Slashdot Mirror
Exposing Spammers For All They're Worth
llywrch points out this interesting story at Art & Farces in which a "guy fights spammers by occasionally sending an email telling the spammer to leave him alone or he'll bill for time & services. Some take him off their mailing list, some pay the bill, but most don't respond . . . except one guy who was so incensed at receiving this invoice he had his lawyers send a threatening note. Makes it easier for Fraase to collect on his invoice."
Empty threats are nice... but until large numbers of people go to court to fight against spammers, well, you lie in the bed you've made (or have done nothing to stop).
Slashdot gets worse every day... Pipedot: News for nerds, without the corporate slant
Ha, I just wish I could have seen their faces...someone didn't back down in fear!
Speaking of spammers, I have gotten more junk mail this past month, trying to trick me into changing registrars for a couple of domains that expire in November and December. I have gotten 4 different letters from Register.com, as well as about a half dozen emails from Register.com or their affiliates. I had always thought they were a big company and above sending spam, but I guessed wrong.
One thing I would like to see is to make it illegal for these so-called 'companies' to sell mailing lists. They are selling people's personal information! I know, I know - wishful thinking....
...All I can say is that my life is pretty strange...
There's an outfit called "Private Citizen that helps you receive less (snail) junk mail and fewer telemarketing calls. The sell a book called So You Want To Sue A Telemarketer. I sure hope that they come out with the "Sue A Spammer" edition of this book soon. Even though I think too many people are quick to sue in this country, I can't think of anybody who deserves a lawsuit more than the spreaders of spam.
People too cheap (ok, "frugal") to spend money at Private Citizen can try following the advice at Junkbusters, and they even have a page concerning spam.
Seems slashdotted... try:
M :w ww.farces.com/farces/999462920/index_html
http://www.google.com/search?q=cache:R7VWyB6BrG
Well i found this article dated September 2nd which appears to be the one being submitted today. So happy caching
How do you get it? I've always wanted to send them bills, but I always figured getting the real addrress would be too time consuming.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
Of course the SPAM lists that some companies sell is a derivitive product.
Remember Bidder's Edge v. Ebay, they argued using bots to collect information is illegal. Companies selling software to use open relays and collect addresses is as illegal as napster (if not more). Lets use some of these rulings against spammers.
Fight Spammers!
I say we all send a pizza to his house. After a few million pizza delivery guys after every spam sending attempt he'll give up.
Not to mention the double effect that you can invest in Pizza Hut and watch the stock go WAY up!
Disclaimer: The post was intended for entertainment. I will not be held accountable for any spammers who die from pepperoni overdose!
I didn't have a chance to get to the other link before farces.com went down, but here's the first page (edited to pass junk filter):
A few months ago, I published an article outlining my opinion and experience with spammers in general and one in particular. That article, Fun with spammers, has drawn the attention of the subject spammer?s lawyer, and I am being threatened with legal action.
I am publishing both the demand and my response without comment. Your comments are most welcome.
Today I received the following letter on lawyer letterhead:
Gary K. Kahn
-address-
November 12, 2001
Michael Fraase
-address-
RE: Dispute Involving E-Core Technologies, Inc.
Dear Mr. Fraase:
This office represents Jim Hobuss of Portland, Oregon. Mr. Hobuss has called my attention to information you have placed on the internet regarding Mr. Hobuss. Specifically, you have defamed Mr. Hobuss in your posting and it is clear you are attempting to interfere with his business.
On behalf of Mr. Hobuss, demand is hereby made upon you to remove any reference to Mr. Hobuss from your posting. If you fail to do so within ten (10) days, my client will consider all appropriate legal recourse against you.
Sincerely, REEVES, KAHN & HENNESSY (signed)
Gary K. Kahn
To which I responded on my business letterhead:
ARTS & FARCES LLC
-address-
16 November 2001
Gary K. Kahn
--address-
Dear Mr. Kahn,
I received your letter concerning Mr. Hobuss? claims of defamation in information posted on the ARTS & FARCES internet website. I believe the article in question can be found at:
http://www.farces.com/farces/999462920/
under the title ?Fun with spammers.?
The piece accurately reflects my email experience with Mr. Hobuss and my opinion of that experience. I stand by the article and have no intention of removing it from publication. Nor do I intend to remove any reference to Mr. Hobuss in the piece.
In fact, I expect to publish a follow-up piece including the text of your letter and this response.
Your client?s account with this firm is now seriously past due, and I?d like to know what his intention is with regard to my unpaid invoice(s).
Regards,
(signed)
Michael Fraase
A while ago I got an account at neopets.com (using a disposable email address) making sure to select the "don't send me any email" box, and after I was disgusted at thier birbery for clicking ads forgot about it. Then they spamed me. I sent them an email telling them they'd be billed for any further spam. Here's what they sent me (personal details deleted):
To Mr. [censored]:
The Legal Department is in receipt of your message regarding an
advertisement you allegedly received from NeoPets. We take all user
concerns-especially those in connection with member privacy and safety-very
seriously, and in this regard monitor the website around the clock for
inappropriate content.
To begin with, NeoPets unequivocally rejects your "purported" contract and
refuses to enter into any agreement with you. Your demands are neither
reasonable nor are they acceptable under any circumstance. As such, this
message should not be construed as an admission of liability or acquiescence
to your demands, but asv a complete rejection of your offer. Likewise, any
transmission you may receive from NeoPets is not an acceptance of your
agreement and may not be construed as an acceptance under any condition.
