"Jim, can you tell me why my e-mails aren't getting to clients?"

They're being marked as spam...

"oh damn, how can we fix that?"

You can't. You can change the structure of your e-mails to look less spammy, but it's on their end.

"This is a disaster, we can't have our marketing e-mails marked SPAM!!"

Have you tried not spamming people?

"WE'RE NOT SPAMMING PEOPLE, THEY EXPRESSED A LEGITIMATE BUSINESS INTEREST"

No, you bought a mailing list and put together an e-mail campaign.

"But we aren't spamming people!"

IT VS Marketing 100% of the time

This just happened:

Boss: "Hey I can't send this mail, can you take a look?"
Le Me: *looking at the logs*
Le Me: "Your mail gets a spamscore of 2007.69 of max 2000. There is a virus in your mail."
Boss: "oh."

And it was a mail which he received from somebody and wanted to forward....

-Registers on a site to use the product
-Opens email

"Our weekly news digest"
"Our daily news digest"
"You haven't used our products for 15 minutes. We miss you"
"Would you recommend our products to a friend"
"If you like this, you'll LOVE this"
"Here's a promo code for something you don't need"
"You've unsubscribed. Was it really you?"
"You've unsubscribed. Was it really you?"
"You've unsubscribed. Was it really you?"
"You've unsubscribed. Was it really you?"

FUCK OFF YOU ANNOYING CUNTS

!(short rant)

Look I understand online privacy is a concern and we should really be very much aware about what data we are giving to whom. But when does it turn from being aware to just being paranoid and a maniac about it.? I mean okay, I know facebook has access to your data including your whatsapp chat (presumably), google listens to your conversations and snoops on your mail and shit, amazon advertises that you must have their spy system (read alexa) install in your homes and numerous other cases. But in the end it really boils down to "everyone wants your data but who do you trust your data with?"

For me, facebook and the so-called social media sites are a strict no-no but I use whatsapp as my primary chating application. I like to use google for my searches because yaa it gives me more accurate search results as compared to ddg because it has my search history. I use gmail as my primary as well as work email because it is convinient and an adv here and there doesnt bother me. Their spam filters, the easy accessibility options, the storage they offer everything is much more convinient for me. I use linux for my work related stuff (obviously) but I play my games on windows. Alexa and such type of products are again a big no-no for me but I regularly shop from amazon and unless I am searching for some weird ass shit (which if you want to, do it in some incognito mode) I am fine with coming across some advs about things I searched for. Sometimes it reminds me of things I need to buy which I might have put off and later on forgot. I have an amazon prime account because prime video has some good shows in there. My primary web browser is chrome because I simply love its developer tools and I now have gotten used to it. So unless chrome is very much hogging on my ram, in which case I switch over to firefox for some of my tabs, I am okay with using chrome. I have a motorola phone with stock android which means all google apps pre-installed. I use hangouts, google keep, google map(cannot live without it now), heck even google photos, but I also deny certain accesses to apps which I find fishy like if you are a game, you should not have access to my gps. I live in India where we have aadhar cards(like the social securtiy number in the USA) where the government has our fingerprints and all our data because every damn thing now needs to be linked with your aadhar otherwise your service will be terminated. Like your mobile number, your investment policies, your income tax, heck even your marraige certificates need to be linked with your aadhar card. Here, I dont have any option but to give in because somehow "its in the interest of the nation". Not surprisingly, this thing recently came to light where you can get your hands on anyone's aadhar details including their fingerprints for just ₹50($1). Fuck that shit.

tl;dr
There are and should be always exceptions when it comes to privacy because when you give the other person your data, it sometimes makes your life much easier. On the other hand, people/services asking for your data with the sole purpose of infilterating into your private life and not providing any usefulness should just be boycotted. It all boils down to till what extent you wish to share your data(ranging from literally installing a spying device in your house to them knowing that I want to understand how spring security works) and how much do you trust the service with your data. Example being, I just shared most of my private data in this rant with a group of unknown people and I am okay with it, because I know I can trust dev rant with my posts(unlike facebook).

Not checked my mail box since Thanks Giving, just opened my mail box to find 1600+ of these black friday promotion mother fuckers.

38°C, sunday afternoon, client be like: "Omg, I need you, it's important, can you call me?"

*calls client*

"So I got this E-Mail that said my SEO could be improved alot, why didn't you do that"

*looks at auto generated spam mail, hangs up*

My private Email Account got hacked when I was in school, and they sent out a mail with something along the lines of "hey, you should really use this product to lose weight, it is great" to all of my contacts. Many of them ignored it, some of them called me to inform me about the issue (the worst part was, long after I used 2fa and changed passwords regularly, they still had my name and contact list, so they just made email adresses that looked like mine and continued to send out spam to my contacts). Anyway, one teacher of mine didn't know that this was a scam and was insulted because I regularly sent emails about her losing weight. And as if the whole situaion, which I couldn't do anything about, wasn't bad enough, my parents and I had do have a 1h conversation (which ended up in me explaining how those hacks work, and luckily she understood, but still). Never again. I prefer those fake ms support guys that call me over this every day.

