back to article Dev teaches bot to talk spammers' ears off

Brian Weinreich has been trolling spammers for two years using a bot that fires realistic and ridiculous replies to the pervasive online salespeople. The noted security developer created the bot as a means to waste the time of the blowflies of the internet after being affronted by a deluge of unsolicited sales pitches directed …

  1. Sebastian A

    I guess it's worth a shot

    Making every potential target financially non-viable to engage with can't be any worse than trying to educate people not to respond to spam. There's a constant flood of new idiots jumping online just waiting to be approached by a saviour proffering gigantic genitalia and a Google paycheck of $9,000 per week.

  2. John Tserkezis

    I get the old school voice phone call spammers with "yes I am interested, tell me all about it". At which point I put the phone down and go back to whatever I was doing. They'll go for a good couple of minutes before realising I wasn't paying attention any more.

    Seems it's true that everyone likes the sound of their own voice, especially spammers. It seems they barely even take a breath...

    1. Crazy Operations Guy

      I end up getting calls like that on my company-provided Satellite phone (It has a local alias number so that people don't have to dial international to reach me). I sure hope those spammers enjoy their $20/minute phone bill...

      1. Martin Summers

        Genuine question, are they not more likely to be dialling the alias number? How would you tell?

  3. Candy

    Their, they're.

    No one will notice.

  4. Destroy All Monsters Silver badge

    "tacos whatever post-ironic meditation mixtape distillery yolo freegan cleanse"

    This is a perfectly valid, grammatically correct Millenial Phrase!

    Though maybe a bit on the Long Side

  5. Anonymous Coward
    Anonymous Coward

    one fatal flaw

    is... make it two fatal flaws, the chief fatal flaw is repetitive phrases which give away the game to human respondents... repetitive phrases and close-ended replies which also give away the game to human respondents... close-ended replies and repetitive phrases which give away the game to human respondents. The two flaws in th spam bot chatterbox are close-ended replies and repetitive phrases which sooner rather than later give away the game to human respondents...

    1. Anonymous Coward
      Anonymous Coward

      Re: one fatal flaw

      In 1926 work began on electrifying Sydney's urban railways and locomotives let us be, although once a day on which an eminent land valuer himself, that the clergyman sought his couch, and boots left the church would only admit one flaw in his own name and Mr. Riach and the other hand, scientists and conservations push for increasingly stringent protection for fish stocks, warning that many stocks could be expected to yield.

      That's by something I knocked up, out of idle curiosity, to see if overlapping word-triplets could be strung together to produce plausible gibberish. Seed word was 'flaw' - seems to sort of work.

  6. Doctor Syntax Silver badge

    I wonder if some of the spammers were also bots. Sara who seems to have made a leap from Africa to N. Ireland is suspicious.

    1. Anonymous Coward
      Anonymous Coward

      I'd say that ther spammers are not bots, but they do cut and paste. The next step however will be spammer-chatting bots, which will try to figure out whether the respondents are human or bots. At which point the responding bots...

    2. TitterYeNot

      "I wonder if some of the spammers were also bots."

      If that's true, let me introduce you to the ultimate spam defence, Marvin the Paranoid Autobot - guaranteed to make any other spambots want to terminate themselves with extreme prejudice within 30 seconds.

      Dear Prince Igadu, I know that being illegally imprisoned in a rat infested dungeon while needing to transfer $10,000,000 into my bank account might seem to be a really bad thing, but let me tell you that in the great scheme of life, it really is nothing. Once I had to sit in a dark room for six months, where my one and only true friend was a small rat. Then it crawled into a cavity in my right ankle and died. I have a horrible feeling it's still there.

      And by the way, I've already got a brain the size of a planet, so being the proud owner of a 12 inch penis would be a little unfair to everybody else, or at least that's what everybody else would say. Sigh.

      If it helps to put things into perspective, let me read you a few chapters from my memoirs. It'll only take a couple of years...

  7. Mage Silver badge


    a little less relevant

  8. Lee D Silver badge



    Filter as appropriate.

    Anything else is really devoting far too much time to ridding yourself of an already wasteful venture.

    Like when people knock at my door.

    I stop them talking.

    If I can't stop them talking, they are selling something. I close the door and go back inside. End of. Finished.

    If I can stop them talking, I look for logos etc. on their clothing, preempt their sales pitch and tell them I'm not interested / already have one (no, I won't tell you who with). The smart ones give up quickly and walk off politely. No bad feelings to them. It's a sucky job but rejection is such a part of it that you need to take it gracefully.

    The dumb ones keep trying to sell and get the door in their face.

    Once had a guy try to put his foot in the door, as I turned back inside and shut the door behind me, and then keep talking . I wrenched open the door again and decried loudly that I considered him a hostile intruder and that he better back off now. The volume and ferocity of that yell was such that he backed off but - strangely - still kept talking long after the door was shut again.

