(no subject)

[katyism.livejournal.com]

Quick: Will someone PLEASE provide me some reputable information about the spam 'technique' where a user gets spam addressed to other users with usernames that begin with the same few letters? I've got a very irate complaint from janeprofessor@myuniversity.edu because she's getting spam addressed to janestudent@myuniversity.edu and thinks we should contact Jane Student, Jane Otherstudent, Jane Smith, and Jane Johnson (you get the picture) and have them all pay to get their username changed because spammers are "typing it in wrong." I want to explain to this lady that spam is 'addressed' to a long list of users with the first few letters of their address being the same, but I can't explain it very well. Thanks to anyone who can help.

Comments

Worst place you can ask for reputable info!

[dazzedelf.livejournal.com]

take her email address and use it to register for a bunch of free surveys and other spams lists. She will get so flooded with spam she will no longer be worried about other people's spam problems.

Just to warn you, this was probably the worst community to ask for help on, and not expect a whole bunch of sarcastic remarks and some caustic comments pointing you torward the user info page.

Re: Worst place you can ask for reputable info!

[katyism.livejournal.com]

It's her own spam problem, she just thinks that if those others change their usernames, she'll stop getting their spam. Hello, lady, it is YOUR spam too. If I make her get more spam, she'll just send me more irate emails.

Re: Worst place you can ask for reputable info!

[dazzedelf.livejournal.com]

What if you flood her box so bad it exceeds the mail quota so she can no longer send messages?

Re: Worst place you can ask for reputable info!

[katyism.livejournal.com]

Heh, I get fired. Unfortunately, retaliatory actions have to be very subtle around here.

Re: Worst place you can ask for reputable info!

[anivair.livejournal.com]

Let her know that she's getting her own spam. those people are getting spam from the same source, but it's not as if it came from them. that's why they're listed in hte TO field and not the FROM field.

Nah, she's legal.

[swwinchester.livejournal.com]

Dude, this is Katyism asking : She's been around here so long it's not funny, and she's a trench warrior. She's got an earned right to ask a question of her fellow techs without getting flamed to a crisp.

You rest at -10 points for failing to understand the community's unwritten double-standard : Specifically, we're perfectly capable of giving out friendly, reliable, and reputable info, provided it's not being requested by random end-user.

Re: Nah, she's legal.

[dazzedelf.livejournal.com]

actually I never flamed her, I warned her and gave her a response, that while completely unethical, would theoretically work.

Re: Nah, she's legal.

[kalium.livejournal.com]

Nothing is unethical when dealing with lusers.

Re: Nah, she's legal.

[valiskeogh.livejournal.com]

then she should know how to take it with aplomb!

i usually just tell em that spam is something that comes with having an email address. delete it and move on is the best you can do

Re: Nah, she's legal.

[kizayaen.livejournal.com]

+1

and +1 to katyism too, just 'cause I feel like it.

Re: Worst place you can ask for reputable info!

[valiskeogh.livejournal.com]

Ditto on this one, she needs to go and put her REAL name when she signs up for porn newsletters.

[gilmoure.livejournal.com]

Explain that it's a computer generated list with names numbering in the millions. Also that she should grow a pair, learn how to mark mail as spam and find a nice cactus to sit on.

[jecook]

+5

[fnordx.livejournal.com]

In order to get around a lot of spam-detection systems, spammers will address a spam mail to one address, and then BCC it to X number of people, where X is the number of people that ISP will allow. Normally it's around 50, but a lot of the time they'll just pick the first two or three letters, and send to all email addresses in their list with those letters.

Because the message is BCC'ed, they won't see all of the addresses on there, just the one email address that is required that they put in the to: field.

[inahandbasket]

seconded.
BCC really annoys people who pay attention to spam.

[katyism.livejournal.com]

What about issues where all the usernames they send to do happen to be valid?
In this case, we have a user named cat, and a user named catadavi. cat is irate at getting spam addressed to catadavi. There are more than 50 possibilities from cat before you get alphabetically to catadavi... this cat lady won't accept the fact that she and catadavi probably just both weren't very careful about mangling their email address on their website and got it harvested. Ugh. There is no explaining to some people.

