Slashdot Mirror
DSLReports Study: 8 Hours 'til the Spam Hits
Masem writes: "In a rather interesting study at DSLReports, it was observed that email addresses published on a web site recieved spam within 8 hours of being posted, showing how aggressive the harvesters are working. In particular, a special link was set up on the main page that by following the link, the site generated an email address that was trackable to the IP that called the link, and not published anywhere else at any time. In the specific case, in only 8 hours after the email address was created, it had recieved spam; since that time about 9 months ago, it's gotten around 100 pieces. Given the time and source of most of the emails, the authors believe that they've simply got someone at one end of a home broadband pipeline using open relay mail servers, and most likely being paid to redistribute spam on the email addresses they harvest."
When I started working for Lockheed Martin, I had 4 spam emails in my mailbox that was delivered prior to my first day of work. In addition to this, I had 2 personal (they seemed personal IT related) job offer emails in my mailbox, also from prior to my first day of work. Both from recruiting companies.
Bringing irony to the Slash-masses
GOp@Tohell.com
LeaveMe@lone.com
Kissmy@ss.com
All of which I have used to registery sofware in the past.
Hughj@ss.com is still waiting for his free natural viagra as I write this.
Hello Kettle,
You, my friend are as black as pitch.
With love, Pot.
The email address wasn't harvested 8 hours after being posted, it was sent spam 8 hours after being harvested.
What would be more interesting is to find out how long it takes with your address on the web before it gets entered into the various lists...
While this study is very interesting, what I'd like to see more posted about is how often an e-mail address, unpublished on the Web but used for e-commerce, becomes the target for spam. Whenever I post something where the e-mail address goes up on a Web page, I sufficiently de-spamify it so that the harvesters won't know what to do with it (i.e. it's an obfuscated form of my address). But what really gets me is when I used my e-mail address for getting e-commerce confirmations, important for verifying orders, etc., and find that address the target of spam, even when I decline it.
I also find it handy to have a 'spamdrop' account, which is just another e-mail alias on my host, for signing up for one-off things, like chat, games, etc. That account fills up incredibly quickly; I receive on the order of 50 spams/day at that address. Wow...
Karma: Excellent Birds (mostly as a result of listening to Laurie Anderson)
What's the average length of time between a slashdot posting and the subsequent DoS attack on the linked site?
Jason.
Damn that Bernard Shifman! Will he never learn?
If Bill Gates had a nickel for every time Windows crashed... Oh wait, he does.
How about we put FBI and CIA email addresses up, or *.gov, and see how long until the spammers are raided?? I bet it could even be before that first spam gets out if we use the right addresses/web links..
:)
I bet that time period for harvesting goes down pretty quick..
.
We don't need no Net Explorer We don't need no Thought control
On 6.26am the morning of May 13th, 2001, the link is hit from IP 24.1.197.144 - a residential cable modem in Arizona
Google is big. Google has a very fat spider going around. Google definitly does not check a nowhere webpage as soon as it is created! How can somebody on a cable account (limited bandwith?) scan pages at a high enough rate that they hit an almost invisible webpage soon after it was created? Big machine, big connection? spoofed IP?
Is this business really so lucrative that people are willing to spend hours working on it? It'd like to have some stats on how many people actually subscribe to the "services" advertised for in spam. I know a spider is not a lot of maintenance once setup and the distribution cost for the spammers is almost null because they make everybody else pay for it, but where the hell do they get the profit...
Imperium et libertas
Autocracy and freedom
I used to have an e-mail address that was andrew@, it was great for a year or two. I still have it, but I do not retrieve the messages since it receives 30+ SPAM messages per day. My other e-mail address is my first initial + last name, and my last name is rare enough that I get maybe 1 Spam message per month.
What?
The solution to spam is that Giant laser of death the airforce just got. Tie it to the email system, so once a spammer is identified, they become toast. Literally.
Sheesh, though, I hate spam. I get like 10 spam a day at my real email address, which people only can discover by talking to me (I don't post it or give it out for obvious reasons).
Maybe some kind of bulk-email tax could be imposed.... Even though I am firmly against internet tax, I think making the spammers pay for the mail (ala-junk mail via postal system) is the only solution.
Not only are addresses harvested quickly, but it's amazing how often they'll use a brute-force attack. This is how some email spam ends up in new employee mailboxes.
I've seen it while administering our own Exchange server. They'll try all sorts of common name combinations (such as rsmith@, tsmith@, jsmith@, etc.) in the hopes that some of them exist.
