Re: Summer of Code 2008

So it appears I won't be allowed to sign up as a mentor unless and
until I reveal to Google one of my e-mail addresses, at which point
Google will sell my e-mail address to spammers who will flood that
e-mail address with spam so that later if Google Lisp managers or
my student (whom I'm mentoring) send me e-mail I won't see it
because it'll be mixed with tens of thousands of spam, like this:
From: D Herring <dherr...@xxxxxxxxxxxxxxxxxxx>
Register one address at spamgourmet.com; then give google a
disposable alias.

1. If you haven't done it yet, create a spamgourmet account. Enter
your user name and the email address you want to be protected. You
will be asked to identify the word in a picture and pick a password.

My access to the net is only over VT100 emulator dialup to Unix shell.
There's no way to see images here, so I can't get an account.
Besides, it's well known that image CAPTCHAs have been defeated by
spammers already, who are deluging Yahoo! Groups with spam.
So what's the point of preventing me from getting an account while
allowing spamers to get hundreds of accounts per hour to use as
dropboxes for spam sent from trojaned MS-Windows machines on
ComCast DSL connections?

3. After you have confirmed your protected address, you can give out
self-destructing disposable email addresses whenever you want. The
disposable addresses are like:
someword.x.user@xxxxxxxxxxxxxxx
where someword is a word you have never used before, x (optional) is
the number of email messages you want to receive at this address (up
to 20, and the number 3 will be used if you leave it out), and user is
your username. ...
This disposable email address will be created here the first time
BigCorp uses it (you don't have to do anything to create it), and
you'll receive at most 3 messages, forwarded to your protected
address. ...

That's a crappy system. Spammers who learn of this system can
generate their own variations of your address, such as
jfhkadh.20.user@xxxxxxxxxxxxxxx, and promptly send you twenty spam,
then create another address such as
fongirt.20.user@xxxxxxxxxxxxxxx, and promptly send you another
twenty spam, ad in finitum.

A better system would be where *you* create those variant addresses
and nobody can send you even one e-mail until *you* officially
create such an address on the system. To handle the case where
you're in a hurry and forget to create an address which you gave
out to somebody, and that person already tried to use it but got
the e-mail rejected, the system should keep a record of all
attempts that failed (either because the address never was created,
or because the message-count expired), and the system would send
you a summary once per day listing all the addresses that were
failed and why each one failed, and you could fix the problem by
creating the new address or authorizing more messages at an old
expired address, then tell your penpal to please try again.

So how would a spammer harvest the basic address
user@xxxxxxxxxxxxxxx in order to then be able to generate
pseudo-random new prefixes? By taking over MS-Windows systems,
haresting the address book on each, also harvesting the local
address of the owner of that address book, and then mass-mailing
e-mail to each entry in the address book asking to confirm that
their e-mail is still working, then when a reply comes back going
to that IP number of the SMTP client to see if that machine is
vulnerable to taking over.

AFAIK, I've never received spam due to my spamgourmet account
(which has had access to very low usage addresses); but it has
eaten thousands of junk messages.

What's your spamgourmet address? I'll clone a thousand variants and
send 20 junk mail to each address and watch you realize how stupid
you were to recommend this "service" which has this fatal flaw.
.

Relevant Pages

  • Re: SPAMmers getting smarter
    ... Some malignant agent has sent out a SPAM e-mail to ... the proliferation of SPAM emails on RMIM. ... valid RMIM discussion topics to the 2nd or 3rd page of Google groups ... option because most spammers use generated ids and keeps generating ...
    (rec.music.indian.misc)
  • Re: How Search Engines SHOULD Be Managed
    ... >>* Blame Google for unintentionally giving incentive for Web spam ... > SE spammers had incentive to spam long before Google, ... > course, just a matter of time before the spammers figured it out, even ...
    (alt.internet.search-engines)
  • Re: SPAMmers getting smarter
    ... Some malignant agent has sent out a SPAM e-mail to ... the proliferation of SPAM emails on RMIM. ... valid RMIM discussion topics to the 2nd or 3rd page of Google groups ... option because most spammers use generated ids and keeps generating ...
    (rec.music.indian.misc)
  • Re: What to do about off-topic spam?
    ... newsreaders versus the Google Groups ... filtered and new spammers worthy of the killfile. ... topic because it was very clearly spam for this newsgroup. ... I would love to see newsgroups inundated with a flood of common sense ...
    (alt.usage.english)
  • Re: increase in spam and what to do about it
    ... because your potential customer is using an ISP that happens to get ... As fast as you can come up with a trechnical solution the spammers will ... doesn't stop spam but is very likely to make the innocent pay for it. ... organization, ie. ISP - include hefty fines in your customer contract, ...
    (comp.os.vms)
Loading