How To Spot A Psychopath

From this morning’s mail:

To: “dan@dansdata.com”
Subject: Your Gambling Site
Date: Wed, 18 Mar 2009 12:27:36 -0700
From: Mark Jubenville <mark.jubenville@neverfold.net>

Hello,
Recently I visited your website http://www.dansdata.com; while visiting your site I noticed that you link to http://www.quatloos.com at this address: http://www.dansdata.com/danletters036.htm. As we are closely related to them, I would love to exchange links with your website, currently there are about 5,000 - 7,000 people per day that goto my site and search for information, Therefore I would to link to an excellent site like yours.

I have taken the liberty of adding your site to my home page: http://www.neverfold.net?pg=Mz9ah. To determine if it is of any benefit to you, if you have a stats program you can check it and let me know. By looking at my stats, it looks like today I have sent you 37 visitors but it may change by the time you receive this email.

Some website owners do not like when other sites link to them so I thought I might ask first. I think the information on your website could be useful to my visitors; and maybe you could receive some extra relevant traffic if you want. Please get back to me when you have a chance to let me know if its ok to link to your website like this.

Have a good week,
Mark Jubenville
—————————————
email: mark.jubenville@neverfold.net
website: http://www.neverfold.net
Ref: Mz9ah

This email was sent to dan@dansdata.com, by mark.jubenville@neverfold.net
| 234, 5149 Country Hills Blvd N.W Suite # 306 | Calgary | Alberta | Canada

At first glance, this just looks like yet another schmuck who’s letting Acme AutoLinkSpam 2000 send e-mails for him, without bothering to actually look at what it’s saying on his behalf. Had Mr Jubenville (that is, just possibly, not his real name…) done so, he would have been able to see that my site, and Quatloos for that matter, have nothing whatsoever to do with his site, neverfold.net, which seems to be a discussion forum for poker players.

The hypothesis that he’s a bit new to this game is supported by the fact that there is indeed currently a link to dansdata.com on the neverfold.net home page; it’s above three links to sites that actually have something to do with poker. So this certainly doesn’t look like the usual link spammer, with a huge site whose countless pages contain nothing but endless unrelated links and Google ads.

But perhaps Mr Jubenville wants us to read between the lines, here. A link-spam that’s this random can’t just happen by accident!

I mean, lots of link spammers have found the word “chicken” on my site and thus decided that my whole site must be relevant to the page on their link-farm about aeronautical bird-strike. The word “poker” appears on two of dansdata.com’s more-than-a-thousand pages, as I write this, so there’s nothing out of the ordinary there.

But the page that Mr Jubenville says piqued his interest was one of my numerous letters columns - it’s the last letter on that page. That letter is about some nut who was selling purple aluminium that was supposed to have magical properties, which made him sound a bit like the Empower Modulator people. I linked to Quatloos because the guy selling the magic aluminium was connected to some other people with an interest in the proposed US “National Economic Stabilization and Recovery Act“, which has been kicking around for rather a while now, and is a favourite of some scam artists. And Quatloos have a page about it.

(We haven’t heard a lot from the NESARA scammers for a few years, but I bet they’ve gotten a considerable boost from the global financial crisis. The scam involves a “new Treasury Bank system, DEBT FORGIVENESS for all U.S. citizens, and abolishment of the IRS”, which almost sounds plausible these days. I highly recommend Quatloos overall, by the way, especially if someone is trying to talk you into a sure-fire can’t-lose money-making scheme having to do with legal loopholes which, to pick one common version, mean that nobody actually has to pay income tax.)

Clearly, nobody could really be stupid enough to think I have a “gambling site”, and also think that Quatloos’ page about the NESARA scammers is “closely related” to their site about poker.

Clearly, what Mr Jubenville is actually trying to tell me is that behind the apparently-valid message board, his site is actually some sort of great big scam!

Now, let’s read every 13th letter of every post on those poker forums…

I get a lot of link-farm spam, of varying levels of ingenuity.

This one’s got a new twist, though.

From: Alicia
[sending server located in some craphole]
To: dan@dansdata.com
Subject: An Idea/Suggestion for 404 link on http://www.dansdata.com/usbadapt.htm
Date: Tue, 3 Mar 2009 08:10:42 -0600 (CST)

Hey :-)
I happened to noticed that on the page http://www.dansdata.com/usbadapt.htm you have an outgoing external link to http://www.archive.org/movies/movies.php, however I found that it is a broken link (doesn’t look like that page exists anymore or is temporarily down). I found this page to be a good replacement if you just wanted to change the link.
http://www.filmposters.com/articles/evolution-horror-movies.asp
Hopefully this adds another resource to your page if anything.

Hope this is of some help, thought it was a good site to reference. Hope it proves to be useful

Thanks,
Alicia

This really does look like an actual e-mail from a human being, doesn’t it?

Of course, a human being would probably have noticed that although the Internet Archive’s moving image collection page has moved since I wrote that review in 2004, the old URL redirects to the new one.

A human being might also be able to detect a slight difference in content between the place I was linking to and the place “Alicia” wanted me to link instead.

The Internet Archive moving image collection lets you download, for free, tons of movies that’re out of copyright or otherwise free to distribute. Nosferatu, His Girl Friday, Night of the Living Dead, Reefer Madness, old computer TV shows, cartoons, vintage educational films, “ephemeral” films; you name it. It’s great.

Filmposters.com, in contrast, is pretty much what you’d expect filmposters.com to be. The page “Alicia” wanted me to link to isn’t the usual meaningless link-farm robo-content, though; it’s about “The Evolution of Horror Movies”, and seems to be a perfectly valid page with real content. But it also seems to not be in the Google database at all, which suggests that it’s brand new.

Perhaps the idea behind this spam is to make actual valid content pages on sites that want the PageRank boost that all link schemes are about. Then you scan for broken links on Web sites and shoot off these seemingly-from-a-human e-mails, suggesting people update their link to point to your page.

The only problem is that, as usual, it’s all based on software that’s trying, unsuccessfully, to find targets that’re relevant to the stuff the spammer is trying to advertise.

If this really is the scheme, it’s a step forward from normal link-farm sites, which exist only to trick searchers into clicking on ads. But I’m still not going to help “Alicia” do it.

Presented as received, emphasis theirs:

From: “rachel” <rachel@infronts.com>>
To: <dan@dansdata.com>
Subject:
Date: Mon, 2 Mar 2009 01:39:08 +0800

Dear Dan,

Have a nice day£¡

I am happy to present hot selling items for you reference. A lot of clients are interesting in this item, so I try to send them for your reference. Hope it is helpful for you!

Here is our Solar USB Dick for your reference,hope you are interexted in.

Feature:Animation Display
Operating sysrem:Windows 98/SE, Windows ME, 2000 XP and Mac OS9.1
Drivers: Only Windows 98/SE need the driver

Logo is made by Pc software and displayed on LCD screen, when there is light logo blink thus to attract people’s attention.

[blah blah blah, picture of USB thumb-drives with a solar-powered capacity-display thing on the side]

Pirce: FOB shenzhen

500PCS
128MB USD3.15
256MB USD3.45
512MB USD3.75
1GB USD4.25
2GB USD4.65
4GB USD7.60

MOQ:500pcs , More qty will be more cheaper.
Product material: Plastic Housing
Product size: 62*25*13mm
Packing: each in a color box,100pcs/48*36*29cm; G.W./N.W.:12.5*11.7

This offer is firm for 1 week.
Please add USD0.30 for ROHS.
Printing logo: logo set up charge: USD100.00/design.
Sample delivery time is 3-5 day after order confirm.
Delivery time: 7-10 day after sample approval.

Should any of the items be of interest to you, please let us know. We shall be glad to give you our lowest quotations upon receipt of your detailed requirement.

Rachel
IFS electronice company limited

Web:www.infronts.com

Yep, that’s an electronice solar dick all right.

(I bet they’ll print whatever famous computer-product-company logo you like on your 500 solar dicks.)

There’s an “Ask Dan” button on all of Aus PC Market product pages, that allows people to ask me stuff about AusPC products, in the hope that I may perhaps answer them and then put the correspondence on my site as an Ask Dan page.

We haven’t been able to make it completely clear that this feature is for people asking, for instance, whether Video Card A or Video Card B is better for Fallout 3, rather than stuff I don’t know like how long something’s power cord is. But even without a How Not To E-Mail Me scare page, by and large the Ask Dan buttons work quite well.

In the last few days, some spambot has latched onto Ask Dan. It’s clearly mistaken the send-me-an-e-mail form for a Web-forum comment form, and is attempting to use it to post comment spam.

So now I’m getting mail from sukmishelpfs@yahoo.com and lcfwasolzg@gmail.com and so on that says stuff like

<a href= http://viagraonlinebest.50webs.com/viagra-for-woman.html|viagra for
woman ></a>
[url=http://viagraonlinebest.50webs.com/viagra-for-woman.html|viagra for
woman][/url] <a href=
http://viagraonlinebest.50webs.com/viagra-price.html|viagra price ></a>
[url=http://viagraonlinebest.50webs.com/viagra-price.html|viagra price][/url]
<a href= http://viagraonlinebest.50webs.com/viagra-generic.html|viagra generic
></a> [url=http://viagraonlinebest.50webs.com/viagra-generic.html|viagra
generic][/url]

or

<a href= http://casino-best.bebto.com/on-line-casino.html >on line casino</a>
[url=http://casino-best.bebto.com/on-line-casino.html]on line casino[/url] <a
href= http://casino-best.bebto.com/no-download-casino.html >no download
casino</a> [url=http://casino-best.bebto.com/no-download-casino.html]no
download casino[/url] <a href=
http://casino-best.bebto.com/online-casino-gambling.html >online casino
gambling</a>
[url=http://casino-best.bebto.com/online-casino-gambling.html]online casino
gambling[/url] <a href= http://casino-best.bebto.com/casino-game-online.html
>casino game online</a>
[url=http://casino-best.bebto.com/casino-game-online.html]casino game
online[/url]

(The above is quite heavily abridged.)

The funny part is that the spambot has decided to post its mis-aimed comments in the Ask Dan form for exactly one AusPC listing, for this defunct server. Because that product is no longer available, the product page now has no Ask Dan button on it; there is no way for anybody to actually navigate to that product’s Ask Dan form. And yet, the spambot keeps Asking Dan about it!

So somehow it’s gotten it into its tiny little brain that the Ask Dan page for that product - URL http://www.auspcmarket.com.au/popup/email_dan.php?product_code=SY-CSPC-7045A-TB, which I just created by pasting the server’s product ID in place of the ID of another product - is the gateway to bold new markets for online casinos and pills that probably aren’t Viagra.

I hope it doesn’t discover any of the thousands of other Ask Dan forms. It’s much easier to filter this way!

From: “Bao Nguyen” <mfiat@examnotes.net>
Date: Tue, 30 Dec 2008 11:39:25 +0200
To: “Dan” <dan@dansdata.com>
Subject: Heroin (DISCOUNT 25% IF GET 0,5 Kilo)

Online Store

Hello, we sell some drugs :

- Club Drugs (GHB, Ketamine, and Rohypnol)

- Crack and Cocaine

- - MDMA (Ecstasy)

- Hallucinogens: LSD, Peyote, Psilocybin, and PCP

- Heroin

- Inhalants

- Prescription and Over-the-Counter Medications (FREE SHIPPING !)

- Methylphenidate and Amphetamines (ADHD Medications) - BUY 2 GET 3 !

- Heroin (DISCOUNT 25% IF GET 0,5 Kilo)

- LSD (BEST FOR HOME PARTY, ENJOY WITH BEST FRIENDS)

- BUY BUNDLE MDMA + LSD and RECEIVE Methylphenidate for FREE !

Contact E-Mail: nengers@aol.com

I presume these spammers just wait for someone to be dumb enough to actually order illegal drugs from them, then keep the money.

What are you going to do, complain to Western Union that your half-kilo of heroin never showed up?

Given the desperation of the various cop shows to find new stories “plucked from the headlines” (translation: “we’d rather not have to write our own plots”), I’m surprised that none of them seem to have featured Awful Vengeance wreaked upon a series of spammers.

