This is spam, from an unexpected source


I just got this fairly typical piece of election email.

A MESSAGE FROM JOHN EDWARDS ’08

Dear PZ,

John Edwards needs your help during the next Iowa statewide canvass,
Saturday, November 17 and Sunday, November 18.

It goes on, but never mind. The annoying thing is the source: it’s from Ted, at the domain for my university and my lab. It has a spoofed source address! This is the kind of obnoxious crap I get from the peddlers of gadgets and drugs for my penis … it’s not the behavior I expect from someone who wants me to vote for him.

Just a word of warning to any candidates out there: it doesn’t matter how good you are, if you start spamming I will put your name in my mail filters and I will ignore you…in the voting booth, as well.

And no, I won’t be canvassing for John Edwards.

Comments

  1. Aaron Lemur Mintz says

    The question here is:

    Assuming your reaction is standard (which it seems to be), is it beneficial for a candidate to spam ‘on behalf’ of their opponents? It causes this reaction, but it does get their name out more.

  2. says

    Aaron: It’s a really good question, and definitely not an unprecedented one for the Republican party. In 2006 they used intentionally harassing robocalls which were designed to sound like they came from the Democratic candidate. When one sees a marketing campaign so ill-advised, it’s worth checking whether it’s official.

  3. Stevie_C says

    Be weary.

    Perhaps it’s not from Edward’s campaign at all… it’s almost a modern form of push polling.

    Make it look like your opponent is doing something really obnoxious to drive down their numbers… like call at bizarre hours of the evening or hire people to be complete assholes on the phone but say their working for your competitor.

    Sounds quite Rovian.

  4. QrazyQat says

    The Repulicans were using robocalls “from” “the homosexual lobby” just last week in one of the Kentucky governor’s campaign. It’s only one of several. And these have been done many times before by the Republicans. I wouldn’t jump to any conclusions that Edwards was doing it — I’d say that’s a bad bet. Put odds on it being a GOP tactic, typical for them.

    (And look how well it works, even on someone who’s supposedly skeptical, reasoned, and not gullible. No wonder they do that kind of stuff every single election.

  5. says

    Not an American so I don’t know first-hand how low campaigners tend to stoop, but I’d bet good money that the source of the spam was an unaffiliated Edwards supporter

  6. Desert Donkey says

    I too vote that this was not originated by the Edwards campaign; for all the reasons listed by those who have already weighed in.

    We may actually be forced to make our voting decisions based on a variety of issues, and not be able to use simple litmus tests such as the presence of apparent rouge spam … or whether or not they will join us in our countercultural movement to stamp out religion. I personally will focus on universal healthcare and a more balanced economic policy, and the ability to be effective within the constraints of modern society.

    They swim in the same water as the rest of us.(Chinatown)

  7. Abbie says

    We may actually be forced to make our voting decisions based on a variety of issues, and not be able to use simple litmus tests such as the presence of apparent rouge spam … or whether or not they will join us in our countercultural movement to stamp out religion. I personally will focus on universal healthcare and a more balanced economic policy, and the ability to be effective within the constraints of modern society.

    Yeah, I’m trying hard to not be a one-issue voter. I’m not happy with how Obama handled the homophobic-preacher fiasco; but even though gay rights are my pet cause, I’m looking at the big picture. Gotta make sure the perfect isn’t the enemy of the very good.

    My other pet cause is separation of church and state, and I actually think Obama nails that one:

    “What our deliberative, pluralistic democracy demands is that the religiously motivated translate their concerns into universal, rather than religion-specific, values. It requires that their proposals must be subject to argument and amenable to reason. If I am opposed to abortion for religious reasons and seek to pass a law banning the practice, I cannot simply point to the teachings of my church or invoke God’s will and expect that argument to carry the day. If I want others to listen to me, then I have to explain why abortion violates some principle that is accessible to people of all faiths, including those with no faith at all.”

  8. says

    I smell a Karl Rove spoof. It’s the sort of thing Republicans do, like the time they got an automated phone bank and had it start calling people for Hubert Humphrey — at 3:00 a.m.

