Is "vi@gra" in Italian still "vi@gra?" September 3, 2010 11:33 PM   Subscribe

I love the idea of this Ask post, but is there any way to modify some of the answers so this poor person/couple doesn't get spammed like crazy?

(That is, of course, if anyone ever figures it out....)
posted by nevercalm to MetaFilter-Related at 11:33 PM (32 comments total)

If you're going to somehow modify the answers then you may as well disable the image link, and then there's nothing left really and you might as well delete the whole thing.
posted by longsleeves at 12:40 AM on September 4, 2010


The image link isn't searchable by bots, whereas the answers are. Even if they're wrong, they're potential addys held by folks who did nothing other than register nics near someone who gave out their address. No matter what, not cool, I don't think, and changing/editing/deleting is easy enough.
posted by nevercalm at 1:42 AM on September 4, 2010


That hand-writing is so wonderfully illegible, probably every guess there is incorrect.

The idea that spammers scrape the web looking for emails is kind of quaint. They use dictionary enumeration to farm emails. Everyone gets spam if they use real names in their email. In this case, either the chain of letters people guessed is nonsense and probably not in use, or it's a real Italian name and hammered already.

There was a time where obscuring your email actually accomplished something. Spammers caught onto the fact that most people don't post their email publicly (being a crafty bunch with financial incentive to keep up with anti-spammer technology), and found other methods, such as using botnets of compromised machines to send emails to millions of possible combinations and seeing what doesn't bounce. I personally get about 3000 a day (common name @ gmail) and thankfully the filters get most of it.
posted by cj_ at 2:03 AM on September 4, 2010 [3 favorites]


Also, tangentially related: for the past decade I have had a catch-all@domain email address and used companyname@domain as my email when registering, with the idea to catch people "selling" my email out to spammers. This is one of those things that people take as a given as something common for companies to do. I have never once gotten a single piece of spam to those addresses, and I've made hundreds.
posted by cj_ at 2:09 AM on September 4, 2010


The idea that spammers scrape the web looking for emails is kind of quaint.

Is it actually true that they don't use this technique anymore, or are you just guessing they don't because it seems "quaint"?
posted by John Cohen at 4:39 AM on September 4, 2010


How do spammers make money? Really? Are there that many fools who don't realize it's spam?
posted by amro at 6:01 AM on September 4, 2010


How do spammers make money? Really? Are there that many fools who don't realize it's spam?

I suggest you stay for a week in a police station near a major airport, and count the number of tourists who drop by asking you directions to that place where they're going to receive the huge amount of money they won in a lottery.

Seriously. I'm not making this up, unfortunately.
posted by DreamerFi at 6:17 AM on September 4, 2010 [5 favorites]


You'd never catch me putting cjorgensen@mac.com out there for everyone to read. That's as dumb as using your real name on the internet.
posted by cjorgensen at 6:34 AM on September 4, 2010 [3 favorites]


If it really is an issue, wouldn't removing the part about the part after the @ solve the problem?

"We know what the domain name is (what the @_________ part says) but can't decipher what comes before it. "
posted by carsonb at 6:37 AM on September 4, 2010 [2 favorites]


I asked a question last week - I had seen a guy on an airplane and I wanted to know who he was because he seemed important somehow so I snapped a shot with my phone and threw it up.

It was deleted right off the bat because, essentially, I was asking AskMe to help me track down a private citizen and there were some serious privacy concerns involved in that. Which, OK, I dig. In my case, a couple people sent me Metafilter Mail and the mystery was solved.. so I was content.

However, when I saw this question, I was wondering... how is it fundamentally different from the question I asked?

There's no picture of the person, obviously, but we're still trying to track down somebody - and worse, once the mystery is solved everyone in AskMe will have his/her/their contact info.
posted by kbanas at 7:32 AM on September 4, 2010


As far as getting spammed goes, I just checked the first anonymous, single-use email I ever set up for a question here--no spams.
posted by phunniemee at 7:36 AM on September 4, 2010


cj_: “The idea that spammers scrape the web looking for emails is kind of quaint.”

John Cohen: “Is it actually true that they don't use this technique anymore, or are you just guessing they don't because it seems "quaint"?”

