11 replies to this topic

[jimknecht]

Ok, we have all been attacked by spammers. Now they even found a way, that has now been fixed, to spam across DT PM. So how can they send an email to me using my own email address? They are obviously very technically skilled, but not real bright. Don't they think I'd know if I sent an email to myself?

[bigimpression]

Their software just changed the "from line" and replaces it with your address. If you look at the message headers you'll see what domain/IP they used to send it.

It sure can cause major headaches though!

[jimknecht]

I just don't understand the logic. Yes, they might fool me into opening an email by referencing a PO number, but I would never open an email that says it was sent from myself. That sends up an automatic red flag that this is spam.

[bigimpression]

lol, I hear ya Jim. I can't tell you how many e-mails I get from "Myself" trying to get me to buy Viagra!

[jimknecht]

bigimpression said:

lol, I hear ya Jim. I can't tell you how many e-mails I get from "Myself" trying to get me to buy Viagra!

You sure those didn't come from your wife? :D

[Chris Miller]

The spammer today was a real person but most spam is generated using automatic methods. These wannabe hackers spend their time looking for bugs within widely used pieces of software like vbulletin for example. They know these scripts are all written the same, exist in the same general location on the server (usually /forum) so all they have to do is find em which they also do automatically with web "crawlers".

Years ago a guy named Matt Wright wrote a script called formmail.cgi It was a nifty script really, it would process any html form and send the results to the webmaster. This was great for people who couldn't program but wanted a quick and dirty way to collect info from their website visitors. The problem though, was that it could be exploited and used to send mail elsewhere. Hackers quickly realized this and began writing scripts that would attack every site with a formmail.cgi script on it. You figure a few hundred thousand people were using it, and if they're using each site to send bulk spam, that's a lot of outgoing mail. This would continue for years before most hosting companies decided to ban the script from being used on their servers. Today, most hosts have systems in place to automatically scan for faulty scripts like this and then they delete them automatically. It's not enough though.

It's holes like these that allow spammers to send billions of spam email a day. There is always new software to attack, new sites to hack into, and it's never going to stop. All we can do is find a way to live with spam.

As for your email, it was cloaked to look like it was coming from you. Hackers look for open relays on servers too and when they find one that is not open, they just spam that person only. If your server were an open relay with no protection, they could use your server, and email address to email millions of people.

[jimknecht]

Chris Miller said:

If your server were an open relay with no protection, they could use your server, and email address to email millions of people.

Man, would I ever be a popular person then. :D

[Chris Miller]

jimknecht said:

I just don't understand the logic. Yes, they might fool me into opening an email by referencing a PO number, but I would never open an email that says it was sent from myself. That sends up an automatic red flag that this is spam.

Remember spam has no purpose other than to disrupt and disturb. They dont care what's in it, how it's titled, or who it goes to. As long as the attacker is causing problems for someone, be it a network admin or an end user, then he's happy.

This is what today's disturbed youth do with their time. These evil geniuses would be making a killing if they focused their efforts in other areas. In fact, some are now. Some of the top hosting companies recruit hackers to run their networks and keep them secure. Who better to protect a server than a person who's spent his life trying to get into them?

[jimknecht]

I didn't realize that. I just assumed they were doing this for some financial gain somehow. So is the military or US Gov. attacked also, or do they have something special? I can't see them trying to fight a war & having important transmissions sent to a spam folder.

[Chris Miller]

jimknecht said:

I didn't realize that. I just assumed they were doing this for some financial gain somehow. So is the military or US Gov. attacked also, or do they have something special? I can't see them trying to fight a war & having important transmissions sent to a spam folder.

Nope, in many cases there is no financial gain.... just personal satisfaction. Now some are companies (like the pills and stuff) but most of those I get these days aren't even linked. Just a bunch of dirty talk and BS. So essentially the personal satisfaction spammers have just taken some content and resent it.


