Ever had to register to buy online - and been PELTED with SPAM?
Spam has been a fact of life, on a par with death and taxes, for many years now. To be blunt, spammers don’t particularly care about us. They don’t have any sense of reason or shame that we can appeal to, and they have no incentive to be accommodating. We’re not their customers. In fact they make their money from selling us, not …
This topic is closed for new posts.
and what's really annoying is that many of them won't accept a + in your email address. (For those who don't know, adding a "+company" to the first part of a gmail address is a good way to identify and block when your address gets passed on to third parties.)
The only way of getting around it with legitimate companies who think it is important to email you every week with an offer is to use a disposable address, collect the receipt when it's sent, have the item delivered and them shut the email address down.
Simple enough.
+1
Completely agree - especially when the validation message appears says "This is not a valid email address"! Go and read the RFC on valid email addresses before making up your own rules as to what is and what isn't a valid address. It's not exactly hard to create a regexp or similar to validate an address.
So don't use the plus sign; gmail will do the same with other punctuation marks - period seems a good choice (ie myname.theircompany@)
Failing that, use a service like guerilla mail.
One reason I still maintain my yahoo account is those free disposable addresses, a real godsend.
Fortunately I own my own domain, so any time I register with a company like Fred Bloggs and co. I put my e-mail address down as fred.bloggs.co.uk@mydomain which means that I can always tell where someone got my e-mail address from and then create a custom filter to file their stuff straight into the junk mail folder :-)
I do the same, and these customised to each company email addresses give you a nice big fat stick to hit them with when they, inevitably, deny either selling or giving away your email address or having pathetic security.
@Graham Marsden
very similar to what I do plus my ISP allows me to add filters so that I can reject email from those idiots who sell my email address on to somebody else so that I never see them arrive.
I ALWAYS click the "no email" contact on all websites and it's interesting to see which ones flagrantly disregard this.
A few years ago I woke up one morning to an avalanche of spam to the email address I'd used on compare the market.com and not for their services either. They've been added to my filter list ever since and have never had my business again.
(gocompare don't get my business either, but that's because of that f**king annoying opera singer - the first time I heard the advert I said I wouldn't use them until they dropped it)
10 minute mail
Someone mentioned this a few months back, damn handy site.
Free oneshot email addresses
http://10minutemail.com/10MinuteMail/
Re: +1
I had to update an email validation regex recently to avoid being unfair to a Mr O'Reilly and his apostrophe. Well at least he volunteered to use the test version to help test it before the main one went live, and told me about the bug so I could fix it. And that system has been in use every year for the last 8.
I have my own domain and run my own mail server. I achieve the same thing using a wildcard alias system ;)
> these customised to each company email addresses give you a nice big fat stick to hit them with
Sadly they don't always believe you. The publishers of Avast! refused to accept responsibility when I started getting spam using the address I'd given for registration. They claimed it was probably a trojan on my system or else the email had been intercepted.
Clearly a security company that knows what it's doing. Not :-/
Re: @Graham Marsden
you haven't been watching the ads lately... gocompare not only 'dropped' the singer, but made a whole new range a few months ago, of various 'stars' getting various types of 'revenge' on him... keeps it amusing at least..
BTW, you do *know* that they DO NOT SELL insurance??? the hint is in their name.... :/
Same here, one advantage of owning a domain is the infinite supply of email addresses, so I can use throwaway ones for most places, and unique ones for places I might buy from again. It's also interesting to see which ones 'leak' and start attracting generic spam.
Re: @Graham Marsden
I'm glad you explained. For the past few weeks I've been perplexed by an ad that starts with some bloke* failing to switch on Christmas lights, then cuts to the opera singer being tortured. I couldn't work out how that was supposed to generate electricity.
* The context suggests that I should know who some bloke is, but I've no idea. This adds to my perplexity.
@Peter Hoare
As it turns out, you are quite, quite wrong in your assertion that it is trivial to validate an email address with a regular expression. The regex to validate a RFC2822 compliant email address is as follows:
(?:[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*|"(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21\x23-\x5b\x5d-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])*")@(?:(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?|\[(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?|[a-z0-9-]*[a-z0-9]:(?:[\x01-\x08\x0b\x0c\x0e-\x1f\x21-\x5a\x53-\x7f]|\\[\x01-\x09\x0b\x0c\x0e-\x7f])+)\])
@Loyal Commenter
Much easier if your language of choice has a library function for it in PHP it's:
filter_var($email, FILTER_VALIDATE_EMAIL)
Re: @Graham Marsden
Go Elsewhere
Go Elsewhere
If you find this ad is annoying then Go Elsewhere
And you'll thank your stars that you went to Go Elsewhere
Re: @Peter Hoare
See easy - how much easier can you get than "someone else has already done it"?
