Slashdot Mirror

← Back to Stories (view on slashdot.org)

Anti-Spammers Wage E-War

Posted by michael on from the no-quarter-asked-or-given dept.

ncstockguy writes "To its credit the Hartford Courant followed up with a second article this time from the perspective of an anti-spammer." The first story was about the life and times of a spam king.

23 of 418 comments (clear)

  1. Never actually noticed.... by theRhinoceros · · Score: 5, Interesting

    From the article:

    "They are every fly-by-night artist that ever wanted to place a tiny little ad in the newspaper and get away with it," Frederick said. "I have yet to see one legitimate product advertised in an e-mail that I didn't ask for."

    Never thought about it before until now, but I don't recall ever having ever seen one either...

    1. Re:Never actually noticed.... by Mwongozi · · Score: 5, Insightful
      Even if I did, I make it a policy never to buy from companies that spam me, using e-mail or snail mail or telemarketeering or whatever.

      If I want their business, I will go to them. Spam me, and you will never, ever, get my money.

    2. Re:Never actually noticed.... by Chilles · · Score: 5, Funny

      Legitimate businesses usually refrain from actual spamming because they are easy to find and easy to get back at.

      A major dutch newspaper (I'm dutch) once sent several tens of thousand e-mails through a known spammer advertising subscriptions. They received more than 10 thousand complaint e-mails, a few people canceled the subscription they already had and all public e-mail adresses they had were subscribed to so much e-mail/spam lists by disgruntled recipients of their spam that their internal e-mail system got overloaded several times during the following month.

    3. Re:Never actually noticed.... by pi+radians · · Score: 5, Informative
      If I click on the unsubscibe link, my email comes back undeliverable 75% of the time, and I seem to get more spam each day!

      Ahhh! That's the worst thing to do. All of the ones that DON'T come back undeliverable now know your email address is being checked and read. Not only are you telling them to send out more stuff to you, but they can sell your address to others for a greater amount of money. Never ever ask to unsubscribe. It's better to just right a filter that deletes it immediately.

      --

      sin(6cos(r)+5A)
    4. Re:Never actually noticed.... by Peter+Harris · · Score: 4, Funny

      Aaaah! Damn you, gentix! You just made me visualise someone wearing only a white lab coat and geeky specs, who had taken advantage of all 3 offers.

      --

      -- What do you need?
      -- Gnus. Lots of Gnus.
    5. Re:Never actually noticed.... by pmz · · Score: 5, Interesting

      One other thing to look our for is HTML email (gack!) with loads an image from the spammer's site. There's usually some id tag sent with the image request so that the spammer gets confirmation on your email address just by reading the email.

      Ugh. This is the absolutely worst aspect of HTML e-mail. Just by sending you an unsolicited HTML e-mail, a company can get your browser model and version, whether JavaScript and Java are enabled, your IP address and hostname, the operating system, and roughly where you are located in the world (sometimes down to the city). First, they know you check your e-mail; second, in one click, you just provided a wealth of marketing information; and, third, they can tailor their future e-mail to your system's security vulnerabilities.

      Does anyone know of cases, where e-mail was used to install spyware on the client?

      Whoever first concieved of HTML-based e-mail should cower in shame for lack of foresight. And all those who chose to implement HTML-based e-mail clients should also cower in shame. HTML-based e-mail is simply irresponsible. I'm simply tired of people who insist in making their e-mail pretty, while unknowingly sacrificing their privacy and security.

      --
      Healthcare article at Kuro5hin
  2. I feel so used... by ackthpt · · Score: 4, Interesting
    Someone used my email address (I live in California) to spam people, I received a number of bounces in my mail box. The spammer's phone number is in Washington state and I did a little review of the Washington state law (a helpful link, but not sure it helps me. Further, the Washington AG's site isn't currently accepting complaints due some vulnerability (guess who probably took a crack at exploiting that?)

    Sign me up for the war, want revenge for this, feel free to advise.

    --

    A feeling of having made the same mistake before: Deja Foobar
  3. How to Stop Spam by fortiter1 · · Score: 4, Interesting

    Yes, most ISPs terms say that you can't send spam. That's not enough. The terms should mandate a fee of $1 for every email address you send to if it is determined you sent spam. That way, if they want to send out spam their credit card would automatically get charged. Make the spammers pay for sending out their junk.

  4. Some of us go to great lengths by SkyLeach · · Score: 4, Interesting

    to stop spammers.

    I have an account I purchased from spamcop.net. I never used the email address onything (i've never even checked it) and it's bounsing spam every day.

    Spammers hack systems to get accounts, they harvest them, they buy them (illegally) from state agencies. These people are scum and I consider it my right, duty and priviledge to take them out whenever and wherever I can find them.

    I am in the process of building a snort utility specifically designed to track down the home IPs of spammers (in the US at first).

    I won't go into details on what I plan to do when I get some, but rest assured it will be neither pretty nor legal.

