How Spam Can Happen

This is how a sin­gle lapse in e‑mail address dil­li­gence two years ago can result in an ongo­ing flood of hun­dreds of spam mes­sages per week.

As you know my sys­tem was down for a cou­ple of weeks while I moved. This morn­ing “go through my e‑mail” was at the top of my To Do list. Of course, going through 785 mes­sages (not includ­ing this week’s) would take time. And, of course, the major­i­ty of it was spam. Hence I decid­ed that today would my (usu­al­ly only one) day this month when I would crawl through the spam build­ing and updat­ing filters.

I had been at it a lit­tle over two hours already when I decid­ed to try to find the rea­son one par­tic­u­lar address takes in over 75% of the spam I receive.

I have a num­ber of e‑mail address­es (see The Spam Plan for ways to use cus­tom e‑mail address­es to help fight spam) that for­ward mail to my pri­ma­ry address. Some are for­mer e‑mail address­es I’ve used–for exam­ple I keep alive by agree­ment with the pur­chas­er cer­tain address­es from the domain that was owned by the design agency I sold.

One such address–we’ll call it –is respon­si­ble for more than 75% of the spam I receive. Of the 785 mes­sages, 496 are to please@​spamme.​com. Of those three are legitimate.

I’ve seen this address build­ing spam for quite some time, but haven’t had the time to real­ly look into it. This sur­prised me since please@​spamme.​com was an address I used sole­ly for busi­ness, and even then I was very pro­tec­tive of it. After some inves­tiga­tive work I tracked it back to a sin­gle event that com­pro­mised that address.

The event was innocu­ous, some­thing done by a friend. It was a refer-a-friend form.

In October of 2001 my friend (I won’t men­tion Chris’s name so he does­n’t feel guilty) found a very fun­ny car­toon online. Wanting to share the car­toon with me, my friend used the page’s “send this to a friend” form, enter­ing in my please@​spamme.​com address. I got the e‑mail, enjoyed the car­toon, and did­n’t give it a sec­ond thought.

A few months lat­er a cou­ple of spam mes­sages appeared. It pro­gressed from there until today, when that address receives an aver­age of thir­ty to fifty unso­licit­ed adver­tise­ment mes­sages per day from a vari­ety of sources.

The site that host­ed the car­toon (and the “Tell A Friend” form) was Boneland​.com.

Who would have thought that such a sim­ple action as shar­ing a car­toon with a friend could wreak such havoc?

In all like­ly­hood, BoneLand​.com took (takes?) the list of e‑mail address­es the “Tell A Friend” form gen­er­ates for them and sold (sells) the list. Most of those such forms either copy the web­mas­ter on refer­ral mes­sages peo­ple send or sim­ply write the sender’s and recip­i­en­t’s e‑mail address­es to one or two flat-file data­bas­es. To make a few extra bucks–and BoneLand.com’s Tyler does his very best to make a few extra bucks at vis­i­tors’ expense–it must have sold the list con­tain­ing my please@​spamme.​com address to a spam­mer or address bro­ker. Then that list was added to, reor­ga­nized, and sold again. And again. And again. Eventually please@​spamme.​com was in the hands and the data­bas­es of at least dozens of spammers–probably many more.

And that brings us back to today, with me sit­ting before hun­dreds of mes­sages sent to please@​spamme.​com.

I’ve analysed the legit­i­mate mail received by please@​spamme.​com over the last two years, and I’ve set a local Outlook fil­ter to kill every­thing sent to that address except those from legit­i­mate sources. As soon as I have noti­fied the senders of legit­i­mate mail that that address is no longer valid, I’ll set my mail serv­er to turn away all mail to please@​spamme.​com. I’m toy­ing with the idea of hav­ing it sent to BoneLand​.com.

Y’know, it’s a strange world in which I feel a sense of empowerment–in which I want to yawp victoriously–because I’ve found a way to lim­it my freedoms.

Post Script: If you go to BoneLand​.com now–and can get through the five sep­a­rate place­ments of stan­dard ban­ner ads, mul­ti­ple pop­up and pop-under adver­tis­ing, and even those annoy­ing ads that slide across the mid­dle of a page and hold for five seconds–you can read how the site was alleged­ly hacked to “spam 50,000 unsus­pect­ing net users under the Boneland name.” Even more deserv­ing is the response from BoneLand.com’s host­ing provider, which Tyler describes as “great folks at Bungling Hosting who imme­di­ate­ly shut down my site for hours with­out a word to me about it. Thanks guys. Your pro­fes­sion­al­ism is exceed­ed only by your top notch cus­tomer ser­vice.” It’s kind of like one of those “sat­is­fy­ing crunch” can­dy­bar com­mer­cials, isn’t it?