    I’d be real interested to hear the Edwards campaign’s explanation. I still like the guy.

  9. ESVA says

    I’m on the email lists of several democratic candidates and they all identify themselves very clearly by name, with embedded campaign logos, etc. After you’ve gotten a couple from each candidate, you quickly recognize each candidate’s brand. I suspect this is an email version of the robo-call sent by a Republican dirty trickster trying to make Edwards look bad. Typical Republican crap.

  10. waldo says

    I’ll second the post-the-header request. Us computer engineer types are good for something, even if it is just running the mail system of a Fortune 100 company.

  11. NonyNony says

    There was a recent report that spam for Ron Paul was getting sent out through spoofed hosts. It wasn’t affiliated with the campaign – the best guess was that it was an overzealous supporter.

    I suspect that this is similar – there’s no good reason for a campaign to use spammer methods to get their message out – it only ticks people off. But it’s the type of thing that a supporter who isn’t too bright might think is a good idea.

  12. Levi says

    The ironic thing is, if the public starts to understand that these kinds of tactics are going on, politicians might start really spamming us to make it appear as if their opponents are making fraudulent spam messages.

  13. Shap says

    I was about to post until I read the first 4 comments, and you guys said exactly what I was thinking.

    I’m posting anyways in agreement.

    I get emails from Obama, because I chose to sign up for his mailing list. I have never received an email, spam or otherwise, from ANY other candidate.

  14. CalGeorge says

    I got a bogus email from “Chris Dodd” the other day.

    I got the feeling someone had compromised their server and stolen their mailing list.

    Who knows. Maybe its the Republicans trying to piss people off.

  15. says

    The ironic thing is, if the public starts to understand that these kinds of tactics are going on, politicians might start really spamming us to make it appear as if their opponents are making fraudulent spam messages.

    But then they’ll realize that we know that they know that we know spams don’t work, so they’ll flip tactics again.

  16. kevin says

    I recommend that you post the full message, including all the headers

    I second (or 5th or 6th by now) this idea. Unfortunately it is unlikely to tell us much beyond the fact that it came via a botnet or through an open relay. Unless the spammer was incompetent, it is pretty challenging to figure out who is really behind the spam.

    I’d put my money on republican-sponsored scam to make Edwards look bad. A distant second place is some anti-Edwards jerk acting alone. A very distant third place is a misguided Edwards supporter. I wouldn’t even put the Edwards Campaign on the list.

  17. says

    I have to agree with what others have said: I have a hard time believing that this was actually a message by John Edwards’s campaign. Spamming Minnesotans with invitations to canvass would not be an effective campaign tactic.

    For the record, I say this as an Obama supporter, so don’t think I’m just trying to put in a good word for my candidate.

  18. says

    I really don’t want to post the full information. The problem is that this email used a bunch of details to look like it was coming straight from my lab, and I don’t want to spread that around. The reason I picked up on it is that I use filters to prioritize my email, in particular so that my students’ mail gets brought to the top of the list immediately, and the email from John Edwards was flagged and appeared as if it were from a UMM student.

    I doubt that it was a Republican operative trying to smear Edwards, because this was subtle — unless you’ve got filters that peer at the headers, or you look at the headers yourself, it’s not going to appear unusual.

    I favor the explanation that we’re seeing some unprincipled zeal from an Edwards supporter who is using spam software. This is exactly what I see from spammers now and then — to slip past any filters, they pretend to be from a source you trust. And we mostly trust our own domains.

  19. dogmeatib says

    A few years ago, for work, I contacted both the DNC and GOP for information about volunteering for their campaigns for my students who wished to do so for extra credit. Since then I’ve been on both of their email lists (good thing I used my junk email). I didn’t receive anything like this, so I too have to believe it came from either an opponent or over zealous supporter.

  20. Hank Roberts says

    But PZ, it could well be “subtle” and still be meant to piss you off as it did. That’s plenty of reason for forgery.
    And it’s got you speculating, pointlessly. Another win for the creeps.