I absolutely love the email protocols.

IMAP:
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
x4 LOGOUT

Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.

SMTP:
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.

Postfix' main.cf:
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".

Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.

Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?

I can unsubscribe from your spam newsletter for FREE? HOW THANKFUL I AM!
What a great and kind service..and it doesn’t even cost anything to UNSUBSCRIBE when I DID NOT SUBSCRIBE IN THE FIRST PLACE

Paranoid Developers - It's a long one
Backstory: I was a freelance web developer when I managed to land a place on a cyber security program with who I consider to be the world leaders in the field (details deliberately withheld; who's paranoid now?). Other than the basic security practices of web dev, my experience with Cyber was limited to the OU introduction course, so I was wholly unprepared for the level of, occasionally hysterical, paranoia that my fellow cohort seemed to perpetually live in. The following is a collection of stories from several of these people, because if I only wrote about one they would accuse me of providing too much data allowing an attacker to aggregate and steal their identity. They do use devrant so if you're reading this, know that I love you and that something is wrong with you.

That time when...

He wrote a social media network with end-to-end encryption before it was cool.

He wrote custom 64kb encryption for his academic HDD.

He removed the 3 HDD from his desktop and stored them in a safe, whenever he left the house.

He set up a pfsense virtualbox with a firewall policy to block the port the student monitoring software used (effectively rendering it useless and definitely in breach of the IT policy).

He used only hashes of passwords as passwords (which isn't actually good).

He kept a drill on the desk ready to destroy his HDD at a moments notice.

He started developing a device to drill through his HDD when he pushed a button. May or may not have finished it.

He set up a new email account for each individual online service.

He hosted a website from his own home server so he didn't have to host the files elsewhere (which is just awful for home network security).

He unplugged the home router and began scanning his devices and manually searching through the process list when his music stopped playing on the laptop several times (turns out he had a wobbly spacebar and the shaking washing machine provided enough jittering for a button press).

He brought his own privacy screen to work (remember, this is a security place, with like background checks and all sorts).

He gave his C programming coursework (a simple messaging program) 2048 bit encryption, which was not required.

He wrote a custom encryption for his other C programming coursework as well as writing out the enigma encryption because there was no library, again not required.

He bought a burner phone to visit the capital city.

He bought a burner phone whenever he left his hometown come to think of it.

He bought a smartphone online, wiped it and installed new firmware (it was Chinese; I'm not saying anything about the Chinese, you're the one thinking it).

He bought a smartphone and installed Kali Linux NetHunter so he could test WiFi networks he connected to before using them on his personal device.

(You might be noticing it's all he's. Maybe it is, maybe it isn't).

He ate a sim card.

He brought a balaclava to pentesting training (it was pretty meme).

He printed out his source code as a manual read-only method.

He made a rule on his academic email to block incoming mail from the academic body (to be fair this is a good spam policy).

He withdraws money from a different cashpoint everytime to avoid patterns in his behaviour (the irony).

He reported someone for hacking the centre's network when they built their own website for practice using XAMMP.

I'm going to stop there. I could tell you so many more stories about these guys, some about them being paranoid and some about the stupid antics Cyber Security and Information Assurance students get up to. Well done for making it this far. Hope you enjoyed it.

285 GDPR mails and counting :)
How much did you lads collect already?

"Create an account now to watch these courses for free (don't worry, we hate spam as much as you do)"

Well that's a fucking lie. This woman named Christy is abusing MailChimp vigorously.

Fuck off marketing with your disingenuous "community update" mails, "what you missed last week" newsletters and "handpicked crap for you" notifications.

I want to use your platform, I even pay for it, but I don't want to get your useless mail until I found the energy to dig through your config panel looking for some half broken toggle button.

So I got an e-mail from a recruiter (a.k.a. recruiter spam) today looking for a candidate with four "essential skills" and my head almost exploded when I read what they were. I have regained my composure just enough to be able to write this rant, but I'm still not myself. I recommend sitting down for this. Are you ready?

The four "essential skills" were:
Java, Jenkins, Eclipse, IntelliJ

I don't know where to begin. Motherfucker, where do you get off telling me which IDE to use? Oh wait, you didn't, you expected me to be an "expert" with two completely different ones, you numb nuts. Why the fuck would I be? I swear to fuck these idiots would probably screen out the best programmer in the world because s/he uses VI/emacs/Atom/Sublime/fucking-Notepad.

I can hear them saying "oh, you don't know IntelliJ? Sorry, we need an expert in that."

Fuck off you filthy cunt! No, sorry, I take that back, I shouldn't be mean to the mentally disabled.

Also, Jenkins? Really? Any developer can pick up how to use Jenkins to its full effect in a matter of hours, or a couple of days at most.

Why do companies hire these jackasses to do a job as important as recruitment? Why do they write job specs that are so incredibly stupid? I almost replied to express interest so I could go to the interview and throw a bucket of red paint on them (because they're making me bleed inside).