Moreover, by registering on the NeoPets.com website, you expressly agreed to
NeoPets' Terms and Conditions, which states that NeoPets may send
notifications and announcements to its users' e-mail addresses. Neither
NeoPets nor its sponsors send unsolicited e-mails and will only send e-mails
to users who have expressly requested, or consented to receive, such
correspondence and have provided an e-mail address destination. As such,
immediately upon the Legal Department's receipt of your message, we had
0rnrsegu001@sneakemail.com blocked from our system to ensure that you do not
receive any more unwanted e-mails. Additionally, we researched your e-mail
address in the NeoPets database and located the account "yottabyte," which
we immediately froze to prevent you from receiving any further unwanted
e-mail communications.
Unfortunately, we have no control over the sponsors our users register with,
and this is a matter that must be taken up with each sponsor that sends you
e-mails. As a practical matter, our sponsors are very responsive to
"unsubscribing" users who wish to be removed from e-mail databases. As a
courtesy, we will try to help remove your e-mail address from our sponsors'
systems, although we can make no guarantees as to the effectiveness of
preventing future unwanted e-mails. To do this, however, I will need you to
send a list of the sponsors from whom you are receiving unwanted e-mails.
Because NeoPets.com does not pass along user information to anyone, we do
not know where your e-mail address was registered and thus have no way to
automatically unsubscribe it.
Please contact us directly at legalDepartment@NeoPets.com if you have any
further questions or if this problem persists. We hope the foregoing has
addressed your concerns.
Sincerely,
The NeoPets Legal Team
Now for some commentary.
Moreover, by registering on the NeoPets.com website, you expressly agreed to
NeoPets' Terms and Conditions, which states that NeoPets may send
notifications and announcements to its users' e-mail addresses. Neither
NeoPets nor its sponsors send unsolicited e-mails and will only send e-mails
to users who have expressly requested, or consented to receive, such
correspondence and have provided an e-mail address destination.
And yet they tried to get me to buy tickets to some event (I seem to recall it being some radio station held event of some sort)
Unfortunately, we have no control over the sponsors our users register with,
and this is a matter that must be taken up with each sponsor that sends you
e-mails.
I definatly did not register for any annoying ads.
I responded to this by telling them "whatever.... all further email to this address will bounce" then going to sneakemail.com and deactivating the address.
I'm sort of amused by this, I bet it cost them at least $100 to have thier lawyers tell me off.
I would have to say the best thing to do is to use spamcop for the 1st or 2nd time, and then after that if the ISP still does nothing about the spammer, then find every address listed on the site, and forward the spam to it. That will make the admins listen.
.co.uk, or .com.pt, or somthing to that nature, to prevent 9/10ths of the spam that comes in.
I repeatedly recieved spam from a site called popsite.net, run by megapop.net, and repeadidly asked them to stop sending spam, or to stop providing free dialups to spammers, and they still din't listen. I got tired of it and called them. They still did nothing. I recieved another one, and decided to just annoy the hell out of them untill they did somthing about it. I forwarded the spam to EVERY email address listed on megapop.net: abuse@ support@ noc@ billing@ etc... every one. Then I forwared the auto-replys back to them. And finally a REAL person emailed me and said they had found the spammer, and mentioned that several people were pressing charges against him, and asked If I wanted to, and gave me his email address, AND his home phone number.
Now every now and then when im near a phone and bored, ill call the spammer and hangup, or play a recording of a Telemarketer; somthing along the lines of "Congratulations! You've qualified for the platinum card!". Every site that asks for an email address to download somthing, I just put his email address in it.
I have over 1,200 lines in access file for sendmail, and STILL I get spam from overseas servers. Mostly I will just block all of
The best way to fight spammers/advertisers/telemarketers is to fight fire with fire.
--------------------------
Is this a sig?
--------------------------
Spammers really go to all ends to get you to open their email. I got an email the other day that said, in all caps, "BIN LADEN HAS BEEN CAPTURED", and it came from a coherent-looking MSN email address. Realizing that I didn't know anybody lame enough to send me anything in all caps, I opened it anyway. Well, to no surprise, it was porn, in HTML format, with some 300k of blinky, flashy, seizure-inducing images.
If it's one thing I don't understand about spam (and this coming from the fact that my mother is in the advertising/graphic design business and I help them with tech support issues, I know how the corporate marketing machines work) is that you want to target a key demographic who is going to be interested in your product (in this case porn), you want to send it to the people who will be most likely to give you their money. Marketers spend millions of dollars on demographic databases to make sure that they aren't wasting money marketing to people who aren't interested. Now imagine how much it costs them to send 300k of images to the email boxes of, I'll be conservative here, a million email addresses. Imagine how much it costs when said email bounces. Witnessing the slashdot effect (especially right now, I haven't even been able to resolve the domain of the site linked above), I can't even imagine what must be going through spammers minds when they send an email with "BIN LADEN CAPTURED!" as the subject. After reading that subject, I imagine that most people would open the email, download all that porn, cost the spammers money, and then not even be interested as they weren't looking for porn to begin with. Same thing with them registering domain names... if you are looking for information on the White House (IE: whitehouse.com) and you come across porn, how interested are you going to be?
The other thing that surprises me: if it wasn't successful, they wouldn't bother.
NerfOnline - Because Nerf Guns aren't just for kids -
http://www.google.com/search?q=cache:R7VWyB6BrGM:w ww.farces.com/farces/999462920/index_html+farces+f un+with+spammers&hl=en
Very odd. I was reading this exact page ~2 hours ago(from nanae I think). Synchronicity?
/.'s stupid "lameness filter" won't let me post the other page. Here's google's cache:
w ww.farces.com/farces/999462920/index.html
http://www.google.com/search?q=cache:R7VWyB6BrGM:
~Aaron.
student of animation and the fine arts
Recently I got Spam from a company called Traffic Magnet, they provided me with a screensho of my webpage, and I sent them the following, feel free to copy, or comment on the points of my letter. thanks
Christine,
One thing I notice is that you are using my copyright images to sell a product and/or service.
