Software

General discussion

Locked

DO NOT Send To A Friend

By CaptBilly1Eye ·
<font size=3 color=blue><b>Clicking on <i>'Send To A Friend'</i> sends more than you expect!</b></font><br>
<font size=1>(Updated May. 24th, 2009)</font>

After weeks of testing (more on that later), I have proven a suspicion I've had for a long time.

Since this is the Holiday Season, and thus when the 'trap' I've confirmed is most prevalent, it seems an opportune time to share my findings.

We've all seen them.
We've all tried them at one time or another....
Those funny or cute videos, cartoons, games, free offers, greeting cards and such we come across on line that have those convenient little links that say things like; <b>"Send To A Friend," "Share With A Friend," "Click to Email This to a Friend" or "Click Here To Share."</b> It looks so easy and sounds like such a good thing to do. After all, it is FREE.

What's the old saying? " ...If it sounds too good to be true..."<br>
Well... there IS a reason why it is free and it's not because the web site owners are good samaritans. It is because <b>you are providing revenue</b> by clicking on the link and supplying them with active email addresses. Those addresses belonging to your friends and relatives are a valuable commodity to Spammers!

Over the past two months I received a few of those "Sent by a Friend" animated eCards and videos. Even though I didn't click on the link in the email to view them, the damage had been done. They already had my email address. So, after two years with this new email address and priding myself as being totally Spam-Free, I was suddenly receiving four to ten spam emails each day with ads for <i>'More Affordable Health Insurance,' 'How to Flush Pounds Away,' 'Extend Your Car Warranty,' 'Receive Free Money From The Government,' 'Someone Is Searching For You,' 'Let Debtco Show You How To Erase Debt,' 'Lower Your Heating Bills'</i> along with many other similar come-ons.

I never use this particular, primary email address when ordering things, for signing up for services of any kind, or when registering for a service on line. So I knew that the blasted Spammers must have gotten my address from somewhere else. So I set up some web-based email accounts (a total of eleven) through Yahoo and HotMail to test out my theory.

I then had several friends resend videos and eCards they had previously sent to me to these new addresses. I asked them to use the same method they had used previously by clicking on the 'Send To A Friend' link and submitting the new address I provided. I had those email accounts up ahead of time for one week and used them for nothing else. I also set up one account that was not shared as a control.

I received the emails in the new accounts but didn't open the emails. Opening them or clicking on links within them may further confirm an email address as valid, but it was not necessary for the purpose of my test.

Sure enough! It only took <b>a few days</b> for most of the shared accounts to start getting Spammed. After two weeks, they are <b>now receiving the same Spam emails I am getting at the rate of 2 to 4 every other day.</b> Thus confirming what I and others had suspected:
By providing email addresses, you are supplying Spammers with a list of email addresses that have a high likelihood of being valid and therefore very valuable. The money that web-based companies make from selling lists of valid email addresses is big business and probably earns more for some site owners than banner ads.

So, <b>PLEASE</b>, when you run across something on line that you find hilarious or interesting and you feel compelled to Share it with others. <b>DO NOT</b> select to allow the site to forward it to them for you. Instead, copy the link and send that in an email OR send the eCard, video, etc. to yourself, and when it arrives, forward it to whomever you want. Of course, if you do the latter, be smart and have it sent to a secondary web-based account.<br>
It is a good practice to not hand out other people's email addresses to ANY web site. Even if you feel comfortable with their <i>'Privacy Policy'</i> and believe them to be reputable, someone less scrupulous could hack into their site and obtain all the addresses they collected!

<font color=navy blue><b>Keep your friends and relatives privacy and email boxes in mind by not giving out their email addresses! You wouldn't want them to pass YOURS all over the internet, would you?</b></font>

Through my somewhat limited testing,
The Guilty Spam Proliferators that I confirmed are :

<b>IncrediMail eCards
123 Greetings
Blue Mountain
BGreetings.com
eGreetings.com
GetFunCards.com
MyGamesZone
Funny-City.com</b>

I did <b><u>not</u></b> get Spam from links sent through <b>Hallmark.com, MSN.AmericanGreetings.com or JacquieLawson.com</b>
<br>

Now that I've alerted you of this sneaky tool of Spammers, please let others know. If for nothing else... to protect yourself from getting buried in Spam.

The disturbing point proven in my test is that the Spam you receive may not be due to any fault of your own but rather the result of friends who unwittingly hand out your email address to sites who then sell it to Spammers.<br>


<i>Remember</i>:
<font size=2 color=red><b>When forwarding email,</b> remove all the previous Sender addresses from the header before hitting Send! This removes another popular source of addresses for Spammers.
Additionally, using the <a href="http://www.cs.rutgers.edu/~watrous/bcc-for-privacy.html">BCC option within your email program</a> is a good alternative when sending or forwarding to multiple recipients.</font>


NOTE:
In case you are wondering... I have been attacking my current Spam problem by using SpamKiller. It gives me a way to send MAILER DAEMON returns to the sender. That is, it sends them a response making it look like it is coming from my ISP stating my email address no longer exists or is invalid. I've used this technique successfully several times when I had a different email address. The sad thing is that it often takes several months of diligence on my part until the Spammers review their lists and remove 'dead' addresses. The version of SpamKiller I use is over 5 years old. Since then the program was purchased by McAfee. http://us.mcafee.com/root/product.asp?productid=msk. It is now $39, but there may now be other tools available for less or free that do the same or better job.

