The Lone Guns Against Spam

crotherm points to a piece in today's L.A. Times, writing: "This would a great article to pass along to those less knowledgable about SPAM and those that fight against it." It's also a bit frightening to see what happens to people on the wrong side of the spam battle sometimes, though denials of service are attributed to both spammers and de-spammers, each by the other.

Re:Tackhead is a little whining bitch

[Eponymous+Coward]

If you claim anything more that a buck or two, you are full of bulshit
If you use a wireless service to check/send mail, then the expense of spam can add up quickly. It's like a collect call that you cannot refuse.

Re:This is absurd!

[Dr.Dubious+DDQ]

Do you offer recipients a way to get their name off your list?

Of course, you just send a reply to "takemeoffyourlist@somewhereorother.com" with the subject "This is a real email address that gets read so stop sending me email but go ahead and sell this address to the NEXT guy in line as a 'verified' email adress to spam to"....

(It's commonly known that many [most?] of those reply addresses are for exactly that purpose...so even if you don't get more email from that source, you tend to get lots more from brand new sources who bought the "verified email list" from the guy you replied to...)

---

Re:This is absurd!

[zCyl]

I think that digital solicitations provide a valuable service to consumers

Shouldn't consumers get to decide for THEMSELVES what's a valuable service to them? The point of the spam debate isn't over whether your business is legitamite or not, it's over the question of who should initiate a transaction. There are a few companies I choose to receive information from that I have specifically told them to send, but I have no desire to receive information from you or your company.

Hypothetically, how would you feel if 20 to 30 people rang your doorbell every evening to tell you all about the wonderful widgimigadget they're selling? It's not hard to receive that many spam mails in an evening, even if you've been careful with your email address.

Re:Dave Ritz = Crying fuck-nut

[Skapare]

If Usenet is so dead, why is your company still running Usenet servers?

Feature?

[schon]

From the article:

Spam is one of those features of modern life, like infomercials and telemarketers, for which almost no one has a good word

It's not a feature, it's a bug. :o)

Re:Hmm...

[Tackhead]

> I've found a rather neat little thing to keep spam from bothering me too much. It's called the Delete key. Trust me, it works.

I think my "delete" key is broken. It seems to be hooked up to my brain, which views and parses the headers of the spam, and forwards a report to the abuse administrator at the spammer's ISP.

For most ISPs, the spammer's account is then deleted. I'm sure that's not what you meant to suggest I do, but it seems to work for me.

Re:This is absurd!

[Tackhead]

>I run a legitimate multi-level internet business,

This is NOT MLM! This is NOT a scam! It's 100% legal! The guy who spammed me and suckered me into it TOLD ME SO! Really!

> I think that digital solicitations provide a valuable service to consumers

If you were subsidizing my email account, you'd be entitled to spam the bejeezus out of it. But you're not. I'm the owner of my server, and I decide what's a valuable service and what's not. Not you. Because it's not yours.

When you pay for my server - or if I'm in Europe, my per-minute-local-calls, or if I'm in the US and reading it on a cellphone, my cell phone bill, or if I'm an ISP, the bill for the 30% capacity I have to add to /var/mail and /usr/spool/news that's currently taken up by spam - then, and only then, do you have a right to advertise on my hardware.

> Please, I urge you, give us a break, we're just trying to get by the only way we know how.

On the very slim chance that you're not a troll:

If the only way you know how to make a living is by stealing the resources of others, I hope you either (a) learn another way of making a living, or (b) starve to death.

Theft is not a viable business model. Until you've learned that, please fuck off. Fuck off, stay fucked off, and don't come back until you've finished fucking off.

Completely Eliminate Spam

[Greyfox]

It's pretty easy to completely eliminate spam. Simply reject any mail not encrypted to your personal GPG key with a message explaining where to get your key and encryption software that uses it. Make your key obnoxiously long (4096 bits to start out) so that it takes 30 seconds or so to encrypt a message on a P166 and on the page that houses your key require the user to agree to an EULA in which they agree not to redistribute your key or use it to send you unsolicited commercial E-Mail.

I was kicking around the idea of doing this for a while and lost focus on it but now my spam load is pissing me off to the point where I'm planning on starting it up again. A little java POP client with some Extra Features should be enough to do the trick.

No, it's not that simple...

