Slashdot Mirror
Anti-Spammers Wage E-War
ncstockguy writes "To its credit the Hartford Courant followed up with a second article this time from the perspective of an anti-spammer." The first story was about the life and times of a spam king.
← Back to Stories (view on slashdot.org)
From the article:
"They are every fly-by-night artist that ever wanted to place a tiny little ad in the newspaper and get away with it," Frederick said. "I have yet to see one legitimate product advertised in an e-mail that I didn't ask for."
Never thought about it before until now, but I don't recall ever having ever seen one either...
Until this war against spammers is won, I will continue to use Mailwasher.
Sign me up for the war, want revenge for this, feel free to advise.
A feeling of having made the same mistake before: Deja Foobar
Yes, most ISPs terms say that you can't send spam. That's not enough. The terms should mandate a fee of $1 for every email address you send to if it is determined you sent spam. That way, if they want to send out spam their credit card would automatically get charged. Make the spammers pay for sending out their junk.
to stop spammers.
I have an account I purchased from spamcop.net. I never used the email address onything (i've never even checked it) and it's bounsing spam every day.
Spammers hack systems to get accounts, they harvest them, they buy them (illegally) from state agencies. These people are scum and I consider it my right, duty and priviledge to take them out whenever and wherever I can find them.
I am in the process of building a snort utility specifically designed to track down the home IPs of spammers (in the US at first).
I won't go into details on what I plan to do when I get some, but rest assured it will be neither pretty nor legal.
My $0.02 will always be worth more than your â0.02, so
Spamassassin
Okay, so that's more like 6 words, but still it's great. A guy I work with turned me onto it and I love it. And adding a `spamassassin -r` in my procmailrc for known_spam gives me the feeling that I'm actually doing my part in preventing SPAM.
Click here or here.
I don't even know why spammers bother. Does anyone really fall for 'Have a bigger penis in 3 days' or 'Lose 50 pounds in 23.2 seconds' or any of the other common spams? I mean come on. I would not mind, actually I would WELCOME email advertising if it was only for things that I could use. I like working on cars, computers etc.. so if I were to recieve advertising based on those things,that actually came from a trackable source, with a reliable way of removing oneself from the list, I actually might be HAPPY about it, since I could find out about new products and places with good prices on them. Mass-email marketing COULD work, if anyone could actually trust the vendors, but of course we all know that we can't. I'd like to see legitimate vendors joining us in the anti-spam war, it could only be a positive for them. As it stands now, if I even WANT a product, I won't buy it if it comes as spam. Take the x-10 camera for example. I'd love one of those. I could think of 1000 things to do with it, and that doesnt even include the sneaky, spying on the 18yr old girl next door type ones. But guess what? I'll never, ever do business with them because of their aggressive, intrusive advertising methods.
Don't Tread on Me
Anyone remember his anti-spam campaign against one Bernard Shifman?
Shifman Is A Moron Spammer
Schwartzman's anti-spam page
Why does'nt www.hotmail.com anti-spam features work? Surely Microsoft can afford to employ decent anti spamming technology, or is there a reason their supporting it?
It uses SpamAssassin and Vipul's Razor to help weed out SPAM in your inbox and report it to the authorities. It can be found at www.LinuxLaboratory.org. Click on the labs section and you will find it. Leave me some feedback on it in the forums please.
Great Linux Site
I just LOVE to find a fax-number of a spammer.
oferload their resources, call them, waste their time, put their names on the internet, have an auto opt-in for your e-mail (you spam me, I send you t lots 'o free advice).
blocking is not enough if there is a big response on their telephone (whois) they're out of business for at least a day, maybe longer. make them feel sorry for sending spam.
Privacy is terrorism.
This article made me think of a slightly modified version of the question asked in the article yesterday about The True Story of Website Results: If you could press a button and kill a spammer on the other side of the world, would you do it? And would you even need to be paid the million dollars?
I tend to agree that we probably don't need new laws. Laws already exist that can cover alot of the Internet sewage.
I think a set of bylaws should have been set forth quite some time ago. Bylaws to ban things such as spamming, massive pop-ups, etc. These bylawas could be set forth by a governing body(IETF maybe). If someone/something violated these bylaws then appropriate action could be taken.(account termination, blacklist, etc)
The Internet should be self regulating in itself and laws should be left for crimes in general regardless of the methods used to commit them.
just my 2 cents
Keep the Classic Slashdot.
All an ISP has to do is inform their customers that any e-mailings of over 50 addresses will be reviewed and placed on hold for the customer to acknowledge that it is indeed their e-mail going out. After it is acknowledged, if it is an advertisement or spam, that e-mail will cost 1 or 2 cents for each address it's being sent to.
Unfortunately, this doesn't address the torrent of spam from China, nor the Nigerean Millions waiting for a bank acount spam, But at least it would be a start.
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
I used to work in the industry, and while we'd never send mail on the 80-million-a-day scale that some of these guys do, we'd certainly send half-a-million in a given day, to broadly scattered email addresses. We always made a specific point of keeping the email small (under 1K) and it was *very* clear who the source of the message was (never luv384j6@h0tmail.com).
The mail itself invited the recipient to sign up as a mystery shopper, which would give them the opportunity to get paid to evaluate services in their local neighborhood.
Unfortunately, in a world of snake-oil salesmen, we took a lot of grief for the approach, even though it still paid for us to do it. Because the offered product (which was really a part time job offer) was legitimate, we never attempted to disguise the identity of the source. Bounced mails were automatically flushed from the database. Removal requests were honored. The advertising business was tracable. (Our address, phone number, president's name and industry association registration was on the first web page link in the message.) But because of all the charlatans out there, we were taken to be just one more instance of spam -- which in some sense we were, but with at most a tiny fraction of the rudeness which permeates the practice.
If you want to make sense of most things in the commercial world, the answer is to follow the money trail.
It seems to me the trail starts with the advertiser (or scam merchant). They pay Mr Big to send out a spamshot and forward back the results.
Mr Big needs to
* buy some expertise in spam techniques,
* buy some mail generation kit (I don't know how much H/W or S/W these guys need)
* pay the ISPs,
* buy / get hold of some spamlists
* pay someone to keep track of the mail replies
* If they are unlucky pay for some legal advice
* Oh and the last step in the chain is a punter actually paying hard cash to the advertiser/scammer
They put the money into the chain that drives all the other players.
The point is that every step in the chain there is a skilled person who is being paid to do a task. Such a person could legitimately argue that they are satisfying market demand for a product or service that has many perfectly honest uses and that it is no business of theirs to be making moral judgements that the law doesn't require.
"Hell if I didn't carry the spammers traffic then someone else would"
At a guess I would say that there must be sufficient money flowing in from punters to keep the wheels turning for a while yet.
Long term answer? Fewer mug punters. Maybe that's where the effort should be placed.
Short term answer? Flood the spammers back with fake replies that they can't easily discard.
If one Mr Big gets blacklisted or put out of business then there are plenty more to step up and buy in all the things they need to pick up the threads.
Reading the earlier article about the spammer, Scelson, I can't help but wonder if he uses email, and if so, how much spam he gets. Does he waste any time sorting through it to find the messages he wants?
I have added mail filters to move emails with "debt credit sex cum penis ..." to a junk email folder that then has an auto respond of "remove and unsubscribe" in the subject line. If more people did this we could swamp the junk mailers with emails. And besides it just feels good to start fighting back.
rise up an add your filters and auto responders.
Lifes a game play to win!
I think it's amazing how much effort these people put forth considering how little effort it takes the spammers themselves. With a minimum of trouble, I have spam filters on my work and home accounts and hardly ever does one get through. Even my Hotmail account puts spam in the 'Junk Mail' folder. I go in and check it once in a while to clear it out and see that it's all junk, which it always is. These people could find much better causes to get behind, like writing postcards to that poor little sick kid in England perhaps.
