Heads-up on “Contact the Author” feature

[swingerjoe]

It seems the trolls have devised a new way of abusing the system. The “contact the author” feature of this site is so outdated that it allows users to enter any email address of their choosing as the sender.

A few days ago, I received a confusing email from someone I’ve never heard of, informing me that he/she had reported me to the authorities for an abusive email I allegedly sent. I responded that I had no idea what he/she was referring to.

Apparently the trolls weren’t satisfied. Last night I received an email from the person associated with the above, calling me a coward for harassing that mystery person above by email. Again, I responded that I had no idea what anyone is talking about.

As it turns out, that email above was not sent by the person matching that email address. It was just some troll desperately trying to stir up trouble for some reason.

Bottom line: when you receive an email titled “Feedback” from Literotica, don’t assume that it’s from the person it claims to be from. Of course, it would be easy to fix this problem, but I wouldn’t expect it to be fixed within this decade or next.

 

[lovecraft68]

I had a similar situation two weeks ago. I didn't bother mentioning it here because as you said, the sites response will be no response.

I'm surprised its taken the trolls this long to figure this game out-or maybe its been going on a for awhile and no one posted about it.

 

[oggbashan]

I had a similar situation two weeks ago. I didn't bother mentioning it here because as you said, the sites response will be no response.

I'm surprised its taken the trolls this long to figure this game out-or maybe its been going on a for awhile and no one posted about it.

For me it is only a problem when I have anonymous feedback switched off. I have had anonymous abuse by feedback. It is easy to delete. I have also have had spam advertising PMs. Laurel's advice is to forward any spam PMs to her. She will delete the account.

As for the original post? It is probable that the original email account had been hacked and used to send from the hacker. When you replied to it, your response would have gone to the email's original owner who is possibly getting multiple emails since the account was hacked. It's similar to getting emails from contacts stating they are stranded abroad without money - cloned contact address used for fraud.

 

[lovecraft68]

For me it is only a problem when I have anonymous feedback switched off. I have had anonymous abuse by feedback. It is easy to delete. I have also have had spam advertising PMs. Laurel's advice is to forward any spam PMs to her. She will delete the account.

As for the original post? It is probable that the original email account had been hacked and used to send from the hacker. When you replied to it, your response would have gone to the email's original owner who is possibly getting multiple emails since the account was hacked. It's similar to getting emails from contacts stating they are stranded abroad without money - cloned contact address used for fraud.

Maybe the OP can clarify more, but I don't think its a hack. Hacks, as you say, will use your e-mail to fire off a variety of spam etc...

How I'm reading this is someone going to the contact form and putting in an e-mail address of someone they have contacted who responded. For instance if someone sends me feedback with an E-mail address I'll respond and they now have the address I use for this site.

Now all they have to do is type it into the field and send it off and now the receiver gets this nasty gram with my e-mail attached to it.

The one I mentioned the person who wrote me asking WTF? on the feedback they got with my e-mail forwarded the message I allegedly sent and I can tell you they know me and were trying to mimick me using some of the things I've said here on the forums or in e-mails to people I've corresponded with here.

Without going into detail it contained an imitation of my 'real men' rants and my views on non con stories etc. So it was a personal set up in my case.

It sucks most lit authors don't post on the boards because I'd be interested to know if this is site wide or someone targeting forum members.

 

[swingerjoe]

Lovecraft has it exactly right. It isn’t a hack at all. It’s someone pretending to be someone else by entering the author’s email address into the “reply” section of the Contact form.

 

[rae121452]

how do they get the email address of the author? it doesn't show up when sending feedback.

 

[swingerjoe]

I assume it was someone who had previously corresponded with me and the other person. If you respond to feedback, then they have your email address.

 

[lovecraft68]

I would imagine who ever this person/people are they send a flattering feedback with an e-mail figuring you'll respond to that.

I've replied to so many I would have non idea who this could be and assume the same for all authors.

 

[rae121452]

then i would be sure to check the last email i responded to. i can't imagine anyone so organized that they stockpile phony email addresses....but maybe i'm naive. nothing should surprise me about the people who frequent this site.

