Nearly two and a half years ago I got some spammy, scammy marketing email, and found that I wasn't the only one. I reproduced it on this blog, found others had been similarly spammed, and over the time since have received many communications from other people who have been similarly spammed by these douchehats.
Overnight I got a random email, at my WORK address, (new, private, unpublished) from someone (Michael Price, CEOVentures) claiming to own the email/the domain/the organization, that it's not a scam. I replied, asking the guy to take the email to a non-work point of contact. He responds by CALLING me at the office, then follows up with more email saying that I need to retract my statement, send him notice I've done so, or he will file a lawsuit against -- get this -- not just me, but also my new-ish fulltime employer, who of course has nothing to do with this.
Classy! You fucking bully. Digging up my work email simply speaks to your spammer, scammer tactics. Your bully tactics are reproduced here for other people to laugh at as well. Go buy a clue, jerkoff. Typical sociopath CEO. Next time play chicken with someone who doesn't know the law and isn't willing and able to pay to defend themselves from bullies like yourself. Also, hire someone to educate you on how to market yourself and relate to a community, rather than dig holes for years on end. You're not going to erase the well-ranked Google results describing your asshole, spammer tactics if you keep riling people up with them.
************************************************
Hi Andrew, we are the owners of the CIO Summit which apparently you blogged about in error and the matter was escalated to me. They are definitely real, have hundreds of members, have been around for many years, and as proof I would like share with you recordings of dozens of past meetings with leading CIOs speaking which of course would be impossible to provide if it were the phishing scam you stated.
We demand that you immediately strike the posting which is libelous, defamatory, and needless to say there is significant liability to yourself personally and potentially your past employer Davis Vision where you made the blog posting from etc but let's not go down that route as it is wholly unecessary. I will send the content by separate email (check your spam folder due to all the links) and I will call you Monday morning. Thanks.
Sincerely,
Michael Price
CEO Ventures
770-998-9999
AIM:MFPrice MSN:MFPrice1
MPrice@CEOVentures.com
www.CEOVentures.com
***
My Reply
***
I'm not sure how you got this email, or why you chose to contact me at this email instead of the email link provided on the blog itself, but it certainly doesn't make you look like NOT a scammer when you start pulling <60day old private email addresses out of thin air. Don't bother me about personal matters on a work email address. Have some professionalism and I'd be happy to further consider your case.
***
Michael's reply after I hung up on his bothersome phone call
***
Andrew, I do not see your email at your blog nor do I have your personal phone so I am unable to contact you by alternate means as you asked (and thanks for hanging up on me, first time ever). You and Apprenda (Sinclair et
al) are about a week away from a law suit being filed, I would suggest you take down the defamatory blog posting and verify back when done. It is untrue and we have provided you evidence to the same.
************************************************
Bottom of the page, you lazy, self-important jerk. If you can't figure it out, well ... how'd you get to be CEO anyhow?
Showing posts with label spam. Show all posts
Showing posts with label spam. Show all posts
Wednesday, April 21
Tuesday, October 13
Google Groups Spammed & Spoofed
Someone used a paid relay service to send a blast of spam mail to Google Groups today, including an email to DotNetDevelopment forged to look like it was from me, and one to the Twitter development list from Abraham Williams. I wonder if I can tighten up my SPF records further ...
Note:
"node67-rs.smtp.com is a paid relay service. We do not tolerate UCE of any kind. Please report it ASAP to abuse@smtp.com"
Reported! Too bad they're sloppy enough to either take on a paying scammer, or allow their server(s) to be compromised.
