Spam coming from non-existant registered members?

[Jenifer Selwa Photography]

<p>I got this email tonight from the automated messenger for

photo.net:</p>

 

<p>"This is to alert you that photo.net has provided this email

address to another photo.net member, Jeff Garrison, whose email

address is (removed by moderator)."</p>

 

<p>This member is not listed in the photographer directory nor did a

Google search come up with anything valid. I have also been

receiving a ton of software spam in the last 48 hours. I run three

different spyware software programs almost every day. Is anyone else

getting messages from non-existant photo.net members requesting

their email address? </p>

 

<p>I also got another request for my email address the other day on

the automated system from a John Nelson (if it's the same guy), a

registered member since 1999, but is not an active participant in

the gallery, or forums. I have not received any known correspondence

from either of these individuals personally unless they are pulling

email addresses and selling them to third parties. Does anyone have

any thoughts or input into this suspicious situation?</p>

[bobatkins]

Mr Garrison joined us yesterday (July 21st 2004). His website (studylight.org) is a Christian/Bible site which appears to be based in Poland and he registed via an ISP in Poland.

 

Perhaps he just likes your work and will be in touch with you later. However should you get SPAM which appears to be related to this request for your email address, please let us know.

[Jenifer Selwa Photography]

Bob, I did check out the website before I posted my question and it looked legitimate. Why is his name not coming up? Is it because he is new in the system?

[bobatkins]

Maybe. It came up for me OK. I don't think I see stuff before anyone else, so try looking him up again.

[nikos]

The whole BLOODY POINT about having a software that passes us the emails of each other (while informing the address owner) is so that EMAIL ADDRESSES ARE NOT POSTED IN PLAINTEXT ON-SITE.

 

Why? So that we don't have to endure the spam that we would receive from such exposure.

 

And yet, even though you claim to be sensitive about spam YOU receive, you don't seem to have any second thoughts about posting another member's address in plain view on this page.

 

Think twice.

[bacsa]

I got two of these; one of them is a normal member, the other one is very recently registered, and his email address is not the one given by that e-mail I received, but still, he can be found back.

 

However I didn't notice an increase of spam after these two. I guess they are my secret fans:)

[pmj]

Since Jeff Garrison seems to have a legitimate account on photo.net, which can be looked-up just fine, I removed his e-mail address from the original posting.

[mottershead]

When a logged in photo.net member asks for your email address, we do the following:

 

1. Send the your address to the email address to the mailbox of the person making the request. Obviously the requestor's mailbox has to be valid or else he doesn't get the information.

 

2. We send the notice to you, including the email address to which we sent your email address.

 

If you can't find the person, in the photographer's directory, it is probably because the person is not a photographer on the site. You can also look him/her up in the community directory, (http://www.photo.net/community/directory). The person might be new. The person might have registered solely for the purpose of obtaining your address. That is probably not a spammer (commercial bulk emailer) but someone interested in communicating with you, specifically.

 

As Nikos, points out, it is a very bad idea ever to post your own email address on any web site if you don't want to receive spam. photo.net is visited daily by numerous robots and while most of these are benign search-engine robots, occasionally there spammers' address harvesters. We know for an absolute fact that email addresses that are "in the clear" on photo.net are harvested. There is no way for us to stop this; but we can try to prevent addresses from ever being in the clear.

 

And posting someone else's address on a website is a very unkind and irresponsible thing to do.

[Jenifer Selwa Photography]

Posting the email address publically was not a malicious intent by any means. I honestly thought I was getting hit by spam and was not aware of how much potential spammers were hitting photo.net. Next time I will be more respectful. Thank you for the explaination of the community member directory - I did not know it existed.

[digitmstr]

I have been a member for sometime (can't recall since when...;-P) but, I have never been spammed by anyone from or as a result of having joined the site.

[bobatkins]

Oops. I should have removed that email address myself. My only excuse is that it was 2am and I don't think straight after midnight!

[mottershead]

I changed the email address I have on the site about two months ago, and so far it has not been spammed, even though my name is all over the place on the site, and people are requesting it all the time. I know that it will eventually slip out, probably because someone will post it somewhere, or it will be in the address book of someone whose system is infected by a virus. But, so far, so good.

[bobatkins]

Does that mean that email sent to your old photo.net address gets dumped, or does it still get to you? Just wondering because I still have your old photo.net address in my address book and that's sometimes the address I use when I send mail to you! That could explain a few things....