 

[lovecraft68]

then i would be sure to check the last email i responded to. i can't imagine anyone so organized that they stockpile phony email addresses....but maybe i'm naive. nothing should surprise me about the people who frequent this site.

The emails aren't phony, they're legit. If you send me a message though contact the author and you include your e-mail and I respond to that you have my legit e-mail.

You don't have to actively stock pile them, just put them in a folder in your e-mail account or just don't delete them.

I could look through that last few I sent, but it wouldn't prove anything. They're sending these things through lit not their own e-mail provider.

 

[yukonnights]

I'm a bit confused; I have responded with a thanks to some accounts I do not know. However, that is through the Lit system with the "Contact" function (the one where you have to enter a code to send it, etc). There is a place to include one's email, but I've never used that...I assumed the one getting the message from me would be able to know it's from Yukonnights.

As I understand what's happening; some are intentionally including their email in the optional field there?

 

[ChloeTzang]

I'm a bit confused; I have responded with a thanks to some accounts I do not know. However, that is through the Lit system with the "Contact" function (the one where you have to enter a code to send it, etc). There is a place to include one's email, but I've never used that...I assumed the one getting the message from me would be able to know it's from Yukonnights.

As I understand what's happening; some are intentionally including their email in the optional field there?

Yes, you include your email address if you intend more than a one shot response or. Email exchanged via email

 

[lovecraft68]

I'm a bit confused; I have responded with a thanks to some accounts I do not know. However, that is through the Lit system with the "Contact" function (the one where you have to enter a code to send it, etc). There is a place to include one's email, but I've never used that...I assumed the one getting the message from me would be able to know it's from Yukonnights.

As I understand what's happening; some are intentionally including their email in the optional field there?

It says in the field if you want a response add your e-mail address. Otherwise its sent as anonymous.

 

[yukonnights]

Yes, you include your email address if you intend more than a one shot response or. Email exchanged via email

It says in the field if you want a response add your e-mail address. Otherwise its sent as anonymous.

Thanks for clarifying...my paranoia and conspiracy research finally paid off !!!

 

[jsmiam]

It's not exactly a hack, it's a design flaw in the website design

It isn't exactly a hack: The OP first replied to the email, innocently thinking it really came from the apparent sender. From there, who knows what happened, the fake email address, and from there the followup from the troll, may have been part of the Troll's world, but no telling.

It's a combination of the way the form is written (amateurishly, poorly, and written under the assumption that nobody will take advantage of gaping weaknesses in the design), PLUS a troll abusing the system.

The best way of all (and I concede, most small website operators, even skilled ones, don't necessarily have the skill to fully do this), it would be a full-blown relay system, similar to Craigslist classified ads. (Craigslist also has a massive troll problem though, but at least their email relay system works well.)

As far as the capabilities of Lit, they could at least modify the form a bit, so that the email comes from "DO_NOT_REPLY@literotica.com", but also includes in the email body "Email address provided by the submitter", plus a note saying "Note: Literotica does not guarantee the validity of this email address."

With a "better than nothing" design like that, at the very least, authors wouldn't be fooled into assuming the email address is correct.

HOWEVER.... Nobody should expect this design change to actually happen. People talk and wish for design changes here at Lit over and over, some minor like this, some major, but history says few if any will ever actually happen.

The summary, just like the OP said, never assume the "from" email is valid or correct with an email from Literotica's feedback system. Maybe it is, maybe it isn't.

 

[loquere]

It seems the trolls have devised a new way of abusing the system. The “contact the author” feature of this site is so outdated that it allows users to enter any email address of their choosing as the sender.

A few days ago, I received a confusing email from someone I’ve never heard of, informing me that he/she had reported me to the authorities for an abusive email I allegedly sent. I responded that I had no idea what he/she was referring to.

Apparently the trolls weren’t satisfied. Last night I received an email from the person associated with the above, calling me a coward for harassing that mystery person above by email. Again, I responded that I had no idea what anyone is talking about.