They know your domain is valid - so they never lay off trying to stuff garbage in any valid boxes on the site they can hit.
Something like WPoison has to be used more often. Until a higher percentage of harvested emails are faked, these web spiders will continue roaming the web, adding email addresses to their collection.
- grunby
Could this technique be changed. Rather than generating a mailbox for the spam to go to, based on IP, instead generate the abuse address for the IP's netblock owner.
:)
That way, whoever is running the spider can start spamming direct to the abuse address, saving the site owner from having to report them.
I for one am curious if a spam e-mail has EVER worked. Why do so many people spend so much time and money working on spam technology? SOMEONE out there must be buying things from spam ads.
"You cannot find out which view is the right one by science in the ordinary sense." - C.S. Lewis on Intelligent Design
the e-mail address is uce@ftc.gov
my pet machine
Does suing spammers work? For example, if you made a web-page that CLEARLY reads: If you agree to pay me $52,000, please send email to foo@bar.com. Consent of this contract will be shown by sending an email to that address, regardless of content.
Post this email NOWHERE else. Wait for a spider to come around and harvest... Is such a contract legally binding? I would think it would be, considering you can make online-payments and such, and those contracts are binding (i.e. if you promise to pay Amazon for your book, you have to do it, right?)
"Your superior intellect is no match for our puny weapons!"
Actually, I wonder what the stastics on spam for government email addresses. If spammers just put *.gov in the ignore lists.
Are there any government employees who can comment on this?
That's exactly why I use sneakemail. It gives you a random email address like asjglkjg176489@sneakemail.com. When an email is sent there, it goes to your inbox. You can have as many aliases as you want (They suggest 1 per site you sign up with). If you receive spam on one of them, you can just disable that alias. It's really great.
Apparently the cutting edge of harvesting web information (in this case e-mail addresses) is in the spam business. We all like to think that entities like Google are at the forefront of Web searching technology, but it seems like shadowy, unscrupulous advertising firms may be just ahead of the curve.
I know I'll get modded down for this, but I think there are a lot of parallels between this case and that of pornography (another somewhat shadowy industry that is often looked down upon, yet is always there to profit off of new technologies as soon as they become available.)
[PowerPoint] is a tool for capitalist presentation
I rarely ever got telemarketing calls.
Last week I applied for a telemarketing job.
Within hours I started getting calls, and I've gotten 5 a day since.
Yes, it does work.
Last I heard they would get a response of something like 0.02-0.05% of the time
That is 2-5 for every ten thousand spams.
They don't care, send out a few hundred thousand spams, get a few hundred responses, they can make money.
Shortly after it stops working, people will stop spamming.
How exactly does someone running a standard Windows install go about faking an email bounce? Or on Linux?
Lendrick
I'm convinced they create a list of names, (anything before the @) and a list of domains, (anything after the @) and submit ALL names to all domains.
I say this because of mail I have which contains a dozen variations on my address in 'Apparently-To' entries in the mail.
That could be a fun one too.. set up an email address in your domain, set forwarding on the account by rule/filter/whatever equiv for your email system so that it goes to uce@fbi.gov or whatever that spam collector address was. Or find a higher up address to send to, even. (Like an employee for the FBI who has no SSN, Name, DOB...) Just add a little script to tag into the email before forwarding that says "This person was inquiring about you.. thought you'd be interested.."
:)
.gov addresses get blacklisted, but on the otherhand I know some people at the state level who get spam at their addresses. So we'd at least get rid of the so-stupid-they-can't-spam-right people.. :)
You know, even mentioning that idea, I'm suprised I haven't gotten a knock at my door already..
You've got a good point though- I would imagine that
.
We don't need no Net Explorer We don't need no Thought control
I've been using the 'theirname@mydomain.com' technique whenever I provide an email to on-line stores.
:o)
I was amazed when I started receiving spam on 'premaritalagreement.com@mydomain.com' (only the mydomain is fake!) and I contact the people and they denied everything. But at least you can ban that email address and ban the company.
On the other hand it's funny when (for some reason) the company calls you to verify something, and they go over all the stuff and then get to the email. There was one person that just didn't get it: 'yeah, but that's OUR email address', recognizing her companies name.
For those reasons some people generate an obfuscated (rot-13 for example) address.
In any case, the sad thing is that there's not much you can do against the companies that sell your email address, legally...
