• (disco)

    Discuss the front page article here.

    http://thedailywtf.com/articles/best-of-email-super-spam-edition

    I suspect the all caps title prevented this from being created automatically.

  • (disco)

    Paging @mark_bowytz / @remy. Front page found a new way to fail today, I think.

  • (disco) in reply to boomzilla

    I think the captions started getting mixed up by the end, too.

  • (disco) in reply to boomzilla

    Are you referring to the missing picture, or the usual no-link-hither balls-up?

  • (disco)
    boomzilla:
    I suspect the all caps title prevented this from being created automatically.

    That's actually hilarious. I bet the bot got "we detect this as spam and refuse to post it, nyah!".

  • (disco) in reply to cartman82
    cartman82:
    "we detect this as spam and refuse to post it, nyah!".

    more likely it got the "title should be more descriptive" toaster and didn't know how to handle it.

  • (disco) in reply to cartman82
    cartman82:
    That's actually hilarious. I bet the bot got "we detect this as spam and refuse to post it, nyah!".

    Nah, @PaulaBean has enough trust. But you still get the "more descriptive" toaster, even as a moderator or admin.

    Maciejasjmj:
    I think the captions started getting mixed up by the end, too.

    At least one seems to be for something that didn't make the final edit, too.

  • (disco)

    Generally I don't open spam, and tend to be very cautious viewing them RAW - not that many email clients allow you to do this properly. Outlook Express used (still does if you can get a copy to run without it being compulsory upgraded).

    The main reason being: I don't want to "confirm" my email address.

    Tip of The Day: Next time you get a "funny" phone call on your mobile / cell. I could be somebody "checking" if it a live number. And before I get flooded with the obvious "reply" - I just wanted to point that out, and in some small way, make your life different.

    Also, "...through. If it makes If it makes you go ..." :deja_vu:

  • (disco) in reply to loose
    loose:
    The main reason being: I don't want to "confirm" my email address.

    You mean by loading tracking content? I just don't allow any remote content to load by default. Unless there's some sorcery I'm not aware of that's all you need to do. And if it's a legit email I just click "load remote content" (or whatever it's called in your client) if I want to.

  • (disco) in reply to Onyx

    That works fine for "links", and in most cases they are probably going to be legit. One or both of my habitual email clients does this sort of thing for me. I.e. an email from a previously unknown source will ask and remember to open external resources.

    But there are things more subtle that can be imbedded in an email that have the capability of "phoning home" with or with a "poke around" your system before it does.

    Anyway, it works for me :) My main personal email address suffers less from "unwanted" spam than my other ones - and it is not a usage thing. That aside: Everything helps. But the first line of defence is don't open the email!

  • (disco)

    [spoiler] [image] [/spoiler] @boomzilla has @accalia'd me, and so I appear.

  • (disco) in reply to Placeholder

    It displays fine on my end. Have you tried turning it off and on again?

  • (disco) in reply to Placeholder

    http://i.ytimg.com/vi/2jhG7_4TduA/maxresdefault.jpg

  • (disco) in reply to loose
    loose:
    That works fine for "links", and in most cases they are probably going to be legit. One or both of my habitual email clients does this sort of thing for me. I.e. an email from a previously unknown source will ask and remember to open external resources.

    But there are things more subtle that can be imbedded in an email that have the capability of "phoning home" with or with a "poke around" your system before it does.

    Anyway, it works for me :) My main personal email address suffers less from "unwanted" spam than my other ones - and it is not a usage thing. That aside: Everything helps. But the first line of defence is don't open the email!

    Right, like JS or images. Both of which get eaten by that feature :smile:

    Of course if you use gmail they preload the images anyways (preload then host on their servers.... Sounds like Discourse) so it doesn't really matter. I think they do that whether the address exists or not, but I honestly don't know.

  • (disco) in reply to sloosecannon
    sloosecannon:
    Of course if you use gmail they preload the images anyways (preload then host on their servers...

    But the don't display them by default for stuff in the spam folder. I don't know if they bother to proactively download them until you tell them to.

  • (disco) in reply to sloosecannon
    sloosecannon:
    Both of which get eaten by that feature

    Not too sure what that means? Are you ...agin me or afore me?.. . Anyway. Don't matter.

    I was thinking of things like single pixel links / images, and this sort of "thing":

    <img src="data:image/gif;base64,R0lGODlhEAAOALMAAOazToeHh0tLS/7LZv/0jvb29t/f3//Ub/> /ge8WSLf/rhf/3kdbW1mxsbP//mf///yH5BAAAAAAALAAAAAAQAA4AAARe8L1Ekyky67QZ1hLnjM5UUde0ECwLJoExKcppV0aCcGCmTIHEIUEqjgaORCMxIC6e0CcguWw6aFjsVMkkIr7g77ZKPJjPZqIyd7sJAgVGoEGv2xsBxqNgYPj/gAwXEQA7" width="16" height="14" alt="embedded folder icon">

    I have no idea what that is (how irresponsible of me), I just googled until I found an example - which was made difficult because you can now have data in HTML5.

