Category Archives: spam

your website sucks in so many ways

Well, maybe not yours, but if it qualifies for the following rules, it does. So check em out.

  1. You can’t store my name. My name contains something called an umlaut which is used in Germanic languages like German (duh) and Dutch for instance. My name either turns up with a missing letter, or I get a funky character instead. It sucks. It means you can’t handle unicode or encoding properly. It sucks.
  2. You send me my password in plain text email right after I register. Well, ok, the email used HTML encoding, but that doesn’t make it any better. Email is not safe. Really, it isn’t, so I’m glad I didn’t use a password that looked anything like a password I use anywhere else. This makes me think your coders don’t know what they are doing.
  3. You chopped off my password after n characters and didn’t even warn me about it. Yep. As soon as I’m done registering I get this error message that my password is wrong. I just gave it to you silly twat, and it’s still in my copy buffer dammit, so it can’t be wrong!? Guess what happens when I do that password recovery thing by the way. Oh yeah. I get my password in plain text again, in my mailbox.
  4. I find out there are some privacy settings in my account settings which where not presented to me when I created my account. How odd? Not really. Apparently I automatically opted-in on a bunch of possibilities to commercially exploit my info. Nice… not. I hate spam. It sucks.

Most of these are so easy to come by that it’s sad to see these practices still in use. Try any good web 2.0 service and you’ll see how to avoid these pitfalls, and learn about encoding dammit. Also if you’re registered to the Belgian newspaper site of Het Nieuwsblad, make sure you check your privacy settings, and skip on some of the spam-features they have. They suck.

Photo by Sinsong, cc-licensed

why catchall isn't such a good idea after all

I wrote before on how I used the so called catch-all feature of the mail server to be able to use instant email addresses when subscribing to all kinds of stuff on the interweb right?

Well it turns out that this is a sweet idea as long as some lame-ass piece of spamming cunt doesn’t start using your domain in his random email generation script.

As soon as that happens you start getting huge amounts of error and anti-spam messages that bounce off email servers all over the net as the spammers mails hit unexisting addresses, or servers running some sort of email validation software.

So if you are using this catch-all, make sure that there is some way you can make the difference between the email sent to an address you are actually using, and the ones spammers have been so kind to invent for you. That way you can easily filter them and dump everything sent from fake addresses into a separate folder without having it clutter your inbox.

more spam

night vison by n3wjackFunny, but the weekend seems to be the ideal time for spam bombardments. I’m getting hit by a ton of bounce emails from fake spam mails sent using my domain. This is a smart trick from the spammers of course, since they don’t give a toss about any possible replies, and even less about any of the mails that bounce off the servers because the recipients have long killed their address.

It suprises me a bit that so many servers don’t seem to be able to recognize the most blatant spam messages about getting bigger schlongs. Seriously that’s the word I’m seeing used frequently. Schlongs.

No wonder that spam is accounted for 90% or so of the internet traffic these days, and I’m not sure if bouncing mail due to it is also caught into this equation. I hope so. Damn.
It just shows how flawed the concept of email is nowadays. It simply wasn’t meant to be used like this I guess.

So who will invent the new email? It’s about time dammit.

spam bam thank you mam

air mail by 'smilApparently I’m caught in what seems to be the receiving end of a spammers attempt to use my domain name as the vessel for creating random email addresses for his bulk of the day.

I keep getting replies from mail servers all over the interwebs telling me emails either got refused or that the recipient address simply doesn’t exist. I get those in my mailbox because I’m using a catchall forward for any mail that gets sent to my domain as an admin.

The problem with email, known to anyone with a bit of knowledge of the protocol, is that this kind of (harmless) domain hijack is something that any fool with the right tool can do, being it a simple mail client.

So if you ended up getting a lot of email from people with oddly looking user names from my domain, well… I’ll have to quote Bart Simpson and tell you it wasn’t me.

how i almost fell for domain admin spam bait

Spammers have a lot of tricks up their sleeves lately, and I almost fell for one of them a few weeks ago. I got this German email that looked like I was being sued for something. Now I don’t master the German language, but it’s close enough to Dutch to get the general idea that someone thought that I was some vile spamming bastard, and they where going to get my ass for it too.

This is kinda scary really, because the text itself seemed to be legit. Not that funny Ingrish style stuff you know is spam, but that typical lawyers style incomprehensible lecture.
What triggered a little alarmbell in my head however was that there where some odd looking email addresses in there, and none of them where from the same domain.
First of all it was sent to the info@ address of my domain, which I don’t use or publicise, but since emails are automatically forwarded to my general account I get them anyway. The domain the email came from was also not the domain who had been receiving the spam, which doesn’t make much sense. Last, the lawyer to contact concerning the matter had an odd looking address as well.

