL eventually be used for spam. Close friends/family get one email addy, everybody else gets a throwaway.
 
Ykick said:
Jason27 said:
I'm just wondering how they got my email since it's not really posted anywhere.

Merchants you've done business with perhaps? I just assume anytime I use an email addy for buying anything it WILL eventually be used for spam. Close friends/family get one email addy, everybody else gets a throwaway.
Yep. My new M.O. :x
~KF
 
Also, if you use any kind of common word or name (anything that might be in a name list or dictionary or other word list), even with a number added to it, spam computers will eventually send an email to it as they go thru their routine of sequentailly trying every possible name/number+domain, and when no bounce message is recieved back it will be added to the list of "good" emails, and those people will sell taht list to other spammers, and so on and so on.\


If you use an address that is essentially long random gobbledygook like
al32845871kro)y5j6b2a#ad-&#ga)_#g@domain.com
or some such, it is unlikely that anyone will ever spam it unless you give it out and someone gives it to a spammer, intentionally or not.

I tend to use different emails for different sites, as well as for different people--even my friends and family cant' be trusted, as they usually do nothing to prevent their computer being hacked or address books being harvested either by on-PC worms, or on-web hackers when they keep the address book online in their webmail. Every provider I have ever had has had their email services hacked at one point or another (or they sold the information and made up the hacking story to cover their butts), so there is no such thing as online security for that kind of information. Even my employers have lost information that way--I've had notifications of all of my private information being leaked becuse of stolen computers from offices, for instance.

I may create an email address just for a specific online transaction, and when it is complete I then remove the account. That way when they do start spamming me and selling the address to other spammers, it will be useless.

I used to report spam diligently, after researching where it really came from and who to report to at that provider--but I found that almost none of them cared, and I was actively told to stop by some of them (even though the address I sent to is actually specifically for such things!). I dont' blame them given that just from my own spam bucket I would be sending out up to hundreds of spam reports a day when I had the time. Once there was a program that could read outlookexpress's folders, and anything in the spam/junk folders you specified would be automatically searched and reports to the originating ISP generated and sent to the proper address. With that operational, I was sending out literally thousands of spam reports a day, as I usually had at least two or three thousand spams a day coming in between the various addresses I used at the time.

Eventually I gave up, as the problem only got worse, and essentially none of the providers cared to do anything about it. Many companies (like AOL) still operate "open relays" for email, which means that anyone that sets up a spam program on their home PC can send email thru it, and thus into the intarwebs of the world--this is where most of the spam comes from, because many providers disable the ports/etc needed for mail servers to run on their ISPs, so that you cannot run a mail server from home. (it's their token attempt at stopping spam)

Since virtually no one cares, the intarwebs are all clogged up with junk like this sent back and forth; it probably reduces bandwidth available more than all those people downloading "illegal" movies and music and stuff. But nothing changes, as it is too expensive to do anything about if people ahve to be paid to deal with it, and very few people would dedicate hours out of every single day to deal with the problem, and then actually prosecute spammers so they can't just go change their ISP and start over again (whcih is currently all that happens).


There is no perfect security. But you can separate your addresses, and only give your "favorite" one to people you truly trust. Use disposable ones for everyone else.
 
Thanks... think I cleaned up most of the poo...
 
Suppose there was a $5 fee to join ES. Not a back-breaking price. Payment through Google Checkout or PayPal. Maybe this would filter out some of the spammers.
1. Lurking would still be free.
2. The $5 would go to help cover cost of hosting ES.
3. To spam the site, the spammer would have to buck up. Not many of us buy ladies pumps or gucci watches, so I don't think spammers would come back once banned.

I realize this would be hard to implement, and turn away some legitimate new members. What about $1 fee?
 
There certainly was a spamfest this morning (GMT). At one point one of the spam bots was posting a new post here every 20 seconds or so, with a total that got into the 70's or more very quickly.

Charging an entry fee is one way that sort of works, one forum I used to belong to did that. It does dissuade a lot of people from joining, though, even if the fee is set very low.

Personally I think we're getting close to the point where some sort of membership check may be required before new members are allowed to post. It'll soak up moderator time, for sure, but probably not as much as gets spent dealing with the spammers. The big problem is that people tend to be a bit impatient and ES is truly global - there is someone reading and posting here 24 hours a day. If we don't want to discourage genuine new members then that means having a 24 hour a day authorisation service, which gets to be a bit difficult in terms of organisation.

One help at the moment is for members to take the time to report spam posts, which I think saves the mods having to find them and makes their job a bit simpler. Sometimes, like this morning, that's easy - at one point every single post on the "new posts" page was spam. At other times spotting spam is harder, so some spam posts stay around for longer.
 
How 'bout a 3-5 post limit for new or previously unused accounts? I can't think of many legitimate "new users" who need to post more than a couple times unless it's duplicate threads?

