Fighting The Spammers Down Under

An Anonymous Coward writes: "The Sydney Morning Herald is running an interesting article about fighting spammers. It mentions that "Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as &quotknown criminals&quot." Does anybody else wonder who these people are, and what are the odds of having them shut down for good?"

Redundancy

[drachenstern]

If they are "known criminals", why are they such a problem? or is that to say that the spam itself makes them known?

maybe the police are the "known criminals"

and we all know which europeans were originally sent down under

Re:Redundancy

[raelitycheckbounced]

no the real criminals are the people who manipuate the mass media down under, thinking that they can do some good by being vigilanties, without realising that they are nothimg but a bunch of degenerate hypocrits.

Final Solution

[Renraku]

A good solution for spammers is to track them down, post their addresses for everyone to see, and hold spam bashing parties, in which many, many people make a roadtrip to 'encourage' the spammer not to spam anymore. Such encouragements could be things like, VX, a sock with a cueball in it, small rabid animals, and herpes.

Re:Final Solution

[Nickovsky]

AMEN BRUTHA!!!

Re:Final Solution

That would be horrible. You'd have rabid spammers with herpes running around!

Re:Final Solution

[Anonymous+DWord]

Ah, but who will give the spammer the herpes?

Re:Final Solution

I will

Re:Final Solution

[raelitycheckbounced]

yeah, nut if we went with that idea, you'd get assholes putting peopel one the spammers list as a sick joke

Re:Final Solution

Ah, but who will give the spammer the herpes?

Maybe this will shed some light.

Re:Final Solution

I'll supply the herpes! I don't have it yet, but if it will help the cause, I will contract it for righteous justice! ;-)

P.S. If you had blnjoke undefined, this was a joke, and blntroll ==0

Re:Final Solution

[Flower]

giving them herpes gives them the chance to breed and we don't want that now do we? Oh well, considering how many of them seem happy to peddle beastiality sites maybe they wouldn't breed anyway.

Can herpes be passed through a goat?

Re:Final Solution

[GreyPoopon]

Ah, but who will give the spammer the herpes?

I'm certain that one of the individuals who are featured in the spam would be more than sufficient.... Poison them with their own "merchandise."

Re:Final Solution

Herpes? How would you give it to them? Would *you* have sex with a spammer?

spam is bad

so I'll spam as first post just to make this ontopic

No odds

[thecarson]

The spammers have won. They won five years ago. Heck, after putting my email up on Slashdot I got spammed in under 24 hours. :-)Click here spammers!

Re:No odds

[bakes]

I get spam to email addresses that I have NEVER posted ANYWHERE. My ISP owns multiple domains, email sent to my name @ any of those domains comes to me. They take the domain name, combine it with a list of names, and spam the list. Some of them will be real addresses, some not. Often I get the same spam 2 or 3 times, sent to different addresses (but delivered to the same mailbox).

I used a spam bouncing program for a while to generate fake 'undeliverable' messages, and that helped a little bit. I stopped a few months ago, and it's starting to build up again.

Re:No odds

[whereiswaldo]

Have you tried SpamCop? They now apparently have a flat-rate fee which is good if you get a lot of email. Sounds promising as a service.

My problem is mainly my Hotmail account. I get just loads and loads of spam through it as I use it as my "public" email address. I've created filters to get rid of "obvious spam". :) But since I'm bound into their system, I can't do more to get rid of spam. I wish they would add a feature that would require senders to click on a URL or something. And/or use the authentication system which Yahoo! uses - a graphic with numbers on it, obfuscated a little with random patterns, and it asks you to type that in. That could be an effective deterrent to spam.

Would also be nice if I could setup an auto-responder to tell senders that my email address has changed (so I could setup a SpamCop address, for example).

So, until Microsoft gets their developers together and improves my spam-stopping options, I'm stuck getting that crap every day. And no, I cannot just let this account rot as that's the only way some old time pals will ever be able to contact me.

Re:No odds

[GreyPoopon]

Have you tried SpamCop? They now apparently have a flat-rate fee which is good if you get a lot of email. Sounds promising as a service.

Somebody mod me as troll or flamebait, but this is exactly what the real problem with spam is. Why should I have to PAY to use a tool to cut down on abuse of a service that I ALREADY PAY FOR. I pay for internet access and a mailbox. The spammers don't pay for all the mailboxes they send crap to. Rather than continue to pay for a service to filter out the junk, I'd rather pay someone to go discourage the sender in a more meaningful and lasting manner. Don't you agree?

Tried to be first post!

I have been visiting Slashdot for a probably a little over a year and I have never been online when they submitted and new story and I could be the first poster. Well when it happens I am not logged in and forgot my password. Grrrr... I saw my chance slip through my fingers.

"These People"

[Bender_]

www.spamhaus.org has a list of spammers and the ISPs supporting them. They also have some quite interesting articles on this topic.

Block Lists

[hkhanna]

In my humble opinion, the problem with spam block lists as they are today is that

1) they are not consolidated which means your network may end up being wrongfully isolated from one or two networks and you'll never know why your legitimate e-mail isn't reaching its destination and

2) if you get added to a list, some people aren't responsible enough to keep them updated. So if for example you had open-relaying on by accident (a common problem alleviated in the recent versions of sendmail) you may end up being "blacklisted" and if you try to contact the maintainers of those lists, you get no response and your domain is forever banished from the internet.

I heard the FCC (or one of those acronyms...maybe the FDA) is starting to create a national "blacklist" maintained by the government. I don't know if that's true, but that might actually not be a bad idea.

Just my US$0.02.. Hargun

Re:Block Lists

[AnotherBlackHat]

IMNSHO, the problem with spam block lists are
1.) They have a lot of false positives (blocking people they shouldn't),
2.) a lot of false negatives, (they don't block very many spammers),
3.) they are a lot of trouble to maintain, and
4.) they don't mesh well with the general spirit of the internet.

The bottom line is, they cause damage and don't work well.

-- If there's one thing I hate more than spam, it's the people who are willing to surrender their freedom to stop it.

Re:Block Lists

[Isofarro]

IMNSHO, the problem with spam block lists are
1.) They have a lot of false positives (blocking people they shouldn't),

That should encourage those positives to ask their ISPs why they are conducive to spammers, and start to convince ISP's that spammers are the source of the problem

2.) a lot of false negatives, (they don't block very many spammers),

Outta sight, outta mind. A little spam is still spam.

3.) they are a lot of trouble to maintain, and

So certain people have decided that they can accept the maintenance problems in an effort to clean up the internet - kudos to them.

4.) they don't mesh well with the general spirit of the internet.

Spam block lists are merely opinions of a group of people. Other organisations may agree that their list is good, and thus adopt it as their main filter - that's the organisations right.

Adopting block-lists is nothing more than exercising the right to disassociate from a known group of people.

This freedom of choice - what the general spirit of the internet is about. The ability to say "No, I don't want your crap."

Re:Block Lists

[AnotherBlackHat]

Adopting block-lists is nothing more than exercising the right to disassociate from a known group of people.

Block-lists promote the idea that an external authority should decide what is and is not acceptable. That's what I meant by contrary to the spirit of the internet.

The ends do not justify the means. Since there are better means to this particular end, then we should promote those. Block-lists are better than nothing, but not better than the alternatives.

-- What I really hate is people who ask you to give up your freedom to stop spam.

Re:Block Lists

[DavidTC]

How is it against any 'spirit of the internet' that you can choose to let someone else decide what you can see?

I can think of a bunch of different things like that, from various junkbusters lists to NoCemUm messages on Usenet to PICS ratings for web pages, to, obviously, moderation on Slashdot.

I can't imagine why you would think it wasn't common on the Internet for people to hand off the decision of what crap to get rid to other people. It's pretty much the most common way to get rid of crap on the internet.

And what, pray tell, works better than blocking?

We should fight them...

[InferiorFloater]

First with conventional weaponry, then with bombs and missiles.

Re:We should fight them...

You mean bombs & missiles aren't conventional weaponry?

Re:We should fight them...

Shut up, the both of you, cheezers. Fuckin smackheads.

it has to be profitable...

[uberkuba]

Everyone always goes on about SPAM and how bad it is and how we don't like to get it....... The real problem is that it must be profitable for some individuals to do it otherwise it wouldn't happen (save the handful of ppl who just like to do it for fun, similar to graffiti). I have a some contact with the advertising and marketing industries here in Aus and I can tell you that from the pure marketing point of view it does look attractive. The marketing ppl rarely consider the annoyance factor, they just want nice numbers... ie "so you can send this out to 1000s of people, Great! How much per person.... what's that, its a LOT cheaper then mail, WOW put me down for 50000"... and so the corporate world pays for what we hate. Sure there might be exceptions, but I bet that this is the norm, esp in cases when the marketing department has 0 exposure to technology and so doesn't suffer like the rest of us.

Re:it has to be profitable...

[darkonc]

Every once in a while I get spam from someone who gives an '800 number to fax orders to....

I send them off a nice fax, on a 50% grey scale, full page background which orders them to stop spamming..

Why 50% grey scale? Because it's near worst-case for fax compression (which expects mostly blocks of white then smaller blocks of black). Faxing a 1 page grey scale at 1200 baud can take 90 minutes (800 number, remember? It's on their quarter).

I'll usually do a voice callback first to make sure I'm not responding to someone who's being smurfed by an enemy.

Re:it has to be profitable...

I like to point out to these people that I have a server with lots of bandwidth and if I get any more of their spam, I'll download everything from there web server and keep doing it till I find some other idiot. It cost me US$2/gig to download their stuff and it cost them AU$200 to upload it. Getting an idiot marketeer scaked for spaming and costing the company $10,000 only cost me $100.

Re:it has to be profitable...

[coyote-san]

This points to the only long-term solution to spam - take out the profit motive.

But this is tied to the question of strong authentication of the sender (at least at the ISP level), and all of the privacy concerns that raises. E.g., a good way to kill spam is to require each message provide non-trivial e-postage. Perhaps USD0.25 per 20kb block. (After getting over 15MB in less than our from a misconfigured spambot with a huge payload, I am *not* willing to accept "one price for all" scheme!)

If the recipient found the message worthwhile, they could send an ack to their ISP and release the money back to the sender. Or they could let a reaonable time elapse, say 2 weeks, and the money would be released back to the sender. This could probably even be automated for explicitly named friends and mailing lists.

But if the recipient said it was spam, they keep the postage.

At USD0.25 per message, there's no profit motive in me lying whether a message is spam. But at USD0.25 per message, it's a safe bet that few businesses will send out 10,000 messages (USD2500) to snare a single response.

Re:it has to be profitable...

[IvyMike]

It is profitable, but only to the people selling the SPAM tools and SPAM lists. Nobody, nobody sents their credit card to the poorly worded .ru-originating "Better tasting semen" people. (If you want better tasting semen, you should stick to domestic products!)

The reason it works is because everybody gets those messages, and some people conclude, "Wow, this must be a goldmine, I get these messages every 10 minutes. I should get in on the action." They purchase the lists and tools, send the email, and spread the meme again.

P.S. What I always wonder is: How did the "increase your ejaculation 581%" people get such an accurate measurement?

Re:it has to be profitable...

[uberkuba]

That would work IF spam was always done in a mostly legitimate way. For bigger firms this would be the case, but for your small, "I want to tell the world about the new cream my paa made from our dead pet" type of firm you can expect that they would probably hire their cousin, to exploit some free service out there to host their pages.
Besides, are you really willing to pay $100US to teach someone a lesson? If everyone thought like you, there wouldn't be a problem :-) Total capital from spam receiving population would be greater then the capital of spam sending population and so we could push them out of the "market"....

Re:it has to be profitable...

[AnotherBlackHat]

It is profitable, but only to the people selling the SPAM tools and SPAM lists.

Bullshit. Spam is almost certainly profitable, even for the stupid products. Even if you only got 1 response per 100,000 you'd only have to make one dollar on the sale to make money. I've seen estimates of 1-5 responses per 10,000. Email is mind boggling cheap to send, even if you actually pay for the bandwidth, and many spammers don't pay for their accounts at all. Hell, a spammer wouldn't even last 30 minutes, much less the 30 free days AOL used to offer.

-- What I really hate is people who ask you to surrender your freedom to stop spam.

Re:it has to be profitable...

[thogard]

How about the /. hero Dmitry Sklyarov, his company ElcomSoft makes bulkmailer and Advanced Email extractor as well as other tools to clean email address lists and localize them. His company has made lots of $$$$ selling spam tools.

Re:it has to be profitable...

[blair1q]

Ever notice how most modern spam is one-shot? You see one message, then never see that particular ad again? Filtering is too weak a technology to be causing that.

What's profitable is spam that sells spamming, because there's always a sucker out there who thinks "hey, there's all this spam, it must be profitable otherwise it wouldn't happen; now if I can just get my hands on 6 million email addresses..."

--Blair

Re:it has to be profitable...

[riflemann]

I send them off a nice fax, on a 50% grey scale, full page background which orders them to stop spamming..

You need to add an extra 'twist' to this, by looping the paper back around to itself in the fax machine, and taping it together so you get an endless loop.

Set that one up and leave it overnight. *That* will really make the spammer reconsider.

Re:it has to be profitable...

[hyrdra]

Did it ever occur to you these clowns are using an e-mail fax service, which bills by page amount and not time? So you're actually costing the innocent fax service money, not the spammer.

Now 50 pages of greyscale might be interesting ;-)

Re:it has to be profitable...

[bero-rh]

That would kill off legitimate mailing lists, as well.

Take linux-kernel: It currently has roughly 10000 subscribers, with roughly 100 posts a day.

In your system, the people running it would have to pay $25,000 a day - they'd eventually get it back (assuming the subscribers remember to mark the messages as ok), but losing $25,000 even temporarily isn't something we all can afford (I certainly don't have $25,000, for example).

