As an experiment, I changed my LDD public profile to include an email address a while back (29 April to be precise or a little under two months ago).
As I now seem to post here often, I thought it both helpful and proper to make myself accessible to other members of the Lotus user community. Indeed a number of fellow users have taken up the opportunity of brief, private exchanges of emails to mutual benefit (you know who you are).
However, for safety, I did not use my real email address in my LDD profile. I used a tagged one. Never posted or used anywhere else. Just here.
And this morning I have… Spam. To my LDD tagged address.
It gets worse.
The spam contains the following footer text:
“We are strongly against sending unsolicited emails to those who do not wish to receive our special mailings. You have opted in to one or more of our affiliate sites requesting to be notified of any special offers we may run from time to time [my emphasis]. We also have attained the services of an independent 3rd party to overlook list management and removal services. This is NOT unsolicited email. If you do not wish to receive further mailings, please email to to be removed from the list. Please accept our apologies if you have been sent this email in error. We honor all removal requests.”
“Opted in”? “Affiliate sites”? This just a huge big black (blacker than your black hat) LIE!
See Rules of spam; Rule #1: Spammers lie. Sharp’s Corollary: Spammers attempt to re-define “spamming” as that which they do not do.
Strongly worded complaint on its way to perpetrator whom I have chosen not to name here. Yet.
And I will continue to accept email at my LDD tagged address for now (to help spread peace and enlightenment among my peers in the Notes community).
But if any more of you “business partners” start abusing it, I will redirect it to my spam trap and Dave Null will post it to news.admin.net-abuse.sightings. You’ll be keeping some interesting company over there…
Chris Linfoot
Subject: Well it had to happen…
Somewhat related … Some spam bots will search web pages for “mailto” links. If you print your “mailto” link using some JavaScript, it should prevent them from pulling the address from your web pages. Something like this:
Subject: Update
Seems like rule 3 is in full operation here too. Sent a complaint to postmaster@, abuse@ and unsubscribe@ in response to the original spam and it bounced with “554 - rejected for policy reasons”.
So I tried each address individually.
postmaster@ was OK
abuse@ bounced with 550 - no such user
unsubscribe@ bounced with 550 - no such user (yes folks, their advertised unsubscribe address does not exist!)
Sending the complaint to only postmaster@ gave the same 554 bounce - after the DATA phase of the SMTP conversation.
Sending any email to sales@ (the address the spammee was supposed to use to request more information) also resulted in a 554 bounce.
We have here a write only spam. They send it, but I can’t contact them for whatever reason (even to buy from them).
Subject: some light reading worth a chuckle: Cajun King O Spam
http://www.usatoday.com/tech/news/2003-06-24-spam_x.htm
Subject: RE: some light reading worth a chuckle: Cajun King O Spam
Been meaning to ask.
Are you the same File Save who used to be married to Edit Copy, the great niece of the infamous Help About?
[My name’s Smoketoomuch…]
Chris Linfoot
Subject: RE: some light reading worth a chuckle: Cajun King O Spam
actually no, I changed my name from Actions Delete because it caused me too many problems. And since I live in the south in the USA, I am actually married to my bigger sister File Close:-)
Idonotsmokeenough:-)
To other Southerners out there: The above is just a Joke, akin to “If a married Couple in get divorced, does it mean they are no longer brother and sister?”
Subject: *Better cut down a bit, then.
Subject: Well it had to happen…
Hey Chris
Spam, bane of our lives. May I ask I have seen you before refer to a “tagged address”. Could you explain what that exactly is, as I am curious.
On a related point, My Domino DNS Blacklist is running and providing a sterling sevice. spam is down by 98% I estimate, however some stuff still gets through.
I have attempted to block certain smtp mail servers, at a Domino level using the Inbound Connection Controls, I know cause the bulk of the 2% that gets through. However this doesn’t work.
Now I don’t have Verify Connecting hostname in DNS enabled as I have found it blocks too many valid servers, that are enabled for outbound smtp only, and so do not validate to DNS.
However I have Deny connections populated with the undesired addresses (both dns and IP). However they are not being blocked.
It doesn’t state anywhere you need Verify connectiong hostname enabled to use the deny field but as it doesn’t work I can only assume this is the case.
Do you know?
Paul Benwell
Subject: Tagged addresses…
This is very common practice among users who happen to control their own domain. I, for instance, have blah.com. All mail to blah.com goes to my server. Since I control the directory, I can set up any term I like for myself as an alias.
So my bank sends email to bank@blah.com. People on LDD send mail to LDD@blah.com. Paypal sends to paypal@blah.com.
That way, any given address is identified by its publication source. Makes it very easy to tell when someone’s leaking your email.
Subject: RE: Well it had to happen…
“May I ask I have seen you before refer to a “tagged address”. Could you explain what that exactly is, as I am curious.”
Nothing too mysterious. It is simply an address I have set up on my system here to accept mail, but which has only ever been publicly posted in one place, in this case LDD. I use tagged addresses when posting to news.admin.net-abuse.email too and these change on every day I post there (which is not every day), so when they get hit by spam I not only know where the spammer got them from, but approximately when too.
Tagged addresses are easily changed, discontinued or redirected to my spam trapping and reporting system.
“However I have Deny connections populated with the undesired addresses (both dns and IP). However they are not being blocked.”
As a general principal, it is better to block by IP than by resolved hostname as it is generally much easier for a spammer to change DNS than to move to a new address. It is also better to block whole networks (/16 or /24 CIDR blocks, also still sometimes known as class B or class C addresses). Thus if a spammer is using a /24 and you block the whole /24, not just a single address, then the next time he spams from any address in that block, regardless of rDNS name, his spam will be blocked.
To use IP addresses in “Deny connections from the following SMTP internet hostnames/IP addresses:”, you must use domain literal notation.
That is, you must use [192.168..], not simply 192.168.. (that is, enclose IP addresses, wildcarded as appropriate within square brackets). Multiple entries are delimited with ;
Then it ought to work.