Slashdot Mirror

The law allows for damages to the recipient of $500 or actual damages, which ever is greater, for EACH MESSAGE received. The law also allows $1,000 or actual damages, which ever is greater, to the Internet Service Provider, for EACH MESSAGE received.

There is also an article on The Register about Europe considering a ban on spam.

I've also got a collection of Spam resources, along with details of WIndows spam prevention and details of spam filters.

The law allows for damages to the recipient of $500 or actual damages, which ever is greater, for EACH MESSAGE received. The law also allows $1,000 or actual damages, which ever is greater, to the Internet Service Provider, for EACH MESSAGE received.

True - never ever respond to a spammer, you just validate your address. However, respond to abuse@[spammers isp] and you'll hopefully just the spammer cut off.

Not sure who the ISP is? Try the resources on spam.abuse.net and here.

I've also got a collection of reviews about spam filters, Procmail filtering advice, and Windows anti-spam software.

Good idea... in theory.
How about mailing lists - I'm a member of many of them (including spamtools), and it just wouldn't be possible to encrypt each message (or digest) per person. Some lists have several hundred valid subscribers.

Richy C.
--

http://www.spam.abuse.net/ might help you find a way out...

Probably 99% of my unsolicited bulk email (also known as Spam) originates in the USA. It is a whole new dimension of fraud, chain letters and multi level marketing, thanks to the cheap mass mailing possibilities of the Internet.

While Anti-Spam regulation exists, US laws appear to be very weak on this issue. Here in Germany, laws are far stricter and the financial fines involved can make email spam a very expensive hobby for a spammer.

Most US spammers cite non-existant laws (the Murkowski bill is an example) as an excuse for their actions, trying to appear legal. Some of the most persistent spammers have been in action for years and are known by name and address, yet they still haven't been stopped, due to weak US laws.

Will there ever be more efficient laws against spammers and their usual snake oil line of fraud products?

Also: I see a disturbing trend of US-American political parties trying to use E-Mail spam for their campaigning. While not being an American citizen, I have already received such E-Mail by US-American parties and political or corporate lobbyists. What is your take on email bulk messaging as a political tool?

------------------

About 2 years ago, I heard anecdotical reference that 50% of the incoming mail load at AOL is spam, being filtered before it reaches the recipient. I used to think that was unrealistic. Of course, I cannot proof it, but now, being a postmaster of a small public server, I don't think it's unrealistic, anymore.

Think about it: E-Mail spam will rise. It will become much much much worse than it is now. Email spam is just too cheap and too easy to do. Anyone with a sub-500$ PC and a modem can do it. No printing of bulk paper mailings, no call center agents to hire for telemarketing, no expensive address lists (just harvest Usenet or discussion sites like Slashdot).

This is only the beginning of a networked age. Once every business man in the world has the power to send spam to millions of unwilling recipients, just imagine how it will be like to "just hit delete" on 90% of your daily incoming email.

But then again, you're probably American, where Telemarketing has become one of the accepted abuses of your private phone. (I'm glad that Telemarketing is not allowed over here in Germany.)

Imagine more than dozens of telemarketing calls per day, every day, every week, every year, with steady increase, more and more every month.

That's the right comparison for the email spam - not those junk mail paper ads you receive in your paper mail.

That's why spam has to be stopped.

------------------

spam.abuse.net is your friend.

General information on blocking Spam can be found at http://spam.abuse.net/tools/mailblock.html

If they are using an up to date version of sendmail and wish to use a local blacklist this is trivial and is documented at the following URL: http://www.sendmail.org/antispam.html

Look around sendmail.org to find detailed info on using blacklists.

Another good reference is http://www.orbs.net

Spammers have gotten wise to the fact that using their own sites to send their Spam gets them blacklisted in short order. However there are lots of broken sites that accept anonymous relaying. Orbs keeps a DB of these sites so you can refuse to accept Email from these potential sources of Spam.

Pat

no. dont delete. LART. www.abuse.net has a contact lookup database you can complain through. read the page, and learn the right way to respond to spam (w/o breaking the law, that is). -c

Spud Zeppelin dun said:

Really, we shouldn't allow the medium to dictate our metaphor here: how is spam really all that different from someone approaching you on the street and asking "Hey buddy, wanna buy a watch?"