Re:it has to be profitable...

Much like having huge lists of names and addresses to sell on to junk mail companies

Re:it has to be profitable...

looping the paper back around to itself in the fax machine

The easiest way to do this is to use a roll of toilet paper instead.. it's not endless, but it lasts for a very, very long time (not to mention the statement it makes :o)

Re:it has to be profitable...

*sigh*

Spam is almost certainly profitable, even for the stupid products. Even if you only got 1 response per 100,000 you'd only have to make one dollar on the sale to make money

That just means that it's theoretically profitable.

Show me an independant source that says that spam is profitable. I dare you.

Re:it has to be profitable...

[blibbleblobble]

Well then, they can publish their email on a website and their 10,000 people can bookmark it.

I can't seriously believe that anyone would sign up to a mailing list with 100 emails per day - the emails must arrive so fast that you wouldn't be able to do anything else.

Just cos it has the "linux" name, doesn't mean they get special permission to send a million emails per day for free. It means they need a better system to disseminate their information.

Re:it has to be profitable...

[darkonc]

something like that happened once, accidently..

I originally came up with the idea when I got assigned a phone # that used to be some business' fax number. Well, even though it's illegal, fax spammers would try to send me faxes at, like, 4:00am, so I started replying with these 50% grey faxes from my mac.

(un)fourtunately, my fax modem and fax software had this wierd bug with some fax machines where, after sending the page, the page acknowledgement would get lost and the program would abort --- to try again. I had the software set to retry 10 times...

One day I sent off a grey-scale fax to a company before I ran off to work. It got hit by the bug, and repeatedly tried sending the fax... It succeeded on the 5th or so try, tying up their fax machine until the early evening to get that one page fax through.
hehe.

BTW. Part of the reason for using the 50% grey scale is that it minimizes paper waste while getting in maximum time. A single grey-scale page at 1200 baud takes the same amount of time as 90 pages of regular text. an 8 page fax will take almost 12 hours.

Re:it has to be profitable...

"So you're actually costing the innocent fax service money"

BOO HOO HOO.

Any of these services that pander to spammers must go down too.

Re:it has to be profitable...

[cobar]

>Well then, they can publish their email on a >website and their 10,000 people can bookmark it.
>
>I can't seriously believe that anyone would sign up >to a mailing list with 100 emails per day - the >emails must arrive so fast that you wouldn't be >able to do anything else.

Um, no. You don't disadvantage the users of a legitimate service to deter an illegitimate one.

Why do you care if they read those 100 emails a day or not. If the mailing list provider doesn't care and the isps don't care, it's none of your business.

Re:it has to be profitable...

[gilmae]

I see your sticky taped endless loop and I raise you a twist in the paper itself, so that you are sending an endless Mobius loop.

Re:it has to be profitable...

Shh dont point out the hypocracy of skylarov on this forum - any and all criminal activities (such as profiting from illegal actions) are never to be mentioned when it comes to saint dimitiri.

The rest of the world knows he's a criminal, slashdot thinks he's a saint - whats new here.

Re:it has to be profitable...

[BCoates]

There's an idea similar to this called hashcash, where you require the sender to 'pay' you for mail in burnt CPU cycles (usually by calculating secure hash collisions, which is hopefully only possible by brute-force). You 'charge', per message, maybe 1 sec of time on a modern system, and it's pretty much unnoticable on an ordinary machine, but in order to do the mail volume spammers need, you'd need tons of computers running full-time.

--
Benjamin Coates

Re:it has to be profitable...

[Daniel]

I get about 80-120 legitimate emails a day from mailing lists, and this is common among people who work on free software. Charging for email would kill many prominent projects.

And if you think that email isn't a good way to "disseminate information" and that reading Web pages is a good substitute, well, all I can say is: please go away and come back when you've bought yourself a clue or twenty.

Daniel

Re:it has to be profitable...

[AnotherBlackHat]

That just means that it's theoretically profitable.

Show me an independant source that says that spam is profitable. I dare you.

Plenty of people who sell spamming tools say that spam is profitable. What you really want is some reliable evidence. Clearly, I can't post anything to /. that can't be a fabrication.

But think about it for a minute and I think you'll agree that selling by spamming is profitable.
You get a spam.
Then, a week later you get the same damn spam again.
A month later you get a copy sent to a different email account.
That means the person sending that spam did it once, and then did it again later. You know that spammers get bitch slapped pretty hard. They certainly lose their account, and have to set up a new one. That takes time and effort. Why do it a second time if it didn't work the first? Once could be an experiment, but multiple spams over time have a real reason. Do you think spammers are doing it just to piss you off?

-- What I really hate is people who ask you to give up your freedom to stop spam.

targetted email marketing

[ciole]

Spam is "spam" until registrations, licenses, warranty agreements, etc, require a valid email address and/or an opt-in to that company's "news". Then it becomes legit. i get plenty of unsolicited email from companies legitly possessing my addy, even email with opt-out links. if every company i interact with sends me just one of these, that's still a lot of undesirable, often image- and HTML-laden emails to have show up.

That's why i don't think spam will cease to be a problem for end-users, even if the signal-to-porn ratio improves.

Re:targetted email marketing

[HaggiZ]

There is a very nifty email filter type thing available called MailWasher. Only downloads the headers, so dont worry about all that HTML and imagery. If you dont want it, delete it from the server. If you never want to hear from them again, click the bounce button and it will bounce the mail in the hope they will never main you again.

Re:targetted email marketing

One's own name is far too high a price to pay for anything, especially if they get your address and/or phone number with it.

Re:targetted email marketing

[AntiNorm]

Spam is "spam" until registrations, licenses, warranty agreements, etc, require a valid email address and/or an opt-in to that company's "news". Then it becomes legit. i get plenty of unsolicited email from companies legitly possessing my addy, even email with opt-out links. if every company i interact with sends me just one of these, that's still a lot of undesirable, often image- and HTML-laden emails to have show up.

IMO that still constitutes spamming. I get so many of these that I have the following system set up: Whenever a company legitly wants my email address, I give them a custom forwarding address at my domain. Since these addresses all forward to my real email addresses, these companies are free to contact me if they need to. But if they decide to spam me, I set their forwarding address to automatically bounce any future messages sent to it. You have a valid reason to contact me, fine. You spam me, you give up the ability to contact me.

Re:targetted email marketing

[blibbleblobble]

Fair enough. Valid reply addresses.

The programs I'm working on go something like this: Any email from a new address is replied to with "Please send this password to appear in the whitelist"

Anything not (a) from the whitelist or (b) containing the password is not downloaded from the server.

Of course, my ISP still has to pay the cost of spam, but at least I don't have to spend hours on a modem downloading the shit.

Sad News-Goatse.cx Guy DEAD!

I just heard the sad news on Socialist Workers radio. Web entreprenuer/pioneer goatse.cx guy was found dead in his home this morning. Even if you never admired his work, you can appreciate what he did for the 'last frontier' of the internet.

Reports are that he died from complications resulting from "Homosexual Australian Linux Spammers". Truly an internet icon. He will be missed :(

Sue a Spammer!

[thecarson]

What you can do:

Go to war!
Sue!
And win!
or...
Join them!

Re:Sue a Spammer!

www.howtofightspam.com

well

australia is part of the axis of evil!

Time to boycott in the name of censorship?

Personally I feel a great need to boycott anyone who would support such rampant censorship. Even if it was a wise decision business wide, it does go against my base beleifs. That everyone should have free reign over what information they wish to observe and such.

Seems somewhat impractical though. I can't really tell all of my tcp/ip traffic to avoid any routers made by cisco now can I? Oh well, if I ever run a company I'll make sure not to buy cisco products. Unless they've fully established a monopoly by that time, in which case I'll have no choice. Which in turn will lead to an obligation to comit sepuku.

Yahoo on the other hand, that will be easy to boycott.

stalking the spammer

here is an interesting article about a network admins experience tracking (stalking) a spammmer
http://belps.freewebsites.com/index.html

Re:stalking the spammer

http://belps.freewebsites.com/index.html

Thank you VERY much. I saw this a year ago and forgot to bookmark it. BTW - this is very much worth the read (long) if you hate spammers!

Shut down, or just shot?

[snilloc]

Does anybody else wonder who these people are, and what are the odds of having them shut down for good?

Does anybody know what the odds are of having them drawn and quartered?

At least tarred and feathered!?

maybe i'm alone in this world

[kraada]

but i'd rather hit delete a few times per day (i don't get more than 10 spam mails a day) and know the internet is still relatively free. yes, they're sleaze, but if you're going to start blocking them, it's not that hard for a few other domains to be slipped in there. the potential for censorship seems too great to me *shrug*
so i'll continue deleting my 10 mails per day.
Kraada

Re:maybe i'm alone in this world

[LiamQ]

Perhaps you'll change your mind when 95% of your email is spam. When that happens, it's too easy to accidentally delete legitimate email.

Re:maybe i'm alone in this world

[coyote-san]

When you only get 10 pieces of spam per day, you have options.

I've gotten over 15 MEGABYTES of spam in about an hour from a misconfigured spammer. That's enough traffic that it would have totally wiped out any prior mail in a free email service, and if I didn't have a cable modem I would have been unable to do anything for a few hours while the mail queue cleared over a modem connection.

That's a worst case scenario, but I've missed legitimate important messages in all the crap the spammers sent. Filtering helps, but messages get misdirected and sometimes they're a bit silly. (E.g., right now I've black-listed the entire country of (South) Korea because of the volume of spam coming from their domains.)

Re:maybe i'm alone in this world

[Yusaku+Godai]

Agreed. I'm just as much against anti-spam legislation as I would be against anti-internet piracy legislation. I'll I'd like to see is more and better ways for people to fight a personal war against their spam.

Re:maybe i'm alone in this world

Ten a day!?
I get all riled if I get more than a couple
in any six-month period.
I suggest blocking.
Junkbuster is easy to use configure.
Windows and linux verions exist - maybe others.
Ten per day is far too many.

Re:maybe i'm alone in this world

[5i]

You are.

Across my various accounts, I've dealt with over 2400 spams in the last TWO WEEKS. That's more than 170 a day. This is from accounts where I don't post to usenet & don't subscribe to anything. If you do, it'll be worse.

I highly recommend www.spamcop.net. Everything I get goes through there, so at least a -few- of the spammers are getting their butts smacked.

Oh, and your 10? Note in the article where they say that spam is increasing by a factor of SIX per year. That'll be 60 per day next year. I'll vouch for the increase, a couple of months back I was 'only' dealing with about a hundred spams a day.

Re:maybe i'm alone in this world

[bero-rh]

Would you still say this if you received 300 spams a day, and had to pay for your net connection by the minute?

That's the situation many people around here are in.

If you look at it from this point, you'll probably agree that spam is theft.

I'm all for freedom, but requesting a "freedom to spam" is much like requesting the "freedom to commit fraud" or the "freedom to shoot people because you don't like their looks".

Re:maybe i'm alone in this world

[the_true_cirrus]

It's not just deleting a few messages though. Think about the wasted bandwidth! I don't know anyone who wishes the internet couldn't be faster. Surely if you could cut most of the spam away it would speed up many a mailserver. The next step would be to get rid of chain-mails, Flash intros and emails with DOC attachments... :P

Re:maybe i'm alone in this world

[Rogerborg]

• i'd rather hit delete a few times per day (i don't get more than 10 spam mails a day) and know the internet is still relatively free

Yes, and I'm sure most spammers consider themselves gleaming champions of freedom rather than slimy freeloading leeches.

Incidentally, do you consider that it's fine for companies to send unsolicited porn snail mail to anyone (including children)? With packaging saying "Porn for Joe Sixpack"? And make Joe pay (time/money/resources) to receive and deal with it? If not, explain why it's OK to do that with email.

Re:maybe i'm alone in this world

[AnotherBlackHat]

but i'd rather hit delete a few times per day (i don't get more than 10 spam mails a day) and know the internet is still relatively free. yes, they're sleaze, but if you're going to start blocking them, it's not that hard for a few other domains to be slipped in there. the potential for censorship seems too great to me *shrug*
so i'll continue deleting my 10 mails per day.
Kraada

At some point, maybe it's 100 spams a day, maybe 1,000, or even 10,000 one takes action against spam. Spam will continue to grow until enough people take action against it. Since the only way to stop it is to take action, you might as well take action now, instead of waiting for it to be a problem big enough for you to care about.

-- What really makes me mad is people who ask you to give up your freedom to stop spam.

Re:maybe i'm alone in this world

i'd rather hit delete a few times per day (i don't get more than 10 spam mails a day) and know the internet is still relatively free.

I'd rather have to buy all of my belongings over and over again (I don't get robbed more than twice a month or so) and know the world is still relatively free.

Re:maybe i'm alone in this world

[gidds]

What if you downloaded much of your email over a mobile phone (that's cellphone for those who don't understand UKisms) connection? Charged at 10p/min (say $.15/min)? How much would you pay per day before you didget annoyed?

SPAM them back...

They should be detained and then force-fed cans of SPAM(tm) for several weeks whilst being made to listen to Enya's Orinoco Flow over and over again.

spammers pattern???

[superpulpsicle]

Is it me or is every spammer I know filled with social problems? They're are always the type the can't find gfriends, get dumped, the uncool kids etc etc etc.

Re:spammers pattern???

Isn't everyone that way? I hope it's not just me.

not worth it

[thundercatzlair]

I hate spam as much as the next guy, and would love to see it done away with... but after stopping to think about it, I don't see it as really possible without consequences for everyone. In the long run, little annoyances like this that get complained about until the government or whoever does something about it, lead to more and more restrictions and more and more freedoms being taken away.

