Slashdot Mirror

Follow the money!

Who is it that's trying to sell you something? Who is asking for your money?

Unless you get very different spam from what I do, they are almost always American companies. "Mortgage refinancing", "Herbal Viagra", "Green Card Lottery", do any of these ring a bell?

Yeah, there are quite a few 419 scams and other phishing out there, and also some spam in cyrillic or asian character sets, but that's peanuts compared to all the "great offers only available in the lower 48" or whatever.

It just drives me nuts how America has been spamming the world for 10 years, but when the rest of us try to point that out, you Americans immediately cry foul and start blaming everybody else.

42% these days? Sounds about right. It used to be more before, but I guess the rest of the world is catching up.

BTW, here's the list of the world's worst spammers. Notice a pattern?

But, I give up. I cannot convince someone who can't see beyond their own nose. Instead, I'll make this perfectly clear. I don't send spam, but if I ever get DDoSed by any of these holier-than-thou anti-spam vigilantes, I will do all I can to see the full force of the law fall upon them. You'd be no better than a script kiddie, and subject to the same punishment as far as I'm concerned.

Vigilante justice soils the good name of the anti-spam groups out there that are working hard to help the world control the spam problem. Attacking spammers with DDoS only changes them from being a criminal into being a victim, and we do not want that.

Anyone that pays any attention knows that regardless of where the spam is sent from, and regardless of the hosting of the website being spamvertised, the vast majority is sent on behalf of Americans, and is advertising to Americans.

Also, look at the spamhaus lists or such, how many of them are American? Not many.

Only if by "not many" you mean "the vast majority".

The Spamhaus ROKSO list has 183 entries right now, the vast majority based in the US.

I had a quick look at Spamhaus. You have a pretty screwed notion of "many" if you say that 77.5% (141 out of 182 entries in the ROKSO list) is "not many".

Sebastian

And to make the ROKSO list, you have to have been kicked off of three ISPs.

Definition taken from SpamHaus:

A message is Spam only if it is both Unsolicited and Bulk.

Unsolicited means that the Recipient has not granted verifiable permission for the message to be sent.

Bulk means that the message is sent as part of a larger collection of messages, all having substantively identical content.

Unsolicited non-bulk email is normal email, e.g. first contact enquiries, job enquiries, sales enquiries

Bulk non-unsolicited email is normal email, e.g. subscriber newsletters, customer communications, discussion lists

Making that into a legal definition:
An electronic message is "spam" if (a) the recipient's personal identity and context are irrelevant because the message is equally applicable to many other potential recipients, and (b) the recipient has not verifiably granted deliberate, explicit, and still-revocable permission for it to be sent.

http://www.spamhaus.org/news.lasso?article=152
http://www.spamhaus.org/news.lasso?article=155
http://writ.news.findlaw.com/ramasastry/20041215.h tml
And lots more... Google is your friend...

http://www.spamhaus.org/news.lasso?article=152
http://www.spamhaus.org/news.lasso?article=155
http://writ.news.findlaw.com/ramasastry/20041215.h tml
And lots more... Google is your friend...

``Unsolicited bulk email'' seems like a pretty good definition to me, but I guess that's not quite good enough for the brainiacs at FTC.

And according to http://www.spamhaus.org/ which the top source of spam, above China, is still the US.
China may be the biggest in terms of the market for zombie-pc network lists and does have a huge growing market for hosting spammers sites, but whose paying for these services? Most of the spam is still from a few westerners (url:http://www.spamhaus.org/rokso/) most of whom are American's.

Can we null-route Florida yet?

Source: http://www.spamhause.org

join them. Apply for a patent on sending commercial solicitations through electronic mail, then start suing spammers out of existence. For bonus points, send them your first C&D letter in an email entitled "Make BIG $$$ using teh p.a.t.e.n.t system!11!1!!!1 LOLOMGWTF"

Joe-jobbing seems to be highly overrated. There never seem to be any real cases cited, only hand-wringing by people who have not been joe-jobbed but who seem more concerned with hypothetical joe-jobbing of unnamed, unknown others that no one can point to than with the stark, ugly reality that significant and increasing levels of Internet bandwidth are being eaten up by the billions of spam and worm/virus messages being propagated daily, not to mention the millions of person hours lost to weeding through and disposing of spam and disinfecting machines.

That's the reality. Your joe-jobbing fears are entirely speculative and not taken seriously by anyone familiar with the protocols and programming involved in designing and implementing something like the Lycos screen saver.