    --
    My $0.02 will always be worth more than your â0.02, so :-p
  5. Spam Assassin by totallygeek · · Score: 5, Informative
    Let me say that I have never been happier since installing Spam Assassin. I reset the threshhold to 8, and get maybe five spam messages a week, as opposed to the more than 100 per day!

    --
    Click here or here.
    1. Re:Spam Assassin by Zathrus · · Score: 4, Insightful

      get maybe five spam messages a week, as opposed to the more than 100 per day!

      No. You still get 100+ per day. You just don't see them in your mailbox. But the bandwidth and storage space have already been eaten, and that's really what's evil about spam.

      I'm all for programs like Spamassassin, blackballing systems (run right), etc. But they put a thin veneer over the real problem - that boatloads of bandwidth and storage space is being sucked up by noise -- the vast majority of people don't want this stuff, and the cost of transporting it is being passed directly on to the consumer.

      What, you think you don't pay for it? Has your internet service increased in price recently? Has the level of service on it remained the same for the past 3 years? Still able to download/upload stuff at the same rates you could 3 years ago?

      I really, really hate to say it, but I'm increasingly convinced that the only way to stop spam is to do so through the legal system. The vast majority of spammers are within the US - either they source the mail from the US or they are US citizens using foreign resources. In either case prosecution under either current anti-fraud laws or (ick) new anti-spam laws could seriously reduce the flood of spam.

      Yes, it would probably take some international cooperation on the legal front. But there's a helluva lot more of that then there is on the technical front. Sure, technical solutions (refusal of service, leaf node filtering, etc.) work in theory. In reality they've failed. Miserably.

      Seeing the NY AG sue Monsterhut for fraud and violations of consumer rights statutes makes me happy. And I sincerely hope that it's just the tip of the iceberg on that kind of case.

  6. Don't rule out Neil Schwartzman by cecil36 · · Score: 4, Funny

    Anyone remember his anti-spam campaign against one Bernard Shifman?

    Shifman Is A Moron Spammer

    Schwartzman's anti-spam page

  7. A thought ... by robstercraws · · Score: 5, Funny


    This article made me think of a slightly modified version of the question asked in the article yesterday about The True Story of Website Results: If you could press a button and kill a spammer on the other side of the world, would you do it? And would you even need to be paid the million dollars? ;-)

  8. Re:Valuable Products? by Mr_Silver · · Score: 4, Insightful
    I don't even know why spammers bother. Does anyone really fall for 'Have a bigger penis in 3 days' or 'Lose 50 pounds in 23.2 seconds' or any of the other common spams?

    Unfortunately a lot of people actually do fall for it - that is, enough of them to make spamming 15 million people worthwhile.

    Until those sort of people stop replying and purchasing these "products" from spammers, then we will continue to see spam in one form or another.

    --
    Avantslash - View Slashdot cleanly on your mobile phone.
  9. Why bother fighting? Here's why by zaren · · Score: 4, Interesting
    "It's really theft of services. It uses my connection, my equipment and my in-box, which I pay for," Roth said. "With postal mail, the sender pays for it. With spam e-mail, the receiver pays for it. Big difference."

    People will say that spam is the same as junk snail mail, but it's not. "Legitimate" junk snail mailers will happily bear the cost of sending their messages, knowing that they are advertising a legitimate product or service. Spammers push that expense off on the people receiving their message.

    To further the theft of services concept, an overwhelming majority of spam is sent through open or unsecured mail relays. This means that people who have no legal right to use those services are using them, much like someone who splices into an apartments building's cable tv system to get free cable. And as I always point out in my spam complaints, there's always this little gem:

    Advertising via unsolicited e-mail is trespass to chattel and theft by
    conversion. That was established in Federal court in 1996/97 in Compuserve
    vs. Cyberpromo, heard in US District Court in Ohio by one Judge Graham.
    Spammers routinely also use third-party relay, which is outright theft of
    services and a violation of the Federal Computer Crimes Act, to wit,
    unauthorized access to a computer system.


    -----
    Darwin is an evolutionary OS...
    --
    Apple hardware still too expensive for you? How about a raffle ticket?
    --
    Come to the University of Mars! Classes starting soon!
  10. Re:Auto respond with "remove and unsubscribe" by Howzer · · Score: 4, Insightful
    This will rarely work as you intend. Sure, it will clean some spam out of your inbox. But most spam, as the article describes, is sent by professional spammers. These people almost ALWAYS change the "Reply To" field on the email. And you still paid for the download, either with real money or your precious time.

    Because they fool around with the headers, that "remove and unsubscribe" email you sent goes nowhere. Unless of course your script is digging down into the body for the "real" email - but then in the spam I get it's mostly phone numbers "A Degree in 1 Day!" etc.

    I'm surprised you haven't noticed the bounces in your inbox "User Doesn't Exist" etc.

    Nice try, wish it worked for more than a small percentage of spam, but it won't. It may even _increase_ the amount of spam you get, as it verifies your address is "live".