Most government stuff is built on internal networks that sit either behind a firewall, or in many cases, with no connection to the net at all. They have, and still do get attacked by hackers in other areas though.

[pinline]

I read an interesting book - Inside The Spam Cartel because I was curious about how they did it and why also - very interesting read. There are all sorts of spam methods and reasons to do it - but if you could boil it all down to one simple principle - they do it to make money (by selling something or more accurately by referring you to someone and earning a referral commission) and they do it because there's no cost to sending the email. So you send out 10,000,000 emails to get 4 guys to buy viagra and you get paid $100 X 4 as a referral. The big money makers for these guys are the 3P's - Pills, Porn and Poker. The poker industry took a big hit when it was outlawed in the US but they say it'll be back when the casino's get in the game themselves.

Chris Miller said:

Nope, in many cases there is no financial gain.... just personal satisfaction. Now some are companies (like the pills and stuff) but most of those I get these days aren't even linked. Just a bunch of dirty talk and BS. So essentially the personal satisfaction spammers have just taken some content and resent it.


Most government stuff is built on internal networks that sit either behind a firewall, or in many cases, with no connection to the net at all. They have, and still do get attacked by hackers in other areas though.

[FindingPromo]

pinline said:

I read an interesting book - Inside The Spam Cartel because I was curious about how they did it and why also - very interesting read. There are all sorts of spam methods and reasons to do it - but if you could boil it all down to one simple principle - they do it to make money (by selling something or more accurately by referring you to someone and earning a referral commission) and they do it because there's no cost to sending the email. So you send out 10,000,000 emails to get 4 guys to buy viagra and you get paid $100 X 4 as a referral. The big money makers for these guys are the 3P's - Pills, Porn and Poker. The poker industry took a big hit when it was outlawed in the US but they say it'll be back when the casino's get in the game themselves.

David,
Thanks for the note and heads up on the book.
About the Author
Jeffrey Posluns, CISM, CISA, ISSAP, ISSMP, CISSP, SSCP

Sounds like this guy has some credentials and keeps a studying to stay on top of his game. . .

There are definitely some "wrong" ways of doing it, and I think that since we are all marketers, there are some good ways that things can be done, that will benefit the professionals that will continue to rely on this still emerging marketing media.

I think there is much to be said for the concept of Permission Marketing

A few years ago I was reading this book at about the same time that I had the opportunity to be meeting with some folks from Microsoft. They were the folks that were looking at data mining techniques, and other practices companies were doing in order to know more about a target audience that companies were marketing to. We at the time, were organizing the first on line store for the Earth Day organization, and it was very helpful as we put our program together.

In the first couple years I opened my business I was simply bcc'ing a couple hundred current a prospective customers with new products etc. and we always tried to add in some value and ideas/case success stories with our and current product offerings. For a while after, in my tours etc. lots of folks would ask me "how come we don't get your emails anymore." Although that made me feel good that we were adding value to the marketing messages we were sending out, I knew that the whole concept of the premise of "permission marketing" would take more of effort and organization to launch email campaigns. Now, in the last few years we've used a couple of the more formalized opt in and opt out programs and this is where we are settled. Our suppliers are using a combination of the various (services that our industry offer, and most all of them and the timing and frequency that they are using them, say that they are cost effective most often and the ROI is there.

Being a part of rec'g e-marketing messages, I think that the best campaigns that are out there, are ones much like the folks at Microsoft were talking about 10 years ago. . . getting to know the wants and needs of the recipients, by building opt-in profiles and getting information to them that they are looking for. United, Alaska Air, Hertz, Marriott, Expedia, Orbitz, Amazon, etc. etc. build profiles on their customers and deliver marketing messages to them pretty much customized to the way that they want to receive them.

I think some of the best marketing of the future in our industry, will be the ability of Suppliers to be posting case success stories for end users and distributors to search for, and help them to apply a product to help to deliver on a need that a buyer is looking for . .to help to "build" on an experience with promotional products.