They are a spam hosting company , and they are blocking the trans-atlantic access to makelovenotspam.com.

> traceroute makelovenotspam.com
traceroute to makelovenotspam.com (213.115.182.123), 64 hops max, 44 byte packets
(hops 1-4 removed)
5 500.Serial3-7.GW4.NYC4.ALTER.NET (65.217.196.181) 4.280 ms 4.267 ms 3.817 ms
6 146.at-2-0-0.XR3.NYC4.ALTER.NET (152.63.25.98) 4.350 ms 15.281 ms 6.800 ms
7 0.so-2-0-0.XL1.NYC4.ALTER.NET (152.63.17.29) 14.770 ms 9.844 ms 12.983 ms
8 0.so-5-3-0.XL1.NYC8.ALTER.NET (152.63.1.49) 6.267 ms 5.575 ms 5.700 ms
9 POS6-0.BR3.NYC8.ALTER.NET (152.63.19.53) 12.412 ms 5.083 ms 5.795 ms
10 * * *
11 * * *
^C

Here is the traceroute to the download site which is still operational:

> traceroute download2.makelovenotspam.com
traceroute to download2.makelovenotspam.com (213.115.182.70), 64 hops max, 44 byte packets
(hops 1-4 removed)
5 500.Serial3-7.GW4.NYC4.ALTER.NET (65.217.196.181) 7.132 ms 18.167 ms 4.769 ms
6 146.at-6-1-0.XR3.NYC4.ALTER.NET (152.63.25.90) 4.726 ms 4.779 ms 4.454 ms
7 0.so-2-0-0.XL1.NYC4.ALTER.NET (152.63.17.29) 11.073 ms 5.675 ms 15.036 ms
8 0.so-5-3-0.XL1.NYC8.ALTER.NET (152.63.1.49) 5.391 ms 6.484 ms 5.798 ms
9 POS6-0.BR3.NYC8.ALTER.NET (152.63.19.53) 13.613 ms 5.041 ms 5.606 ms
10 204.255.168.134 (204.255.168.134) 6.497 ms 6.206 ms 7.160 ms
11 so6-0-0-2488M.ar1.ARN1.gblx.net (67.17.67.250) 118.008 ms 109.717 ms 111.907 ms
12 64.215.185.82 (64.215.185.82) 119.551 ms 109.770 ms 124.437 ms
13 pos2-0.cr1.sto1.se.bredband.com (195.54.123.114) 110.145 ms 125.686 ms 114.214 ms
14 vlan11.dr1.sto1.se.bredband.com (195.54.116.166) 110.620 ms 110.892 ms 118.073 ms
15 vlan6.dr1.sto15.se.bredband.com (195.54.116.226) 120.274 ms 117.771 ms 109.874 ms
16 * * *
17 * * *
^C

This makes me want to run the damn thing more than ever! Spam friendly hosting companies are now doing a denial of service to makelovenotspam.com. The company says they were not hacked, but it makes me wonder if Global Crossing didn't redirect the page accesses to the that "hacked" page (and yes, I did see it myself, but I didn't think to do a traceroute at the time).

I really hope they come back up or someone comes up with something equivalent soon. How hard would it be to get a perl script together that downloads the spamvertised web sites page of spamcop.net and downloads them 20 times each? False reports would get a 20 minute increase in bandwidth, but repeat offenders would get hammered long term.

Currently, the bulk of the big spammers live and operate within the United States. They may host their Web sites in China, buy lists of open proxies from Romania, and commission viruses from Russian Mafia programmers -- but they live in the "comfort" of the U.S. whose laws they flout.

They do not want to move overseas. They want the comforts of home -- to make millions without leaving the couch. They are small-minded, hurtful, nasty little people. They want the world delivered to their door, and are willing to steal and destroy to get it -- but only if they can do that stealing and destroying from behind a screen. They are not brave. When they are challenged, they retreat into paranoia and lash out with lawsuits based on conspiracy theories. Can't do that from East Bumfuckistan.

I just settled with Global Web Promotions, but cannot discuss the terms. But, part of what encouraged me to settle is that the FTC has gone after them (and I am helping with that) and had an injunction and order to freeze assets granted.

Spamhaus and NANAE are 2 good resources for checking up on potential providers.

I would be interested in a list of the passwords attempted by the worms since they managed to compromise the SBS2003 and winXP1 boxes that way.

