Forgot your password?
typodupeerror
Spam Privacy The Internet

Where Is Spam When You Want It? 580

Posted by timothy
from the come-here-little-spider dept.
Sean writes "In a complete twist to what everybody else is trying to do these days, I need to attract spam to an e-mail address for a research survey I am conducting. I have submitted a few articles to a handful of Usenet groups, and I have signed up to some general mailing lists but so far I have nothing to show for it. How come by personal account gets 100+ spam each day yet when I try to find it I get nothing? Where should I post my address so that it attracts spam?"
This discussion has been archived. No new comments can be posted.

Where Is Spam When You Want It?

Comments Filter:
  • Outlook... (Score:5, Interesting)

    by krray (605395) * on Sunday September 21, 2003 @06:44PM (#7020239)
    I ran an experiment to do just this... Originally USENET (a decade ago I did that one), web pages, etc... Hundreds of trap address' across many of the domains in my control -- harvest and block 'em early has been my general method... :)

    I recently took 1 Windows 2K box (SP2) and put it directly online in the DMZ type zone. Do NOT patch it and add no virus software. Load some trap address' (never used before) into the Outlook address book.

    It took twelve (12) minutes from plugging it in to getting many, many infections, to the final spam. Typical time is 3-4 hours usually and I've seen the test go for as long as 8 hours.

    How many people do you know that use Outlook and may have your email in their address book? The bitch of the matter? No Windows here anywhere, well, except for VirtualPC which makes such tests so damn easy -- too bad Microsoft had to buy them up too...
    • Re:Outlook... (Score:5, Insightful)

      by dboyles (65512) on Sunday September 21, 2003 @06:56PM (#7020342) Homepage
      If you do this, are you willing to be responsible if someone hijacks the machine and uses it to commit illegal/unethical acts? I know, it's unlikely that this would happen, but knowingly putting an open machine online with the intention of having it compromised is asking for trouble. It's one thing to not know any better, but it's another to be apathetic to the situation.
      • Re:Outlook... (Score:3, Interesting)

        by Anonymous Coward
        I've done it a half a dozen times now -- and yes, it was monitored and some-what controlled. At the routing level outbound traffic to obvious ports (21,22,23,25,53,80,110,143,443,etc) was throttled or blocked. Unfortunately some infections use mail or web ports to call home...

        A full tcpdump was also in progress (just watching :), logged, and looked through various ways. Honey-pot anyone?

        • Re:Outlook... (Score:5, Interesting)

          by dboyles (65512) on Sunday September 21, 2003 @07:27PM (#7020502) Homepage
          Don't think I'm calling for honeypot operators to be arrested for setting out some bait. I think it's fine. In fact, I think it's a good addition to a security infrastructure. But dropping something insecure out in the open with full knowledge that it will probably be compromised and then likely used for undesireable activities isn't responsible.

          Perhaps I should have made that point more clear initially.
          • Re:Outlook... (Score:4, Insightful)

            by racermd (314140) on Sunday September 21, 2003 @11:41PM (#7021892)
            Well, if it's a honeypot, it is probably monitored at least somewhat regularly. If it ever does become a problem, someone would be able to pull the plug on the machine, both logically and physically, in pretty short order. Yes, 10 minutes is enough time for someone to do some serious damage with and/or to a compromised system. But a close eye on things should keep the damage to minimum.
          • Re:Outlook... (Score:4, Insightful)

            by MADCOWbeserk (515545) on Monday September 22, 2003 @01:20AM (#7022251)
            I think you are entirely wrong in your suggestion that honeypots are irresponsible. Honeypots provide a way to track and monitor the latest exploits and hackers. In fact if a hacker uses a honeypot in his activites he is much more likely to be tracked and caught because he hacked a logged and monitored machine.
      • Re:Outlook... (Score:3, Informative)

        by KrispyKringle (672903)
        Isn't this (more or less) the point of a honeypot? Granted, the owners would presumably step in if they saw anything extremely dangerous going on, but this is fairly common,tried-and-true practice. Ever read _The Cuckoo's Egg_?
        • Re:Outlook... (Score:5, Insightful)

          by ^Case^ (135042) on Monday September 22, 2003 @04:39AM (#7022832)
          Isn't this (more or less) the point of a honeypot?