I always report this BS but maybe there would be a way to deputize some of us? Allow trusted, senior members to report and lock down suspected spammers until a full Mod has a moment to check it out? Maybe give us an "okay" button to alert mods that a legitimate user is asking real questions and above post limit can be lifted?

'sure dunno the answer but as a favorite movie line - "I'll piss on a Spark Plug if it will help!"
 
Ykick said:
How 'bout a 3-5 post limit for new or previously unused accounts? I can't think of many legitimate "new users" who need to post more than a couple times unless it's duplicate threads?

Brilliant. Or, a maximum number of posts per unit time - like 1 post per minute or 1 per 5 minutes, etc.
 
Question for a moderator: Say a user just posted 10 spams. Does it help the moderator for readers to report as many postings as possible or will reporting 1, 2 or 3 be good enough (is it enough for the moderator just to know the user name who posted spam)?
 
mark5 said:
Question for a moderator: Say a user just posted 10 spams. Does it help the moderator for readers to report as many postings as possible or will reporting 1, 2 or 3 be good enough (is it enough for the moderator just to know the user name who posted spam)?

Really good question, thanks.

I reported around 15 to 20 of the serial spammers posts this morning, but couldn't keep up. One of the spammers was posting every 10 to 20 seconds, so by the time you'd reported it and reloaded the "view new posts" page there were one or two more posts from the spammer already up. Most were the same spammer (supposedly in Nepal), who must have posted around 70 posts over the space of half an hour or so. If reporting one post is enough to flag all of them from that poster for deletion, then that would make reporting a heck of a lot easier.
 
mark5 said:
Question for a moderator: Say a user just posted 10 spams. Does it help the moderator for readers to report as many postings as possible or will reporting 1, 2 or 3 be good enough (is it enough for the moderator just to know the user name who posted spam)?

Good question! When you report them we mods get a red exclamation mark next to the thread title that tells us there is a problem. I usually log on and look at view new posts after I read and respond to messages.

We get a screen that tells us about the post, the IP and such of the post in question. If they only have one to 3 posts, I typically look at the origin of the IP, if it is from my personal list of spamming countries, the name gets banned, the IP gets banned and the posts are individually deleted, one at a time.

Because of the spambots, mrvass graciously gave us mods a new tool called "spam hammer" that allows us to nuke the name, all posts, and all IM's of the spammer with just a few key clicks. It does not ban the IP address however, so we still have to do that separately. This tool let me kill the spambot that posted like 15 or 20 posts quickly that Jeremy mentioned. (I like eTech skin and ban hammer does not work in that skin, so I have to change over to subsilver or prosilver [forget which] to get ban hammer, eradicate the spammer, then change back to eTech.)

So if the spammer only has 1 to 3 posts, try to report them all. If a bot breaks through and spams 20 or more, at least for me, report a few and "ban hammer" will get all the rest. Other mods may operate differently.

Final note, please never post in a pure spam thread. It takes extra steps to delete a thread. If we use "ban hammer" than the "good guys" posts will be left behind and take extra effort to clean it all up.

We appreciate you guy's diligence in reporting!

EDIT: PS we should thank amberwolf who was up half the night trying to prevent the spam bot breakthrough! For every one I caught that broke through it appears he nailed 15 or 20 before! Also Justin and mrVass that dithered the server front end to temporarily stop this spam attack.
 
Thanks for that insight into the way spam reporting/killing works, bigmoose.

It seems the real problem isn't the spammers that just post a couple of ads, it's the really effective (from their perspective) ones that post dozens very quickly. Between around 07:30 and 08:30 (GMT) this morning, one spammer hit the forum with over 60. I noted he'd posted 64 messages, but there were more after I gave up trying to keep up so I reckon he must have hit the forum with 70 or so posts. The effect was to wipe out the "view new posts" page for the best part of an hour, as every single visible post was spam.

In that case, the majority of the spammers posts were in different threads, although he started to post multiple spam posts in the same threads after a while, meaning some threads had two or three spam posts. I tried to report most of the posts, as did at least one other person at the same time (some of the posts I tried to report were reported already). From what you say, we still need to report individual threads with spam posts, to ensure the exclamation mark appears, but don't then need to report multiple spam posts from the same spammer in the same thread, is that right?

It would be good if reporting a post temporarily suspended posting rights to that user (as long as it wasn't abused). Such a feature would have stopped this morning's spamfest within a few seconds.
 
bigmoose said:

Final note, please never post in a pure spam thread. It takes extra steps to delete a thread. If we use "ban hammer" than the "good guys" posts will be left behind and take extra effort to clean it all up.
 
want 100% spam solution?
want to maintain a free $ forum?

MODERATORS!

PM me to find out how.
 
thanks for the vote of confidence. I can leave just as easily as stay.
BTW, there's a heart beating in the middle of my dumb ass.
If it's unwanted, it won't be the 1st time, sir.
 
I do find it humorous that you presented an anti-spam solution in the exact way that a spammer would present some product they're hawking, lol.
 
Back
Top