Please email the physical address of your legal department, or the location to which I should have an attorney contact you about this issue.
If you prefer to contact me via mail please use my business address:
--Address--
As an artist I take my copyright, and privacy very seriously. While no laws yet exist in New Mexico regarding Unsolicited Commercial Email (SPAM) There are laws that protect Copyright holders. As a copyright holder it is my responsibility to protect my property. I do hope that you take this matter seriously and we can resolve this quickly. The normal process is I would have my attorney send a cease and desist letter, to which you would have a lawyer reply that the actions demanded (by me or my agent) have been followed out in accordance with applicable laws.
Thank you for your time
Signed.
Q. What's it take to get a story posted on
Two years ago, I walked out the door of my business one day at noon and discovered that a roofing contractor had strung a cord across the vacant lot beside my building and had plugged into an outside electrical outlet on the rear of my building. He was using my power to run his roof-tar machine.
I immediately turned around and went back inside and turned off the circuit breaker for that outlet. After a while, though, I thought, "Hey, where does he get off plugging in without permission!" As the fax number for his company was printed on the door of his truck, I wrote up an invoice for one "asshole fee" at $50 plus $3.50 sales tax, and faxed it to his company.
To my surprise, the following week I had a cheque in the mail from them, for $53.50. The payment stub that came with it said, payment enclosed for asshole fee, $50 plus sales tax.
I was amazed. On the other hand, I hotfooted it right to the bank and deposited the cheque, too!
If you're a zombie and you know it, bite your friend!
That link is already /.ed to death : how's that for spamming the messenger ?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
But I pasted a copy of the text in here. Well, most of it; the slashdot lameness filter won't let me paste in the whole thing.
Warning: the spammer likes to use bad words.
BEGIN QUOTED TEXT
Every day I get roughly as much spam, which I define as any unsolicited bulk email, as legitimate email. It's a problem that doesn't have an easy solution. The proposed legislation generally misses the mark of eliminating either the unsolicited bit or the bulk bit. While the first amendment protects your speech, it doesn't include a requirement that I subsidize it--financially or with my attention.
With that in mind, I think I may have hit on a formula that probably won't eliminate spam, but it sure makes the parasites think twice about doing it again. And it always seems to push the indignant outrage button that all of these vermin seem to have in common. So far, the formula has worked like a choreographed dance in each instance. Here's how it goes (please play along at home):
Each day I select 2 or 3 of the more outrageous spam messages that serve no useful purpose whatever. They're almost always some sort of commercial scam. I do a traceroute and a whois with NeoTracePro (it's got neat maps) to determine who they really are, where the message really originated, and who their local and upstream bandwidth providers are. Then I send the following reply to the original message--complete will all header information from the original spam--with copies to the abuse, postmaster, and hostmaster addresses at the bottom-feeder's local and upstream provider:
Remove this and all addresses within the farces.com domain from your distribution lists immediately. We have no existing business relationship, nor do I wish to establish one. I don't do business with spammers. Not now. Not ever. You are using my resources for your gain without my permission or compensation. Any further contact from your domain to any address within this domain will indicate tacit agreement to your use of our resources at our published billing rate of US$125 per hour with a 10 hour minimum.
Clear enough?
Invariably I get a quick response, singularly uninspired in its lack of originality:
Except this idiot, dumber than most, actually sent a second retort, this time issuing a challenge:
Astute readers will recognize that I never claimed what scum like Hobuss was doing was illegal, only that I rejected his offer and counter-proposed one of my own. Of course, by responding, he's now agreed to my terms and is billed accordingly (with copies again going to his local and upstream providers):
You received the following message on 1 Sep 2001 in reply to your spam and yet you continue to spam this domain. Accordingly you have accepted our terms of contract and are being invoiced under Minnesota state statutes and the Universal Commercial Code. Payment in full is due immediately. If you fail to pay in full immediately the invoice will be rendered for collection, appropriate credit reports will be prepared, and we will vigorously pursue judgment in the appropriate venue(s).
For the record, our original offer is included below.
Remove this and all addresses within the farces.com domain from your distribution lists immediately. We have no existing business relationship, nor do I wish to establish one. I don't do business with spammers. Not now. Not ever. You are using my resources for your gain without my permission or compensation. Any further contact from your domain to any address within this domain will indicate tacit agreement to your use of our resources at our published billing rate of US$125 per hour with a 10 hour minimum.
Clear enough?
Invoice
[Professional-looking invoice for US$1250 removed thanks to slashdot's lameness filter. I particularly enjoyed the part on the invoice where it says "Thank you for your business."]
In this case, Hobuss actually got two of these, differing only in invoice number. As you can imagine, this game of Invoice Ping Pong can go on for days, but it rarely does. It almost always immediately devolves into barely intelligible abuse:
Oooh, I imagine the spittle at the corners of his mouth are not very attractive. But he's made the mistake of crossing over into clear abuse and maybe even threats, a second and more serious violation of his provider's Acceptable Use Policy. At this point, all I have to do is reply to the message (again with copies to his--they've always been male so far--local and upstream providers) with yet another invoice and the following tasty bit addressed specifically to his providers:
NOTICE TO ISP AND UPSTREAM PROVIDER(S): As you can see this has escalated to abuse on the part of your client. Kindly take whatever action you find necessary with regard to your AUP and notify me directly of anything necessary on my part to expedite the process. Suffice it to say that I expect immediate action with regard to this matter.
