My unique FlashKit e-mail address got Spammed

[phantomflanflinger]

I have a unique e-mail address for my Flashkit account and today a Spam got sent to it. It's never happened before as far as I know.

I know this thread may have existed before, but here it is again.

Details:

Received: from ns.km11303.exportal.pl (HELO mk-smarthost-3.mail.uk.tiscali.com) ([62.141.56.157])
by mk-smarthost-2.mail.uk.tiscali.com with ESMTP; 07 Nov 2006 07:05:48

To: "FTA57" <viewsat@yahoo.com>
From: "Fta Membership" <viewsat@yahoo.com>
Subject: Re:Get Dish TV On Fta hardware software
Date: Tue, 7 Nov 2006 02:04:51 -0500

For all your free-to-air satellite receivers and accessories. We have the best prices,services, So if you need what it takes to get amazing fta satellite tv then come get your Satellite.

Regards,

http://www.ptvp.info

FTA Superstore Information Group

[gerbick]

Your to and from fields are the same - I hope that's only to mask your real address.

However, this sounds like spam I just received on a "closed" account that I use for personal use only that's an unpublished account.

Look at the long headers. You'll more than likely find that you were targeted by a bot that sent out blind e-mails to plain word combinations and wasn't sent directly to you.

It happens.

And for me, it was even stranger... the e-mail addy I have isn't even a dictionary word - it's a complex (alphanumeric and special character combination) address.

[phantomflanflinger]

No gerbick, I just pasted in what was there. My Flashkit address wasn't in the to or cc fields, but it was in the headers.

My real address is flashkit@ (my details) here are the headers:

smarthost-2.mail.uk.tiscali.com [212.74.114.38])
by mail.(some ISP details) (8.13.8/8.13.8) with ESMTP id kA775qq5024371
for <flashkit@(my details)>; Tue, 7 Nov 2006 00:05:54 -0700

So, someone got my address from_here.

[Planet]

We do not share email addresses with anyone. I'm not sure how this could have happened on our end but I will look into it and get back to you.

[JPnyc]

Spammers use progams, as already mentioned, that just randomly combine letters/numbers into literally billions of combinations, and send them out hoping to hit on one. I get spam on emails I've never used to join ANYTHING.

[phantomflanflinger]

The personal non-work mailbox I use for Flashkit actually has a wildcard (catch-all) on it. You'd think that means I get loads of Spam, but I get none - except - the one message detailed above, sent to flashkit@(my details.net) The chance of "flashkit" being chosen at random is negligible.

I'm not saying the admins/mods/owners gave my address away, I'm saying someone stole it. I'm not kidding or trying to cause trouble here.

[Planet]

I'm not kidding or trying to cause trouble here.

I dont think anyone is suggesting that. It could be an old problem on our end from years ago depending on the age of this email address. We're looking into the issue to make sure that its not a new issue.

edit... also, this thread in regards to what is probably the same issue and eludes to what I said about the age of the email address.

[JPnyc]

I don't see how, unless you posted it at some point. User profiles are not viewable by unregistered users, which means bots can't see it, and the email is hidden from even those who can view it. I don't see how it can be stolen.

[phantomflanflinger]

I couldn't find that thread when I searched: I'd have posted there.

Yes, it's FTA again, the same bunch Spamming again. They must have tracked the e-mails being sent to users from your server. I dunno how.

They may have collected my e-mail address a long time ago, but it has never been shown publicly on Flashkit.

[Planet]

Just a heads-up, we're still looking into this. Our security folks are researching your email address to see if and how it may have gotten out. I'll keep you posted.

[phantomflanflinger]

Thanks. I can't be the only one either.

