bbs.spamgourmet.com

[miniscus]

By: nobody ( Nobody/Anonymous )
Spammers use spamgourmet
2003-07-23 01:41

Here is a new and bad development. I received spam where the "unsubscribe" address was given as

info.1.winmail@spamgourmet.com

So now spammers use disposables as a "valid" unsubscribe address? I think some address like abuse@spamgourmet.com might be needed to eliminate those people. Anything we can do about this?



By: nobody ( Nobody/Anonymous )
RE: Spammers use spamgourmet
2003-07-25 08:21

ACK

Got spam featuring the same address.

By: syskoll ( Fred )
RE: Spammers use spamgourmet
2003-07-25 22:05

This is actually good news. It means that spamgourmet is efficient enough that spammers start seeing it as a nuisance and try to annoy SG's admins.




By: jqh1 ( Josiah Hamilton )
RE: Spammers use spamgourmet
2003-08-18 12:47

Yeah - I've gotten hate mail, and even a message on my home answering machine threatenting to sue me if I didn't stop sending spam

This is the "Joe Job" problem - unfortunately, I can't think of a good way around it.

If you ever believe that a spammer used spamgourmet to *send* spam, please scream and yell and let everyone know right away. We've worked very hard to prevent this from happening (each new feature is 10% new functionality and 90% abuse prevention) - and so far we've seen no indication of that kind of abuse.

Sadly, though, there is just about nothing we can do to stop someone from typing a particular address into the body of a spam message prior to sending it (on one of the still common open relays, for instance). Ask yourself what you'd do if the spammer had typed your personal address as the "unsubscribe" contact -- this happens, sometimes coincidentally, sometimes intentionally (like here)...

[hs]

Hi,

I got something similar:

I got a german spam "offer" to save taxes in the future by spending some thousand Euros for "100% legitimate" projects..

Contact address was:
mailto:1.20.info-steuern2003@spamgourmet.com

[Guest]

I've got the same german spam mail ( Steuererstattung 2003 ) with the two emails:
32.20.info-steuern2003@spamgourmet.com and
1.20.info-steuern2003@spamgourmet.com

Is it maybe possible to find the 'real' mail adress this person is using for spamgourmet?
Or is it possible to kick/bann this user?

[miniscus]

Yes! Unlimit his whole account forever!
Arick

[Guest]

So I've got the same german spam mail ( Steuererstattung 2003 ), too:
500.20.info-steuern2003@spamgourmet.com
36.20.info-steuern2003@spamgourmet.com

there has to be a way to stop this, bann his e-mail adress or something else!

[Guest]

I've requested the information ( Steuererstattung 2003). In the reply email he enter his complette adress:

Bernd Fabek
Betriebswirt
Tel. Nr. 01634191039
Fax: 05241961465
Selbständiger Handelsvertreter für den Allgemeinen Wirtschaftsdienst
www.awd.de

[miniscus]

And now (I'm not a lawer) you probably can ask where he bought the tons of email-addresses from, or who even did the mailing for him. Then try to get out of that guys list. Or - try to prove he unrightously got your address.

Of course that does not touch the sg issue. I could call him on not to use sg-addresses, but... at the most could maybe find out why at all he did that.

Did all of you have sg-addresses given strictly for contact reasons, or as unsubscribe or return addresses?

The sg-peeps could really concider to unlimit such accounts, or close them completely? But: who is to say who's?
Arick

PS Registering here does give the advantage of learning who posted what, and maybe what county you're in

Addition:
On the website there is no office listed in the area of the above mentioned Fax-Prefix. I sent an inquiry to the main office. From the looks - *hmmm* - java and Flash overloaded jazzy website - it's seems another "Just sign and get real rich" company...

[josh]

here's my response to an email asking about this (the email wasn't so polite, to begin with...)

I've done what I can do on the basis of policy, which is to disable the
recipient address, and send an email to the account owner alerting the
possibility of abuse and reminding of the TOS. Here's the dilemma,
keeping in mind that the service is non-commercial and doesn't have the
resources to do much beyond keeping things running:

We've had more than one instance of a spammer using a spamgourmet reply
address as a simple bit bucket - in one case the account belonged to
someone else (the "joe job" tactic from the spammer). While I remain
ready to cooperate with any compentent authority investigating the matter,
I don't have the resources to 1) identify the spammer, 2) verify that the
account associated with the recipient address is indeed controlled by the
spammer, and 3) [do what? disable the account? they can create another...
ban the source IP address? they can make another, and what about the
next person who has that address, if it's dynamic... notify the service
provider of the forwarding address? perhaps, but that requires #2, and
will doubtfully have more effect that what I've already done]

As to responsibility, is hotmail responsible when a spammer uses a hotmail
address in the same manner? Do you see a difference?

You can be sure, as well, that the address behind spamgourmet doesn't reveal any more about the spammer's identity than the sg address did -- that is, normally spammers sign up for a hotmail-type account to use for the purpose -- here (if indeed this is the spammer), it appears that he/she did the same thing, then piped it through sg..

[miniscus]

Thanks for the info, josh.

Once this grows to be a big nuisance there may be some things to consider.

A) I cannot find an obvious exclusion of commercial usage of sg in the terms/conditions. Maybe I'm a bit illiterate, but such could be found in the first line, and, additionally, as note during the registration process (maybe it's there and I forgot). Obviously commercial usage involves vain effort, and effort costs, and costs are unwanted at the time. The above german example shows the advantage a company has using sg for contact purposes!

B) Freemail-type email accounts can be opened and closed as needed. They need no protection in my eyes. I cannot concieve of a need for sg to accept freemail-accounts as valid real addresses, at least as long as it is non-commercial. I believe very few people have an ISP with no email account, are absolutely dependant on freemail accounts, but I'm not on top with such things. I only know that "Freedom exists only within agreed upon limitations", and I don't really like giving peeps the possibility to bypass accepted limits while sneaking into offered freedom. A threat, as is failure to constantly reexamine the limitations.

A combination of the above would give at least a theoretical possibility to track down its (ab-)users, IMO a powerfull determent.
Arick

[hs]

Addition:
On the website there is no office listed in the area of the above mentioned Fax-Prefix. I sent an inquiry to the main office. From the looks - *hmmm* - java and Flash overloaded jazzy website - it's seems another "Just sign and get real rich" company...

I did a quick googling about AWD an found a related discussion (german) about experiences with the AWD;
it included some information about them.

http://www.wer-weiss-was.de/theme65/article1076411.html

Sounds a lot like "Avon" or "Tupperware" - only that their (seemingly: sometimes equally trained) representatives
are selling investments instead of cosmetics or plastic..

[josh]

OK - at least several spammers are sending messages purporting to be from spamgourmet addresses.

Syskoll suggests a warning on the front page (I suppose like spamcop has). I'll work on the wording.