Most importantly, he's removed me from his spam list. And I'll bet good money he's at least thinking about the next spam missive he sends. From his next provider, of course.
Now, I probably can't collect on all 3 invoices, but I can certainly make the parasite's life miserable with just one. A quick trip to the county courthouse (until they get their system web-enabled) generates a court date that subsequently renders a judgment that I can easily file with the appropriate agencies. Like fish in a barrel. I've never done it because I haven't had to; my intent is to stop the spamming of my domain, and it's working. A few of these bottom-feeders have, however, paid the invoices. I deposit the checks with a grin.
END QUOTED TEXT
Notes on my editing: To avoid the slashdot lameness filter, I used HTML "blockquote" for the quoted email messages; the original text used '>' characters. Also, some of the punctuation came through as question marks; I tried to replace it with correct ASCII punctuation. (The punctuation was apostrophes and long hyphens.) I did my best not to introduce any errors, but no promises!
steveha
lf(1): it's like ls(1) but sorts filenames by extension, tersely
I used to get alot of mail addressed directly to my hotmail account - which I don't give out (its a redirect from a pop3 account).
Someone obviously got a subscriber list from the hotmail site, as you would see 20 or so names alphabetically sorted near your own name in the To or CC list.
These just stopped happening (Maybe the spammers were overwhelmed with a sense of remorse, but I doubt it). I never changed anything in my settings. They aren't in my bulk mail. I think microsoft is filtering them out. Anyone else seen this?
If it is happening, its the most effective thing I've seen so far as a spam filter.
Michael
There is no cryptographic solution to the problem where the intended receiver and the attacker are the same entity.
... Arts & Farces: Fun with Spammers
Has microsoft actually improved their spam filters lately for hotmail? I seem to be getting alot less spam through them.
:[
I've had a Hotmail address as my primary address (don't laugh, please) since before M$ bought them out. Somewhere around five years now. So it follows that I get so much spam it isn't even remotely funny.
Anyway, in response to your comment, my inbox spam seems to have been narrowing itself down into a few specific categories/spammers lately, including:
* Some company repeatedly trying to sell me pharmaceuticals
* University Diplomas
* A few others
I would get a kick out of sending some legit cease-and-desist letters to these people, but I don't really have the time or money to get the necessary legal counsel. Yes, I have looked into changing my email provider, but I don't want to pick a company only to have it become the next dotcom of doom. So I guess I'm screwed
I pledge allegiance to the flag...
of the Corporate States of America...
I really enjoy it if the spammers have a telephone number I can call, or better still a fax number.
One spammer I called I tied up his line demanding why I was being spammed for so long, he put the phone down on me.
Another I faxed with an invoice for $300. I live in the UK, and this guy was in the States. About a month later, I received by **post** a print-out of my invoice, with hand-written notes (in orange highlighter pen) effectively telling me to get stuffed, and wishing my mother would die. A few people in the office suggested I reported them for threatening behaviour, but I never got around to it - after all, there's only so many hours in the day...
Here in Canada I go to Radio Shack to get some batteries and they want my mailing address to send me their retarded flyers
Tell them "I choose not to reveal that." That's what I always do.
I pledge allegiance to the flag...
of the Corporate States of America...
I think it'd be a big step backwards if we went to court and somehow got laws against this stuff. It's fun to mess with these guys, who are obviously assholes, but I don't think it's a good idea to encourage legislative regulation of the internet. Think: CDA I, II, DMCA,
Spam is just not that bad! If you set up your e-mail client properly and don't publish your e-mail address, it's hardly noticeable. Still, I'd rather press 'd' six times per day than have my email regulated by the government.
If you could fool the goverment into thinking that spam is terrorism, I bet they would definitly do something about it;)
[Disclaimer, don't even try to take that seriously]
The last one I made was to another web hosting corporation, I used a deep south accent and kept asking about how many pullups a 'gigerbyte' was.
Ocassionally he's use a three syllable word, and I'd freak out saying, "Ya'll from the future?". It ended when I started calling him boy, and talking about how "I don't done know them fancy reading boy words" while fake yelling at various red neck named children and referencing the fact that I was "Sick a dem computer boys lording their electronic pants over me".
I did this from the office with mixed reactions from employees.
The only event beating this one was when I actually talked a lady into a telemarketing office into checking three cubes down for me. I had her convinced that I was from the same agency and the autodialer had errored out. My next goal is to start a dispute between employees at a given location. It's hard work even to break them out of the script, let alone get them this far.
--- Matthew Hill
"To quote the self is an act of the self riteous and uninitiated sub-moronic" - Matthew Hill
I get mail all the time from spammers who not only send their message in another language whose charset my mail client doesn't accept, but whose email return addresses are invalid as well. If I give sufficient prior warning, do I attempt to bill the owners of the website advertised in these emails?
Solomon
"Twice half-assed makes an ass whole." --Solomon K. Chang
This might be true for you, as a private entity. For me, running a business this is no option. I do have a website and the whole idea is to publish my contact information, with as little hassle as possible for prospects.
Do I publish my cell-phone # ? Sure as hell, no! But I make damn sure, that if you dial the business # published on the site is routed to my cell phone, if nobody is in the office with the caller not even noticing.
This is not so easy with an e-mail address: customer.FUCKOFFDIMMWITT.care@YESTHATMEANSYOUdomai n.ASSHOLE.com, doesn't really sound too professional, now does it ?
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
Doesn't seem to work for me.