Entire original header below:
Received: by 10.204.57.197 with SMTP id d5cs159454bkh;
Tue, 13 Oct 2009 05:46:41 -0700 (PDT)
Received: by 10.224.36.161 with SMTP id t33mr5712657qad.346.1255437999331;
Tue, 13 Oct 2009 05:46:39 -0700 (PDT)
Return-Path:
Received: from mail-yw0-f143.google.com (mail-yw0-f143.google.com [209.85.211.143])
by mx.google.com with ESMTP id 16si5931388qyk.49.2009.10.13.05.46.37;
Tue, 13 Oct 2009 05:46:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of grbounce-CXXeHAUAAABT6iFcnV0tp2J8uwopwMrD=[name]=[mydomain]@googlegroups.com designates 209.85.211.143 as permitted sender) client-ip=209.85.211.143;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of grbounce-CXXeHAUAAABT6iFcnV0tp2J8uwopwMrD=[name]=[mydomain]@googlegroups.com designates 209.85.211.143 as permitted sender) smtp.mail=grbounce-CXXeHAUAAABT6iFcnV0tp2J8uwopwMrD=[name]=[mydomain]@googlegroups.com; dkim=pass (test mode) header.i=@googlegroups.com
Received: by ywh7 with SMTP id 7so11775014ywh.23
for <[name]@[mydomain]>; Tue, 13 Oct 2009 05:44:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=beta;
h=domainkey-signature:received:received:x-sender:x-apparently-to
:received:received:received:received-spf:received
:x-smtpcom-spam-policy:x-smtpcom-sender-id:x-smtpcom-tracking-number
:mime-version:from:reply-to:to:subject:content-type
:content-transfer-encoding:x-mailer:date:message-id:sender
:precedence:x-google-loop:mailing-list:list-id:list-post:list-help
:list-unsubscribe:x-beenthere-env:x-beenthere;
bh=v/3cjxr9yNnnn8YzYMWt3Zb3yFtZ6fg/QPjQ6F00xzU=;
b=f8zONo+Nd2OiMZboovaizKOIB3KdTwU639muyNz845TznnqnCLIFSbJBB8X9/tVaSP
SJXpcLquG3LMNCzwhNlwtxheFIo1gPaAqrBkoehXE5H6eVLh/lOUMazqBTVWITP+RN0p
QYspurQzDOcCZyOyToKh14c+5t9Y8jzYfDPS8=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=googlegroups.com; s=beta;
h=x-sender:x-apparently-to:received-spf:authentication-results
:x-smtpcom-spam-policy:x-smtpcom-sender-id:x-smtpcom-tracking-number
:mime-version:from:reply-to:to:subject:content-type
:content-transfer-encoding:x-mailer:date:message-id:sender
:precedence:x-google-loop:mailing-list:list-id:list-post:list-help
:list-unsubscribe:x-beenthere-env:x-beenthere;
b=OdKVMgfgp0pSRBItb7s3AarQySGe3257BGdagGxmJ32sNCqC0EX3btfyBksKm3CKzB
+5rU+D4gFe8kxK7g3JvgJ3JHoimWFXHOL2c47ftI9iHPwjsHErQysprNE05keLcSovWo
NXkulIIxbH0hk9X4T6okRCjxYagz2g09IJpzQ=
Received: by 10.224.124.213 with SMTP id v21mr334295qar.44.1255437890651;
Tue, 13 Oct 2009 05:44:50 -0700 (PDT)
Received: by 10.176.233.14 with SMTP id f14gr43027yqh.0;
Tue, 13 Oct 2009 05:44:41 -0700 (PDT)
X-Sender: [name]@[mydomain]
X-Apparently-To: dotnetdevelopment@googlegroups.com
Received: by 10.224.95.213 with SMTP id e21mr1582186qan.0.1255437857334; Tue, 13 Oct 2009 05:44:17 -0700 (PDT)
Received: by 10.224.95.213 with SMTP id e21mr1582185qan.0.1255437857289; Tue, 13 Oct 2009 05:44:17 -0700 (PDT)
Return-Path: <[name]@[mydomain]>
Received: from node67-rs.smtp.com (node67-rs.smtp.com [74.205.51.67]) by gmr-mx.google.com with ESMTP id 18si409687ywh.13.2009.10.13.05.44.17; Tue, 13 Oct 2009 05:44:17 -0700 (PDT)