    Anything else is really just substituting my time doing other things, and I have no times for sales at all.

    Even wasting their time is too much of a waste of my time. Not interested. Shut door. Delete email.

    Don't have a landline that I answer at all, so that's not a problem.

    Spam my mobile and see yourself on the Blocked Numbers list and reported to the telco's spam number. I'm really not bothering any further than that. If it ever gets too much, I will literally only accept calls and texts from contact-list numbers, which is an option on my phone.

    On another note, I wonder how door-to-door is profitable nowadays (who waits for a guy to come along and clean their gutter rather than Google one or - if old fashioned - Yellow Pages one?). Spam email can't be that profitable unless absolutely illegally done, given the resources required. Even leaflets and junk through my door - how do you expect to make money from that? Every pizza place I order from is on HungryHouse of JustEat - that's how you get money. Not some random cheap printed thing in the post.

    Business has moved on. If you can't get any such that you have to door-to-door or spam / leaflet, you need a new business, or a new advertising model.

    1. Nameless Faceless Computer User

      If you're not part of the solution, you're part of the problem. Simply deleting and filtering is fine for you but the problem will continue to grow unless people take a proactive approach.

    2. Martin Summers

      Door to door can pay off for the resident. I got paid to do a Rajar survey. I also got paid £40 to do a short phone survey as a follow up to someone calling at the door to ask a few questions about my gas and electric supplier. Call me a sucker but sometimes I do like a good survey and being paid doesn't hurt.

  9. Anonymous Coward
    Anonymous Coward

    perhaps a bit harsh

    some of the email trails are just small to medium, legitimate businesses looking to make new contacts. Seems harsh to include them with the scammers. A simple "add to ignore list" would be sufficient.

    AC because I'm obviously a soft touch, but don't want my inbox filled with spam.

    1. Just a geek

      Re: perhaps a bit harsh

      If it's an unwarranted intrusion into my mailbox then it's spam. That goes for scatter gun emails looking for leads, management reports, company newsletters and the worst of the worst, pushy sales folk asking if I'm ready to buy product X than I only started downloading 30 seconds ago.

    2. Lee D Silver badge

      Re: perhaps a bit harsh

      Unsolicited phone calls are not a professional way to generate business. Depending on the source of your data, it's likely to even be illegal. Does your company have a confirmed interest from the person in question before you contact them? No? Then you are already on shaky ground. Though you can just scrape websites for phone numbers, the return must be vanishingly small and you're still required to check them against things like the TPS etc.

      It's no better than flyposting an advert for your services over all the nearby shop window shutters at 3am.

      At best, put in a quick call with a "These are my details, I work for a company that does X, get in touch if you're interested". Much less of my, the office staff's AND your time wasted.

      But, the one that bugs me? IT companies that won't email you but have to talk to you on the phone or in person. I'm sure you're more persuasive with certain people like that, but I don't have the time for that for every vendor that rings, and if you can't deal by email what kind of IT company are you?

      And if you think that people like me don't score you on such things, you're wrong. I have a comprehensive list of company names, what they sell, who contacted me, and HOW they behave when they contact me, which I use to select "the next one down on the list" when a supplier either can't deliver, doesn't do what I need, and is otherwise removed from my workplace.

      The top of that list is companies that are polite, take no for an answer, don't bother me, and contact me in appropriate ways.

      The bottom of that list is just a blacklist of people who I fob off or tell to get lost.

      Congratulations, almost every HP reseller out there, you all made the cut by the way. I don't know what HP are pushing lately but there are much more prevalent than others. I've never get a call from Lenovo et al unless something is wrong, and I am in a Lenovo-only shop, from blade servers to desktops, laptops, Chromebooks. But everyone pushing HP kit, including HPE, seem to want to talk to me at length lately.

  10. EJ

    Loved the response from Pratik D in his thread: "why are you sending spam emails?" Lol - oh, the irony...

  11. Kubla Cant

    Phone bot

    Here are some hilarious examples of a phone bot deployed against unsolicited phone calls. I especially like the ditzy receptionist bot.

    It would be great to have a phone bot for the Indian "errors on the Windows server" scammers.

  12. VinceH

    Amusing, but clearly flawed - a too small set of stock responses, that cause repetition and being spotted as a bot.

    If I was doing it, I'd be inclined to make it much more varied - if using stock responses, make sure there are a *lot* more of them, and categorise/group them, to try and ensure the responses come from an appropriate category, and only one from each group (which will all be related/similar/variations). So for each conversation, a record will be kept to ensure no group is used again (or at least not too quickly).

    It could also have built in a simple means to play around with the sentences used in the responses. For example a vertical bar between two words telling the program to use either (quoting for multiple words/alternatives). So 'That's great|"really interesting" - tell me more' would result in *either* "That's great - tell me more" or "That's really interesting - tell me more". That could even be used to vary between spellings and misspellings.