Where's the Tylenol?

So my ISP just called me again that I'm sending plenty of spam. This time, I have all flows logged, so I know for sure that it wasn't my TV (only vulnerable device with internet access) and as my switch was offline there is nothing in front of my router anymore. And I learned that all the spam was going directly to their smtp server which I never used and didn't even know they have some. All in all everything points to their cable modem. Will tell them that in response to the mail they promised to send me. Really looking forward to new at least a little bit competent ISP (alternative should be available soon).

Fucking Gmail !!!! I hate you so much !!!

My mail server is fucking perfect, I have all the records in my DNS and even have a 10/10 score on mail-tester.com.
But this fucking Gmail keeps putting me the spam folder ! Why do you hate my so much ?

Earlier I signed up on this forum called NulledBB. Basically some hacker skiddie forum that had a dump of an archive I wanted, unfortunately behind a paywall which I didn't want to bother with.

On signup I noticed that I couldn't use my domain as an email address, as I usually do (the domain is a catch-all which means that mail addresses can be made up for each service I sign up to on the fly, super useful). They did expose the regex that they accepted email as however, which included something along the lines of "@live.*".

So I figured, why not register a subdomain live.nixmagic.com real quick and put that into the mail servers? Didn't take too long and that's what I eventually went with, and registered as somepissedoffsysop@live.nixmagic.com (which I have no trouble putting on a public forum as you'll see in a minute).

Still didn't manage to get that archive I wanted but I figured, fuck it. It's a throwaway account anyway. But eventually that email address started to receive spam. Stupid motherfucker of a forum operator with his Kali skidmachine probably leaked it.

Usually I just blacklist the email address in SpamAssassin by adding an additional spam score of 100 to email sent to such addresses. But in that case it didn't even sit on the main domain, thanks to that stupid regex block from earlier... 😏

*Logs into my domain admin panel*
*Le rm on the live.nixmagic.com record*

Null routed entirely.. nulled, if you will! 🙃

"Condor, your new Samsung Galaxy S8+ doesn't have the latest Google apps"

You know what Google? I don't give a shit about your latest apps. Often times I go out of my way to root the device and remove your mandatory bloatware, that YOU fucking Google enforce OEM's to preinstall. Fortunately BlueStacks doesn't have them preinstalled, which saves me the pain of uninstalling them. Given that, you've got quite the balls to spam me with this shit Google.

By the way, another thing.. this preinstall shit is linked to the EU antitrust rulings, isn't it? And spam is linked to GDPR, and honestly I don't recall ever opting in to this kind of wanketeering mail. In fact, I usually go out of my way to opt out of this kind of corporate wankery. Time for another huge fine perhaps?

It's finally happened. I've used my mail servers for about a year to give out different email addresses on my domain to things I sign up for online, and only used my "actual" email address that received all this email for the whole domain but the single one that I used outbound for private communications.

This worked well for a long time as I could see when spam comes in, where it came from by looking at the email address I designated it. Each company's email would be sent not only from an email address that they choose, but also to an email address that I choose. It allowed me to easily determine where there were problems. For example, on Freenode IRC my vhost happened to make my username@host there a valid email address. It eventually got blacklisted due to too much incoming spam as crawlers started detecting it. Another one was "nickname"@my.domain as I posted it a few times here. Got crawled as well. But it allowed me to easily blacklist each.

I'd never thought my actual outbound email address, my real one, to get crawled though. That would require the mail server of a company I explicitly communicated with to get hacked. But today that happened. I wonder whose it is, but I can't tell.

Time to make my outgoing email bound to a designated email address as well. I want to know which companies this happens to, even if they don't disclose it.

All it takes is an image to beat Google's spam filter. This prince ain't that dumb after all.

Yeah... sure...

Thanks, [Sender]

Often I hear that one should block spam email based on content match rather than IP match. Sometimes even that blocking Chinese ranges in particular is prejudiced and racist. Allow me to debunk that after I've been looking at traffic on port 25 with tcpdump for several weeks now, and got rid of most of my incoming spam too.

There are these spamhausen that communicate with my mail server as much as every minute.
- biz-smtp.com
- mailing-expert.com
- smtp-shop.com

All of them are Chinese. They make up - rough guess - around 90% of the traffic that hits my edge nodes, if not more.

The network ranges I've blocked are apparently as follows:
- 193.106.175.0/24 (Russia)
- 49.64.0.0/11 (China)
- 181.39.88.172 (Ecuador)
- 188.130.160.216 (Russia)
- 106.75.144.0/20 (China)
- 183.227.0.0/16 (China)
- 106.75.32.0/19 (China)
.. apparently I blocked that one twice, heh
- 116.16.0.0/12 (China)
- 123.58.160.0/19 (China)

It's not all China but holy hell, a lot of spam sure comes from there, given how Golden Shield supposedly blocks internet access to the Chinese citizens. A friend of mine who lives in China (how he got past the firewall is beyond me, and he won't tell me either) told me that while incoming information is "regulated", they don't give half a shit about outgoing traffic to foreign countries. Hence all those shitty filter bag suppliers and whatnot. The Chinese government doesn't care.