Re: +1
It's extra-ordinarily difficult to create a valid email regex see http://www.ex-parrot.com/pdw/Mail-RFC822-Address.html
And when you do it's totally useless because to allow all the bizarre edge cases you end up having to allow so many genuine mistakes that there is no point.. "Abc\@def"@abc.com is valid
Re: @Graham Marsden
Go Compare always gets hated why? I find that the animated girl on those confused com ads are far more annoying.
Thumbs up if you agree.
@Graham Marsden
Yep, I do the theirname@mydomain thing too. It's always fun to catch a genuine evil spammer or unscrupulous etailer who has sold on your details without asking, as opposed to the (relatively) innocent marketing spam from which you can unsubscribe. Funnily enough, whenever the former has happened and I've received some real lowlife spam to a unique address, the companies concerned have always claimed it was a malware-infected email server.
Another problem is people harvesting your paypal address. There's not much you can do about that since it pretty much needs to be static unless you're prepared to change it periodically. I get around that by having all emails which come in to my paypal address (apart from the ones coming from paypal itself) dumped in a folder of their own, from which messages over a month old are automagically purged. Each sender gets a one-time auto-response containing a generic "transaction acknowledged" message and warning that I am unlikely ever to read their email.
I also have my own domains, some I've had since 1998. I use a webhost that has greylisting. With greylisting any email from an invalid SMTP server gets deleted.
I also run MailWasher Pro 6.5.4 (the later versions are crap) which allows whitelists, blacklists, and custom filters. Best choice I ever made.
All in all, my spam has dropped from 500 a day to 30.
In other news, charities can be the worst. Ten years ago I donated to a disabled veterans charity, using a different middle initial and mispelled my last name (I refused to hand over my email). Soon I was getting flooded with phone calls, letters in the mail from cancer, children's, animal, indian, etc charities. Got worse with each year and didn't stop until I moved to another state.
Add in a password tracker like LastPass. Records all these hundreds of email addresses and generates and stores unique, complex passwords for each one.
I have my own domain and always use a customised address for each company. I also always click the do not share my email address tickbox in the vain hope that companies might actually honour it. The worst offender I have ever dealt with is Thomson Fly. I once flew with them about 9 years ago and have since received a huge amount of unrelated crap addressed to tfly@ my domain. If I still lived in the UK I might consider a complaint to the data protection registrar, but a kill filter is a simpler option.
Re: @Graham Marsden
One of my favorite tricks to use in conjunction with some.company@mydomain is to scan the incoming address to check if it is actually coming from 'some company' and if it doesn't I automatically redirect it to something like customersupport@some.company. I've gotten some very cross emails but I almost never get spam on some.company.3@mydomain unless they run to their admin who sets up a filter on that end.
Re: @Peter Hoare
Does that work on Unicodized email addresses such as
მზია_კვირიკაშვილი@rustavi2.com
??
@ ScottK
...that's if they even provide "do not contact" and/or "do not sell my details" tickboxes. SMBs are terrible for just harvesting (especially when you pay with PayPal) and expecting you to be ok with it. I've had some real idiots who refuse to acknowledge that people might get pissed off at that kind of behaviour. Even had one try to tell me her email wasn't spam ("because my shop actually exists").
Re: @Graham Marsden
@illiad - someone who actually watches adverts rather than fast forwards - God forbid
Re:Go and die
Had an old recording on TV yesterday, someone forgot to skip the adverts, I had to run across the room, (next room to TV) and I nearly kicked in my TV to shut it up.
Power switch was first thing to hand, I know I shouldn't do but it does have a 5 year warantee.
BTW they are on my permanent shit list along with 4 or 5 other companies.
Re: @illiad
Clearly you've not watched the ads lately as that annoying f**cking opera singer is very much on them and still singing (Stephen Hawking black hole ad...).
Plus I never said that they sold insurance - clearly you never read posts correctly either.
> I achieve the same thing using a wildcard alias system ;)
I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated. That makes dictionary attacks painful to you and valuable to the spammer.