There already exists such a thing. Check out http://www.ordb.org/ and you can set up sendmail (Or whatever you use) to check their database for known open relays. If found out about this little gen when my mail server was found to have a hole in it. Only bumb deal about it is that now that I have the hole fixed, I can't seem to get my mailserver off their damn list. :)
But jokes aside, if you run a mailserver and want to block a good deal of spam, you should check out their site.
"The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
I'm working on a script that will let me send unsubscribe emails with uce@ftc.gov as the from header as well.
Any other ideas on how to abuse spammers?
Bah -- do what I do (and other smart people that run their own mailserver) -- set up an aliases list for your email address. Everytime you need to give somebody your email address (For required registrations and all the other stuff that makes the web annoying as hell these days) just make an alias to your "real" address, get your mail from the company, then go and remove that alias -- Voila! You got your registration ID or whatever, and now that company has a bunk email address that they can sell out to spammers, with no concequence to yourself.
As easy as proverbial pie.
"The Wright brothers were the first to fly with a heavier-than-air machine, but boy did they have a lousy plane"
"There's a sucker born every minute."
A great expose of how spammers operate comes from one of the mirrored sites Behind Enemy Lines. It shows that if SPAM itself isn't always profitable, selling the service of spamming certainly is. And to make this profit, spammers will resort to illegal activities.
Of course, when you consider the morals this group has already demonstrated, it should come to no suprise that their most agressive campaign was a stock pump-n-dump scam.
Does SPAM pay? Apparently. But so do a lot of other crimes.
Along the same lines, does anyone know where root@255.255.255.255 would go to?
There is a relatively easy way to report businesses and organizations you believe to be acting unlawfully to the FTC. Here's the link: FTC complaint page.
From the page:
If you would like to forward unsolicited commercial e-mail (spam) to the Commission, please send it directly to UCE@FTC.GOV without using this form.
Use with care,
PhatKat
Make their lists worthless. Compile this, run it, and put the result up on your favorite web site. Hide a link to it in your pages. Also add a disalow in your robots.txt so Google doesn't waste time on it.
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <math.h>
#define MAX_DOMAINS 8
static char * domains[MAX_DOMAINS] =
{
"com", "edu", "biz", "net", "gov", "it", "ru", "info"
};
int getRandomLength( void )
{
float val = (float)rand();
val = val / RAND_MAX;
val = val * 20;
return (int)val;
}
char getRandomChar( void )
{
float val = (float)rand();
val = val / RAND_MAX;
val = val * 26;
return (char)( ((int)val) + 0x61 );
}
int main(int argc, char* argv[])
{
char c;
char buf[1000];
FILE * fp;
int accountLength;
int subDomainLength;
int bufIndex;
int i, g;
int gencount = atoi( argv[1] );
printf( "Generating %i accounts.\n", gencount );
fp = fopen( "emaillist.html", "w" );
if ( fp == 0 ) return 0;
for ( int dcount = 0; dcount < MAX_DOMAINS; dcount++ ) {
g = gencount;
while ( g > 0 ) {
memset( buf, 0, sizeof( buf ) );
bufIndex = 0;
accountLength = getRandomLength();
subDomainLength = getRandomLength();
for ( i = 0; i <= accountLength; i++ ) {
c = getRandomChar();
buf[bufIndex] = c;
bufIndex++;
}
buf[bufIndex] = '@';
bufIndex++;
for ( i = 0; i <= subDomainLength; i++ ) {
c = getRandomChar();
buf[bufIndex] = c;
bufIndex++;
}
buf[bufIndex] = '.';
bufIndex++;
strcat( &buf[bufIndex], domains[dcount] );
fprintf( fp, "%s ", buf );
g--;
}
}
fclose( fp );
return 0;
}
-- "The best way to predict the future is to invent it."
Comment removed based on user account deletion
I use html code in my email address on my web page, like this:
rsidd@yaho 1.com
Amazingly, not a single spammer has gotten hold of it yet, in over a year; whereas, unobfuscated
addresses used only once, on mailing list archives for example, are picked up immediately.
Obviously these spambots aren't so intelligent.
Obviously, its unusable. How many others have similar experiences?
...the article submitter didn't use an email address link on his name.
We should have hunting parties and every 3rd tuesday of the month go hunting down spammers and beat the tar out of them...