    Trust us, mail headers are not secrets. There are a lot of people who can look at them and remove all the conjecture from your mind about what happened.

    Post just the headers, not the content.

    Or let some of the real experts reading here have a copy by email. Not me, I read headers all the time but only to pull them out to give to experts.

    Get several expert opinions. It’s going to have to become a routine thing, vetting mail for bogosity. Be our example.

  21. Dianne says

    For what it’s worth, in my experience the Edwards campaign is not all that sophisticated with its email usage. I sent an email to Edwards protesting his treatment of Marcotte and specifically saying that the incident made me withdraw my previous good opinion of him. I got back an email asking for a contribution and after that was on the mailing list until I eventually relegated all emails from the campaign to my spam folder. Any sensible campaign would have a form “response to criticism” sort of email to send out for this sort of situation. So I wouldn’t be surprised if the Edwards campaign is fool enough to pull something dumb like spamming random parties, on the other hand, I don’t see them as being net savvy enough to manage a spoof email address.

  22. says

    Push-polling or not, you should use the cute little link the U of M adds to your headers to report it as spam, and then at least none of your colleagues will see it again.

  23. Bride of Shrek says

    Now spam mail where John Edwards was offering to add five inches to your penis…THAT would be disturbing.

  24. Osky says

    Edwards was speaking at a campaign appearance in my hometown in Iowa two nights ago. I was planning to ask him “If he’s elected president, how soon will he fix the problem of unqualified political appointees editing and censoring scientific research from U.S. government scientists and scientific agencies.” I didn’t have to…he brought up the current administration’s anti-science positions himself while answering another question. He seemed serious about wanting to be a “pro-science” president.

  25. says

    Edwards is a tool anyway. Anyone watch the debate between him and Cheney in ’04? He was such a slimeball. He made Cheney look like a Saint. I hate a man who will make me root for Cheney to hand him his @$$.

  26. Josh says

    I’m sorry: after years of reading Hullabaloo, this is the sort of thing I assume is Republican-generated ratfucking until persuaded otherwise. The fact that it coulda most easily been generated by a UMM person makes it more likely, to me: College Republicans are proud of learning to emulate Rove.

  27. John C. Randolph says

    Back when I still had a land line, I flamed the ears off a couple of political campaign workers who were phone-spamming me to ask for contributions.

    -jcr

  28. truth machine says

    I will ignore you…in the voting booth, as well.

    PZ, you’re being a dolt. Regardless of the source, there virtually no chance that John Edwards is personally aware of, approved of, or would approve of spoofed emails from your lab, there is no connection between such emails and any policy or behavior of Edwards were he to become President, and thus it is completely and utterly irrational to withhold a vote from him on the basis of this email.

  29. truth machine says

    Edwards is a tool anyway. Anyone watch the debate between him and Cheney in ’04? He was such a slimeball. He made Cheney look like a Saint. I hate a man who will make me root for Cheney to hand him his @$$.

    You’re lying or stupid.

  30. truth machine says

    There are a lot of people who can look at them and remove all the conjecture from your mind about what happened.

    This is ignorant nonsense; headers are short pieces of text that can easily be spoofed to look exactly like they came from somewhere they didn’t, with no clues to the contrary.

  31. Who Cares says

    @PZ Myers (post #26):
    Computer hijacking is the standard these days for spammers. All that is needed is 1 compromised computer that this student used.

  32. Graculus says

    I really don’t want to post the full information. The problem is that this email used a bunch of details to look like it was coming straight from my lab

    xxx out any names on email adresses, leave the domain in, we already know what it is. It’s more common for the names to be spoofed than the IPs, so let us see the numbers, those are public info.

  33. says

    Scrabcake @33:

    Edwards is a tool anyway. Anyone watch the debate between him and Cheney in ’04? He was such a slimeball. He made Cheney look like a Saint.

