This is how a single lapse in e-mail address dilligence two years ago can result in an ongoing flood of hundreds of spam messages per week.
As you know my system was down for a couple of weeks while I moved. This morning “go through my e-mail” was at the top of my To Do list. Of course, going through 785 messages (not including this week’s) would take time. And, of course, the majority of it was spam. Hence I decided that today would my (usually only one) day this month when I would crawl through the spam building and updating filters.
I had been at it a little over two hours already when I decided to try to find the reason one particular address takes in over 75% of the spam I receive.
I have a number of e-mail addresses (see The Spam Plan for ways to use custom e-mail addresses to help fight spam) that forward mail to my primary address. Some are former e-mail addresses I’ve used–for example I keep alive by agreement with the purchaser certain addresses from the domain that was owned by the design agency I sold.
One such address–we’ll call it please@spamme.com–is responsible for more than 75% of the spam I receive. Of the 785 messages, 496 are to please@spamme.com. Of those three are legitimate.
I’ve seen this address building spam for quite some time, but haven’t had the time to really look into it. This surprised me since please@spamme.com was an address I used solely for business, and even then I was very protective of it. After some investigative work I tracked it back to a single event that compromised that address.
The event was innocuous, something done by a friend. It was a refer-a-friend form.
In October of 2001 my friend (I won’t mention Chris’s name so he doesn’t feel guilty) found a very funny cartoon online. Wanting to share the cartoon with me, my friend used the page’s “send this to a friend” form, entering in my please@spamme.com address. I got the e-mail, enjoyed the cartoon, and didn’t give it a second thought.
A few months later a couple of spam messages appeared. It progressed from there until today, when that address receives an average of thirty to fifty unsolicited advertisement messages per day from a variety of sources.
The site that hosted the cartoon (and the “Tell A Friend” form) was Boneland.com.
Who would have thought that such a simple action as sharing a cartoon with a friend could wreak such havoc?
In all likelyhood, BoneLand.com took (takes?) the list of e-mail addresses the “Tell A Friend” form generates for them and sold (sells) the list. Most of those such forms either copy the webmaster on referral messages people send or simply write the sender’s and recipient’s e-mail addresses to one or two flat-file databases. To make a few extra bucks–and BoneLand.com’s Tyler does his very best to make a few extra bucks at visitors’ expense–it must have sold the list containing my please@spamme.com address to a spammer or address broker. Then that list was added to, reorganized, and sold again. And again. And again. Eventually please@spamme.com was in the hands and the databases of at least dozens of spammers–probably many more.
And that brings us back to today, with me sitting before hundreds of messages sent to please@spamme.com.
I’ve analysed the legitimate mail received by please@spamme.com over the last two years, and I’ve set a local Outlook filter to kill everything sent to that address except those from legitimate sources. As soon as I have notified the senders of legitimate mail that that address is no longer valid, I’ll set my mail server to turn away all mail to please@spamme.com. I’m toying with the idea of having it sent to BoneLand.com.
Y’know, it’s a strange world in which I feel a sense of empowerment–in which I want to yawp victoriously–because I’ve found a way to limit my freedoms.
Post Script: If you go to BoneLand.com now–and can get through the five separate placements of standard banner ads, multiple popup and pop-under advertising, and even those annoying ads that slide across the middle of a page and hold for five seconds–you can read how the site was allegedly hacked to “spam 50,000 unsuspecting net users under the Boneland name.” Even more deserving is the response from BoneLand.com’s hosting provider, which Tyler describes as “great folks at Bungling Hosting who immediately shut down my site for hours without a word to me about it. Thanks guys. Your professionalism is exceeded only by your top notch customer service.” It’s kind of like one of those “satisfying crunch” candybar commercials, isn’t it?
its okay man… you can blame me.…. every one else does.….….
at least update me with new contact info…
on a side note…
when you gonna send me my care package?
Wow! This rant is over two years old now and it’s the first i’ve ever heard of it. I do hope my comments about this will be allowed to be read.
To start with, Pariah, i respect your frustration with spam and unsolicited email, i myself receive hundreds of junk emails a day despite my best efforts at privacy. And as such, i have never, and will never send anyone unsolicited email or give, sell, trade, etc email lists that i have obtained through subscribers to my (long defunct) mailing list.
What happened a few years ago which in all likelihood explains your woes was that a form on my site used for receiving user feedback was hacked and used as a spring board for some scum bag spammer. The form was freeware, and i’d been using it for years but not being much of a coder i had never known it was a liability until the spamming occurred. That much i can take responsibility for.
Fortunately my host at the time put a stop to the spammer, and as you’ve quoted me above, the unfortunate part was that they jumped to conclusions, as you yourself have, and assumed the spamming was done by me.
I’ll say this once more, i’ve never, ever, sold my mailing list. I made that abundantly clear for all the years i collected email addresses from loyal users. Over 17, 000 folks joined that list and i never heard a single complaint.
As for your pot shots at my site, Boneland.com, for it’s disgusting over use of advertising; guilty as charged. For a long time Boneland.com was a wasteland of ads and i’ve never been happy about it but unfortunately it was the only way to sustain the hosting costs of running a bandwidth intensive site with Boneland.com’s popularity. Back in the day i tried every angle to keep the site up without the ads but in end, anyone who runs a flash site knows they’re a necessary evil.
I’m sorry that events originating on my site, even two years ago now, caused you enough trouble to feel the need to write about it and i hope you accept my version of the events for the truth that they are.
Tyler Gibb
Boneland.com
ps. I’m glad you liked the cartoon.