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
The following experiences have led me to wonder whether my ISP (AT&T Broadband) or my Web host (Doteasy) are selling e-mail addresses to spammers as they are created:
1. Created a new e-mail account for a friend at my doteasy domain. I am the only owner of the domain ever, and have held it for years. The e-mail address had never existed before. About 12 hours later, while helping my friend to configure outlook express to check the account, I was surprised to discover two pieces of SPAM already in the account. This is a new address that has never been used or given to anyone, ever.
2. After the AT&T @Home to AT&T Broadband fiasco, new e-mail addresses had to be created. One of the accounts I created (and did not use for anything) got spam within hours of its being created. Here again, this e-mail address had never been supplied to anyone but AT&T Broadband, in the process of creating it.
My reluctant conclusion (unless someone can explain some other solution to me) is that both ISPs and Web hosts routinely place e-mail addresses they host on lists which are sold to spammers, I guess as a way to supplement the revenue stream.
STOP . AMERICA . NOW
http://www.yelm.freeserve.co.uk/spamido/
To catch the spammers, and:
Vipuls Razor[1].
http://razor.sourceforge.net/
To report the spam to others and widen the protection once they've been caught.
[1] Doesn't that just sound like a spell out of D&D?
Government of the people, by corporate executives, for corporate profits.
Whenever I receive an email from a spammer with one of those "click here to remove your email" links, I paste it into the browser, feeding in uce@ftc.gov as the email instead. Since those forms just feed into the spammer's "sucker" lists, it saves me the trouble of having to forward the email to them - the spammers just do it for me. Hitting up uce@ftc.gov 19 times a day - lets see how quickly they're put outta business :)
Most spammers with half a brain (not that they all have this...) either use programs that automatically filter out *.gov addresses, or even manually filter out the addresses themselves. Especially the more obviously bad-to-spam ones like uce@ftc.gov.
I pledge allegiance to the flag...
of the Corporate States of America...
In 1997, I worked for a very small travel company that decided to try its hand at SPAM. Of course, take this anecdote for what it's worth (it *was* five years ago).
They set up a small server that would just browse around the Web and usenet harvesting e-mail addresses wherever they could be found. The first week they sent out about 80,000 pieces of e-mail per day. They got tons and tons of hate mail in return but also a few hits. The first day, there were about 60 sales of a $69.99 "travel club membership" product (essentially a hotel and airline coupon book), and by that Friday they were up to over 200 sales a day thanks to the SPAM. Totals for the week were something like 350,000 e-mails sent and 900 sales for a total of about $63,000 in revenue that week thanks to SPAM. The coupon book itself wasn't all that expensive -- the deals were promotional and each book only cost the company something like $12.00, so the net was around $52,000 for the week. Not bad for a computer sitting in the corner with a $100 piece of software -- this likely explains why spammers stay at it.
I left shortly thereafter so I don't really know whether they "stuck with it" or not, but it obviously can generate sales.
STOP . AMERICA . NOW
On our networks, logging for almost two dozen domains, the largest source of spam via "Open Relay Mail Servers" is Hotmail. These emails are being sent via other servers, and mass mailed via hotmail servers being used to relay them. Hotmail's responses to the numerous complaints? "We'll cancel that user's account..." Often though it's not the user at fault, since you dont even need a valid Hotmail address to do this. So, even with notifying them of the real problem (open servers) and showing them headers that confirm it, they do nothing. Our incoming spam would drop by over 45% if they'd fix it. - Rob
WebMaster:
BinFeeds
XXX Thumbnailed Image Newsgroups but
This report matches my own experience. While at a public library awhile back, I opened a hotmail account in order to mail a few URLs to my home account. I did nothing consciously to advertise this account other than the default hotmail settings. Out of curiosity, I checked this account the following day and had 20 SPAM advertisements. So much for privacy on the web. By the end of the week, I had received just under a hundred messages, all to an account I had never actively given out. Turns out it was those account defaults that bit me. Hotmail automatically publishes your account on their directory, to make it possible for other Hotmail members to find your address. Sigh....
It's an access control device, not an encryption device, but that works well, because that's what the DMCA says, anyway.
Of course, the DMCA will be gone or severely amended in a few years anyway, so I wouldn't rely on it too much.
Do a study on the statistics of how many enemies are made by spamming. I, for instance, will never buy something from an entity that spams. Period. I'm sure there are others who do the same.
Essentially, it was a simple CGI script. The author had 'links' to it, with no text between the and tags, so a normal broswer wouldn't display it. Most bots, however, would pick up on the link, and go there.