Well I thought it was funny.
He devotes hours here each week as a volunteer member of SWAT, the Spam Wranglers Action Team, hunting for spammers and trying to shut them down.
And all this time I was using SWAT to configure SAMBA....
Sound waves should be free!
Every day I get spam identified by SPAMCOP as being from China. So I dutifully turn them in, and another ORS is shut down. What happens during the next crackdown in China or in Bush' s America if all the boxes are secure? Will this eventually seal our fate if we ever need a time to rebel and rise up?
People will say that spam is the same as junk snail mail, but it's not. "Legitimate" junk snail mailers will happily bear the cost of sending their messages, knowing that they are advertising a legitimate product or service. Spammers push that expense off on the people receiving their message.
To further the theft of services concept, an overwhelming majority of spam is sent through open or unsecured mail relays. This means that people who have no legal right to use those services are using them, much like someone who splices into an apartments building's cable tv system to get free cable. And as I always point out in my spam complaints, there's always this little gem:
-----
Darwin is an evolutionary OS...
--
Apple hardware still too expensive for you? How about a raffle ticket?
Come to the University of Mars! Classes starting soon!
That, unfortunatly, is illegal. They have actual laws in place (and spammers are big enough hypocrites to nail you too). Wouldn't it just totally SUCK to have to write a check to the Spam King?
One thing I'm having a hard time with is congresses inaction on SPAM. It's basically the same as fax spamming, just a lot easier to do and probably a LOT more costly to it's victims. It takes a significant ammount of a companies/ISPs resources that they shouldn't have to pay.
Don't anthropomorphize computers, they don't like it.
Several ISPs, such as Verio, UUNET, Qwest, etc. host many spammers, and are willfully ignorant WRT the activities of the spammers - they do a fine Sgt. Schultz "I know NOTHING, NOTHING" when confronted with the evidence.
First, I suggest EVERYBODY use Spamcop or a similar reporting service when the get SPAM (disclaimer - I am in no way associated with SC other than using their free reporting service).
Second, if you get a spam from a server hosted by one of these ISPs, you use www.bitch-list.net to turn the crapflood back on the ISP - make it cost them more in support calls than the spammer is paying them.
Third, if any of you HAVE servers hosted by these ISPs and you ever get shut down for TOS violations, you sue the ISP, claiming discrimination - "They didn't TOS these spammers, why are the TOSing me?"
Make it cost the ISPs more to host the spammers than the spammers pay, and they will drop the spammers. Remember, both Verio and Worldcom/UUNET are hurting for money right now - pink contracts must look pretty good to them ("See, the spammers will pay DOUBLE for bandwidth!"). Turn the pink contracts into red ink, and they will cease.
www.eFax.com are spammers
Even if I were to recieve advertising based on those things,that actually came from a trackable source, with a reliable way of removing oneself from the list, I actually might be HAPPY about it, since I could use.
I like working on cars, computers etc.. so if I did, I make it a policy never to buy from companies that spam me, using e-mail or snail mail or telemarketeering or whatever. If I want their business, I will go to them. Spam me, and you will never, ever, get my money. Never thought about it before until now, but I don't recall ever having ever seen one either... I'll have the spam, eggs, and bacon, but hold the spam. Just curious, guys, but why doesn't someone do the following: Start filing CIVIL lawsuits against the advertisers directly, and in the process subpoena'ing the spammer's identity becomes known and then civil action can be brought directly at that person.
Just a thought... Someone used my email address you send to if it was only for things that I could use. I like working on cars, computers etc.. I don't even know why spammers bother. Does anyone really fall for 'Have a bigger penis in 3 days' or 'Lose 50 pounds in 23.2 seconds' or any of the other common spams? I mean come on. I would not mind, actually I would not mind, actually I would WELCOME email advertising if it was only for things that I could find out about new products and places with good prices on them. I think a set of bylaws should have been set forth by a governing body(IETF maybe). If someone/something violated these bylaws then appropriate action could be taken.(account termination, blacklist, etc) The Internet should be self regulating in itself and laws should be self regulating in itself for crimes in general regardless of the AC terrorists.
While at a conference a few weeks back, I spent an interesting evening with a grain of salt.
Indeed this sounds like a noble and fair approach, but it's much more of an ideal-typical fantasy; one of the big problem of the so-called "opt-in" lists is that once you are on one, you can never get off; largely because the "companies" (read: spammers) that gather these addresses, sell them to others. This is why they do it in the first place.
I still suffer from mistakes of four years ago, wherein I foolishly opted into some technology-related mailing lists, hoping I might find some valuable information in this way. Though I long ago removed myself from the original source, my address lives on in the second, third and nth generations of sold addresses. I still receive upwards of 200+ spams a day.... it's at the point where I have often lost real messages because it's buried in a sea of UCE. I have filters set up which catch approximately 2/3 of the spam, but I still must filter through some 50+ pieces of crap twice a day just to see if I've received an email from an old friend.
I'm finding it's actually easier to filter the real mail into separate folders than to filter out the spam!
I can't believe it's not lard!
Few spam mails have valid return addresses. By autoresponding you are likely not getting mail back to the spammer and simply increasing the amount of (essentially useless) mail that gets sent through the system.
An interesting thought came to me as to why I hate spam so much. It isn't just because there is too much spam, or it is annoying, or etc..
It's because they never, ever have sold a product that doesn't look like a scam, or porn to me. Every single spam I have gotten in my 7+ years on the internet has been for penis enlargers, aphrodisiacs, etc. It's like the snake-oil dealers of old have found a new home on the internet.
If I got coupons to the stores I frequent (or are in my area), or just adverts for legitimate, registered, good companies about products I might consider. It wouldn't bother me as much. But it's the fact that the spam I receive is pure, unadulterated, useless crap which explains why I hate spam so much, and don't feel too bad about junk mail I receive by post.
Just my thoughts on the issue.
~ kjrose
> "People are going out there and
> tracking it back down to the source,"
> Mozena said. "Without that constant
> fight, things would be a lot, lot,
> lot worse."
Does anti-spamming really work? The administrators and users of SpamCop, SpamAssassin, etc. should back off for one 24-hour period. Let the spam roll in. If it truly would be a "lot, lot, lot worse" without spam-fighters, the happy fallout will be that thousands of indifferent users who respond to spam with "JHD" (Just Hit Delete) will see how bad it's become. Maybe they'll join the spam-fighting ranks, or at least demand a solution.
-- This
Due to the massive abuse, e-mail may simply become a thing of the past. I am gradulaly moving to a web form and dropping e-mail. To write me, visit my page and fill in the online form. I'll soon no longer have an inbox.
As inconvienient as that is, it fixes most of the problems of the e-mail system. Mostly it will not accept any bulk mail from anybody.
The truth shall set you free!
Take down companies like this:
http://www.mailutilities.com/adr/
I dunno - hold an Afghan wedding there and get them bombed to shit...
A while back, maybe over a year there was an article on /. about a search engine which you can type "bulk email" into and it gives a list of companies selling bulk email software, ordered by how much they paid the people that run the search engine. Then every time you click on one of their links it costs the bulk email sellers so much per click. Anyone got a link to the /. article or I think there was another site with a lil perl script to do the clicking for you and run up a big bill for the bulk emailers. :)
Such fun, and yes, I do have way too much spare time
If you try to fail and succeed, which have you done?
Ive been using spamcop for a few months now, and I have reported several spammers. Some bastard company called netdomination spammed me evey day for nearly two years until i reported them! I recomend you try them. They Have a free service for reporting spam.
