Slashdot Mirror
Fighting The Spammers Down Under
An Anonymous Coward writes: "The Sydney Morning Herald is running an interesting article about fighting spammers. It mentions that "Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as "known criminals"." Does anybody else wonder who these people are, and what are the odds of having them shut down for good?"
www.spamhaus.org has a list of spammers and the ISPs supporting them. They also have some quite interesting articles on this topic.
Everyone always goes on about SPAM and how bad it is and how we don't like to get it....... The real problem is that it must be profitable for some individuals to do it otherwise it wouldn't happen (save the handful of ppl who just like to do it for fun, similar to graffiti). I have a some contact with the advertising and marketing industries here in Aus and I can tell you that from the pure marketing point of view it does look attractive. The marketing ppl rarely consider the annoyance factor, they just want nice numbers... ie "so you can send this out to 1000s of people, Great! How much per person.... what's that, its a LOT cheaper then mail, WOW put me down for 50000"... and so the corporate world pays for what we hate. Sure there might be exceptions, but I bet that this is the norm, esp in cases when the marketing department has 0 exposure to technology and so doesn't suffer like the rest of us.
Sure, spam is probably profitable: it transfers most of the cost of advertising to the (probably unwilling) receipiant, and nobody ever went broke underestimating the Good Taste of the American public.
The problem with spam is that the dirty details of spam disassociates it from market forces, unlike other, more conventional forms of advertising.
In just about every other form of ad (radio or Tee Vee commercial, newspaper ad, billboard, etc) the advertiser pays for the ad up front, before you make a decision to buy the advertised product or not. So, if the ad is particularly repulsive, ("Ring around the collar!") the consumer can make a decision to not buy the product. The advertiser is out the cost of the ad. Of course, the cost of any advertised product is higher than an unadvertised product, so the consumers who chose to buy an advertised product ultimately pay for a portion of the advertising.
Contrast this with a spammed ad: the consumer has paid for his or her network time to receive the ad, the disk space to store the ad and the CPU cycles it took to process the email ad before getting a chance to decide whether to buy the spamvertised product or not. No matter how repugnant, stupid, wasteful, or dumb the ad is, the consumer ends up paying for the spamertising. Only very weak market forces control spamvertising. That's the real problem with spam.
Email spamming is theft, plain and simple. Email spammers must be punished.
Finally, someone has come to recognized my preferred solution to fight spammers: kick them in the genitals.
Or did you mean something else by "Fighting The Spammers Down Under"?
If the FTC is really serious about going after spam, then we need to give them our support. More than that, we need to make them do their job with this. If most spam is fraudulent, and if most spam is sent by a relatively small group of people, then it stands to reason that getting rid of these hard-core spammers will go a long way toward reducing the spam problem.
Now don't get me wrong here. I'm not naive enough to believe that this is going to be easy. Spammers are slippery little worms, and stopping them for good won't be easy. However, there's nothing like a court order to give someone an attitude adjustment.
So here's the deal. The FTC wants to receive spam at uce@ftc.gov, so send it. My guess is that they like getting all spam, but bear in mind that they don't have jurisdiction over spam per se, just spam selling fraudulent goods and services. This is something they can latch onto and run with because they are empowered to stop fraud. If you send, be sure to include full headers so messages can be tracked back to the source. That way, if a spammer hops from ISP to ISP, it may be possible to construct a pattern that can be used to find and nail him.
As I said, I don't count on this to work, but if the FTC really is serious, then let's give them the evidence they need to bust some balls.
That light you see at the end of the tunnel might be from an oncoming train.
In addition to the usual anti-spam methods:
one can block IP addresses that attempt to spam on a regular basis. Tools such
- ipchains
- netfilter/iptables
- ipFilter
can be configured to block frequent spammer IP addresses from your SMTP ports.The following is a list of IP addresses that we have observed spamming on a regular basis. Blocking these sites won't solve your spam problem. On the other hand blocking common spam locations as part of an overall anti-spam system will help.