I remember one Law & Order SVU episode (well, that’s probably what it was, they all kind of blend together) featured a child molester tempted into offending again by “Lolita” porno spam. This episode was of course every bit as plot-holed-below-the-waterline as every other computer-related plot on mainstream TV, but I’d forgive the usual “I tracked his traceroute to a ping from 374.257.-111.999, which means he’s using 5-bit ASCII…” stuff as long as enough spammers were finding other spammers’ ears in their mailboxes.

I’ve got the plot outline for them right here.

Former Special Forces guy loses a leg somewhere he’s not at liberty to talk about, uses his disability payments to start a little Internet Service Provider in his home town, and gets into one of those horrible legal battles with a spamming customer who forces him to keep hosting their server. Then goes on murderous crusade.

He can’t just kill the guy he’s having problems with, of course. He’ll be the first suspect. If he kills eight other spammers first, though, then keeps on killing more spammers afterwards, he’ll be harder to catch.

(Preferable murder technique: Cutting something valuable off the spammer and commenting on how it doesn’t seem nearly as big as the advertisements promised, while they bleed out.)

The actual spammer-homicide rate is miserably low. There was that one Russian guy in ‘05, and a couple back in 1999, and that’s about it as far as I know. (Anybody know of any others?)

So if nobody can make this happen in the real world, it should at least happen on TV.

From: “Kyra jhons” <kyra.jhons@beacaliforniaspermdonor.com>
To: Blogsome <dan@dansdata.com>
Subject: Page rank 4 link request
Date: Wed, 15 Oct 2008 15:40:41 -0500

Hi:

My name is Kyra Jhons, I´ve visited your website blogsome.com and I
was wondering if you would like to exchange links with my website,
currently I have a Business website and I´m looking for other similars
like yours. In exchange I’ll give you a link from my
“Beacalifornias Permdonor Marketing Service” website with page rank 4
(http://www.beacaliforniaspermdonor.com).

Your link will be exactly here:

http://www.beacaliforniaspermdonor.com with page rank 4 (your link will
be in Homepage and NOT at links page!!)

If you are interested please add my link to your site using the
following details, let me know once it’s ready and dont forget to send
me your site details for do the same for you, your link will be ready
on my site in less than 24 hours, otherwise you can delete my link from
your site.

Title: UK Prepaid Cards
Url: http://www.what-prepaid-card.co.uk
Description: What Prepaid compares current UK pay as you go prepaid
credit cards.

Or you can use the following html code:

<a href=”http://www.what-prepaid-card.co.uk”>UK Prepaid Cards</a> -
What Prepaid compares current UK pay as you go prepaid credit cards.

Please let me know once it’s ready and send me your site details for do
the same for you. I’ll be waiting for your kind reply.

Best Regards

Kyra Jhons

PD: In order to follow anti-spam regulations, please be so kind of
filling in the following form if you don’t want to receive any more
messages from this address.
http://www.goodeyeforlinks.com/Contact_Us.html

The link-farm site and the site they want promoted are different because these spammers, like many others, are playing the triangle. I think beacaliforniaspermdonor.com may set a new high-water mark for link irrelevance, pretty much regardless of who gets this spam.

Oh, and in case you’re wondering, I am not the boss of Blogsome. And I’m certainly not going to hand out links to any Johnny-come-lately who doesn’t even offer me “f-ree software“.

I particularly like how they call their link-farm page “Beacalifornias Permdonor”. It’s like the exact opposite of the Who Represents/Experts Exchange thing. (See also “beontopranking-google.com“.)

Apropos previous mentions of lazy spam-scammers, here’s one who’s working harder.

I got three copies of his “order”, sent to my domain-registration e-mail address, my private iiNet address, and dan@dansdata.com. The man’s thorough!

From: “Bill Jackson” <rev.billjackson@gmail.com>
Date: Tue, 12 Aug 2008 16:11:41 -0700
To: sushilmehta0072000@yahoo.com
Subject: order

Hello good day my name is Rev.Bill Jackson i will like to order some Fuel
Savers from you and will like to nop the cost for each plus tax and dont
include shipping cost

Thorough, but dumb.

Perhaps there’s a little symbiont circle out there, of scam artists making worthless fuel-savers and other scam artists buying said fuel-savers with fake bank cheques.