However http://spamcop.net does wonders. A couple of weeks ago I contacted dodgy list-seller, http://www.incnet.com.au and complained about them continuing to sell my details to others when I had emailed AND phoned (it's a local call - I'm in Sydney) and asked to be removed. I talked to a guy who said "Oh YOU'RE the bastard that reported us to Spamcop. We had a LOT of trouble because of that". He then bullshitted on about how he was going to sue me for causing him financial loss. So I called the Australian Direct Marketing Association and put in a formal complaint and haven't heard from either since. I assume he was talking shit at the time and got into trouble over it since.
Anyway, the moral is that Spamcop does seem to do something, and it's a lot easier than personally emailing all involved with each piece of spam you recieve.
i just wanted to mention that in Austria you have to give your admission to receive email. Only then, a company may send you an email.
So even "first contact" may only be made if a prior acceptance is available (ex. with a tip-on-card where the user gave his email-adress or whatever...).
Afaik, this is the strongest law in the EC (and of course by far stronger than US-laws).
Gery
The answer is yes, me.
Yeh, it is so quick to download 1MB of email over a slow wireless link (9.6 kbps, paying by the minute) only to find out that all of it is a spam-storm for toner bargains in Argentina.
Spam is theft. Whether it's one second or two hours of my time, it's still theft. Maybe you don't find burglaries inconvenient, but I sure as hell do.
Racing is an addiction that makes heroin look like a vague hankering for something crunchy.
I'm on a personal anti-SPAMMER crusade. I'm just ticked that hackers waste their time launching DDOS attacking on corporate websites and writing virii. Maybe they should use their skills for a noble purpose, like pounding SPAMMERS. Just create a throw-away email account, post a few messages to USENET, and plenty of targets for DDOS or hacking. Redirect the SPAMMER's webpage to point to SPAMCop or suespammers.org. I posted a single message to USENET with my real email address 5 years ago, and I still get 5-10 SPAMs per day. Hackers and crackers, do the world a favor, go after SPAMMERs. Find their real names and expose them for the world to see.
Lets say it takes about 2 seconds per-person per e-mail to decide it's spam and hit delete.
OK, that's 4,500 seconds, or about 1.25 hours. Lets say the average pay per person with an e-mail box is $221.00 per day.
So, total, it costs my employer 276.25 per day just to delete spam.
Now, let's say that 1 in 100 of those e-mails deleted really wasn't spam, but real e-mail. If the user notices they deleted a legit e-mail, and goes to get it out of the trash, lets say that it takes them about 30 seconds to retreive it. That makes 22 per day, at 30 seconds each, at 221 per day, that is another 41.50 per day.
Grand total now is 317.25 per day completely pissed away because someone wants to sell some lady a penis enlarger, or some gay guy hot teen bitches.
OK, now about content filtering. I've looked at quite a few, and all choke on the amount of e-mail we have. Others, running on unstable OS'es, are a complete joke. The only thing that does seem to work for a week at a time is to block based on IP. If I could find an IP distribution map by country, I'd be a happy camper. Sure, I could zot 202/8, 203/8, 210/8, 211/8, 64/8 and a few others, but more and more these netblocks are getting re-assigned to US companies that I don't want to block.
One thing that's helped quite a bit is blocking all of DialSprit's assignments, and a few others. The RBL helps, but it's too easy to get off and too hard to get on.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
I'm working with State Rep. Carl Bearden to get our spam laws up to par. We're currently adopting a several sections of the Washington laws, and hopefully coming up with some of our own in the near future.
I've submitted the details of my success twice to slashdot but my stories are always rejected.
I strongly encourage people in other states to contact their state reps and ask for better laws! It really IS that simple!
I was amazed at how willing my State Rep. was to learn about the problems and what possible solutions can be put in place.
For all you people complaining about Spam, if you haven't done your part and tried to make a difference, quit all the fuss.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
javascript:window.location='mailto:tda'+'vis@tda '+ 'vis.org'
...doing appropriate substitution for your own email address, of course. It would probably also be useful to include an explanation in case someone doesn't have JavaScript enabled.
The only problem I have now are legitimate mailing lists, like the PHP lists, which archive stuff to the web without obscuring addresses similarly. sigh.
I've been working with my State Rep to get laws similar to Washington's put in place. Shouldn't be long now! I wish EVERYONE would contact their state rep and ask for legislation. It would save us all a lot of time, headaches and money.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
How about we grind up all the workers of those stupid little nothing companies that spaM all the time and put them in a can so we can sell it to their geriatric relatives.... No matter what laws they'll make, there will always be ways around rules and nothing will change. How about those clever applications for credit cards? Anyone know how to stop the banks from sending me 8 a week, and without going postal?
What's his phone number?
El Karma: excelente(principalmente la suma de moderación hecha a los comentarios de los usuarios)
... with their provider's contact persons.
.*\.spammer\.com
.*\.carelessisp\.net
... <message" >&2
Usage in procmail:
:0
* From
* Received:
| spam-forward -s 'Oops, they did it again' \
postmaster@carelessisp.net
Here's the script itself:
#!/bin/bash
#
# Procmail helper to redirect spam messages.
#
[ "$SENDMAIL" = "" ] && SENDMAIL=/usr/sbin/sendmail
[ "$SENDMAILFLAGS" = "" ] && SENDMAILFLAGS=-oi
subject='[SPAM ALERT]'
while getopts s: opt; do
subject="$OPTARG"
done
shift $(( $OPTIND - 1 ))
dest="$*"
if [ -z "$dest" ]; then
echo "Usage: $0 [-s subject] recipient
exit 1
fi
to_line="${*/%/,}"
to_line="${to_line%,}"
( cat <<EOF
From: $LOGNAME
To: $to_line
Subject: $subject
X-BeenThere: $LOGNAME@$HOST
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
Hello,
This is an automatically generated spam alert.
Feel free to contact me if you have any issues related to this.
