Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Community Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Would you hire a spammer?
Quoting Diary:

I peruse through my spam folder periodically looking for anything out of the ordinary. I also examine quite closely email that are obviously spam that make it through to my inbox. This one in fact reads a lot like a job application, or a business promotion  attempt gone wrong. Unlike a job application it was not addressed to anyone in particular, and was in fact sent to the SANS Internet Storm Center Handlers distribution list. The fact that the handlers are on a spam list I suppose is not surprising. What I find odd is that this person who is looking for work bought a list for the purpose of spamming it! He did not attach a resume (unlike spammer Bernard Shifman) however did place a link to his LinkedIn profile so that the recipients of his spam can read all about his having achieved his MBA. Which made me wonder if they teach spamming at college or university these days? My thoughts on the subject are that spamming is not the way to go when marketing yourself or your business. Also I am fairly certain SANS would not hire a spammer as a 'business analyst'. The handlers list has never been used to advertise any job openings. Which really has me wondering where he got it? Also where would he get the idea that spamming random people on the Internet would help his job search?

Here is the first part of the correspondence:

He is unapologetic and responds that he is being creative!

I wonder if they teach ethics in business at the place he acquired his MBA? What do you think? Creative or a spammer?
Would you hire or do business with a spammer? He appears to be in good company, has spamming become the new resume distribution method of choice?:
http://blog.dynamoo.com/2013/06/is-this-guy-moron-spammer.html


I find it depressing that the spammer appears to have in fact gotten a job roughly four weeks later. Well, according to his LinkedIn profile, so it must be true!

A recommended read on how to actually find a job without sending spam:
http://careers.theguardian.com/careers-blog/why-you-need-to-stop-spamming-employers

What is a 'Bernard Shifman':
http://web.archive.org/web/20030602190540/www.petemoss.com/spamflames/ShifmanIsAMoronSpammer.html

Cheers,
Adrien de Beaupré
Intru-shun.ca Inc.
My SANS Teaching Schedule

Adrien de Beaupre

332 Posts
ISC Handler
@aol.com no less.
Anonymous

6 Posts
In the old days people used to walk around to companies and drop off resumes. Then it was calling on the phone, then fax, the email a resume...so why not spam.
I personally think it should go back to people having to walk into a company and make a good impression and have a real resume...Put in some effort and get some return.

That being said I just press delete when I see these emails.
Anonymous

33 Posts
Back 15 years ago or so, an friend of mine who billed himself as a financial planner told me at a bbq that he had decided to use the internet instead of direct mail as a means of advertising his service, since it would reach a wider audience, and was virtually free -- he had come across a spam email that was spamming the services of a spammer! He thought it was a great idea, as it would show he was knowledgable about this new world wide web and email thing. I tried to persuade him against it, informing about how people considered spamming and spammers, but he was so taken by the idea that it almost caused an argument, so I backed down and let him be. Several other totally non-technical people that had never sat in front of a computer agreed with him. Well, about a week later, I saw him again, and he told me he had decided to look further into the idea after our conversation, and decided against it after all.

MORAL: Many people are still internet-clueless about this stuff. Why do you think the Nigerian scam spam is still out there? It must work occasionally...
Moriah

107 Posts
Can we assume you read the email headers properly so you know it's not a joe job ?

As someone else mentioned, simply delete them. Me, I submit them to spam services, also depending on the email I add trigger words to my filter, or ClamAV phishing file.
IBManners

3 Posts
It's sad but there will always be someone with "flexible morals" willing to hire a spammer. I recently noticed someone in the marketing dept. at $DAYJOB replying to one of the more notorious list spammers (you know the types - "Let us sell you lists of every category of person for your email marketing!"). I'd been chasing this bozo from domain name to domain name, ISP to ISP, hosting provider to hosting provider, leaving a wake of IPs and domains with tainted reputations behind him, and one of our marketing wizards thought they might just want to buy some of his lists. (sigh)

As others have said, if I see someone spamming their resume, say, sending it to a linux kernel developers' mailing list, I drop their email address in the spam filters (after confirming it's not forged).
Brent

57 Posts
I guess I do not agree that sending one unsolicited email makes someone a spammer. How else do you contact people you don't know? Companies maintain publicly listed distribution lists and publicly listed emails in order to be contacted by people they don't know. Those of us fortunate enough to have been employed for a long period of time sometimes forget how desperation about your future can affect how you see things. And true spammers generally do not look for or respond to replies to their emails.
Anonymous

140 Posts
Anonymous

140 Posts
Back around the time of the infamous dot.com collapse, I actually wrote and use the following script:

http://www.elilabs.com/~rj/spam_o_matic.pl.html

Before the collapse, this thing worked great! If I could have cloned myself 10 times, I could have kept all of them busy, but after the collapse, nothing worked. :-(

This thing started as a script to scrape job ads from the chi.jobs newsgroup, but after the collapse, dice seemed a better resource, so I re-wrote the scraping part. The keyword processing and emailing part stayed pretty much the same.