    I saw that debate, actually. Very disappointing. But you’re wrong. Edwards wasn’t a slimeball. He was ineffectual. I was a little astonished, in fact. Edwards has the name of being an extraordinarily effective trial lawyer. I had expected he’d shred Cheney altogether. In fact, I’d hoped he’d be able, without bringing a single harsh note to his honeyed voice, to make the hatred and rage boiling a centimetre beneath Cheney’s skin erupt into full public view. As we both saw, Edwards managed nothing of the sort, and even came off as a little inarticulate.

    He didn’t make Cheney look like a saint. He did far worse; he made Cheney seem like a reasonable man.

  34. Matthew Hardy says

    It’s called a Joe jobs and is quite common as can be seen from the number of people who have had simialr annoying spam purporting to come from Ron Paul etc.

    http://en.wikipedia.org/wiki/Joe_job

    Using a harvested name from the same domain as a forged source address or reply address is a common tactic to get past spam filters.

    Ignore spam, vote for whoever you want to. Don’t hold this against Edwards.

  35. says

    Just to add to what several commenters mentioned about such messages actually coming from opponents: Republicans have done that here in Virginia, too. There would be repeated and annoying recorded phone calls from the Democratic candidate, but it turned out that they were fraudulent calls coming from the Republican campaign. I don’t remember exactly, they may have ended with a truthful “paid by…” statement, but by that point 99% of the recipients would have already slammed the phone.

    The only thing is, I don’t see why Republicans would be doing something like that to Edwards right now. Do we have a case od crossing to the Dark Side?

  36. frog says

    I second bullfighter. This could be a Republican joe-job, this could be from one of the other Democratic candidates. It could also be incompetence on the part of the Edwards campaign (hiring the wrong company to handle some of their electronic canvassing), or a mis-guided supporter.

    Isn’t it wonderful that it is impossible to distinguish between conspiracy and stupidity? And with the rate of both, it is no longer safe to attribute to stupidity what could be conspiracy.

    We do know that at least the Republicans have some very skilled operatives in this field — upthread there are plenty of examples. Push-polling itself is sometimes fairly sophisticated, who would know be surprised with some anti-push-pulling to affect the less credulous? And why would we doubt that after more than a decade of this tactics from the Republicans, the D candidates wouldn’t have learned? Similar tactics were reported by Dean workers four years ago (true? not? who knows?).

    This is one of those very common cases in science and politics where the wise course is to withhold judgement – we may have evidence, but we lack the necessary analytical tools to interpret that evidence.

    Probably the best evidence wouldn’t be header and such, but any associated graphics and the exact wording. Those are the kind of things that might be mishandled by someone outside the campaign, particularly someone focused on the technical aspects of the job.

  37. Michael Vieths says

    There’s another possibility. Spammers are frequently using legitimate emails copied from another source to get around spam filters. They won’t even have an offer embedded in them. They’re intended to reduce the usefulness of existing spam filters by making it more difficult to distinguish between legitimate email and spam. I’ve seen messages with random news clippings and what look like emails sent to other people frequently.

  38. Hank Roberts says

    Of course text can be faked.
    But if we trust our host here not to fake headers, then the headers on his email are valid at least one step back, showing where the mail passed through on its way to his system.

    Tools like this can help do what postmasters can do if asked — tell whether the mail actually came through their site.
    http://www.macupdate.com/info.php/id/26184/route-tracer

    It’s a way of getting an idea if it’s a joe job fake — which is going to look very different in routing from a dumb staffer email, in _some_ of its header lines.

    And no, don’t ever simply filter on the “From” name based on getting spam — THAT is success fooling you into a denial of service social engineering attack.

    Never believe the “From” line and start blocking on that basis without checking the routing.

  39. says

    Re: the “coming directly from my lab” bit.