The (partial) listing of the message that triggered it
is included below.
EOF
head -n 100
) | $SENDMAIL $SENDMAILFLAGS $dest
My exception safety is -fno-exceptions.
I know this plan is a joke, but maybe there's a way to do it without causing damage to the pizza companies but rather to the spammers themselves.
Maybe the key is to start ordering shitty products from one spam company and sending to another's whois mailing address. We can call this program like "Spam-Swap(TM)" and even make them opt-out of it.
"Sorry if you've received this other spammer's product in error. Reply to be removed from our Spam-Swap(TM) List."
W
(ps. this is a joke too...)
-------------------
This is my SIG. There are many like it, but this one is mine.
I work for a credit card company that does much advertising on the internet with ads which Im sure all of you must have seen many times.
One day on the phone this guy called me up asking for a billing address. At first I assumed it was just another guy asking where to send his payment to. But then he clarified that no, he wanted us to pay him.
Asked him for what.
He said a pop up ad appeared on his screen and he charges a dollar a minute for when its on his screen.
As much as I hate advertisements I really had to explain a few things to this guy.
I told him charging by the minute is useless since its up to him how long its on his screen, all he has to do is close the window. I also advised him that its the website he was visiting that decided to have ads on the site and suggested he complain to them.
I then just had to ask him if hes ever ACTUALLY gotten any money doing this. He of course said no, but he just started.
After that call I really felt sad for the guy. He obviously hadnt thought this little plan of his through. Not to mention what a pathetic creature he is that he had nothing better to do in his free time than to find our customer service number and explain his scheme to me.
I figure anonymous email may be different of course because theres no matter of controlling it. For pop up ads, you can not see the ads simply by visiting websites that dont decide to make money by having them. But I still doubt in the long run this "charging" for precious valuable time is going to work.
The general concensus seems to be that spammers do their thing because there is at least a small percentage of recipients who actually send these people money.
Can this really be true that there are enough people out there who are so gullible as to make this profitable...!? or is it that the ones who are really making money in this game are those selling lists of e-mail addresses to spammers? I know that in the online porn industry, the real money to be made is not in the porn sites themselves, but in selling services to the people setting up porn sites. I would expect something similar is going on here, especially since I've gotten a great deal of spam lately telling me how lucrative a business 'mass e-mail marketing' is, and how I should act now to 'get in on the ground floor' by buying their CD-ROM's full of e-mail addresses 'for the low, reduced rate of $99.95.' It looks to me like spam mailing is just another get rich quick scheme.
I'm asking this as a legitimate question. Do people really make money by spamming or are the only ones making money those who are supporting this "industry?" I mean, if .025% of the population is stupid enough to send you money for something like fake Viagara work-alike pills at $25 a pop and you send e-mail to 1,000,000 addresses, that's $6,250 -- well, with those kinds of numbers I'm tempted to start spamming too. After all, if the idiots are willing to pay...
Disclaimer: Before you flame me for admitting to the same thing you've likely thought of yourself, rest assured. I am not about to start spamming anytime soon. However, I think the question is relevant. Is there anybody actually making money at this game?
This amounts to stealing from the pizza vendor, and that's as bad as spamming.
Sure, it would probably make the guy unable to order pizza from anyone in the city as soon as they set up a list of addresses that get frequent bogus orders, but it would still be wrong to do it.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Please record these calls and put them on a website. :)
You're missing the point, Mr anonymous coward.
I'm on a dial-up account. That means that every minute I spend connected is costing me money. Now, if I have to spend time connected to download a long HTML message with images in it, that is costing me money, albeit a small amount for a single message. Let's say it cost me 0.03 Thalers. If I now get 100 of these in a month, it's just cost me 3 Thalers.
You suggest filtering... but that happens after I've downloaded the messages, so doesn't lower the cost. It's not a realistic option.
And this is before I start factoring in costs for
Hmm... that makes for a low cost per spam mail received. But, like most companies, I'm going to set a "minimum invoice charge" to cover fixed costs associated with drawing up each invoice and chasing up payment. Lets say 30 Thalers. And now, we factor in a percentage for "bad payers". Let's double it.
All in all, I feel quite justified in billing for 60 Thalers per spam received.
"As much as I hate advertisements"... they're fine so long as I'm the one making money out of it.
When you're running a system with procmail (don't we all?) and better yet: use a mailer which supports piping messages to stdout, you can use these scripts to report spam to spamcop semi-automatically.
This is your sig. There are thousands more, but this one is yours.
What I don't understand about spammers is that they expect you to buy their products after you've been annoyed by them. I never buy any products from advertisers who:
1) spam my mailbox
2) use popups
3) annoy me with flash animations that take up 80% of the webpage I'm trying to read
4) have floating flash animations which seek out your mouse pointer
5) etc..
Yuioup
Declan McCullagh's Politech has a post with a reply from the spammer. In it, he says "Therefore,
consequential and more severe actions will now be initiated and followed through to conclusion. An acceptable conclusion is no longer a removal of the Web page."
Want some cheese with that whine?
The truth about Scientology, Xenu, and you: Operation Clambake
An email address harvester apparently from:
bidmain.com
came through took them then used them.
I sent them a bill with a 30-day deadline to pay. Bidmain's information, BTW is:
iBIZCAST (BIDMAIN-DOM)
302, 1008-2, Daechi-dong,
Kangnam-gu, Seoul 135-280
KR
But more interestingly, their phone numbers are:
822-564-3404 fax: 822-539-0925
So far, for my complaint, my spam per day has trippled. They don't use the above addresses, but they sure do use the address I used to send them the bill. The 30 days is up in about a week.