          More or less yes. The major difference is that with a honeypot you make sure that there's only a way in -- you make it impossible for the offender to use the honeypot to carry on attacks from the honeypot. And that does not seem to be the case in this example.
      • by dcavanaugh (248349) on Sunday September 21, 2003 @07:48PM (#7020630) Homepage
        After all, it's their product that set the stage for all of this.

        • "After all, it's their product that set the stage for all of this."

          Microsoft isn't responsible for people's actions. Would you want Redhat to be responsible of an exploit was found in their distro of Linux?

          Me personally, I'd want them to be encouraged to fix it (i.e. risk losing sales etc.), but I wouldn't want them liable for somebody else being a shithead.

          Liability in a case like this is a double-edged sword. Besides, every time something like this happens, everybody gets stronger. Microsoft (event
      • by digidave (259925) on Sunday September 21, 2003 @11:18PM (#7021801)
        Knowlingly install a system from the manufacturer's CD and running it on the Internet? The horror! The horror!
    • Re:Outlook... (Score:3, Interesting)

      "How many people do you know that use Outlook and may have your email in their address book? The bitch of the matter?"

      There is an easy defence against this:

      Let's say your real address is your.name@yourISP.com. Tou need to first set up a sneakemail address. Use this address as the 'from' address in your e-mails. Then set up your 'name' as "Your Name [your.name-at-yourISP-dot-com]." This way, the sneakemail address (which can be changed whenever spam comes in) will appear in lusers' outlook address bo

      • Re:Outlook... (Score:3, Informative)

        by zbuffered (125292)
        "How many people do you know that use Outlook and may have your email in their address book? The bitch of the matter?"
        There is an easy defence against this: ... bla bla sneakemail bla bla

        That works just fine, but it gets even easier:
        Own your own domain.
        Have your e-mail setup to forward *@yourdomain.com to your actual e-mail address.
        Never give anyone your e-mail address. Give everybody different e-mail addresses to e-mail you at. Your friend jenny can e-mail you at jenny@yourdomain or whatever she'd like
    • I tried to put up what looked like an open proxy on port 8080, which simulated the right error codes in in case people connected to port 25 out in town.

      Within a week I was getting 100.000 spam mails a day. Within 2 weeks I was over 1 million spam mails a day.

      So just pretend to have an open mail server, and you can get all the spam you want, and harvest all the addresses you care about.
  • Hotmail. (Score:5, Informative)

    by pi_rules (123171) * on Sunday September 21, 2003 @06:45PM (#7020246)
    Sign up for an account there, forward the spam to your new mailbox and start following links to advertisements and such. If they ask for your email address, give it to them. Won't take long.
    • Re:Hotmail. (Score:5, Insightful)

      by norsk_hedensk (671990) <(moc.eniramtugarraf) (ta) (eoj)> on Sunday September 21, 2003 @06:50PM (#7020295)
      yeah but if they ask for you email address and you give it to them, it is not spam anymore. spam is unsolicited. you giving them your email says that they can email you. unless they say they WONT send spam, but yeah, thats gonna happen.
    • Re:Hotmail. (Score:2, Interesting)

      by napoleonin (548802)
      I don't know where Hotmail gets such a bad reputation from. I've had the same account there for 5+ years, and I get hardly any spam at all (5-10 spam messages per day).
      • Re:Hotmail. (Score:3, Interesting)

        by Hoser McMoose (202552)
        Hotmail gets a bad reputation because it is attacked FAR more than any other mail server out there, with the possible exception of AOL. The problems with Hotmail are two-fold:

