sms.ac abuse
One of my friends got tricked into subscribing to sms.ac. I don’t remember the story verbatim, but it was her daughter who sent it to her.
Anyway, so she stupidly included her whole address book. Which includes me.
And for months now, I get regular e-mails from that service, asking me to join. Complete with my friend’s name in the subject and e-mail field of the mail. She knows I won’t subscribe, and she probably would have stopped the e-mails if she knew how.
I get them at least four times a month. Now in June I’ve already gotten four.
This is spam in my opinion, though I’m sure they dress it up as permission based. Well, hello, they never got my permission. They tricked my friend into submitting her entire address book. I don’t want their mails. And because all of us have been conditioned to not verify our e-mail addresses, I’m not going to jump at verifying I don’t want any invitations from them either.
But you’d think they’d have gotten the picture by now? I got my second invitation March 18. The e-mails sent from the service are written as though written by the person it says it’s from. Which they’re not.
———
My ISP uses SpamAssasin, and one of the reasons the latest e-mail was tagged as spam was:
Spamcop blacklisted IP
It was also listed at Distributed Checksum Clearinghouse
June 9th, 2005 at 7:24 am
I have had at least two people do the same to me. Both people I don’t even really care to be in their address book. And both computer people who you would think would know better. In my case it was a different address book service and after two or three emails it seems to have stopped. But it was annoying that they had done it. I have also got a few Birthday Reminder services too. That seemed to me the perfect way to get targeted demographic data on users.
I also hate it when someone uses one of those “Send this page to a friend” forms. I don’t sign up for anything at my normal personal address unless I know its a reputable company, and often not even then.
And the third email problem that bugs me is people who forward everything to everybody and don’t use BCC. Eventually those emails can land in the hands of a spammer and be a gold mine of addresses or be seen by a virus that sends itself out based on entries in people’s address books. Everyone seems to have some friend or family that sends out lots of junk like this. My dad recently got started on email and he goes nuts with the forward button. I at least got him to use BCC (most of the time). I am still working on cutting him back. If you send tons of useless junk to everyone, when you actually do send something important its likely to get ignored. I know I stop looking at most of their emails.
June 9th, 2005 at 7:51 am
sms.ac asks for the password for Yahoo or Hotmail accounts when new clients sign up. They can then tick off those they don’t want to send invitations to.
Check Google Groups, and you’ll see loads of invitations sent to discussion lists (that are archived at Google Groups, which I personally think is a stupid development).
June 9th, 2005 at 3:31 pm
I have screenshots and a description of what goes on when you sign up with SMS.ac: http://hownow.brownpau.com/archives/2005/02/update_on_smsac_spam
They haven’t changed it since then, and they get litigious against people who complain on their weblogs: http://joi.ito.com/archives/2005/02/22/letter_from_kevin_b_jones_of_smsac.html
June 10th, 2005 at 5:42 pm
This kind of message could be blocked by SPF, cumdn’t it?
June 11th, 2005 at 3:55 am
You mean this?
http://spf.pobox.com/
The real problem is all the clueless people who just blindly sign up, then have to pay for messages they never realized they requested.
If it’s just me, I can blacklist sms.ac from ever reaching my inbox. But the real problem is as always the clueless people. And there are way more of them.
For us geeks it’s easy to assume knowledge on behalf of others. Way too easy. I have done that a lot in the past. But I have a site where the visitors are mainly housewives and actors. And I’ve learned the hard way that it takes a lot for the noob to learn anything technical.
So although my readers here are generally only geeks (the housewives have told me they don’t understand what I’m talking about on spamhuntress), the goal is to make the experience better for the noobs. That’s the general goal.
So whenever a geek says, it’s easy to block. Well, that’s nice. But it doesn’t solve the problem.
And when a spammer says he’ll stop spamming ME, I frankly get a bit offended. Because I seldom see a spammer say he’ll stop spamming. I think I’ve seen that three times in total. And one of those outfits - he got others to spam for him instead.
Anyway, rant over.
June 12th, 2005 at 3:50 pm
I’m fairly ruthless when it comes to my personal email address. I’ve never seen much spam in the past 5 years at my personally address. I only give that out to close friends/family. And I make it very clear that they are to never send me forwards or sign me up for anything - if they do, I’ll simply remove them from my address book and filter out any email from them altogther. *I’ve only had to do that once*
I then setup another email address or two that are used as general mail boxes. These I use for when I sign myself up for things I can somewhat trust. Like an account with ticketmaster.com and such.
Then if I need to supply an email address at not-so-trustworthy sites. I just make something up and the mail comes into my default address.
example: if I were to sign up for something at commissionjunction.com - I used the email cj at doorhost.net. If they start spamming me - I just block all mail coming to that address and forget about it.
June 12th, 2005 at 4:24 pm
There’s one flaw to that technique, and it’s why I stopped doing it.
I will still expire addresses when they’ve started attracting enough spam.
But having a catch all address means you’re a sitting duck for joe jobs of a sort I got a lot of a while ago.
They’d use lots of variations of e-mail addresses on my domains, then send out spam with those as return addresses. Those joe jobs can really do a number on your inbox!
June 12th, 2005 at 8:08 pm
The other problem with catch all addresses is that then you can get the same spam multiple times. I still use them, but I hate all the bounces I get sometimes, luckily its not too frequent. But I would kind of rather know that some jerk is abusing my domain than be totally ignorant of it.
At different addresses I have different server side spam filters. BrightMail on two addresses, SpamAssasin, and some other proprietary filters. Some work much better than others. And of course it depend on how they are setup, one address with BrightMail gets much better results than the other.
And finally client side I use POPFile to not only filter spam, but classify different types of mail. So far, largely thanks to POPFile, I have not needed to retire any address that I used for general purpose.