My take on all of this is SPAMMERs are criminals. They are taking huge amounts of money from us (us == owners of systems).
If anyone wants to join in class action against the criminal above, I'd like to hear from you. Reply below.
Thanks!
-- Multics
The guy who called likely cost your company a dollar. Unless you were very poorly paid, in a conversation lasting long enough for you to "lay down the law" he actually achieved his objective.
I personally value my time too much to fuck around with spammers or telemarketers (aside from adding myself to DMA do not mail and do not call lists).
I always make it abundantly clear that I don't want my contact information shared. If there isn't policy on the site explicitly promising not to share my information if that's what I choose, I don't buy there.
More than a dozen times, I've gotten mail advertising the original store, followed by a flood of random spam to the same address. When I contact the store owner, they insist that they had an agreement with the 3rd party that they wouldn't use the list of addresses for anything else. "Then why am I getting mail to UglyShoes@mydomain when you're the only one who ever got that address?" They lose a customer, and I cancel a mail alias.
Then again, not all retailers are honest either.... God forbid you share your name with Radio Shack.
Three years ago I bought a soldering iron at Radio Shack, the address including an "Apartment RSHK", again requesting no mailings or address sharing. Now, if I had a dollar for every shit mailing and magazine I'd been automatically subscribed to at "Apartment RSHK", I'd be a rich man by now.
Again, it doesn't seem to stop with Radio Shack sharing. I think many of the companies Radio Shack shared with turned around and sold my address as well, because it went from Radio Shack mailings to Columbia House to Playboy to Victoria's Secret to Lillian Vernon to Fingerhut to god knows what. Half my specifically targeted junk mail comes to "Apartment RSHK", and about half comes to "Apartment SN", from my long-ago subscription to Science News.
If one of these bills were disputed in court, the guy would lose. You can't charge people for sending you e-mail without some sort of prior contract.
Actually we need a way to make money of the spammers. If there is a legal system to make money off spammmers, they will go away.
Solutions I've advocated in the past included spamm licenses, complete with cute orange ear tags for the spammer, and a culling program. This may even make a good kids games; "Spam Hunter! Can YOU catch the spammer?"
"It is a greater offense to steal men's labor, than their clothes"
Got http://www.goto.com do a search for bulk email click on each link because spammers pay several dollars for each click slashdoting thier links can cost them a fortune!!!
http://Lenny.com
4 great justice!
> He started swearing at me and telling me he was :)
> going to come and kill me and my family and all
> this other stuff and hung up on me
Uh, be careful, homeboy. I saw a news report where a lot of companies (like airlines) hire prison labor to act as telemarketers.
Insert simplistic political, ideological, or personal proselytization here.
When they start into their script, yell STOP until they stop. Then say something like this, "This call my be recorded for contractual purposes. I must politely inform you that I perform most of my work on the phone and I charge an hourly rate of US$100 per hour with a 3 hour minimum for any and all non-personal calls. All calls past 6PM (insert your timezone) are considered overtime and will be charged an additional US$50 per hour. To agree to these terms, please do so by saying yes now . . ."
Take that and run with it. Buy a cheap recorder and actually record it. If they have someone stupid enough to say yes, then you just scored 300 maybe 450 dollars!
I can't figure out who to open a discussion with about this, but I have this simple idea that should at least eliminate the anonymous/spoofed spam, which is all I get.
You simply modify the mail servers to query the sending server whether a received mail actually came from that server. The query is a key based on the contents of the message and a key included with the message, which is itself based on the same contents and a private key of the sending server. If the sending server has been upgraded with this feature, it can validate, or not, the message. If it's not validated, the message is bounced. For backwards compatibility, if the sending server hasn't been upgraded, the message always goes through. But as more servers are upgraded, fewer and fewer servers will be able to be used as scapegoats for spoofed spam, and pressure will mount to upgrade these servers as well.
Eventually, the only spam you will get will be from a valid return address, which can be handled more effectively in more conventional ways. In fact, adding manual bouncing at this stage might be helpful as well, since now it really will bounce back to the sender.
I realize I've glossed over some details here, and someone much more experienced in mail servers will have to massage this approach to make it practical, but I think the germ of a very simple but effective idea is here.
Xesdeeni
The single thing that had the most effect on the amount of spam I receive is blocking client connections to my mail server from IP addresses that either do not have, or have broken reverse DNS. Since the bulk of mail servers that are misconfigured with respects to their relay settings are also broken with respects to their DNS, this has very neatly curbed 95% of the spam I receive. The rest of the spam comes from domains with correctly configured DNS, which usually means they have a manned and relatively clueful abuse@ contact that will take care of the rest.
Though in the couple of months I've done this, I occasionally review my mail logs to see what's being rejected, and I've found 2 pieces of legitimate correspondence that were rejected. One of them finally got back to me with a "oops, my bad" message while the other one was a victim of a clueless ISP that I had to allow through by hand. Still, it's worth it.
I used to use MAPS, but now that they've changed their policies, they require me to mail in two original copies of some hefty contracts just for their free personal-use service, so I haven't gotten around to doing that yet. I've done some tests though, and the MAPS RSS would have nuked most (if not all) of the spam that's blocked by my refusal to traffic with hosts that have broken reverse DNS.
Whenever I'm forced to give an e-mail address over the web I always type in root@localhost
Even if only one spammer gets there own spam, I think it is worth it.
(Yeah I know, but some sysadmins _are_ that stupid)
Here in Canada I go to Radio Shack to get some batteries and they want my mailing address to send me their retarded flyers. I'm like, no. (Unless I'm desparate for some fire-starting paper!).
You're missing out. Just give them a fake address. For example...