[phantomflanflinger]

Got another today:

Envelope-to: {email}MYEMAILADDRESS{/email}
Delivery-date: Sat, 06 Jan 2007 04:33:47 +0000
Received: from ptb-mxcore02.MYISP.net ({IP_ADDRESS})
by fhw-sunmxcore07.MYISP.net with esmtp (MYISP MXCore v2.00) id 1H33Fb-0004OV-7s
for {email}MYEMAILADDRESS{/email};
Sat, 06 Jan 2007 04:33:47 +0000
Received: from mail.MYISP.net ({IP_ADDRESS})
by ptb-mxcore02.MYISP.net with esmtp (MYISP MXCore v2.00) id 1H33Fa-0006Pb-IR
for {email}MYEMAILADDRESS{/email}; Sat, 06 Jan 2007 04:33:46 +0000
Received: (from root@localhost)
by mail.MYISP.net (8.13.8/8.13.8) id l064XiCp058483
for {email}MYEMAILADDRESS{/email}; Fri, 5 Jan 2007 21:33:44 -0700 (MST)
Received: from gator145.hostgator.com (gator145.hostgator.com {IP_ADDRESS})
by mail.MYISP.net (8.13.8/8.13.8) with ESMTP id l064XhRN058452
for <
MY UNIQUE FLASHKIT E-MAIL ADDRESS
>; Fri, 5 Jan 2007 21:33:44 -0700 (MST)
Received: from {IP_ADDRESS} (port=1377 helo=km11303)
by gator145.hostgator.com with esmtpa (Exim 4.63)
(envelope-from <ellsion@clickdishtv.com>)
id 1H33A2-0001l5-M1; Fri, 05 Jan 2007 22:28:03 -0600
Message-ID: <380-220071664272921@km11303>
To: "SuperTester" <ellsion@clickdishtv.com>
Errors-to: {email}ellsion@clickdishtv.info{/email}
From: "Free-To-Air TV" <ellsion@clickdishtv.com>
Subject: Re: Satellite Support Free TV Dish/Bev FTA
Date: Fri, 5 Jan 2007 23:27:29 -0500
MIME-Version: 1.0
Content-type: text/plain; charset=windows-1252
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - gator145.hostgator.com
X-AntiAbuse: Original Domain - MYDOMAIN.MYISP.net
X-AntiAbuse: Originator/Caller UID/GID - {47 12} / {47 12}
X-AntiAbuse: Sender Address Domain - clickdishtv.com
X-Source:
X-Source-Args:
X-Source-Dir:
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from quoted-printable to 8bit by mail.MYISP.net id l064XhRN058452

-----Original Message-----
From: Free-To-Air TV {mailto:ellsion@clickdishtv.com}
Sent: 06 January 2007 04:27
To: SuperTester
Subject: Re: Satellite Support Free TV Dish/Bev FTA

Welcome Satellite FTA Testers PPV/MOVIES/SPORTS/XXX/LOCAL CHANNELING and much much more

{url}http://www.dishiptv.com{/url}

FREE TO AIR SATELLITE TV OVER 900 CHANNELS +++ GUARANTEED

Get your FTA Hardware Software and related fixes faster than ever. We offer shipping worldwide and also have the best Free To Air units on the market. Our scripts have a remarkable uptime and flawless scripting errors so you can enjoy your TV and longterm programming. Live Help Toll Free Assistance and a Private Forum all in a once stop shop. Become part of our team today and get your holiday bonuses while they last.


NB I have elided my personal details and changed [ to {. (duh!)

[JPnyc]

Why are you posting this here? Every email gets spam. If you want proof, create a new email, but do not use it. Not on a forum, not to send any email, not on an e-commerce site. The email will get spam.

[phantomflanflinger]

I'm sorry it's hard for you to understand.

As clearly stated above, my unique Flashkit address is a unique alias on a wildcard e-mail address. It's like this: flashkit@mywildcardemail.domain

absolutely_anything@mywildcardemail.domain would reach me. But these 2 Spams are the only 2 Spams I've received, both were sent to flashkit@mywildcardemail.domain I don't get any other Spam.

[gerbick]

Dude, flashkit is a library word, combo of library terms.

I set up a spam test a while back... thisisaspamtest @ mydomain.com actually and never used it.

It gets spam. I have another e-mail address, maggooglah @ mydomain.com and it's not received a thing. In fact, I did it to see how quickly spam harvesters and "guessers" would get a combination that would allow it to send mail to me blindly. Check out Security Focus and you'll see how people are just pumping out millions of e-mails daily to library words and combinations. 76azmk1 @ mydomain.com wouldn't probably get a thing.

Use non-library terms if you want to avoid spam mail. Seriously.

[phantomflanflinger]

So 'flashkit' is the one and only choice they made, out of millions of combinations, all of which would have also successfully got through?