Received-SPF: neutral (google.com: 74.205.51.67 is neither permitted nor denied by best guess record for domain of [name]@[mydomain]) client-ip=74.205.51.67;
Received: from 41.248.202.187 (unknown [41.248.202.187]) by node67-rs.smtp.com (Postfix) with ESMTPA id D31FA2B0529 for; Tue, 13 Oct 2009 08:44:15 -0400 (EDT)
X-SMTPCOM-Spam-Policy: node67-rs.smtp.com is a paid relay service. We do not tolerate UCE of any kind. Please report it ASAP to abuse@smtp.com
X-SMTPCOM-Sender-ID: 2367
X-SMTPCOM-Tracking-Number: 71882385
MIME-Version: 1.0
From: "Forum" <[name]@[mydomain]>
Reply-To: dotnetdevelopment@googlegroups.com
To: dotnetdevelopment@googlegroups.com
Subject: [DotNetDevelopment] How To Unlock Locked iPod
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: SendBlaster.1.6.2
Date: Tue, 13 Oct 2009 12:44:09 +0200
Message-ID: <386066006496256206824@sweet-a0aa22526>
Sender: dotnetdevelopment@googlegroups.com
Precedence: bulk
X-Google-Loop: groups
Mailing-List: list dotnetdevelopment@googlegroups.com;
contact dotnetdevelopment+owner@googlegroups.com
List-Id:
List-Post:
List-Help:
List-Unsubscribe:,
X-BeenThere-Env: dotnetdevelopment@googlegroups.com
X-BeenThere: dotnetdevelopment@googlegroups.com
Note:
"node67-rs.smtp.com is a paid relay service. We do not tolerate UCE of any kind. Please report it ASAP to abuse@smtp.com"
Reported! Too bad they're sloppy enough to either take on a paying scammer, or allow their server(s) to be compromised.
Entire original header below:
Received: by 10.204.57.197 with SMTP id d5cs159454bkh;
Tue, 13 Oct 2009 05:46:41 -0700 (PDT)
Received: by 10.224.36.161 with SMTP id t33mr5712657qad.346.1255437999331;
Tue, 13 Oct 2009 05:46:39 -0700 (PDT)
Return-Path:
Received: from mail-yw0-f143.google.com (mail-yw0-f143.google.com [209.85.211.143])
by mx.google.com with ESMTP id 16si5931388qyk.49.2009.10.13.05.46.37;
Tue, 13 Oct 2009 05:46:38 -0700 (PDT)
Received-SPF: pass (google.com: domain of grbounce-CXXeHAUAAABT6iFcnV0tp2J8uwopwMrD=[name]=[mydomain]@googlegroups.com designates 209.85.211.143 as permitted sender) client-ip=209.85.211.143;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of grbounce-CXXeHAUAAABT6iFcnV0tp2J8uwopwMrD=[name]=[mydomain]@googlegroups.com designates 209.85.211.143 as permitted sender) smtp.mail=grbounce-CXXeHAUAAABT6iFcnV0tp2J8uwopwMrD=[name]=[mydomain]@googlegroups.com; dkim=pass (test mode) header.i=@googlegroups.com
Received: by ywh7 with SMTP id 7so11775014ywh.23
for <[name]@[mydomain]>; Tue, 13 Oct 2009 05:44:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=beta;
h=domainkey-signature:received:received:x-sender:x-apparently-to
:received:received:received:received-spf:received
:x-smtpcom-spam-policy:x-smtpcom-sender-id:x-smtpcom-tracking-number
:mime-version:from:reply-to:to:subject:content-type
:content-transfer-encoding:x-mailer:date:message-id:sender
:precedence:x-google-loop:mailing-list:list-id:list-post:list-help
:list-unsubscribe:x-beenthere-env:x-beenthere;
bh=v/3cjxr9yNnnn8YzYMWt3Zb3yFtZ6fg/QPjQ6F00xzU=;