So instead of replying to the email telling them they probably made a mistake, which was my initial intention, I forwarded it to someone who actually speaks German and could help figure out if this was for real or not.

He got suspicious as well about the email addresses, and he also knew that the domain the email was coming from was known for it’s free email accounts, which where frequently used by spammers to spread their junk. That, together with some Google searches on phrases from the email made it clear this was just a bait email.

It turns out the content of the email was actually put online by a real lawyer, to be used as a template for anyone who had been targeted by a spammer. But now spammers are baiting domain admins with this, by randomly mailing general email addresses hoping they will reply anything, which will give the spammers yet another active email address.

Here’s the full email in cause you’re interested.
Don’t let these bastards fool you!

wordpress vs comment spam : 1-0

Since I switched from Blogger to WordPress I have been getting more comment spam. Blogger used a captcha technique which seemed to be blocking the spam, or maybe just because my blog wasn’t quite that visible to spammers on Blogger. But now that it’s on WordPress things are different.

In fact, I’m guessing that those handy blog-ping update services are used by vile spammers to detect new blogs using blogging software like WordPress that their spamming scripts are written for.

Bastards!
Early this week I was getting hit by another spamming round and I was getting unintended notifications of these crap posts in my GMail because of emails bouncing from the invalid auto-generated emails.

I cleaned up the spam comments asap, cause I hate to see them pollute my blog, but I wanted to find a more permanent solution for the problem.

I didn’t quite think of it but WP already has a plugin ready for spam control called Akismet. I didn’t activate it before because I had to go through the trouble of getting a WordPress API key from the WP site. This time the spammers annoyed me enough to do so.

Posts now get automatically scanned by the Akismet engine, and right now it has trapped 37 comments, all spam, and I didn’t have to do jack for it.

Nice!

So for anyone out there with a WordPress blog and a spam problem. Get that plugin registered and relax. It’s sweet.

fun with boring spam

SPAMIt’s interesting to see how spammers keep finding ways to circumvent the latest in spam detection technology.

A new tactic seems to be that in order to have their emails passed the spam detection filters, they start writing pretty damn normal emails. I mean like, seriously, who would have thought. It’s back to square one I guess, and with emails like this, it’s even becoming harder to detect the rotten apples in your own inbox on sight.

Bugger.

You might even start replying to the spammer in question, because you think he somehow send you a message that wasn’t intended for you?

> —–Original Message—–
> From: Greg [mailto:AlfredaKimball@notreallytheaddressitwas.de]
> Sent: maandag 15 mei 2006 10:02
> Subject: Erections are still possible Garry
>
> There are 100’s of websites to buy medication for Erectile
> Difficulties, but not for 1.56 cents a pill. We have some of
> the lowest pricing on the internet.
> If you are already paying hundreds of dollars, then you should visit:
>
> http://regentq4afe2d3d4vvoqq1d88jd88q.defacerjl.com/
>
>
> Sincerely,
>
> Greg
> Customer Service Team
>
>
> cloudburst you bellicose me, bask coed abe . adhere you
> irrespective me, cyprus . zombie you berg me, iconoclast
> vagary divert cupid .
> baylor you bart me, merrill . deposition you manor me, aware
> . noaa you ouch me, devise .

Dear Greg,

I think you have to wrong guy here.

First of all, my name isn’t Garry. I don’t know the poor sod, but judging from your email he definitely needs some help. Second I don’t have erectile difficulties, thank God (and I’m not even religious). Where did you pick up the word “erectile” btw, it’s kinda funny.

Anyway, I don’t have those kind of issues. Oh and by the way, I don’t want my “hotrod” to be larger than it is either, in case you have pills to fix that as well. I got a bunch of emails about that too, but I can’t remember who those where from. Oh, and don’t get me started on the increase your jizz kinda pill. What the hell is up with that? Which girl is going to be pleased with that I wonder? You’ve been watching too much porn if you think every girl wants a double pearl necklace my friend. Too much porn can give you funny ideas like that. Like thinking that a girl hasn’t had a good day until she has some tripple penetration and her fair share of ooh yeah babies or oh my Gods (yep, on the religious tip again). So turn off that BitTorrent client of yours and stop wasting so much damn bandwith on smut!

But I degress.

I do have one more tip for you however Greg. You should really try and get a more intuitive domain name for your website. There’s no way I’ll ever remember going to http://regcntq3efe1d2c4vv0qq1d88jd8bq.defacerjl.com/ if I would end up having those manly problems at some point. Can you even remember that name? I think not!

An URL like that will not turn up in any Google searches relevant to you business either, which isn’t good for your return on investment.

Kind regards,
n3wjack

ps: I think there’s something wrong with your email software as well. There’s some weird jibberish in your email footer. Maybe check out Thunderbird oslt, cause it rawks.