Slashdot Mirror
Fighting The Spammers Down Under
An Anonymous Coward writes: "The Sydney Morning Herald is running an interesting article about fighting spammers. It mentions that "Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as "known criminals"." Does anybody else wonder who these people are, and what are the odds of having them shut down for good?"
A good solution for spammers is to track them down, post their addresses for everyone to see, and hold spam bashing parties, in which many, many people make a roadtrip to 'encourage' the spammer not to spam anymore. Such encouragements could be things like, VX, a sock with a cueball in it, small rabid animals, and herpes.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
www.spamhaus.org has a list of spammers and the ISPs supporting them. They also have some quite interesting articles on this topic.
In my humble opinion, the problem with spam block lists as they are today is that
1) they are not consolidated which means your network may end up being wrongfully isolated from one or two networks and you'll never know why your legitimate e-mail isn't reaching its destination and
2) if you get added to a list, some people aren't responsible enough to keep them updated. So if for example you had open-relaying on by accident (a common problem alleviated in the recent versions of sendmail) you may end up being "blacklisted" and if you try to contact the maintainers of those lists, you get no response and your domain is forever banished from the internet.
I heard the FCC (or one of those acronyms...maybe the FDA) is starting to create a national "blacklist" maintained by the government. I don't know if that's true, but that might actually not be a bad idea.
Just my US$0.02.. Hargun
Think nothing is impossible? Try slamming a revolving door.
Everyone always goes on about SPAM and how bad it is and how we don't like to get it....... The real problem is that it must be profitable for some individuals to do it otherwise it wouldn't happen (save the handful of ppl who just like to do it for fun, similar to graffiti). I have a some contact with the advertising and marketing industries here in Aus and I can tell you that from the pure marketing point of view it does look attractive. The marketing ppl rarely consider the annoyance factor, they just want nice numbers... ie "so you can send this out to 1000s of people, Great! How much per person.... what's that, its a LOT cheaper then mail, WOW put me down for 50000"... and so the corporate world pays for what we hate. Sure there might be exceptions, but I bet that this is the norm, esp in cases when the marketing department has 0 exposure to technology and so doesn't suffer like the rest of us.
Spam is "spam" until registrations, licenses, warranty agreements, etc, require a valid email address and/or an opt-in to that company's "news". Then it becomes legit. i get plenty of unsolicited email from companies legitly possessing my addy, even email with opt-out links. if every company i interact with sends me just one of these, that's still a lot of undesirable, often image- and HTML-laden emails to have show up.
That's why i don't think spam will cease to be a problem for end-users, even if the signal-to-porn ratio improves.
What you can do:
Go to war!
Sue!
And win!
or...
Join them!
but i'd rather hit delete a few times per day (i don't get more than 10 spam mails a day) and know the internet is still relatively free. yes, they're sleaze, but if you're going to start blocking them, it's not that hard for a few other domains to be slipped in there. the potential for censorship seems too great to me *shrug*
so i'll continue deleting my 10 mails per day.
Kraada
Sure, spam is probably profitable: it transfers most of the cost of advertising to the (probably unwilling) receipiant, and nobody ever went broke underestimating the Good Taste of the American public.
The problem with spam is that the dirty details of spam disassociates it from market forces, unlike other, more conventional forms of advertising.
In just about every other form of ad (radio or Tee Vee commercial, newspaper ad, billboard, etc) the advertiser pays for the ad up front, before you make a decision to buy the advertised product or not. So, if the ad is particularly repulsive, ("Ring around the collar!") the consumer can make a decision to not buy the product. The advertiser is out the cost of the ad. Of course, the cost of any advertised product is higher than an unadvertised product, so the consumers who chose to buy an advertised product ultimately pay for a portion of the advertising.
Contrast this with a spammed ad: the consumer has paid for his or her network time to receive the ad, the disk space to store the ad and the CPU cycles it took to process the email ad before getting a chance to decide whether to buy the spamvertised product or not. No matter how repugnant, stupid, wasteful, or dumb the ad is, the consumer ends up paying for the spamertising. Only very weak market forces control spamvertising. That's the real problem with spam.
Email spamming is theft, plain and simple. Email spammers must be punished.
Finally, someone has come to recognized my preferred solution to fight spammers: kick them in the genitals.
Or did you mean something else by "Fighting The Spammers Down Under"?
If the FTC is really serious about going after spam, then we need to give them our support. More than that, we need to make them do their job with this. If most spam is fraudulent, and if most spam is sent by a relatively small group of people, then it stands to reason that getting rid of these hard-core spammers will go a long way toward reducing the spam problem.
Now don't get me wrong here. I'm not naive enough to believe that this is going to be easy. Spammers are slippery little worms, and stopping them for good won't be easy. However, there's nothing like a court order to give someone an attitude adjustment.
So here's the deal. The FTC wants to receive spam at uce@ftc.gov, so send it. My guess is that they like getting all spam, but bear in mind that they don't have jurisdiction over spam per se, just spam selling fraudulent goods and services. This is something they can latch onto and run with because they are empowered to stop fraud. If you send, be sure to include full headers so messages can be tracked back to the source. That way, if a spammer hops from ISP to ISP, it may be possible to construct a pattern that can be used to find and nail him.
As I said, I don't count on this to work, but if the FTC really is serious, then let's give them the evidence they need to bust some balls.
That light you see at the end of the tunnel might be from an oncoming train.
In addition to the usual anti-spam methods:
one can block IP addresses that attempt to spam on a regular basis. Tools such
- ipchains
- netfilter/iptables
- ipFilter
can be configured to block frequent spammer IP addresses from your SMTP ports.The following is a list of IP addresses that we have observed spamming on a regular basis. Blocking these sites won't solve your spam problem. On the other hand blocking common spam locations as part of an overall anti-spam system will help.