We need to stop and think, "Is it really worth it to give up more of our freedom just to get rid of a few emails that you can easily delete without ever having to read them?" Also, we need to ask ourselves if we think we can really eliminate this problem anyhow. How are we going to be able to determine exactly what constitutes spam? And what happens when some business receives an email from someone requesting information and sends them an email in reply about their products. It could be the case that person forgot they ever requested the info or that someone entirely different submitted the request under a fake name. How can it ever really be proved?

I just don't think it's worth pursuing...

later,
thundercatzlair

Re:not worth it

[Teun]

It's most definitely worth fighting this scorch of the internet.
On my E-mail address that I use since '97 I get 5-10 of these junk mails per day!
And when I'm opening them on my Windows machine there's a fair chance they generate all kinds of nasty side effects like masses of pop-ups, plant cookies and spyware.

This is not what I have an E-mail account for.

As a matter of fact I think you are a bit of a looser to react the way you do, how would you like it when the village idiots would piss on your porch after every beer they had??
And about your remark: "lead to more and more restrictions and more and more freedoms being taken away"
This is the dumbest argument I've seen in this discussion
It's like saying the law that requires us all to drive on the same side of the road is a limitation of freedom.....

The internet is a public place and as all public places it has a few basic rules to function at it's best for most.

Re:not worth it

[Senior+Frac]

We need to stop and think, "Is it really worth it to give up more of our freedom just to get rid of a few emails that you can easily delete without ever having to read them?"

You have all the freedom you want to send email. I just opt not to carry it for you. "The freedom to" implies a right. You have no rights on my, privately-owned, systems.

Also, we need to ask ourselves if we think we can really eliminate this problem anyhow. How are we going to be able to determine exactly what constitutes spam?

It's already been decided. I decided it when I plugged my system into the internet. When I find a DNSbl who's definition of spam closely matches mine, I consider using their recommendations to do my blocking.

The internet is not a public resource your government made for you (the technology is, the system isn't). I own my part. I am God on my part. Don't like it? Find another route for your traffic.

And what happens when some business receives an email from someone requesting information and sends them an email in reply about their products. It could be the case that person forgot they ever requested the info or that someone entirely different submitted the request under a fake name. How can it ever really be proved?

The business better be verifying that email address by sending a unique token to be returned. This is the method of verifying that the requestor owns that email box. Confirmed opt-in. Really now, all this has been established practice for the longest time. Only when there's money involved do people resist learning the ethics behind it. (marketers)

Spam by Proxy (3rd party payouts)

[BrookHarty]

The biggest problem with spam, is that people get PAID for spamming. Companies offer people MONEY to spam you, then they innocently say that spammer didnt read the standard no-spam policy.

This is Bullshit. We need to go after the people who pay spammers.
-
Obviously crime pays, or there'd be no crime. - G. Gordon Liddy

As long as there is market...

[aralin]

... there will be always someone to offer the goods, even if its illegal. Look at drugs. No way to fight spam the way to go after the people who deal it. Change the system, and as with campaign on drugs, try to destroy the market. Punish the beneficiaries. Well, its more than harsh in case of drugs, so why not in case of advertisement?

Very good solution would be IAIA (Illegal advertising inhibition act - known as donkey law). Lets punish with severe penalties every company that is proven to knowingly order advertisement through illegal means (such as spam, tattooing childern and pop-under windows).

Re:As long as there is market...

That's not a very good analogy, considering the considerable failure of the "War on Drugs." Attempts to destroy the market have consisted of simply throwing hard working everyday Americans in prison. Our goverment has waisted billions on fighting the "drug war" and lost billions in tax revenue by not legalizing. More Government regulation is what we DON'T need. Simply making spam "more illegal" isn't going to make the problem go away. Neither is a boycott of spamming companies. Most spam I get isn't sent out by a legit company anyway, most is scam-spam. And sadly enough, this ISN'T going to go away until people realize that there is more to life than ripping off and annoying their fellow man.

Who are they?

[VRisaMetaphor]

Does anybody else wonder who these people are, and what are the odds of having them shut down for good?

I've been wondering who the &quotknown criminals are for many years. If you know who these dastardly no-goods are, please respond to this message and put my mind at ease. Thank you.

Re:Who are they?

[raelitycheckbounced]

they are the zionist infidel swines

(this is a bad joke)

Re:Who are they?

[Tackhead]

> I've been wondering who the "known criminals are for many years. If you know who these dastardly no-goods are, please respond to this message and put my mind at ease. Thank you.

ROKSO is your friend.

Poke around groups.google.com in news.admin.net-abuse.email.sightings or news.admin.net-abuse.email to find out who your pet spammer is. Learn.

Punch your pet spammer's name into ROKSO. Learn more.

Many of these individuals have prior convictions for fraud. Some may still be on probation. Why the FTC has ignored them for so long is utterly beyond me.

Re: Who are they?

lest we forget good ole Bernie Shiffman

oh, and this guy, from an older /. story about the recipient sending the spammer invoices:

jimhobuss@home.com
Jim Hobuss
JJH ONE Enterprises, LLC
17525 SE Marie Street
Portland, OR
97236, US
(503)491-9420

One thing you should know...

[Timothy+Healy]

Is the perspective from the most targeted customer: Someone very new to the Internet, generally. Ive seen them before and how they use it. Basically, there seems to be quite a pattern. That is, they follow the trail that is usually left by spammers who post the bait to who it is intended for. So the point is, "good" spammers leave a trail that follows the bait (spam) that reels them right in... Think of a porn advertiement. At firest its "Come see our site" followed by "horney girls will please you". Then followed by "Take a tour" then "see more by joinging our site". By now, the new user is primed and ready. Of course when this person reached the next stage, "Enter your credit card number", this "newbie" Internet user has met the goals of the spammer. So, I think it is important to note the effectivness here and set aside the bias that one who is not an effective spam target is likely to have.

Re:One thing you should know...

If you ever get spam for a spell checker, please do us all a favor and buy it.

Terrorism laws

[kennyj449]

Why can't unsolicited spammers be considered terrorists just like crackers?

Then again, Microsoft hasn't been hurt enough by spamming yet, for that to happen. Only when spamming gets to a puppet master will the puppets (aka Congress) do something about it.

Re:Terrorism laws

[CharlesDarwin]

Don't give Bush any ideas!

Re:Terrorism laws

[Technician]

Only when spamming gets to a puppet master
It has.. Most consider e-mail as a useless novelty and refuse to use it as a total waste of time. They never see spam anymore. Don't believe me? E-mail someone and see if you get an inteligent response. Maybe, just maybe you will get some sort of generic reply from a flunkie in the office, but you won't get your congressman. I know I tried and only got bounced mail back. Box was full for several weeks. (David Woo from Oregon) I quit trying.

Legislation is, unfortunately, the only answer

[ricst]

The only thing that has a hope of reducing SPAM is punitive legislation. This would be legislation that imposes heavy fines on people who send out mass amounts of unsolicited commercial email. Unfortunately, Congress, at least this Congress, will never pass such laws. It's likely that no future Congress will either as the Direct Mail Marketers, close cousins to SPAMMERS, have too strong a lobby. Therefore, the best defenses will remain the technological ones: individual filters, procmail, products that intercept SPAM before users receive it, and anti SPAM forwarders like www.despammed.com.

Spam has lost its legitimacy. Now go for the kill.

[Animats]

With the appelate court verdict in Ferguson vs. Friendfinder last month, most spam is now unquestionably illegal in California. And, looking at my spam file since that decision, I'm not seeing anything from a business that could even vaguely be described as legitimate. I was just exchanging E-mail with a lawyer who sues spammers, and it's getting hard to find a target worth sueing, at least in California.

The Direct Marketing Association has a national opt-out list. I'm on it, and that seems to turn off spam from legitimate US businesses. The remaining bozos probably won't get the message until the cops come knocking.

I think we're going to win this thing. There seem to be only a few hundred spammers left, most of whom are doing something that qualifies as fraud. Pushing for misdemeanor convictions on a few every year is probably enough to discourage them.

Spammers - I Know Who You Are

Recently I have learned quite a bit about spammers. The problem with shutting spammers down for good is either they go from ISP to ISP or they use open or blind relays in countries other than the US and Canada. They say that if you use an open/blind relay in Taiwan, for example, the violated party will not check the logs and report them. The two options that I have thought of so far are that ISPs in a particular region should cooperate and ban people who are known spammers (I will happily give the names of the ones I know) or have an international committee that mangages offenses and reports them to the offending ISP.

The other thing that could happen is the tech community could educate the rest of the email community. For example, you should not respond to any emails that have no links, only phone numbers. Also, do not respond to any emails that are asking for answers to a survey. This is how the spammers "clean up" their list. The real reason people keep spamming is because banner ads are not working, but email does. Of course, real opt-in lists are more expensive, so SPAM it is.

I believe that until ISPs or companies with mail servers start cooperating, SPAM will keep circulating the internet.

Hey, if you have a better idea, let me know.

Rolls over...

From the smh.com article:

Replying to a spam email only confirms to the junk emailer, or spammer, that they have hit their target, and the spam only comes faster

And this is the point that I find most frustrating and difficult...

My Mom and my Wife believe me, but that's about it when it comes to handing out such advice (my kids are _forced_ to obey via artificial limits imposed upon them, locally). But how do you get the word out to other casual (non-tech/understanding/caring) individuals?

Otherwise intelligent folks (siblings, friends, co-workers, the sysadmin) often "take offense" when I cajole/warn/goad/request spam fighting action from them?! I've used the available form-letters (edited accordingly); I've used personalized polite appeals... but dammit, I'm starting to think that the bloody AOL "You've got mail" voice must be heavily laden with sub-liminal opiates!

They _like_ to read how large (with little or no effort) their income or penis can become!? They are addicted to junk email pleas for hair-brained monkey growing schemes?! They are lonely, oh, soooo lonely?! Bah.

--CL^2

Jeesh, screw it... .....

Easy way to block most spam.

[systemaster]

The best way to block spam is stop html email. Nobody I know sends html stuff, just quick txt notes. Now if only outlook could do that.(yes gotta use outlook at work, and yes i get spam at work)
this sig is a virus, take it and use it.

Re:Easy way to block most spam.

[stesch]

I'm getting more and more replies from abuse departments written in HTML. :-/

Re:Easy way to block most spam.

[edremy]

Outlook can most certainly send plain text email. Tools->Options->Email Format. Set to plain text and you're done.

You can reply to HTML mail in plain text as well: just reply, Format->Plain Text.

Re:Easy way to block most spam.

[thumperward]

Yes, but it can't BLOCK html mail, which is why Outlook is a piece of malware crap.

- Chris

Re:Easy way to block most spam.

Where as of course most open relays and hijacked mail servers used by spammers are running one of the many implementation of sendmail that are full of holes and security issues.

Whats was the term again

malware crap?

BTW Outlook cannot block it - Exchange Server Can and most people who use outlook at home connect to their ISP mail server and most of them are (you guessed it - Sendmail)

further

Eudora doesnt offer the feature, neither does Pegasus or most other mail clients - please name a WINDOWS mail client that does ?

Re:Easy way to block most spam.

[thumperward]

:D

I can, actually - Simian.

- Chris

editors, hello

[MattW]

That's 2 stories in a row where you've had glaring errors in the text. Hello? You don't even have to _write_ this stuff, you just have to make sure its not mangled. Please pay a little attention, a hundred thousand people are watching.

Re:editors, hello

[grytpype]

They also post an article about spam every other day. This article had nothing new at all, but they posted it anyway.

Re:editors, hello

No, I think that was an interesting article. I've bookmarked it to use as an "Intro to spam" link from my website.

Weak market forces control spam

[Philbert+Desenex]

Sure, spam is probably profitable: it transfers most of the cost of advertising to the (probably unwilling) receipiant, and nobody ever went broke underestimating the Good Taste of the American public.

The problem with spam is that the dirty details of spam disassociates it from market forces, unlike other, more conventional forms of advertising.

In just about every other form of ad (radio or Tee Vee commercial, newspaper ad, billboard, etc) the advertiser pays for the ad up front, before you make a decision to buy the advertised product or not. So, if the ad is particularly repulsive, ("Ring around the collar!") the consumer can make a decision to not buy the product. The advertiser is out the cost of the ad. Of course, the cost of any advertised product is higher than an unadvertised product, so the consumers who chose to buy an advertised product ultimately pay for a portion of the advertising.

Contrast this with a spammed ad: the consumer has paid for his or her network time to receive the ad, the disk space to store the ad and the CPU cycles it took to process the email ad before getting a chance to decide whether to buy the spamvertised product or not. No matter how repugnant, stupid, wasteful, or dumb the ad is, the consumer ends up paying for the spamertising. Only very weak market forces control spamvertising. That's the real problem with spam.

Email spamming is theft, plain and simple. Email spammers must be punished.

Re:Weak market forces control spam

[bero-rh]

I agree, but it's currently not enforcable, at least not in .de.

I've reported a spammer to the police for theft of service, and got a letter back stating "this incident will not be pursued because the damage done was too low".

They sort of compared spamming to stealing $.01 from someone's pocket - it's not strictly legal, but nobody will do anything about it. :(

Like most non-technical people, they simply fail to understand spam is doing more than a little bit of damage.

Re:Weak market forces control spam

[Foehg]

Theft Plain and Simple?
Certainly not. But while we're at it, let's call it piracy. Maybe we can transfer some of the negative image associated with those who duplicate software and pillage on the high seas to the spammers.
Arrgh! Shiver me timbers!

How to solve spamming, worms, email trojans, etc..

[Meowharishi]

Everytime I see a thread pop up on /. regarding spamming or other email abuse, I find myself compelled to repeat my suggestion for how we can effectively battle against these forces which leech the life out of the 'Net.

