Found a nice little gem here. Shitty textbook site gets outed by an Carnegie Mellon computer science student for using shady e-mail spoofing. Website owner finds out and tries to talk his way out of it, then gets ripped apart by some of the most influential computer scientists in the world.
Originally Posted:
(Full Thread Here)
"I have witnessed the most deplorable marketing method *ever* used by a startup.
Last night, I received a seemingly CMU-official e-mail [posted here] from "studentinfo@andrew.cmu.edu", promoting a startup called PostYourBooks, which is a st artup used for reselling textbooks and has a landing page that looks like it was designed by an 8th grader using Microsoft FrontPage. I was confused why an official CMU account would be endorsing a completely nonaffiliated startup, so I did a little digging.
After checking the e-mail headers, I confirmed that: a) the studentinfo@andrew.cmu.edu is indeed a spoofed e-mail address, b) throughout my 4 years at CMU, there has never been an e-mail sent to me from that e-mail address, c) the original e-mail originated from a postyourbook.co.uk e-mail server, d) the value in the To field representing “CMU Students” is another postyourbook e-mail, not any CMU d-list, and e) there is a hidden Reply-To field, that causes you to reply to another postyourbook e-mail instead of the studentinfo e-mail should you attempt to reply to the message (to prevent users from messaging a non-existent e-mail address?).
There have been many reckless PR stunts by startups over the years, but there never has been one that actually perpetrates a federal crime. Is this what startup marketing is coming to now?
Fellow CMU students, make sure everyone knows that this is fraud!"
Originally Posted:
(Full Thread Here)
"I have witnessed the most deplorable marketing method *ever* used by a startup.
Last night, I received a seemingly CMU-official e-mail [posted here] from "studentinfo@andrew.cmu.edu", promoting a startup called PostYourBooks, which is a st artup used for reselling textbooks and has a landing page that looks like it was designed by an 8th grader using Microsoft FrontPage. I was confused why an official CMU account would be endorsing a completely nonaffiliated startup, so I did a little digging.
After checking the e-mail headers, I confirmed that: a) the studentinfo@andrew.cmu.edu is indeed a spoofed e-mail address, b) throughout my 4 years at CMU, there has never been an e-mail sent to me from that e-mail address, c) the original e-mail originated from a postyourbook.co.uk e-mail server, d) the value in the To field representing “CMU Students” is another postyourbook e-mail, not any CMU d-list, and e) there is a hidden Reply-To field, that causes you to reply to another postyourbook e-mail instead of the studentinfo e-mail should you attempt to reply to the message (to prevent users from messaging a non-existent e-mail address?).
There have been many reckless PR stunts by startups over the years, but there never has been one that actually perpetrates a federal crime. Is this what startup marketing is coming to now?
Fellow CMU students, make sure everyone knows that this is fraud!"
