Handling Spam from Large Commercial Entities?

Ironfist.cmg asks: "Last Christmas my wife ordered something from Amazon, and at the time we had only one e-mail address, the one supplied by my ISP. Since then, I have received quite a few of those annoying HTML-based e-mails from Amazon, and tonight I had had enough of it. Expecting a fairly easy unsubscription process, I clicked through on the link in the e-mail and was presented with a login/password to my wife's Amazon account. Having no idea what her password might be (and knowing full well that she wouldn't have remembered it), I then clicked on the link for forgotten passwords, and then was presented with a small form asking for information concerning the order, including the last five digits of the credit card used to purchase. I realize that through Amazon's 'patented' one-click process that divulging the past order information was something they had anyway. I was honestly expecting them to simply e-mail me the old password. Actually, I was really expecting to simply click somewhere once and be taken off of their mailing list." Making a long story, shorter: it wasn't that simple. It should have been, but it turned out to be much worse.

"It was at this point that principle kicked in. It's MY e-mail account. I wanted Amazon to stop mailing me information about whatever special they were advertising. Seeing no easy way to contact them electronically, I picked up the phone and gave them a call. Three operators and getting hung up on once later, I was told that Amazon.com would not stop sending me their spam, because I was not the Amazon.com account holder.

This brings up a new twist on spam, privacy, and recourse to be taken. It is in fact my e-mail account, paid for by me, and Amazon tells me I have no control over what I may receive via it. I could in fact notify my ISP to block incoming mail from Amazon, but I know people who work there and may actually wish to receive mail from them. There doesn't seem to be any 'complaints@amazon.com' alias available on their site. What action can be taken in this instance?

As it turned out, I forked over the phone to my wife, who in the process of 'modifying' her account information, wound up hunting through her wallet to find those last five digits on her credit card, which sounds more dubious than entering them into a text field on a website.

There are many other variables which might have factored into this: What if my wife had died since last Christmas? What if she had left me in that time? (more probable ;-) Perhaps she had canceled the credit card in question.

In any case, I find it completely unacceptable that I as owner of an e-mail account could not easily get an e-commerce provider to stop sending me e-mail. What courses of action are available for this problem? Are there any precedents for this?"

And the never-ending problem of spam continues... You would think that after all of the debates, the new laws, and filters that spam would be less of a problem, yet now we have legitimate commercial entities able to fill your electronic in-boxes and in certain situations like the one above, you may not be able to do anything about it. Do any of you out there have ideas on any solutions?

Well, you could use my program

[Kiwi]

I have written a program which is designed to keep track of where and when various untrusted entities obtain email addresses. It does this by encrypting information in the actual email address, in a form that is not trivial to forge.

For example, my Yahoo member account has the word "yahoo" encrypted in the email address. The email address kiwi-nody4la is the word "sldot" (short for `slashdot') encrypted by the program.

This program also has support for encrypting time stamps (email addresses that time out), having a different encryption code for messages posted to Usenet, and encrypting the IP someone views a web page from.

The program is completely free, being under the public domain. Source can be found here:

http://kiwispam.sourceforge.net

Bounce unwanted messages

[DiningPhilosopher]

I've had great results with my method for handling spam - I use a great little Windows utility called Bounce Spam which sends an email to the spammer looking very much like a message from the server indicating that the message couldn't be delivered. I don't know if a similar utility exists for Linux but I wouldn't be surprised to find one.

Dead email addresses are less than useless to spammers - making them think yours is dead is the fastest way to get off their mailing lists.

Sorry, this isn't even spam, stop whining

[dublin]

Ironfist.cmg is whining without thinking, and Slashdot has no discernably legitimate reason to post this story:

Making a long story, shorter: it wasn't that simple. It should have been, but it turned out to be much worse.

In my experience, most things on Amazon are much easier and more straightforward. Create and cancel an order on Amazon - *very* easy. Now try the same thing with buy.com, outpost.com, or others - and good luck, because you simply can't do it through their web interfaces. The convenience of one-click (which I personally love) requires Amazon to be a bit more sure of who you are before sending out a password - passwords are for security after all, and your inability to manage your authentication credentials is hardly their fault.

It was at this point that principle kicked in. It's MY e-mail account.

Perhaps you should have considered this before letting someone else use your account. You hardly have cause to gripe here, as the situation is entirely of your own making...

This brings up a new twist on spam, privacy, and recourse to be taken. It is in fact my e-mail account, paid for by me, and Amazon tells me I have no control over what I may receive via it.

Again, you let your wife use it, and she, who was Amazon's customer, not you, selected the "let me know about things at Amazon" option. If this ticks you off, it's something you should discuss with your wife, not Amazon, as you aren't even a customer...

And the never-ending problem of spam continues...

Not really, your own post makes it clear that this was resolved with Amazon over the phone. This entire piece seems to be just an excuse to accuse Amazon of spamming, which they're clearly not doing here.

You may not like getting this mail, but what you've described is NOT spam. Not by a long shot.

And if the problem is resolved, just what was you motive for this posting? (and Slashdot's motive for selecting it for publication?) This whole thing looks like a very badly disguised attempt to villify Amazon on unjust grounds...

MAPS

[matman]

I dont have time to check, but perhaps MAPS can threaten to add them. Last that I heard, the main requirement is that the spammer wont stop even after being asked. http://maps.vix.com/rbl/reporting.html talks about how to report spammers. Give it a shot, I'm sure that they'd be in trouble to get blackholed. heh. Of course, I'm also sure that MAPS doesnt wana get sued again :)

Sigh. Filters weren't invented--they evolved.

[Anne+Marie]

Typical creationist pab, and I see it all the time. Just because something exists in nature doesn't mean it was necessarily placed there by an intelligent and omnipotent Creator. It goes back to Dawkins and the watchmaker -- complexity will manifest itself when given sufficient time and enough evolutionary pressure.

Look, the internet is going on thirty years old today. Do you have any idea how many doublings of Moore's law that is? Is it really that hard to believe that somewhere in there, when all those transistors got packed in really tight in warm dark quarters, they remained completely chaste? Is it so inconceivable that the result of just one of these matings could've produced the primordial ancestor of the modern internet filter?

The universe is an exciting enough place as it is. We don't have resort to unsubstantiated but entrenched rumors about divine intervention in these strictly mortal affairs.