Tell HN: Spammed by a Hacker News Enthusiast
Someone has scraped my contact information from my profile and is sending me an unsolicted "HackerNews" newsletter.
People ... don't do that.
Yes, you have an unsubscribe link, but that doesn't excuse the unsolicited sending of a screencap of your rendering of "top stories".
At the end you say:
"You're receiving this email because you signed up on HackerNews"
That is a lie, and a tactic used by utter scum.
Be better.
========
Edit: Note that this isn't random spam. It's specific to HN, showing a screencap/image of the HN front page. And then it lies about "signing up". If it were random spam I'd delete and move on. It's not, it's deliberately targetting the HN audience, and that's why I've mentioned it.
141 comments
[ 3.5 ms ] story [ 200 ms ] threadElse you're just screaming into the void.
Ironic
Onto the pihole blocklist it goes!
So as such it's different, and directly related to HN.
I bet that they believe that they are hustling on their legitimate startup. That's what I think.
Maybe they don't. I don't see how it is a problem to try to reach for them this way.
> Why in hell would you put your email address in a public space in the first place if you care about spam?
I don't see how this is relevant to the question. The person who put their address unprotected up for spam can be foolish, and the person who is sending them the spam should stop.
Both of these can be true at the same time.
True but decades of this has shown that people and their elected gov don't give a damn about trying to curb this by law and policing so we both know given the current state we are on our own to protect us about that.
My email is sufficiently esoteric as to ensure that a sizeable percentage (when last measured between 20% and 25%) of legitimate email gets put in the spam bin, rendering commercial spam filtering effectively useless.
Fear is the disease. Hustle is the antidote.
Disrupt
Today's creepy is tomorrow's necessity.
Ask for forgiveness, not permission
Crush it
On a different note, it might be a worthwhile idea to put profiles behind extra protection. An extra click to see contact info verified by a smart captcha might be the least breaking change. @dang
I don't like spam but the atomized ethos of no-one-talk-to-me isn't great. Someone chatting you up or sending something you might like is fine.
I'm sure most people that put their email address in their profile are fine if a human person wants to talk to them. Companies scraping profiles and sending automated bulk mail on the other hand, not so much. Pretty sure that in the EU this is also a violation of GDPR.
But I do mind if someone uses a script to scrape my address and opts me into a recurring distraction without my consent. It's all about having an overly low barrier to entry, yet demanding attention and manual opt-out from thousands / millions of people. It's just greedy and arrogant.
Now estimates vary widely, saying that 50% to 85% of mail is spam. Extensive spam filtering is a must. Actually relevant mail regularly gets lost because those filters aren't perfect. And deliverability is, at least for me, a constant worry.
A person with no pecuniary motive chatting me up where the behavior costs us the same amount of time? That's fine. Somebody paid to chat people up in high volume because they hope to get more money out of me? Not fine. Somebody using automated tools to do that such that recipients spend far more time than the sender? Not fucking fine at all.
For example, consider the gaping assholes, perhaps as few as 3 people, who were behind the literal billions of robocalls for extended car warranties. Did some people like that, grateful to have their worries about their car solved for them? Maybe, but I don't care. I would like to be left alone until I reach out, thanks. And if you don't like that ethos, please go talk to the people behind the thousands of robocalls and literal millions of spam emails I've had to deal with over the years. Because you're wasting your day telling me I should be nicer to people who value their money more than my time.
Helps everyone else too
I just have a "Report Spam" icon, with no choice to differentiate between the two.
Aside, I've been having a TON of very similar spam emails getting through Google's spam filter, and even marking them as spam doesn't seem to do anything. It's been going on for months at this point. I'm close to just closing that Gmail account because I have no idea what to do about getting close to 10 spam emails per day straight into my inbox in a way Google seemingly can't fix.
It's super obvious spam too. "tHe IRs hs a REFUND for u" level stuff.
My grandfather has been dead for over thirty years now, he still gets junk mail, his data is still on all the people finder sites.
For more info, the technique is called greylisting https://postgrey.schweikert.ch/
greylisting is responding with a temp error under the assumption that most spam won't retry on temp errors, which isn't the case for most spam anymore.
real bounces are permanent errors.