(See also.)

Oh, and the New South Wales Office of Fair Trading has announced an investigation into fuel-saving devices. They somehow managed to not mention the word “firepower” anywhere in the press release.

Man, “I” seem to be sending a lot of spam these days.

Since I wrote about what happens when someone looses a volley of spam with your e-mail address in the “From:” field, there’ve been a few other spam-runs that’ve resulted in smaller backscatter storms pitter-pattering into my e-mail account. From which I then, of course, deleted them without downloading, after scanning the headers with good old MailWasher.

Yesterday, though, I got this:

As soon as I’d finished scanning headers and deleting a couple of hundred messages, there were another couple of hundred waiting. It’s slackened off, now; the total for this run may end up at 5000 bounces.

As usual, the bounces came from umpteen small and medium businesses, US middle schools, mailing list servers (I don’t think I’ve been subscribed to or unsubscribed from anything, this time)… you name it.

Perhaps I should have just picked half a dozen at random and sent them form letters telling them about the problem. Maybe the administrator addresses for one or two wouldn’t even give me yet more bounces.

If you’re looking for a standalone header-scan Bayesian-spam-identifying whitelist-plus-blacklist sort of app for Windows, I think MailWasher continues to be a good option. It’s been updated considerably since my ancient review of it.

Note, however, that the last MailWasher update was quite a while ago, so the program (well, the full “Pro” version of it, anyway; I don’t know about the free-as-in-beer basic version) still defaults to using the Open Relay Database (ORDB) service to identify spam sources.

ORDB has been defunct for a long time, now, and earlier this year the minimal server still running at the ORDB address started loudly announcing the service’s discontinuation by returning a “positive” response for every single query.

That means that MailWasher, with ORDB activated, will say that every single message it looks at is spam, according to ORDB. I think it actually won’t default to marking all messages for deletion, but this obviously still completely breaks MailWasher’s basic functionality.

Easy to fix, though: Just uncheck the ORDB option in the “origin of spam” config tab and you’ll be fine.

MailWasher also defaults to adding the apparent sender address for every message identified as spam to its blacklist, which seems to me to be just as dumb, if not as annoying to others, as sending bounce messages to those addresses (which is another feature you can turn on in MailWasher - for the love of all that is Holy, please don’t). Uncheck the “Mark the sender of the email to be blacklisted” options in the “Origin of spam” and “Learning” setup tabs, and it won’t do that any more.

Feel free to suggest, in the comments, any other standalone header-scan mail-filter programs you think I should check out. I’m aware of the spam filters built into various modern e-mail clients, but I’m still using a version of Eudora carved from primordial basalt and so don’t need any of those.

Any filter that requires you to download all of the spam, rather than just scan the headers, is also Right Out. Even when I’m not in the middle of a backscatter snowstorm.

From: Sharon Williams <sharon_williams29@yahoo.com>
Date: Thu, 10 Jul 2008 09:56:31 -0700 (PDT)
To: dan@dansdata.com
Subject: LCDs Purchase

Hello Sales,

I hold LCDS Store,So I will like to purchasing your Items Product,which is:

LCDS………………………………….5Pieces

So kindly e-mail me back with the Total Cost and plus the Shipping Cost together to London,E16 4SP ,So as to have you paid with my Credit Card# for you to charge for the Order from you there on your behalf.
Hope to hear from you back today.
Thank you..

Regard,

Oh, you’d like five LCDs, would you? Any preference? Five seven-segment calculator displays, five thirty-inch Dells… all the same to you, eh?

Every day for these scammers must be a new adventure. They’ve literally got no idea at all what might be turning up from the sort of ultra-gullible schmuck that’d fall for their “orders”.

The last shreds of my faith in humanity depend on nobody at all falling for this one, though.

Despite the mention of a London address, I think this is probably yet another Nigerian, or perhaps Romanian, scammer. They get a sucker at the stated address to send everything on to them, then the sucker ends up carrying the can when the goods vanish into Africa or wherever and no money comes back.

I don’t think any actual forwarding company will fall for this any more (this piece is almost six years old), but there’s still a pretty good supply of individual suckers who’ll believe what a brother in Christ has to say.