Sorry if your IP address is in the above list. If you are not a spammer then it could be that you happen to be using an ISP that tolerates spammers (or is unable/unwilling to block them), or you work for a company that spam, or you are near a poorly configured and poorly maintained site that is abused as an open relay.
chongo (was here)
The Direct Marketing Association has this little checkbox on their page, which says "notify me when my listing expires".
EXPIRES? WHAT THE FUCK?
If I were naïve enough to belive that any of the sleazebags in the DMA would actually honor this list for *any* amount of time, I'd be pretty pissed off when the spam started flooding in when their database says my "leave me alone" notice has expired.
I trust these people about as far as I can throw them.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
A friend of mine here in the UK has recently suffered a nasty fate at the hands of some very active spammers... they faked a reply-to address in his domain (summerisle.demon.co.uk).
.com.
The result was that, for a period of about two and a half weeks in January, David was receiving over 1000 bounced emails a day, effectively mailbombing his account. With a pay-per-minute 56K modem as his only internet access, it wasn't a pretty sight.
The spammers that sends this stuff out, who identify themselves as 'Global Advertising Systems' and 'Universal Advertising Systems' claim to be based in Billings, MT. You may have seen some of their handiwork in your own mailbox with subjects like 'Increase energy levels', 'Become a Judgement Processing Professional', 'Child Support-Investigator'. They're very effective at covering their tracks - the only contact information is PO Box, telephone and fax numbers in the US, plus disposable eMail address and a snail-mail PO box in Aruba if you want to be 'removed'. All the mail originates in the Phillippines (with the obligatory faked additional headers added) then gets punted out through open relays around the world. Complaints to the ISPs in the Phillipines get no reply or bounced.
Fortunately, I'm lucky enough to have DSL, so I was able to filter the stuff out and forward it on to another account - OK if you've got the bandwidth, but not a proper solution.
The scary bit is that it seems like there's no other defence against this kind of activity. The ISP hosting the domain's POP box sympathised, but said they couldn't do anything to delete this incoming junk before it was delivered. UK & Billings, MT police and the FBI said no crime had been committed and taking private legal action across the Atlantic is a bit out of the reach of a one-man recording studio. My friend's frustrated reaction to another attack this week has been to dump the domain and move elsewhere with a new
If anyone else has any more information on these b*st*rds or ideas for wreaking revenge I'd be interested to hear.
No matter who they are, fight them with razor! razor is a distributed, collaborative spam detection and filtering network, and it rocks. I hardly get any spam anymore, and if I get one, I can report it to the network, and other razor users won't see that email anymore.
A monkey is doing the real work for me.
I have yet to receive SPAM from a company I could even Boycott. Since I don't regular buy goods or services from Jerry's Triangle Scheme, or Joe-Bob's Porn site, a boycott isn't going to do much. Maybe if Subway started spamming me I'd stop going there, but I don't get any SPAM from any companies I've ever even heard of before.
Actually, I think all the SPAM I get can be put into a few categories:
There's your get-rich-quick SPAM, covering a myriad of pryamid schemes and others. Then there's your 'insider information' SPAM telling you what stock to buy. 'Porno SPAM' speaks for itself. 'Weight loss and Sexual medicine' group has to be one of my favorites. You can lump the rest into 'actual seems like they're trying to sell me something' group or the 'wtf is this?' group.
What?
You see, mobile phones ring or vibrate when they get spammed. It's worse than ordinary spam because email addresses are usually the same as your phone number, giving an easy target to spam programs.
My friend has two phones registered with slightly different names, and they ring within 10 seconds of each other, about once an hour or so. His FOMA (3G, streaming video) phone is real special. It does a pirouette on his desk because it is vibrating so strongly.
Imagine it. Everyone who has these phones (millions) gets this ringing all the time, even in the middle of the night. DoCoMo recently offered custom mail addresses to combat it but still..
It's already being done. If you're interested, run one yourself -- every spam message trapped by a honeypot is a spam message that doesn't get to its recipients. Brad Madison runs one on a university VAX machine and Michael Tokarev runs one in Russia. Both are fairly heavily trafficed by spammers.
See Brad's page Fighting Relay Spam for more information on running your own SMTP relay honeypot.
See posts like this one to see that these honeypots are working.