        1. There are so many users of hotmail that you can easily end up with a previously used address (so even if you never give out your e-mail address, the previous owner of that address may have signed up to all sorts of crap). What's more, anytime someone puts out their hotmail address with a minor typo (either intentionally or accide
  • by mgcsinc (681597) on Sunday September 21, 2003 @06:45PM (#7020247)
    Register with every "reputable" company with a "privacy policy" you can find, and make purchases with them. Register a domain with the addy. Put the addy on tons of those little fill out cards that you have to mail in from magazines for free this, free that. Buy subscriptions to tons of Pr0n sites with the addy. Instead of usenet, post on several pay or exclusive product-support forums, where spam-runners can be assured of sure-fire hits. Damn! It's expensive to acquire SPAM!
  • If you really want to get spam, just sign up for a few "free" porn web sites. That should do it fairly quickly.
  • by dhawton (691348)
    Me as well as other slashdotters will send you some of ours. We don't want it (I hope).
  • by Shaklee39 (694496)
    Try signing up for a few mailing lists for marketers. Usually they will sell these to other companies who will in turn sell it to other companies and so on. Most email addresses are not spammed by having it available on google but rather giving it to the companies that do the spamming.
  • Domain registry (Score:5, Informative)

    by jhines (82154) <john@jhines.org> on Sunday September 21, 2003 @06:47PM (#7020259) Homepage
    I get spam from my domain registry, which has an email associated with it. I get the Nigerian stuff this way.
    • by dboyles (65512) on Sunday September 21, 2003 @07:17PM (#7020441) Homepage
      Amazing. Even after you made your millions from underground African money transfers, you still find time to post to Slashdot. What character! I can see why Igwe Emanuel thought you good enough to do business with.

      I, on the other hand, will be out of here as soon as the transaction is complete. So long, suckers!
  • Why not (Score:5, Insightful)

    by Alystair (617164) on Sunday September 21, 2003 @06:47PM (#7020260)
    You want spam? You should have put in your email address into the submitted article...
  • I had to get on some spam lists for an experiment as well. I signed up for everything you could imagine and recieve less spam on that account than my other accounts.
  • Just put your email adress in a lot of those 'get free pr0n pictures every day!' Works wonders. I heard.
  • by Jonin893 (666637) on Sunday September 21, 2003 @06:48PM (#7020273)
    If Murphy's Law can go wrong, it will.

    We all know that the Spam won't show up if you want it. That's against the very nature of spam.

    All annoying things always happen every time except for the one time you try and prove the phenomenon to a non-beliver. Well known fact.

    Good luck at finding the spam (wow, I never thought I'd have say that.)
    • It's called the Law of Non-Reciprocal expectations:
      • Positive expectations yield negative results.
      • Negative expectations yield negative results.
      A special case of this is the demo effect: The best way to make your pride-and-joy crash on the first keypress is to invite your boss's boss in to watch it run.

      Likewise, the only way to attract spam is by trying to avoid it.

  • Ebay (Score:5, Informative)

    by NetDrain (167337) <slashdot at theblight dot net> on Sunday September 21, 2003 @06:48PM (#7020274) Homepage
    Make an ebay account with your email address in it and just start bidding. This is an excellent way to ruin an otherwise perfectly good email address. I was doing all right on the spam front until I did this. Big whoops. *hits head on desk* Yeah, stupid me.

    You'll quickly become inundated with "How-tos" to Ebay, "official" emails from Ubid by people attempting to fraudulently gain access to your personal information, more tips-and-tricks, more offers from uBid, and of course a plethora of marvelous online drugstore advertisements.

    Enjoy.
    • Re:Ebay (Score:3, Informative)

      by djrogers (153854)
      Well, I can't speak to your specific circumstances, but I've been using a specific ebay-only email address for 3 years now, and have not had one single spam sent to it. Bought and sold plenty of stuff too... Perhaps you need to re-check what little information sharing checkboxes you forgot to uncheck with ebay?
      • Re:Ebay (Score:3, Insightful)

        He's talking about making your ebay nickname contain your email address. E.g. instead of setting your nick on ebay to be JohnSmith78 and putting your email address in ebay's system, you set your nickname to be "johnsmith78@aol.com".