No, John – it's demonstrably true, I think, and cj_ explained why pretty well, actually. Think about it: have you ever posted your email publicly before where it can be scraped? Probably not. And do you get spam? Probably. I know I never plaster my email all over anywhere, but I get hundreds of spam messages a day, though thankfully I have gmail and don't even see 99.99% of them. Spammers are clearly using other methods to obtain email addresses - most of all, nowadays it's trivial to just write a script that guesses millions of email addresses in a matter of seconds and tries them all to see which ones work. Why scrape the web when you can just hit millions in one shot anyway? There may be spammers who scrape the web for email addresses, but they are (a) stupid and (b) likely to end up spending lots and lots and lots of time doing pointless work that won't even help them at all in any way whatsoever.

In fact, I think at this point we should hope that spammers are wasting their time scraping web sites. Particularly in this case, since, as mendel pointed out in the thread, every single email listed there so far is actually a dead end.
posted by koeselitz at 8:04 AM on September 4, 2010


Spammers use multiple tools to harvest email addresses. I can tell you for a fact that they use web scraping. I know this because two single-use, long (unlikely to be randomly or iteratively generated), deliberately throw-away addresses I've used recently for web posting have received (and continue to receive) spam. Spam to both started within 72 hours of the addresses going live and has continued pretty much unabated in the two months or so that they've been in existence.

Just because you've received spam to an address that isn't on a website doesn't mean that the spammers aren't scraping websites.

See also the wikipedia article on email harvesting for more information.
posted by aberrant at 8:43 AM on September 4, 2010


Spammers use multiple tools to harvest email addresses. I can tell you for a fact that they use web scraping.

Yup. I'm responsible for e-mail services where I work, including spam filtering. It has been interesting to watch the tactics spammers have used over the years.

Any e-mail address we put on our web site becomes a target of incoming spam fairly quickly. This started a long time ago, but continues today. That includes addresses we've created for some special purpose and therefore have only ever appeared on our web site, and nowhere else.

But we also see a ton of randomly-addressed spam. Everything from plausible-looking "firstname.lastname@domain" addresses, but for people we've never heard of, to apparently random strings of letters and digits that have never existed on our system.

Perhaps it is somehow known that our web site contains enough e-mail addresses to make this worthwhile, and we have enough valid addresses at our domain to make random guessing an effective tactic. Especially when spammers have an army of bots out there to do all this at no cost to them. Perhaps the page-to-valid-address ratio of MetaFilter is bad enough that it's not worth scraping it if you're a spammer.

There's a lot more "corporate spam" happening these days, too. I get tons of this myself from companies I've never heard of. Obviously my e-mail address has gotten onto some kind of "IT decision makers" list that they share or sell. This is a little different from the usual vi@gra spam in that the sender is pretty easily identified and is a fairly legitimate company, and they include an unsubscribe link that actually works.

The people who get the most spam, though, are the ones who tell me something like "I signed up for this deal of the day thing on this web site, and now I'm getting all this spam!"
posted by FishBike at 9:05 AM on September 4, 2010 [5 favorites]


No, John – it's demonstrably true, I think, and cj_ explained why pretty well, actually. Think about it: have you ever posted your email publicly before where it can be scraped? Probably not. And do you get spam? Probably.

Not to be pedantic, but surely you see the flaw in this logic. All you are demonstrating is that posting your email is not necessary for being spammed but you have not demonstrated that not posting your email is necessary for not being spammed.
posted by proj at 9:08 AM on September 4, 2010 [1 favorite]


how is it fundamentally different from the question I asked?

It was asked late on a Friday evening? More seriously, you posted a photo of someone which is a lot different from posting a note someone wrote and asking for help figuring out their email address.

I'll contact the guy and see if he objects to somehow blotting out the email domain but at some level wholesale editing of everyone's comments is pretty unusual [to the "we never ever do it" point] so it's more likely that we'd just close the question. I'll contact the guy and see what he wants to do.
posted by jessamyn (staff) at 9:18 AM on September 4, 2010 [1 favorite]


proj: “Not to be pedantic, but surely you see the flaw in this logic. All you are demonstrating is that posting your email is not necessary for being spammed but you have not demonstrated that not posting your email is necessary for not being spammed.”

