There are times when I tell someone much younger than me about some of the trials and tribulations of early Internet life. You know… before DSL and cable modems, before Wi-Fi, before DVD’s. Sometimes they look at me like I was making all of it up just to amuse myself.
Let me start with a little background. I have been a Software Engineer for almost 25 years. I have had many titles and worked for all sized companies, from fortune 100 to mom-and-pop. I was around when the Internet ‘happened’. When this weird, wonderful technological gift was bestowed upon humanity. I’m also old enough to know, for a FACT, that Al Gore did NOT invent the Internet. Ah, those glorious days of my youth, watching as computers progressed from 286 to 386 to Pentium… Watching as hard drives fell in price from a $695 10MB drive to a $60 1TB drive. But I digress.
Such was my early involvement with the Internet that I hold the dubious distinction of building and installing the first Internet accessible dial-in server at the University of Phoenix for student communication. Prior to that they had to use a dial in Bulletin Board system called ALEx (Apollo Learning Exchange). I left there in ‘95 to dedicate my efforts to Internet related activities and joined up with a man who wanted to start his own dial-up ISP. It reached it’s limit at about 1000 subscribers and was giving Primenet (our biggest local competitor) a run for their money. So, with that said, I believe I am pretty well qualified to speak on the historical events and their significance / relevance, peppered with a little humor, sarcasm, and embellishment.
Thus was born the thread Hacking it: Old Skool. Here I will chronicle some of the pitfalls, surprises, achievements, and flat out failures of various Internet activities. So gather around the campfire and I, the eSource tribal elder, will mesmerize you with tales passed down from Sysadmin to Sysadmin. These are the tales of the life force we call Internet spoken by those who were there to experience it many moons ago… (cue howling wolf).
This first article deals with early attempts at email blast marketing and how the perpetrators would hide their tracks. Remember that in the early days of the Internet, our email programs were barely GUI. They had none of the features you kids enjoy today like spam filters (at least ones that worked) or embedded HTML. They were TEXT with simple links and limited styling. Pornography was a budding business back then and people were looking for ways to get people to click to their site thinking they were clicking on something else. Hopefully the person who clicked was A) A guy, B) Looking for porn anyway, and C) Too unfamiliar with the early browsers to release themselves from the shackles of the endless redirect!
Knowing their dial-up ISP would delete their account if they got complaints against them sending such material, they looked for ingenious ways to send emails, make them look like they are from someone else, and completely wash their hands of them. One such technique was called “The Gullible Server.”
In those early days, ISP’s were generally small shops that, as a group, looked out for each other and tried to help out as needed. There were many servers that had security holes, either by choice or incompetence, that left the door wide open to those looking to take advantage of their kindness.
The Gullible Server involved finding an ISP whose SMTP server had lax security / checking. The email marketer would then create their email with fraudulent or unreliable links and create an email list of recipients. Then the following would occur:
1) The FROM address would be the actual address of the intended recipient
2) The TO address would be a bogus address at the domain server they were spamming through (say Fake_Address@nowhere.com)
3) When the email reached the Gullible Server, it tried to deliver it to the bogus address on their server. It would not be found
4) Trying to be nice, the Gullible Server would send the email back to the FROM address to let them know it was undeliverable
5) The user listed in the FROM address receives the email and the nefarious email scammer’s plan is put in action
6) Some angry users call nowhere.com and complain about receiving offensive unsolicited emails
7) Clueless admin scratches his head trying to find the user Fake_Address@nowhere.com… No luck
If the admin waited more than a couple of days to check the logs and see what user actually sent the email, they were most likely gone or simply did not exist (the logs, not the user). Remember that drive space was at a premium, so keeping long term records on small capacity HD’s was not a priority or a necessity for small, independent ISP’s.
The scam had several variations as different filters and methods were developed for the email servers to combat this sort of thing. For those early hacking pioneers it netted them some benefit and riches. As the popularity of the Internet grew and ISP’s began having to fight and claw to hold on to their customers, the locks got even tighter and eventually this type of email spamming became a thing of the past.
Now, off to bed you little scamps! I’ll regale you with further tales of Internet past some other time!