The list of passwords attempted by worms is here (pointless cookie acknowledgement and second attempt to load URL required).

And of course they could be trying other passwords as well...

But having said that, the United States is still the #1 spamming country in the world. South Korea is only #3 (http://www.spamhaus.org/)

Guardian Unlimited: Mail out of order:"Boca Raton in Florida is...the spam capital of the world....There are really only 150 spammers doing 90% of all the spam we get in the US and Europe... at least 40 of them are in Boca Raton."

Also see ROKSO.

Bleh!

Bleh!

Bleh!

That plus a combination of blocking senders on the Spamhaus SBL and doing greylisting, which I put in place on my mail server a few months ago, has dropped my personal spam volume to about one every week (out of about 600 a day that try to get through.) Most spams are stopped by the SBL and the greylisting, which is great because very little bandwidth is wasted. Greylisting blocks a lot of viruses too (ClamAV takes care of the rest.)

Needless to say, I won't be installing any HashCash systems on my mail server any time soon. For the moment, until spammers get a lot more sophisticated, they're pretty much stopped dead in their tracks by a combination of existing, widely-deployed technologies.

Now imagine several thousands or millions of Spamcast customers using Windows-powered set-top boxes. First thing spammers will do is get such a thing and examine it for possible exploits. Legitimate customers won't even get the idea that their set-top box could catch a virus or a trojan which could do harm to anyone. Most of them won't ever update their set-top box top fix known security holes. Why should they? Would Spamcast tell them to do so? Or even Microsoft?

So it won't take very long until the world gets hammered by the worst and biggest spam cluster the Internet has ever seen.

that they send via Chinese servers
http://www.spamhaus.org/rokso/index.lasso

...that the Internet will develop an immune system in the real world powered by a secure, anonymous dead pool and paid-for mercenaries to hunt down and kill spammers, scammers and jack asses. I have a pay pal account, an inbox full of spam and the ROKSO list printed out ready to start entering names. Vote with your money and when Alan Ralsky is worth more dead than alive, we'll see what happens to the future of the Internet...

UPC (aka chello) ignore all complaints, valid or not, including spam complaints.

see for yourself

Chello.nl

Chello.at

UPC (aka chello) ignore all complaints, valid or not, including spam complaints.

see for yourself

Chello.nl

Chello.at

Vigilante lawfare outfits like RIAA and MPAA can torment users and ISPs at will.

Vigilante lawfare outfits like RIAA and MPAA can torment users and ISPs at will.

Are we supposed to hate Adobe?

Remember, however, that Elcomsoft are associated with spammers

You seam to have a rather new mail account. As for my spam stats the spam grow seam really stochastic.
I was wondering if someone is interested in gathering spam stats through XML-RPC or similar. I know that SpamHaus gives some general statistics of the number of spam, but they are not accurate and differentiated between the different types of people (people that read UseNET and have a website receive more spam).

This si interesting, but you have to say this guy is fighting a losing battle. You have to fight Spam at its source. Look at the Spamhaus statistics: it might sound trollish, but spam is evidently an American problem, which must be combated in America. The Spamhaus stats prove it. 90% of the spam you see is from 200 individuals, of whom 96% are Americans, operating out of america.

Clean up your act guys. When you're costing the world this much money, it just isn't funny anymore.

This is good news. America is going to have to crack down hard on Spammers. Spam is essentailly an American problem, exported to the rest of the world. You think I'm lying? Hell, check out the spamhaus stats. It's clear that America is going to have to enact the heaviest penalties to help the rest of the world. The CAN-SPAM act is ludicrous, hopefully Congress will wise up. Speaking as a Brit, I'm outraged that such a prominent Net-Nation is taking such a bláse attitude towards their responsibilities to the rest of us. America is ruining my Net experience. It's a harsh truth, but it's a truth nonetheless.

Seems like even for revenge it would be worth it to you. Go get 'em, Tiger!

BTW, have you turned them into Spamhaus?

Your post advocates a

( ) technical (x) legislative ( ) market-based ( ) vigilante

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
( ) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business

Specifically, your plan fails to account for

( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
(x) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
(x) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook

and the following philosophical objections may also apply:

(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
( ) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
----
Also, finding spammers has never been a problem.

I thought it was common knowledge that most spam comes from the US. http://www.spamhaus.org/rokso/

As the others said, it's a matter of baby vs. bathwater. People (usually) don't just block all of China because there are some spammers there, they block all of China because there are some spammers there and they don't expect to receive any valid email from China. While there may be a huge amount of spam coming from the US, most of their valid email is probably coming from the US also. It simply wouldn't make sense to block the entire US. It would be the equivalent of an email filter that deletes all of your mail, because most incoming messages are spam.

