- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Discuss the front page article here.
http://thedailywtf.com/articles/best-of-email-super-spam-edition
I suspect the all caps title prevented this from being created automatically.
Admin
Paging @mark_bowytz / @remy. Front page found a new way to fail today, I think.
Admin
I think the captions started getting mixed up by the end, too.
Admin
Are you referring to the missing picture, or the usual no-link-hither balls-up?
Admin
That's actually hilarious. I bet the bot got "we detect this as spam and refuse to post it, nyah!".
Admin
more likely it got the "title should be more descriptive" toaster and didn't know how to handle it.
Admin
Nah, @PaulaBean has enough trust. But you still get the "more descriptive" toaster, even as a moderator or admin.
At least one seems to be for something that didn't make the final edit, too.
Admin
Generally I don't open spam, and tend to be very cautious viewing them RAW - not that many email clients allow you to do this properly. Outlook Express used (still does if you can get a copy to run without it being compulsory upgraded).
The main reason being: I don't want to "confirm" my email address.
Tip of The Day: Next time you get a "funny" phone call on your mobile / cell. I could be somebody "checking" if it a live number. And before I get flooded with the obvious "reply" - I just wanted to point that out, and in some small way, make your life different.
Also, "...through. If it makes If it makes you go ..." :deja_vu:
Admin
You mean by loading tracking content? I just don't allow any remote content to load by default. Unless there's some sorcery I'm not aware of that's all you need to do. And if it's a legit email I just click "load remote content" (or whatever it's called in your client) if I want to.
Admin
That works fine for "links", and in most cases they are probably going to be legit. One or both of my habitual email clients does this sort of thing for me. I.e. an email from a previously unknown source will ask and remember to open external resources.
But there are things more subtle that can be imbedded in an email that have the capability of "phoning home" with or with a "poke around" your system before it does.
Anyway, it works for me :) My main personal email address suffers less from "unwanted" spam than my other ones - and it is not a usage thing. That aside: Everything helps. But the first line of defence is don't open the email!
Admin
[spoiler] [image] [/spoiler] @boomzilla has @accalia'd me, and so I appear.
Admin
It displays fine on my end. Have you tried turning it off and on again?
Admin
http://i.ytimg.com/vi/2jhG7_4TduA/maxresdefault.jpg
Admin
Right, like JS or images. Both of which get eaten by that feature :smile:
Of course if you use gmail they preload the images anyways (preload then host on their servers.... Sounds like Discourse) so it doesn't really matter. I think they do that whether the address exists or not, but I honestly don't know.
Admin
But the don't display them by default for stuff in the spam folder. I don't know if they bother to proactively download them until you tell them to.
Admin
Not too sure what that means? Are you ...agin me or afore me?.. . Anyway. Don't matter.
I was thinking of things like single pixel links / images, and this sort of "thing":
I have no idea what that is (how irresponsible of me), I just googled until I found an example - which was made difficult because you can now have data in HTML5.
Yes I know your anti-virus could scan it, but not all email client integrate all version of anti-virus. Quite often my antivirus quietly falls over.
Then, of course there is simple stuff like automatic acknowledgements. Yes, you could switch it "off", but if I have learnt one thing about Microsoft updates: It is they have a tendency to reset personal settings.
Don't even get me started on Active X - other reasons not withstanding, it is why I don't use IE. Unless I really have to in order to use some feature of a website - and only then if it a Corporate Directive. <--- There's your :wtf: , right there :)
For those of you that noticed the slight edit. I was something that was bugging me as I knew I hadn't got it (the pseudo quote) quite right. You can goolge, it and the words that make it up, to your hearts content, but it aint gonna help. What I want you to visualise whilst reading it is something like this:
No! Not that. Dagnabbit! Dang clipboard!!! This: https://strugglecartoons.files.wordpress.com/2012/10/original-01.gif
Admin
That's a base 64 image, don't see how that could be used to identify you...
Admin
That's how they get you. they make you think it's safe but they track you through the pixels. through the pixels man. that's how they track you.
Admin
In other words, you download those pixels, the img src is unique to your email address, then they know your email address is a LIVE ONE!!!!!!!! :giggity: SpamBomb that address!!!!!!! :fa_bomb: :fire:
Admin
Not if it's base64 :)
Admin
Surely that's only going to be even vaguely likely to be true if your mail client is Outlook?
Admin
It appears to be a completely legitimate 16x14 GIF of a folder icon. I can't see any phone-homefu in it.
