Slashdot Mirror
Anti-Spammers Wage E-War
ncstockguy writes "To its credit the Hartford Courant followed up with a second article this time from the perspective of an anti-spammer." The first story was about the life and times of a spam king.
← Back to Stories (view on slashdot.org)
From the article:
"They are every fly-by-night artist that ever wanted to place a tiny little ad in the newspaper and get away with it," Frederick said. "I have yet to see one legitimate product advertised in an e-mail that I didn't ask for."
Never thought about it before until now, but I don't recall ever having ever seen one either...
Until this war against spammers is won, I will continue to use Mailwasher.
Sign me up for the war, want revenge for this, feel free to advise.
A feeling of having made the same mistake before: Deja Foobar
Yes, most ISPs terms say that you can't send spam. That's not enough. The terms should mandate a fee of $1 for every email address you send to if it is determined you sent spam. That way, if they want to send out spam their credit card would automatically get charged. Make the spammers pay for sending out their junk.
to stop spammers.
I have an account I purchased from spamcop.net. I never used the email address onything (i've never even checked it) and it's bounsing spam every day.
Spammers hack systems to get accounts, they harvest them, they buy them (illegally) from state agencies. These people are scum and I consider it my right, duty and priviledge to take them out whenever and wherever I can find them.
I am in the process of building a snort utility specifically designed to track down the home IPs of spammers (in the US at first).
I won't go into details on what I plan to do when I get some, but rest assured it will be neither pretty nor legal.
My $0.02 will always be worth more than your â0.02, so
Spamassassin
Okay, so that's more like 6 words, but still it's great. A guy I work with turned me onto it and I love it. And adding a `spamassassin -r` in my procmailrc for known_spam gives me the feeling that I'm actually doing my part in preventing SPAM.
Click here or here.
I don't even know why spammers bother. Does anyone really fall for 'Have a bigger penis in 3 days' or 'Lose 50 pounds in 23.2 seconds' or any of the other common spams? I mean come on. I would not mind, actually I would WELCOME email advertising if it was only for things that I could use. I like working on cars, computers etc.. so if I were to recieve advertising based on those things,that actually came from a trackable source, with a reliable way of removing oneself from the list, I actually might be HAPPY about it, since I could find out about new products and places with good prices on them. Mass-email marketing COULD work, if anyone could actually trust the vendors, but of course we all know that we can't. I'd like to see legitimate vendors joining us in the anti-spam war, it could only be a positive for them. As it stands now, if I even WANT a product, I won't buy it if it comes as spam. Take the x-10 camera for example. I'd love one of those. I could think of 1000 things to do with it, and that doesnt even include the sneaky, spying on the 18yr old girl next door type ones. But guess what? I'll never, ever do business with them because of their aggressive, intrusive advertising methods.
Don't Tread on Me
Anyone remember his anti-spam campaign against one Bernard Shifman?
Shifman Is A Moron Spammer
Schwartzman's anti-spam page
This article made me think of a slightly modified version of the question asked in the article yesterday about The True Story of Website Results: If you could press a button and kill a spammer on the other side of the world, would you do it? And would you even need to be paid the million dollars?
People will say that spam is the same as junk snail mail, but it's not. "Legitimate" junk snail mailers will happily bear the cost of sending their messages, knowing that they are advertising a legitimate product or service. Spammers push that expense off on the people receiving their message.
To further the theft of services concept, an overwhelming majority of spam is sent through open or unsecured mail relays. This means that people who have no legal right to use those services are using them, much like someone who splices into an apartments building's cable tv system to get free cable. And as I always point out in my spam complaints, there's always this little gem:
-----
Darwin is an evolutionary OS...
--
Apple hardware still too expensive for you? How about a raffle ticket?
Come to the University of Mars! Classes starting soon!
Several ISPs, such as Verio, UUNET, Qwest, etc. host many spammers, and are willfully ignorant WRT the activities of the spammers - they do a fine Sgt. Schultz "I know NOTHING, NOTHING" when confronted with the evidence.
First, I suggest EVERYBODY use Spamcop or a similar reporting service when the get SPAM (disclaimer - I am in no way associated with SC other than using their free reporting service).
Second, if you get a spam from a server hosted by one of these ISPs, you use www.bitch-list.net to turn the crapflood back on the ISP - make it cost them more in support calls than the spammer is paying them.
Third, if any of you HAVE servers hosted by these ISPs and you ever get shut down for TOS violations, you sue the ISP, claiming discrimination - "They didn't TOS these spammers, why are the TOSing me?"
