Wandering Thoughts archives

2014-08-24

MySpamIsBoring

My spam is (mostly) boring

I've mentioned a couple of times that I'm doing an experiment with a sinkhole SMTP server to handle email for some old addresses of mine that have become nothing but spam. When I started the experiment, what I think I expected to find was a bunch of industrial spam operations, places that had my addresses firmly anchored in spam lists and were sending their 'legitimate' email to them on a persistent basis, and maybe some interesting spammer behavior otherwise.

While there has been some of this and there are a few persistent and sometimes very aggressive mailing list places trying to send me spam, almost all of what I get now is surprisingly boring. Specifically, most of what I get is now advance fee fraud with a bit of phish spam mixed in.

(Admittedly I blocked the aggressive sending places once I identified them as persistent repeat senders. When I already have enough samples of their spam, I don't particularly need more.)

This 'boring' spam comes from all over and has at best vague patterns to it. It's clear that there's a lot of people doing it, a lot of hosts being abused as senders, a great variety of origin addresses being forged onto the email, and the contents vary a lot at a mechanical level. But at the level of learning interesting things about spammer behavior there's no real variation, which is why I call it boring. Advance fee fraud spam is advance fee fraud spam; I don't think I've spotted anyone doing anything particularly ingenious, but then I haven't been paying much attention.

All of this kind of makes my sinkhole SMTP server a failed experiment. If I'm not going to get interesting spam there's very little point in running it at all, so I'm probably going to shut it down entirely soon and let all the spammers just have their email time out.

(I sometimes toy with running it with absolutely no restrictions for a limited time, say a week, and seeing what I collect in that week and how things break down and so on. But I'm not sure I have the energy for that particular experiment.)

MySpamIsBoring written at 00:59:37; Add Comment

2014-08-05

LinkedInUnsubEvil

Why LinkedIn's 'you must join to unsubscribe' is evil

Recently I got a '<X> would like to add you to their professional network' email message from LinkedIn (from what I'm certain is a spammer). I'm not a LinkedIn user, so in an excess of optimism I went to the 'unsubscribe' link in the email. And, well, let me quote my own Tweet summarizing things:

@thatcks: I see. To get LinkedIn to stop emailing me connection invitations, I have to actually join LinkedIn. That makes those emails clear spam.

Perhaps you think that this behavior on LinkedIn's part is relatively harmless and no big deal. After all, all I have to do is join, right?

There are two things that make this wrong and one thing that makes this actively evil. Let's cover the two things first. To start with, this is not actually an unsubscribe link. 'Unsubscribe' links that don't actually function are known by many names, including 'bait and switch'. They are never a friendly act; they demonstrate that the sender intends to throw obstacles in your way because they very much object to you unsubscribing and want to make it hard.

Beyond that, well, 'fool me once, shame on you; fool me twice, shame on me'. Why should I believe or trust that LinkedIn will let me actually (permanently) unsubscribe if I sign up? They've already lied once; I'm sure they can find a way to lie again, either now or in the future when it's convenient to them. As above, they've already demonstrated that they are not actually interested in letting people unsubscribe.

But all of that pales next to the actively evil bit: to sign up for LinkedIn, I must agree to their Terms of Service. It is absolutely guaranteed that LinkedIn's ToS contains objectionable things that no one in their right mind would agree to if they had a choice, because essentially all terms of service for large websites contain such terms. And it's all but certain that agreeing to their ToS is a binding legal agreement. Evil things in Terms of Service are usually excused with the rubric 'well, if you don't like them don't use the service, it's being offered for free'. Here I have no interest in using the service, I just want to unsubscribe. Effectively LinkedIn is giving me no choice; it is agree or suffer their continued spam.

Fundamentally what has happened here is that LinkedIn has turned unsubscribing from a right into a privilege, extended on LinkedIn's terms and at their whims. I do not have the 'right' to unsubscribe from LinkedIn's email, or they would have just done so with no fuss or muss. Instead I have only the privilege to ask to (maybe) be unsubscribed, under whatever terms LinkedIn feels free to dictate.

This is no genuine unsubscribe option. This is a sham, and I hope that recent Canadian legislation winds up seeing LinkedIn called on this.

(Yes, yes, as evil goes it is very small evil on the global scale of things.)

(3 comments.)
LinkedInUnsubEvil written at 22:24:05; Add Comment

(Previous month | Next month)
By day for August 2014: 5 24; before August; after August.

These are my WanderingThoughts
(About the blog)

Full index of entries
Recent comments

This is part of CSpace, and is written by ChrisSiebenmann.
Twitter: @thatcks

* * *

Categories: links, linux, programming, python, snark, solaris, spam, sysadmin, tech, unix, web

This is a DWiki.
GettingAround
(Help)

Search:
Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.