My suggestion is quite simple: All SMTP servers should put in place policies which reject mail that is not digitally signed with a certificate trusted by a root authority. Personal email certs should be free, commercial (for marketing purposes) should cost a reasonable amount.

This would enforce accountability behind emails by guaranteeing the identity of the sender. Do this and things will clean up considerably, imho.

Spamcop anyone?

[a3d0a3m]

When I get spam, I report it on spamcop. It is a free service [with pay options, please pay and keep it going!] that will analyze your e-mail and headers looking for legitimate source IPs, open relays and websites mentioned in the spam and then look up the e-mail addresses to send anonymous reports on your behalf. You can also sign up for spam-free e-mail and buy a paid subscription to spamcop reporting. I can't say whether it has worked or not, but I feel better knowing open relays are being noted and that sysadmins are being notified! Link.

adam.

Re:Spamcop anyone?

What the paid users of SpamCop get for their money is a filtering service that puts all the likely spam to the side for reporting at your leisure. I enjoy being able to know that incoming mail through the day is most likely not spam. Then once a day I go to the SpamCop web site and report all the spam with which the ruffians tried to interrupt my day.

Less than 5% of the spam aimed at me slips through the SpamCop filters, and I don't recall ever having genuine mail accidentally caught in the filters. (If that happened, I could easily release it to my mailbox.)

Re:Spamcop anyone?

[Carmody]

I have been using spamcop for about a month, and so far I have not noticed any decrease in the amount of spam that I get.

I continue to use it intermittently, but I don't have any indication that it is doing any good.

I would be interested if anybody has evidence of is efficicacy

Re:Spamcop anyone?

[schatt]

For those who admin their own email servers, I've found that Spamcops blackhole list is extremely effective at stopping spam.
The only downside to it it is that there is the possibility that you might also block legitimate mail, but that is simply a question of priorities.
On my server, I have sendmail configured to query the inputs.orbz.org, the bl.spamcop.net, and the sbl.spamhaus.org blackhole lists. I just signed up for the spamhous one, so I don't have any statistics yet on how effective it is. The Spamcop and orbz lists *are* extremely effective, though, and cut my spam from about 50-60/day to 5-6/week.

(ot)Don't knock Enya

[yerricde]

[snip torture involving force-feeding ham to UCE senders] whilst being made to listen to Enya's Orinoco Flow over and over again.

Don't knock Enya. Remember when she collaborated with Eminem for a remix of "The Real Slim Shady"? (Hear it here for a limited time.)

Just make them pay.

[AnotherBlackHat]

The reason spam exists in such vast quantity is because it's so cheap to send.

Suppose that every time someone wanted to send you an email, they had to "buy" a password token. Then, after you read the message, you could "return" the token if you think it's not spam. If tokens were a penny, it would stop most of the really annoying spam, but if you really hated spam, you could sell your tokens for a dollar.

-- What I really hate is people who ask you to surrender your freedom to stop spam.

Why not

[fferreres]

Anyone can spam: from "a 6 year old guy", to "dr.evil" to "mr. good guy that is trying to solve world hunger". So you want different penalties: kill evil guy, warn good guy, educate kid.

Some of them, unknowing how bad spam is

People complain about spam. Yet, if they find it usefull, they use the service (contradiction)

Spam doesn't kill people or ruins lifes or fortunes

Spam is relative: what defines spam? a) everything unsolicited? (leads to: nobody can even contact you to ask you if they can contact you.). b) something that is sent to more than me and that is unsolicited? (leads to: how do you enforce/know that? Spammer could just program variations of the smap message).

There IS usefull spam and useless spam as well (99% useless ratio today). If we enforce "good smapping practices..." (ie: receive unsolicited email from good employers offering good salaries)

Spam is global (different legislations) and can move fast (from server to server).

Detecting spammer (physically) is: a) expensive, b) they usually don't have much money (what will you do to him? arrest him like Mitnik?).

Thouthan other reasons

So the bottom line is (my opinion):

Spam doesn't know black and white. There're shades of gray only, and difficult/expensive to block. At some point we should draw a line, beyond that line, prosecute spammers (law). Everything else would be client-side (ie: tools to block spam, blacklists, filters, etc.).

Re:Why not

[blibbleblobble]

If you setup SMTP servers to only allow messages which are delivered to less than 3 people (reasonable, since the SMTP server pays for the bandwidth used) then as you say, the spammer could simply send a million messages to one person each.

The difference between this, and sending one message with a million "CC" addresses is that the spammer would have to pay for the same amount of bandwidth as the SMTP server does.

Of course, the unsecured mail server is still screwed for bandwidth, but remember that the internet has been upgraded many times to cope with the 50%-of-emails-are-spam situation, so they should cope.

And the spammer's costs increase linearly with the number of recipients.

Re: sugg. create new account (you are +0 default)

Your post at +0 by default. which mostly everyone doesn't read. Suggestion: create a new account!

Yes, fight them down under!

[Dr.+Awktagon]

Finally, someone has come to recognized my preferred solution to fight spammers: kick them in the genitals.

Or did you mean something else by "Fighting The Spammers Down Under"?

Re:Yes, fight them down under!

[radja]

they may like it. I propose a stab in the eye with a 2x4 (nice and splintery), or pulling out their vocal chords through the sphincter.

//rdj

Re:Yes, fight them down under!

[Viceice]

Finally, someone has come to recognized my preferred solution to fight spammers: kick them in the genitals.

Yes, and togather with a message saying, 'Don't you pull another Shifman like that again, you hear me?

Timothy using Microsoft browser?

&quotknown criminals, what are those?

Re:Timothy using Microsoft browser?

What is that Microsoft? Everybody seem to talk about that, from time to time ...?

This was GREAT!

That site is great! The guy documented everything and posted it on the internet. Including pump-n-dump proof and a picture of her butt!! WTG

Fight back!

[zeptic]

Lets slashdot a spamsite!

oh no !

[stud9920]

Fighting The Spammers Down Under

Oh no ! Don't tell us they're going to make email illegal ! Please !

Re:How to solve spamming, worms, email trojans, et

[radja]

>commercial (for marketing purposes) should cost a reasonable amount.

actually, an UNreasonable amount would stop more spam.

//rdj

Re:SLASHDOTAREFUCKIDIOTS

At least the NIX was up enough to reply with an error. BSOD does not provide that luxery to a remote user.
Posting AC as this is offtopic.

scam the spammers

I've posted this before, it never got modded up though. If for every legitimate response a business gets to a spam, they also get 100 bogus responses, they will simply drown. So pretend you have a job opening for Bernard Shiffman. Call up that number about get-rich-quick scheme and hang up on them (or better yet write a little script and have your modem call it 1000 times). Make spammers sort through their responses wondering which ones are are real.

Re:scam the spammers

[MillionthMonkey]

This isn't a good idea because it fosters meta-spam. The spammer can say "Look at all these responses I'm getting from my bulk emails!" and sell CDs of email addresses to people.

Leftist IDIOT!

[ringbarer]

Anyone can spam: from "a 6 year old guy", to "dr.evil" to "mr. good guy that is trying to solve world hunger". So you want different penalties: kill evil guy, warn good guy, educate kid.

Dr. Evil should be executed, that much is certain. But let's look at the other ones.

The six year old shouldn't even be allowed to USE a computer at that age. Clearly by then he has been exposed to the filth and depravity that lurks in the black heart of the Internet, so he is a wasted life. Ergo, he should be executed. Also, his parents have shown their failings by not being able to bring the child up correctly, and should be executed as well, along with any other close relatives.

Finally, the so-called "good guy" MUST be executed. It would mean one less mouth to feed, after all, thus making a valuable contribution to solving world hunger. His carcass can then be processed, and his essential proteins extracted to feed others, "Soylent Green" style.

Clearly, 99% of the world's problems can be solved by giving over-caffeinated Aryans access to automatic weapons and a "Get out of Jail for Free" card.

Find a "smapper"? Shoot him. In the legs first, then in the hands, so he cannot type again. Then drag his filthy sub-breed family out of their trailer and shoot them in front of him. Kick him in the face until his tears of grief subside into silent, grim acceptance of his fate. Then make him watch, as you molest the bodies. Take a staple gun to his eyelids so he is obliged to see every orgasmic thrust.

Then tell him. "This is your fault. Spam caused this to happen. But you'll never learn will you?" So you walk over to him, cock proudly erect and glistening with the blood and other fluids of his beloved ones. And start to rub it, inches from his face. Then, at the "Vinegar Stroke", shoot him between the eyes.

It's the only way to be sure...

Re:Leftist IDIOT!

[Pastor+Fluff]

Nonononononono.......

This is the proper thing to do to a spammer.

Much as everyone would rather be doing this, however.

Score -666: Flamebait

Spammer marketing agencies need to be systematically Spammed, Syn-flooded and DoS-ed in miscelany ways. Also those responsible for legal decisions on this, like European parliament, should be Spammed at least during the time they are about to decide about legality of Spamming. I'm sure those lobbying spammer bitches take a big care not to spam anybody important. The only problem is, that normal folks simply won't do that - it's just too fucking stupid.

I personally have never read any spam message - they are just too fucking obvious to spot just by the poor subject. Wasted energy, spammer poorheads...

and this lame OSDN application makes me nervous, because I can't decide if it's worse designed or coded...

Re:Score -666: Flamebait

actually, could we have a poll about that? Mr Commander Tacco?

Re:How to solve spamming, worms, email trojans, et

that would be nice, but on the other hand, it would be illegal to stop the spam in that way in a short while, because ... but you know what ... those in government are our Gods. At least they feel so. And they were given neverending wisdom.

Support the FTC

[SomeoneYouDontKnow]

If the FTC is really serious about going after spam, then we need to give them our support. More than that, we need to make them do their job with this. If most spam is fraudulent, and if most spam is sent by a relatively small group of people, then it stands to reason that getting rid of these hard-core spammers will go a long way toward reducing the spam problem.

Now don't get me wrong here. I'm not naive enough to believe that this is going to be easy. Spammers are slippery little worms, and stopping them for good won't be easy. However, there's nothing like a court order to give someone an attitude adjustment.

So here's the deal. The FTC wants to receive spam at uce@ftc.gov, so send it. My guess is that they like getting all spam, but bear in mind that they don't have jurisdiction over spam per se, just spam selling fraudulent goods and services. This is something they can latch onto and run with because they are empowered to stop fraud. If you send, be sure to include full headers so messages can be tracked back to the source. That way, if a spammer hops from ISP to ISP, it may be possible to construct a pattern that can be used to find and nail him.

As I said, I don't count on this to work, but if the FTC really is serious, then let's give them the evidence they need to bust some balls.

monkeys with exchange cd's :)

[graveytrain]

Any idiot can purchase spamming software, and as long as there are open relays, there's no point in doing anything! With an open relay, I can completely mask my identity... why, you ask? Well, if the admin is incompetitent enough not to know how to close a relay, do you actually think that the same admin is checking logs?

Some things to consider:

-a- most companies that are open relays are small companies with no admins

-b- if they are lucky enough to have an "admin", chances are, he's really the purchasing agent or acts as the entire accounting dept for the company

-c- any furry critter with an NT4 disk can setup a box.

-d- there are a lot of furry purchasing agents out there :)

Other types of spam

[elzubeir]

I have been spammed more than I would like to admit. And, after running open lists for awhile, the spam level got to a point where we simply had to close it to subscribers only, limiting our potential audience/participants.

Okay, so that sucked. Big deal. Do you know what _really_ annoys me? The junk mail you get in the mailbox. Come on now.. if you can't get the postal service or the government to give you the right to say, I do NOT wish to receive ads/brochures/etc in my mail.. then you think that could be solved on the internet? Get real. Use a mail filtering system and do it yourself.

Another thing is telemarketing. You cannot get the phone company to force those companies to show their phone numbers on your caller-ID. They are forever hidden behind the 'Unknown name/Unknown number'. And these are the 'legit' people. Come on now.. I would rather get rid of the MCI guy telling me to switch my Long distance plan to them than worry about the couple emails that make it through my filters.

At least, you can CONTROL the amount of spam you get yourself in most cases. You have very little control over the other types of spam.

Re:Other types of spam

[MartinB]

This is where I gloat a wee bit about living in the UK. We have a lovely service called the Telephone Preference Service. Anyone making unsolicited commercial calls must cleanse their lists against the TPS list, or be guilty of a criminal offence.

Since registering a year ago, we've maybe had five calls, all of whom hang up really quickly once you start asking them for their details to report them to the TPS.

Re:Other types of spam

That and jotting return to sender on
all junk mail.

Re:Other types of spam

If you hate junk mail from the Post office get even by mailing back the postage paid envelope included with most junk. (just mail it empty). The perp has to pay the post office BEFORE they get the envelope, so they don't know it's return junk. The only way to get to 'em is to make 'em pay. It's the only thing they understand.

Re:Other types of spam

Having to answer the phone to find an auto-dialling computer on the other end costs a LOT more than deleting spam, and causes considerably more inconvenience to real people.

99/1 rule on spammers

[chongo]

Over the past 2 years we have noticed that more than 99% of the repeat spam comes from less than 1% of the sites.

In addition to the usual anti-spam methods:

• dorkslayers
• procmail
• Project SETS
• well configured MTA
• etc.

one can block IP addresses that attempt to spam on a regular basis. Tools such

• ipchains
• netfilter/iptables
• ipFilter

can be configured to block frequent spammer IP addresses from your SMTP ports.

The following is a list of IP addresses that we have observed spamming on a regular basis. Blocking these sites won't solve your spam problem. On the other hand blocking common spam locations as part of an overall anti-spam system will help.