Make it cost the ISPs more to host the spammers than the spammers pay, and they will drop the spammers. Remember, both Verio and Worldcom/UUNET are hurting for money right now - pink contracts must look pretty good to them ("See, the spammers will pay DOUBLE for bandwidth!"). Turn the pink contracts into red ink, and they will cease.
www.eFax.com are spammers
Because they fool around with the headers, that "remove and unsubscribe" email you sent goes nowhere. Unless of course your script is digging down into the body for the "real" email - but then in the spam I get it's mostly phone numbers "A Degree in 1 Day!" etc.
I'm surprised you haven't noticed the bounces in your inbox "User Doesn't Exist" etc.
Nice try, wish it worked for more than a small percentage of spam, but it won't. It may even _increase_ the amount of spam you get, as it verifies your address is "live".
> "People are going out there and
> tracking it back down to the source,"
> Mozena said. "Without that constant
> fight, things would be a lot, lot,
> lot worse."
Does anti-spamming really work? The administrators and users of SpamCop, SpamAssassin, etc. should back off for one 24-hour period. Let the spam roll in. If it truly would be a "lot, lot, lot worse" without spam-fighters, the happy fallout will be that thousands of indifferent users who respond to spam with "JHD" (Just Hit Delete) will see how bad it's become. Maybe they'll join the spam-fighting ranks, or at least demand a solution.
-- This
Due to the massive abuse, e-mail may simply become a thing of the past. I am gradulaly moving to a web form and dropping e-mail. To write me, visit my page and fill in the online form. I'll soon no longer have an inbox.
As inconvienient as that is, it fixes most of the problems of the e-mail system. Mostly it will not accept any bulk mail from anybody.
The truth shall set you free!
Unfortunately I can't afford to be quite so idealistic. I've had people call/mail me that are offering services that I someday want to use. I wouldn't have internet accesses if I went by that motto since the cable company, the phone company and Sprint (they do wirless internet here) have called me to try and sell me stuff. Unlike SPAM, I find that people are actually offering me (or at least are companies that have offerings) something that I want. I don't think I've ever bought from a sales call, but I've bought form companies that make them.
However I find SPAM very different from telemarketing/bulk mailing for several reasons:
1) The telemarketers/mailers are 99.9% of the time legit bussinesses offering legit products. When Cox calls to sell my high speed internet access, they aren't playing around, they can and will make good if I want. When I get a book of coupons in the mail, I can really go and use those for the products on them. SPAM is fradulant so often it's not even funny.
2) Also, with classic methods, the sender pays. The company calling me is paying for the long distance time, the mailer pays postage. It doesn't cost me anything other than wasted time (and there is plenty of stuff that does that). SPAM costs me money, which makes me angry.
3) However BY FAR the most imporant reason in my mind is that when you ask a telemarketer/bulk mailer to quit, THEY WILL. Since they are real, legit bussinesses and DON'T want to get sued, they'll obey they laws and stop contacting you if you tell them they have to. When a telemarketer calls you, ask to be placed on their do not call list, they have to maintain one and you can sue tehm if tehy call you again (unless you buy something from you, then you have a bussiness relationship so they can contact you if they like). Also a lot of companies get your address from teh credit reporting beuarues. SO call up Equifax and ask them to stop giving it out. They'll tell you what you need to do (submit a request in writing I think) and then they will, and pass it along to the other two.
It really is the unrelenting, fradulant nature of many spammers that gets me. For the longest time I got a ton of spam from a place that wanted to allow my bussiness to acept credit cards. Well the thing is I don't HAVE a bussiness, and I already have service to accept cerdit cards anyhow. No matter, these assholes spammed me 2-6 times PER DAY. And of course they didn't say who they were or anything, just asked you to e-mail them (to a yahoo address) with a name and phone number to call.
Stuff like that really pissess me off, I eventually had to resort to a technical solution to make them stop. However when AT&T long distance was pestering me (about 1 call every 2 weeks) I just told them to put me on a DNC list and I've never heard form them since.
I've started to have a much more aggravating problem -- spammers using the email address of an old account of mine for the From: of their spam! I know because undeliverable mails are being returned to me. Is it just me, or is this a new low even by spammer standards?
I'm in the middle of dredging through the headers trying to figure out what the company ultimately responsible is, but even if I manage to find out, I'm not sure what to do with the information. I want blood.
Any suggestions?
Let's take a secomd and evaluate our "Mr. Roth," and determine if he is adding or subtracting value from the network.
.*@.*aol.com".