So what is the alternative like, that would block based on content? Well there are a few solutions out there, namely SpamAssassin, ClamAV and Amavis among others. The problem is that they're all very memory intensive (especially compared to e.g. Postfix and Dovecot themselves) and that they must scan every email, and keep up with evasion techniques (such as putting the content in an image, or using characters from different character sets t̾h̾a̾t̾ ̾l̾o̾o̾k̾ ̾s̾i̾m̾i̾l̾a̾r̾).

But the thing is, all of that traffic comes from a certain few offending IP ranges, and an iptables rule that covers a whole range is very cheap. China (or any country for that matter) has too many IP ranges to block all of them. But the certain few offending IP ranges? I'll take a cheap IP-based filter over expensive content-based filters any day. And I don't want to be shamed for that.

Wow! They are incredible!

I keep creating new email filters every week or so, and they keep finding new ways to send me spam!

The best part is - these emails are sent from our internal infra. Judging by the sender it looks like they have created a bot collecting various events and sending them to... everyone.

Much smart. Many useful.
Much working

Has there ever been a single business that has benefited from the "Tell us why you wish to unsubscribe from our mailing list" feature?

The fuck do these corporate fucks expect? A 5 page thesis on why I don't want spam I didn't sign up for?

Recently I got an E-Mail from PayPal.de with the headline "Your account gets limited". Fun Fact: I don't have a PayPal account.
This Mail got me curious though, as it couldn't be a phishing mail, since I don't have a PayPal account in the first place, so I opened the e-mail just to get greeted by pure emptiness. It was completely empty. I thought to myself "oh no, is this some sort of new trick? Did I get infected by some sort of a weird hacky backdoor trojan already?!"

Name: PayPal.de
Original E-mail Address: NULL (never seen this before)
I then realized, that Thunderbird blocked the only content from this mail: a clickable image.

This is getting even more confusing the longer I examine this unique mail. The image is showing me a domain from a site completely unrelated from PayPal, so it was obviously no phishing, but I didn't trust this clickable image, so I looked up its hidden link to find an even more confusing redirection to not a picture upload site like the image suggests, but to a game key reselling site instead, like wtf? What was the whole point of this whole e-mail? Was this a weird try to make advertisements for more than one website? It wasn't even a ref-link or something like that. It was just weird, iunno.

ok ok I'll move it to inbox Google, you lazy ass company can't you make your won mail service to it by it self -.-
Must admit, those spam emails are getting funnier by the day

Spam mail 2
Top is my reply
Bottom is spam mail

It's emails like this that remind me Amazon knows less about me then I think they do....😁

These postings on angel.co

I swear to God it's like I've uncovered a conspiracy theory.

I had been searching for a side project now that holidays are coming and I really don't wanna get bored.

Applied to a few companies. About 5 of them "responded" with an acceptance. I write them my interview timings and all that's required.

Nothing. Nothing for like a solid week and a half.

Meanwhile I applied to more companies and still the same thing.

I decided to manually mail their companies regarding the process, so that I can, preferably, move on to other ones if they have rejected the application (which they obviously hadn't)

I get mails from almost all the companies with some or the other variant of "We were waiting for your reply to proceed"

I tell them I had replied over the conversations and they said they never got a message.

Now feeling that this might be angel.co at fault. I wrote a request to look into the issue. Meanwhile I tested the system using a friend's account as a recruiter and testing myself.

Unsurprisingly it was working flawlessly.

Narrowing it down to the companies then.

I sent a document with my findings to each of the companies and pretty much 50% of them stopped with replying.

The rest confirmed that they hadn't received any mails regarding the same and they saw no mail resembling the one I tested with my friend.

Kinda confusing but I asked them to look into it.

Meanwhile mail from Angel returns saying that their system is working perfectly fine even around my region. So idk what was the problem

I got a mail 3 weeks after the first mail to the company. They had been using a utility to auto-accept/reject profile applications. This util sent a lot of mails, even for rejections, to their mailboxes, filling them.

So they decided to remove these emails automatically by marking them spam. Apparently, the interview confirmation messages also count as these emails and were automatically archived. Thus removing my responses to those companies.

Idk if this is widespread issue because only one company has responded to me yet.

I'm still livid with this shit.

Passive aggressive deed of the day: Whenever i am replying to a mail with no subject, i start with "sorry i missed your mail as it went to my spam folder, maybe because it didnt have a subject".

So sick of this shit.
It should be illegal.
I just want to get my stickers and never check the mailbox again.

!dev
Fuck you google!!
Let me send a mail to my shitty internet service provider with abusive words as much as possible.

Fucking gmail rejecting my message as spam by content filtering.

How ethical it is to send 1gb email with big picture with word “NO” in response to spam email that wants my agreement ?