12.30.205.0/24 24.2.10.0/24 24.88.20.0/24 61.13.0.0/16 61.30.0.0/16 61.129.0.0/16 61.177.0.0/16 63.100.231.32/28 63.184.200.0/24 64.14.218.128/28 64.65.0.0/18 64.80.216.0/22 64.80.220.0/23 64.208.134.0/15 64.239.0.0/18 66.33.0.0/17 66.72.98.10/32 128.18.0.0/16 128.121.126.220/32 142.154.0.0/16 161.58.0.0/16 192.147.174.0/24 194.91.230.0/24 195.53.155.0/24 195.153.207.128/27 202.9.128.0/19 202.181.196.120/29 205.141.192.0/19 205.141.224.0/21 206.173.16.0/21 206.173.24.0/22 208.50.155.0/24 208.165.228.0/22 208.187.17.192/27 209.38.216.0/22 209.69.0.0/16 209.239.0.0/19 209.239.192.0/19 209.249.0.0/16 210.52.0.0/24 210.85.0.0/16 210.201.0.0/18 210.226.0.0/15 210.228.0.0/14 210.241.0.0/17 211.20.180.0/22 211.21.0.0/16 211.32.0.0/13 211.51.63.171/32 211.226.126.0/24 212.49.192.0/24 212.174.0.0/15 212.216.0.0/16 216.41.0.0/16 216.42.0.0/16 216.53.128.0/17 216.79.0.0/16 216.87.64.0/19 216.122.0.0/16 216.143.68.0/22 216.143.72.0/22 216.143.76.0/24 216.167.0.0/17 216.174.192.0/18 216.183.206.64/28

Sorry if your IP address is in the above list. If you are not a spammer then it could be that you happen to be using an ISP that tolerates spammers (or is unable/unwilling to block them), or you work for a company that spam, or you are near a poorly configured and poorly maintained site that is abused as an open relay.

Re:99/1 rule on spammers

[pne]

I get a lot of spam from the 127.0.0.0/8 netblock from some weirdo telling me I'm a spammer myself. I keep complaining but it doesn't seem to help.

Re:99/1 rule on spammers

ROTFLOL :)

Re:99/1 rule on spammers

[ntsucks]

The real problem is open relays. SAs need to secure their relays. We do not need the government to widen their war on freedom any further.

If you want a spam filter, try spamassassin. It has been 99.8% effective on the 60-80 spam a day I get.

Re:99/1 rule on spammers

[Erasmus+Darwin]

"If you are not a spammer then it could be that you happen to be using an ISP that tolerates spammers (or is unable/unwilling to block them), or you work for a company that spam, or you are near a poorly configured and poorly maintained site that is abused as an open relay."

...or you've got an IP address that at one point in the past belonged to a spammer. The problem with a static list such as this is that there's no procedure to get an address removed from it, even if the original ISP eventually kicks the spammer off or even if the ISP goes out of business.

Consider, for example, the position of PaeTec Communications. They've been unable to kick a spammer off (Monsterhut), as said spammer was able to obtain a temporary injunction. When the case is resolved, PaeTec will presumably win. Until then, however, the address range they lease to Monsterhut is getting added to numerous blacklists. I see no reason to why that address range shouldn't be removed after PaeTec succeeds in ridding themself of this spammer -- at some point in the future, that address will get reassigned to a new customer. But if the people blacklisting that address are using an uncommented, static, ad hoc list that the snarfed from Slashdot, there's a decent chance that that listing'll be around indefinitely.

In summary, I strong encourage sysadmins to stick to well-maintained lists when it comes to spam blacklisting. They should carefully evaluate both the criteria that gets a site listed and the criteria that gets a site unlisted.

Re:99/1 rule on spammers

[Condor7]

One possible solution to open relays:

1. Find a server with open relays.
2. Send them a polite note - Please reconfigure, here's how.
3. If relays remain open, use their open relays to spam (only) their domain with the same polite note.

Re:99/1 rule on spammers

[Strog]

I would suggest that blackhole that idiot on your router/firewall.

I've tried DOSing him several times and my system keeps going down before I get too far. We need to get a large DDOS going. Anyone else willing to help?

Unaccountability

[iangoldby]

The article mentions that some of these 'spam cops' are only contactable via a newsgroup, and that they hide their real identities in order to avoid being hassled by lawyers employed by the spammers. I understand this. I applaud what they are doing - I despise spam as much as the next person.

But by their anonymity, they make themselves unaccountable to anyone else. That means that there are no real controls. What happens if one of these spam cops ends up on some kind of ego trip, or perhaps just starts making mistakes? A breakdown in relationships or other pressures could result in a block list not being updated.

Much as it may be difficult, I think all efforts to control spam must be made out in the open, with full accountability to the rest of the internet community.

Re:Unaccountability

[Senior+Frac]

But by their anonymity, they make themselves unaccountable to anyone else.

They are accountable only to those who use the list to block. Those users may voice their displeasure by ceasing to use the list. Any other feedback avenue is above-and-beyond the responsibility of the list maintainer. Some might do it, some not. To assume they are accountable to anyone else is misguided.

Re:Unaccountability

[iangoldby]

But there is still the issue of trust for those sysadms using the block lists. They presumably trust the list maintainer or they wouldn't be using the list.

This trust is important, because it is what makes it worthwhile to use the list. If a sysadm didn't trust the list maintainer, they would have to verify the list themselves, which means they might as well compile their own.

The problem with making the list maintainer anonymous and unaccountable (by which I mean they don't answer to anybody – no one can bring them back into line if they start getting it wrong) is that sysadms won't necessarily know that there is a problem and therefore that they should stop using the list.

Re:Unaccountability

[crucini]

The problem with making the list maintainer anonymous and unaccountable (by which I mean they don't answer to anybody - no one can bring them back into line if they start getting it wrong) is that sysadms won't necessarily know that there is a problem and therefore that they should stop using the list.

Sounds like a theoretical, rather than practical, problem. At least with regard to SPEWS, which is probably the most useful list. Anyone disagreeing with a SPEWS listing can post to news.admin.net-abuse.email. On the very rare occasions where the complaint is legitimate, the listing is removed quickly. Almost always, the complainer is a spammer trying to weasel out of the consequences of his actions. Everyone on nanae is attuned to the danger of 'spite listings' and similar irresponsible behavior. (See ORBS). If SPEWS starts doing this it will be highly visible on nanae and they will lose their user base and therefore their importance.

The assumption that significant public blacklists are operating in the dark, unexamined is incorrect. The more important the list, the more scrutiny.

Now the lists which really do operate in the dark are those maintained privately by ISP's. You cannot ask earthlink whether or why they are blocking mail from your IP block. The maintainers of SPEWS are anonymous. Who are the maintainers of earthlink's blacklist?

Re:Unaccountability

[DavidTC]

But they will find out the list is blocking random people. That's what newsgroups are for, to find out who's being blocked.

Re:Unaccountability

[iangoldby]

Thank you. That's reassuring.

Re:Unaccountability

[Senior+Frac]

But there is still the issue of trust for those sysadms using the block lists. They presumably trust the list maintainer or they wouldn't be using the list.

This brings us to the core of the argument. If listee can, indeed, take his case to the owner of the blocking system. This is the way it's supposed to work. If the list is truly that badly maintained, then it will be unused in short order.

The blockee often screams unfairness, but doesn't care to look at the big spam picture. What is his block to me (the blocker) when I compare it to the crushing load of spam it's managing to stop? Nothing at all.

Beware all opt-out lists..

[jcr]

The Direct Marketing Association has this little checkbox on their page, which says "notify me when my listing expires".

EXPIRES? WHAT THE FUCK?

If I were naïve enough to belive that any of the sleazebags in the DMA would actually honor this list for *any* amount of time, I'd be pretty pissed off when the spam started flooding in when their database says my "leave me alone" notice has expired.

I trust these people about as far as I can throw them.

-jcr

Re:Beware all opt-out lists..

[Technician]

Anybody up to testing this? Do you have a spam mailbox to submit to DMA to see who harvests it? Please post the results here. This could be interesting for those with your own mailservers. Just list DMA@example.com and see what turns up.

Re:Beware all opt-out lists..

[Zocalo]

Anybody up to testing this? Do you have a spam mailbox to submit to DMA to see who harvests it?P Yup. For a couple of weeks now. Either my fictitious account has been lucky or DMA "e-ps" is currently legit.

Re:Beware all opt-out lists..

[Animats]

The DMA's opt-out list appears to be semi-legit. They do this in hope of staving off Federal legislation. They don't publicize it much, though. And they're still fighting against spam tagging with "ADV:", fearing it will all be dumped automatically.

The DMA also operates opt-out lists for paper mail and telemarketing, which do have some effect. The paper mail list will stop all the major national promotions; I haven't heard from Publisher's Clearing House in a decade.

The DMA expires e-mail addresses after one year, though, while the paper mail addresses are good for five years.

off topic

this one is off topic, but who cares.

linux 2.5.4 bz2 has 24 megs, and couple of days old prepatch 2.5.5 has 4,5 megs. That system is not changing, that system is morphing!! Hey, is there any other kernel changing that fast?

Alston

[Zipster]

The one ime we want Sen. Alston to do something and he won't. Sure we want the freedom to browse where we want, but there does need to be something to curb the spammers. I have my own domain with the domain mail directed to my mb. Sure, it means I get the worst case and I have seen it, i.e. a@somewhere.net, b@somewhere.net etc. but it also helps me track where the spam harvested my addy from. What I do is use different addy's for different companies i.e. slashdot@somewhere.net for all slashdot stuff. So if I start getting MMF to my slashdot addy I would know that it came from here ( and no, I haven't, just an example)

The other evil of Spam

[Cybertect]

A friend of mine here in the UK has recently suffered a nasty fate at the hands of some very active spammers... they faked a reply-to address in his domain (summerisle.demon.co.uk).

The result was that, for a period of about two and a half weeks in January, David was receiving over 1000 bounced emails a day, effectively mailbombing his account. With a pay-per-minute 56K modem as his only internet access, it wasn't a pretty sight.

The spammers that sends this stuff out, who identify themselves as 'Global Advertising Systems' and 'Universal Advertising Systems' claim to be based in Billings, MT. You may have seen some of their handiwork in your own mailbox with subjects like 'Increase energy levels', 'Become a Judgement Processing Professional', 'Child Support-Investigator'. They're very effective at covering their tracks - the only contact information is PO Box, telephone and fax numbers in the US, plus disposable eMail address and a snail-mail PO box in Aruba if you want to be 'removed'. All the mail originates in the Phillippines (with the obligatory faked additional headers added) then gets punted out through open relays around the world. Complaints to the ISPs in the Phillipines get no reply or bounced.

Fortunately, I'm lucky enough to have DSL, so I was able to filter the stuff out and forward it on to another account - OK if you've got the bandwidth, but not a proper solution.

The scary bit is that it seems like there's no other defence against this kind of activity. The ISP hosting the domain's POP box sympathised, but said they couldn't do anything to delete this incoming junk before it was delivered. UK & Billings, MT police and the FBI said no crime had been committed and taking private legal action across the Atlantic is a bit out of the reach of a one-man recording studio. My friend's frustrated reaction to another attack this week has been to dump the domain and move elsewhere with a new .com.

If anyone else has any more information on these b*st*rds or ideas for wreaking revenge I'd be interested to hear.

Re:The other evil of Spam

[FyRE666]

I can sympathise with your friend, as I had something similar happen a while back (not from a spammer, but the results were the same.)

I used a few lines of C to fix this without my having to download the mail. Basically, all you have to do is log into the POP server, find out how many messages you have, then loop the command "DELE 1","DELE 2" ... "DELE X" to trash them. Ok, you may also lose some legitimate mail, but it's still better than having to check 1000's of messages!

Re:The other evil of Spam

This happened to me, too. From november to january, a spammer used a number of open relays in Korea to send out spam with fake froms -- with my domain.

I daily got thousands and thousands of bounces from all over the world. I had a cable modem, but even then, this really ate into my bandwidth.

People I consulted on the email abuse newsgroups didn't have any idea how to stop them, so I had to weather the storm.

Boudewijn

Re:The other evil of Spam

[twoflower]

The result was that, for a period of about two and a half weeks in January, David was receiving over 1000 bounced emails a day, effectively mailbombing his account.

1000 a day? Uh, we got joe-jobbed twice, averaging 13 million bounces a day. I think your friend got off lucky.

Twoflower

Re:The other evil of Spam

[DavidTC]

While I don't have any idea how to stop the spam, I have to note that the post office will give out a real address and name for any PO box.

Re:The other evil of Spam

[BCoates]

All the mail originates in the Phillippines (with the obligatory faked additional headers added) then gets punted out through open relays around the world. Complaints to the ISPs in the Phillipines get no reply or bounced.

Philippines, huh? Maybe the U.S. troops over there might be interested in responding to some cyberterrorism?

--
Benjamin Coates

Spam spam spam etc

[Merovign]

Well, I think asking the government for help here is a little counterproductive. Given the Government Nature, the solution will be shortsighted, intrusive, expensive, and will exclude rational thought. In short, they'll probably:

Declare a national moratorium on e-mail while a congressional steering committee holds a conference to determine the nature and extent of the problem.

Industry and Community Leaders who have never actually sent or recieved an e-mail will be called in to consult, as well as a couple of Hollywood Celebrities.

A proposal will be made to Nationalize e-mail under the State Department.

Objections from Civil Liberties Profiteers Inc. will lead to a "compromise" proposal to place control of e-mail services with that well-known private organization, The Post Office.

New "Spam Free" e-mail will cost $0.34 each, and take 3-5 days to deliver, but you can pay $3.00 and have a guarantee of delivery... in 3-5 days.

A new congressional committee will congratulate the Post Office and themselves for eliminating SPAM!!! And hold hearings to examine the new problem of "unsolicited e-mail."

Okay, that's a _slight_ exaggeration.