Sorry if your IP address is in the above list. If you are not a spammer then it could be that you happen to be using an ISP that tolerates spammers (or is unable/unwilling to block them), or you work for a company that spam, or you are near a poorly configured and poorly maintained site that is abused as an open relay.
chongo (was here)
This is where I gloat a wee bit about living in the UK. We have a lovely service called the Telephone Preference Service. Anyone making unsolicited commercial calls must cleanse their lists against the TPS list, or be guilty of a criminal offence.
Since registering a year ago, we've maybe had five calls, all of whom hang up really quickly once you start asking them for their details to report them to the TPS.
The only thing you can accurately describe as "Scotch" is a sticky tape made by 3M. And it's
The Direct Marketing Association has this little checkbox on their page, which says "notify me when my listing expires".
EXPIRES? WHAT THE FUCK?
If I were naïve enough to belive that any of the sleazebags in the DMA would actually honor this list for *any* amount of time, I'd be pretty pissed off when the spam started flooding in when their database says my "leave me alone" notice has expired.
I trust these people about as far as I can throw them.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
A friend of mine here in the UK has recently suffered a nasty fate at the hands of some very active spammers... they faked a reply-to address in his domain (summerisle.demon.co.uk).
.com.
The result was that, for a period of about two and a half weeks in January, David was receiving over 1000 bounced emails a day, effectively mailbombing his account. With a pay-per-minute 56K modem as his only internet access, it wasn't a pretty sight.
The spammers that sends this stuff out, who identify themselves as 'Global Advertising Systems' and 'Universal Advertising Systems' claim to be based in Billings, MT. You may have seen some of their handiwork in your own mailbox with subjects like 'Increase energy levels', 'Become a Judgement Processing Professional', 'Child Support-Investigator'. They're very effective at covering their tracks - the only contact information is PO Box, telephone and fax numbers in the US, plus disposable eMail address and a snail-mail PO box in Aruba if you want to be 'removed'. All the mail originates in the Phillippines (with the obligatory faked additional headers added) then gets punted out through open relays around the world. Complaints to the ISPs in the Phillipines get no reply or bounced.
Fortunately, I'm lucky enough to have DSL, so I was able to filter the stuff out and forward it on to another account - OK if you've got the bandwidth, but not a proper solution.
The scary bit is that it seems like there's no other defence against this kind of activity. The ISP hosting the domain's POP box sympathised, but said they couldn't do anything to delete this incoming junk before it was delivered. UK & Billings, MT police and the FBI said no crime had been committed and taking private legal action across the Atlantic is a bit out of the reach of a one-man recording studio. My friend's frustrated reaction to another attack this week has been to dump the domain and move elsewhere with a new
If anyone else has any more information on these b*st*rds or ideas for wreaking revenge I'd be interested to hear.
Well, I think asking the government for help here is a little counterproductive. Given the Government Nature, the solution will be shortsighted, intrusive, expensive, and will exclude rational thought. In short, they'll probably:
Declare a national moratorium on e-mail while a congressional steering committee holds a conference to determine the nature and extent of the problem.
Industry and Community Leaders who have never actually sent or recieved an e-mail will be called in to consult, as well as a couple of Hollywood Celebrities.
A proposal will be made to Nationalize e-mail under the State Department.
Objections from Civil Liberties Profiteers Inc. will lead to a "compromise" proposal to place control of e-mail services with that well-known private organization, The Post Office.
New "Spam Free" e-mail will cost $0.34 each, and take 3-5 days to deliver, but you can pay $3.00 and have a guarantee of delivery... in 3-5 days.
A new congressional committee will congratulate the Post Office and themselves for eliminating SPAM!!! And hold hearings to examine the new problem of "unsolicited e-mail."
Okay, that's a _slight_ exaggeration.
But seriously, the obvious ways to help are:
1. Very Public Boycotts of companies that use Spam tactics.
2. Encourage use of Digitally Signed E-mail.
3. Encourage efforts by ISPs to block e-mail from "repeat offender" sites.
4. Encourage the "securing" of open relays.
None of these methods involve letting politicians write laws which include new taxes, new power, or new public swimming pools named after them.
And by the way, given the nature of Enya's music and Eminem's "anti-music," I imagine that if they were to actually meet, the resulting music-anti-music reaction could deafen an entire medium-sized city.
No matter who they are, fight them with razor! razor is a distributed, collaborative spam detection and filtering network, and it rocks. I hardly get any spam anymore, and if I get one, I can report it to the network, and other razor users won't see that email anymore.
A monkey is doing the real work for me.
You see, mobile phones ring or vibrate when they get spammed. It's worse than ordinary spam because email addresses are usually the same as your phone number, giving an easy target to spam programs.
My friend has two phones registered with slightly different names, and they ring within 10 seconds of each other, about once an hour or so. His FOMA (3G, streaming video) phone is real special. It does a pirouette on his desk because it is vibrating so strongly.
Imagine it. Everyone who has these phones (millions) gets this ringing all the time, even in the middle of the night. DoCoMo recently offered custom mail addresses to combat it but still..
It's already being done. If you're interested, run one yourself -- every spam message trapped by a honeypot is a spam message that doesn't get to its recipients. Brad Madison runs one on a university VAX machine and Michael Tokarev runs one in Russia. Both are fairly heavily trafficed by spammers.
See Brad's page Fighting Relay Spam for more information on running your own SMTP relay honeypot.
See posts like this one to see that these honeypots are working.