Well, among other things, it doesn't force me to store his offers for watches on private property, and it doesn't cost me money and/or labour costs to listen to him try to sell fake Rolexes, not to mention telling him to perform impossible acts of self-copulation with aforementioned watches. ;)

The same cannot be said of spam (including UCE). First off, the vast majority of sites with full-time Internet connections pay by the byte or by the hour (and, especially outside North America, a non-negligible number of home users, too; UUCP connections (where you HAVE to download all the mail) are still relatively common in Europe, Asia and South America, and are STILL some countries' only connection to the Internet (if memory serves, Mongolia's main ISP is UUCP-only, and this is also true for most African ISPs outside of South Africa and africa.net accounts), and people in most countries pay by-the-minute for phone calls period (incidentially, most countries also ban telemarketing--North America is one of the few places where it is legal--because it costs folks to receive it; this is also why junk faxes and telemarketing calls to cell-phones are illegal even in North America)...); the costs are often non-negligible, especially with the volumes of spam being sent (I did a quickie analysis around two years ago, which is posted here under the title "Spam By The Numbers"--this gives you a really good idea of the sheer amounts of crap that get sent to your local ISP daily if they aren't using specific block-lists like the MAPS-RBL list; nowadays it is also probably a very conservative estimate--with big mailspams on big ISPs, it can easily hit the gigabytes). This cost will, eventually, be passed on to the consumer-level (stuff like unlimited access being cut, or prices going up because they have to pay for the new RAID-5 array just to store all the spamaceous crap), so don't think you home users get away without paying the costs of spam.

Secondly, tracing down a source of a spam and getting them to stop spamming you is not exactly trivial. Spammers very commonly use throwaway accounts at freemail providers (and previously, AOL, Netcom and Compuserve accounts due to the sheer number of "free trial" CDs they would give out) and will obfuscate the hell out of headers (this is, in part, what the Washington bill was aimed at); not only that, they will often "relay-rape" servers, routing spam through insecure third parties' mail servers (there are a rather surprising number of these out there--Sun and SGI have notoriously insecure versions of Sendmail shipped with their programs, boxes in a lot of third-world countries and @Home boxes are insecure, and I won't even go into Windows mail daemons or mail daemons on old IBM mainframes--suffice it to say that spammers are the main reason most sites worth their salt don't relay mail anymore except for customers, and an increasing number won't even let you post mail without downloading mail first--Mindspring and Broadwing, among others, had to implement this). To make things even worse, spammers have over the years either set up shop at outright spam-friendly ISPs or at sites that couldn't be bothered to give a damn about net.abuse; at one point an entire backbone site on the 'net, Agis.net, had to be literally "IDP'd" (basically: many, many sites started refusing to share any traffic--not just mail and news, stuff like FTP and HTTP and the like) because AGIS hosted literally seven or eight of the worst spammer's havens on the Internet (including Sanford "SpamKing" Wallace's site, etc.) and refused to give them the boot after nearly EVERY other national-level ISP at the time HAD given them the Golden Boot. (Eventually AGIS did boot them and wrote up a strong, anti-net.abuse AUP. The AGIS boycott wasn't trivial--they were literally the third or fourth largest site on the net, many national-level ISPs had them as a primary or secondary network service provider, and they provided the only network service for a lot of sites including all of Alltel's Internet network.) And to make things even WORSE, many (if not most) spammers actually use "remove lists" or "do-not-spam" lists as actual confirm-lists for live addresses to spam; these lists are even bought and sold among spammers, and it is literally next to impossible to get one's address off one of these lists once they have been added on (about the only way I've found is for the email account itself to go dead).

It doesn't help that most of the folks in the "serial spamming" business--the hard-core folks-- are sociopaths (no, I am not making this up--most of them would actually be diagnosed as sociopaths). Sanford Wallace, for example, was in the junk fax business before he went to spamming--he is also widely regarded as being the person most responsible for junk faxes having been banned. Wallace is also almost singlehandedly responsible for most of the anti-spam AUPs in place, with a few other folks was largely responsible for getting AGIS "shunned" a few years back, and is almost singlehandedly responsible for nearly every anti-spam bill that has been proposed to a legislature worldwide. He finally got out of spamming when literally no ISP in North America would touch him with a 40-foot barge pole--and this, only AFTER he'd gotten AGIS IDP'd, been fined well into the millions of dollars for contempt-of-court charges, been literally banned by a Federal court in Ohio from sending mail to any customers of Compuserve, been banned by a Virginia judge from sending any mail to AOL customers, been fined by that judge for disregarding that order, paid well over US$300,000 in Internic charges for domains...this is the psychology we're dealing with. Sad individuals...

It's funny you should mention guys "selling watches", though. If he makes it a business as much as, say, most spammers do, just selling watches on the street is outright illegal in many areas. If it's over a certain volume, in many places he has to buy a specific business license. If he is found selling illegal goods (like, oh, counterfeit watches or selling adult material to under-18s or selling shares in a pyramid scheme or even selling stocks without a prospectus) they can lock him up and throw away the key.

Of note--the FTC has estimated that over 80% of all spams are for "fraudulent" and/or outright illegal schemes. Those that aren't are often adverts for adult sites which are of questionable legality for under-18's (and, depending on local ordinances, may be of questionable legality for anyone--for instance, adverts for marital aids and the sale of marital aids is illegal in Alabama and in a number of Southern counties).