    Note that some mass-mailing software, if handed an incorrect or incomplete email address (such as, say, “ted”), will send out the email with the mail address exactly as entered (i.e. “ted”)

    Almost all mail receiving server software (such as the email server serving mail for your lab) will take a completely unqualified email address and append to it the appropriate local suffix. The only thing posting the full set of “Received” headers is likely to reveal is what the email address is that received the message. (From that, anyone could already work out which machine handles email to that address)

  40. Hank Roberts says

    I recognize your expertise, Daniel; I’m just saying without _someone_ looking at the full headers, our host’s reaction:

    > if you start spamming I will put your name in my mail
    > filters and I will ignore you…in the voting booth

    may not be the right choice; someone like you should look at the full headers before our host adds that particular candidate to his mail filter and rules out a vote for him.

    You know. Just in case there’s better info to decide with.

    http://spamcop.net/fom-serve/cache/19.html
    https://www.ualberta.ca/AICT/Security/headers-tutorial.html

  41. says

    Incidentally, I noticed that in all the discussion, nobody mentioned actually contacting the Edwards campaign to inform them of the problem. I sent them an email to let them know, if they don’t, that someone is spamming their message.

  42. Pygmy Loris says

    Here’s my 2 cents: This is the kind of tactic I would expect from Republicans at this point for a couple of reasons. One, they know Hillary or Obama can be beat. It should be clear to anyone capable of reading polls and the feel of the country that neither of them has a good chance of winning the general election. Two, the only front-runner who stands a chance in the general election is Edwards. Republicans want Hillary or Obama to win the nomination, so if they discredit Edwards now, they won’t have to deal with him later. They’ll have an opponent who is easy to beat.

    Scrabcake,

    You’re completely wrong about the ’04 “debate.” What the media set up was not a debate. That’s not the format a real debate takes place in. Edwards clearly did a better job in the “debate” and I can’t believe anyone who says he didn’t actually watched the “debate!”

  43. Pygmy Loris says

    That last sentence means I don’t believe that anyone who thinks Edwards didn’t win the debate actually watched the debate. Ooops

  44. David Marjanović, OM says

    And no, don’t ever simply filter on the “From” name based on getting spam — THAT is success fooling you into a denial of service social engineering attack.

    More straightforwardly, I have repeatedly received spam from “myself”. The sender address of spam is spoofed unless proven otherwise.

  45. David Marjanović, OM says

    And no, don’t ever simply filter on the “From” name based on getting spam — THAT is success fooling you into a denial of service social engineering attack.

    More straightforwardly, I have repeatedly received spam from “myself”. The sender address of spam is spoofed unless proven otherwise.

  46. Graculus says

    The sender address of spam is spoofed unless proven otherwise.

    But often they don’t/can’t spoof the IP. Usually the best they do is spoof the pingback address. I always ignore everything *but* the IPs on smelly emails like this.

  47. says

    Argh. I don’t want to get into some flamewar, but I have to say that much of the blathering about what the headers might or might not show are speculation, exaggeration, or just plain wrong. Depending on how sophisticated a spammer is and what resources they’ve used, header forensics can be telling, ambiguous, or useless, and since PZ isn’t comfortable posting the headers, guessing about what they might reveal is pretty much pointless.

    For the most part, assuming that this is not an inside job at the university, there is a chain of trust that goes back to some point, and a possibility spammers will fail to cover their tracks before that point. There would also be different signatures for an inside job, although the chances of that are pretty much nil, despite someone’s conspiracy theory. We’ll probably never know, since the privacy concerns seem to limit the investigation, but nothing in the original post leads me to be convinced that the source of the message has been reliably determined, so it seems dubious to assign blame to Edwards, his supporters, or his opponents.

    Also, Hanlon’s Razor suggests that it was likely some idiot failing to pull off some ill-thought-out plan rather than an elaborately constructed multi-level conspiracy based on a Mamet play and orchestrated by the International Monetary Fund under covert orders from the Bavarian Illuminati.

  48. says

    Another possibility occurs to me. Could it be that some web page or e-mail message has a “Send this to a friend” link, and that Ted clicked on the link because he thought you’d be interested (or at least that you should see the message)? That could explain the seemingly forged source address. Have you asked Ted about this?

    This is just speculation on my part. If true, it implies that the message should have been worded much more clearly to make it clear that it was forwarded.