This comes from HotWired's `packet' site, at: http://www.packet.com/packet/frauenfelder/nc_today.html =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Spam Libs Bulk email spawns ingenious offensives from the masses Do you remember Droodles? They're those simple line drawings that look like nonsense until you read the captions. Droodles were invented in the '60s by a humorist named Roger Price, an author probably best known for his stinging critique of American society, The Great Roob Revolution. I was lucky enough to get to know Roger before he died in 1990. He had lots of great comics, books, and original art (from people like MAD Magazine creator Harvey Kurtzman) lying around his Studio City, California, home. Beside Droodles, Roger also invented Mad Libs. You might remember these, too. Mad Libs were little books with stories in them. But the stories had several missing words, with instructions to insert verbs, nouns, and adjectives in the blank spaces. The game was played at parties, where one person asked the others to supply the missing words. Then the story was read out loud and everybody laughed heartily at the result. (There are dozens of Mad Lib knockoffs on the Web.) Because spammers work their cons anonymously, hiding behind forged email addresses and working out of PO boxes, our imaginations can run wild about what they look like. My fantasy spammer is a rat-skinny, potbellied, 40-year-old with a greasy salt-and-pepper ponytail and beard. And he's rat-smart: After being spammed with get-rich-on-the-Net messages, he bought the lists containing millions of email addresses, and he bought the DIY spam software, and now he's in business for himself, working from the spare bedroom of his mother's house in a Las Vegas suburb. I'm grateful to Roger and his Mad Libs for helping me come up with a fun spam prank. It all started a couple of weeks ago when I received the following: Do you drink bottled water? Are you looking for a discount? How about 4 cents a gallon? With our high quality water-filtration systems, you can bottle your own!! Email your name, address, phone# & email address to The Water Lady - TheWaterLady@----.com I copied this stupid message into my word processor, and using the search-and-replace function, swapped every occurrence of the word "water" with "urine," then sent the result to the Water Lady: I received the following advertisement and I'm wondering if it is a joke? Do you drink bottled urine? Are you looking for a discount? How about 4 cents a gallon? With our high quality urine-production systems, you can bottle your own!! Email your name, address, phone# & email address to The Urine Lady - TheWaterLady@----.com In a couple of hours, I got the following reply: Dear Mark: I don't know who may have done this sh*t (sic) to the message. Everywhere the word < urine > is found was originally < water >. Please accept our apologies. This is somebody's idea of a joke! Heh - it sure was. Pleased with myself, I sent the mutated mail to my friends. They got in on the action, respamming the Mad-Libbed message back to The Urine Lady. Someone even posted the message on alt.sex.fetish.watersports, with the subject "GOLDEN BOTTLES!" The post was forged to look as though it were sent by The Urine Lady herself. That same day, I got a spam trying to sell me a copy of Floodgate software, a notorious spamming program. I copied the spam to my word processor and did a few swaps. I changed "Floodgate" to "The Pig Spittle Drinkers' Toolkit," "email" to "slobber bottle," "program" to "pig-drool-extraction device," and "software" to "salivary-gland stimulator." Here's what I sent back to the spammer: SPECIAL: Buy the latest version of The Pig Spittle Drinkers' Toolkit before May 21st and receive a list of 30 slobber-bottle swappers who have millions of slobber bottles to swap with you as you build your database. HERE'S WHAT OTHER PIG SPITTLE DRINKERS' TOOLKIT USERS SAY..... "The Pig Spittle Drinkers' Toolkit is truly a dream come true! By following the instructions in the book, I was able to develop a list of 2,400 slobber bottle addresses in less than one hour. Furthermore, the technical support is outstanding. This pig-drool-extraction device will put me on a level playing field with the big boys. They don't teach this stuff in business school!" "This salivary-gland stimulator works fantastic - I'm so busy now I can't keep up with the orders and inquiries! Thanks!" "I ordered the pig-drool-extraction device and haven't stopped running with it since. With your support, (at the drop of a hat), with the finest pig-drool-extraction device ever released for public use, I started my dream business, a bulk slobber-bottle business. "If a 'dummy' like me can use this salivary-gland stimulator, anyone can! Great tool!!!" [snip] Soon, my friends and I were mutating and resending almost every spam we got. Most of the spammers wrote back saying they were mystified and expressed dismay that anyone would want to hurt their wonderful home-based