The link was to a CGI script, which would take the visitor's domain name, and do a whois lookup on it, and extract the administrative/technical addresses given.
It would then translate them to an IP address, making it less likely to be filtered out by the bot.
As a result, a lot of spammers started spamming their ISPs, who were listed as technical consultants.
Perhaps someone can paste the link?
________________________________________________
suwain_2
I think we could combine the technologies outlined in the article below this (laser of death) with the problems in this article (spammers)! Think of the possibilities!
Robort knows all.
This e-mail address here was not up on any site for years (well, before it was @Home.com, but still,) and I got a grand total of, err, 3 spam messages over the course of 3 or 4 years.
/. and it took me two weeks to get anything.
/.'s automatic obscurification(?) routine the amount of spam I am receiving has INCREASED, leading me to believe that some of the trolls likely keep up with the latest methods and likely go about and purposely harvest the e-mail address's from people who use the obscusification option on /.
:)
I put it up just here on
During those first two weeks it was not even obscusicated at all. In fact since selecting to use
Err, spellcheck just choked on my message, and google cannot even figure out some of those mystery words. Screw it, good luck reading the above.
Need help treating your acne? Come here!
One guy is the source of all the spam on the Internet?
I say we've found a perfect target for testing that AC-130 Death Ray.
--Blair
I put it on all of my webpages in tiny white text somewhere. I also put in spamtrap addresses in the same manor that auto-forward to that address. It's something I recommend to *EVERYONE*.
Just how do they bully or harrass you?
Yeah, they aren't my favourite phone calls either, but calling it "bullying" or "harrassing" is either rhetorical extravagance or a revelation of a serious mental problem on your part. It's a freakin phone call. Harrassment is possible, but if they're seriously harrassing you there are ways to deal with that - and I've never even heard of that happening. What on earth would they have to gain? Harrassment doesn't get sales. And to bully you would require that they could actually do something to threaten you with, they can't, they're a voice on the other end of a phone, they can't hurt you.
I get telemarketer calls all the time. It usually goes like this. Pick up the phone, listen to spiel long enough to determine I am not interested (3-4 seconds) - interrupt and say "sorry, not interested, better luck next call" and hang up. Once in awhile someone actually calls with something I'm even interested in (promotional offer on something I'm thinking about buying already.) Either way, there's no bullying or harrassment. And, most importantly, they call on their dime. The trouble with spammers is they call on my dime. I would never buy anything from a spammer, even if they did have a good deal on something I wanted. If a telemarketer called with such an offer I'd have no problem with it though.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Friends don't let friends enable ecmascript.
First, it's pointless to collect such addresses, because most of domains should have valid admin localpart, so they could just send spam to admin at every domain in the world.
But I suppose, that spammers have usually much more trouble with admin@example.com than with supermasterofdisaster199@example.com, so they just remove admin@* from their databases.
Google search for my admin@ address gives about 1000 matches (I use it on many mailing lists and it's available in the mailing lists archives - probably the first place where spammers are looking for addresses), still I have not yet got a single spam to that address.
I had an idea once to use addresses like admin@username.example.com or even admin@username.spam.example.com (spammers may remove addresses with spam or nospam etc. in them - just an idea, I had never checked it, but sounds reasonable).
My another idea was using user@fbi.gov.example.com or something like that, in hope that spammers don't spam *.gov addresses, and also *.gov.* addresses (to match in other countries, like *.gov.pl).
I haven't tested it because I see no need for it with my admin spam-proof address.
So I suggest you to make a test with address admin@user.spam.abuse.gov.yourdomain and see if you get any spam there.
~shiny
WILL HACK FOR $$$
I know open relay mail servers are the bugbear of current anti-spam dogma, but all they do is provide an IP address/host name that isn't directly traceable to the sender, and (thusly blocked by the filter). I can't think of any way it is related to the speed with which email addresses are harvested (sold?) -- The easiest and probably most prevalent way for spammers to get emails is directly from ISPs. Most accounts come with webhosting or at the least a directory for storing email. These are usually readable. The next best thing is to run a dictionary against the mail server itself (or login) and record the positive hits. Web-spiders are used, but probably aren't a first resort.
Let's say my phone number is 1-900-PAY-LOTS
Oh, I should add, for you non-Americans, 900 numbers are charge-per-minutes things.
"Your superior intellect is no match for our puny weapons!"
Here's dumb idea. Write a bot that drives Hotmail's account creation pages and create a few hundred random accounts. Then just let them sit there; never use them, never delete anything (have the bot poll them just often enough to keep them from being deleted as inactive accounts).