Unfortunately I can't afford to be quite so idealistic. I've had people call/mail me that are offering services that I someday want to use. I wouldn't have internet accesses if I went by that motto since the cable company, the phone company and Sprint (they do wirless internet here) have called me to try and sell me stuff. Unlike SPAM, I find that people are actually offering me (or at least are companies that have offerings) something that I want. I don't think I've ever bought from a sales call, but I've bought form companies that make them.
However I find SPAM very different from telemarketing/bulk mailing for several reasons:
1) The telemarketers/mailers are 99.9% of the time legit bussinesses offering legit products. When Cox calls to sell my high speed internet access, they aren't playing around, they can and will make good if I want. When I get a book of coupons in the mail, I can really go and use those for the products on them. SPAM is fradulant so often it's not even funny.
2) Also, with classic methods, the sender pays. The company calling me is paying for the long distance time, the mailer pays postage. It doesn't cost me anything other than wasted time (and there is plenty of stuff that does that). SPAM costs me money, which makes me angry.
3) However BY FAR the most imporant reason in my mind is that when you ask a telemarketer/bulk mailer to quit, THEY WILL. Since they are real, legit bussinesses and DON'T want to get sued, they'll obey they laws and stop contacting you if you tell them they have to. When a telemarketer calls you, ask to be placed on their do not call list, they have to maintain one and you can sue tehm if tehy call you again (unless you buy something from you, then you have a bussiness relationship so they can contact you if they like). Also a lot of companies get your address from teh credit reporting beuarues. SO call up Equifax and ask them to stop giving it out. They'll tell you what you need to do (submit a request in writing I think) and then they will, and pass it along to the other two.
It really is the unrelenting, fradulant nature of many spammers that gets me. For the longest time I got a ton of spam from a place that wanted to allow my bussiness to acept credit cards. Well the thing is I don't HAVE a bussiness, and I already have service to accept cerdit cards anyhow. No matter, these assholes spammed me 2-6 times PER DAY. And of course they didn't say who they were or anything, just asked you to e-mail them (to a yahoo address) with a name and phone number to call.
Stuff like that really pissess me off, I eventually had to resort to a technical solution to make them stop. However when AT&T long distance was pestering me (about 1 call every 2 weeks) I just told them to put me on a DNC list and I've never heard form them since.
Why not fax them blank pieces of paper. They can re-use the paper, so the cost is reduced to virtually nothing other than the cost of the time on the phone line.
Still probably illegal; but I doubt you'd suffer any real consequences even if they prosecuted.
Hot Damn! It's the Soggy Bottom Boys!
I've started to have a much more aggravating problem -- spammers using the email address of an old account of mine for the From: of their spam! I know because undeliverable mails are being returned to me. Is it just me, or is this a new low even by spammer standards?
I'm in the middle of dredging through the headers trying to figure out what the company ultimately responsible is, but even if I manage to find out, I'm not sure what to do with the information. I want blood.
Any suggestions?
don't think it's a problem? just try joining your local chamber of commerce and see how much junk mail you'll receive every day! Even if you quit, it keeps coming in. My house is a mess.
I can't believe it's not lard!
Ive had i good idea which might help give spammers a real kick up the ass!
Setup a e-mail adress somewhere (using one of the free e-mail services)
Then deliberatley add that adress to the 'remove' lists.
You will soon recive lots of spam at that address, then report them! This will temporarlly sting the spammer.
If enough people do this then spammers will find it harder and harder to spam because they are constantly being shut down!
Let's take a secomd and evaluate our "Mr. Roth," and determine if he is adding or subtracting value from the network.
.*@.*aol.com".
Martin Roth aka lumbercartel@hotmail.com
Martin Roth aims to solve the spam problem by educating spammers about proper e-mail marketing practices. But to educate them, he first has to find them.
Well, that sounds like a plan.
With practiced ease, Roth launches software tools with names such as "SpamCop," "SpamKiller" and "Sam Spade." These, along with multiple online accounts, help Roth comb through the junk e-mail pile for clues to the spammers' identity.
It's embarassing to use these tools because of the raw number of false positives they generate. Of course, for click and drool "d00dz, d3l3t3 yur spammer NOW!" people like Roth, that's a-ok. Of course, let's note that he belongs to a group that calls itself "Spam Wranglers Action Team," which by naming itself something stupid has demonstrated idocy.
But others, such as spam messages that appear to have been sent by an Internet newcomer, may present a better opportunity. A rookie spammer may fail to disguise headers and return addresses, create an amateurish sales pitch or promote a common multilevel marketing scheme.
So, go after new spammers because it's easy? Well, I guess they are easier to convince to change their ways, but if he really wanted to stop spam he'd be going after the mega-houses.
"Here's a guy maybe you can educate," Roth said, pointing to one such message among the scores before him.
What kind of education do you think this guy is going to get?
With that information in hand, Roth then reports the abuse and asks that the spammer be cut off. Many Internet providers will comply, since the sending of spam is usually prohibited by their own user policies. Providers that don't comply could face the prospect of being added to the blacklist of companies that support spamming.
Oh, that's some quality education there, sir.
As he speaks, Roth's computer erupts with the sound of gunfire once more. Roth
smiles broadly.
"Got another one," he said.
And that, my friends, is why these people do it. Because they enjoy the feeling of power that cutting people off the net gives them. They are like petty IRC dictators, typing "/kill
Martin Roth is doing nothing to help the spam problem, and he is a poor choice of people to profile. Martin Roth is yet anoter Maryanne Kehoe
I'm the best IRC client ever.
At the very least, they pass on their info to the various blacklist sites, when then add the spammers to the reverse dns lookup lists. I run a personal email server that checks any incoming connection with ordb.org and relays.osirusoft.com . Believe me, those two lists right there stop ALL of my spam. I havent seen a spam msg on my personal mail server in months.
Lawyers, MBA's, RIAA? A jedi fears not these things!
I don't know what it is, but I only get like half a dozen spam emails a day. I've seen people on here claim to receive 200+ a day! Anyway, I try to track down the open relays the emails are sent from, and forward the email to abuse@whatever.com. I usually use whois, does anyone know of a way to get more/better information about the source?
I've also, lately, taken to looking at the links that are sometimes included. I don't follow the link, but I send a complaint email to whoever is hosting the site, and the people they are registered with or are buying their bandwidth from. A lot of the time, I get bounced emails when complaining to the hosting service directly. "www.freehostco.com" and "www.bestoptinchoices.com" are the two that pop in to my mind readily.
Also, I've noticed that lately people tend to be sending out forms, and have the info sent to their pager (or whatever device) through ICQ's paging service. I can get their ICQ numbers, but I'm not sure where to go from that point. I've forwarded the emails in question directly to abuse@icq.com and asked that they do something about this. I have yet to receive a reply.
One final thing: sometimes in the email a 1-800 (or similar) number is listed. How does one go about resolving this to a business name and address? I'd love to report these people to the BBB or some government agency.
This is not the greatest sig in the world, no. This is just a tribute.
Don't just delete it. Everybody deletes it and it does no one any good. LART it (read: report)! If you take a few minutes to look into the headers of the spam you'll find a wealth of information. Was the message sent through an open relay, was the message sent through a vulnerable formmail.cgi, was it a proxy, where the message actually originated from (usually but not always), etc.. Looking into the body of the message usually gives you links to the people that advertised through the spammers. LART everyone and send a copy to uce@ftc.gov. Report the open relays to the various DNS blacklist maintainers. Report repeat offenders to their upstream. Report the stock scams to the SEC. Report the penis enlargement pills to the FDA. Report the Nigerian Money scams to the Secret Service. Don't through the message away. Take a few minutes and do something with it. At the very least forward it to the FTC's dropbox. At the very least.