[aiken_d]

...for at least some websites. One website I run has over 200,000 subscribers. At least once a month we get a rant from some user who uses this method. They go on and on about how we sold their email address to spammers, they're going to sue us, blah blah blah.

But we simply don't do any such thing. I am the only one with access to that data in bulk.

I don't know where someone got that address from; maybe sniffing traffic at some intermediate point, or through a client-side security issue in their browser.

So if you *do* use the alias trick to identify where spam is coming from, keep in mind that it is not fail safe. And if you're going to contact the website in question, try to be reasonably polite and not instantly super-confrontational and threatening, ok?

Cheers
-b

Re:Spam filter

[don_carnage]

Stupid gay lameness filter.

You're just going to have to go here: spamfilter.txt

--

Re:It's quite simple

[FortKnox]

Here's something useful if you have your own domain with unlimited aliases:
Put the name of the website as the name of the email. For example:
slashdot.org@mydomain.com
Filter it in your favorite email reader, and when you are tremendously bored you can go through your trash folder see what websites sold your name to spammers...

The one way to get a man up in arms...

[lamasquerade]

Ritz, a frequenter of Usenet groups where erotic images were traded as digital files, took the deluge of porn spam personally. "My enjoyment was being interfered with," he says. "The spam got out of hand and I felt I had to take action."

An ordinary man. They took his porn. Now he wants revenge.

Fighting spam helps

[egjertse]

I see that most people here favour the "filter and forget" method of dealing with SPAM. I have had far more luck with the more aggressive method of consistently reporting SPAM to spammer ISPs, and in some cases upstream service/access providers.

On many occations, I've successfully had spammer accounts (dialup, web, email) nuked. SPAM is a violation of most ISPs AUP, and even though you may never hear anything about your complaint, they usually investigate it. The replies I do get from ISPs I notify, are almost always positive (and no, they're not all form-letters).

You may think it's no big deal for a spammer to lose his/her ISP account - getting a new dialup account is no sweat at all right? Well, it is, when you have to do it every fscking time you send a SPAM letter... And after a while, the spammers become as pissed at you as you are at them!

Now here's the beauty of it - spammers do not only share mailing lists, they also maintain black lists - lists of annoying people whom not to spam if you want to keep your ISP account. Consistently report SPAM, and you'll eventually make it to one of those lists.

I have no way to verify it, but I think I've made it onto one of those lists. Despite being a frequent poster on usenet, and not being too careful with my email address, I have not had one piece of spam for half a year.

Is headhunting spam?

[Peter+Dyck]

As the one responsible for hiring new students into our laboratory, I was asked by my professor to get a list of student's e-mail addresses and start mass mailing them with information about our laboratory and available jobs.

To me this sounded a lot like spamming and I refused to do it. The professor didn't agree with my opinion, but since he saw that it was a question of principle to me he let it go -- for the moment at least.

It's unbelievably hard to convince people who don't have their e-mail box clogged by spam (he's got a secretary who goes through the mail first) that spam is a real problem.

Re:Hmm...

[fmaxwell]

So, does the "Delete key" also reduce your ISP bills -- which are higher as a result of spam? Does it prevent small businesses from being inundated with complaints when some spammer uses their domain as his fake from: address?

I have a friend who had a support address for his clients. If they put "URGENT" into the subject, his pager went off. It went off at about 3:00AM because of some spammer's "URGENT" message. Would your delete key have prevented that?

Get a clue. Spam is a problem that needs to be eliminated, not just ignored.

More power.

[ImaLamer]

If the guy wants to take things into his own hands that is all good, but the guy sounds like a pest.

He's kinda like copyright.net's system of asking sysops to block access to users and what not. These sites, MSN and Yahoo (excite and so on..._ are the ones to blame, but I doubt they are going to start watching their e-mail servers closer.

These services, MSN (or hotmail) for example is horrible for keeping people from abusing it's system. One reason I suspect is that MSN makes money from every visit a spammer may make to send their messages; that is of course if the user is visiting the site to do it and not just using open ports in pop servers. Why would they start working to block visiters?

Plus these free sites have so many 'customers' that I doubt they even have time to block this stuff. I doubt people even use the same username twice. Chances are they don't care about the abuse because once the message is passed on, they aren't affected. (unless you get a lot of responses or bounced e-mails - disk space could fill up)

If users are abusing the systems by using open ports or what not - what chance do I have that a spammer would use my computer to spam out a message? I've noticed after installing Suse, Caldera and Mandrake (maybe Redhat too, it only stayed on for about an hour) that a pop3 server was started with the default system setup.