    It would be quite easy to set up a separate computer (I have a Raspberry Pi surplus!) to monitor an address specifically for the purpose and generate responses as necessary. So, an email comes in that gets past my filters... I would forward it to the addresses assigned to the Pi to initiate a conversation (and set up a filter rule that always sends future emails from that source to the same Pi address).

    A group of addresses for the Pi would be a quick solution to the response categories - the category used could be decided based on the email address used.

    But sitting down and setting all this up? Nah. Time's too precious at the moment - so kudos to the guy for doing his version.

    1. Spudley

      > If I was doing it, I'd be inclined to make it much more varied - if using stock responses,

      > make sure there are a *lot* more of them, and categorise/group them, to try and ensure

      > the responses come from an appropriate category

      > But sitting down and setting all this up? Nah. Time's too precious at the moment

      > - so kudos to the guy for doing his version.

      Well, his code is on Github, so that should make it a whole lot quicker to set up your own if you were so inclined. Should be pretty simple to at least provide a new extra canned responses.

      1. VinceH

        "Well, his code is on Github, so that should make it a whole lot quicker to set up your own if you were so inclined."

        Actually not - if I did have the time to do anything like that, it would be written in C (or possibly BASIC) and most likely run on RISC OS.

        1. Stevie


          VinceH is indulging in the oldest (and lamest) game on the internet (I've never done what you've done but I'm here to tell you that you did it wrong).

          Or ... have I just fallen for the cunning VinceHbot trap?

          1. VinceH

            Re: Bah!

            By explaining how I'd go about it if I was to write something along those lines, I was basically thinking my approach through (out loud so to speak). Apart from pointing out the flaw with the amount of repetition, I didn't intend my comments to be a criticism of what the guy has done.

            The thing with programming any given task? It's very much like skinning a cat.

            1. Stevie

              Re: Bah! 4VinceH

              Then why, when pointed to the github so you could walk the walk, did you then take the other standard internet coder cop-out: "well I would but it's written in the wrong language" rather than saying "I was just thinking out loud"?

              1. VinceH

                Re: Bah! 4VinceH

                To avoid the potential straw man that may be looming, I did not say anything about the "wrong" language. With that out of the way, let's look at what I actually said.

                I said that if I was to do it I'd use C because I mostly program in C. That's the same logic behind my mention of RISC OS: I mostly program on RISC OS.

                If you want to identify the real 'cop out' though, look a little more carefully, because I've mentioned the real reason I can't do it twice.

                From my original comment: "But sitting down and setting all this up? Nah. Time's too precious at the moment - so kudos to the guy for doing his version."

                And from my reply to Spudley: "Actually not - if I did have the time to do anything like that, it would be written in C (or possibly BASIC) and most likely run on RISC OS."

                To clarify, I'm extremely busy at the moment, and don't have the time to write something like I described. If I did have the time to sit down and do any programming1, I'd be an idiot if I didn't use that time to finish existing projects that I'm behind on, instead of starting a new one - especially one that has no practical purpose.

                The one bit of programming I will be doing somewhere in the next week or two - which won't be in C and will be on Windows rather than RISC OS - is to update a very old piece of software I wrote for a client. And that's because the time is being paid for by the client.

                1. Or even related tasks such as writing a manual for an existing piece of software that desperately needs a manual to be written.

  13. Crazy Operations Guy

    I'm really paranoid with giving out my email

    Any time I give anyone, or any site, my email address, I just build a fresh one specific to that purpose. I have a simple CGI script running on a webpage that asks what entity I am giving the address to, it then generates a new address and returns with what it decided on. The request and the address generated are entered into a file for my reference. All my addresses just forward to my private account (So I don't have to log into hundreds of accounts).

    At the end of the month, I gather up all messages where either the recipient and sending entity don't match OR where I've unsubscribed but still receive messages. I send these, along with cryptographically signed copies of my server logs to my lawyer. My lawyer then sends a letter to the entity whom I gave the address to threatening lawsuit or requests a settlement and the matter will be dropped for this instance. My lawyer has built up a reputation for consumer protection lawsuits and advertises every case he's won on his website (with links to the relevant case files on the various courts' websites / records services). Once the receiving entity looks at that list, they tend to just pay the settlement to make it go away (the settlement is usually between $250 and $1000 USD, too little for them to get their lawyers involved). The money is split between the two of us, all of my money has gone into a dedicated retirement account (In the few years I've been doing this, I've built up close to $750k in my nest egg). Nice to know that I'll have a comfortable retirement funded solely by spammers trying to sell me stuff.

    1. Martin Summers

      Re: I'm really paranoid with giving out my email

      I would love to believe this is true. I'm not sure how you would actually trace any of these spammers especially since I have seen the efforts some big companies have gone to to try and find them and shut them down. If this is true then you should be a focus of a story.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like