[gerbick]

...I don't know how to explain it to you. I mean... Flash, kit... two library words.

Combining them together to hit a person... it's not that hard. Combining up to four library items, I've seen it. Bots don't care, they have time to string together stuff.

But non-library items/names - in fact, I set up a test when you originally posted this to see how long it could take - don't seem to be hit as much as library words. So... flashkitphantom @ mydomain.com might get hit faster than u8baeblz @ mydomain.com.

In fact, I created 5 e-mails and the two nonsensical e-mail addresses haven't been hit. The one with my real last name got hit. One with my username here got hit. And one with regular library terms in combination got hit. thisisaspamtest was the one that got hit.

Does that mean that's your problem? No.

It could be.

Trace the headers. It just could be a "good guess" situation you're all up in arms about. If it really affects you, kill that address, don't set up an e-mail with standard library terms in the address.

Have fun... spam harvesting is a lot more advanced than you'd think. Research it all out. It's what I get paid to do for some clients

[phantomflanflinger]

I am not up in arms but I do not like to be treated like an idiot. Not when I am trying to help you.

As far as I can tell, you are unable to understand one simple fact. I will try yet again to explain.

My Flashkit e-mail address is a wildcard e-mail address, which forwards to my main e-mail address. Or, to put it another way, my Flashkit e-mail address is a catch-all e-mail address, which forwards to my main e-mail address.

If you sent an e-mail to:
349058@mywildcardemail.net it would forward to my main e-mail address.
anything@mywildcardemail.net it would forward to my main e-mail address.
flashkit@mywildcardemail.net it would forward to my main e-mail address.

But both these spams were sent to flashkit@mywildcardemail.net and both were then forwarded to my main e-mail address. Anything_before the_@ would forward.

These are the only two Spams I've had via the forwarder. I expected more when I set this forwarder up - it's a catch-all, Spammers "can't miss". But this is all I've had.

[gerbick]

Who is treating you like an idiot? Quote it. I'm not seeing it at all.

I just said what I said and you came back with "I want to know how it happened?" (basically) so I went deeper with my explanation and even checked it out myself with an experiment. And you seem to be the only person having this problem... helping two admins and a supermod (??), we're helping you realize that this is a problem, it's acknowledged, but yet the problem starts with how you used library items for an e-mail. Do you know how easy it is to guess library word items? Like I suggested before, do a little research. Bots are getting smarter by the second; literally.

I know this is real. But if it's an e-mail you created just for Flashkit, I'm quite sure changing it to a non-library item is not that much of a problem. In the past year, I've changed my e-mail here twice... now to a non-library e-mail addy, no bad mail yet.

Anyway, dunno what to tell you. I know that nobody in this thread has treated you like an idiot though. Not one bit.

Spam is a huge problem. And still... using library items in combination will invariably mean that you will get hit. Catch all or not. And I'm saying that I have to agree with the admins... it was not spawned by Flashkit. I don't get anything from this site and I've been here for over 6 years.

And wanna see "up in arms"? Let me get something from this site I didn't ask for. I'm liable to be on CNN. I hate spam mail too.

Dunno dude. Like I said... change your flashkit e-mail to something that's non-library and more nonsensical.

[mesmerize]

gerbick,

you keep mentioning your point about how robots can use library terms to 'eventually' hit your address. He's already said that can not be possible but again (even in the last post) you mentioned it.

In his case the library terms could not have been used or he would have hundred of these emails, as he's set up to catch all emails sent to *@phantomflanflinger.tiscali.co.uk The robot in question has to have his direct address from somewhere to show the value flashkit@phantomflanflinger.tiscali.co.uk

I think what's annoying him, is that you keep going on that he shouldn't worry about it, as spam bots can hit you even with 4 library terms, but in this case it is not possible.

So what remains is where did they get it from and he's assuming your database as that's the only place he has used it.

I hope that puts an end to your circular discussion.
:-)

phantomflanflinger,

MORE IMPORTANTLY:
Could your email getting out have anything to do with this crazy idea you had, back then:
http://board.flashkit.com/board/show...07#post2053807

Ha ha, sorry I had to laugh when I found this.
I'm sure you'll laugh when you see it.
If it is anything to do with this, your lucky you've only had 2 spams since then. I get 14 a day average.

Best regards,
David