Have the spammers started with spamgourmet?

Discussion re sg development. You don't have to be a developer.

Have the spammers started with spamgourmet?

Postby tests » Sat Mar 08, 2008 12:23 pm

Today I got my first spam message, easily created as:

anyword.20.myusername (a) spamgourmet.com

I was written in Chinese. I guess that anybody knowing your username and also how Spamgourmet works could potentially spam you using hundreds of different "anyword"s.

I can naturally re-set this to 1 and hide it, but I think you get my point.

BTW, I love Spamgourmet.
tests
 
Posts: 2
Joined: Sat Mar 08, 2008 11:08 am

Postby SysKoll » Sun Mar 09, 2008 9:31 pm

That's why we have things like watchwords.

Most spam to random words that I ever receive was the result of broken address collection software that gave spammers a portion of an address (the last chars).
-- SysKoll
SysKoll
 
Posts: 883
Joined: Thu Aug 28, 2003 9:24 pm

Postby tests » Mon Mar 10, 2008 8:27 am

Thanks for your reply.

Yes, of course, but it makes it "less" practical, especially if you need to give your email to "somebody in the street."
tests
 
Posts: 2
Joined: Sat Mar 08, 2008 11:08 am

Postby sg-since03 » Sun Mar 16, 2008 3:51 am

...it makes it "less" practical, especially if you need to give your email to "somebody in the street."


Oh, for the good old days, before spammers discovered sg...

Now that things aren't idyllic, we have to work around it. My suggestion is outlined in two places:
http://bbs.spamgourmet.com/viewtopic.ph ... ight=#5190
http://bbs.spamgourmet.com/viewtopic.ph ... ight=#5196.

A little wrinkle for your requirements - prepare a few "generic-sounding" addresses ahead of time. (Refer to above...)
sg-since03
 
Posts: 46
Joined: Sun Sep 02, 2007 9:11 am

i'm an sg spam target. hide hidden from the eaten list.

Postby mcfnord_twice » Sun Mar 30, 2008 6:48 am

two days ago i became the "from" address of a spammer. they are prepending one, two, or three characters to the beginning of the email address. so i get a large number of bounces.

there are too many bounces to manually set the remaining count to zero, though i do this as a hobby now.

i could use a watchword but i don't really need to as gmail identifies all these bounces as spam-related.

I WOULD LIKE the three "recently eaten" to NOT SHOW items eaten by a hidden address.

those targets wholly lost to spam may as well disappear from this list. If I could specify them as hidden, then over time I would actually see useful information in this three-item area. For example, perhaps some deadman switches slipped past me. Showing all addresses here, including hidden addresses, makes volume huge in this area (just three slots), making it essentially fancy trivia, but I think it could be a useful space even for long-term users if it did not show hidden addresses in the list.
mcfnord_twice
 
Posts: 3
Joined: Sun Mar 30, 2008 6:36 am

Re: i'm an sg spam target. hide hidden from the eaten list.

Postby sg-since03 » Sun Mar 30, 2008 7:54 am

mcfnord_twice wrote:I WOULD LIKE the three "recently eaten" to NOT SHOW items eaten by a hidden address.


Um, that's already an option, available immediately below the log - "don't log for hidden addresses."

Perhaps you mean something else entirely, as discussed in the thread "Suggestion: "Don't log for hidden" OR rejected [@]," http://bbs.spamgourmet.com/viewtopic.php?p=5316.

[Self-serving, because I started the thread and would like it to finally get done, but maybe you have something worthwhile to add...?]
sg-since03
 
Posts: 46
Joined: Sun Sep 02, 2007 9:11 am

winner!

Postby mcfnord_twice » Sun Mar 30, 2008 8:31 am

you really have thought of everything. now i have two hobbies! first, designate perhaps 46,000 permutations of one, two, and three character prefixes as zero-remaining and hidden addresses as they're generated by my spammer friend (or alternatively switch to watchword until he goes away), and then watch that space for any one of my 700+ existing addresses that ought to become hidden. thanks, i'll send money again soon.
mcfnord_twice
 
Posts: 3
Joined: Sun Mar 30, 2008 6:36 am

Re: winner!

Postby sg-since03 » Sun Mar 30, 2008 5:15 pm

mcfnord_twice wrote:you really have thought of everything. now i have two hobbies! first, designate perhaps 46,000 permutations of one, two, and three character prefixes as zero-remaining and hidden addresses as they're generated by my spammer friend (or alternatively switch to watchword until he goes away), and then watch that space for any one of my 700+ existing addresses that ought to become hidden. thanks, i'll send money again soon.