As it turns out, that email above was not sent by the person matching that email address. It was just some troll desperately trying to stir up trouble for some reason.

Bottom line: when you receive an email titled “Feedback” from Literotica, don’t assume that it’s from the person it claims to be from. Of course, it would be easy to fix this problem, but I wouldn’t expect it to be fixed within this decade or next.

I turned that feature off, maybe 3 years ago. I block all feedback.

 

[My I]

I got troll mail from someone a while back from a fake email address. blahblahblah@psychopathsrus.com or something like that. If it becomes a real issue report it to the police.There are ways of tracking the email to an IP address and who has or had that IP.

 

[Bramblethorn]

Note that this sort of thing is quite possible without using Literotica. Many email programs let you configure the "From" field to anything at all; half the spam I get is from fake addresses. The delivery headers will often contain clues that the reply address is bogus, but who checks headers these days?

The best way of all (and I concede, most small website operators, even skilled ones, don't necessarily have the skill to fully do this), it would be a full-blown relay system, similar to Craigslist classified ads. (Craigslist also has a massive troll problem though, but at least their email relay system works well.)

Alternately, use address confirmation: if I provide email with "joe.smith@example.com" as the listed return address, the site sends an email to that address with a link, and I have to click on that link to confirm that I do control the joe.smith email account before it sends the message to the intended recipient.

 

[lovecraft68]

Note that this sort of thing is quite possible without using Literotica. Many email programs let you configure the "From" field to anything at all; half the spam I get is from fake addresses. The delivery headers will often contain clues that the reply address is bogus, but who checks headers these days?



Alternately, use address confirmation: if I provide email with "joe.smith@example.com" as the listed return address, the site sends an email to that address with a link, and I have to click on that link to confirm that I do control the joe.smith email account before it sends the message to the intended recipient.

That would work, the issue is as we all know, Lit is not about to do anything about anything. This site limps along held together with duct tape and used bubble gum. he only reason for the recent upgrades is the site was getting so antiquated it was losing ground with the younger audience to sites that looked like they weren't from the nineties.

 

[RejectReality]

Which is the reason so many people believe the "contact us" address for Lit doesn't work. It forces you to confirm your email address before allowing the message through. As often as not, said confirmation message ends up in the spam folder. More and more email providers are hiding the spam folder.

People never complete the confirmation step, because they never see the email.

It's common practice when signing up for something. It's uncommon when sending a message. People expect the standard captcha technology, and nothing more. They don't look for it even when informed to. They expect to see a "message delivered" prompt, and that's what they see, no matter what the text actually reads.

It's the same reason that adding additional verbiage to the page and email headers won't work. Nobody reads the sticky posts. Nobody reads the terms and conditions.

Those who do are the least likely to actually need the information.

At this point, email from the author page is so rare that it may as well be redirected to the PM feature on the forum. The loss of contact from people unwilling to sign up would be a portion of an insignificant number anyway.

Alternately, use address confirmation: if I provide email with "joe.smith@example.com" as the listed return address, the site sends an email to that address with a link, and I have to click on that link to confirm that I do control the joe.smith email account before it sends the message to the intended recipient.

 

[swingerjoe]

Of course, the most sensible solution would be to eliminate email (a remnant of the 90’s) altogether and allow Literotica users to message each other through the site — just as we’re able to do on this forum.

I would be willing to bet that 20 years from now, this site looks exactly like it looks today. It is what it is. I’m willing to live with it — especially since I don’t pay a penny for it! I was just giving a heads-up to others about this latest troll trend. Don’t assume that the person contacting you is who they claim to be.

 

[Zeb_Carter]

The sender of the feedback doesn't get your email address unless you respond to his post, but if he/she uses a bogus email then if you respond it goes nowhere...sometimes you might get a failure to deliver message, but sometimes you don't.

The site does not check the validity of the email address typed in. I have in the past used BOB@BOB. COM as my return email address. For the longest time everyone was taking it until the all figured a way to validate email addresses.