• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

Curious About Spam Technique

Skeptical Greg

Agave Wine Connoisseur
Skeptical Greg
Joined
Jul 1, 2002
Messages
20,704
Location
Just past ' Resume Speed ' .
I'm just curious why a spammer goes to a lot of trouble.

I get tons ( 5 - 10 a day ) from sender that looks like this:

j9u3xl5hnwiq@cerdaline.info

They are for various consumer products, insurance , home improvement and the like.

The gibberish before the @ is always different, so it's pointless to just block the sender. I've tried to filter for the " cerdaline.info " but my spam filter doesn't seem to be managing that for some reason.

I'm not trying to get advice about a better spam filter, or ditching my e-mail provider.

I'm just curious for the sake of conversation, how a spammer manages to do this and why they go to the trouble.
 
Wudang said:
Sending emails is basically free and just the odd response is basically free money. Low probability of individual successes but multiplied by the number of emails sent.
Click to expand...
Send out a million spams and get one response. Success!

@ Greg. You could try blocking all emails from the .info domain. No one sensible really uses that. I'm getting a lot right now from .my, if anyone from Malaysia wants to contact me they should phone. ;)
 
Skeptical Greg said:
I'm just curious why a spammer goes to a lot of trouble.

I get tons ( 5 - 10 a day ) from sender that looks like this:

j9u3xl5hnwiq@cerdaline.info

They are for various consumer products, insurance , home improvement and the like.

The gibberish before the @ is always different, so it's pointless to just block the sender. I've tried to filter for the " cerdaline.info " but my spam filter doesn't seem to be managing that for some reason.

I'm not trying to get advice about a better spam filter, or ditching my e-mail provider.

I'm just curious for the sake of conversation, how a spammer manages to do this and why they go to the trouble.
Click to expand...
It's no trouble. Creating the email addresses and sending the emails is automated. It'd take me 20 minutes to bang out a simple script that could do this indefinitely.
 
Hard to advise without knowing how you read email but the sender's actual email address might be something different from what is displayed - yes I know that's very vague. For instance on mail.google.com you can "open in new window", click the "3 dots" more button and select "show original" to show various headers in a popup.
 
A couple days ago I got what I think is a phishing attempt claiming to be from xFinity/Comcast (cable company). I almost bit, but I noticed the links looked a bit wonky (something like" xFinity_xd"). Just because it says "xfinity" in the email address doesn't mean it's from them. More suspicious because it came to a side account only, and said I'd lose access after today (when I had no prior warnings.)
Always check those links and don't follow up on anything that has a weird TinyUrl link.
 
Also check your browser's address bar - most have a button of some sorts that will tell you if the site is verified and by who. This will help catch addresses that look valid but have, say, a Cyrillic character replacing a character in a url.
 
Once in awhile I won't get an email I expected to and check my spam folder and can't believe all the ridiculous BS in there. It's all or very nearly all very obvious spam, with very obvious fake or even nonsensical email addresses, titles, etc...my favorite is when they can't spell to save their life and/or put all kinds of cutesy little graphics in the title line. Do they think real businesses do that? Seems to me that if they put half the effort into finding/working at a real job they would probably make a lot more money.
 
Last edited:
bigred said:
Once in awhile I won't get an email I expected to and check my spam folder and can't believe all the ridiculous BS in there. It's all or very nearly all very obvious spam, with very obvious fake or even nonsensical email addresses, titles, etc...my favorite is when they can't spell to save their life and/or put all kinds of cutesy little graphics in the title line. Do they think real businesses do that? Seems to me that if they put half the effort into finding/working at a real job they would probably make a lot more money.
Click to expand...
Consider US literacy statistics.
 
I get that, but it's extremely rare for me to get a legit business/retail/etc email with such errors...you'd think they'd put a little effort into trying to look legit. Isn't that the point? It's almost like they're trying to do the opposite.
 
bigred said:
Once in awhile I won't get an email I expected to and check my spam folder and can't believe all the ridiculous BS in there. It's all or very nearly all very obvious spam, with very obvious fake or even nonsensical email addresses, titles, etc...my favorite is when they can't spell to save their life and/or put all kinds of cutesy little graphics in the title line. Do they think real businesses do that? Seems to me that if they put half the effort into finding/working at a real job they would probably make a lot more money.
Click to expand...
I believe that this is a deliberate tactic.

They don't want to deal with people who realise that they're being scammed half way through an expensive setup.

So, they make obvious errors that will put off anyone except those labouring under series mental deficiencies...

(Dementia, developmental disorder, acquired brain injury etc.)

In other words, they are scum and need to die in a fire.
 
bigred said:
I get that, but it's extremely rare for me to get a legit business/retail/etc email with such errors...you'd think they'd put a little effort into trying to look legit. Isn't that the point? It's almost like they're trying to do the opposite.
Click to expand...
They're trying to filter out critical thinkers who pay attention to such details. They don't want to waste time on marks that will see through the scam.
 
theprestige said:
It's no trouble. Creating the email addresses and sending the emails is automated. It'd take me 20 minutes to bang out a simple script that could do this indefinitely.
Click to expand...
Yes and no. You could try but you would probably find yourself blacklisted fairly quickly. If you're using your normal ISP to send the emails, it wouldn't be long before they will be having words with you. If you set up your own MTA, it'll get blacklisted pretty quickly.

However, the people who do this are well aware of the hoops and have strategies to get around them that do not cost much money relative to the return.
 
jeremyp said:
Yes and no. You could try but you would probably find yourself blacklisted fairly quickly.
Click to expand...
I'm saying it's no trouble to generate the emails and the arbitrary email "from" addresses to go with them. Sending them in bulk without getting caught is a separate problem. You made it sound like just creating random bogus "from" addresses was troublesome - perhaps even more trouble than it's worth to scammers. I'm saying that part is no trouble at all.

jeremyp said:
If you're using your normal ISP to send the emails, it wouldn't be long before they will be having words with you. If you set up your own MTA, it'll get blacklisted pretty quickly.

However, the people who do this are well aware of the hoops and have strategies to get around them that do not cost much money relative to the return.
Click to expand...
Exactly.
 
The vast majority are very obviously fake/ scams.

The most well done one I've seen was a scam email that is spoofed to look like it comes from your own account, with your email address and your avatar/icon picture, claiming to have gained access your account and computer, threatening to release personal info or porn viewing history, or Webcam footage they've secretly recorded if you don't give them crypto or something along those lines.

As others have mentored I know you can usually click on the ... or whatever to see the actual email address of the sender and is an easy way to see it's a fake. But if I recall correctly, they managed to fake that too so it still looked like it came from my address.

Fortunately them threatening to send a webcam recording when I don't even have a webcam gave it away. I was still concerned that someone could have gained access to my account but some googling said it was possible for scammers to do this and make it really look like it comes from your own account including the avatar/ icon. So I ignored it.

They sent a few such emails over the course of a week and I haven't seen it again since then and it's been a year or two. I have seen emails from the more obvious scammers with addresses like the ones mentioned by others in this thread that had basically the same body message as the ones that faked my address.
 
Last edited:
You must log in or register to reply here.

Similar threads

G
Robert Anton Wilson.
2
Replies
37
Views
4K
RonPrice
R

Back
Top Bottom