But seriously, the obvious ways to help are:

1. Very Public Boycotts of companies that use Spam tactics.

2. Encourage use of Digitally Signed E-mail.

3. Encourage efforts by ISPs to block e-mail from "repeat offender" sites.

4. Encourage the "securing" of open relays.

None of these methods involve letting politicians write laws which include new taxes, new power, or new public swimming pools named after them.

And by the way, given the nature of Enya's music and Eminem's "anti-music," I imagine that if they were to actually meet, the resulting music-anti-music reaction could deafen an entire medium-sized city.

Re:Spam spam spam etc

1. Very Public Boycotts of companies that use Spam tactics.

No good. Most of these are tiny fly-by-night outfits that change PO boxes, scams and names quickly.

2. Encourage use of Digitally Signed E-mail.

So what? Spamboy gets a cetificate from some third world country with lax laws. There is already a booming market for tax havens, ship registration (Liberia an Panama!), so why not certs?

3. Encourage efforts by ISPs to block e-mail from "repeat offender" sites.

Works only if it is an all-out spam den. Most of these jerks use disposable accounts - open up, send spam, disappear.

4. Encourage the "securing" of open relays.

That one works.

Re:Spam spam spam etc

[Peyna]

1. Very Public Boycotts of companies that use Spam tactics.

I have yet to receive SPAM from a company I could even Boycott. Since I don't regular buy goods or services from Jerry's Triangle Scheme, or Joe-Bob's Porn site, a boycott isn't going to do much. Maybe if Subway started spamming me I'd stop going there, but I don't get any SPAM from any companies I've ever even heard of before.

Actually, I think all the SPAM I get can be put into a few categories:

There's your get-rich-quick SPAM, covering a myriad of pryamid schemes and others. Then there's your 'insider information' SPAM telling you what stock to buy. 'Porno SPAM' speaks for itself. 'Weight loss and Sexual medicine' group has to be one of my favorites. You can lump the rest into 'actual seems like they're trying to sell me something' group or the 'wtf is this?' group.

Re:Spam spam spam etc

[MartinB]

New "Spam Free" e-mail will cost $0.34 each, and take 3-5 days to deliver, but you can pay $3.00 and have a guarantee of delivery... in 3-5 days.

Actually, I think this would block much of the spam we receive from most disreputable senders of commercial email. Most of the problems we have is that the things they're trying to sell just aren't ever relevant to us. And that's because there's almost no direct cost to send email - it's as cheap to send 1 million as 100.

In the offline world of grown-up direct marketing, it's a major waste of money to send offers to people who won't ever take them up. This is why many companies evaluate the success of their mailings and staff on the basis of Return on Investment and Cost per Sale/Lead.

So a daily task of direct marketeers is to remove likely non-buyers from lists of people they're contacting (by mail or by phone).

You can be damned sure that grown up direct marketeers whose costs are nearly in direct proportion to the number of contacts they make do not send out mailings randomly to the 10 million addresses they've harvested off the web.

[ob-request-for-fewer-US-blinkers: Please think beyond the limited shores of the US. Putting the world's email under the control of any sub-national body is A Bad Thing. *cough*Internic*cough*]

Re:Spam spam spam etc

[sqlrob]

2. Encourage use of Digitally Signed E-mail.

So what? Spamboy gets a cetificate from some third world country with lax laws. There is already a booming market for tax havens, ship registration (Liberia an Panama!), so why not certs?

Because even if the cert itself is invalid, it's going to cost much more time to send spam. Where it is easy to send 1M identical or near identical messages, how much horsepower does it take to send 1M individually signed messages?

Effective fighting against spam...

[quigonn]

No matter who they are, fight them with razor! razor is a distributed, collaborative spam detection and filtering network, and it rocks. I hardly get any spam anymore, and if I get one, I can report it to the network, and other razor users won't see that email anymore.

Re:Effective fighting against spam...

[tekunokurato]

Spam filters are risky stuff, though. It is important to be aware that they may turn away certain non-spam messages, which can be hazardous to an organization.

I recently bought something on ebay and did not recieve it in a "timely manner." I had tried communicating with the seller via email repeatedly, but had been unsuccessful. I decided to make my personal Custerian stand, and threatened the gent with the full compliment of legal jargon and ebay procedures. It turned out that my messages were, for some odd reason, getting caught by his spam filters, and that it was all a big misunderstanding.

Re:Effective fighting against spam...

So you were selling something that got picked p by the spam filters eh, say no more..

Re:Effective fighting against spam...

[quigonn]

First, razor works using signatures (i.e. it hashes parts of the message with SHA-1), and then controls if this signature is on the server. If it is, then it's spam, if it isn't. Second, a good practice is not to automatically delete spam, but save it in a certain folder.

I personally save all the spam emails that are not caught by razor in a folder spam. All the emails that _are_ caught by razor go into the folder spam-razor. After a day, I report all the mails in the folder spam to the network (razor-report -M ~/Mail/spam) and flush it.

Re:Effective fighting against spam...

[Daniel]

The wonderful thing about razor, of course, is that absolutely anyone can report spam. Meaning that, well, within a few days of my trial run of razor, it had marked several legitimate messages as spam (while, I might add, missing about 90% of the real spam that I get)

I've been trying spamassassin now, and it seems to work very well -- aside from its tendency to forkbomb the system if I download more than about 40 emails at once. ("fork: resource temporarily unavailable"...fun)

Daniel

Let's ask the Chinese! They'll know what to do!

[MillionthMonkey]

What amazes me is how the Chinese can get their corporate lackeys to block any packets they don't like from entering their entire network, while we out here in the free world are drowning in spam because we can't keep a few hundred assholes with modems from pissing emails all over us.

brutal

[brad3378]

http://belps.freewebsites.com/brutal.htm

Does anybody else wonder who these people are...

Rodona H. Garst
1226 Cobblestone Lane
Clarksville, TN 37042

Now tell "Homeland Security" that there is an Al-Qaeda cell operaing out of that address.

End of problem.

you, Sir

[warez_d00d]

are a complete fuckwit.

LOL LOL LOL

what a great website! Too bad more people didn't take the time to do things like this. I think personal information on the net is something most spammers would fear. Especially pictures of their sagging breasts!!! LMAO

Setting a counter-attack

All that pays do exist, both in Nature and Economy. The only way to solve the SPAM problem is to make SPAM stop paying. Can it be done without creating a bigger problem? Without hurting innocent people?

I don't know. Law enforcement helps but is largely ineffective. Reports to abuse addresses at ISPs doesn't work very well either. One-shot email addresses work sometimes, but that's not enough. Using fake addresses damage the legitimate owners of the domain one pretend to be. Filters are good, but they are more a surrender to the problem than a solution for it.

I think that the community needs an extra tool to fight SPAM. We need to set up a counter-attack, aiming at the right targets, not at innocent people. I propose to target the databases of email adresses used for SPAM, polluting them in such a way that almost every email address they have is a fake one.

How?

Many of these addresses are collected harvesting web pages for email addresses. Fine, so we just need to make "normal" web pages that say to people visiting them that they are fake, and place fake email addresses there. The fake addresses must be from existing, consenting sites.

Say for instance that the owner of somedomain.com wants to cooperate on attacking spammers' databases. First it builds a list of, say, 200 fake addresses like somename@somedomain.com, and arranges his email system in order to collect all the email send to these addresses in a special "SPAM-bag". Then it builds a dynamic page (cgi, whatever) with some text and images and a few email addresses. The email addresses are randomly collected from the list above. That page must be linked somewhere in order to be easily found by the harvesters.

Finally, in order to validate the fake addresses, the system must fake reading the emails collected in the SPAM-bag. Several spam systems send email with html with special marks, used to tell the sender that the email was readed. All those marks should be used (the links present in the message must be used to generate requests as if opened for reading).

If the owner of the domain somedomain.com makes, say, 100 fake adddresses for each valid address he has, the result can be that the spammers databases gather lots of garbage. Since databases and bandwidth are both finite, the result will be that the 150 million addresses that Mr. J. Random Spammer uses will turn into almost complete garbage.

Drawback: Bandwidth. If the domain has 100 fake addresses for each legitimate one, it will be exposed to 100 times more spam-mail than usual. I can't guess if this is a problem or not. I believe its not, at least not compared with the phisiological bandwith a human spends cleaning the spam out of his mailbox. The computer works harder, the spammers work harder, but the spam' victims don't. All accounted for, it seems to be a good thing.

Of COURSE it's profitable

[MillionthMonkey]

Spam represents an incredible value for the money. It has very little cost, incurs little legal risk, and can reap great rewards. There are many business plans like that, but with the exception of spam, they're all RICO predicates (in the U.S.).
When things reach a certain level of profitability they become recognized as crimes and laws are passed criminalizing them. Spam is only legal because nobody's ever seen anything like it before. People easily confuse spam with a First Amendment issue, so it will take a couple years, but by the time the average email account receives 20,000 spams a day, public anger will eventually boil over, reaching a point at which one of several things will happen:
-SMTP and email in general will be supplanted by some more restrictive protocol that isn't as useful to the spammers for theft of services. (Hopefully this protocol will be open and not controlled by a ruthless monopoly.) Nobody will communicate via email anymore because all emails are assumed to be spam. As fewer people rely on it, more and more network paths will become closed to SMTP traffic until it reaches the point where most emails bounce once they leave their local network.
-Sending spam no longer means you lose your 30 days free trial and have to find another ISP serving your trailer park. Instead, your door is busted down by people with scary guns and flashlights and handcuffs, and you're held without bail in a real jail cell with real iron bars, maybe with a new roomate who's 581% happier now that you're there.

The solution will probably be technological rather than legal, just because of jurisdictional problems- even though the legal approach is obviously the one that socially makes the most sense. It's a real crime. But unless all the nations of the world sign a treaty to cooperate in investigating, catching, and prosecuting these idiots, they'll just keep finding more open relays in former Soviet republics.

Re:Of COURSE it's profitable

[October_30th]

a new roomate who's 581% happier now that you're there.

That was a good one. :)

Re:Of COURSE it's profitable

(Hopefully this protocol will be open and not controlled by a ruthless monopoly.)
I think you misspelled "Microsoft"

Re:wide spam!

Does this alledgedly page-widening post actually widen anybody's pages?

Page-widening must be rooted out. The line described by Klerck's penis going through CmderTaco's anus, rectum, colon, jejunum, ileum, duodenum, gaster, esophagus and mouth constitutes the REAL Axis of Evil!

feed them to SPEWS

[1gor]

Experience shows that blocking SPAM at source is impossible today. The fight should be directed at beneficiaries of spam (clients of spammers). And the only effective remedy is blocklists like SPEWS.

Your friend could fight the spam indirectly if he persuaded his ISP (demon.co.uk) to adopt SPEWS filter. That would block mosf of ISPs that host spam beneficiary sites from demon.co.uk. When ALL their clients lose access to this large European provider (demon) - then ISPs would definetely notice and take action against the spammers. If not too late for themselves... (check out this tearfull public apology from a spammer at news.admin.net-abuse.email).

Sending All US-related Spam to the FTC

My guess is that they like getting all spam, but bear in mind that they don't have jurisdiction over spam per se, just spam selling fraudulent goods and services.

The FTC does testify before Congress, and when they are asked how much spam is beyond their legal authority I would like them to have accurate statistics.

Also Send Spam to NANAS

Newsgroup news.admin.net-abuse.sightings provides a collection of spam for general use, such as countering claims that "we have not sent any spam in the past 3 months".

Titles of posts should start with "[email]". You can also mail to the automaton at nanas-sub@cybernothing.org from a throwaway address to avoid attracting more spam. You would not think spammers would bother scraping addresses from anti-spam newsgroups, but Rule 3 says "Spammers are stoopid".

Regardless of submission method, you probably want to obscure your email address within your contribution.

Creative Off The Shelf implementations

http://www.monkeys.com/wpoison/home.html
and
htt p://www.devin.com/sugarplum/

provide automated implementations similar to the suggested techniques.

Re:Creative Off The Shelf implementations

Interesting links. Thanks.

But their ideas differ from mine in one essential way: The fake email addresses that I propose are real; when the spammer sends his junk to them, the junk not only is accepted but also "readed" (or behaves like that).

Making tons of email addresses with non-existing domains take just DNS queries to be filtered off in the process of building the databases. If the domain do exist but the user dont, the spam is sent once, returns and the address is erased from the database. No big damage to the spammer...

The idea is to use real email addresses, that are really collected and fake-readed by the conspiring anti-spam systems. If we just attack the badly designed spam systems, the result is to pressing them to get smarter. My aim is not to help them to correct design flaws...!

Of course, this needs some setup work: The real fake-emails must be really entered in the mailing system, aliased to the spam collector, and the collected stuff must be fake-readed. And of course, this only works if a large number of sites do it -- and better if they do it differently from each other, in order to make automated detection of similar fake-email generators and fake spam readers really difficult...

track them down...

and beat the living shit out of them.

I got a spam message, that was advertising email lists. You had to apply by sending a dead tree letter to an address, which turned out to be just up the road from me. The address was a company that sold post boxes.

Someone who applied to work there, could get access to who paid for the particular mailbox.

Another spam had the address of a local melbourne company on it. That was far easier to find.

Once you find them, it's a simple decision of firebombing, chemical warefare, DoS attacks...

yes, you're alone in this world

Okay, you get 10 spams a day. I get about 200 per day. I have pretty good filtering software and high bandwidth access. The problem is not that you aren't annoyed, the problem is that most people pay for internet access, and that a significant percentage of internet traffic and access fees are wasted delivering spam all over the network. Lets say I get more spam than normal and you get less. Then we can guess an average of about 100 spams a day... multiply that by (being conservative) 200 million email users, half of which use dial-up accounts. that makes 10 billion spams to dialup accounts. If each spam takes a second to download, costing about a penny per second, then spammers are stealing US$100 million per day, which is $36.5 billion per year, just from dialup users! This is the largest case of theft in the history of the world!!! To give you an example of what that number means, it is more than the annual US budget for Medicare and Social Security combined!!!!