        Ebay specifically discourages this because lots of people have had their passwords to ebay stolen by people sending them fake email pretending to be from ebay and asking for their password for "security purposes".

        graspee

      • Re:Ebay (Score:4, Interesting)

        by Izago909 (637084) <tauisgod AT gmail DOT com> on Sunday September 21, 2003 @08:01PM (#7020707)
        About 3 or 4 years ago I started buying things on ebay. As a student, I spent much of my day on campus. Many times, if I needed to get on the internet, a workstation wasn't always available or convenient to get to. The school did have many old 386 and 486 linux boxes that did nothing more than ssh into PINE for email. These things were all over the place. So sometimes I need to be notified of bidding while I was out. Without thinking, I had these sent to my school account. Nobody outside of friends, family, or school related people ever got my address besides ebay. In one year's time, I was getting so much spam that my account (60M quota) would overflow up to 3 times a week. I found myself logging on between classes to delete 30-50 messages. Eventually, I paid the school $25 to give me a new name on the network. This time, I still have only given my address to friends, family, and school related people... but no ebay this tame. 2 years later I still have to get one piece. It should be noted that my school has promised to NEVER use any sort of filtering. They cite censorship concerns, but I have some thought otherwise.
  • Free porn sites? (Score:3, Insightful)

    by Dancin_Santa (265275) <DancinSanta@gmail.com> on Sunday September 21, 2003 @06:49PM (#7020278) Journal
    Seems like there's more than a few people suggesting signing up with free porn sites to get spam.

    Personal experience?
  • by Indy1 (99447) <spamtrap@fuckedregime.com> on Sunday September 21, 2003 @06:49PM (#7020280) Homepage
    also try porn sites, gambling sites, and more importantly, paste it on slashdot. My spam trap address here gets hit ALL the time, usually several times a day, which has helped me greatly in tuning my firewall.
  • by gunner800 (142959) on Sunday September 21, 2003 @06:49PM (#7020281) Homepage
    If you deliberately bait spam, your research will only be about spam as it effects bait e-mail accounts. Your conclusions won't be applicable to normal e-mail use habits.

    Want to survey spam as it effects a normal, real-life, daily-use e-mail address? Get a new address and starting using it as your primary account. Anything less will be irrelevant statistics.
    • That depends (Score:5, Interesting)

      by dmiller (581) <djm AT mindrot DOT org> on Sunday September 21, 2003 @07:19PM (#7020454) Homepage

      If you deliberately bait spam, your research will only be about spam as it effects bait e-mail accounts. Your conclusions won't be applicable to normal e-mail use habits.

      The relevance of a baited addres depends on how one does the baiting. I'd say that a handful of usenet posts, pasting it to a couple of web pages, use of it to create accounts on websites (e.g. here), etc would be very representative of common patterns of address disclosure.

      • Re:That depends (Score:3, Interesting)

        by MMaestro (585010)
        Thats true, but "common patterns of address disclosure" also varies based on the user. Slashdotters, for example, are usually intelligent enough to avoid the pitfalls of trap webpages people like Joe Average fall for. Because of that, the spam e-mails you'll get will vary against the type of spam between Jenny Girl seven year old who gets cartoonie spam while Grumpy Old Man seventy year old will get youth-restoring spam.
  • you should've posted your job there. That would've got you in top 10.
    just kidding. on offense intended
    if you want spam you just need to get a hotmail account.
  • by Alpha_Nerd (565637) on Sunday September 21, 2003 @06:50PM (#7020287)
    Give it to some of your friends and relatives, soon you'll recieve 20 or so joke chain letters every day...
  • Contact me at the email address on ddent.net [ddent.net] -- I have a domain that has accumulated over 200 megabytes of spam in a matter of days.
  • 'Unsubscribe' (Score:4, Informative)

    by Anonymous Coward on Sunday September 21, 2003 @06:50PM (#7020292)
    In your own inbox, get a couple of hundreds of spam.

    Take the urls (DO NOT CLICK ON THEM) and strip them of the stuff after the '?' .....

    Go to each of those 'unsibscribe' pages and put the test account in the email to be removed box.

    Its the best way to get spam. The spammers will generally use it as confirmation that your address does indeed exist, and theyll happily put you in their alive list, where you are shure to get everything they are selling.
    • Re:'Unsubscribe' (Score:4, Interesting)

      by Anonymous Freak (16973) <prius.driver@m[ ]com ['ac.' in gap]> on Sunday September 21, 2003 @07:33PM (#7020540) Journal
      I actually tested that not too long ago. I made a hotmail account, did not use it, or publish the address anywhere. After two months, I found I was getting 10-15 spams a day. So, I started using the 'unsubscribe' links in all of them. In two weeks, I was down to 1-2 spams a day.