By:Miss. Lucia Wright
Punchline : VERY IMPORTANT MESSAGE MY DEAR

 

 

 

Dearest Friend,

My greetings to you in the name of our Lord Jesus Christ. I am sister Lucia Wright I am married to Archdeacon. Collins Wright whom until his death served as an archdeacon in the St. Micheal's archdeacon in Ivory Coast for nine years before he died in the year 2005. We were married for eleven years without a child. My Husband died after a brief illness that lasted for only four days.

Before his death we were both born again Christian. After the death of my Husband I decided not to re-marry or get a child outside my matrimonial home which the Bible is against. When my late husband was alive he deposited the sum of $22. Million in a security and finance company in London for safe keeping.

Presently, my Doctor confirmed to me that I have serious sickness which is cancer problem. The one that disturbs me most is my stroke sickness. Haven known my condition I decided to donate this fund to a church or individual that will utilize this money the way I am going to instruct herein. I want a church that will use this fund for orphanages,helping the widows, propagating the word of God and to endeavor that the house of God is maintained. The Bible made us to understand that? Blessed  is the hand that giveth'. I took this decision because I don't have any child that will inherit this money and my husband relatives are not Christians and I don't  want my husband's efforts to be used by unbelievers. I don't want a situation where this money will be used in an ungodly way,

this is why I am taking this decision.

I am not afraid of death hence I know where I am going. I know that I am going to be in the bosom of the Lord. Exodus 14 VS 14 says That? the lord will fight my case and I shall hold my peace'. I don't need any telephone communication in this regard because of my health hence the presence of my husband's relatives around me always. I don't want them to know about this development. With God all things are possible.

As soon as I receive your reply I will give you the contact of the security and finance  were the amount sum is deposited for you to contact them, I want you and the church to always pray for me because the lord is my shepherd. My happiness is that I lived a life of a worthy Christian. Whoever that Wants to serve the Lord must serve him in spirit and Truth. Please always be prayerful all through your life.

Any delay in your reply will give me room in sourcing another church or individual for this same purpose. Please assure me that you will act accordingly as I Stated herein. Hoping to receive your reply. Due to present condition of my health,I was warned by my doctor to avoid receiving or making any call. For that,I have submitted the information of  the deposit to  my lawyer, As soon as I hear from you I will forward to you the lawyer's contact.

Remain blessed in the Lord,

Miss. Lucia Wright.

Well ok... If you want me to, I can surely help you out 😈😈😈😈😈

Uh-oh I fucked up.

Not at work, but with my website where I had an email forwarder to an external address. The forwarding was everything so that I could do the spam filtering and occasional check in one place. Unfortunately, that triggered the spam detection at the external address (after some years!), and my provider ended up on a blacklist.

That got me a pretty angry mail from my hosting provider who had already disabled the forwarding and wanted to make sure that I understood the issue and would not put it in again.

I thought about whether they had fucked up because it was even possible to do that, or whether I had fucked up because I should have known. Hm yeah I opted for the latter and apologised.

The support guy seemed happy that I didn't try to argue (possibly like other customers...), and advised that I just should add another account in my email client. Sure, at least that will prevent this shit from happening again.

He also mentioned that every single blacklist issue they had experienced in this year was accidental due to external forwarding issues and that they would consider just disabling it altogether.

Which is probably a smart move, just as hint for these ranters here who work at hosting companies. Or at least only enable external forwarding if spam assassin or so is in place.

So, I was rejected from a job cause I didn't answer one mail asking for a technical detail about my code... my bad for it.

Except I checked the mail every single day and it was neither in mails, nor in spam, nor in the other gmail smart labels, and it magically appeared October 30th, with the date 27th October. WAT?

I am not even angry (I am extremely sad because a remote job would have allowed me to finally move in with my sweet half, but that is another story) just... wtf? How...did it...? WAT?

WTF?!? so apparently I guy I know, knows the guy who built dodeley.com (don't get me started on the name!)

Oh boy... Where should I begin? So besides the fact that I'm pretty sure these newsletters will be classified as spam (aites like mailchimp and so on actually pay large mail providers not to classify them as spam, I doubt they do...), their so called "widget" is just a form, sent to their domain using GET, FUCKING GET, NOT POST, GET!!! The request looks something like "dodeley.com/?action=subscribe&id=xxx&field1=xxx&..." I mean like, WTF? Oh and their solution to not leave the page is simply to add a target="_blank" to the form, that you have to include on your site.

Did I mention, that the form id is static? Did I mention, that there's no validation on what you enter?

Who the fuck programmed this shit? Honestly!

My IT-teacher has a website. Aside from it looking like from 1980 (which is ok), he has a "security js Mail decryption":
In his page there is a <script> with a simple yet custom de/encrypt function. Then his E-Mail is an <a href="javascript:mailto:function('rubberish173848'>private email</a>. (Or something like that)

You can just run this link (open email app and read it) or use the same function and same href in the browser console and read it. It sounds so stupid.

