Wandering Thoughts archives

2007-09-29

The first rule of free email-based services

The first rule of free email-based services is simple:

Spammers will exploit any way of sending user-supplied text to random email addresses.

Let me repeat that: any way. Any way at all. Spammers are very ingenious, and it does not matter what you call the actual feature; if they can put in user-supplied text and then mail it off to people, they will use it to spam. Since it is 2007 and spam through free webmail providers is not exactly a surprising new development, if you create a feature that allows people to do this and do not give it very good spam protections, you are a moron (or worse).

(It also does not matter if you wrap the user-supplied text in some other text. If the spammers have enough room for even a brief advance fee fraud spam text, they will use it.)

The latest offender here is Google Calendar's 'send a calendar entry to some random email address' feature, but there have been others, including greeting cards ('hi I am sending you this greeting card in the name of MRS MARIAM ABACHA of Nigeria'), invitations to join mailing lists, and even Yahoo's similar feature with their free calendaring service.

(Google Calendar really irritates me, both because abuse@google.com blows you off with an autoresponder claim that no google.com machine emits spam (blatantly false in this case) and because it is probably too important to just block outright.)

spam/FirstFreemailRule written at 17:27:14;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.