As you say these days spammers will retry, but its an approach that still has value, because in the period between the initial delivery-attempt (which is rejected) and the final one (where it would be attempted) it is more likely that the sender has already appeared on DNS-based blocklists.
Starting in 2003 and up until 2016, I used a catch-all e-mail address and would sign up for everything using a custom e-mail address. I wouldn't even do in the form of "sohcahtoa82+service@mydomain.com", I'd just do "amazon@mydomain.com".
The only spam e-mails I got that were e-mail addresses I used were from a couple shady cryptocurrency mining pools, a forum that got hacked, and the e-mail address I used on USENET. I also got spam sent to <random hex digits>@mydomain and lots of <two random dictionary words>@mydomain.
Knowing how much spam came from my USENET e-mail address (which I eventually changed and black-holed), I wonder how many spammers are scraping usernames from reddit and just spamming username@gmail.com.
But they had, inadvertently, made their intended-to-be-private email available in their profile, so everyone thought it was all a misunderstanding.
Hence the flagging.
OK, not often, but it has happened. In this case it's unlikely, but if it is someone in the HN community, perhaps they will stop and re-think.
Once you know people have a problem with it you lose your justification, you can continue sure but now you know you'r the asshole. It's harder to knowingly be an asshole than it is to be an asshole and lie to yourself you aren't.
Laughs in 1secmail.com
It may be useful to create a throw-away email alias for their public profile and further obfuscate it in a manor that much of the HN crowd could easily decipher. e.g.
[1] - https://www.spamcop.net/anonsignup.shtmlUnfortunately such disrespectful behavior to online communities has become the norm, with companies like Facebook leading the onslaught of legally and ethically questionable practices to exploit and abuse the public trust. On the hierarchy of scum, they're top-level scum that demonstrates to everyone, "This is how we do business now."
It's likely an "entrepreneur" trying to get traction, maybe make a little money on advertising. In their need for hustle, they crossed a line.
"Tired of getting spam emails from newsletters you never even signed up for? Mailscarp has you covered!"
To whoever did this: you're an asshole.
Mailscarp is an email platform that has been opened in BETA version recently and has been tested for a while with a few of our members.
We apologize for the inconvenience caused by spam emails sent by a member of our Mailscarp project.
The account of this member, the newsletters he owns and the subscriber emails he has uploaded to his account have been deleted immediately, and necessary measures have been taken to prevent this member from creating a newsletter again. You can be sure that we will do everything in our power to avoid such a problem again in the future.
Mailscarp is already a project designed to protect you from spam emails. It was developed for this purpose, and we are very sorry to be accused for this reason. I hope you will accept our apologies for this matter and try to give Mailscarp a chance to protect you from spam in the future.
Thank you!
leave the gun, take the cannoli
ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@mailscarp.com header.s=api header.b=DnugwplP; spf=pass (google.com: domain of hackernews.newsletter@mailscarp.com designates 104.243.65.3 as permitted sender) smtp.mailfrom=hackernews.newsletter@mailscarp.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=mailscarp.com Return-Path: <hackernews.newsletter@mailscarp.com>
> With Mailscarp, you can subscribe to newsletters with a separate email address, so your personal inbox stays clean.
> MailScrap: this email verification tool actually connects to the mail server and checks whether the mailbox exists or not, wipeout disposable email addresses from your email list.
With a history of 'surprises' like this: https://news.ycombinator.com/item?id=24255179
Also, the only developer listed at devro labs: https://github.com/kesarawimal (bunch of email scraper repos in there too)
Also, https://news.ycombinator.com/item?id=24158498 (lol)
I wonder if they are running a scraper that automatically cross-posts trending repos...
[1] https://news.ycombinator.com/submitted?id=maydemir
This thread is getting enough attention that I'm highly doubtful this message was only sent to 88 people. I saw the email, thought "I haven't subscribed to any HN digests lately", and deleted it.
I think 'utter scum' is an extreme reaction. And it's not necessary to make your point.
Is this ever a mistake? Can you accidentally scrape email addresses off of a website and accidentally create a mailing list to spam them?
Everything points to this being a malicious action. We don't need to give a spammer the benefit of the doubt.
If calling someone utter scum might get them to rethink how they are exploiting others, I will have no issue using it. OP did nothing wrong here.