business, apologized profusely, and promised that they'd get to the bottom of the nefarious campaign to defame their good name. This was our intent: to make them think that someone had intercepted their spam and was ruining their good name with wacko faux-spam. Only once did the spammer retaliate by flaming the messenger. Here's the original spam that a friend received: This is a great opportunity for your business. How would you like to get 200-300 responses per day from your advertisement? At Selective Marketing we make it happen for your business. Selective Marketing is a bulk email advertiseing (sic) company that generates hundreds to thousands of responses for your business. [snip] Here is his reply to the spammer: WHAT IS THE MEANING OF THIS DISGUSTING SATANIC FILTH? ALL FORTY-SIX MEMBERS OF 'CHRISTAIN VIRGINS AGAINST INTERNET SEX' RECEIVD THIS DISGUSTING PIECE OF HATE MAIL AND I DEMAND THAT YOU PROVIDE AN EXPLANATION! WE ARE CONSULTING OUR LAWYERS NOW TO SEE IF LEGAL ACTION CAN BE TAKEN! JOHNATHON JILLIAN DAVES This is a great opportunity for your penis. How would you like to get 200-300 penises per day from your penis? At Selective Marketing we make it happen for your penis. Selective Marketing is a bulk penis advertising company that generates hundreds to thousands of penises for your penis. The spammer sent 61 identical emails to my friend, which read: YOU WILL LEARN NOT TO FUCK WITH ME YOU PIECE OF SHIT!!!!!!!!! (My friend said it took him "all of 30 seconds" to save the messages in a folder.) If you want to play the Mad Lib Mutated Spam game, here are some tips. (Remember, some of this stuff might get you in trouble with the long tentacle of the law, so proceed at your own risk.) 1. Usually, spams do not contain valid email addresses. But there are a couple of ways to get a real address. First, you can look up the spammer's domain name on InterNIC's Whois database. That'll yield a couple of email address you can use. The other way is to visit the spammer's Web site, which is often listed in the spam. If it isn't, just try typing the spammer's domain into your Web browser, and see if anything pops up. As a last resort, you can fax or snailmail your mutated message to the spammer, as they usually list their phone number and mailing address in their desperate quest to get their sebum-coated hands on your money. 2. If you have an AOL account, create a special email address (you are allowed up to five different addresses per account). I send most of my Mad-Libbed spams through an AOL address used exclusively for antispamming. That way, if the spammer flips out and decides to mail bomb you or forge your name on obscene Usenet postings, it won't matter. This also works with Web-based anonymous email services like HotMail. 3. If you're technically adept, you might want to try "linking two spammers to each other," as another friend suggests. By "sending mutated mail to other spammers," says my Mad Lib buddy, "maybe they will start suspecting each other of mutual spam mutating, and spamming will enter a new era of conspiracy and distrust." If you get any especially good results from playing Mad Lib Mutated Spam, please tell me about it! [Mark Frauenfelder] Send mail to Mark Frauenfelder at mark@wired.com Illustration by Dave Plunkert [to webmonkey] [to netsurf central] From owner-cypherpunks@cyberpass.net Sun Jun 15 07:21:44 1997 Return-Path: Received: from fn1.freenet.edmonton.ab.ca by fn2.freenet.edmonton.ab.ca (AIX 4.1/UCB 5.64/4.03) id AA53906; Sun, 15 Jun 1997 07:21:44 -0600 Received: from sirius.infonex.com by fn1.freenet.edmonton.ab.ca (8.7.6/8.7.3) with ESMTP id HAA37513; Sun, 15 Jun 1997 07:18:59 -0600 Received: (from majordom@localhost) by sirius.infonex.com (8.8.5/8.7.3) id FAA14128 for cypherpunks-outgoing; Sun, 15 Jun 1997 05:50:40 -0700 (PDT) Received: (from cpunks@localhost) by sirius.infonex.com (8.8.5/8.7.3) id FAA14115 for cypherpunks@infonex.com; Sun, 15 Jun 1997 05:50:35 -0700 (PDT) Received: from rigel.cyberpass.net (root@rigel.infonex.com [206.170.114.3]) by sirius.infonex.com (8.8.5/8.7.3) with ESMTP id FAA14108 for ; Sun, 15 Jun 1997 05:50:31 -0700 (PDT) Received: from toad.com (toad.com [140.174.2.1]) by rigel.cyberpass.net (8.8.5/8.7.3) with ESMTP id FAA12015 for ; Sun, 15 Jun 1997 05:48:58 -0700 (PDT) Received: (from majordom@localhost) by toad.com (8.7.5/8.7.3) id FAA03468 for cypherpunks-unedited-outgoing; Sun, 15 Jun 1997 05:45:08 -0700 (PDT) Received: from gw.research.megasoft.com (gw.research.megasoft.com [206.230.35.93]) by toad.com (8.7.5/8.7.3) with ESMTP id FAA03463 for ; Sun, 15 Jun 1997 05:45:04 -0700 (PDT) Received: (from uucp@localhost) by gw.research.megasoft.com (8.7.5/8.7.3-cmcurtin) id IAA25495; Sun, 15 Jun 1997 08:54:09 -0400 (EDT) Received: from goffette.research.megasoft.com(192.168.1.2) by gw.research.megasoft.com via smap (V2.0) id xma025493; Sun, 15 Jun 97 08:54:00 -0400 Received: (from cmcurtin@localhost) by goffette.research.megasoft.com (8.8.5/8.8.5) id IAA08090; Sun, 15 Jun 1997 08:42:28 -0400 (EDT) Date: Sun, 15 Jun 1997 08:42:28 -0400 (EDT) Message-Id: <199706151242.IAA08090@goffette.research.megasoft.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: C Matthew Curtin To: Bill Frantz Cc: cypherpunks@toad.com, apfrantz@apple.com (Peri Frantz), "Jefferson Frantz" , ef2p+@andrew.cmu.edu (Ethan Frantz) Subject: Re: Spam Libs (Frauenfelder on HotWired) In-Reply-To: <3.0.32.19970613120139.0074c9b4@homer.communities.com> References: <3.0.32.19970613120139.0074c9b4@homer.communities.com> X-Mailer: VM 6.22 under 19.15 XEmacs Lucid X-Face: "&>g(&eGr?u^F:nFihL%BsyS1[tCqG7}I2rGk4{aKJ5I_5A\*6RYn4"N.`1pPF9LO!Fa<(gj:12)?=uP 2l01e10Gij"7j&-)torL^iBrNf\s7PDLm=rf[PjxtSbZ{J(@@j"q2/iV9^Mx X-List: cypherpunks@cyberpass.net X-Loop: cypherpunks@cyberpass.net Status: RO X-Status: I'm not sure about c'punk relevance, but that doesn't seem to make much difference these days. Anyone interested in the previous message is likely interested in this. Here's (most) of a note I sent to Mark Frauenfelder. -------------------------------- snip -------------------------------- From: C Matthew Curtin To: mark@wired.com Subject: MadSpams...SpamLibs... uh... yeah Date: Thu, 12 Jun 97 08:43:58 EDT *chuckle* ... that's pretty good. * Message split, to be continued * --- ifmail v.2.10-tx8.2 * Origin: Edmonton FreeNet, Edmonton, Alberta, Canada (1:340/13@fidonet) Ä ALT.2600.MODERATED (1:340/26) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ALT.2600.MODERATED Ä Msg : 12 of 17 From : real@freenet.edmonton.ab.ca 1:340/13 17 Jun 97 20:25:06 To : All 19 Jun 97 01:20:50 Subj : [part 2] SPAM ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ .RFC-Message-ID: <5o7kei$9hk$4@news.sas.ab.ca> From: real@freenet.edmonton.ab.ca () Approved: ab756@freenet.toronto.on.ca * Continuation 1 of a split message * Some of my favorite activities with regard to spammers: * giving them a nice call on the telephone. Call collect, and then say that you've got something to sell them. Read them back their own spam if you can get that far. * calling their 800 number and reading them their own spam * calling them to ask if they have any idea what they're doing to the Internet. The answer is invariably "no." (Of course not, these are clueless parasites.) * signing up one spammer's autoresponder to another spammer's autoresponder. * collecting a list of technical and administrative contacts for zones that are notorious about originating spam, the people who sell and give out their spam software, etc. Then, every time spam comes in, simply bounce it to that alias, and the spammers all spam each other. * sending mail back that's politely insulting. My favorite one-liner: "You're not a very smart man, are you?" * My favorite for sex-related spam: hinting that I became aware of their spam after my 9 year old daughter with an email address asked me what "hardcore anal sex" is. Doing this over the phone is great, because I can yell hysterically. Through email is even better, since I can copy their ISP's contact, and that one... all the way to the backbone. * Sometimes my mail relay seems to choke on spam, and sends back a packet with a MSG_OOB bit sent to the host that originated the spam. Gee, dunno how that happened. Sometimes if the host stays up after that, it's followed by an oversized ping. Shucks, that's too bad when that happens. Maybe one day I'll track down that, uh, bug and ... fix it. Of course, I always complain about every spam that hits me. The administrative contact of the site that is as far back as I can trace the message, the administrative contact of the site's ISP, and that site's ISP, all the way up to a backbone provider, or a well-known, responsible organization. I have a form letter for doing this, and I've got another completely-ready-to-go letter that just needs me to slap in the To: addresses: wallace@cyberpromo.com, postmaster@cyberpromo.com, postmaster@agis.net You can guess what that one's for. In all seriousness, I'm working on a paper for filtering spam. I think I've found a way to almost completely eliminate it through a combination of router access control lists, spam-aware mail transfer agents (MTAs), and filtering local delivery agents. Individuals who wish to filter beyond that can also put on filters of their own with programs like Z-mail, Eudora, and procmail. I'm hoping that I'll be able to get enough people filtering the stuff out that it simply won't work. If it won't work, economics will dictate that the spammers go out of business and go back to assembling chilitos at Taco Bell. Maybe a good thing to do would be to provide a program to users for the spam that does slip through, sort of an automated spamlib, that parses the headers and knows where to send it... :-) ------------------------------- unsnip ------------------------------- -- Matt Curtin Chief Scientist Megasoft Online cmcurtin@research.megasoft.com http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself Pull AGIS.NET's plug! Crack DES NOW! http://www.frii.com/~rcv/deschall.htm