BTW, pairing this with a personal assistant stripped of any access to personal information/property/devices (such as an hypothetical open source cloudless one) and instructed to ask for details on every possible part of the offer, one could make the perfect weapon against phone telemarketers as well.
Spammers are going to develop anti-spam filters :)
It did also manage to flood their phone lines making their call center useless for a while.
I'm not sure.
I'm not sure. Even though it is, as you say, remarkably unsophisticated on a technical level, it is extremely accomplished on a artistic level.
When I first learned about Lenny, I listened to most of his conversations, and it's impressive to hear how often he actually seems to be answering questions or gets distracted in just the right way at just the right time.
The writing (and acting) is just about perfect. I don't know if this is because of sheer genius, or simply lightning in a bottle, but either way I doubt it could be simply reproduced hundreds of times.
I remember first seeing it a while ago, posted here, ironically (or perhaps naturally) in a thread about Spamnasty (also excellent).
Does it count as passing the Turing test, or the scammers don't count as experts?
Come to think of it, the scammers themselves would fail the Turing test.
It would be a much easier version of the test if the AI only has to fool the examiner in a limited set of circumstances such as a scammer trying to qualify people as potential scam targets with a minimum of effort.
Based on the GitLab project, the author seems to be @stavros:
554 Recipients' domain disabled
Reporting-MTA: dns; googlemail.com
Received-From-MTA: dns; ----------@gmail.com
Arrival-Date: Sat, 30 Dec 2017 20:49:25 -0800 (PST)
Final-Recipient: rfc822; firstname.lastname@example.org
Remote-MTA: dns; mxb.mailgun.org. (18.104.22.168, the server for the domain mnesty.com.)
Diagnostic-Code: smtp; 554 Recipients' domain disabled
Last-Attempt-Date: Sat, 30 Dec 2017 20:49:27 -0800 (PST)
> Unfortunately Mailgun has disabled the domain due to rate limits. All we can do is wait […] I think it's just the HN effect that got it to send too many messages at once.
That said, I think it’s nice to be able to reflect the same attack vector upon the attackers to make the attack less efficient and hopefully less attractive.
If it's just bots replying - which honestly doesn't actually seem to be the case - I don't think it's going to make a big dent in their efficiency. It might backfire, though, and just cause more garbage traffic.
Message not delivered
There was a problem delivering your message to email@example.com. See the technical details below, or try resending in a few minutes.
The response was:
554 Recipients' domain disabled
There should be some type of domain rotation (or you can test spoofing, just to see if spammers use the same anti-spoof software everyone else does), just like how spammers do so.
As an aside, kudos for using gitlab instead of github.
I should dig that up again.
EDIT: Oh huh, it's been more than a year: https://www.stavros.io/posts/spamnesty-waste-spammers-time/ How time flies.
“554 Recipients' domain disabled”
I already support several projects like this.
While I think the donating of DNS records is an interesting idea, I personally wouldn't want to risk giving permission to an outside party for the domains I use, and I don't think it would be worthwhile to try and correctly maintain a domain just as a donation.
Spam is a daily problem for me. I can't use auto-filters, because I live in Taiwan and most emails written in Chinese are flagged as spam. That includes important messages from my bank, colleagues, and landlord. Eventually I gave up using auto-filters, and I now manually delete ~50 spam every day.
Being able to do something useful with that will make my spam-sorting a little less mind-numbing.
Blabank alias only gets email from their domains, anything else goes on the trash
One other thing I did was ported my landline over to callcentric.com, where for $3.50/month or so, I can 'firewall' all calls coming to that number, making it safe to give out to anyone. Their call treatments allow me to, by specific number or patterns (800*), drop, send to voicemail, play the "number disconnected" tone, forward, etc. It's great - no more calls I don't want.
switch to "legacy google voice" and then go to settings:
If I do answer, I stay silent even muting my phone.
Usually call just hangs up.
I get the cruise every few months, from a spoofed local numbers.
As soon as I say hello, the automated recording went off.
I had a friend who liked playing around, and drafted fake PayPal confirmations and western union statements as proof he sent the scammers money.
They were confused why they didn't have his funds asking him to triple check recipient info and resend, which he would send another fake confirmation.
They would eventually catch on cussing him out after weeks
There is, and I signed up for it. When I did, I got an order of magnitude more calls. I eventually had to change my phone number.
> I also love terrorizing spam callers with "give me your name and company name, this call is illegal". They usually get flustered and hang up.
That doesn't work on bots.
It would all work nicely until the spammers start creating their own bots to keep our bots busy. Bots would keep inane conversations going forever.
Then, I presume, Skynet.
554 Recipients' domain disabled
<firstname.lastname@example.org>: host mxb.mailgun.org[22.214.171.124] said: 554 Recipients'
domain disabled (in reply to end of DATA command)
Maybe it would be more appropriate to show email there, since it's intended for spammers as well.
It's like when you say something funny in a group setting which only one person hears, and instead of asking you to repeat it for everyone, they repeat it loudly themselves like it was thier joke! :)
Edit: Heaven forbid that you should point out that HN is sometimes just like Reddit! Downvote away, I have no interest in MIPs†.
†Meaningless Internet Points
Looks like for some spammers, the game is already up.
I wonder what James Veitch would have to say.
That they host the code in gitlab is a nice touch.
A guy who runs the mail transfer agents for an email security provider and has to deal with this every day.
Thanks to the author(s) for doing it.
After all, these messages benefit actual companies. I receive many spam messages from American companies that are legit. Why can't governments do more to fight spam? It's illegal after all (at least in Italy and I'd guess Europe), so how come companies get away with it?
The spammer side seems to also employ some level of bot automation, and its like two bots going at each other with the occasional broken english comment showing confusion and frustration....this is truly golden.
I didn't like the idea of having to manually forward the email, manually remove personal information from the body of the email, and sucking the recipient into watching the conversation unfold live. Because it increases the amount of time a recipient expends over a spam email.