(Yet I figured out he probably doesn't want bots to spam his mail, so maybe I am stupid)

I am here on devRant now for a while. Althought, reading amy of your stories and taking care of websites is not what I usualy tend to do, I started doing it as a favour for a friend of a friend.
Baaad bad decission :-(

"pls, dis is urgnt! uplood dis pics asap on page"
*mail notification*
*face palm 1* because who sends pictures by mail these days ... I like my 50MiB Inbox, dont spam it with garbage!
*opening mail - lists attachments: 1 file, ~900KiB* ok whats happening now?
*facepalm 2, 3, 4, 5, 6, 7, 8, 9* (10 if there still would be a face to palm on)

the person seriously send me the pictures in an attachment, within a pdf document that was created with MS Word.
No - Just NO!

I should have known better ... sooo much better :(

My main mailbox is so full of spam i almost missed a good job test. Wtf
And these mails are so fucking irrelevant loan, cars, bank, life insurances... I DON'T FUCKING CARE ABOUT THEM, WHY THE FUCK ARE YOU FILLING MY MAILBOX YOU ASSHOLES 😠😠😠

and what's even more weird is how they all have one common sentence in exact formatting : "you can simply WIPE Out your mail from the mailing list".

I feel as if my email has been hacked. Any suggestions?

Oh man setting up postfix and dovecot (plus things like rspamd) is a pain in the ass.
But it's worth it, having your own mail server is just quite a good feeling.
Now I just need to find out how to get it to pass the spam filter of Google, despite the server and the DNS zone being well-configured (better than my school's mail server according to tests, but that one still manages to pass. I have no idea why.)

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

sophisticated spam >>>
My name is Susan W. Alphonsus, I am a US military Soldier currently in Iraq. I have an important information to share with you, If i receive your response ,i will give you details of the information.

No, I'm not interested in your credit card offer 😬

I need a spam filter for my mailbox like my email 👻

There are a few email addresses on my domain that I keep on receiving spam on, because I shared them on forums or whatever and crawlers picked it up.

I run Postfix for a mail server in a catch-all configuration. For whatever reason in this setup blacklisting email addresses doesn't work, and given Postfix' complexity I gave up after a few days. Instead I wrote a little bash script called "unspam" to log into the mail server, grep all the emails in the mail directory for those particular email addresses, and move whatever comes up to the .Junk directory.

On SSD it seems reasonably fast, and ZFS caching sure helps a lot too (although limited to 1GB memory max). It could've been a lot slower than it currently is. But I'm not exactly proud of myself for doing that. But hey it works!

"Of course you aren't a gag. How could I..?"

After waiting weeks and weeks for my account to be deleted (they asked for email to support for that, altough egistration takes 5s) I finally asked last time, this time using magical word "GDPR"

Got my account and data deleted under an hour and now their account settings page have delete account button. Even if it's this fake one which only changes email/id to prefixed one, still it was worth it.

Did, uh... this guy fuck up his spambot or...?

Recruiter logic: I know that developers receive a lot of messages from recruiters, so I'm sending you the third mail within a week to make sure you don't miss my special deluxe job offer!

I hate these recruitment spam bots...

First Privacy policy, now this..

WHAT THE FUCK IS GOING ON??

Fucking ant-cumstained garbage bag. How come you are so inaccessible you satan website.

I wanted to look at someone on facebook. But for some things you need an account, so I sign up with my spam mail and a random name and the birth date that was filled in

When I try to login facebook says: your account might be compromised, what is your birth date to verify it's you.
Wtf I just made this. So I fill in the standard birth date.
WRONG BIRTH DATE YOU CAN'T TRY AGAIN FOR THE NEXT 15 MIN

Im glad I abandoned you long ago.

But apparently you know you suck since you don't allow new users?

So I still have my very first email account, a hotmail account as a secondary, kinda spam account.

i signed up around 2000 i guess.

someone tried to get in, i got loads of mails of failed login attempts so i wanned to go and change my pw. But because of that bastard i cant login with just pw anymore, i need my phone. THAT ACCOUNT IS 20 FUCKING YEARS OLD. I never even provided a phone.
spent the last 20 minutes providing personal details to microsoft which are probably not the ones i used for signing up anyway.

you know how careful we were whem signing up for something online back them? I probably signed up as Thomas anderson from zion...

anyway, done now and bow it will take 24h for them to review it..

all of this only to reset my forgotten pw for my epic games account for with i signed up with that mail..,

holy guacamole.. I should start to trust password managers...

I absolutely hate it when companies use this or that medium for communications despite me asking them time and time again for another.

I have a mail server for more professional communications. The phone, only for stuff that won't matter if I inevitably end up forgetting about it (even more so now that Google made call recording more or less impossible, laws be damned). I will forget about a phone call no doubt. I've got better shit to do than to remember your manglement decisions, thank you very much. On mail, that's all nicely on my mail server for retrieval in several years even.

So I ask them to use the email address I gave them, a dedicated one for their company too (catch-all go brrr). Can't do that with phone numbers. Managing all those SIM cards aside, our government has now limited the amount of SIM cards one can have to 10. And texts and phone calls are not a long-term medium! And I can't share my phone number with just about anyone because people will inevitably spam the shit out of it, AND it's hard to replace! It's not a good medium! So with all due respect, companies - I couldn't care less what medium you prefer to use for your customers. You don't care about what your customer wants you to use - explicitly so! - and you lose a customer. It's as simple as that. Dealing with manglement is one thing, but dealing with manglement using the wrong media is something I'd really rather not do.