      Finally, after another two months, it was back up to 8-12 a day. So unsubscribing did seem to work, rather than hurt.
      • Re:'Unsubscribe' (Score:3, Interesting)

        by bluGill (862)

        General wisdom suggests that some of those companies do unsubscribe you, but then they sell your email as a verified good address. By unsubscribing you they can claim in court that they are honest and ethical, afterall they can prove they unsubscribe everyone who requests it. Selling that address is sleezy, but they figgure they have a better chance of getting away with things, plus make some money.

  • by foonf (447461) on Sunday September 21, 2003 @06:50PM (#7020293) Homepage
    I was in the exact same situation, actually, and found spamarchive.org [spamarchive.org] to be very helpful. Any one of the files on their ftp site should have enough spam to keep you busy for a while.
    • spamarchive.org is nice, however if you take a look at their stuff you will notice that all of the headers are messed up (because folks forward the spams to spamarchive). I was looking for a large collection of SPAM to train spamassassin with and found spamarchive.org to be unacceptable because the email headers were tampered with.
  • Spamarchive (Score:2, Informative)

    Why not just download some from spam archive [spamarchive.org]?
  • Based on a friend's suggestion, I created an alternate e-mail address and used it to create user IDs on classmates.com [classmates.com] and match.com [match.com] and, sure enough, until I kill the ID months later, I was getting 30+ spams a day after my ISP was done with its own filtering. I wasn't being very scientific and I don't know if it was one or the other or both, but it's a place to start...

  • A few thoughts (Score:5, Informative)

    by rdean400 (322321) on Sunday September 21, 2003 @06:52PM (#7020311)
    - Post a comment on Slashdot with the e-mail address visible
    - If on a popular e-mail provider such as AOL, Hotmail, or Yahoo, put up a profile and go to a chat room.
    - Allow your e-mail address to be listed on any of the directories.
    - Put your e-mail on a Geocities website.
  • by CGP314 (672613) <CGP@ColinGregory ... t minus caffeine> on Sunday September 21, 2003 @06:53PM (#7020318) Homepage
    New research shows spam no longer a problem!
    • Have you noticed that a lot of spam these days has encrypted messages attached to it?

      Looks like....

      wplqc r uesdpq
      y tq
      vr
      wcvixv qaowp
      go xz
      hfcjlf o ejni hxkqgftfhdw xgm
      ct edtt
      onzfkwsp gui

      I have been collecting them as I spot them, when I have enough samples and enough time I will have a bash at decrypting them.

      So if you want to add a flourish to your thesis, you can also figure out what they are using the encrypted text for. (Probably some sort of tracking to measure success of campaigns.) I will happi

  • You're best bet (Score:2, Insightful)

    by edthemonkey (136946)
    I think your best bet for simulating spam would be to give the account to a 14-16 year old kid for a week or two. One of the types that plays stupid games and talks to their friends on messaging programs all the time. They drop their email addresses all the time without really thinking about it.
  • It's easy. (Score:5, Informative)

    by NerveGas (168686) on Sunday September 21, 2003 @06:55PM (#7020329)
    Put it on a web page which gets any moderate amount of traffic. I did that with some spam-bait addresses, and it's amazing how much they generate. In a few months, they've identified over 22,000 unique servers sending spam.

    steve
  • by becktabs (628093) on Sunday September 21, 2003 @06:55PM (#7020338)
    "Research Survey" = getting back at evil ex-girlfriend.
  • Lots of Contests (Score:2, Informative)

    by jarito030507 (537910)
    Enter your email address into as many contests as you can. Those things have absolutely no reason to exist except to farm email addresses.

    Some links of the sweet, sweet google:
    Here [sweepstakes-contests.com]
    Again [about.com]
    And Again [acuwin.com]

    If you search for 'contests' and click on the sponsored link then you should have an abundant source. Also, if you sign up for a few of those "Free" trials at porno websites, you should start to get some serious spam.

  • by i_want_you_to_throw_ (559379) * on Sunday September 21, 2003 @06:57PM (#7020349) Homepage Journal
    That and better yet the sites that will submit your web site to hundreds of search engines [google.com]. That will get you to the FFA style sites quick. I did this when I needed an account to test SpamAssassin on. Worked like a charm. Better yet, give /. ers an Email and we can set a forward to you of some junk.

