Letter to a Chinese Spammer | InfoSec Perception

In late May, I received the following e-mail message from someone in Guangdong, China using an English name:

Hi,we are manufacturer specialized in producing&designing OEM portable speakers for mp3/mp4/notebook/ipod and other mobile device.

It also has a Mp3 player function,but more than that.Play mp3 format music from TF card or U-disk.also there’s FM radio function,you can share the news even in your trip or travel.

I found your company name&email address in E-market place.

I know you are selling brands in this field.but if you can put our products on your shelves,it will enlarge your products’ range,and it will attract more new clients and give your old clients more services.

With its reasonable price and multi-function features, it will be a very good choice for gift or accessories for ipod/iphone,it’s portable, with external rechargeable battery, you can take it anywhere anytime.

and I’m sure of that it will be fashion soon in your local market.

Your each enquiry will be appreciated very much and will be taken care very seriously.We believe the customers are our only lifeblood.

For more details of us,please visit our website.and we are gold supplier on Alibaba,please check the page.

Looking forward to hear from you soon.

Thanks&best regards

– English-name removed –

– company name removed –

–  address details removed –

District,Shenzhen,Guangdong,PRC 518108

Tel:86-755-xxxxxxxx Fax:86-755-xxxxxxxxx Cell Phone:86- xxxxxxxxx

SKYPE: nnnnnnnn

MSN:nnnnnnn@hotmail,com

E-mail: nnnnnnn@company-name,com

Irritated into actually responding to spam – not, in general, a wise decision – I sent “Mr English-name” the following message:

Dear Mr “English-name”,

I’m sorry to inform you that you have been the victim of criminal fraud.

The unsolicited commercial e-mail (UCE or “spam”) that someone sent out on your company’s behalf was NOT sent to the selected addresses that they claimed they would use.

For example, your spam mentions the recipient’s “company” and falsely claims that it was found in “E-market place.” I doubt that more than a tiny fraction of your recipients do in fact have anything to do with your business.

In addition, your supposed name, “English-name,” is totally improbable for someone living in China – especially given the abysmal level of English used in the spam.

The people who tricked you must have (a) told you to lie; (b) immediately signaled to recipients that you cannot be trusted; and (c) demonstrated their own incompetence.

Did you know that much of the junk e-mail from received in the USA from China is entirely in Chinese ideograms? And that almost no one in the USA can read what has been sent? At least yours was in a semblance of English

The people who wrote the garbage in your spam also inserted commas before the top-level domains in the e-mail addresses, rendering them useless. You will notice at the bottom of your junk that they listed your addresses with “,com” instead of “.com” in both cases.

Sending spam with such glaring evidence of stupidity naturally leads to a reasonable assumption that the senders are (a) naïve idiots and/or (b) criminals who are attempting to perpetrate fraud.

I strongly recommend that you demand the details of the e-mail distribution list that the criminals who defrauded your company used in their fraudulent scheme. They took your money under false pretenses. Given that you live in the People’s Republic of China, where there is no effective rule of law, I recommend that you deal with the criminals personally. Stuffing several hundred paper copies of their fraudulent e-mail – e-mail that disgraces you and your company before the world – up their noses or other body orifices would be a highly appropriate punishment. You can also just illegally beat them severely, as that is a common technique used by your own police forces on anyone disliked by people in power. If they complain to the police, you can always bribe an officer or two to look the other way or to beat them some more.

It would be nice if you could spread the word to your colleagues in business in China so that fewer of you could make total fools of yourselves in the eyes of millions of unwilling recipients of your junk mail.

I sincerely wish you zero sales from your efforts and earnestly regret the embarrassment and humiliation before your entire family, community and nation.

Best wishes for better luck next time,

Mich

[sigblock]

I actually got a response within a few seconds (usually a sign that we’re dealing with an auto-responder); it said only “Thanks,Mich.[sic]” I wonder what will happen when the sender actually reads the message?

Out of interest, I went to my GMAIL account and counted how many of the spam messages used only Chinese ideograms. Results: 169 of 294 spam messages received between 10:58 (UTC-5) of Thursday, 24 May and 06:31 Saturday 19 May 2012 were entirely in ideograms – 57%.

Another message that I’d love to get to the new spammers all over the world is that < .EDU > or < .EDU. > addresses are used exclusively by educational institutions in the USA and around the world and therefore no one with such addresses could possibly be a potential distributor for their industrial products. See “EDUcating Spammers” for additional details and resources.

Readers should feel free to modify and store this text for future use. Maybe we can educate our Chinese colleagues to the reality of the criminals generating Chinese spam worldwide.

For what it’s worth, I’ll send a copy of this essay to the address listed on the Chinese Embassy’s Website for the USA. I’m sure readers can find the equivalent for their own country – and feel free to send a copy of this article to your own local embassy’s address! Who knows? Someone may actually get annoyed enough to arrange for the non-judicial punishment of real criminals in China instead of focussing only on the persecution of political enemies of the ruling classes there.