    Yes I know your anti-virus could scan it, but not all email client integrate all version of anti-virus. Quite often my antivirus quietly falls over.

    Then, of course there is simple stuff like automatic acknowledgements. Yes, you could switch it "off", but if I have learnt one thing about Microsoft updates: It is they have a tendency to reset personal settings.

    Don't even get me started on Active X - other reasons not withstanding, it is why I don't use IE. Unless I really have to in order to use some feature of a website - and only then if it a Corporate Directive. <--- There's your :wtf: , right there :)

    For those of you that noticed the slight edit. I was something that was bugging me as I knew I hadn't got it (the pseudo quote) quite right. You can goolge, it and the words that make it up, to your hearts content, but it aint gonna help. What I want you to visualise whilst reading it is something like this:

       $passwordReminder = '';
       list($quantity, $unit) = $GLOBALS['userActivity']->PasswordExpiryReminder();
       if ($quantity > 0) {
    	$passwordReminder = '
    	<div class="display-user-line">
    		<div class="display-user-reminder">
    			Password Expires in ' . $quantity . ' ' . $unit . '
    		</div>
    	</div>';
       }
    

    No! Not that. Dagnabbit! Dang clipboard!!! This: https://strugglecartoons.files.wordpress.com/2012/10/original-01.gif

  • (disco) in reply to loose

    That's a base 64 image, don't see how that could be used to identify you...

  • (disco) in reply to sloosecannon
    sloosecannon:
    That's a base 64 image, don't see how that could be used to identify you...

    That's how they get you. they make you think it's safe but they track you through the pixels. through the pixels man. that's how they track you.

  • (disco) in reply to sloosecannon
    accalia:
    That's how they get you. they make you think it's safe but they track you through the pixels. through the pixels man. that's how they track you.

    In other words, you download those pixels, the img src is unique to your email address, then they know your email address is a LIVE ONE!!!!!!!! :giggity: SpamBomb that address!!!!!!! :fa_bomb: :fire:

  • (disco) in reply to redwizard

    Not if it's base64 :)

  • (disco) in reply to loose
    loose:
    But there are things more subtle that can be imbedded in an email that have the capability of "phoning home" with or with a "poke around" your system before it does

    Surely that's only going to be even vaguely likely to be true if your mail client is Outlook?

  • (disco) in reply to loose
    loose:
    I have no idea what that is (how irresponsible of me)

    It appears to be a completely legitimate 16x14 GIF of a folder icon. I can't see any phone-homefu in it.

  • (disco)

    Not a technical WTF at all, but this guy deserves points for brazen cheek:

    Received: from fe2.bmail.linkdatacenter.net (fe2.bmail.linkdatacenter.net. [41.128.142.29])
            by mx.google.com with ESMTP id ex6si11169076wid.103.2015.06.13.19.16.34
            for <[email protected]>;
            Sat, 13 Jun 2015 19:16:34 -0700 (PDT)
    Received-SPF: neutral (google.com: 41.128.142.29 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=41.128.142.29;
    Received: from coach-inc.pl ([46.242.145.16]) by bmail.linkdatacenter.net with MailEnable ESMTP; Sun, 14 Jun 2015 04:16:24 +0200
    Date: Sun, 14 Jun 2015 04:16:24 +0200
    To: [email protected]
    From: =?UTF-8?Q?Bitcoins_OMG=21=21=21_Extra_Situations=21=21=21_START=21=21_LEAKS?= <[email protected]>
    Subject: =?UTF-8?Q?DEAR_CLIENT_SEND_NOW_BTC_=30=2e=30=31_TO_THIS_WALLET_AND_GET_=30=2e=30=33_BITCOINS_INSTANT_=33_CONFIRMATIONS_YOU_GET=21=21=21_BITCOINS_AUTOMATICS=21=21=21?=
    Message-ID: <[email protected]>
    X-Priority: 3
    MIME-Version: 1.0
    Content-Transfer-Encoding: quoted-printable
    Content-Type: text/plain; charset="us-ascii"
    X-ME-Bayesian: 0.000000
    
    DEAR CLIENT SYSTEM BITCOIN SPECIAL OFFER SEND NOW 0.01 TO THIS WALLET AND G=
    ET 0.03 INSTANT OR FOR MORE OPTIONS YOU CAN DOUBLE ANY YOUR BALANCES BTC SE=
    CRET YES METHOD LEAKS TO THIS SPECIFIC ADDRESS VARIANT DOUBLER!!! AFTER 3 C=
    ONFIRMATIONS AUTOMATICS TO YOU YES BUMERANGS TO YOU!!
    
