Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: How to get lots of spam, fast?
72 points by timbowhite on May 30, 2015 | hide | past | favorite | 45 comments
I'm working on a spam control plugin and I need to test it. Ideally, I need hundreds to thousands of emails, from different senders, delivered to my test email account.

Are there any tools or methods available for this? I haven't found anything, I imagine because such a tool would be rife for abuse.

Hopping on the top comment to provide a more serious answer than some below..


Mailbait looks helpful for a project of mine, thank you for sharing!

I used GenSpam [1] for my thesis on spam filtering, but it doesn't seem to be as comprehensive as others out there, plus using a corpus instead of 'live' email might not be quite what the original poster wants.

[1] http://www.benmedlock.co.uk/genspam.html

Thanks for this, best answer on the thread.

No problem! Glad it was what you were after

Host a tor relay. I run two and put my email up as the maintainer and now I consistently get over 200 messages a day (I've since shut down my private mail server it was so bad).

Thank you for supporting privacy efforts.

Thank Snowden and Appelbaum. It was because of them that I started up these relays.

You kind of guys are still the hope for humanity. I do not understand all the technology completely. But i get the gist for what you are doing. Than you very much.

I run four Tor relays and don't get spammed. I also obfuscate my email by formatting it in a readable, non-standard way that can't be spammed automatically without parsing (eg someone [at] example dot com).

I actually did exactly that.

I had a similar experience. I was able to fairly effectively mitigate it by setting up SA, blocklists, and greylisting.

I ended up going with DSPAM from this particularly good tutorial [0] but ended up just not wanted to deal with it anymore. Without significant tweaking it ended up putting all my legitimate mail in junk/spam folders as well so I ended up having to browse through all the garbage anyway.

[0]: http://sealedabstract.com/code/nsa-proof-your-e-mail-in-2-ho...

If the goal is just to get spam, don't do this from an IP you care about. I ran a relay for awhile and got added to blacklists, although I did only manage to find one website that blocked me purely on that basis (scn.sap.com).

Why the high volume?

It seems that since the email is published (https://globe.torproject.org/) crawlers scoop these up and start hammering away.

Perhaps there is noticeably higher volume because it is Tor and hacker types might find more value in it. I'm not quite sure.

Run a simulated OpenRelay https://github.com/schumann2k/SpamTrap but instead of dropping all mail, redirect it to your target account. Might take a few days to weeks to get started though.

I have a lot of spam gathered over many years. It would need washing to remove my addresses from it, but there's a chance I could provide you with a corpus.

I would need more details about what you're doing, and some assurances about what you would do with the data. What do you actually need? Do you need all the headers? It would be easier if I only needed to provide the bodies.

I would need to look at the data I have, and I might withdraw this offer if it would be too much work. In the meantime, perhaps you could think carefully about exactly what you need.

You can contact me via the email address in my profile. It might take a day or two for me to reply.

Report a bug to Debian on http://bugs.debian.org and wait 20 minutes.

I did research in this area with the amazing Jeff Huang [1].

(Here's the findings: https://medium.com/@karan/how-do-spammers-harvest-your-e-mai...)

Answer to your question: https://d262ilb51hltx0.cloudfront.net/max/2000/0*q9f3570SPFf...

> Notably, spammy mailing lists send the most spam. These mailing lists include sites that promise you free credit scores, or insurance quotes, or free ipads etc. These sites stink of spam, but people still continue to give them their email addresses.

[1] http://jeffhuang.com/

Post that your company just got funded in CrunchBase :)

But in all seriousness, look at blackhatworld.com (where the spammers gather) and look at how they scrape and spam email addresses (search for "email method"); there are a few ways that everyone else is copying, and you could get your email in there.

Actually talks about email spamming are prohibited at BHW. It is mainly a SEO forum nowadays.

Setup your email server to "swallow all". I did this and after a few years I got around one million spam mails per day.

I guess that if the emails never bounce they will keep sending new stuff to you. It's like saying "yes, yes, yes" to a sales person, they will just keep adding more stuff :P

I would say this is a good one. You can 'seed' it by signing up a bunch of different email addresses for various free offers or other stuff. Fill out web surveys and always put in an email for a chance to win the imaginary amazon gift card, also sign up to a few sites and leave the "let 3rd party offers be sent" or what ever it is. Once you've established 3 - 10 addresses on a few mailing lists the folks will start selling lists amongst each other and in no time flat you'll have millions of emails a day.

abusix provides this: https://spamfeedme.abusix.com/

Something like this, or another service with a large corpus of recent spam, seems preferable to seeking it out. The latter will not give you the kind of spam that arrives at harvested emails.

Purchase recently expired domains. Spamhaus does it, domain registrars collude with Spamhaus and threatwave/bounce.io.

Put the unmunged address in the from and reply-to header of a Usenet client and make a few posts to Usenet.

Ditto some email lists.

Websearch news.admin.net-abuse.sightings

You're going to want more than one email account. Ideally you would setup one or more catch all domains where anything@domain.com dumps in to your collection. This can be set up with Linux and Postfix. Your configuration should not use any blacklists. Then do what others have suggested to spread these addresses around the net.

Tweet out the email perhaps?

Sign up for one of those free WalMart gift cards or the like - it's an endless chain of "offers" you fill out. I'd hate to share any links to give them any of HN's PR, but Googling "free walmart gift card" should get a juicy starting point 3 links or so down the page :-)

Search for "free search engine submission" on Google. There are sites that will take an email address as part of the signup procedure and you will get BLITZED with spam and various junk. I used this nasty little trick to get revenge on someone when I was but a youngling.

TREC has a spam corpus albeit dated at this point


92k messages, 52k of which are labelled as spam messages in the 05 corpus. Totals 300mb or so

Register domain(s) & put your email in the whois records. Once they are indexed by google you should start to get lots of spam.

Post a blatantly Liberal view on any article linked at the Drudge Report, with target email applied to whatever sign-in.

Sign up for every retail coupon/rewards program. My wife does this, gets 50+ spam emails per day.

Would a pre-assembled corpus of spam be ok for your needs? https://www.google.ru/search?ie=utf-8&oe=utf-8&q=spam+corpus

Publish your spambox addresses as html comment in as many sites as you can, then wait for some days and you will start receiving unsolicited messages.

My mail server sees about 24,000 attempts at delivering spam to non-existent email addresses at my domain every 24 hours...

JMeter has an SMTP mode, simply point it at your smtp server and configure how many emails you want to send.

Sign up for everything on sweepsadvantage.com that doesn't require Facebook.

Project Honey Pot (www.projecthoneypot.org) can provide you a feed.

speedrookie2321@hotmail.com this needs some spam as much as possible. Thanks Stress testing something

Sign up with GoDaddy.

Sign up with Meetup.

Sign up with Twitter.

Sign up with $tech_startup.

Actually I'd put LinkedIn at the top of the list.

LinkedIn has been the primary source of most of my spam the last year; it deserves to be near the top of any list.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact