Open registrations = open for spammers?
November 21, 2004 5:53 PM   Subscribe

Ever consider using SpamAssassin?
posted by juju at 5:55 PM on November 21, 2004

It's a good thing you weren't getting any spam then, huh?
posted by Ethereal Bligh at 6:01 PM on November 21, 2004

I'm sorry.. How could other people getting accounts cause you to get more spam? Is the implication that some bug or malicious act occured causing your e-mail address to be displayed/given to others? If so, I think it takes longer than 1 day.

Generally, I'm not sure what you're saying.
posted by Hildago at 6:07 PM on November 21, 2004

access to others' email is only available to members. so a spammer just joined.
posted by andrew cooke at 6:12 PM on November 21, 2004

I'm sorry.. How could other people getting accounts cause you to get more spam?

Because you can't see members emails on their member pages unless you're logged in. The implication is that a spammer bought an account, then began using it to log in and harvest email addresses. It's quite possible. In fact, I don't think there's any way to completely protect against it forever.
posted by scarabic at 6:12 PM on November 21, 2004

What I am saying is in the last 20 months I have had this email address, I've had virtually no unsolicited email. In the last 2 days I've had a couple dozen of them. I've changed the address in my profile here to filter it a bit.
posted by scottymac at 6:13 PM on November 21, 2004

I have the same story to tell. Clean(ish) before, dirty now.
posted by Wolof at 6:41 PM on November 21, 2004

Thanks for the heads up, folks- I took my e-mail out of my profile.
posted by ThePinkSuperhero at 6:47 PM on November 21, 2004 [1 favorite]

had you guys done blablablaATdomainDOTcom instead of the symbols? or some other trick?
posted by amberglow at 6:54 PM on November 21, 2004

My email address is described in my profile, but is not explicit. So maybe the spammer has a script to harvest addresses? No meat products in my mailbox. Or the spammer has figured out that I'm broke.
posted by theora55 at 6:55 PM on November 21, 2004

it was angrymodem.
posted by quonsar at 7:02 PM on November 21, 2004

Well, if it happened to two people, it must be Mefi.
posted by yerfatma at 7:17 PM on November 21, 2004

I do not mean to denigrate all comunication batween members. I have written to a fellow mefite to thank him for wonderful post.
posted by scottymac at 7:29 PM on November 21, 2004

Use sneakemail. Problem solved. Also gives you a layer of protection from all the crazy MeFi stalkers you have undoubtedly accumulated.
posted by Galvatron at 8:06 PM on November 21, 2004

FWIW, the mailbox I use for Metafilter is still spam-free. It has been available for a couple of years now. So my bet is that you're both unlucky.
posted by five fresh fish at 8:38 PM on November 21, 2004

just checked and i'm still clean.
posted by _sirmissalot_ at 8:46 PM on November 21, 2004

i created an alternate gmail account specifically for contacting me through metafilter.
posted by Arch Stanton at 8:55 PM on November 21, 2004

I've received only 3 emails all day today, none of them spam.

So popular, all of you.
posted by chicobangs at 9:31 PM on November 21, 2004

I've had the same sort of spam avalanche.
posted by troutfishing at 9:55 PM on November 21, 2004

I changed the default email to no longer be clickable and to take out the common punctuation, but someone could certainly write a text filter to figure them out. Next up, I'll create images on the fly.
posted by mathowie at 9:55 PM on November 21, 2004

amberglow - yes.
posted by troutfishing at 9:56 PM on November 21, 2004

No spam here either (yet).
posted by eatcherry at 9:59 PM on November 21, 2004

Thanks, Matt.
posted by gd779 at 10:21 PM on November 21, 2004

Can we find and identify the spammer, say, by using the refer logs?

I can round up a posse (I bet Linnwood, skallas and I could form a very unholy trinity) and de-ambulate him if he lives within, say, 200 miles.
posted by trharlan at 10:32 PM on November 21, 2004

I just put the same email in my profile that I use for pr0n sites. Problem solved.

Well, not so much solved as obscured beneath the weight of a much, much larger problem.
posted by stet at 12:46 AM on November 22, 2004

Attention Intenet Users:

If a someone has the ability to code and run an email harvester, then that person almost certainly has the ability to parse a string like "user AT host DOT tld" into "user@host.tld"

Bear in mind that people do this for a living. Operate under the assumption that whatever counter-measure you've devised to hide your email address, spammers have devised a counter-countermeasure. Remember when hex email addresses used to work? For like, what, five minutes?
posted by ChasFile at 2:18 AM on November 22, 2004

ah, that explains all those Pen1s enlarg3ment p1lls I've been getting these past few days (on another spam-free addy). Not too many though, spamcop.net is a good blacklist.

Thanks Matt.
posted by dabitch at 4:18 AM on November 22, 2004

Matt;

Geeky question, what are you using with ColdFusion to create images on the fly?