Admin
Not a technical WTF at all, but this guy deserves points for brazen cheek:
Received: from fe2.bmail.linkdatacenter.net (fe2.bmail.linkdatacenter.net. [41.128.142.29]) by mx.google.com with ESMTP id ex6si11169076wid.103.2015.06.13.19.16.34 for <[email protected]>; Sat, 13 Jun 2015 19:16:34 -0700 (PDT) Received-SPF: neutral (google.com: 41.128.142.29 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=41.128.142.29; Received: from coach-inc.pl ([46.242.145.16]) by bmail.linkdatacenter.net with MailEnable ESMTP; Sun, 14 Jun 2015 04:16:24 +0200 Date: Sun, 14 Jun 2015 04:16:24 +0200 To: [email protected] From: =?UTF-8?Q?Bitcoins_OMG=21=21=21_Extra_Situations=21=21=21_START=21=21_LEAKS?= <[email protected]> Subject: =?UTF-8?Q?DEAR_CLIENT_SEND_NOW_BTC_=30=2e=30=31_TO_THIS_WALLET_AND_GET_=30=2e=30=33_BITCOINS_INSTANT_=33_CONFIRMATIONS_YOU_GET=21=21=21_BITCOINS_AUTOMATICS=21=21=21?= Message-ID: <[email protected]> X-Priority: 3 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="us-ascii" X-ME-Bayesian: 0.000000 DEAR CLIENT SYSTEM BITCOIN SPECIAL OFFER SEND NOW 0.01 TO THIS WALLET AND G= ET 0.03 INSTANT OR FOR MORE OPTIONS YOU CAN DOUBLE ANY YOUR BALANCES BTC SE= CRET YES METHOD LEAKS TO THIS SPECIFIC ADDRESS VARIANT DOUBLER!!! AFTER 3 C= ONFIRMATIONS AUTOMATICS TO YOU YES BUMERANGS TO YOU!! Description for To double your Bitcoins Methods Leaks is Easy This Yes 2015 To double your Bitcoins is easy you need to send the Bitcoins to this speci= fic address: Bitcoin Address BTC: 1BonuSr7q9QR<remainder redacted> Minimum 0.01 This is a default address from the system, and this have a bug where you se= nd the bitcoins and then it sent you back the double of bitcoins. Hope this helps To You!! = :-) Maybe you think, but when you get the double of bitcoins in your wallet, You need to give a Big Kiss!! Just Try!!! Yes This interest Efect!! Automatics Bitcoins Send 0.01 You get =3D 0.03 Bitcoins if you Sendings 0.1 BTC you Get 0.3 BTC Automatic To You!! Any value Maximum Unlimits To You Doubles!!! Yes BTC for Free Right now! Available Starts TO ANY USER CLIENTS BITCOINS SYSTEM Automatic Algorithms YES Please do not share this method with anybody mate And Make Your individual Tests ;)Admin
Admin
Maybe you think, but when you get the double of bitcoins in your wallet, You need to give a Big Kiss!!
Admin
Yes, even in base64.
Reference: http://stackoverflow.com/questions/10473932/browser-html-force-download-of-image-from-src-dataimage-jpegbase64
Excerpt:
C'Mon, I'm not a programmer, and even I knew to watch out for that one. (Ok, too many users getting hit that I clean up, but still...)
:stuck_out_tongue:
Admin
My brain wants to set it to music. https://www.youtube.com/watch?v=zrBO2VbTma8
Admin
Meh. Again, gmail...
Admin
Why are you checking if my mobile number is live? It has been mine since 2001!
Admin
FTFY
Sorry @accalia, nothing personal but I could not resist :)
Admin
In this case, mostly because it is just an example of "how", it is not meant track anybody. Unless, of course, it's not actually an image and contains some malicious code.
The point is: Emails are a vector of all sorts of nasty "things", and some times rubber gloves aren't enough. Best not fiddle with them, even if they are incredibly attractive and alluring.
:giggity: intended
Admin
I think the fix is to add
skip_validations=1(or validation? forgot) to the POST arguments.Admin
I'm not the only one to decode it into a file and open it with an image viewer? I had to remove a spurious > in the data. Or I could have trusted the "alt" tag that it was a folder icon (but that is what they'd want you to believe).
Admin
My Bad. Although I had resolved all the issues Discourse has with "<" apparently I missed a ">", which Discourse don't give a fuck about.
Admin
What.
Admin
Could we abuse that ...?
Admin
Admin
skip_validations=1i should hope that you need to be like an admin or something for that to work.
discourse?Admin
I like how they write "get double" but then have 1 -> 3 in all examples...
Admin
Admin only, which @PaulaBean is.