Slashdot Mirror
Fighting The Spammers Down Under
An Anonymous Coward writes: "The Sydney Morning Herald is running an interesting article about fighting spammers. It mentions that "Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as "known criminals"." Does anybody else wonder who these people are, and what are the odds of having them shut down for good?"
Everyone always goes on about SPAM and how bad it is and how we don't like to get it....... The real problem is that it must be profitable for some individuals to do it otherwise it wouldn't happen (save the handful of ppl who just like to do it for fun, similar to graffiti). I have a some contact with the advertising and marketing industries here in Aus and I can tell you that from the pure marketing point of view it does look attractive. The marketing ppl rarely consider the annoyance factor, they just want nice numbers... ie "so you can send this out to 1000s of people, Great! How much per person.... what's that, its a LOT cheaper then mail, WOW put me down for 50000"... and so the corporate world pays for what we hate. Sure there might be exceptions, but I bet that this is the norm, esp in cases when the marketing department has 0 exposure to technology and so doesn't suffer like the rest of us.
Spam is "spam" until registrations, licenses, warranty agreements, etc, require a valid email address and/or an opt-in to that company's "news". Then it becomes legit. i get plenty of unsolicited email from companies legitly possessing my addy, even email with opt-out links. if every company i interact with sends me just one of these, that's still a lot of undesirable, often image- and HTML-laden emails to have show up.
That's why i don't think spam will cease to be a problem for end-users, even if the signal-to-porn ratio improves.
but i'd rather hit delete a few times per day (i don't get more than 10 spam mails a day) and know the internet is still relatively free. yes, they're sleaze, but if you're going to start blocking them, it's not that hard for a few other domains to be slipped in there. the potential for censorship seems too great to me *shrug*
so i'll continue deleting my 10 mails per day.
Kraada
The best way to block spam is stop html email. Nobody I know sends html stuff, just quick txt notes. Now if only outlook could do that.(yes gotta use outlook at work, and yes i get spam at work)
this sig is a virus, take it and use it.
LinuxWorx
Spelling errors are intentional as are gramatical error
Sure, spam is probably profitable: it transfers most of the cost of advertising to the (probably unwilling) receipiant, and nobody ever went broke underestimating the Good Taste of the American public.
The problem with spam is that the dirty details of spam disassociates it from market forces, unlike other, more conventional forms of advertising.
In just about every other form of ad (radio or Tee Vee commercial, newspaper ad, billboard, etc) the advertiser pays for the ad up front, before you make a decision to buy the advertised product or not. So, if the ad is particularly repulsive, ("Ring around the collar!") the consumer can make a decision to not buy the product. The advertiser is out the cost of the ad. Of course, the cost of any advertised product is higher than an unadvertised product, so the consumers who chose to buy an advertised product ultimately pay for a portion of the advertising.
Contrast this with a spammed ad: the consumer has paid for his or her network time to receive the ad, the disk space to store the ad and the CPU cycles it took to process the email ad before getting a chance to decide whether to buy the spamvertised product or not. No matter how repugnant, stupid, wasteful, or dumb the ad is, the consumer ends up paying for the spamertising. Only very weak market forces control spamvertising. That's the real problem with spam.
Email spamming is theft, plain and simple. Email spammers must be punished.
Anyone can spam: from "a 6 year old guy", to "dr.evil" to "mr. good guy that is trying to solve world hunger". So you want different penalties: kill evil guy, warn good guy, educate kid.
Some of them, unknowing how bad spam is
People complain about spam. Yet, if they find it usefull, they use the service (contradiction)
Spam doesn't kill people or ruins lifes or fortunes
Spam is relative: what defines spam? a) everything unsolicited? (leads to: nobody can even contact you to ask you if they can contact you.). b) something that is sent to more than me and that is unsolicited? (leads to: how do you enforce/know that? Spammer could just program variations of the smap message).
There IS usefull spam and useless spam as well (99% useless ratio today). If we enforce "good smapping practices..." (ie: receive unsolicited email from good employers offering good salaries)
Spam is global (different legislations) and can move fast (from server to server).
Detecting spammer (physically) is: a) expensive, b) they usually don't have much money (what will you do to him? arrest him like Mitnik?).
Thouthan other reasons
So the bottom line is (my opinion):
Spam doesn't know black and white. There're shades of gray only, and difficult/expensive to block. At some point we should draw a line, beyond that line, prosecute spammers (law). Everything else would be client-side (ie: tools to block spam, blacklists, filters, etc.).
unfinished: (adj.)
The article mentions that some of these 'spam cops' are only contactable via a newsgroup, and that they hide their real identities in order to avoid being hassled by lawyers employed by the spammers. I understand this. I applaud what they are doing - I despise spam as much as the next person.
But by their anonymity, they make themselves unaccountable to anyone else. That means that there are no real controls. What happens if one of these spam cops ends up on some kind of ego trip, or perhaps just starts making mistakes? A breakdown in relationships or other pressures could result in a block list not being updated.
Much as it may be difficult, I think all efforts to control spam must be made out in the open, with full accountability to the rest of the internet community.
I have yet to receive SPAM from a company I could even Boycott. Since I don't regular buy goods or services from Jerry's Triangle Scheme, or Joe-Bob's Porn site, a boycott isn't going to do much. Maybe if Subway started spamming me I'd stop going there, but I don't get any SPAM from any companies I've ever even heard of before.