How much would you pay to be able to instantly kill a spammer, anywhere in the world?
How much if you could subject them to torture first?
How much if you could force the other spammers to watch?
A colleague and I agreed that if we were to take money out of our 401(k)'s to hire a contract killer for sapmmers, that the withdrawal should be tax-deductable. Possibly even listed as a charitable donation.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
There is also software out that makes it trivial to "spam" a web form, that is, to constantly call the CGI with random input, flooding the message store with bogus data.
My answer to spam?
Use GPG, and only email encrypted with your public key. If someday you start getting encrypted spam (never happened yet, encryption takes CPU resources), there is a more draconing step-
Only accept mail that is crytographically 'signed' by people in your personal keyring, or from somebody who has had their public key signed by somebody in your keyring.
This restricts incoming email to 'friends', and 'friends of friends'. It is spam-proof.
It also ensures that your Aunt Millie in Oklahoma who only uses WebTV will never be able to send you another email. This could be a good thing, depending on how annoying Millie is.
I do not deploy Linux. Ever.
"Spam" "ass" "ass" "in". I think it was a joke.
For what values of sense are we talking about? Take a look at GoogleGroups search of news.admin.net-abuse.sightings, and let me know how to your legitimate mystery shopper offer from all the others: URL from Hell Quite a lot of it, isn't there?
One line blog. I hear that they're called Twitters now.
What would be illegal about that? How about resending the fax every day or so until the spammer confirms receipt? How about turning your computer into an automated server that faxes remove requests to the spammer upon demand from a form on a web page? Even better, have it linked to an e-mail box, so that as the spam arrives, the spammer gets a hardcopy on his fax machine, along with the latest remove request.
Of course I would write a very long story explaining them WHY I hate to be spammed and I hould have to add the whois-information together with their spam as evidence and a clear question to stop all their spamming activities.
"in reaction to your offerings by e-mail"... It's just a reaction to their initial mail. the law wouldn't forbid to communicate with someone?
Privacy is terrorism.
"I'm a sucker and I'm confirming that this address is valid and read. Now you can spam the hell out of me and sell my address to all your buddies.". No reason to beat around the bush. Be direct about it. This is what you're doing after all.
Copy their original spam message into WordPerfect (I said this was many years ago), set the page length to 1/8 inch, and hold down the "Page break" (Ctrl-Enter?) to ensure that each line of the message was on a seperate tiny page.
Save and send via faxmodem...
Buzz, Click! CHOP!
Buzz, Click! CHOP!
(repeat x 200 lines of spam).
Voila, pre-shredded fax. Also handy when you need some confetti in a hurry.
I do not deploy Linux. Ever.
Did a Google search for "spamjamr", an anti-spammer group or individual listed in the story and was directed to an Angelfire member site. Of course Angelfire member sites contain the one thing that rivals spam in annoyance levels -- multiple pop-up windows.
An example of what can be done
http://fightrelayspam.homestead.com/
A longish exposition of the idea. Sorry for the popup.
This idea works. My goal is to stop relay spam in July, 2002. I can't do that alone: it will require a lot of honeypots. 29 days to go: so far I haven't seen it stop. Still plenty of time. Try this, report your results. Get in early to stop the most spam. The latecomers may get no relay spam at all: they'll be too late.
The Klez worm also does that - it will send email using an address from the infected person's address book to another address it found in the address book. I sometimes see bounced mail sent by someone else with the Klez worm - since I use Eudora on a Mac, it's merely an annoyance.
I'm surprised that no one mentioned sneakemail. I've been using it for almost a year now, and I've gotten only two spam messages, at addresses I used posting to usenet. I simply deleted those email addresses; no more spam.
Didn't slashdot have a story a while back about a study on how to get on SPAM mailing lists? I believe they found that posting on usenet was the worst.
Sneakemail is still free, but they are now asking for donations.
I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
The abuse departments at these companies handle more then spam. They handle child porn, death threats, suicide threats, bomb threats, hacking, DoS attacks, issues with LEOs, and spam. Spam is the least critical issue. I am sorry, but a missing 12 year old girl has priority over your penis enlargement spam.
Second, if you get a spam from a server hosted by one of these ISPs, you use www.bitch-list.net to turn the crapflood back on the ISP - make it cost them more in support calls than the spammer is paying them.
Uh huh... I work for one of the evil companies you have listed and people wh odo this get blacklisted. Bombing us only forces me to have to go an clean up the mess you made, that is less time I have to spend on spam and other abuse issues.
Third, if any of you HAVE servers hosted by these ISPs and you ever get shut down for TOS violations, you sue the ISP, claiming discrimination - "They didn't TOS these spammers, why are the TOSing me?"
I've TOSsed more T1 then most ISP have to start with. Every spammer gets it in the end.
Make it cost the ISPs more to host the spammers than the spammers pay, and they will drop the spammers. Remember, both Verio and Worldcom/UUNET are hurting for money right now - pink contracts must look pretty good to them ("See, the spammers will pay DOUBLE for bandwidth!"). Turn the pink contracts into red ink, and they will cease.
I can't speak for others, but there has never been a pink contract here. I know all the kooks in NANAE will claim otherwise, but none of them can ever produce one.
Michael Loves Me!
The article talks about a SPAM Swat team ; and the concept of that is absolutely rediculous. When it takes teams of people to shut down spammers, the Spammers have won. That might work for the time it takes to do the article - but it is not a 'sustainable' activity. These SPAM swat teams aren't going to exist forever.
What needs to happen is the Email protocol needs to be re-written. It was originally developed in RFC822 to be an open standard that could take on many forms and purposes.
Today, we know how Email is used intricately, and the protocol can easily be re-written to *ENSURE* Spammers do not have the ability to automate spamming.
My company is re-writing the protocol over the next year or so ; and our changes will made available to the world.
Ace
Try SpamAssassin (www.spamassassin.org) - it's very easy to set up and requires very little configuration, and most importantly is very accurate, only occasionally letting spam through or mis-classifying real email. I just whitelisted a few email addresses and added a couple of rules to get rid of particularly annoying spam. I also got it to prefix a long '**** SPAM *****' prefix to the subject lines so I don't even have to read the tedious spam subjects.
It can even look at the Received headers so you can distinguish between email that is genuinely from yahoo.com etc, vs email that is using a forged From header saying @yahoo.com. I use this to add extra spam points to email received from an old email box that gets almost nothing but spam.
Nearly 200 different non-existant usernames in my various domains are being spammed, many on a continuing basis. These are usernames that have never existed, and never accepted delivery of mail, so they are definitely not confirmed opt-in's for anything. It just shows how far spammers will go, and how they never clean up their lists (as if that would help real people).
now we need to go OSS in diesel cars
There is also software out that makes it trivial to "spam" a web form
.net killer app of the future. Spoofed mail will be impossible, confirmed ID required for membership, user must be logged in to send mail to other members, stiff EULA with heavy penalties etc. That is probably the mail system of the future.
Fortunately my current public form is members only. Membership is free. You apply and receive your password by e-mail. That eliminates false headers & bulk mail. That is why I use it. As a member for over a year, I have yet to receive my first Unsolicited Commercial E-mail through the system. It works for me. The noise floor is low enough a filter is not needed. Unfortunately I must also keep a regular box for attachments. It's highly filtered and kept hidden and off lists as much as possible. Most spammers don't take the time to get membership into small private mail systems. Verification of identity is a requirement that most spammers do not get.
Somehow I see this being the new Microsoft
The truth shall set you free!
If you are planning on doing something illegal YOU DONT BROADCAST IT TO THE PUBLIC! Dipshit!