Martin Roth aka lumbercartel@hotmail.com
Martin Roth aims to solve the spam problem by educating spammers about proper e-mail marketing practices. But to educate them, he first has to find them.
Well, that sounds like a plan.
With practiced ease, Roth launches software tools with names such as "SpamCop," "SpamKiller" and "Sam Spade." These, along with multiple online accounts, help Roth comb through the junk e-mail pile for clues to the spammers' identity.
It's embarassing to use these tools because of the raw number of false positives they generate. Of course, for click and drool "d00dz, d3l3t3 yur spammer NOW!" people like Roth, that's a-ok. Of course, let's note that he belongs to a group that calls itself "Spam Wranglers Action Team," which by naming itself something stupid has demonstrated idocy.
But others, such as spam messages that appear to have been sent by an Internet newcomer, may present a better opportunity. A rookie spammer may fail to disguise headers and return addresses, create an amateurish sales pitch or promote a common multilevel marketing scheme.
So, go after new spammers because it's easy? Well, I guess they are easier to convince to change their ways, but if he really wanted to stop spam he'd be going after the mega-houses.
"Here's a guy maybe you can educate," Roth said, pointing to one such message among the scores before him.
What kind of education do you think this guy is going to get?
With that information in hand, Roth then reports the abuse and asks that the spammer be cut off. Many Internet providers will comply, since the sending of spam is usually prohibited by their own user policies. Providers that don't comply could face the prospect of being added to the blacklist of companies that support spamming.
Oh, that's some quality education there, sir.
As he speaks, Roth's computer erupts with the sound of gunfire once more. Roth
smiles broadly.
"Got another one," he said.
And that, my friends, is why these people do it. Because they enjoy the feeling of power that cutting people off the net gives them. They are like petty IRC dictators, typing "/kill
Martin Roth is doing nothing to help the spam problem, and he is a poor choice of people to profile. Martin Roth is yet anoter Maryanne Kehoe
I'm the best IRC client ever.
Don't just delete it. Everybody deletes it and it does no one any good. LART it (read: report)! If you take a few minutes to look into the headers of the spam you'll find a wealth of information. Was the message sent through an open relay, was the message sent through a vulnerable formmail.cgi, was it a proxy, where the message actually originated from (usually but not always), etc.. Looking into the body of the message usually gives you links to the people that advertised through the spammers. LART everyone and send a copy to uce@ftc.gov. Report the open relays to the various DNS blacklist maintainers. Report repeat offenders to their upstream. Report the stock scams to the SEC. Report the penis enlargement pills to the FDA. Report the Nigerian Money scams to the Secret Service. Don't through the message away. Take a few minutes and do something with it. At the very least forward it to the FTC's dropbox. At the very least.
Your post reminds me of KKK members who truely in their hearts believe they are doing something good for this world.
It doesn't matter that your e-mails were only 1k, you f***ing jerk. I am forced to switch e-mail accounts every 4-6 months because of idiots like you. Sifting through a list of headers containing 1k e-mails and 100k e-mails makes no difference whatsoever.
How about my buddies and I (about 10,000 of them) pin you down and pummel you with punches all day long. Don't worry, though, they will be "polite" and "little" ones. What was that - you didn't ask to get punched?
This kind of practice is what will, sooner than later I suppose, drive e-mail back into the dark ages. Wake up!!!
Get your own domain 'sugrshack.org', and set up an MX record for 'lists.sugrshack.org' pointing to some static-IP Unix-like machine where you can set up a virtual SMTP domain (e.g. Qmail).
When you visit ZDNet and subscribe to their mailing list, you subscribe as 'zdnet@lists.sugrshack.org'. When a mailing list starts selling your address and refusing to honor unsubscribe requests, you simply stop accepting email for the one address 'zdnet@lists.sugrshack.org', and the problem is solved.
There are a few complications to this approach. The biggest hassle I have is that I do need to post to several lists that restrict posting to 'members only', which means I need to adjust the 'From' address on outgoing messages to reflect the address with which I subscribed.
I don't have to worry about forgetting what address I used when subscribing, as Qmail will included a 'Delivered-To:' header for each message received to a virtualhost/alias.
Another drawback is that I get even more spam than before (identical spam runs addressed to each of many aliases). However, spam sent to 'expired' aliases is easily filtered out and discarded.
I do not deploy Linux. Ever.
For what values of sense are we talking about? Take a look at GoogleGroups search of news.admin.net-abuse.sightings, and let me know how to your legitimate mystery shopper offer from all the others: URL from Hell Quite a lot of it, isn't there?
One line blog. I hear that they're called Twitters now.