But hey I guess that virtue signalling is more "in" than actually listening to your goddamn customers nowadays? Let's replace another master/slave reference. You know, arguing that if we did that 2 years ago, George Floyd would've totally survived. Not by fixing the US police brutality, oh no no no. That's not the right way. Changing nomenclature and hashtags however, and not giving half a shit about your customers, yeah that's the way to go!

Aaarrgghh! Stupidity of some webdevelopers! Ordering new battery on e-shop and got in my mail devilery report from one freemail service. Checking what kind of spam it is and those lazy bastards are taking my full order and sending it with my e-mail addresses in From to their freemail account. Which correctly rejects it based on SPF as the freemail suprisingly does its job well. Who the hell thought this would be a good idea? Grrrr!

All results for GDPR on my "spam mail adress" (NO results for DSGVO!) ... seems like GDPR doesnt apply for spam :D but this email is also registered to sooo many services and websites... i think the search is broken :|

This pathetic spam mail I got 🤣🤣🤣

Someone is trying to get into my shit. Mail Accounts and my phone is receiving lots of. Spam calls and phishing messages...

Fucking bastards..

We all get phishing shit but if it’s targeted it makes me feel awkward..

Little fucking bastards.. I think I even know who it is.. that useless piece of junk that got fired because of my honest feedback. Not many others know my current nr, emails etc..

OMG !!!

The CRA (Canadian Revenue Agency) is now operating with freenet in Germany!

Wow, just fucking wow, you did it again Microsoft. You know the default mail app that comes with 8.1? It just randomly downloaded a pdf of a spam mail that it DELETED BY ITSELF before. Wow... "Hey, that looks fishy. Probably a trojan. LETS DOWNLOAD IT". I haven't even opened it. I was on my Desktop when it happened. Immediately deleted that crap.

That's actually the first time in the 3 years i have my pc that my antivirus was needed and it's not even my fault.

Again got an email(pseudospam) from a service I subscribed to (yes I did). It says the email is from CEO and it's supposed to be X-mas wish + invitation to their youtube channel. It was, kind of...

But the words they (or he, but I hope not) used in the email! It was so obviously blank, such uninteresting-president-speech. It was even targeted as a spam by gmail. In a foreign lang.

I mean... if you want to reach to your customers, sit on your ass and imagine _yourself_ reading an email that's long, its point was lost somewhere in the fourth sentence and magically appeared at the end + even default mail filter targets it as a spam.

That's what you get from a service. Motivational crap and blank words. Many thanks, I haven't heard a lot of those lately, eh?!

Got recruiter spam from a "devs only" super-hip recruiting company. As they announced in the mail, they develop themselves and know the difference between Java and Javascript. On their blog where the last post is from more than one year ago, they have hints how to pimp up one's resume. Amongst other useful things: don't use Comic Sans.

WHAT THE FUCKING FUCK?!

Used own fake/spam mail to sign up here... (real address I kept for several years)

Wants to get stickers but need to send them real name and address with this email account..

Well fuck :~

Sometimes I feel that as we have some rules and accessibility guidelines for 18+ when they visit any website, play a game etc., we should also think about 60+ who are not technology friendly. I've explained to many elders why they should not share their personal information on public forums like facebook or twitter, or why should they not reply a spam mail.... but :(

Hey I just met you
And this is crazy
But here's my mail address
So spam me maybe

Mesosphere sold every e-mail who registered with them to Tech Global Leads. Either that or Tech Global Leads stole a list of leaked e-mail addresses. In either case I unregistered/unsubscribed from Mesosphere and still got e-mails to those two specific accounts from Tech Global Leads with Mesosphere consulting soliciting. (So they keep e-mail information, even for accounts that unsubscribe).

TGL doesn't even have a website up. They're either amateurs or scammers. Either way, fuck you and your spam, both TGL and Mesosphere. Go die in a fire.

Days like these are a perfect fucking opportunity for corporations to spam your mail and feed you with friendshit and then help you help them with click bait.

P.S Friendship is for decades not a day. Now can we have a good Sunday lunch? Enough of this bullshit.

Co worker asks, why he can't send e-mails to a particular address. others cant't either

Turns out that the other company has blocked us.

*We are no spam senders, it was an issue they had with our company before*

So, spammers found the special character catalog on their machines.

Microsoft, please stop the incomprehensible work vs. school account stuff and if you want to mail me a login code, then please actually do send an email. What's wrong with Microsoft Teams and office always giving its users headaches already when trying to log in?

A customer sent me a "FindTime" link, something like Calendso / Calendly, but "powered" by Microsoft Office. Seems that their power is off again, like ever so often. Microsoft: "can't access your account: You can't sign in here with a personal account. Use your work or school account instead."

