Jump to content


  • Posts

  • Joined

  • Last visited

MightyYar's Achievements


Member (2/6)



  1. Not only that, I don't think that there is any law against making a website that just spiders the web looking for email addresses. Using them for commercial spam is forbidden, but I don't think "just putting them on the web" would get you in trouble. Further, non-commercial emails might be just fine. I've already gotten a Ron Paul spam this election season... OTOH, I'm not a lawyer The law is strange, but the justice system is pretty straightforward. CAN-spam is fairly useless legislation, but the SpamHaus case went that way because the SpamHaus folks didn't show up to court! When a defendant has been sued but does not show up in civil court, the default judgment occurs - and the judge really doesn't have any choice in the matter. SpamHaus should have fought the case. They could still ignore the verdict if they had lost, and they'd be in no worse a position than they are now. If they had won, it would have deterred spammers from suing in the future.
  2. Of course, that whole clause is rendered much less effective by the "without the authorization of such person" bit. All AdKnowledge needs to do is have an "agreement" with an unscrupulous webmaster. If spamcop said "Thanks for the money, go ahead and scrape our forums," it would all be Kosher under CAN-spam. And I imagine the ground gets REAL shaky when a third party aggregates other web site data (with permission, of course), and then a spammer scrapes THAT site with permission. Let's put it this way: people have sued AdKnoledge under CAN-spam in the past and lost - even having to pay AdKnowledge's legal fees... so yeah, they are legal. See http://domainsmagazine.com/Domains_12/Domain_8438.shtml
  3. You can legally spam in the US, at least by the definition of most people on this board. You have to identify the email as an ad in the subject line, you have to provide an unsubscribe method, and you have to provide a real postal address. So.... the average "Viagra", stock, or porn spam is not legal in the US - but random stuff like AdKnowledge rewards probably is - they probably bought my email from a "partner", who in turn probably found live addresses at gmail through brute-force attacks. I very, very rarely sign up for anything using my gmail address, so it is unlikely that the address was obtained in some "legitimate" way, and I guarantee they aren't using any sort of double-opt-in techniques.
  4. Following up on my own post... I don't know if it was all of the SpamCop reports or the emails to the CEO, but the spam mails have stopped... for now! So I'll have to try the unsubscribe experiment another time...
  5. Somehow I missed your message, so sorry for the late reply. Yes, I was using two tabs - one for running the "resolved" addresses through and one for the actual spam. Lots of cutting and pasting Since that flurry that I had, I haven't had any more spams with tinyurl redirects, so I haven't emailed the deputies - but I will take your advice and do that if they start up again. Thanks!
  6. Okay, I will. But before I do that, I've been forwarding my spam emails from them to their CEO Scott Lynn. slynn[at]adknowledge.com I just want to make sure that he knows that I'm getting them so that he can stop worrying. I mean, he sends the same email over and over, so he must be concerned that I wasn't getting them.
  7. Want me to try it? If they keep spamming me, I might have to try to bite their ankles a bit. If not, I guess the source of my inspiration will dry up! Whataya think?
  8. Thanks for the reply - yeah, it would be very easy to filter. They never spoof their "from" address - it's always from the "adknowledgemailer3.com" domain. They even adhere to SPF! So I guess I'm more ideologically opposed to them than they are a nuisance. After all, I'm fairly certain that the emails would stop if I just unsubscribed!
  9. Well, in this case that would be GREAT. This outfit is based in the US and spamming after an opt-out request would violate CAN-spam. Look up "adknowledge can-spam" on google. These SOBs have been sued and have won more than one lawsuit - and they countersue for legal costs... and win. If they actually did violate CAN-spam, they could actually get nailed in court. But I doubt that they would do that Instead, I think that my email would in fact get cleared off of their lists. I would certainly test it before removing random folks. If I were to pursue this at all...
