The Shapiro Files

Wednesday, February 01, 2006

Spam Blam Revisited

Last week, I posted an entry about my dramatic increase of email spam that I thought came about from including my email address (with spaces around the "@" symbol) in my first "Netflix Wrap-up" posting. As it turns out, that earlier blog posting wasn't the reason for the new influx of spam after all (and perhaps that trick of spacing out email address to avoid being captured by spammers still potentially works).

To see if there was any way to curtail the spam (roughly 100 emails a day now), I started looking at the text and raw source code of the messages (with remote HTML image linking turned off for protection) and noticed that the bottom of almost all the messages said I was signed up for their mailing by way of IP address 207.200.116.6. A simple whois search revealed this address to be owned by AOL/Netscape. This instantly reminded me that at just about the same time I started getting hit really hard by the new spam, my father, an AOL user, innocently tried sharing an online cartoon flash movie with me by way of a "Share with a friend" web form. However, instead of entering my email address into the "to" field, he accidentally entered it into the "from" field, which the form cunningly leveraged as an opt-in request for a shared mailing list used by an endlessly growing collection of spammers. In this way, they are able to trick people into getting added to such lists without recourse as it makes it appear that users are intentionally adding themselves to a mailing list. This illusion of legitimacy finds its way into the spam messages themselves, as most include the aforementioned "added by" IP address at the bottom of each email. By doing this, they are basically saying, "Don't want these messages? Too bad. After all, you added yourself to this list, as you can see by this IP address right here."

Of course, this doesn't stop someone else from adding your email address to a list as my father accidentally did. As a result, he has inadvertently added me to what could easily be the worst spam list on the planet.

So what's the lesson learned here? If you want to share a flash movie or other speciality web page with people, simply copy and paste the URL (web address) into an email and avoid "Share with a friend" forms at all costs!

1 Comments:

Post a Comment

<< Home