I received an unsolicited email, alerting me to broken links on my website. Two weeks later, I received another one. Two weeks after that, I received a third, along with an ad for the service, which would continue to so-update me in the future.
Although it is against my principles to buy from spammers, I did, in fact, subscribe to the service and have been happy with it. Now that my spam has gotten out of control (I wasn't getting very much at the time, years ago, and wasn't as aware of the issues involved) I regret having given them my money.
But I have to admit that I am happy with their service
God is real unless declared integer
You can never kill The Whale. Phuck those Hurricanes and all those pricks in Carolina that stole my team.
Phuckers.
I don't seem to get much spam at all. Maybe it's because I use a couple or three web-based e-mail systems that filter already for me, maybe it's because I don't publicize my e-mail address much, maybe it's because I'm just lucky. I don't know.
/dev/null by way of abuse@, which I've done four or five times now. :)
That said, the spammers I hate the most are the clueless morons like your average Primericatroids, who hang out on job boards, cull e-mails from posted resumes, and send "contacts" trying to solicit me into their multi-level marketing Ponzi schemes. Most of these people are just clever enough to un-spamproof an e-mail address, but not clever enough NOT to use Hotmail/et al accounts. I get a real evil(?) thrill out of sending those twits trolling for suckers to
I'm not a geek, I'm just a clever script.
I think a television commercial would go a long way to solving the SPAM problem. It could go something like this:
A montage of pictures begins popping-up on the screen, all black-and-white with faces squeezed in concern.
"I lost my house," one says.
"I lost my car."
"I lost my life savings."
An announcer's voice booms as the talking faces go mute. "Who are these people? The are people just like you who get unsolicited e-mails every day. E-mails from companies that appear legitimate, yet have hurt these people's lives."
"I lost my retirement; my retirement! What am I going to do now?"
The announcer continues. "It's called SPAM, and it can cost you your livelihood. All it takes for a few people to fall into their trap, and they get rich, while the victims go homeless. It happens every day. It can happent o anyone." A number pops-up on the screen. "If you are concerned about SPAM, contact this number to get more information. Find out who your representative is. Because if you don't do something about it soon, you'll be hearing more of this."
"I lost everything! What am I going to do?"
Perhaps a bit dramatic, and yet I think you get my point. Most people are going to say, "I'm not that stupid," and ignore it. Yet it educates. It keeps it in the mind of the public. Use advertising to combat bad advertising. It works.
I do that constantly, ever since I saw that original posting. I've noticed the "bid rate" slowly decreasing since then!
I think we should all take a moment right now and do that. It may not be much, but at least it's a small thorn in their side (of course, if you don't mind giving overture the money!).
What about writing a distributed client to repeatedly request images and pages from spammers' webservers? Since they would legitimate requests, it wouldn't (technically) be a DDoS attack. This could crash the spammer's webserver, or at least give them a huge monthly bandwidth bill. Perhaps that would make them think twice before spamming next time...
There is a possible solution to spam - it would take time, but...
We change the RFPs for email transport (yes, I know they are among the oldest out there), so that they require some sort of crypto key before a message gets forwarded/delivered. If the key does not match the domain, it's not accepted
Details would still have to be worked out, but I think the answer is going to be to get rid of mail transport as we know it
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
Not if you communicate the same message 5000 times...
SpamFaq
One line blog. I hear that they're called Twitters now.
The next day the guy with the button box comes back and asks you to kill a lawyer,
and then the next day he comes back and asks you to kill an art-student working in a coffee shop,
and then the next day he comes back and asks you to kill an old lady that wears too much purfume,
and then the next day he comes back and asks you to kill a person that talks to other persons on the bus even if they don't know them,
and then the next day he comes back and asks you to kill someone with a mullet,
and then the next day...
(This post does not contain emoticons or l337.)
It's a bit like being a used-car salesman or a personal injury lawyer. Even if you practice ethically, you're still regarded as the underbelly of the snake.
How did the legitimate offer differ? A) didn't ask people to pay to get on lists (which is indicative of a faulty business model); B) was a tracable and identifyable company who did not disguise email addresses or spam remailers; C) actually removed in accordance with user requests; and D) made the user available to a broad list of mystery shopping services registered with local BBBs and the MSPA (mspa.org).
Perhaps you don't consider that "legitimate" and I can understand. My point is that this was an organization that was truely paying out millions of dollars per month for completed surveys of local business locations. As many *bad* companies exist within this arena, there are some honest, ethical organizations that contibute value across a wide spectrum of the consumer market.
I really don't get it. Maybe the rabid spam chasers just get some level of enjoyment out of the detective work, the thrill of the chase, and the retribution against spammers. But I don't think they'll ever really make any significant difference in the amount of spam that travels the Internet, especially now that other countries are getting into it big time. You can reduce the spam in your own mailbox or server by various means, but until something MAJOR changes in the way the Internet mail system works, there will still be terabytes of spam traffic sent all the time. That's eating up YOUR bandwidth when you're trying to read Slashdot or look at nekk!d ch!kz.
I just wonder if eventually spammers will get tired of all the work to keep moving around from server to server to send out these mass mailings. Eventually half of the Internet will be blacklisted. But the spammers are probably just as driven as the anti-spammers. The thing I don't get is often there's not even a way to buy the product in the message.
Me, I'll just sit back and surf and play computer games. Spam is annoying, but to me it's not really worth getting that worked up over. The only mail filter I have is one that colors incoming messages yellow if they're not addressed directly to me. That takes care of most of the spam, although I still scan the subjects to be sure it's not sombody I know Bcc'ing me on something, which it occasionally is.
It may be difficult for the states to do anything about finding people, but it could work. I live in Indiana, and recently a law came into effect that instituted a "No Call" list for telemarketers. The program is voluntary, so you have to call to get on the list by a certain deadline (every six months or so), but once on the list, it becomes illegal for telemarketers to call. At that point, the state has a legal recoures against violators. Just a thought. ~Vlade
Perhaps 10 years ago, you could have done it, and no one would have complained too much, but times have changed. All the creeps have pissed in the pot and poisoned the well.
The other problem with "legitimate" offers like that is that they don't scale up. What I mean by that is if 10 businesses send me an offer in a year, no big deal. What if 100,000 do it? What if small businesses around the world do it? Even if they all had a valid remove, I'd still be opting out all day long.
And some even with a valid remove, don't keep a "do not email" list, they only remove my record. Then, when they get another "millions" CD and merge it, I'm back on the list.
My mailbox, my property, my rules.
One line blog. I hear that they're called Twitters now.
I have written a nice perl script to take care of that.
I just tag (t) all spam mail in my mailprogram "mutt" and pipe them (;|) to a perlscript which forwards each email separately to my submit-address at spamcop.com.
When I receive the receipt emails for them, I again tag them and pipe them into another perl script which extracts the receipt-url, loads the form by LWP::UserAgent, uses use HTML::FormParser to get all the elements, checks all the boxes, and posts it back thus confirming the spam.
I got the idea when reading the source of Simon Drablles Mail::Webmail::Yahoo scripts which download yahoo email into a folder, also interacting with forms and such.
I could use some help with the coding, though, as I am just learning to use perl. If you want to give it a try, email me "khepera at gmx.net".
I did not figure out how to use the FormParser to get to the textarea content, so that information is lost. Also my spamforwarding script is kind of weak as it assumes that no mail-header stuff is in the spam body.
Agreed wholeheartedly.
The other problem with "legitimate" offers like that is that they don't scale up. What I mean by that is if 10 businesses send me an offer in a year, no big deal. What if 100,000 do it? What if small businesses around the world do it? Even if they all had a valid remove, I'd still be opting out all day long.