Very funny, but no no no, you didn't read 'till the end. Again, here's my system:

1. Have one unguessable watchword, e.g. "supercalifragilisticexpialidocious."
2. Never use the watchword in an address. [Obviously...]
3. Create all new addresses on-site, using sg's
"send a message from one of your disposable addresses" feature.
(New addresses created this way are "exempt" from, i.e. bypass, the watchword requirement.)

Do this, and spammers can't touch you. Simple, effective, and far less time consuming than any alternative. The only fly in the ointment was discussed in the other thread, and now Syskoll has fixed that as well.

Addendum - no, sorry, we no longer have the option to "switch to watchword until he goes away" - they're not going away. Our days of flying under the radar are over; this is the situation we have to deal with, and I can't think of any other way to do so that works remotely as well.
sg-since03
 
Posts: 46
Joined: Sun Sep 02, 2007 9:11 am

Postby mcfnord_twice » Sun Mar 30, 2008 5:58 pm

i'm not ready to create each new address here at the site. one of the main features is my ability to construct a valid address with no internet available. i am thinking i can use a watchword such as 'xx', CAN MY WATCH WORD ONLY APPEAR IN THE FIRST PORTION, OR ALSO VALID IN THE SECOND PORTION?

so for example

foo.xx.me@spamgourmet.com

if they decide to target xx, then i can disable that watchword. i presume all the existing operational accounts still work, just no new ones. so i can still construct valid accounts without logging on here.

EDIT: Nope, I can't put my watchword in the second zone. This sucks. It means my first zone can't represent the institution I gave the address to so precisely. And for what? The second zone should be valid for watchwords, don't you think?
mcfnord_twice
 
Posts: 3
Joined: Sun Mar 30, 2008 6:36 am

Postby sg-since03 » Mon Mar 31, 2008 12:32 am

one of the main features is my ability to construct a valid address with no internet available

Yes! I know, that's what is really ... uh, lousy about the situation. Thank you, psychotic spammers, for being so hell-bent on spamming you'll even target people who are demonstrably avoiding your trash.

It means my first zone can't represent the institution I gave the address to so precisely

Indeed. That's why I gave up & adopted my system - at least my addresses now make sense, even if they aren't spontaneous.

It just takes planning... you already know who your financial institutions are, for example. Also, if it's likely you can get to a computer before they'll ever send an email, it still works. Of course, none of this really answers your question/objection, but until somebody has a better idea, this is the best I've got. :(

The second zone should be valid for watchwords, don't you think?

Maybe. I don't use that section, because many email systems are too dense to parse an address in the format xxx.xxx.xxxAT<etc>. Anyway, that's a question for Josh/Syskoll, the people who run this site.
sg-since03
 
Posts: 46
Joined: Sun Sep 02, 2007 9:11 am

Re: i'm an sg spam target. hide hidden from the eaten list.

Postby whaus » Mon Mar 31, 2008 1:02 pm

mcfnord_twice wrote:two days ago i became the "from" address of a spammer. they are prepending one, two, or three characters to the beginning of the email address. so i get a large number of bounces.


I'm experiencing the same right now. About 77 delivery failure notices within 6 hours for spam-mails my SG-account allegedly sent.

The "from" address I allegedly used is generated from one of my SG-accounts:

the SG-address I created (in June 2004):
pradeep.MYSGUSERNAME@SOMESGDOMAIN.com

on March 14, some spammer used:
+._-pradeep.MYSGUSERNAME@SOMESGDOMAIN.com

and now today, March 31:
multiple addresses are created (by mail daemon delivery failure messages), and they're all alike:
m9pradeep.MYSGUSERNAME@SOMESGDOMAIN.com
mpradeep.MYSGUSERNAME@SOMESGDOMAIN.com
35pradeep.MYSGUSERNAME@SOMESGDOMAIN.com
xuhpradeep.MYSGUSERNAME@SOMESGDOMAIN.com
etc.etc.

I set a prefix right now, but would like to see an option to exclude averything that contains "pradeep", as suggested somewhere here.

(btw: that original e-mail address I used is responsible for 50% of my thousands eaten spam-messages)
whaus
 
Posts: 2
Joined: Mon Mar 31, 2008 12:23 pm


Return to Developers

Who is online

Users browsing this forum: No registered users and 1 guest

cron