[fnordx.livejournal.com]

There may be more than 50 possible email addresses, but that doesn't mean that all 50 of them exsist, or that the spammers will try all 50 combinations. More than likely, her address is on a spam list, and they were sending email to everyone on that domain with the ca* email address.

[katyism.livejournal.com]

I'm waiting on her to decide whether she wants to send me the headers or not, to find out for sure.

[trixtah.livejournal.com]

You won't see the BCC'd addresses in the headers - that's the point.

[kalidor.livejournal.com]

Idle wondering ... just to shove in her pie-hole ... can you get the logs for the mail server around the time the email came in. If it was a case randomly generated names as opposed to harvesting (which I am not saying it is .. just in case) .. you should be able to see "user unknown" failures for all the permutations tried between Cat and Catadavi.

[taleya.livejournal.com]

this is part of the one I wrote (edited somewhat and removing other company stuff):


This issue is caused by a dictionary attack, sometimes combined with usage of the BCC field to conceal the true number of recipients.

A dictionary attack is where a spammer uses a list of common names or words to generate a mailing list of email addresses at any given domain, such as the domain. As an example, a dictionary attack on the letter 'M' would send emails to maree@xxx.xxx.xx, mareesmith@xxx.xxx.xx, mariana@xxx.xxx.xx, etc.

The BCC field is a field used to conceal addresses of recipients. As an example, if I wanted to send this email to both you, and my personal address for followup later, i would put your email address in the 'To:' field, and my personal email address into the 'BCC:' field. I would receive the email in question, however it would appear to be only addressed to you in my inbox.

[taleya.livejournal.com]

such as the domain. *Insert domain name here*

dammit, forgot about LJ eating < and >

[katyism.livejournal.com]

Got it anyway, thanks. This is along the lines of what I was looking for, just I'm so terrible with phrasing.

[taleya.livejournal.com]

feel free to use, abuse and generally fuck about with :)

[mouser.livejournal.com]

You didn't mention Zombie computers (machines taken over my viruses that will take entiree address books and use them to generate spam.

*-*-*

You should send her stuff addressed to yourself, with her in the BCC address. In fact, everything you send to her should be addressed that way.

[taleya.livejournal.com]

You didn't mention Zombie computers (machines taken over my viruses that will take entiree address books and use them to generate spam.

I generally don't on the BCC response. I've been working abuse now for a fair few years for an ISP...and they just. Don't. Get. It. My god, they bitch and moan and tear their breasts over 2-3 spam emails a day. (and boy am I tempted to just take the filtering off their mail when THAT happens) Mentioning zombie machines is nothing but pure knowledge wanking and let's face it, the customer doesn't give a flying shit about that.

Keep it short, simple and stupid. Just like the cunstomers :D

[flainn.livejournal.com]

Tell her she's not the one in charge, and that she should be thankful to be receiving your services.

[toxico.livejournal.com]

Above and beyond the user's expertise, but the address listed in the To: field as it appears in $email_client is not necessarily what's in the header of the message.

[katyism.livejournal.com]

Right. I'm looking for some scholarly way of proving to her without going into technical details too much. She wont' send me the fucking headers!

[toxico.livejournal.com]

Use a lot of vague colloquialisms referring to spammers as "They." Make them sound like the Taliban and ensure that their methods take on a sort of mystical tone. :P

Then tell her to go to the store, buy some Tide To Go, and rub it on the screen while singing 'that song.' After that, proclaim your love for Chumbawumba.

She should leave you alone after this, and with a little luck you'll get a paid leave of absence for mental health reasons.

[kalidor.livejournal.com]

Wow, haven't seen from ya in a while o.Ox;;

Sorry to hear the profs there are about as email savvy as the managers here ... <_<x;;

[katyism.livejournal.com]

do i know you?

[kalidor.livejournal.com]

Not pariticularly. Just meant haven't seen a post from ya in one of the geek communities.

Dunno, guess you always stuck out as either having some insight beyond what I am used to reading, or users I wouldn't wish on my worst enemy.. ^^x;


I guess your posts just always make an impression.:)

[katyism.livejournal.com]

heh, cool. i've been too BUSY lately to have time to post here. damn job.

[kalidor.livejournal.com]

Hehe .. such is life.

Uhm ... mind if I friend ya ... like I said .. you've been making an impression :)