The use of untargetted mail is a long-standing practice and has an ROI threshold that's not hard to identify. The more general solicitations exist, the less effective any individual campaign is, and therefore the lower the return. Therefore, only those that actually *work* continue as long as there's a baseline cost. Allow me to point out that I've long been an advocate of e-mail postage, and was even in this context. Being charged a penny a message in this case would still allow the business model to be profitable, while the 80-million-a-day spammers couldn't stay in business.
And some even with a valid remove, don't keep a "do not email" list, they only remove my record. Then, when they get another "millions" CD and merge it, I'm back on the list.
Acknowledged. As I said elsewhere, I wrote this part of the process. Database merges were filtered against remove lists. So if your name was on a merge source, (we didn't purchase CD lists, by the way. We dealt mostly with lists from existing mystery shopping partners, though occassionally did chained screen-scrapes from Anywho, since it was searchable by ZIP code.) it was not merged if found on the remove list.
Obviously, this isn't a common practice. Unfortuantely.
My mailbox, my property, my rules.
Okay, so set a list of who is *allowed* to send in the first place. Don't wanna do that? Fine. Since we didn't rotate source addresses -- but messages were always from a CONSTANT ADDRESS -- denying that address actually meant *NO MORE MAIL.*
Unsolicited bulk email? Sure. Genuine nuisance? Only if you're into over-generalizations.
Approach #1: WhiteListing
Whitelisting is basically the process by which your mail account is by default "closed" to all senders. You gradually give permission to certain people to send you Email thus creating a whitelist. The whitelisting implementations I've seen work this way: if you get an Email from someone you don't know, a warning Email is sent to you asking you to do certain steps to allow this sender to send you Email. If you agree, the sender is added to your whitelist. To me this is probably the most sensible short-term approach.
Problem: Instead of getting innundated with SPAM, users will get flooded with permission requests. However if a whitelisting protocol is designed in such a fashion that all mail clients will deal with permission requests the same way (by moving the messages into a "pending" folder of some sort and by making it easy for the user to browse/mark senders as valid or invalid), it may be the best short-term technological solution.
Approach #2: Legistlation
Legislating SPAM away is probably one of the better solutions out there since you get to penalize monetarily the senders of UCE. Of course, this has to be a global (world-wide) process otherwise any SPAMMER could move off-shore to a nation that doesn't have SPAM Laws. This problem is fairly well known.
Problem: Obviously, the wheels of justice turn very slowly and politicians can be easily bought by the private interests behind SPAM to counter the efforts of anti-spam lawyers. To replicate this effort throughtout the world may be a very nice "feel-good" thought, but in the end will probably be impossible to pull off.
Approach #3: Make the SMTP protocol Secure
The SMTP protocol is what, 30 years old? It really is time to improve the damn thing to make it so that the sender of the Email has to _somehow_ be authenticated. That is, the mail server must exist, must have a reverse DNS entry (PTR Record) and that the Email address of the sender itself (the mail from: received during the SMTP transaction) is checked against the sending mail server to see if the Email address exists. All sending MTAs should be validated and sloppy system administration should be no excuse in terms of having or not having a proper configuration.
Problem: There will be heavy resistance from the mail server and mail client industry to improve the protocol on a global level. Furthermore there has to be some sort of phase-in period to give time for existing installations to upgrade their software so support for the previous incarnation of the protocol has to remain for an undefined period. It would be very expensive to do. If the expense is greater than the expenses caused by SPAM though, the industry as whole may not have a choice.
Approach #4: Create an MTA reputation database
Instead of changing the SMTP protocol, it may be that we need to create some sort of central MTA authority that would rate servers using a "reputation" scoring system. The more a domain or server is found to be a source of SPAM, the lower the reputation rating, at some point (threshold), mail would be refused network-wide at the connection level. Sort of an automated global RBL with teeth. ...
don't know how it could be implemented but such a system would require global
acceptance and integration into existing mail server software. Probably
just as expensive as approach #3 to implement. Overall though, if the cost
of the status quo is greater than the cost of implementing something like this,
then at some point the industry as a whole may not have a choice.
Problem: Requires some sort of authority (centralized or P2P)
Approach #5: Require MTA certification
This is the "HAM Radio" approach. Require that all Mail Server and mail service operators go through a global certification process for them to be able to broadcast using the SMTP protocol. HAM Radio is self-regulated more or less and it seems to work in terms of self-policing. Couldn't an approach like that be taken for "email broadcasting"? ... this is a fuzzy idea and
would require more hashing out by the community but what they hey.:-)
Problem: Requires tight cooperation between government and some unnamed agency that would represent all MTA operators. Lots of resistance would be encountered with such an approach
Dingbat.
If your spammer target is in the same city or you're using a company fax, then take some black paper, about three or four sheets... Tape them together and dialup the spammer's fax. Start sending the fax.. when the first page comes through, curve it up and tape it to the end of your paper trail. This will create a loop. Then LEAVE!
This is best to do in the night, so when the spammer returns in the morning, they have no more paper and more more ink.
"Oh no, 3 horny women and only 2 condoms...Thank god I read slashdot"
"Want To Harvest A Lot Of Target Email Addresses In A Very Short Time?
Target Email Extractor is a powerful Email Software that harvests Target Email Addresses from
search engines, any specified starting URLs , including cgi , asp pages etc.
It Quickly and automatically search and spider from search engine, any specified starting URLs to find and extract e-mail addresses"
...then further down...
"Disclaimer:
We are strongly against continuously sending unsolicited emails to those who do not wish to receive our special mailings. We have attained the services of an independent 3rd party to overlook list management and removal services. This is not unsolicited email. If you do not wish to receive further mailings..." (yada yada yada)
As i can see it; there are only 3 ways to stop spammers: 5.56mm, 7.62mm & 9mm.
You are just another fucking spammer attacking anyone who doesn't like your bullshit spam. I read the Usenet post you linked to and fmaxwell sounded sane and sensible compared to you, retard. Go play in traffic, you fucking dick.
We are constantly getting SPAM from the low-lifes at Tricon, even though we have contacted their legal counsel repeatedly. Perhaps there should be a class action under CA law?
No, Unsolicited Bulk Email is always a bad thing... even if all spammers honored opt-outs like you described. When I'm at work and I get spam, it takes time to:
That process takes about 1-2 minutes for each SPAM message received. I get paid about 45 cents/minute, so that means that for each SPAM message I receive it costs my company 45-91 cents (per message per user).. still assuming an ideal opt-out world (which doesn't exist)..
It might be virtually free for you to send me unsolicited junk mail, but it costs my company and others like it TONS of money in wasted time to receive them.
That's why OPT-IN with a required confirmation is the only ethical way to mass mail.
Since most phone companies are either internet providers or users, do you think that phone companies could also be persuaded to blacklist spammers, since so much spam contains a phone number to contact?
Is it standard practice at Slashdot not to read the entirety of the parent post? Feels like it today.
Messages were kept small to minimize download time. If it really takes 30 seconds to download 1K from your mail server, may I suggest an upgrade? I *know* you're exaggerating on that.
Messages were from a constant address, and the subject line was something along the lines of "We're looking for consumers in the [state] area." Without getting unnecessarily bulky, I think this made the basic intent pretty clear, eliminating the need to actually *open* the message.
Given that the source address was constant, you could also simply filter the message. I know that most major email packages (which you're likely to be using at work) allow this in about 3 menu clicks.
If you truly go through the trouble of reading the message and determining that you aren't interested, and file a removal request, then there is at least some allocation of resources on your part that is your decision, not mine.