b=f8zONo+Nd2OiMZboovaizKOIB3KdTwU639muyNz845TznnqnCLIFSbJBB8X9/tVaSP
SJXpcLquG3LMNCzwhNlwtxheFIo1gPaAqrBkoehXE5H6eVLh/lOUMazqBTVWITP+RN0p
QYspurQzDOcCZyOyToKh14c+5t9Y8jzYfDPS8=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=googlegroups.com; s=beta;
h=x-sender:x-apparently-to:received-spf:authentication-results
:x-smtpcom-spam-policy:x-smtpcom-sender-id:x-smtpcom-tracking-number
:mime-version:from:reply-to:to:subject:content-type
:content-transfer-encoding:x-mailer:date:message-id:sender
:precedence:x-google-loop:mailing-list:list-id:list-post:list-help
:list-unsubscribe:x-beenthere-env:x-beenthere;
b=OdKVMgfgp0pSRBItb7s3AarQySGe3257BGdagGxmJ32sNCqC0EX3btfyBksKm3CKzB
+5rU+D4gFe8kxK7g3JvgJ3JHoimWFXHOL2c47ftI9iHPwjsHErQysprNE05keLcSovWo
NXkulIIxbH0hk9X4T6okRCjxYagz2g09IJpzQ=
Received: by 10.224.124.213 with SMTP id v21mr334295qar.44.1255437890651;
Tue, 13 Oct 2009 05:44:50 -0700 (PDT)
Received: by 10.176.233.14 with SMTP id f14gr43027yqh.0;
Tue, 13 Oct 2009 05:44:41 -0700 (PDT)
X-Sender: [name]@[mydomain]
X-Apparently-To: dotnetdevelopment@googlegroups.com
Received: by 10.224.95.213 with SMTP id e21mr1582186qan.0.1255437857334; Tue, 13 Oct 2009 05:44:17 -0700 (PDT)
Received: by 10.224.95.213 with SMTP id e21mr1582185qan.0.1255437857289; Tue, 13 Oct 2009 05:44:17 -0700 (PDT)
Return-Path: <[name]@[mydomain]>
Received: from node67-rs.smtp.com (node67-rs.smtp.com [74.205.51.67]) by gmr-mx.google.com with ESMTP id 18si409687ywh.13.2009.10.13.05.44.17; Tue, 13 Oct 2009 05:44:17 -0700 (PDT)
Received-SPF: neutral (google.com: 74.205.51.67 is neither permitted nor denied by best guess record for domain of [name]@[mydomain]) client-ip=74.205.51.67;
Received: from 41.248.202.187 (unknown [41.248.202.187]) by node67-rs.smtp.com (Postfix) with ESMTPA id D31FA2B0529 for
X-SMTPCOM-Spam-Policy: node67-rs.smtp.com is a paid relay service. We do not tolerate UCE of any kind. Please report it ASAP to abuse@smtp.com
X-SMTPCOM-Sender-ID: 2367
X-SMTPCOM-Tracking-Number: 71882385
MIME-Version: 1.0
From: "Forum" <[name]@[mydomain]>
Reply-To: dotnetdevelopment@googlegroups.com
To: dotnetdevelopment@googlegroups.com
Subject: [DotNetDevelopment] How To Unlock Locked iPod
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: SendBlaster.1.6.2
Date: Tue, 13 Oct 2009 12:44:09 +0200
Message-ID: <386066006496256206824@sweet-a0aa22526>
Sender: dotnetdevelopment@googlegroups.com
Precedence: bulk
X-Google-Loop: groups
Mailing-List: list dotnetdevelopment@googlegroups.com;
contact dotnetdevelopment+owner@googlegroups.com
List-Id:
List-Post:
List-Help:
List-Unsubscribe:
X-BeenThere-Env: dotnetdevelopment@googlegroups.com
X-BeenThere: dotnetdevelopment@googlegroups.com
Friday, September 25
Bambibot: Evolution
Wow, twammers. I'm almost impressed. Nearly a 1:1 following:followed ratio, and some 1700+ followers at that. Believable Twitter updates, AND a blog backing the profile! Though bad grammar, capitalization and syntax are found throughout the text, it's sadly believable as the product of a child of the SMS generation.