Years ago, before finding a tool to stop it, I became so inundated with Spam that the only course to take was to contact my ISP and request a new address.<br>
Whatever you do, NEVER respond to any unsolicited email! Doing so or clicking on links within the email only serves to prove your address is a valid one. The result is just MORE Spam!<br>

.
<b>UPDATE:</b>
After four months of diligence, working with my ISP, and using SpamKiller, I have now been totally Spam-free for nearly two months.
It CAN be done.
Now... lets see how long it lasts.
<br>

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

VERY Good Advice!!!!!!!!!

by ThumbsUp2 In reply to DO NOT Send To A Friend

Thanks Captain. That's very good advice. I'm sending the link to your post to all of my family and friends who think it's 'nice' to send me eCards or share those stupid jokes I've already seen several times and at the same time, beg them PLEASE .... don't do me any more favors!

Collapse -

Sending jokes doesn't cause problems

by Dr Dij In reply to VERY Good Advice!!!!!!!!!

unless they FORWARD them, with emails the previous sender also sent to included.

I get some newsletters whose editors are too stupid to use BCC and am now getting small# of spams on that email address.

USE the BCC field for mass mailings! not the CC field or all in the 'to: ' field.

that way, someone with a product to sell on the mail list will not spam you, and someone with an email harvester trojan will not collect those email addresses for spam!

Collapse -

I also get e-mail from those who won't use BCC

by CharlieSpencer In reply to Sending jokes doesn't cau ...

"I get some newsletters whose editors are too stupid to use BCC..."

I 'Reply' to those senders pointing out the security problems with using 'To' or 'CC'. The second time I 'Reply' to those on the original distribution that appear to be at the same workplace as the sender, hoping one is in a position of authority. The third time I 'Reply to All' and let everyone on the original distribution know about it, and add the sender to my black list.

Obviously this implies I don't require the sender, that they aren't a customer. In those cases I just continue to 'Reply' periodically to point out (again) the security problems.

Collapse -

I just do this

by Oz_Media In reply to I also get e-mail from th ...

If it is someone I know, just aimlessly passign on some stupid spam mail (usually old mail they think is new and funny, meanwhile we laughed at it in the 90's), I'll politely fill them in on how addresses are collected and abused.

If it is a company or some spammer, reply to all and add a message to the effect of:

Thank you all for providing your email addresses in such a timely fashion. You'll all be please do know that you have now been added to our email lists, which are also shared freely with the online community.

Either that or go for the same thank you but with the note that all addresses have been added to a registered black list and will no longer be able to send or recieve mail from most addresses.

Don't swallow it, spit back in their face, just as they disregarded your privacy and did so to you.

Collapse -

Can't say I'm surprised

by CharlieSpencer In reply to DO NOT Send To A Friend

I'm also not surprised to note two of the non-spamming companies are nationally known firms who were in the greeting card business before it went electronics.

Collapse -

Me either, but....

by CaptBilly1Eye In reply to Can't say I'm surprised

...I should have added "not yet" to my statement that I hadn't received any spam from things sent from their web sites.

I'll be keeping an eye (my good one) on the accounts used at those sites.

Personally, I don't trust any of them and make it a practice to not share anyone's address on line.
That is.... unless my intention is one of revenge and I WANT to see them get an avalance of Spam.
]:)


.

Collapse -

comparable program

by Jaqui In reply to DO NOT Send To A Friend

mailwasher

available for one pop3 address free from http://mailwasher.net

for 39.95 US the pro handles more pop3 addresses.

for use with echange, sendmail or qmail, free mailwasher server is linked to from that site.

or go to sourceforge.net and search for mailwasher, download for macosx, linux, windows, i386 to amd / intel x64 as binary installers, or grab the source code and build it yourself.

Collapse -

Thanks for that. but ....

by CaptBilly1Eye In reply to comparable program

... can it send fake MailDaemon replies?
That's my favorite feature of this old version SpamKiller and I assume the retail version has it, too.
It also has the capability to Send complaints directly to the ISP of origin.

The thing I like is that it attacks the Spammer rather than just filtering.

I have to say that Roadrunner, my ISP does a very good job of filtering 90% of the Spam. But this latest wave brought on by what appears to be a new breed of Spammers using ever-changing addresses has been quite a challenge.

Collapse -

yup, and

by Jaqui In reply to Thanks for that. but ... ...

even the free version, with it's banner advertising the product, one address only limitation, can.

both free and pro will run on linux under wine.

they have a free server version that supports exchange, sendmail and qmail servers.

"Firetrust Email / Internet Security" is the company that puts it out.

Collapse -

Thanks. I'll check it out. <nt>

by CaptBilly1Eye In reply to yup, and

Related Discussions

Related Forums