    Hey I got plenty!
  • by AEton (654737) on Sunday September 21, 2003 @06:58PM (#7020357)

    Post to Google Groups [google.com] on many well-frequented lists (don't cross-post!) with the address. Sign up for a Slashdot account and write generally informative (+5! +5! +5!) tripe with your real email address tied to it.

    You also should've specified the test email in your story submission (i.e. Sean [mailto] writes:) -- too late for that now, of course. In the slashdot@myname.endjunk.com emails I've provided, I've easily gotten 10+/day within a few hours of first posting. Neat.

  • by pair-a-noyd (594371) on Sunday September 21, 2003 @06:59PM (#7020359)
    I made up a semi-bogus email addy, it's real in that mail sent to it gets to me, but when I'm done, I'll flush it down the tubes.

    I used it to attract spam so that I could train spamassassin for my use and for a few friends and family.

    I went and dropped it all over usenet in the pr0n groups, went to every viagra site I could find, clicked on every banner add I saw.

    It took a few weeks but I finally got the desired results. You'll have to put up with some extremely offensive email for awhile so make sure the wife and kids can't get to it during this phase.

    After doing this for a few weeks I was getting 50+ spams a day. Now that I have spamassassin all tuned up I just don't check mail on that account. Once I feel that I no longer have the need to tweak SA, I'll just dump the account..

    Too bad this doesn't work for TV commercials...
    HEY! How about an app that, er, nevermind...
  • worked for me (Score:5, Interesting)

    by pretzel_logic (576231) * <andy.shook@gmai l . c om> on Sunday September 21, 2003 @07:00PM (#7020367)
    Buy a throw-away domain name and post an index page with a email address. you could also use the method where you record the IP address of the spider by generating the email address on the fly. with [IP of spider]@domain.com and then set up a catch all email box. then you are monitoring the spiders ips and the mail servers ips. this idea was posted on /. a few months back but I couldnt find the link.
  • by pongo000 (97357) on Sunday September 21, 2003 @07:01PM (#7020370)
    Simply respond to your own post here on /. with your e-mail address. /. is a spam magnet. The majority of spam I receive is from an e-mail address I used to use here that I quit using over a year ago.
  • by chimpo13 (471212) <slashdot@nokilli.com> on Sunday September 21, 2003 @07:03PM (#7020380) Homepage Journal
    Hi, I'm pissed off at someone and would love to get them bombarded with spam. No, I don't think that'll work on slashdot. Better say "research" instead of "pissed off". Yeah, that should work.
  • by roystgnr (4015) <roystgnr AT ticam DOT utexas DOT edu> on Sunday September 21, 2003 @07:03PM (#7020382) Homepage
    "My deadbeat roommate has pissed me off once too often. On a completely unrelated note, I'm looking for ways to attract lots of spam to an email address for... er... research. Yes, research sounds plausible."
  • by xanadu-xtroot.com (450073) <xanadu@@@inorbit...com> on Sunday September 21, 2003 @07:20PM (#7020466) Homepage Journal
    Where should I post my address so that it attracts spam?

    How about the front page of Slashdot?!? That ought to help you out a bit.

    /me shakes his head.

  • For real spam... (Score:3, Insightful)

    by rsilvergun (571051) on Sunday September 21, 2003 @07:30PM (#7020523)
    You have to make sure you click the opt-out check boxes if you're signing up places. If you go to a porn site and sign up to recieve mail from them it's hardly spam. Yes, I know you'll still get a lot of stuff you didn't ask for. But since this is for research, it seems like the distinction ought to matter.
  • by DarkEdgeX (212110) on Sunday September 21, 2003 @07:33PM (#7020543) Journal
    Specifically, not one that's from an actual brick and mortar greeting card maker. 9 times out of 10, you'll be sure to be not only adding YOURSELF (the sender) as a future spam victim, but whoever you entered as a recipient for the e-greeting card.
  • by Kehl (663202) on Sunday September 21, 2003 @07:34PM (#7020549) Homepage
    Create Several Email Addresses - Be scientific ...