Of course, turning to the blog, it's a spamblog/link farm. The supposed owner of the blog's pictures link to an adult dating site. And yet again, the screen name, "MichelleLoli," doesn't exactly match the alleged actual name, "Stefi Tossie."
Here's an account I followed for a while, where the person/people behind the account actually seem to interact with the other people the account follows. No actual conversations, but occasional, relevant, one-liner @ replies to something you said. Maybe the woman behind it really does Tweet, and she's just a really busy pornstar/dominatrix ... or maybe it's a half-hearted effort to pump traffic to the pornstar's site by some cheapo marketing firm or seospammers. Bambibot, or no?
Of course, turning to the blog, it's a spamblog/link farm. The supposed owner of the blog's pictures link to an adult dating site. And yet again, the screen name, "MichelleLoli," doesn't exactly match the alleged actual name, "Stefi Tossie."
Here's an account I followed for a while, where the person/people behind the account actually seem to interact with the other people the account follows. No actual conversations, but occasional, relevant, one-liner @ replies to something you said. Maybe the woman behind it really does Tweet, and she's just a really busy pornstar/dominatrix ... or maybe it's a half-hearted effort to pump traffic to the pornstar's site by some cheapo marketing firm or seospammers. Bambibot, or no?
Thursday, September 3
New Twist on Twam
Noticing a scary twitterspam trend these past couple weeks: bambibots and other spambots on Twitter are getting a lot more subtle. A few months back, you saw them spewing out random bits of text obviously taken from other sources, but those bits were often fragments, and the following:followed ratio was hundreds:1 or worse. Account names were still pretty obviously simple enumerations or iterations.
This week, I'm seeing spambot accounts with reasonable following ratios, believable names, and bits of text that would almost make sense as entire thoughts or sentences, if you didn't understand that a word like "uni" for "school" or "college" wouldn't be used by a girl in Louisiana, particularly not in the middle of August.
Big giveaway: name reads "Kayla," Ms. 'Claire.' Ooops!
The linkspam volume has died down. You could almost believe it's a real account, not just a broadcast mouthpiece for porn, SEO and MLM links.
One giveaway the nasty spammers seem to fail to be dealing with: the source parameter. Without an officially registered app, the source parameter describing the app that a tweet was sent from is going to be displayed as "From API." Not "From Web." Not "From Tweetdeck" or "From Seesmic" -- "From API."
With OAuth, there's no reason for legitimate users to be calling in over Basic Auth anymore -- no reason a legit user should be displaying "From API" -- certainly not with any regularity.
Developers: register your app, use the freely available OAuth libraries that are proliferating, and deal with the occasional OAuth downtime.
Thursday, August 13
The Bambibots Cometh
OK, so what exactly is the deal with bambibots? You know, that subset of spambots that haunt social networks, post a sexy photo and spew out lascivious crap like "I hate my [boy/girl]friend you need to cum f*ck me now www.obviouspornlink.com/ghg43p993p4" ???
Do people really click on this crap? I guess they must, because like the slew of email spam that clogs my pipes, someone puts an awful lot of effort into creating these spambots to drive these Bambi/Amber/Monik/Jezabelle/Irinia53530/so on and so forth accounts, and if there weren't a financial incentive, it simply wouldn't make sense. I wish there were a better way of blocking them.
