Slashdot Mirror
Fighting The Spammers Down Under
An Anonymous Coward writes: "The Sydney Morning Herald is running an interesting article about fighting spammers. It mentions that "Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as "known criminals"." Does anybody else wonder who these people are, and what are the odds of having them shut down for good?"
www.spamhaus.org has a list of spammers and the ISPs supporting them. They also have some quite interesting articles on this topic.
In my humble opinion, the problem with spam block lists as they are today is that
1) they are not consolidated which means your network may end up being wrongfully isolated from one or two networks and you'll never know why your legitimate e-mail isn't reaching its destination and
2) if you get added to a list, some people aren't responsible enough to keep them updated. So if for example you had open-relaying on by accident (a common problem alleviated in the recent versions of sendmail) you may end up being "blacklisted" and if you try to contact the maintainers of those lists, you get no response and your domain is forever banished from the internet.
I heard the FCC (or one of those acronyms...maybe the FDA) is starting to create a national "blacklist" maintained by the government. I don't know if that's true, but that might actually not be a bad idea.
Just my US$0.02.. Hargun
Think nothing is impossible? Try slamming a revolving door.
I send them off a nice fax, on a 50% grey scale, full page background which orders them to stop spamming..
Why 50% grey scale? Because it's near worst-case for fax compression (which expects mostly blocks of white then smaller blocks of black). Faxing a 1 page grey scale at 1200 baud can take 90 minutes (800 number, remember? It's on their quarter).
I'll usually do a voice callback first to make sure I'm not responding to someone who's being smurfed by an enemy.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.
This points to the only long-term solution to spam - take out the profit motive.
But this is tied to the question of strong authentication of the sender (at least at the ISP level), and all of the privacy concerns that raises. E.g., a good way to kill spam is to require each message provide non-trivial e-postage. Perhaps USD0.25 per 20kb block. (After getting over 15MB in less than our from a misconfigured spambot with a huge payload, I am *not* willing to accept "one price for all" scheme!)
If the recipient found the message worthwhile, they could send an ack to their ISP and release the money back to the sender. Or they could let a reaonable time elapse, say 2 weeks, and the money would be released back to the sender. This could probably even be automated for explicitly named friends and mailing lists.
But if the recipient said it was spam, they keep the postage.
At USD0.25 per message, there's no profit motive in me lying whether a message is spam. But at USD0.25 per message, it's a safe bet that few businesses will send out 10,000 messages (USD2500) to snare a single response.
For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
If the FTC is really serious about going after spam, then we need to give them our support. More than that, we need to make them do their job with this. If most spam is fraudulent, and if most spam is sent by a relatively small group of people, then it stands to reason that getting rid of these hard-core spammers will go a long way toward reducing the spam problem.
Now don't get me wrong here. I'm not naive enough to believe that this is going to be easy. Spammers are slippery little worms, and stopping them for good won't be easy. However, there's nothing like a court order to give someone an attitude adjustment.
So here's the deal. The FTC wants to receive spam at uce@ftc.gov, so send it. My guess is that they like getting all spam, but bear in mind that they don't have jurisdiction over spam per se, just spam selling fraudulent goods and services. This is something they can latch onto and run with because they are empowered to stop fraud. If you send, be sure to include full headers so messages can be tracked back to the source. That way, if a spammer hops from ISP to ISP, it may be possible to construct a pattern that can be used to find and nail him.
As I said, I don't count on this to work, but if the FTC really is serious, then let's give them the evidence they need to bust some balls.
That light you see at the end of the tunnel might be from an oncoming train.
The Direct Marketing Association has this little checkbox on their page, which says "notify me when my listing expires".
EXPIRES? WHAT THE FUCK?
If I were naïve enough to belive that any of the sleazebags in the DMA would actually honor this list for *any* amount of time, I'd be pretty pissed off when the spam started flooding in when their database says my "leave me alone" notice has expired.
I trust these people about as far as I can throw them.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Well, I think asking the government for help here is a little counterproductive. Given the Government Nature, the solution will be shortsighted, intrusive, expensive, and will exclude rational thought. In short, they'll probably:
Declare a national moratorium on e-mail while a congressional steering committee holds a conference to determine the nature and extent of the problem.
Industry and Community Leaders who have never actually sent or recieved an e-mail will be called in to consult, as well as a couple of Hollywood Celebrities.
A proposal will be made to Nationalize e-mail under the State Department.
Objections from Civil Liberties Profiteers Inc. will lead to a "compromise" proposal to place control of e-mail services with that well-known private organization, The Post Office.
New "Spam Free" e-mail will cost $0.34 each, and take 3-5 days to deliver, but you can pay $3.00 and have a guarantee of delivery... in 3-5 days.
A new congressional committee will congratulate the Post Office and themselves for eliminating SPAM!!! And hold hearings to examine the new problem of "unsolicited e-mail."
Okay, that's a _slight_ exaggeration.
But seriously, the obvious ways to help are:
1. Very Public Boycotts of companies that use Spam tactics.
2. Encourage use of Digitally Signed E-mail.
3. Encourage efforts by ISPs to block e-mail from "repeat offender" sites.
4. Encourage the "securing" of open relays.
None of these methods involve letting politicians write laws which include new taxes, new power, or new public swimming pools named after them.
And by the way, given the nature of Enya's music and Eminem's "anti-music," I imagine that if they were to actually meet, the resulting music-anti-music reaction could deafen an entire medium-sized city.
Consider, for example, the position of PaeTec Communications. They've been unable to kick a spammer off (Monsterhut), as said spammer was able to obtain a temporary injunction. When the case is resolved, PaeTec will presumably win. Until then, however, the address range they lease to Monsterhut is getting added to numerous blacklists. I see no reason to why that address range shouldn't be removed after PaeTec succeeds in ridding themself of this spammer -- at some point in the future, that address will get reassigned to a new customer. But if the people blacklisting that address are using an uncommented, static, ad hoc list that the snarfed from Slashdot, there's a decent chance that that listing'll be around indefinitely.
In summary, I strong encourage sysadmins to stick to well-maintained lists when it comes to spam blacklisting. They should carefully evaluate both the criteria that gets a site listed and the criteria that gets a site unlisted.
I originally came up with the idea when I got assigned a phone # that used to be some business' fax number. Well, even though it's illegal, fax spammers would try to send me faxes at, like, 4:00am, so I started replying with these 50% grey faxes from my mac.
(un)fourtunately, my fax modem and fax software had this wierd bug with some fax machines where, after sending the page, the page acknowledgement would get lost and the program would abort --- to try again. I had the software set to retry 10 times...
One day I sent off a grey-scale fax to a company before I ran off to work. It got hit by the bug, and repeatedly tried sending the fax... It succeeded on the 5th or so try, tying up their fax machine until the early evening to get that one page fax through.
hehe.
BTW. Part of the reason for using the 50% grey scale is that it minimizes paper waste while getting in maximum time. A single grey-scale page at 1200 baud takes the same amount of time as 90 pages of regular text. an 8 page fax will take almost 12 hours.
Sometimes boldness is in fashion. Sometimes only the brave will be bold.