There are some admins/RBLs that do block huge sections of the internet for any spam. These people take the collateral damage approach. Their plan is to interfere with the ISP's legitimate emails enough that the ISP decides it's in their best interest to terminate the spammer. For example, blocking any mail from any AOL server, because one AOL user sent some spam. In my experience, these tend to be the angsty types who are doing it more as revenge than as an actual anti-spam tool. There isn't much effort put into validating the blacklist info or keeping it updated.

The Spamhaus project disagrees with you.

And if your own spam folder looks like mine, I'm pretty sure it is filled Penis Enlargement,V1agra and diet products spam - In American english. The simple fact that so many spammers think everyone needs diet products and larger penises makes me certain that they can only come from a single country...

Folks, "swank" or "dollar" or "sencode" as he's known, is NOT anonymous." His name is Chris Brown.

http://www.spamhaus.org/rokso/evidence.lasso?rokso _id=ROK1061

I'm not going to give you a street address. You can find that on your own, and besides, I know full well what you're likely to do with that info once you get ahold of it. I'd prefer not to be attached to that kind of behavior.

The only way to educate them is to stop replying to the mortgage spam. As long as they can buy leads, they will because it is profitable for them to do so.

That is a sensitive response, but as far as I am concerned it would just take too much money, time and effort to educate every looser out there.

I'd rather the they-sent-me-unsolicited-information, i'll-send-them-unsolicited-information approach. This basically consists on poisoning their data base, with bogus realistic looking data! Try feeling in the forms with random bogus data (please, kids, do not enter data of reputable entities such as Mr. Valennti, good old Darl, Mr Ralsky or any other slime we have all come to love).

Banks and alike buy mortage contacts for 50 bucks a piece (now you know why is there so much spam of this kind). Every fake contact you enter will produce a 50 dollar loss for the scourge who ends buying the database. If enough critial mass is reached (30-40%) of the database, the costs will skyrocket for the scums, and their business will stop being profitable.

I've had a number of problems with a Cogent Communications customer (Glowing Edge) spamming the hell out of one of my addresses. After numerous complaints to Cogent (and a couple of phone calls to their abuse dept.), I determined that they really don't plan to drop this customer (despite being told by their abuse dept. that this customer generated the greatest number of complaints). I've since denied all of their netblocks (see below) from sending mail to me - I recommend others do the same. Don't support ISPs which allow their customers to spam!

Cogent Communications netblocks:
209.115.0.0/16
209.41.192.0/18
206.1 83.224.0/19
216.28.0.0/15
209.146.0.0/17
66.28. 0.0/16
66.250.0.0/16
66.132.0.0/17
207.254.144. 0/20
38.112.0.0/13

It's been done.
Here's the Americans on The ROKSO list.

Unfortunately Slashcode won't let me put them in a list ("lines have too few characters").

The above has links with addresses for many of these. Was it Rumsfeld who said "one spammer, one bullet"? A dozen magazines should do this lot then.