I found out this morning that for a little over a month my mail server has been running open relay, nobody told me, nobody e-mailed me, but my ISP sure got pissed and kicked me off, luckily I fixed the problem and they let me back on. But still I'm pissed someone was using my stuff for their personal gain, I barely make enough to pay for the DSL, and somebody else is using, oh well. my fault really, must remember to audit my servers more often.
At the government agency where I work, we get thousands of spam messages a day from slimeballs all over the world. Why? Well, another agency posted all our email addresses to the web once, people in the agency are clueless and "punch the monkey", etc. The usual reasons. We installed an anti-spam program from Trend (e-Manager), but it's a string-search program.
;)
Note to newbies at server-based spam-blocking: String-search programs suck. Half the time I got false positives and had users parading outside my cube with pitchforks and torches. The other half of the time it was false negatives and the user received the spam...and then sent it to us. ALL the time, I was updating the list of banned phrases, which is essentially "shutting the barn door behind the horse".
Recently, I've been testing DCC. It operates on checksums, kind of a "word-of-mouth" approach to spam. The theory is that if you have enough DCC servers, keeping a count of the message checksums, then you can block it based on its "bulkiness". I tested my inbox on a CGI demo of it that they have on their server, and it had a 100% accuracy rate.
I'm not going to go into it much further, since you can read the docs, but this is the first day of the test, and so far, I've got a couple thousand hits; 90% of it is spam (I'm updating my whitelist as I write this). There are a couple programs like it (I heard on the Register that they're putting out one like it using a P2P client model), but I think the future of spam-busting is in this.
Gazing at the lewd/fraudulent/ridiculous subject lines cropping up in my DCC logfile, I realize: If the Internet had a body, this part would be the ass. Seeing all of it makes you almost despair for humanity....except for the fact that DCC caught it, and you know people won't have to look at it.
As far as I can see, the more admins get involved in this, the harder it becomes for spam to propagate...and there are a dozen other tricks you can do to cut it down. So what are you waiting for? Join in the fun. There are some problems with this method (the worst being that you need to "whitelist" legitimate bulk mail or it'll get caught), but it's definitely the best approach to killing spam that I've seen yet.
There's no sig like this sig anywhere near this sig, so this must be the sig.
Ive been spammed with a spam for anti spam software.
If at all possible, don't drop their connection - just slow down to accepting a packet a second.
This ties up the offending mail server, and keeps it from spamming others.
If you don't like this, then configure your server to send back a NAK message ("Spam not allowed" or some such) at one character per TCP packet, one packet a second.
www.eFax.com are spammers
Just putting the finishing touches on a web-based anti-spam offering - feel free to check it out:
http://www.spamvac.com
In the month I've been using it myself, it's quarantined well over 600 spams from my accounts alone, saving me from having to download them into my email client.
that's my extreme policy. word-of mouth is all any worthwhile product or service should require to sell it. i realize this is a theoretical ideal, especially in the case of a truly original product.
i truly believe, philosophically, that anybody advertising their product (in any media, but especially mass) would otherwise be unable to sell it.
spam fits the bill just with me.
what if the hokey-pokey _is_ what it's all about?
I would like to get email telling me who was selling my address to spammers. If it was just the information about who was selling my address to the spammers, that would not be spam because it was not advertising anything.
if this happened everytime someone sold a CD full of e-mail addresses, the people selling the CDs would be driven crazy by complaints and maybe even lawsuits. now they know that they can sell all of our addresses and we cannot do anything about it because we do not know they are doing it. sorry if my English is not so good yet.
"Martin Roth aims to solve the spam problem by educating spammers about proper e-mail marketing practices. But to educate them, he first has to find them."
...
"hello mr. spammer, meet mr. 2x4"
*SMACK*
p r m t h s
No, I did in fact read your message several times. I think you might have misunderstood my 1-2 minute reference. That's how long I estimate that it would take to do ALL those steps, including quickly scanning the message to see if it was a subscribed to service, finding the unsubscribe information and either going to the web page and doing whatever is necessary, or replying to the message and typing out a brief "I'm not interested in your product(s); please take me off your list and never send me any more e-mail, and do not ever give or sell my e-mail address away to anyone other companies, subsidaries, affiliates, or other such entities. I hate spam and try my best never buy from anyone who sends it." - Although I suppose unsubscribe messages that are honored are usually handled through automation, it always seems best to actually say what I want to happen.
Granted that about 1/3 the SPAM I get I identify as porn advertisements and the such and delete it without opening it, those take about 2-10 seconds each.. so that would be 1.5-7.5 cents each. Say each one of the employees in my company gets one of those per day (of course it's not as evenly distributed as that..). Say 4.5 cents each on average.. that's $45/day for our 1000 or so employees just on deleting those pesky little spam messages. Over our 260 or so business days per year, that's $11,700. Hmm.. suddenly that's not so cheap.
[Even if you say it only takes 1 second to read a subject and delete the message, that still comes out to $3900/year using the above figures.]
Oh, and you say I just need to opt-out once? Since there is no honored opt-out-from-everything-for-all-time list like there is for telemarketers, just because I opt out of your service doesn't mean I don't have to opt out of every other spammers list.. again assuming they honor opt-outs.
Of course everyone still has to go through their traditional paper junk mail, and that still costs our company money, but the bulk of the expense is still on the SENDER who has to pay 25 cents/item (or whatever the bulk rate is), rather than on the receiver who just pays the above calculated amount. Having the sender pay more helps keep unwanted mailings fewer in number, and at least targetted at their audience. I think I recall you mentioning further up the thread supporting email postage, which might diminish the amount of total trash spam, but would also hamper legitamate business significantly.
If you truly go through the trouble of reading the message and determining that you aren't interested, and file a removal request, then there is at least some allocation of resources on your part that is your decision, not mine.
That's exactly the point. I'm saying I want my email system to be used only for my legitamate business that your unsolicited bulk email doesn't qualify as, and so I don't want you or the other 1000 spammers sending me junk, forcing me to go through it and opt-out to each sender.
From your previous message:
Okay, so set a list of who is *allowed* to send in the first place. Don't wanna do that? Fine.
The world would just be a better place if everyone used a good old OPT-IN model. Get a list of who you're allowed to send mail to. Don't want to do that? Fine, don't send any unsolicited advertisements.
i run a web hosting company and my customers need to be able to send email out thru my server from wherever they are... when i first setup the server, i had it up as an open relay (i know, i should be shot) ... things were quiet... but after a year or two... i started getting load averages of 4 or 5 from all the damn spammers... i got myself on an RBL list and everything...
... )
after a ton of research and a couple days, I installed SMTP authentification under qmail and like magic.. no more spammers -- and for people who had accounts, it was still open for them..
Those damn thieves were about to kill my business!
(not like i make enough for it to matter
moral of the story... open relays are bad!! use SOMETHING to close it up to the general public! smtp auth works awesome --- just make a web based FAQ on how to add smtp auth support on client side --- the concept of an extra checkbox escapes some people..
p r m t h s
I have been using SPAMCOP to report SPAM. You can sign up (free) and then start reporting the spam you receive.
Advantage is that you don't have to do all the traceroutes etc yourself; they check the headers, report to appropriate admin accounts, abuse accounts etc.
There is even a tiny 'plugin thing' for MS Outlook that is really nice; plugs all relevant info into an email or to the clipboard.
Highly recommended!
If anyone who I asked to not call me does, I'll sue them. No it's not much money ($20 I think) but that's not the point, the point is it'll get your message across. IT's all small claims court so you don't need a lawyer or anything.
I got an email address like spambait@mymaildomain.tld and started using it when signing up for things. I expected it to get slammed, but I haven't had one spam on it yet! (Almost a year now.) I suppose they must be filtering out emails with "spam" in them. Or maybe a computer is trying to de-spoof my actual address and bombarding poor bait@mymaildomain.tld (whoever that is) with double helpings of spam.