Actually, I think all the SPAM I get can be put into a few categories:
There's your get-rich-quick SPAM, covering a myriad of pryamid schemes and others. Then there's your 'insider information' SPAM telling you what stock to buy. 'Porno SPAM' speaks for itself. 'Weight loss and Sexual medicine' group has to be one of my favorites. You can lump the rest into 'actual seems like they're trying to sell me something' group or the 'wtf is this?' group.
What?
You see, mobile phones ring or vibrate when they get spammed. It's worse than ordinary spam because email addresses are usually the same as your phone number, giving an easy target to spam programs.
My friend has two phones registered with slightly different names, and they ring within 10 seconds of each other, about once an hour or so. His FOMA (3G, streaming video) phone is real special. It does a pirouette on his desk because it is vibrating so strongly.
Imagine it. Everyone who has these phones (millions) gets this ringing all the time, even in the middle of the night. DoCoMo recently offered custom mail addresses to combat it but still..
Every time I hear a Federal Prosecutor laughingly talk about turning a suspect into "someone's girlfriend," I wonder how the US dares call itself a free country.
Actually, many of the folk in news.admin.net-abuse.email know just whom they are.
Not very good at this time. They are not breaking any laws in most places. (Making the falsifying of "From:" addresses a felony would fix that. Making use of open mail relays w/o permission a misdemeanor at least would help.) And they frequently move from dialup ISP to dialup ISP as needed. The bigger spammers get "pink" contracts (read: "we'll allow you to spam as long as the heat doesn't get too bad and nobody finds out about this contract") with big-name ISPs that many admins are unwilling to block (Qwest and Sprint are frequently at the top of The Spamhaus Project's "Top 10" list. Verio has received a lot of unfavourable mention in news.admin.net-abuse.email of late).
The best things you can do, in my opinion, are:
- Complain about every spam you receive. But make sure you're
complaining to the right places. Make the complaints civil, but
firm.
- Block spam as best you can. Yes, no blocking mechanism is
perfect. There will be some false hits. Learn to live with it.
I have. My bosses and cow-orkers have. The alternative is
unthinkable. Block it even if it means black-holing entire
/16
blocks of IPs. Even if it means black-holing entire ISPs. Or even
countries.
- Refuse to do business with spam-friendly ISPs. Check with the
good folk in news.admin.net-abuse.email and consult the "Top 10"
list at The Spamhaus Project. (We recently switched ISPs at one
site because our old ISP was becoming unbearably spam-friendly.)
No, there's not much that can be done to "shut them down for good," but you can make the effect of their spamming as ineffective as possible and make the ISPs that support spammers as unprofitable as possible.SPEWS, by the way (mentioned in the article), is having a tremendous effect on spam-friendly ISPs :-).
It's already being done. If you're interested, run one yourself -- every spam message trapped by a honeypot is a spam message that doesn't get to its recipients. Brad Madison runs one on a university VAX machine and Michael Tokarev runs one in Russia. Both are fairly heavily trafficed by spammers.
See Brad's page Fighting Relay Spam for more information on running your own SMTP relay honeypot.
See posts like this one to see that these honeypots are working.
IMNSHO, the problem with spam block lists are
1.) They have a lot of false positives (blocking people they shouldn't),
That should encourage those positives to ask their ISPs why they are conducive to spammers, and start to convince ISP's that spammers are the source of the problem
2.) a lot of false negatives, (they don't block very many spammers),
Outta sight, outta mind. A little spam is still spam.
3.) they are a lot of trouble to maintain, and
So certain people have decided that they can accept the maintenance problems in an effort to clean up the internet - kudos to them.
4.) they don't mesh well with the general spirit of the internet.
Spam block lists are merely opinions of a group of people. Other organisations may agree that their list is good, and thus adopt it as their main filter - that's the organisations right.
Adopting block-lists is nothing more than exercising the right to disassociate from a known group of people.
This freedom of choice - what the general spirit of the internet is about. The ability to say "No, I don't want your crap."
"Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as "known criminals"."
Well I can't speak for anyone else, but the SPAM that lands in my email box every day is largely from large corporations, chain letters (you know the ones that want you to send money to people on a list), and the rest I have no clue about as I can't read Kanji.
I honestly don't mind a bit of SPAM, but what really gets my goat is when they either claim that I asked for it "here are the results of your feedback form" or such like, or they cite some law from some country I don't live in and claim that this gives them the right to send me mail about whatever rubbish they are peddling. And lets face it - if they're intentions are so honourable, why is the return address always a non-existent hotmail/yahoo account? Then there's the "removeal"options - yeah sure I'm gonna go to some web page and type in my email address - so the spammers can know it's a real email address. Some of them even have the cheek to ask for a receipt!
The 3rd most prevalent type of SPAM in my mailbox is the laughable fraud attempts - you know the ones typed in CAPITALS usually puporting to be from some dude (usually in Nigeria) in some country's government who has some scam going whereby he needs your bank details to dump several million dollars US into it. I love those ones - they've been around on paper for donkey's years.
The Herald's reporter must have been out in the sun too long - the world's spam sent by a handful of chavvies - my arse.