Okay, go to bing, and search your error message. Try to use bing page to log in to my account: Microsoft: "We emailed a code." (No you didn't. At least I never received anything. And, yes, I did check my spam folder!) Microsoft: "Other ways to sign in: use Microsoft Authenticator".

me: "dear customer, please feel free to pick any time and date that matches your preference, as the FindTime link has been impossible to use".

How can Microsoft make me feel so dumb again, after more than 20 years as a developer? Have they ever heard about usability?

Any disposable e-mail address service:
"FIGHT THE SPAM"
"THANK YOU FIGHTING THE SPAM"
"YOU DID GOOD BY FIGHTING SPAM"

The users of disposable e-mail address:
*creates another spam account*
*creates another multiaccount in order to exploit a system*

Companies actually fighting spam:
Now there is even more spam to fight against. (which is not good)

About 2/3 of the accounts created daily on our website are spam accounts. We have to waste our time with this shit instead of actually improving our services. Since we do not track IP-Addresses and there are countless amounts of disposable e-mail domains AND there is still the option to create countless spam e-mail addresses within legit e-mail providers, there is no easy way of stopping this madness.

"Fight the Spam", you could start by deleting your shitty service or at least give us a list of all the domains you're using, srsly.

TIL: the opposite of spam is ham

Setting a filter to send any mail from the QA team to spam is cool right?

How would you approach choosing a fairly short but meaningful domain name? Common words are obviously going to be taken.

I have a handful of domain names used for different things, but my main one is 17 characters long and made up of 2 words and not particularly interesting (my surname + another word). It's relatively easy to read out to people over the phone, but inputting it in a phone handset or on a device without a keyboard (e.g. setting the hostname + domain of a media centre with a remote control) is a bit tiresome.

Doesn't even have to be something I can say easily as I mainly want it just for "infrastructure" purposes rather than to host a website etc.

I'd probably use it for sign-up e-mails to reduce the amount of spam/newsletter mail (I do generate a separate address for signing up to most services) but other than that wouldn't be using it regularly for e-mail.

But I don't want something meaningless like abcxyz.

It's lovely when your corporate application starts having problems sending mail through google, so you fallback to your onsite mail server, only to learn it is nothing more than a pass through to your gmail account.
Not only that, but it isn't secured at all, so spam bots have been sending millions of spam emails through it, leading to your google account being blacklisted which caused the email problems in the first place. Yay!

Pharmacy... Preorder-mail got stuck in spam due to weird receiver passphrases so they didn't actually order it (it was "banana" followed by an steadily incrementing number). You wouldn't believe their faces after they saw my mail.

It took the pharmacy exactly ONE HOUR to get that medicine after I went up getting them to know that they missed an order. They express ordered it after I guess I signaled the urgency...
That's one of the pretty great things in Germany. If you need medicine and if you're in a medium populated area, you could get it within hours, or at least in 1/2 day if they not express the order and you order over their website.

But this is attacked due to European trade deals. Online pharmacy shops (the ones without local pharmacies) simply trade in from cheaper areas in Europe and can sell much cheaper. Also because they aren't committed to cross finance local hospital medicine delivery which then let's the health insurance raise their prices.
But due to the law for the minimum wage and therefore steadily decreasing wages the online-only pharmacies get more and more of the market cap....
Such problems aren't easy to fix...

I pretty much had my spam under control for quite a while, receiving only a few spam mails per week. However, in the last month or so the volume has picked up significantly, and now I just saw 16 new spam mails in the last two hours! Fookin shyte…

Of course I suppose they don't realize that at least Gmail is quite effective in filtering that crap right into the Spam folder so I don't have to deal with it. Come on, I know e-mail is cheap but mails that are never read might as well not have been sent in the first place…

That lovely moment, when I have to spend an hour on mail delivery issue, only to find out the message was flagged as spam due to a faulty dns blacklist.

Though the way it got flagged is idiotic and funny at the same time, too.

The blacklist domain got parked, dunno why, and of course, all of the dns queries thus got redirected to a different dns server that just returned the A records of the dns park owners.

Guess what that causes when you use that blacklist? Every single email gets flagged, including that one of ours that I had to debug.

Fml, an hour of overtime for a stupid malfunctioning blacklist...

Just got an "no-reply" email that wants me to click a link for customer satisfaction survey. No company name, no whatever, just plain text and the sender is "no-reply@nestor.com" Is there a way to find out where did they get my email?!

Want to send an email? Sure thing, how about you configure first a DKIM, DMARC, SPF and some reverse DNS. Otherwise your mail can go fuck itself, because it won't even make it to the spam folder. Even if you do all these time consuming fuckwit tasks I might just mark your mail as spam. Because fuck you, that's why.

Sending mail to Gmail in a nutshell.

Can someone help me with finding a good acronym definition for SPAM?

Ideas:
Super Pissed About Mail
Stupid People A? Mail
?

When you have to block a email address from a website providing you a great way to have a payment form for your client because they didnt implement the unsubscribe and you get spammed at every test