  10. Thanks, you make some good points. Yes, I'd hate to do this to people. This alone might keep me from doing anything. I thought of this. I would probably run my scri_pt from one of the many wireless hotspots around. It wouldn't be very high-bandwidth if I don't thread it too heavily, so I don't think anyone would really notice. I do have a dynamic IP. Yeah, I'd be afraid of the lawsuit angle, too. Again, I'd only run the scri_pt from a coffeehouse or public park where there is wireless. Unfortunately, this spammer is technically operating legally - or at least in a gray line. They have won a case in the past against someone accusing them of spamming under CANN-spam. I thought of an approach which would not end up getting "innocents" more spam... They have a link to unsubscribe. And the best part is, if you guess correctly at the uid, it fills in the form automatically. Sooooo, my scri_pt could just keep guessing until it sees the form filled in, then unsubscribe the found email automatically. This could also be used to "harvest" their email list, which is a bit surprising that they should have such a vulnerability. I might code up a scri_pt, even if I never use it - maybe it will be useful to someone else
  11. Well, my "idea" is a bit different than simply using their bandwidth - and I'm sure others have had the same idea, I just haven't seen it done. Basically, Adknowledge is a "legitimate" spammer in the eyes of their ISP, so complaints are pretty much wasted. I refuse to click on the "unsubscribe" link, though, since I never opted in. The last thing that I want to do is help them clean their list. Since they are "legitimate", they keep track of clicks for their customers. They do this by embedding strings in the url that let them know who clicked on the link, from what campaign, and from what mailing. This information helps them fine-tune their message to get more clicks and to get around spam filters - it also lets them tell their customers how well the campaign is going. I'm talking about screwing with this system by sending false information in the tracking urls. My hope is that I'd send enough junk information to them that they would be unable to track anything for real - at least until they play with their system a bit and figure out a way to fix it. But giving them a mild headache would be just peachy. Yeah, I use some of those sometimes, and knujon really does seem to work - though it could just be a coincidence. But again, I'm talking about a company who is a spammer but does not violate the CAN-spam Act. Somehow they got my address and now they are spamming it. I'm pretty sure that they got my address by brute-forcing my domain, but I can't be sure. I usually use spambob to sign up for things, so I'm pretty sure that it's not just a case of me being careless. They could also have gotten it by reading the address book of a friend somehow. Either way, it's unethical and I won't sanitize their list - I want to cause them trouble if possible.
  12. I get spam constantly from "Adknowledge Rewards". I'm NOT going to sanitize their filthy little list by clicking on the remove link at the bottom of the email, and submitting SpamCop reports seems to be pretty fruitless. But these emails are full of links like: hxxp://dyn.adknowledgeimager3.com/c?m=xxxxxxxxx&p=&l=1&u=xxxxxxxxx&lid=1&dn=somedomain.com&cgid=&si=4&im=1&cid=10688 I changed the tt in http to xx, and the other identifying numbers are replaced by xxxxxxxxx, except for the "cid" which seems to be "campaign id" and messing with that loads up different websites. Oh, and I replaced my domain with somedomain.com. I know this can only lead to trouble, but how much of a pain in their asses could I be by writing a scri_pt that just filled in random 9-digit numbers into the m and u fields and loaded up the pages? For extra points, I could follow any links that I encounter to screw with their ad clicks, but that might take too long. I know that "random" numbers wouldn't do enough damage, because my chances of hitting two correct 9-digit numbers is probably low. BUT, there are some trends. "u=xxxxxxxxx" is the same number every time, so I'm pretty sure that means "user". That one can probably be pretty random. The other is "m=" and I think that means "mailing". It's non-random. For instance, I've seen 599205843, 599102668, 599615233, 599455567, 597108543, etc. Seems to be sequential. I guess the main reason this wouldn't seem to work is that the "dn=" field seems to look for a domain that they no doubt use to check against the "u=" field. Maybe filling in "yahoo.com", "hotmail.com", "gmail.com" and other common domains would be good enough, though. I know this is a bad idea, but how bad is it?
  13. I run the un-obfuscated url through spamcop directly and cut-and-paste the contact email. D'oh! No, and I should have thought to do that!
  14. I know that this topic is old, but I have been getting a lot of tinyurl spam lately. Recently (or maybe not so recently?) they added an option that allows you to to a reverse lookup rather than just blindly following the link. The url to get the reverse lookup is: http://tinyurl.com/preview.php?num=xxxxx where the xxxxx represents the tinyurl link. It would be trivial to scrape the resulting page for this address, though I doubt that spamcop wants to get into the scraping business. For now, I resolve the url myself and manually add the host of the site to the "user" email field... is this a good idea?
  • Create New...