What's really, really sad is that my new "family and friends only" email address is getting a spam every day or two. WTF?!? I've only given it to four or five people that I know well. I may start using my spambait address as my normal one if this continues.
Actually, I think a spyware program must've grabbed it from IE before I switched to Mozilla 1.0, because another new email address that doesn't have "spam" in it isn't getting any spam at all, except via the mailing lists ID's it's subscribed to, but no spams targeted right at it.
What you are doing is similar to efforts to reduce the mosquito population by releasing large numbers of sterile individuals - by distracting the fertile individuals they reduce the overall population next generation (the same approach is being used for moths, cats, etc.)
It only works when either a) the individuals involve only breed (spam) once, or b) when the number of sterile individuals is a large fraction of the population.
I don't deny the use of honeypots, spamtraps, etc. in catching the spammers, but since spammers don't meet criterion a) (they spam multiple times), you will reduce the overall spam count only if the number of bogus relays is close to the number of fake relays. Otherwise, a spammer will simply send his spewage through multiple relays.
Now, IF the ISPs would use this information to terminate spammers immediately, then you WOULD satisfy criterion a) - a spammer would spam once, then be terminated.
However, this is ALSO true if ISPs would heed spam reports in general. Specifically, if ISPs would simply set up appropriate liasons with Spamcop, they would get the effect of your honeypots (the IDs of the spammers) in a fashion that the spammers could not simply avoid - to stretch my analogy, the hosts the mosquitos feed upon would become poisonous.
I'm glad you feel you are having some degree of success. I don't deny you are having some impact on the system, probably more than I have by reporting spam, LARTing Verio every chance I get, and encouraging others to do the same in public fora like this. However, just as releasing five sterile mosquitos will not have much effect on the disease-ridden little bloodsuckers, I doubt a few honeypot relays will have any effect on the disease-ridden little bloodsuckers.
www.eFax.com are spammers
Look at:
http://www.corpit.ru/cgi-bin/h0n5yp0t
and
http://fightrelayspam.homestead.com/
It is being done today. It has been done for months. Isn't it time you gave this a try?
Of all places to start spamming - this one is the most unbelievable. However, NASA's JSC Today decided to just start spamming all of the people at NASA JSC as well as the contractors. And when you ask them to stop they just said "Just drag it to the trash!"
Anyone else got corporate/government spammers who spam the employees?
(1) Decrease the number of open relays (fertile females)
(2) Increase the number of honeypots (infertile females)
(1) has been going on for years. I'm sure it has had an effect and strongly suspect that the honeypot success I see is because of it. (2) has been going on for some time, if you include all the time in which the number of honeypots hasn't increased at all. There's a pitiful handful of honeypots, leading, as you point out, to a very negligible effect.
A honeypot is not some grand, complex thing. In esssence it's an intentionally broken mail relay. Give a mail administrator a system with no real email function and he can probably come up with a broken mail relay in a few hours. For older sendmail it was very easy: run sendmail -bd (for added points figure out my pseudonym). That accepts remote email but doesn't deliver. Current sendmail is more complex and you have to make sure it doesn't deliver spam. Instructions are in my web page:
http://fightrelayspam.homestead.com/
Here's an example of a very good honeypot:
http://www.corpit.ru/cgi-bin/h0n5yp0t
Imagine what you could do with a honeypot that traps spam and logs it on a web page. Few ISPs can ignore that for long. so far none has.
You know, if the proposed World Court put spam in its jurisdiction, maybe Bush would support it. Providing spamming were a capital crime, of course.
If you really, really can't find a vendor other than one who has junk-marketed you, then at least you should try to hide that.
If a junk call gives you the idea to get a service, then spend a week or two calling around to make sure you've found the best deal. Then call them and order. This bends their stats to make junk marketing look less effective.
And to get them to stop bothering you, consider signing up with Private Citizen and something like Privacy Manager. Between the two of them, I get one junk call about every three months now.
One black list mentioned in the articles includes ip addresses of legit users. This is because they include broad blocks of ip addresses, not just those the spammer is using. Not an option for anyone who thinks that blocking legit email is worse than spam.
There's and idea I've had about this; maybe y'all can help me work out the kinks. The basic theory is that the Internet allows you to aggregate a lotta little bits of effort or money and come up with an impressive whole, right?
So we open a web site in Tonga or Kazakhstan. Say spam-killer.to or kill-spammers.kz. Anybody can come and contribute money via credit card towards the offing of known spammers. The big spammers would quickly attract large bounties, which would attract high-quality heavies. Whoever gets the spammer gets the bounty. The main problem: when a spammer gets offed, what do we do if there are multiple claimants? You sure don't want to pay the wrong guy; you'd have a skilled murder mad at you.
Or maybe it would be cheaper to just club together and buy some congressmen; thanks to the crash, congressmen should be even cheaper than Nasdaq index funds.
(For the record: Yes, this is a joke; I don't think spammers should get more than 3-5 in a federal pen for the first offense. The bit about bribing congressmen is also a joke. As are, now that I think about it, said congressmen.)
I wonder if these would diminish somewhat, if everybody maintained a s*** list (I mean "special friends" list), easily accessible on a Web site. That is, when you receive a Special Offer from some company claiming you OPTED IN, don't just send it to their upstream provider (this tends to be ineffective, because remember, you OPTED IN), but go ahead, visit their web site, and pay particular attention for contact-us links--try their WHOIS info too--and make sure *they* OPT IN as well. It's work, I know, but it's a lot more fun than trying to convince UU.NET/etc. to disconnect a high-paying pink server.
Caveat Emptor is not a business model.
That is a bit too little time to ascert the quality of a product.
I feel your pain though and will have a look.
IANAL but write like a drunk one.
Sure, people engaged in the anti-spam fight seriously waste much more effort that they could have if they were "just hitting delete". Yet, it is them who give us the common mortals the powerful filtering tools to never have that "You have new mail" message again on the screen generated by some junk instead of a real letter you want to read!
And you really should give something in return. If a spam gets through your filter, please report it to SpamCop or similar! Because your filters (Hotmail's for sure!) are constantly improving themselves via this feedback - they use the blocklists out there, which are generated from these complaints. To report, you need just 1) one forward operation on the spam to a pre-stored (in your address book) address of your spamcop report box 2) opening the autoresponse from spamcop in your email later on and click through it 3) 15 seconds reviewing what's in there on the dynamic report page 4) submit!
If everybody using a filter were doing this at least occasionally, the Net would have been a better place.
VKh
Try to justify spamming all you want, the point is that you are sending to people who have not asked for your mailings. If I want to received information about your company or the products that it sells, I will sign up to the mailing list, if I don't sign up, you can assume that I want nothing to do with you or your company. Is it really that hard to comprehend?
I can't believe I'm saying this, but this is a really important message that needs to get more views.
I worked for several ISPs as an email admin. When the last one hired me he stated a zero tolerance policy for spammers. Cool, I love killing spammers. So I nailed a bunch and told them to FOAD when they called to complain. A couple went screaming to the boss "We spend a lot of money with you blah, blah, blah and won't do it again." Boss: "Let 'em back in." Me: "But they're spammers." Boss: "Let 'em back in". I let 'em back in. The server gets blacklisted. Boss: "You're suppose to keep this from happening. You're fired." WTF. Boss is a spineless asshole that doesn't really mean what he says. To Ex-Boss: "I piss in your general direction." But I'm still out of a job.
pronoblem
Is it an aimless vendetta to prosecute thieves? A spammer is a thief, nothing better.
Spammers should be bankrupted and jailed.
Fight Spammers!