Cheers

posted by ModestyBCatt at 4:29 AM on November 22, 2004

I created a specific email alias when i became a member, thinking that this might be an issue. So far (admittedly only a few days) i remain spam-free.

If someone is harvesting emails, it's most likely a goofus (imo); a harvester could rip through this site in less than 24 hours.

I agree that writing out the words in your email address is a waste of time. Those bots are pretty creatively designed and updated often to counter current human strategies.
posted by reflecked at 4:43 AM on November 22, 2004

You could always put it in a GIF. Unless Matt bans the img tag.
posted by Pretty_Generic at 4:54 AM on November 22, 2004

This is why it's my shitcatcher yahoo address in my profile. Like a chom, it voiks.
posted by jfuller at 5:02 AM on November 22, 2004

I, too, use the shitcatcher addy in my profile, but it's had a lot more shit to catch in the past week. A spam increase of about 300 percent. And all of it "Hot Stock Tip" related.

Not a huge concern for me, but it does seem velly velly strange.
posted by Optamystic at 5:31 AM on November 22, 2004

my mefi address is spam free. i only use forwarders - if one of them gets spammy i delete it and create another.
posted by t r a c y at 5:37 AM on November 22, 2004

i get spam. have not noticed a huge increase lately, but what with spamassassin on the server and the auto-filters in mozilla not much gets through to my inbox. but probably on the order of 25 to 30 a day show up in my junk folder - not as bad as it used to be, but still obnoxious.

i have been using the same email address since 1992 though, which i'm sure accounts for a lot of the spam i get. i actually gave the address out way back when you didn't have to worry about this sort of shit. i would switch to gmail but waiting for IMAP so i can upload my current mail, and could use the comcast account that came with my cable modem but i rarely check it so don't know if i would remember to look for new mail ever. alas, i'm still stuck with my 12 year old account, so i guess i'll keep using it...

thanks for re-encoding the emails matt, at least it will help a bit...
posted by caution live frogs at 7:20 AM on November 22, 2004

The gmail account in my profile has been spam-free since I started it, and still is.
posted by squealy at 7:29 AM on November 22, 2004

FWIW, I'm getting the same amount of spam at that address that I have for the past couple years. An annoying, but relatively low, number of messages.
posted by soyjoy at 7:38 AM on November 22, 2004

Wouldn't writing addresses on the fly with javascript prevent (or at least hamper) harvesting. document.write("user")+document.write("@")+etc.
I'm assuming the harvesting robots don't use javascript. Of course that'd make the addresses unreadable to anyone who's javascript turned off (or uses Lynx or something).
posted by TimeFactor at 8:15 AM on November 22, 2004

Email address obfuscation doesn't end with AT and DOT, people. Why not try something like "myname merf domain org" or "myname symbol domain educational"? Anyone who can't parse those manually isn't worth talking to and no spammer is going to go through 20,000 profiles manually.
posted by Optimus Chyme at 8:26 AM on November 22, 2004

I'm assuming the harvesting robots don't use javascript.

Perhaps not such a safe assumption these days, given that both Windows and Mac OS X include system libraries perfectly capable of rendering JavaScript embedded in Web pages.

Arguably, the best way to obscure an e-mail address is to write a link that goes somewhere innocuous, then use an onMouseOver handler to set the e-mail address (i.e. onMouseOver="this.href=myemailaddresss") to set the link to a previously-derived e-mail address that has been stuffed in a variable using some JS that's not so easily parsed. A human user can't click the link without pointing to it first, triggering the script and causing the link to actually work. But a bot's not going to send random JS events to every link on the page. At least not yet.
posted by kindall at 8:48 AM on November 22, 2004

A human user can't click the link without pointing to it first

Unless, of course, they tab to the link or use some input device other than a mouse. Can't sacrifice usability for security, that's part of the Bush Doctrine and we all hate him, right? And anyway why this insistence on a cold war of email address obfuscation? Have none of you studied your history?
posted by ChasFile at 10:52 AM on November 22, 2004

my mefi address is spam free. i only use forwarders - if one of them gets spammy i delete it and create another.

Ditto. Just common sense, really, innit?
posted by stavrosthewonderchicken at 12:54 PM on November 22, 2004

name[shift-2]domain.com.
posted by me3dia at 1:56 PM on November 22, 2004

I still don't see how a guy joining and supposedly harvesting your e-mail addresses could result in a spam flood the same day. I was under the impression there was a certain time lag between when the e-mails were harvested and when they were distributed to whatever schmucks bought them. Couldn't it just be that some other site that has been linked on metafilter, that you two or three people went to and signed up for, is selling e-mail addresses? Not saying one of the n00bs couldn't have done this, just that there are other possibilities.
posted by Hildago at 10:08 PM on November 28, 2004