A few weeks back I'd posted a suggestion on the Twitter development list about tunable anti-spam measures -- like the kind of utility that GMail gives you. Once I start blocking accounts, there ought to be some intelligent algorithms working behind the scenes to understand stuff like:
1. if someone is following hundreds or thousands and is followed by a handful, ignore,
2. if someone has had no conversational interaction with any other account, ignore,
3. if the "person's" photo is of them in a bikini, ignore,
4. if there's a link to any known porn site, off a list, or as recongized by other users, ignore!
5. if the words "SEO" or "empowerment" or "money" or "cash" or "prizes" or "smoke up my butt" is found anywhere on their page, IGNORE!!
I mean c'mon ... Twitter's made some strides in spam control, but they're far from where they need to be. I'm tried of waking to find my inbox filled with followspam. Aren't you?
Do people really click on this crap? I guess they must, because like the slew of email spam that clogs my pipes, someone puts an awful lot of effort into creating these spambots to drive these Bambi/Amber/Monik/Jezabelle/Irinia53530/so on and so forth accounts, and if there weren't a financial incentive, it simply wouldn't make sense. I wish there were a better way of blocking them.
A few weeks back I'd posted a suggestion on the Twitter development list about tunable anti-spam measures -- like the kind of utility that GMail gives you. Once I start blocking accounts, there ought to be some intelligent algorithms working behind the scenes to understand stuff like:
1. if someone is following hundreds or thousands and is followed by a handful, ignore,
2. if someone has had no conversational interaction with any other account, ignore,
3. if the "person's" photo is of them in a bikini, ignore,
4. if there's a link to any known porn site, off a list, or as recongized by other users, ignore!
5. if the words "SEO" or "empowerment" or "money" or "cash" or "prizes" or "smoke up my butt" is found anywhere on their page, IGNORE!!
I mean c'mon ... Twitter's made some strides in spam control, but they're far from where they need to be. I'm tried of waking to find my inbox filled with followspam. Aren't you?
Wednesday, August 12
Is GMail filtering spam Twitter account notifications?
This would be incredibly slick, and so totally Google, if true. Overnight some, but not all, Twitter notifications to my GMail account started going into the Spam folder, which has never happened before, not in the 2.5+ years I've been using Twitter. Each of the notifications that got marked as spam turned out to be for bambibot/spambot accounts with few or no followers, following a ton of people, sending out lots of spammy links.
That would be a pretty freaking cool process, if Google were in fact able to distinguish those accounts ... and if so, maybe they could/should share their algorithms with Twitter and help defeat these spammers at the source.
Edit: may have to scratch that GMail theory, I'm getting more spam follow notifications in my Inbox ...
That would be a pretty freaking cool process, if Google were in fact able to distinguish those accounts ... and if so, maybe they could/should share their algorithms with Twitter and help defeat these spammers at the source.
Edit: may have to scratch that GMail theory, I'm getting more spam follow notifications in my Inbox ...
Sunday, July 26
Most awesome Twitter tool I've seen in a long time - TrueTwit
An acquaintance from the NYTM mailing list, Elaine Lee, turned me on to the most useful, most effective anti-spam anti-autofollow bot tool I've ever seen to hit Twitter: TrueTwit.
This service detects new followers and sends them a DM on your behalf (yes, I generally despise auto DMs, but only when they're disingenuous/spammy) asking them to verify their human-ness via reCAPTCHA on the TrueTwit website.
Once the new follower has successfully solved the reCAPTCHA challenge, TrueTwit will email you a notification very similar to the basic Twitter new follower notification. (Which TrueTwit recommends you turn off -- the point IS to avoid noise, after all.) From there you can choose to view the user's profile, or ignore, as you wish.
TrueTwit reduces the amount of time you spend looking at profiles to determine whether or not someone is worth following by eliminating all the non-human accounts BAM! right off the bat. Two thumbs up! My aggravation and distraction levels just dipped a point or two.
Subscribe to:
Posts (Atom)