Suddenly, the problem becomes Micros~1's as their mail spools fill up with unread, undeleted mail. Once the problem of locating and deleting spam becomes their administrative headache, then maybe they'll do something about it.
Schwab
Editor, A1-AAA AmeriCaptions
The account has been active for nearly three months now, and the spam count is up to 76 (!). The biggest slice goes to adult sites, with "make money fast" plans coming in second.
So, my conclusion: Microsoft is actually selling its own Hotmail addresses to spammers of the worst kind. Bastards!
I wish your graph would show the signal to noise ratio. Knowing the total amount of trapped spam is one thing. How about a graph of rejected next to a graph of accepted. Is your spam over 50% of your total mail load? Spam/user/day would also be interesting. Great graphs!
The truth shall set you free!
So who's mailbox are you asking slashdot users to bombard? Is this is a social engineering mail attack? Hmmm? I hope you are proud you figured a way to mailbomb someone.
The truth shall set you free!
Well, if you use Server-Side Includes, then you can at least get the IP of the machine itself:
mailto:abuse@[<!--#echo var="REMOTE_ADDR" -->] (not tested)
Esli epei etot cumprenan, shris soa Sfaha.
But seriously, I suppose they don't remove anything from harvested addresses. There are lots of obfuscated emails on the web, like user-no@spam.please-example.com or "contact shiny at key dot salt after cracking crypt(3)'ed plfeY04jaJnYI", where it would be almost impossible to to make a working algorithm understanding every method. But what is possible is collecting such addresses with SPAM in them for future manual processing, it could be even quite fast, if done well. However I don't thing they do this, for a simple reason: they don't want trouble makers. Trouble makers won't buy anything anyway and can cost them problems with ISPs, when they report every abuse. For the same reason there's no spam in my admin@ mailboxes.
This is a slogan from Spam-Free Emailing Service : "No need to worry about losing your ISP or getting into trouble, we do the mailing to safe email addresses only." So i think they don't want to spam people who have NOSPAM in their email.
For more spamming services, search Overture for "bulk email" and see such matches as e.g. "Increase Sales in 2002 with Bulk Email! 33-million e-mail addresses with order. Send up to 50,000 e-mails per hour with Prospect Mailer. Prospect Finder collects e-mail addresses based on keyword, profile or location. Free demos." for which people selling those emails are paying Overture $5.15/click (so don't forget to click them all every day!).
(if you want to automate clicking check out the Spam Victims Revenge, a little script which search Overture and click links with random delays. I don't know if it works, I suppose that Overture has more sophisticated methods to count clicks, but it's a cool idea anyway. However the manual method has to work, so imagine slashdotting these paid links... it could be the end of spam forever...)
But here's an idea: we can just call 1-800-359-0156 and ask if they have trouble makers on their lists...
~shiny
WILL HACK FOR $$$
Straight 'tragedy of the commons'. If .0001% of humans on planet earth need to make money by any means available no matter what, and they all spam, and they eventually become able to send 2 emails a second to everybody on the planet, then they _do_ make money up to the point where the system breaks down completely, and nobody can use email anymore because 99.9999999% of it is spam.
It is possible that the whole concept of email will fail because of this: that any form of 'talk to people by offering them your contact information on a global scale' will fail. It simply depends on what the rules of the 'system' are, and what the limits of the system are. With computers and networking and delivery of information to be stored and read later, the limits are very extreme- it's not at all like trying to initiate chat or telemarketing where the victim can only be available to one attack at a time. Email stores: email networks, it's extremely vulnerable to this sort of thing.
Personally, I make a point of not attempting to initiate business contacts by email for any reason whatsoever. I have a feeling this may be the future: that either the system will collapse completely under the mass of people with 'valid reasons' for wanting to make you an offer (do you know how many people I _could_ 'validly' make an offer via email, even in a rather targeted manner? Even on an entirely personal, one-hand-written-at-a-time basis?), or it will become so completely defensive that it's barely email anymore.
It's not about how well you can 'spamproof' an email address. It's about how willing you are to be made offers by everybody else in 'contact distance' from you, in other words in the entire world.
There are enough people out there in the big wide world that even if you only heard from people with stuff YOU WANT, or information YOU WANT, just only the stuff that you'd PAY for to hear about, even then you would still be overwhelmed completely and unable to function. 'Global village' means 'billions and billions of neighbors'...