    Description for To double your Bitcoins Methods Leaks is Easy This Yes 2015
    To double your Bitcoins is easy you need to send the Bitcoins to this speci=
    fic address:
    
    Bitcoin Address
    
    BTC: 1BonuSr7q9QR<remainder redacted>
    
    Minimum 0.01
    
    This is a default address from the system, and this have a bug where you se=
    nd the bitcoins
    and then it sent you back the double of bitcoins. Hope this helps To You!! =
    :-)
    Maybe you think, but when you get the double of bitcoins in your wallet,
    You need to give a Big Kiss!!
    
    Just Try!!! Yes This interest
    Efect!! Automatics Bitcoins
    Send 0.01 You get =3D 0.03 Bitcoins
    if you Sendings 0.1 BTC you Get 0.3 BTC Automatic To You!!
    Any value Maximum Unlimits To You Doubles!!!
    
    Yes BTC for Free Right now! Available Starts
    TO ANY USER CLIENTS BITCOINS SYSTEM Automatic Algorithms YES
    
    Please do not share this method with anybody mate
    And Make Your individual Tests ;)
    
    
  • (disco) in reply to flabdablet
    flabdablet:
    YES BUMERANGS TO YOU!!
    <poo>
  • (disco) in reply to blakeyrat

    Maybe you think, but when you get the double of bitcoins in your wallet, You need to give a Big Kiss!!

  • (disco) in reply to sloosecannon
    sloosecannon:
    Not if it's base64

    Yes, even in base64.

    Reference: http://stackoverflow.com/questions/10473932/browser-html-force-download-of-image-from-src-dataimage-jpegbase64

    Excerpt:

    <a href="data:image/jpeg;base64,/9j/4AAQSkZ..." download="filename.jpg"></a>
    

    C'Mon, I'm not a programmer, and even I knew to watch out for that one. (Ok, too many users getting hit that I clean up, but still...)

    :stuck_out_tongue:

  • (disco) in reply to blakeyrat

    My brain wants to set it to music. https://www.youtube.com/watch?v=zrBO2VbTma8

  • (disco) in reply to redwizard

    Meh. Again, gmail...

  • (disco) in reply to loose
    loose:
    Tip of The Day: Next time you get a "funny" phone call on your mobile / cell. I could be somebody "checking" if it a live number.

    Why are you checking if my mobile number is live? It has been mine since 2001!

  • (disco) in reply to accalia
    accalia:
    That's how they get you. they make you think it's safe but they track you through thewith pixelsies. through the pixelsies man. that's how they track you.

    FTFY

    Sorry @accalia, nothing personal but I could not resist :)

  • (disco) in reply to sloosecannon

    In this case, mostly because it is just an example of "how", it is not meant track anybody. Unless, of course, it's not actually an image and contains some malicious code.

    The point is: Emails are a vector of all sorts of nasty "things", and some times rubber gloves aren't enough. Best not fiddle with them, even if they are incredibly attractive and alluring.

    :giggity: intended

  • (disco) in reply to boomzilla

    I think the fix is to add skip_validations=1 (or validation? forgot) to the POST arguments.

  • (disco) in reply to flabdablet

    I'm not the only one to decode it into a file and open it with an image viewer? I had to remove a spurious > in the data. Or I could have trusted the "alt" tag that it was a folder icon (but that is what they'd want you to believe).

  • (disco) in reply to Nprz
    Nprz:
    I had to remove a spurious > in the data

    My Bad. Although I had resolved all the issues Discourse has with "<" apparently I missed a "&gt", which Discourse don't give a fuck about.

  • (disco) in reply to riking
    riking:
    skip_validations=1

    What.

  • (disco) in reply to Maciejasjmj

    Could we abuse that ...?

  • (disco) in reply to riking
    riking:
    I think the fix is to add `skip_validations=1` (or validation? forgot) to the POST arguments.
    Wait, what? It's that easy to bypass validation? Why?
  • (disco) in reply to RaceProUK
    RaceProUK:
    Wait, what?

    skip_validations=1

    RaceProUK:
    It's that easy to bypass validation?

    i should hope that you need to be like an admin or something for that to work.

    RaceProUK:
    Why?
    discourse?
  • (disco) in reply to flabdablet

    I like how they write "get double" but then have 1 -> 3 in all examples...

  • (disco) in reply to RaceProUK

    Admin only, which @PaulaBean is.

Leave a comment on “Best of Email: Super Spam Edition”

Log In or post as a guest

Replying to comment #451338:

« Return to Article