Far more effective IMO is to use an aliases file - allocate a fresh email address every time you give one out. If one gets abused, stub it out with a comment that it was abused. that way, the spam stops, and you've got a record of the abuse should you ever be tempted to deal with that company again.
Vic.
At least give them a bad rating...
on Web Of Trust so the rest of us will know we don't want to do business with them. I will go out of my way to avoid a business with even a yellow rating, as spam is usually the problem with registering at that site. WOT is the most effective way we have to get even with these shoddy bunch!
stop advertising your defenses
Dude, could you please stop advertising this defense method? The only reason it works is because it's not popular. Two lines of code and the spamers can bypass this safety. The longer we can ride this train empty the farther we go. Yes I'm being selfish, but this is a war and I'm OK with not making my bunker a bigger target. Please...
> I really wouldn't recommend that. Wildcards mean you accept email for addresses that you've never allocated
No it's not quite like that. The wildcard has a specific format so it won't match just anything - there has to be a certain substring present. If you send an email to 'anyoldcrap@mydomain' it'll go straight in the bit bucket. Indeed I get several dozen attempts from spammers along those lines every day. It's basically the same set up as using '+' - you need to know the basic rule :)
I don't think the risk from exposing my strategy is very high. The spammers would still need to work out the substring I use and I can easily use a different one. Because it's a multi-part name it makes a dictionary attack far harder. I think one of them might actually have guessed the substring a few years ago. At least I started getting spam to it and I only ever used it for reminders. However they haven't twigged that it is substring so it doesn't matter much. I just blacklisted it.
If they twig how the wildcard works I'll just add a second substring. Or maybe a third. I bet it'd take a while for (example only) abc.321.zmd.<whatever> to be compromised :)
I send it back to them
I've got my own domain, so when I have to sign up in this way the email address I use is company-name@mydomain.com
If I start getting a load of spam then I just create a mail forwarding rule on my domain and point that address back at the contact email address for the relevant company.
They don't even spam well
For those of us who mostly try to avoid HTML emails, 80% of the 'proper' companies won't include plain text, or worse only put their message in some image that would have to be downloaded. Sorry. I can't read what you're saying...
Re: They don't even spam well
The main reason that online images are used is that the sender can track when you have read the email.
Re: They don't even spam well
Unless you're in my whitelist, an attempt to send me email with an HTML part will result in it being bounced. This also takes care of an amazing amount of spam. HTML email is a security hazard, anyway.
Re: They don't even spam well
the sender can track when you have read the email
Only if you're dumb enough to let your email reader download images by default.
Re: They don't even spam well
" Only if you're dumb enough to let your email reader download images by default."
In most cases, you cannot "read" these emails without downloading the images. Which means if you don't allow the images, you are not their target audience.
Re: They don't even spam well
Canada Post online tracking "works" that way but with the wrinkle that the headers for a plain text version are present but no plain text.
Thus if your email client is set up not to render HTML, you are s.o.l.
OTOH, given the extraordinary slowness of Canada Post and their unreliability (small parcels go missing with no trace), you couldn't really expect anything else.
Re: They don't even spam well
"the sender can track when you have read the email"
And they seem to get quite distressed when you turn off image download and they can't. BT, British Gas and a whole load more dont seem to get that it is actually possible to open and read their mail without them knowing about it, and in some cases actually send more crap asking why you aren't reading their "newsletters". No wonder people think they're creepy.
Or click anywhere on the email...
if the images and links are not blocked. Actually I never touch anywhere on an unsolicited email. Hotmail eventually catches up to their shenanigans and blocks them all!
Re: They don't even spam well
Better still, just blackhole it, and log the sender for weekly analysis, just in case it might have been important.
Even worse; trying to change email...
Several of the stores I shop at still send me offers on my old address, and trying to remove it from the mailing list fails as it's no longer associated with an account...
(Yes, they also send me offers on my new address... )
Re: Even worse; trying to change email...
One way to fix that is to forward all emails to the old address from that organisation to their abuse address. I find they stop when they tire of abusing themselves.
Re: Even worse; trying to change email...
I try to unsubscribe once if I know it is a store I signed up with and if that fails their IP gets moved to my mail server's black list with an SMTP error message explaining exactly why I added the block.
Life is so much less annoying that way.
Disposable
Trashmail.net and it's firefox plugin does it for me.
This topic is closed for new posts.