 

This is a general question though, because I have the photo.net address of a number of members here in my address book. If they change their photo.net address (and of course there's no notification sent to me that they have done so), what happens to mail sent to the old address? Does it fall into a giant black hole?

 

I guess mail sent to the old address SHOULD be dumped, since that's the only way you can get out from under the SPAM if that address leaks out, but it also shows that maybe you shouldn't depend on photo.net addresses in your address book because they may change without notice and email sent to them may never be delivered and a "not deliverable" notice may not be returned.

[mottershead]

Bob, in my particular case, the mottershead at photo dot net mailbox still works, and in fact the address that I have associated with my photo.net account now gets forwarded to mottershead at photo.net (and then to my "real" mailbox). I sort it all out in my mail reader using filters, according to which address the message was sent to originally. This is how I know that the new address hasn't been getting any spam.

 

I still get some spam in the old address, but not all that much. It never did get much spam. I changed the address mainly as an experiment. I wanted to see how long the new address would remain completely clean after it became the one that people can retrieve for me on the site.

 

Unfortunately, all the official addresses like "webmaster@photo.net", and others that appear in the clear on the site get tons of spam. People are also doing dictionary attacks against photo.net email addresses. We had someone pick "dave at photo dot net" for his forwarding address, and he immediately started getting spam. I reckon anybody who picked "common name at photo net" would get spam in it pretty fast. "yourname at photo net" gets spam. That isn't even a real address, but it is used as an example in a few places, and was obviously harvested by some hopeful spammer.

 

And, it is clear that there are address-harvesting viruses out there which capture addresses that appear in mail. I recently changed the "From" address on all the alerts being sent from photo.net, and these have never appeared anywhere on the site, or any site so far as I know, and they aren't associated with any photo.net member account. But they end up being in the headers of the mail sent to a lot of systems. Within a few days of making the change, these addresses started to receive spam. For example, when somebody posts in the forums, the "instant" alert is from "bboard-alerts at photo.net". This address is getting spam. The other possibility is that spammers have registered on the site for alerts for the purpose of getting addresses of posters.

 

The concerning thing is that the poster's address is in the Reply-To of the alert so as to facilitate a private reply from the person receiving the alert to the poster. This may be a hole through which some addresses are leaking. I don't know how severe this is. My current address is clearly on many alerts as the "Reply-To", since I post a lot, and, as I said, it isn't getting spam after a couple of months. But "bboard-alerts at photo.net" got compromised somehow.

[digitmstr]

>>mottershead at photo dot net mailbox still works<<

 

Brian, I tired emailing you (and Bob on his hotmail address) and BOTH emails were returned as undeliverable.

 

BTW, if you (either of you) read this please, email me at your semi-earliest convenience as I have a piece of info that might be useful for PN which however, doesn't need to be discussed in the forum.

 

Thx,

 

Giampiero

[bobatkins]

I get SPAM sent to the editorial-plan at photo dot net account, which gets forwarded to me, so clearly there are indeed spambots around.

 

I have a couple of hotmail addresses that I use, and interestingly the one registered here gets less SPAM than the one that's not registered here. The registed one is my name with a digit added, the other one is just my name, so maybe that one is getting hit with more dictionary type attacks (all possible names at hotmail dot com).

 

There's really no way around this. If email addresses can be obtained, they will be obtained. I presume we have some sort of limit on how many email addresses can be requested by a user. For example if anyone requests more than 4 addresses per day, or more than 10 per week, it should raise a flag somewhere that says "take a look at this guy and see if anything odd is going on".

[mottershead]

We do have that, Bob. When someone reaches a certain number of requests in a day, I get notified by email of every request he makes from that point on (for that day). If he reaches a certain higher number in a day, he gets cut off automatically. If the site-wide number of requests reaches a certain number in a day, then the feature is disabled for everyone, automatically. These "certain numbers" are all fairly low.

 

We've only had one episode since I instituted this where someone was obviously using the Member Directory to harvest email addresses. A "marketing" company in California got a few dozen addresses by creating multiple accounts, before the site-wide cutoff was triggered. I've blocked all the IP addresses concerned, and lowered all the thresholds for cutting this feature off.

[jenna_g]

I've only been a member for a little over a week but before I posted an image or commented on a photo two guys requested my email address, one of which has not contributed anything (forum posts, critiques, or posted photos) and that kind of creeped me out. I have seen an increase of spam since joining this site but I can't say for sure it's one of these two people. I just found it odd that someone would request my email address before I contributed anything to this site. BTW neither of the two who requested my email address has contacted me unless they are indeed spammers.