Alan Ralsky, Albert Ahdoot and Alyx Sachs, Amadeo Belmonte, America Find Inc., Andrew Amend, Angelo Tirico, Anthony ''Tony'' M. Banks, Bill Stanley, Bill Waggoner, Bonnie Dukarossa - Bullet9 Communications, Brendan Battles, Brian David Westby, Brian Farrow, Brian Haberstroh, Brian Kramer, Briceco, Inc., Bubba Catts, Calvin Ho, Charles F. Childs, Chris Brown, Chris Smith, CPU Guys, Creaghan A. Harry, Current Mail, Cyrunner, Damon DeCrescenzo - Docdrugs, Dan and Rosalee Young, Dan Padgham, Dana Jones - The Ballman, Daniel Ivans, Daniel Khoshnood, Daniel Lin, Dave Patton, David Lambert, Davis Wolfgang Hawke, DM GROUP, Drew Auman, ebusinessroad.com, Eddie Davidson, Eddy Marin, Eduardo de Souza, Elegance Network, Elmed, Email Experts, Erb Avore, Eric Reinertsen, EvoClix, Franpro, FutureVision Communication, G-Force Marketing, Gaven Stubberfield, George Kokinos, George Rand, Giantweb, Glen and Stacey McCausland, Glen Hannifin, Gordon Lantz & Gretchen Aitken, Greg Nowakowski + Chris Tibaldo, hispeedmedia.com, Howard Minsky, IMG Direct, Ion Entertainment, Jace Groves, Jack Ford, James Borzilleri, Jason Vale, Jeffrey Peters, Jody Smith, John Cota, John Grandinetti, John Hites - ''Steve Sorenson'', John Molino, Jon Thau, Jonathan Beyer, Jonathan Cosie, Joshua Baer, Kazz Asher, Kelly Joe Ellis, Laura A. Betterly, Lloyd Lapidus, lmihosting.com, Magnum Enterprises, MailTrain, Max Sutter, Melle Brothers, Michael Krause, Michael Lindsay, Michael Tiezzi, Million Marketing, Minh Nuyen, Monsterhut, Mort Schneider, Neil Goodson aka 'Robert Zimmerman', Neomill, NetFree, Inc., netleads.ws, NetSetGo, omegalead.com, Patrick Brady, Patrick English, Paul Boes, Paul Mentes, Penn Media, Peter Decaro, Phil Doroff, Philip Adelberg, Phillip Von Haak, Quang Dangtran - Whoa Medical, radisp.net, ResponseBase, Richard Burke, Richard Colbert - y2kisp.com, Richard Shockley, Robert Soloway, Robert Todino, Ron Millette, Ronnie Scelson, Rossman & Cole, Rusty Campbell, Rusty Ferguson, Ryan Champion, Ryan Pitylak, Sajemarketing.com, Sam & Adam Meltzer, Sam Al - Bulk ISP Corp, Sam Roland, Samson Distributing Inc. (SDI) Daniel Amato, Scott Hirsch, Scott Richter, Scott Richter, Shay Tyler, Simon Chan, Stargate2000, Target Internet Services, Thomas Cowles - Empire Towers, Thomas Gallman - telysis.net, Tom Tsilionis, trafficfiend.com, Tristram Snyder, Vincent Kwiatkowski, VP-RX, William Fuller AKA "Mr Bill", World Reach.

Spamhaus will certainly help you out with a list of IP's to block. They'll also tell you what country spams the most and what ISP a majority of the spam comes from, just check the stats at the bottom of the homepage. Spamhaus is also one of the few DNS Blacklists around that you can actually work with.

Normally they list IP addresses that spam comes from , unlike some lists like the five-ten group that lists all but 1 IP address (127.0.0.1). Spamhaus will also remove IP's that no longer spew spam and so legitimate businesses don't get blocked erroneously.

Spamhaus also has a nifty thing called The ROKSO List which lists know repeat offenders and spam gangs so ISP's can keep from signing them up for service in the first place.

Spamhaus will certainly help you out with a list of IP's to block. They'll also tell you what country spams the most and what ISP a majority of the spam comes from, just check the stats at the bottom of the homepage. Spamhaus is also one of the few DNS Blacklists around that you can actually work with.

Normally they list IP addresses that spam comes from , unlike some lists like the five-ten group that lists all but 1 IP address (127.0.0.1). Spamhaus will also remove IP's that no longer spew spam and so legitimate businesses don't get blocked erroneously.

Spamhaus also has a nifty thing called The ROKSO List which lists know repeat offenders and spam gangs so ISP's can keep from signing them up for service in the first place.

Spamhaus will certainly help you out with a list of IP's to block. They'll also tell you what country spams the most and what ISP a majority of the spam comes from, just check the stats at the bottom of the homepage. Spamhaus is also one of the few DNS Blacklists around that you can actually work with.

Normally they list IP addresses that spam comes from , unlike some lists like the five-ten group that lists all but 1 IP address (127.0.0.1). Spamhaus will also remove IP's that no longer spew spam and so legitimate businesses don't get blocked erroneously.

Spamhaus also has a nifty thing called The ROKSO List which lists know repeat offenders and spam gangs so ISP's can keep from signing them up for service in the first place.

Spamhaus published ROKSO list has always shown that most top spammers are U.S.-based.

All it takes is more vigorous law enforcement. Where are the prosecutors, when we really need them?

Spamhaus published ROKSO list has always shown that most top spammers are U.S.-based.

All it takes is more vigorous law enforcement. Where are the prosecutors, when we really need them?

90% of the spam originates from America, all this company are doing is regurgitating Spamhaus's stats

SpamHaus Register Of Known Spam Operations

nice to see action being taken....NOT