Yeah, you're right. Don't know how I missed that. Sorry.
posted by koeselitz at 9:38 AM on September 4, 2010


This is a little different from the usual vi@gra spam in that the sender is pretty easily identified and is a fairly legitimate company, and they include an unsubscribe link that actually works.

You mean the "confirm that this address actually reads spam" links? I stopped bothering with unsubscribe links a loooooong time ago. Luckily I run my own mail servers, and I've got a cute little script that quickly appends an ip address (or range) to a global blacklist. Those "legit" companies only spam me and my users once.
posted by DreamerFi at 11:06 AM on September 4, 2010


cj_: “The idea that spammers scrape the web looking for emails is kind of quaint.”

John Cohen: “Is it actually true that they don't use this technique anymore, or are you just guessing they don't because it seems "quaint"?”

No, John – it's demonstrably true, I think, and cj_ explained why pretty well, actually.


Well, koeselitz, doesn't "demonstrably true" mean you can demonstrate that it's true? How? Has anyone done this?

I am not asking whether spammers use methods other than scraping the web to collect email address. I realize that one way spammers send me spam is by generating a likely combination of a first and last name (the same as my username here) @gmail.com. But I don't know that that's where all my spam comes from. How do we know they're not also finding this email address on the web somewhere? (I try not to post it online, but I can't police the whole world to stop everyone from doing this.)

If spammers already have a program to do this, isn't it possible they could run the program very cheaply and find cjorgensen@mac.com and other people like him? These could be people who don't care about getting spam, don't believe that spammers harvest addresses from the web, or haven't heard of this problem.

There's another logical problem with saying spammers have stopped doing this because everyone has stopped posting their email address online. If that happened, then people would no longer be worried about their address being harvested, which would presumably cause people to start putting their email addresses on the web again. Spammers would then notice this and harvest those addresses.
posted by John Cohen at 11:47 AM on September 4, 2010


Those "legit" companies only spam me and my users once.

It may be somewhat ironic, but this is why so many of those companies actually include unsubscribe links that work. They're sending from a fairly consistent set of servers, otherwise IP address-based blocking would be of no use. If they have a significant number of target addresses handled by large service providers like Microsoft, they have to be careful to keep their spam complaint rates reasonably low, or their mailings will just be blocked entirely, and working unsubscribe mechanisms help a lot with that.

Not that I click on them myself very often, for the reason you cite. It's pretty hard to tell if they're going to actually honor it, or just use it to record that a real person reads messages at that address. I was just surprised that on the rare occasions when I try it, it actually seems to stop that particular source of e-mail. It's worse than useless when the e-mail originates from a botnet, though.
posted by FishBike at 12:07 PM on September 4, 2010


To make this problem worse a lot of mail servers have "nearest neighbor" turned on. I get any mail sent to me at one of my domains. Another address I will get things like cjergens@ cjorge@ and sometimes way off like j5555qa@.

I also happen to share a similar name with a woman in the tech industry. If I didn't know this I would think that some high level companies are spamming me.

I am fine with listing my personal primary address publicly though. I have good enough filtering that the spam that makes it through usually actually interests me in a "Wonder how I got this?" sort of way. I either bounce it unread or add it to the filters.

Having images on is another great way to tell if you're spam is read. Generate a unique named 1px graphic, send it to an address, watch your weblogs to see if it's valid. People that have images turned on in their mail clients get a lot more spam.
posted by cjorgensen at 12:20 PM on September 4, 2010


Your! Dammit!
posted by cjorgensen at 12:20 PM on September 4, 2010


There's a lot more "corporate spam" happening these days, too. I get tons of this myself from companies I've never heard of. Obviously my e-mail address has gotten onto some kind of "IT decision makers" list that they share or sell. This is a little different from the usual vi@gra spam in that the sender is pretty easily identified and is a fairly legitimate company, and they include an unsubscribe link that actually works.