I only had one shop get annoyed with me for spamming them, and they were spamming dice with the same job ad reworded differently every day, so of course, my script said "different job, send an email!" They were the reason for the do-not-email file.

Today, this script has evolved into a script that runs twice a day to build a table of jobs from dice. I got so tired of rummaging thru dice looking at the same ads every day, so I wrote a script to collect ad that satisfied my criteria, then presented them as a sorted table, with each job only appearing on the day it firts \showed up on dice. The result may be seen here:

http://www.elilabs.com/~rj/dice_date.html

You must actually look at the table and send your own email. :-)
Moriah

107 Posts
Quoting Anonymous:I guess I do not agree that sending one unsolicited email makes someone a spammer. How else do you contact people you don't know? [...] And true spammers generally do not look for or respond to replies to their emails.


It's true that what constitutes "spam" is in the eye of the beholder, and I tend to have an allergic reaction to it, probably because I've been battling it to various degrees since the late 90s.

But just because "it's only one unsolicited email" doesn't mean it's not spam either, so far as I'm concerned. For me the criteria for spam is "unsolicited + bulk" - no opt-out links or can-spam-compliance disclaimers or snail-mail addresses matter a whit to me in determining if an email is spam or not. An unsolicited email sent to me isn't a problem. An email informing me I'm now on some vendor's mailing list, along with 20 or 30 other people at my company and another 40 or 50 undeliverable addresses on the dozen or so domains we get email for, and we can opt-out by clicking on some link that goes to a page that no-doubt requires, flash, java, and javascript... Well, sorry, that's spam, even if it's a "one-time mailing" because odds are good that the same company will send another "one-time-mailing" 6 months from now about some new product or offer. And frankly I don't have the time or patience to opt myself out of a list I never opted in to... on a website I don't trust... in a language I don't read... for a role-account that happens to forward to me but which should never be getting ads/marketing junk anyway.

Have I mentioned that I have an allergic reaction to spam these days? Honestly, vendors trying to sell something to the people who maintain spam filters for entire organizations (or even multiple organizations) *really* need to find a better way than unsolicited email to market/advertise. Cuz I know I'm not the only IT geek who sees yet another "targeted" but unsolicited email and says "Ah, there goes another vendor I'll never willingly do business with..." :-)
Brent

57 Posts
Chew on this: before the days of widespread Internet usage, it was not at all uncommon for job applicants to gather lists of employers and send snail-mail resumes for their consideration. I remember doing this in the mid-90?s. I was looking for a proofreading/editing job. I gathered a list of advertising and marketing agencies from the online Yellow Pages (I got online in 1995) and mailed out a couple hundred resumes. One of them resulted in a job.

While, obviously, the majority of unsolicited resumes were thrown away, the practice itself was not frowned upon or considered "spamming"; in fact, it was considered a proactive way to tap the "hidden" job market. The company that hired me needed a proofreader, but was not running an ad. If it was okay to send unsolicited resumes via snail mail in the 90?s, why is it verboten to do the same thing via email now?
Anonymous

1 Posts
When you send resumes via snail mail I seem to recall doing research as to what kinds of businesses to send them to, to address them individually with a cover letter, and send them to specific addresses that corresponded to those businesses. I don't see the correlation between that behaviour and sending a resume to random email addresses scraped from random web pages or purchased from a spammer. In some jurisdictions sending bulk UCE is considered illegal. The headers were not spoofed, and unlikely to have been a 'Joe job'. This was not one unsolicited email, it was bulk and meets all of the criteria to be considered spam.
1) it was indiscriminate
2) it was mass mailed
3) it was advertising

There are well established and cost effective techniques for finding work, or advertising legitimate services. Most do not involve the Internet at all! Don't send spam.

Cheers,
Adrien
Adrien de Beaupre

332 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!