I, being a good linux user, noticed that I didn't know about the security of it and turned it off until I learned more.

Should I worry?

---if these sysops knew anything would they work for msn?---

Spam costs in many ways

[Hormonal]

I see a lot of people here defending spam, which is fine. You have a right to your opinion, no matter how wrong it is. Unfortunately, most people are looking at this from a somewhat U.S.-centric point of view, which allows them to overlook the real cost of spam.

First of all, it's an annoyance. I have to set up filters to get rid of what I can, delete what gets through the filters, and wait for it to d/l from the server (this would be a bigger deal if I was on a modem, rather than cable.) I go to great pains to make sure I get very little spam in my main inbox, by putting noone@nowhere.com in every damn e-mail box I fill out on the internet, unless I really trust the vendor. Friends and family get a second, not-so-important e-mail account to send to, and they get my real address after they show me they're not imbeciles. I shouldn't have to screen people like this, but I do, just to avoid spam.

Secondly, the main reason spammers get put in jail or otherwise reprimanded is because they send out such huge amounts of spam, they crash someone's server, and that someone gets pissed. Even though my cable modem is $50/month regardless of how much spam I get, spam costs someone money, in terms of downtime and misused resources.

Finally, I know that some people pay for their internet connections based on the amount of data transferred (this is for regular consumers, too, in some countries), and if I got charged a flat rate per byte (kilobyte, whatever), I'd be really pissed if every time I checked my mail, I got spam in addition to my real mail. A lot of newbies are probably getting these kind of accounts, and are ending up paying double or triple what they would pay if their inboxes were spam-free.

Spam has real costs, which can be expressed in terms of real dollars, not just in terms of wasted time. It's unfortunate that spammers can send for free. If they had to pay for postage out of their pocket, I think we'd see a lot less of it. I am all for getting spammers to quit.

Taking your advice

[banuaba]

Under crotherm's advice, "This would a great article to pass along to those less knowledgable about SPAM and those that fight against it", I have 'passed' this article along to every distribution list at my place of employment, most of the newsgroups on Usenet, and I modified an IRC bot to post the URL in all of the channels on EfNet, DALNet and Openprojects.

Thanks for your help and support in the fight against spam.


Brant

Re:This is absurd!

[superflex]

frankly i don't care if you run a legitimate business. i still don't want unsolicited email in my inbox. if i am already a customer of yours, then fine. i'm obviously already interested in your product. but, when i send my mother flowers on mother's day, it really pisses me off when within a week i'm getting spam for swedish penis enlargers, 0% mastercards, and "fabulous business opportunities". if i was interested in any of these things, i could find them on the net myself. i don't want you and 5 million other assholes sending email to me to tell me about it.

btw, i think your analogy sucks. i think it would be more akin to every business owner in the city calling you on the telephone to tell you about the great deals they have. eventually you dread answering the phone because you know it's just going to be more crap to waste your time. THAT is what spam is akin to.

The costs can be real...

[CoachS]

Where I work the "professionals" bill by the hour. How much time do they have to spend reviewing and deleting spam?

[Hypothetical]Let's say they get 20 spams a day and it takes them 3 seconds to deal with each one of them. That's a minute per day or an hour every 2 months. At $200 per hour (their billing rate) it's costing them $100 a month to deal with spam. Each. Since there are about 30 of them in the company at any given time that means it costs my company about $3,000 a month.

That's just the folks who bill by the hour. What about productivity losses for those staff members who don't bill by the hour, but still lose the same productivity? What happens if somebody goes on vacation, their mailbox fills with spam, reaches its storage limits and legitimate mail from clients gets bounced?

How about the bandwidth wasted transferring hundreds of e-mail messages (increasingly in HTML)? That bandwidth isn't free.

How about the CPU cycles and storage space wasted processing junk e-mail?

Maybe home users putzing around with their little AOL accounts don't have much in the way of tangible costs, but I can assure you that those of us who actually have to run and support e-mail systems can show you costs associated with high volumes of junk e-mail.

-Coach-

It's quite simple

[Tyler+Eaves]

Keep one public account, to sign up for websites and the like. and then have one you just give to your friends/co-workers/family, etc