    Address 1 - (Control Address) Post No Where and read no messages until the testing time is over

    Address 2 - Post On Usenet (Deja.com)

    Address 3 - Post In Public ICQ program

    Address 4 - Porn Sites

    Address 5 - IRC

    etc .....

  • My Spam corpus (Score:4, Informative)

    by orthogonal (588627) on Sunday September 21, 2003 @07:36PM (#7020558) Journal
    I have an address I used for about three months on usenet, only in the comp.lang hierarchy.

    I may have used it for a few web sites, but the only one I recall is a local political organization which I doubt would have sold, or had the expertise to sell, its list. Still, the data is tainted, and I can't say it all comes from usenet.

    According to DejaGoogle, I last used it 18 April 2002, and it was last referenced in a follow-up message 5 May 2002. I first used it 15 February 2002.

    For a while I had my ISP forward mail to that address to "nothing" until I worried it might be piling up on the server somewhere (I don't know what forwarding to "nothing" means in the ISP's web control panel). So there are no messages for most of the month of May 2003.

    Disregarding the emails from the political organization, there are 1733 emails; the earliest is dated 16 July 2002, the lastest today 21 Sep 2003. (There are probably earlier emails to this address which have been archived.)

    So that's a span of 432 days, not subtracting the period when I wasn't having the email forwarded. Again not subtracting the un-forwarded days, that's ~4 per day.

    Note that this is only spam to this particular "sacrificial" address; it does not count the large amount of spam that, thanks to having some idiots as "friends", hits my "real" address.

    I have not been subject to any dictionary attacks on my domain name, but I have gotten about 105 spams to admin@mydomain in the same time period. This pushes the daily average to ~4.25/day.

    Since I started getting a lot of spam, I've made a practice of assigning each commerical contact or mailing list a different address (theirdomain.tld@mydomain.tld generally); surprisingly, these get very little spam, despite getting large volumes of legitimate mail each day.
  • Wait. (Score:5, Informative)

    by MisterFancypants (615129) on Sunday September 21, 2003 @07:37PM (#7020568)
    I think you have to wait, as from what I understand most of the people who spam actually buy spam lists from other people. The spam lists seem to be compiled like phone books, so they send out batches of addresses like every month or so. I'm sure your mailbox will be stuffed to the breaking point about two months from now.
  • by Zero__Kelvin (151819) on Sunday September 21, 2003 @07:39PM (#7020576) Homepage

    Is the account you want spammed provided by the same ISP as your personal account? It sounds like the ISP you are using for the research account might be doing a really good job killing off the spam before it ever gets to you. In order for the research to be uncorrupted you need to verify that your ISP passes all e-mails through to you, rather than spam filtering.
  • by perp (114928) on Sunday September 21, 2003 @07:48PM (#7020632)
    I recommend NewFunPages [newfunpages.com] for getting lots of spam to an account that never used to get spam.

    Then start clicking on the Unsubscribe links.
  • by Nat3d066y (705795) on Sunday September 21, 2003 @07:57PM (#7020685)
    So you want a lot of spam, do ya?

    http://www.spamcop.net/w3m?action=inprogress&typ e= www

    That's Spamcop's list of spam-vertised web sites. All of those sites have submission forms; just put the email address in there and you'll be rockin' and rollin' within a few hours. I got into a 'spam war' with one of my roommates back in college, and with that Spamcop list I was able to render his email account COMPLETELY useless within a couple of hours (If you're reading this, sorry 'bout that Brian... )

    Speaking of spam, on a random side note, I've recently started checking all of my email accounts with Shadango.com. Anybody else tried that yet? Shadango allows you to have advanced filtering applied to ALL of your existing accounts (both POP and IMAP). It's frickin' great. So now I don't get any more spam, plus I can check all 5 of my email accounts from one place. They've also got file storage, a calendar, etc. It's money. Check it out.

    -Nate
  • by Simon Garlick (104721) on Sunday September 21, 2003 @09:33PM (#7021231)
    Register a domain with Verisign, and put your target address as a contact for that domain.
  • Some solutions (Score:3, Informative)

    by nuwayser (168008) <[pete] [at] [tux.org]> on Sunday September 21, 2003 @09:49PM (#7021326) Homepage Journal
    1. news.admin.net-abuse.sightings [google.com]

    2. spamarchive.org [spamarchive.org]

    3. Build a Spam Honeypot [google.com]

    hth
    pete
  • by chris_sawtell (10326) * on Monday September 22, 2003 @01:10AM (#7022215) Journal
    ... 22Megs, because I've been saving it to train Spamoricle.
    Post your e-mail address here and I'll send the spam.tar.bz2 file to it.