Gonzo MacGuilicutty
1313 Mockingbird Lane
Beverly Hills, CA 90210
If enough people do this, then Radio Shack (You've got questions? We've got blank stares.) will discover that they're blowing a lot of money on sending out brocures to fake addressen. The people that Radio Shack sells their address lists to will be kinda pissed off when they discover that so many of the addressen are pooched. Eventually a clue might be imparted to them when it hits them harder in the pocket book. So, c'mon everybody, give Radio Shack those fake addressen.
/*drunk.. fix later*/
If they are not available anywhere else, then their grabbing them is a copyright violation.
Fight Spammers!
Fill out Form 475 at the FCC, and eventaully they will hit them with a large enough fine to make them think twice. I think that willfully breaking federal laws can get you in bigger troubles than just the $500 fine.
The bcc field is also often used by spammers who do not go through the trouble of individually addressing each email message. If you combine a filter on your address not being in the "to" or the "cc" fields along with the sender not being someone you know, it probably works pretty well as a spam trap.
Note that many mailing lists might use similar features.
I've been wondering... wouldn't it be possible to set something up where you accumulate a database of email addresses from spam, and then have a program automatically send email to those addresses that appear to be from someone interested in their service/cash prize/whatever, and have the email forged so that it looks like it's coming from one of the addresses of the other spammers?
So, for example, spammer A gets a message that's appears to be from spammer B's email address. Spammer A now wastes time trying to sell crap to spammer B, while B has his email box filled up with email from spammer A. The end effect would be that both of them waste their time dealing with each other, and since they waste more time, it makes spam less valuable a tool.
And, uhm, if anyone from the federal gov't asks, this was a joke, too.
-- dR.fuZZo
I neglected to mention Step #3 that is particularly helpful inducing noise into the email spam channels:
Step 3. Develop noise email identities, particularly focusing on notably abusive spam domains. My favorite here is someuser@chinanet.cn.net (make up your own value for someuser - common names like admin, hostmaster, root, etc. are good to try) - per my experience with Spamcop assessments, Chinanet is about the most frequent spam abuser (and they almost always lie about their email origin identity). These guys literally provide safe harbor to spam terrorists.
Sure, it's fun to route chinanet IP's to a null interface (and probably wise too - countless rogue script-laden emails that fire up a browser and open you up to numerous issues come from chinanet solicitions).
Obviously, chinanet likes spam - so be sure to put them down to receive some!
*scoove*
So let me get this straight. You want to invite the legislature to bad bots harvesting information off the web, and certainly to ban any web site from copying any information at all from your own (even an e-mail address). Is that about right?
Oh, dear. You just took Google off-line. (Actually, the legality of Google's cache must be slightly questionable anyway, on IP grounds. But do you really want their bots to stop indexing web pages?)
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Theoretically, of you publish your cell phone number and a telemarketer calls it (since it costs you money to recieve calls) you can invoice them $500 - $1500 per call under the Telecommunications Act of 1991
--CTH
--Got Lists? | Top 95 Star Wars Line
Why bother telling them off when you could do any one of the following:
:-)
Top 49 Ways To Have Fun With Telemarketers
--CTH
PS: this link to a site that I run (although completely topical) is offered in the spirit of shameless self promotion
--Got Lists? | Top 95 Star Wars Line
then I can't collaborate, contribute, or even ask a freaking question in public.
I will not be chased off of developer email lists just because some poodlefucker harvests the addresses of the list traffic.
(And yes, I do support the death penalty for spammers. They cause far more loss in time and revenue than their lives could possible be worth. Yes, I really am that cold. *grin*)
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I do something simlar on my employer's system. Employees forward me spam, and I put the from address into the mailserver's access file. It's nice, because I've got postfix configured to use a mysql database type, so not only do all the mail servers share an aliases file, but they also share the access database (and my home mail server gets to use it too). It's also nice to put in specific reject messages for annoying quasi-spam things, like YDI's "550 your wireless products are the worst I have ever used" response. :) I suppose that I could just set up bind to run my own RBL and have the same distributable effect, but the database makes the possiblity of publishing the smammer list to the web (or whatever) more feasible, and makes automating the list updating more easy as well... :)
If you could fool the goverment into thinking that spam is terrorism, I bet they would definitly do something about it;)
[Disclaimer, don't even try to take that seriously]
Why not?
According to the latest anti-terrorism acts, if I recall correctly, any "attack" on one or more computer systems resulting in an aggregate cost of more than $5000 qualifies as a Terrorist Attack on the computer systems in question.
So, if a SPAM sent to your ISP clogs up the mail server, and it takes more than $X to clean it up (in admin costs and, possibly, refunds to annoyed customers), or if this happens to your company's main email gateway, or if everyone in your organization gets it and it has a virus in it, or each email includes remotely-hosted HTTP images that pushes your burstable line into a higher bracket, then, well:
* Record everything you can about the email, who sent it, when, contents, how it got there, what it did, and most importantly, what it cost to clean up
* Publish this on some central spam-cop site
* when enough other victims have come together with similar experiences, that the total cost exceeds $5000, then get a good lawyer, demand a grand jury be empaneled to consider indictment of the perpetrator on terrorist computer attack charges, and see what happens next
Repeat as necessary.
Hey, worst case the act is thrown out as unconstitutional. Best case, you put a bunch of SPAMers in jail for life (for which you could argue, as the plaintiffs, for a reduced sentence and large fine).
But I'd argue that this is exactly what the act was supposed to do -- prevent against any computer-borne attack that causes $5000 or more in actual damage to one or more corporations. Right? Just because the DDOS came in the form of Email doesn't make the law less applicable than if it were an email virus, or a script-kiddie DDOS, right?