In short, there are a lot of differences. You might visit CAUCE here, or spam.abuse.net for detailed info on the history of spamming and the real costs to Internet users. Those of you running Linux and *BSD boxen might want to in particular hit spam.abuse.net's info on securing your mail server, or hit Sendmail's web site which, along with the latest version, has extensive info on spamproofing your mail (including blocking open relays and spamaceous sites through the MAPS-RBL and stopping Bad Guys from relay-raping your server).

Kavalier yammered:

eah I guess you're right.. I'm not considering spamming, I'm just trying to view this from all directions.. however, if I have a good standing relationship with my provider and he with his provider, and me with his provider, which has a direct connection to a major backbone, nobody could stop me right? like say my best friend works for splitrock.. nobody would risk cutting off a whole backbone for a simple spammer so it wouldnt be pushed too far if my ISP ignores the requests. I'm just saying this because I've noticed alot of spammers that I've been spammed with have their own mail server and had a direct connection to a major backbone provider and its possible they had inside connections that would prevent them from getting disconnected. right?

Not only could many ISPs blackhole an entire backbone to "get rid of a single spammer", entire backbones have historically been blackholed to get rid of spammers.

Some examples I can think of off the top of my head:

AGIS, a backbone which was given the "Internet Death Penalty" (had all Usenet posts shunned or cancelled, and many sites shunned all email and blocked all other connections, including web and FTP, to sites that got feeds through AGIS) due to their hosting of several major spam sites associated with the IEMMC (a now-defunct spammers' trade group) including sites associated with Nancynet and Sanford Wallace's spams. AGIS refused to remove IEMMC sites, even when confronted with info that IEMMC "remove" lists were actually being used to add folks to spam lists. It literally took a large portion of the sites on the Internet refusing to exchange ANY packets that went through AGIS's backbone before AGIS finally dropped Sanford Wallace and company like a hot potato.

UUnet's dialups have been periodically blackholed by ISPs because of severe problems with net.abuse (including spam) from the dialups and UUnet being slow to provide tracing info. It took the real threat of possibly the largest backbone's dialups being left to talk to the ether bunnies for UUnet to shape up.

While not backbones, national-level ISPs and servers have been blackholed for reasons of spam and/or net.abuse. (Among a short list: AOL, Netcom (has been IDP'd at least twice), Earthlink (in association with Scientology-related net.abuse), Zippo (pay news service; was unblocked after strong AUP enforced), Altopia (blackholed due to "Hipcrime" related net.abuse and refusal of admin to investigate), Demon Internet (open NNTP servers), etc.) In fact, there is serious talk of blackholing an entire name domain registry due to spam (Network Solutions, aka InterNIC).

An increasing number of sites--largely because it's been shown that People Just Plain Don't Like Spam and because spam does consume a gawdawful amount of system resources (I've done a rough essay on the subject)--are joining blackholing mechanisms. Spam-cancels and UDPs were the first of these; a later incarination is the famous Blacklist of Internet Advertisers, then NoCeM was developed to replace spam cancellation (as well as provide for global killfiles for end-users) and now blackholing mechanisms such as the Realtime Blackhole List; the RBL is now explicitly supported by most modern mail daemons, including sendmail.

In other words...don't assume that people won't blackhole an entire backbone if the backbone won't wack people who are using it to spam. Some folks will. They've done it before, they'll do it again, and it is literally easier than ever to leave a spamaceous site--backbone or no--talking to itself and the ether bunnies. This way of dealing with Bad Folks is as old as the Amish and it's not gonna go away anytime soon. >;)=

You might try taking a look at the following:

• http://alcor.concordia.ca /topics/email/auto/procmail/spam
• http://www.panix.com/uce.html

• http://spam.abuse.net

No, we don't need no stinking laws. The internet can heal itself without involving the slow creaky wheels of justice. If they keep it up, the pipe dumping raw noise into the internet will be simply cut off and blackballed. Things like that happen if you have a mail relay and allow abuse.

Here are a few great antispam links:

http://maps.vix.com/
http://www.orbs.org/
http://spam.abuse.net/

The definition of e-mail spam is "unsolicited bulk email": that is to say, an email message is spam if, and only if, it is unsolicited and sent to a large number of recipients. Likewise, a message is usenet spam if, and only if, it is crossposted or multiposted heavily enough (c.f. the Breidbart Index). In each case, the content of the message is totally irrelevant. Spam is characterized by the manner in which it is delivered, and not by the content contained in the message.

The difference between anti-spam efforts and censorship efforts is that censorship by definition uses message content as the sole criteria for rejection, while spam fighters by definition use message delivery parameters as the sole criteria for rejection.

http://spam.abuse.net/
http://maps.vix.com/

It will help you understand why spam is morally and *technically* evil.