    There, what could be more helpful?
  • It'll take time (Score:3, Insightful)

    by trenton (53581) <trentonl&gmail,com> on Monday September 22, 2003 @01:25AM (#7022270) Homepage
    You've got to understand how the system works. The same people (or system) that collects email addresses won't be the ones to send it. Consumer/producer model.

    I'm sure your now addresses have been harvested by a number of systems already. You'll have to wait, though for a client to buy a list, or another wave of mailings to go out before one is sent to you.

  • Got Spam? (Score:4, Informative)

    by AnotherBlackHat (265897) on Monday September 22, 2003 @04:18AM (#7022795) Homepage

    "In a complete twist to what everybody else is trying to do these days, I need to attract spam to an e-mail address...


    Much harder than it seems. A spam trap address can take months or even years to get up to the same levels of spam as other addresses.

    Some techniques;
    Unsubscribe the address.
    Apart from proving that some spammers actually do harvest from unsubscribes, this method isn't very effective, because some spammers actually do remove you from their lists.
    (of course, if you only unsubscribe addresses that don't get any spam, it can't get worse.)

    Dictionary attacks. If you run a mail server, you will occasionally be attacked. Either pick easy to guess names, or accept any name that fits a rule. It's a good idea to always reject the first name (unless it's already in your lists) since some spammers start with a 'test' name.
    Also, there will be plenty of names tried, so there's no need to accept a suspiciously high percentage. Choose a simple rule that rejects a fair percentage of the names.
    For example, accept any name which has a '5b' as the last hex character when hashed.
    If your server has any extra delays after a bad name, remove them.

    Buy expired domains.
    Some of my best trap addresses are from previously owned domains.

    Posting to usenet.
    I've not had much luck with this.

    Posting to mailing lists.
    This also seems fairly hit or miss.

    Posting to websites.
    Works eventually, but it can take a long time.

    Setting them in Ineternet Explorer.
    Some web sites have javascript that can grab your email address from your browser.
    (bonus points if you write this up in a proposal)


    When you get spam...

    Read the web pages. Once you actually get spam, either read it in a browser, or download all the links with wget. Some spammers are paying attention, in particular it seems, the ones who sell addresses to other spammers.

    Respond. When you get one of those weird messages like "Are you the same noc-staff I went to school with?" Respond with a simple "sorry, wrong guy."

    -- this is not a .sig
  • Enter some contests (Score:3, Interesting)

    by superflippy (442879) on Monday September 22, 2003 @10:05AM (#7024208) Homepage Journal
    Online sweepstakes are a great spam generator. Sign up for Publisher's Clearing House [pch.com] and opt-in to everything.
  • by dspyder (563303) on Monday September 22, 2003 @12:15PM (#7025378)
    Easily the three best ways to collect spam are to create a hotmail account. Then register a brand new domain with that address publicly available. Then join match.com (I think they still offer a free trial of some kind) and watch the spam pour in.

    My wife created a unique (with numbers) hotmail account when she joined match.com (we met on matchmaker.com) and used it only for that purpose. Today she gets hundreds and hundreds of spam on it even though it's been entirely inactive for 3.5 years!

    Match customer service claims they don't sell addresses and that it's hotmail's fault. Either way, the two together seem to be a quite effective spam trap

    Of course, if you're just looking for a corpus of spam to test against, there's plenty out there. Google for +"spam corpus" to find several good sites.

    Hope that helps....

    --D
  • by rleibman (622895) on Monday September 22, 2003 @02:04PM (#7026298) Homepage
    Seriously, I ran in 2002 and made the mistake of giving my prefered email address to anyone who wanted to contact me, of course, every newspaper in my district posted it on their website, leagues of voters same, etc.
    I now get about 50+ spams a day... nicely controlled with spamassasin.

Nothing is impossible for the man who doesn't have to do it himself. -- A.H. Weiler

Working...