You mean the unsubscribe links in all those web 2.0 conference spam messages actually work? I never would have guessed...
For example: Complimentary Webinar 9/7: Social Software for Business Performance
posted by Chuckles at 1:43 PM on September 4, 2010


I'll contact the guy and see if he objects to somehow blotting out the email domain but at some level wholesale editing of everyone's comments is pretty unusual [to the "we never ever do it" point] so it's more likely that we'd just close the question. I'll contact the guy and see what he wants to do.

I don't know.. People are using the domain part to guide their interpretation of the rest of the handwriting. Obscuring it will make it much harder to actually answer this question.

Once somebody figures out the actual email, I can see a case for taking that off fast. Not the image though, and certainly not before it actaully gets decoded.
posted by Chuckles at 1:50 PM on September 4, 2010


I have two email addresses for work. Both are average American first names @ the domain. One of them is publicly available on our website and one isn't. The one on the website gets more spam by a factor of about 60 to 1. Scraping happens.
posted by penduluum at 3:28 PM on September 4, 2010


The idea that spammers scrape the web looking for emails is kind of quaint

Quaint it may be, but the massive surge of crap that hits Gmail's spam filter every time I publish flabdablet@gmail.com on metafilter says that spammers don't care what you think of their techniques.
posted by flabdablet at 10:45 PM on September 4, 2010


Is it actually true that they don't use this technique anymore, or are you just guessing they don't because it seems "quaint"?

I didn't say they don't. It is, however, my professional opinion (as someone who works in an industry that gets to deal with the botnets people create and sell to spammers) that unless you have an address that looks like an md5 hash, it's not going to contribute to the substantial volume of spam you likely already receive in any meaningful way. They have much better ways of getting addresses than "scraping the internet", which has become a very big place. I'm not sure what you envision here. At one time you could harvest a lot of email from, say, usenet , or various other places that were high activity and people's emails got posted. Do you think they have the resources to scrape the entire internet (including sites where email addresses rarely show up) and that this would be worthwhile somehow?

Not sure what else to say about it. I wouldn't object if mods erred on the side of caution and cleaned out direct references in the thread. It wouldn't hurt to be safe. But I think it's a silly thing to freak out about.
posted by cj_ at 12:40 AM on September 5, 2010


The AskMe thread is now the top google hit when you search for the name of a minor Italian actress whose name we now know does correspond to a valid tele2 address. Now that we've apparently solved wheat's puzzle, I think the thread should be deleted.

I apologize for acting like a dick in the AskMe thread.
posted by nangar at 2:26 AM on September 5, 2010


Wheat hasn't picked a best answer, nor been back to comment, and it's not right to delete the thread until it's properly solved.
posted by cmgonzalez at 4:28 AM on September 5, 2010


The idea that spammers scrape the web looking for emails is kind of quaint.

It may be quaint, but it's true. I used to use emails of the form eriko-XX, where XX was two letters roughly representing the site I was posting on.

On major sites (and on Wordpress sites!) I would reliably get the first spam hit on that address 72 hours after using it for the first time.

Why would they scrape? It's much more likely to get a valid email address than just random generation. You wouldn't, of course, scrape the whole internet, but I can easily see a bot looking for site designs (like Wordpress) that are very likely to have email links, then scraping those sites for email addresses.

I always thought that the charm of random addresses is you might turn a backscatter spam into a double if you luck out and hit a valid email address.

I don't know the answer to spam, but thoughts of nuclear weapons does bring some small comfort when the mailserver's thrashing from the spam load.
posted by eriko at 6:29 AM on September 5, 2010


My email address has been up there for a day now and I've yet to get one spam. It's rare that I go a day without at least one. So I am concluding that posting your email in meta will cure spam. Anecdotally it's true (so far).
posted by cjorgensen at 7:51 AM on September 5, 2010 [1 favorite]


I suggest you stay for a week in a police station near a major airport, and count the number of tourists who drop by asking you directions to that place where they're going to receive the huge amount of money they won in a lottery.

Seriously. I'm not making this up, unfortunately.


Gonna go cry for humanity, brb.
posted by Pope Guilty at 10:32 AM on September 5, 2010


« Older Trees of hierarchy are pretty, let's plant some   |   Jessamyn Day! Newer »

You are not logged in, either login or create an account to post comments