Track spammers down, forward to AG in your state

DSL reports, at http://www.dslreports.com/ has an article where they set up a sting to finger spammers. The results speak for themselves. Described is a method that state attorneys general can use to ensnare spammers, and hit them hard. Prosecute just a handful in states where possible, and it will change the minds of some of the less determined spammers. My *ickhead AG in NY only has a form, not an email address, so he won't get the story. But other readers should copy and paste the story into an email to their AG here in the states. One or more AGs may set up a sting, and other AGs may follow suit, especially just prior to this election cycle. Give it a shot.

Story is here:

http://www.dslreports.com/shownews/15234

Re:Support the IRS, not the FTC

Let's Cappone the spammers by taxing spam at a rate of $1 per delivered message. That will finance the spameaters and sic the world's most tenacious dogs on their scent. The whole problem will be solved by April 16th.

China and Open Relays

Have you ever looked at the headers from a spam? There's a good chance it was bounced off an open relay in China. Take a look at the Spamcop weekly open relay statistics.

These are very hard to get fixed, mostly because of the language barrier. Still, if you're particularly evil, you can always email the administrator thanking them for providing such a valuable resource for Falun Gong/Free Tibet.

Re:wide spam!

Well, it doesn't widen the pages, per se, but it adds a nasty orizontal scrollbar that you have to use to see past the first screen.

Wait till you get the latest mobile phones

[mattr]

Don't know how big phone spam is in the West, but in Japan it is so bad, the government is trying to make a law against it.

You see, mobile phones ring or vibrate when they get spammed. It's worse than ordinary spam because email addresses are usually the same as your phone number, giving an easy target to spam programs.

My friend has two phones registered with slightly different names, and they ring within 10 seconds of each other, about once an hour or so. His FOMA (3G, streaming video) phone is real special. It does a pirouette on his desk because it is vibrating so strongly.

Imagine it. Everyone who has these phones (millions) gets this ringing all the time, even in the middle of the night. DoCoMo recently offered custom mail addresses to combat it but still..

Re:Wait till you get the latest mobile phones

In the states it is illegal for telemarketers to call mobile phones. I always give me mobile phone number on forms that ask for it, and over the past five years I've not received one telemarketer, because their systems know my number is a cell phone.

Of course this becomes different when an email account is linked to a phone. Shouldn't there be some easy way to say spamming that email address is illegal because it goes to your cell phone? After a certain number of email messages a month, I pay for it...

Re:Wait till you get the latest mobile phones

[mattr]

Yes, the recipient is paying for all this spam I believe. Of course young people seem to get most of the spam. Probably more people have email through these phones in Tokyo than other types of accounts. But apparently you cannot set the account to automatically forward the email to some procmail equipped account on a different server.

This seems dumb and limiting the development of a new market, but then again who knows how much the phone company is making off the literally billions of spams going out.. I'm hoping this may change as the client-side opens up more.

Nothing for SPEWS to go after

Aye, but that's the rub. The spammers were only advertising services available with a credit card by phone, fax, or occasionally by cheque to a PO Box in Montana. They never advertise anything online so there's no web hosting ISP to go after.

In other circumstances, I agree with you. Usually, when reporting a spammer, I'll focus my attention the web hosting provider rather than the outgoing mail provider as changing hosting companies is more hassle for a spammer than getting a new dial up account.

(Cybertect: Posting from somewhere else & I forgot my password :-)

Re:Nothing for SPEWS to go after

Aye, but that's the rub. The spammers were only advertising services available with a credit card by phone, fax, or occasionally by cheque to a PO Box in Montana.

So, get together with a few other people who've been spammed, and pay for one of you to fly to Montana....

What is the bigger outrage?

The use of rape as an integral part of judicial punishment in the United States is just slightly more outrageous than SPAM, I think.

Every time I hear a Federal Prosecutor laughingly talk about turning a suspect into "someone's girlfriend," I wonder how the US dares call itself a free country.

Re:What is the bigger outrage?

[October_30th]

Federal Prosecutor laughingly talk about turning a suspect into "someone's girlfriend,"

Because prison rapes are rare. Sex between inmates is not that rare, but that's hardly the issue.

Re:What is the bigger outrage?

[swb]

Prison rapes are not rare. During a legislative internship in college I toured a maximum security prison. The head doctor of the prison said they sew up about 3-4 rectums every month, presumably from people raped badly enough to require stitches. Ouch.

And lets question the idea of consent. If I tell you you have a choice between being sodomized or beat to shit, how long until you "consent"? At least if you consent, you may get a chance to smear some lotion on to prevent a trip to the infirmary.

Re:What is the bigger outrage?

do some research before you post moron - prison rapes are far from being rare - in fact sexual assault ranks with drugs as the major problem in modern US prisons. People with their heads in the sand like you are the reason texas puts to death black men for crimes white men get short jail terms for.

I have an idea....

[Vintermann]

(it's probably been though of before, but here goes:)

Think of Schneier's honeynet project. What if we set up a "honey-relay" that from the users perspective looks excactly like an open mail relay, but actually it doesn't forward email, merely logs users?

What if there was hordes of these false relays out there?

Of course, spammers could test for this by spamming themselves first :-) But perhaps they could be implemented in ways as to foil such "tests".

Re:I have an idea....

[nstrom]

It's already being done. If you're interested, run one yourself -- every spam message trapped by a honeypot is a spam message that doesn't get to its recipients. Brad Madison runs one on a university VAX machine and Michael Tokarev runs one in Russia. Both are fairly heavily trafficed by spammers.

See Brad's page Fighting Relay Spam for more information on running your own SMTP relay honeypot.
See posts like this one to see that these honeypots are working.

Re:I have an idea....

[biobogonics]

Think of Schneier's honeynet project. What if we set up a "honey-relay" that from the users perspective looks excactly like an open mail relay, but actually it doesn't forward email, merely logs users?



Done - do a google search on tokarev and ralsky.
Toakrev did just that and followed Ralsky's trail through several isps.

Shutting Them Down

Does anybody else wonder who these people are, ...

Actually, many of the folk in news.admin.net-abuse.email know just whom they are.

... and what are the odds of having them shut down for good?"

Not very good at this time. They are not breaking any laws in most places. (Making the falsifying of "From:" addresses a felony would fix that. Making use of open mail relays w/o permission a misdemeanor at least would help.) And they frequently move from dialup ISP to dialup ISP as needed. The bigger spammers get "pink" contracts (read: "we'll allow you to spam as long as the heat doesn't get too bad and nobody finds out about this contract") with big-name ISPs that many admins are unwilling to block (Qwest and Sprint are frequently at the top of The Spamhaus Project's "Top 10" list. Verio has received a lot of unfavourable mention in news.admin.net-abuse.email of late).

The best things you can do, in my opinion, are:

• Complain about every spam you receive. But make sure you're complaining to the right places. Make the complaints civil, but firm.
• Block spam as best you can. Yes, no blocking mechanism is perfect. There will be some false hits. Learn to live with it. I have. My bosses and cow-orkers have. The alternative is unthinkable. Block it even if it means black-holing entire /16 blocks of IPs. Even if it means black-holing entire ISPs. Or even countries.
• Refuse to do business with spam-friendly ISPs. Check with the good folk in news.admin.net-abuse.email and consult the "Top 10" list at The Spamhaus Project. (We recently switched ISPs at one site because our old ISP was becoming unbearably spam-friendly.)

No, there's not much that can be done to "shut them down for good," but you can make the effect of their spamming as ineffective as possible and make the ISPs that support spammers as unprofitable as possible.

SPEWS, by the way (mentioned in the article), is having a tremendous effect on spam-friendly ISPs :-).

Re:Shutting Them Down

[DavidTC]

Making the falsifying of "From:" addresses a felony would fix that.

I would like to suggest that there is a single exception, @example.com (example.* is reserved), for people who truly wish to not be reachable. Of course, you'd have an easy way to filter these out in your email program.

I would not only make it a felony, but using someone else's real email making you liable for $1000 per message.

Making use of open mail relays w/o permission a misdemeanor at least would help.

There are some pretty good arguments it is illegal, but, yes, it should explictly be illegal. In fact, let's make it illegal to access a system by using some other system without explict permission from the proxy, and get people misusing open SOCKS proxies too. (Real public proxies would presumably have big permission granting messages in the connect screen.)

Re:The other evil of Spam, a legal approach

[Vermithrax]

Under the computer misuse act in the UK, it could be argued that the spammer, by putting your friends email address in the mail has attempted unauthorised access to his computer.
We should be able to get said spammer extradited and get him five years to try and not drop the soap.
The police will not be keen on this as it hasn't been done before against hackers. Once it has been done in one juristiction, then it can be used by people in other juristictions as a lever on their local police departments to get spammers rounded up and beaten like the dogs they are.

Fight them with the same methods

Here is a solution, let them spam themselves, find out about e-mail addresses of the advertising companies, put those email addys into various sources for spam (aka porn mailing lists, opt out lists of doubtable origins etc... ) and let the harvesters find the mail addresses and let them have their load of daily spam!

Target creators of spam software

[bigberk]

Here's an interesting idea... it turns out that it's relatively easy to make life difficult for companies that create spam software. Specifically, drive up their cost of business by costing them cash in pay per click search engines. The process is described here:

www.spambattle.com

And the 12 most common types of spam scams are...

[bihoy]

For more information check out the FTC site or file a complaint online.

"FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk E-mail"

Business Opportunity Scams

Making Money By Sending Bulk E-Mailings

Chain Letters

Work-At-Home Schemes

Health And Diet Scams

Easy Money

Get Something Free

Investment Opportunities

Cable Descrambler Kits

Guaranteed Loans or Credit, On Easy Terms

Credit Repair Scams

Vacation Prize Promotions

Why ?

[DABANSHEE]

It works.

My brother did the exact thing to some businesses that have fucked with him, over money.

& guess what? They stopped fucking with him. Mind you the looping faxes were only a small part of a whole military style operation.

Re:How to solve spamming, worms, email trojans, et

[AMK]

There's also Dan Bernstein's Internet Mail 2000 proposal,
where mail messages are stored on the sender's computer until the recipient retrieves it. This would mean that recipients don't pay for
disk space or bandwidth, senders do, and getting a spammer's account
pulled would result in all their spammed e-mail disappearing.

But good luck getting everyone to adopt a new mail protocol...

Still.......

[DABANSHEE]

......I think most of the companies that get sold on the idea of utilising a spam agency don't make anything out of it either.

They're like popups - no one clicks popups & they annoy the fuck out of everyone, but corporate marketeers assume they work because they assume people wouldn't hire popup agencies unless they do work, so they jump on the bandwagon & sign on with some popup agency too. But I very much doubt that they add to the bottom line the vast majority of the companies paying for the popups. Mind you the agencies might make a bit of dosh out of it.

That's why the bottom fell out of the banner add market - the corporate world relised that on average banner adds just don't add to the bottom line (ie they generally don't increase turnover, turnover of tangable products that is), consequently what many websites get for each banner add is less than 1% of what they were getting just 18 months ago.

Re:DMA Opt Out

[CharlieG]

Hi,
I'm not SURE about the DMA's email opt out list, but I do know for a fact that their snail mail out out list _IS_ legit!

My wife works for one of the larger junk mail companies out there in names selection, and trust me, the watch that list, and even if you would be "perfect", they pull your name from the mailing! (Ditto if you contact them directly)

They have 4 reasons for this:
1)If you went through the effort to opt out, they KNOW you mean it
2)People who opt out don't buy (see profit motive)
3)It costs quite a bit to do those snail mail mailings, so they don't want to spend money sending mail to folks who won't buy (see #2)
4)The DMA insists on it! The DMA is NOT kidding when they say they will drop members for abusing this

The problem is, most of the fly by nights (and most email spammers are fly by nights compared to the big junk mail houses) don't belong to the DMA, or even care!

I'd bet that if you got spammed by American Family Publishers - the Ed McMahon folks - now out of the sweepstakes business - and asked to be removed, you would be! Ditto a Sears, Lillian Vernon, etc (all large catlog companies). They are used to dealing with opt out, and have procedures to deal with it. It doesn't always work (yes, database cleanups have caused problems, and fines have been issued)

The problem is the scammers and small shops that don't care

Solution: Tax Spam

The US Government should tax domestic spam and put an import duty on foreign spam. Then, the President should offer to pay a finder's fee of 50% of the collected penalties to anyone who helps them catch a spammer who owes back-taxes. Let the same folks who shut down Al Capone can spam.

Keep the government out of it!

I don't want the government to bust spammers for me. They don't need to bust spammers. It's a waste of law enforcement's time and money. Why use FedGov to take care of a problem that can be solved simply by banning a particular domain, IP or Email address? Remember this: When you get FedGov involved in something the chances of getting them back out is astronomical at best.

Now, obviously we want them to bust scammers, but scamming has always been illegal. There's nothing special about internet ripoffs. The net just provides scam artists a new communications mode with which to operate. Let FedGov take care of these folks and I'll deal with the Amazon.com book offers by myself.

Who is using the spam?

[dnoyeb]

A common drug/ prostitution strategy is to go after the users. Not that I want to go after people responding to SPAM, but I would be interested in knowing who they are.

One can make an arguement that if no one ever responded to Attack Mail, it would never be sent. But if indeed no one is responding, then that makes the whole "arrest the Johns" arguement used by the police rather weak.

Screensaver Spam

[torklugnutz]

Is anyone else getting bombed by this screensaver email? It's got an attached .scr file, which isn't detected as a virus. I've gotten it 3 times to a Hotmail account I've got, and about 7 times to my regular address. It seems really suspicious, but maybe I'm just paranoid.

Subject is: Melt the Heart of your Valentine with this beautiful Screen saver

And guess where all of the messaged have originated from (so far as I can tell): China. Too bad that firewall doesn't keep all the garbage IN.

FTC doesn't want _all_ your spam.

They're not that serious about the spam issues.

They are against civil recovery laws in the states.

They do not care about spam unless it's promoting illegal items.

They do NOT want all your spam - if you start forwarding all your spam (especially if you're an ISP) they willo block you.

They want representative samples, however their PR people then say "we get 15k forwarded messages per day" and then neglect to mention that that's only the samples.

My small ISP (1000 users) was getting in excess of 20k pieces of junkmail per day. Most never got past the filters. If the FTC really wanted it, I would forward it - however when asked if they wanted this stuff forwarded, the FTC informed us in no uncertain terms that if we did, we would be firewalled for DoSing them.

anti-spam resource for qmail users

[Silas]

I maintain an anti-spam resource for the qmail community, which I will now shamelessly plug: http://www.summersault.com/chris/techno/qmail/qmai l-antispam.html

Re:How to solve spamming, worms, email trojans, et

[blibbleblobble]

Trusted certificate authorities generally charge £20 per year for any sort of certificate/service. Anyone trying to use Outlook Express' encryption will find that it costs money.

Most people don't want to pay £20 per year for an electronic signature. That's why they use GPG or PGP. Of course, this is a peer-to-peer system, and has no "central trusted person"

If email required the use of certificates generated by some monopoly company free to charge what they like, many people will confuse these signed certificates with encryption keys, and it could well delay the common adoption of email encryption, which is A Bad Thing (tm)

Of course, if personal certificates "ought to be free", you're welcome to spend your time checking national insurance numbers and postcodes, signing people's certificates, and revoking them each time they get stolen by a spammer.

MS and AOL adresses

Anyone has a collection of e-mail addresses of important people from MS, AOL, etc?
Webmasters should use them to be harvested by spammers and get the legislation out for us :-)

The Solution

Disconnecting a spammers connection won't stop him, he'll just find another one.

I propose that we track down the spammers to where they actually live and follow them KGB style for a few days. When you get an opportunity grab them, tie them up and bring them somewhere secluded.

Here is where it gets fun. Pull out a 9mm with silencer. Proclaim loadly "For crimes against humanity in regards to SPAM I sentence you to death!" Then have them write out a letter which you tell him you will deliver to his family, and that he should right down all of his regrets and last words onto it.

By this point, he will be a crying, blabbering mess. Aim the gun at his head, and pull the trigger. After about a minute, he will realize the gun was empty (or fake). Then tell him that this was a warning. If he SPAMS anyone again, the bullets will be real next time.

Poof! No more spam.

BTW: If you didn't read the entire message BEFORE putting this plan into action, then you probably have a dead SPAMMER lying out in the middle of nowhere with a bullet hole in his head. Either way, this prevents SPAM, but now you are screwed too!

Er - on what planet is this again?

[Scooter]

"Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as "known criminals"."

Well I can't speak for anyone else, but the SPAM that lands in my email box every day is largely from large corporations, chain letters (you know the ones that want you to send money to people on a list), and the rest I have no clue about as I can't read Kanji.

I honestly don't mind a bit of SPAM, but what really gets my goat is when they either claim that I asked for it "here are the results of your feedback form" or such like, or they cite some law from some country I don't live in and claim that this gives them the right to send me mail about whatever rubbish they are peddling. And lets face it - if they're intentions are so honourable, why is the return address always a non-existent hotmail/yahoo account? Then there's the "removeal"options - yeah sure I'm gonna go to some web page and type in my email address - so the spammers can know it's a real email address. Some of them even have the cheek to ask for a receipt!

The 3rd most prevalent type of SPAM in my mailbox is the laughable fraud attempts - you know the ones typed in CAPITALS usually puporting to be from some dude (usually in Nigeria) in some country's government who has some scam going whereby he needs your bank details to dump several million dollars US into it. I love those ones - they've been around on paper for donkey's years.

The Herald's reporter must have been out in the sun too long - the world's spam sent by a handful of chavvies - my arse.

Easy Solution to stop this attack

[Vairon]

Change your MX record of your domain name to point to a mail.domainname.com that points to a A record of 127.0.0.1

No one will be able to mail you anything and your other sub-domains, such as www.domainname.com will still be open, which will allow you to post a message and give your real customers a 2ndary email address to email you at (that doesn't end in @yourdomain.com)

Re:How to solve spamming, worms, email trojans, et

[Meowharishi]

Well, this is where government regulation is necessary.

The Internet is quickly becoming a public resource and should be regulated just the same (well, hopefully better than) other public resources.

Enforcing digital signatures would be a great way to a) fix the spam and trojan abuse while b) maintaining personal privacy.

There are trusted authorities where you can get free private certs, I thought -- doesn't Thawte (hey I made a pun!) give free certs for personal email use?

That doesn't matter anyway because government regulation would (should) provide it for the people for a nominal fee (like they do a driver's license or passport)

This whole thing is a f*cking sell out!

[Newer+Guy]

This whole sickening item proves one thing to me: The only thing big business will ever care about is the almighty dollar. Morals and ethics literally fly out the window in the face of big bucks.
I question whether Cisco and it's ilk would have someone killed to make a million bucks? Probably...if they could get away with it!

Interesting thought....

[extrarice]

This article is right above another SlashDot article about Internet censorship. I think it is safe to assume that we all hate spam here. However, if we force these people to be silenced, are we not censoring them as well?

Re:Interesting thought....

[bluetoad]

There is a major difference. If people want to go out and find stuff on the Internet that is there business. Of course,some stuff is extremely objectionable...

However, this SPAM arrives unsolicited. Some of it is just door-to-door porn.

I'm confident some ISPs offer SPAM services.I get very little SPAM with the ISP I've been with for the last few years.

Free Email Accounts

[clandaith]

I have no idea if this would really matter or not, but I look at the headers of the spam I get and the majority are from free email accounts; Yahoo, Hotmail,...

If there were no free email accounts, wouldn't it be harder for spammers to find the accounts to send out the inital emails? Yes, there would still be many mail servers out there to reroute the emails.

But, wouldn't this make it so that the spammers have to get actually ISP accounts to get the email addresses?

I don't know how true this all would be. Just thinking out loud as part of the /. collective.

yhbt

hand

The bottom line is...the bottom line

[gregor-e]

Spam only exists because it is profitable. The only effective way to fight spam is to tie up the spammer's resources:

• Call any toll-free number they include. If you have a multi-line phone, conference the first line with a second line dialed in. That way, when their recording quits and asks for your contact info, they get a recording of their own drivel.
• Set up a free email account for the purpose of cranking spammers. Reply to all spam that includes an email address, asking for more information. If the spammer offers to send you snail-mail brochures or something, excellent! Sign up for it - preferably to the postal address of another spammer's office, so you can also tie up their resources figuring out all the trash they just got.
• If the spammer has included a non-toll-free phone number, look it up in a reverse phone directory. Many times, the phone number is residential, not business. In this case you can report the spammer to the telco that provides their service and either get them disconnected or billed at business rates.
• Order stuff using bogus names/addresses & CC numbers. This ties up their sales personnel and, if you provided a working phone number that is always busy (many telco exchanges have numbers like XXX-YYY-0008 that are perpetually busy), they'll burn up many minutes trying to get a correct CC number.

The only effective way to combat spam is down at their level. They burn our resources, so we have to burn 'em back.

Re:Sendmail and its shitheap of bugs

how fucking hillarious

the number one most exploited mail server in the world with open relay issues remains and always has been sendmail - its been a bug ridden piece of shit and it remains one (new implementations are getting slightly better) and it requires a level of intelligence most users dont have to set up correctly - and most ISP's run on it NOT exchange which is a corporate messaging system.

Stop mindlessly throwing off at MS products, ive met plenty of Furry Critters who can setup linux boxes too - hell ive exploited more than one of them and let me tell you they are a shitload easier to attack.

Any OS that lets you commit suicide with a command isnt much of an OS to start with

Paper Towel

[Jetson]

A friend of mine was the victim of repeated junk faxes from a telemarketing business. After several failed requests to be removed from their list he resorted to one that actually worked. Yes, he faxed them an entire roll of paper towel. It may have been a computer on the other end (saving them the expense of toner and paper) but it did at least block their telephone line for a significant period of time. He then told them that the next time he received a fax he would tape a sheet of paper into an endless loop and transmit all night long....

My spam comes in groups.

[Jim+Efaw]

A pattern I've noticed the last few months is that I'll go a few hours without getting spam, then 4 or 5 will come in at once (from different IPs and apparent origins), then I'll get nothing for maybe a couple hours. Often there are days when it just kind of comes in one at a time randomly, but then the majority of a day will go by when it's just in groups. The mail server hasn't been down, so it's not from queue scheduling at the last hop. I've started suspecting that there is a small group of spammers who are doing 99% of the "go forth and multiply" orders several times a day on the Internet.

For those of you who are real conspiracy theorists, here's another disquieting thing I've noticed: About a quarter of the time, I seem to get single items or pairs of spam within a minute or two of sending out e-mail-- it doesn't seem to matter who my e-mail is to. I'm still fairly confident that it's just coincidence so far, but...

Use a UNIX Mail System for Self-defense

[billstewart]

It sounds like your friend, and people in similar circumstances, really needs to get a Unix mail system. If he's got a Unix account at his ISP, then he can use Procmail or similar preprocessing scripts to trash the mail message before putting it in his mailbox, so he doesn't have to download it over a slow link. Alternatively, since he's using a POP mail client, he should retrieve his mail in a headers-only mode, trash the messages that are obviously spambounce, and limit his full downloading to the real messages. A number of mail clients can do that, or again, if he's running Unix at home, he can hack something if there's nothing that does quite the right job.

Re:Use a UNIX Mail System for Self-defense

[Cybertect]

Uhhm, that's kind of what we ended up doing.

He's running Mac OS 9 ans a musician with a recording studio and isn't particularly computer savvy (he does know about lots about sound though). Getting him to get used to a different web browser is hard enough, I only just weaned him off Netscape 3.0...

To my knowledge, the ISP doesn't allow shell access, just POP.

I'm running Mac OS X (hey, it's BSD :) and hacked together what you're describing for him with popsneaker before forwarding his real mail to another POP account.

the Spam

Yea the spamers are an annoying crew. I think that you should hold the company they are spamming for responsible. Think about it, who is really to gain from a spamer? The company that is selling the product that the spamers are endorsing...

SPAM Congress

The best way to get anti-spam legislation through congress is to post the email addresses of every senator and congressman (and all of their staff) to as many newsgroups, bulletin boards, etc, as possible. When there offices are completely overwhelmed with the inevitable onslaught of spam, perhaps they will finally do something about it. Only when spam has inflicted enough damage to them personally to offset the $$$ that spammers are lining their pockets with will they be inclined to act.

Spammers harvesting addresses from Slashdot posts

[Philbert+Desenex]

Spammers also try to spam their critics into submission. Early on, in '94 or '95, I would email spammers directly. This was before they became so "proficient" at hiding their own email address. I got a number of threats from spammers that they would just sign me up for more and more spam if I complained.

I only bring this up because I finally got my first piece of spam that I can track to my email address being harvested from Slashdot. I got a 69,376 byte hunk of crap from one "Daniel Barnard" addressed to "Philbert Desenex", my Slashdot nick. Daniel "Pig Intercourse" Barnard, of 3367 Eastern NE, Grand Rapids, MI, promotes a 5-level pyramid scheme. My guess is that some hairy, rat-molesting spammer harvested email addresses from Slashdot postings in anti-spam follow-ups, and has distributed those addresses as part of some "opt-in" list full of people who really don't want to opt-in.

And yes, email spam is theft plain and simple. Also, email spammers have incestuous relations with pigs. We must punish email spammers.

the con to our old email systems

[MxReb0]

The protocols in email allow for the sending address to be spoofed, so email can be compleatly anonymous. I don't know if this is a downfall, really. Lots of people get paid to harvest email addresses. I even get spam advertising lists of email addresses (with those of hackers removed). Anybody can run a email server off their mechine. The real way to catch spamers is to find out where they want you to send money (overtly stated in each message) or to which web page they want you to visit. And then you can haxor them or what not.

Australia needs to shape up.

[Starship+Trooper]

fsdg hs gjhsrgjs j tyjetyjj trhrst trjsrtj tjtjs rjtrj ngsjst j strjstrjs jwrt jsrtjstrjsrt jsrjrtj

As I was saying

[Starship+Trooper]

fsgfgh ygj gtj srtjgfxn sfb asdfh trfh sthwr stsj fbdzcbsfvj dfhdgh haeryhae gafb afhatrhyae hr rhaergqgq er reqhqrhq thsdfh htrh thafh

You don't understand.

[Starship+Trooper]

35fb trj356u fnsfaedg 5y reh gj wtysdfh adfvqer34t34 gsfbsfbwtrhwtuw u6u 356 u56uaerh fhsfb fsbsvbs shsrbnw thwthw54h 5h wthwrtb wty5hy wthwhgn svfbsgfbsfhwtrhwtry5y y 54y rg argataret y 54y w45y wfgsef ffbsfb

No.

[Starship+Trooper]

stryr nggje56ue56h gntgnb sgaherh trh sh tbgfrhth wth gbwrththw bhgrhw56y5 shsrb ryw5y wh qwy5 ysthfrhsbsgrn y 54yrh whth 25y qhw fh 5y 254y hth wth254y 2ht2h2th5h whhw5y hwh5hw5hw