  11. The answer by Technician · · Score: 4, Interesting

    Due to the massive abuse, e-mail may simply become a thing of the past. I am gradulaly moving to a web form and dropping e-mail. To write me, visit my page and fill in the online form. I'll soon no longer have an inbox.
    As inconvienient as that is, it fixes most of the problems of the e-mail system. Mostly it will not accept any bulk mail from anybody.

    --
    The truth shall set you free!
  12. I just can't do that by Sycraft-fu · · Score: 5, Interesting

    Unfortunately I can't afford to be quite so idealistic. I've had people call/mail me that are offering services that I someday want to use. I wouldn't have internet accesses if I went by that motto since the cable company, the phone company and Sprint (they do wirless internet here) have called me to try and sell me stuff. Unlike SPAM, I find that people are actually offering me (or at least are companies that have offerings) something that I want. I don't think I've ever bought from a sales call, but I've bought form companies that make them.

    However I find SPAM very different from telemarketing/bulk mailing for several reasons:

    1) The telemarketers/mailers are 99.9% of the time legit bussinesses offering legit products. When Cox calls to sell my high speed internet access, they aren't playing around, they can and will make good if I want. When I get a book of coupons in the mail, I can really go and use those for the products on them. SPAM is fradulant so often it's not even funny.

    2) Also, with classic methods, the sender pays. The company calling me is paying for the long distance time, the mailer pays postage. It doesn't cost me anything other than wasted time (and there is plenty of stuff that does that). SPAM costs me money, which makes me angry.

    3) However BY FAR the most imporant reason in my mind is that when you ask a telemarketer/bulk mailer to quit, THEY WILL. Since they are real, legit bussinesses and DON'T want to get sued, they'll obey they laws and stop contacting you if you tell them they have to. When a telemarketer calls you, ask to be placed on their do not call list, they have to maintain one and you can sue tehm if tehy call you again (unless you buy something from you, then you have a bussiness relationship so they can contact you if they like). Also a lot of companies get your address from teh credit reporting beuarues. SO call up Equifax and ask them to stop giving it out. They'll tell you what you need to do (submit a request in writing I think) and then they will, and pass it along to the other two.

    It really is the unrelenting, fradulant nature of many spammers that gets me. For the longest time I got a ton of spam from a place that wanted to allow my bussiness to acept credit cards. Well the thing is I don't HAVE a bussiness, and I already have service to accept cerdit cards anyhow. No matter, these assholes spammed me 2-6 times PER DAY. And of course they didn't say who they were or anything, just asked you to e-mail them (to a yahoo address) with a name and phone number to call.

    Stuff like that really pissess me off, I eventually had to resort to a technical solution to make them stop. However when AT&T long distance was pestering me (about 1 call every 2 weeks) I just told them to put me on a DNC list and I've never heard form them since.

  13. Approach = failure, motive = weak. by bitchx · · Score: 4, Insightful

    Let's take a secomd and evaluate our "Mr. Roth," and determine if he is adding or subtracting value from the network.

    Martin Roth aka lumbercartel@hotmail.com


    Martin Roth aims to solve the spam problem by educating spammers about proper e-mail marketing practices. But to educate them, he first has to find them.


    Well, that sounds like a plan.


    With practiced ease, Roth launches software tools with names such as "SpamCop," "SpamKiller" and "Sam Spade." These, along with multiple online accounts, help Roth comb through the junk e-mail pile for clues to the spammers' identity.
    It's embarassing to use these tools because of the raw number of false positives they generate. Of course, for click and drool "d00dz, d3l3t3 yur spammer NOW!" people like Roth, that's a-ok. Of course, let's note that he belongs to a group that calls itself "Spam Wranglers Action Team," which by naming itself something stupid has demonstrated idocy.


    But others, such as spam messages that appear to have been sent by an Internet newcomer, may present a better opportunity. A rookie spammer may fail to disguise headers and return addresses, create an amateurish sales pitch or promote a common multilevel marketing scheme.
    So, go after new spammers because it's easy? Well, I guess they are easier to convince to change their ways, but if he really wanted to stop spam he'd be going after the mega-houses.


    "Here's a guy maybe you can educate," Roth said, pointing to one such message among the scores before him.
    What kind of education do you think this guy is going to get?


    With that information in hand, Roth then reports the abuse and asks that the spammer be cut off. Many Internet providers will comply, since the sending of spam is usually prohibited by their own user policies. Providers that don't comply could face the prospect of being added to the blacklist of companies that support spamming.
    Oh, that's some quality education there, sir.


    As he speaks, Roth's computer erupts with the sound of gunfire once more. Roth
    smiles broadly.

    "Got another one," he said.


    And that, my friends, is why these people do it. Because they enjoy the feeling of power that cutting people off the net gives them. They are like petty IRC dictators, typing "/kill .*@.*aol.com".

    Martin Roth is doing nothing to help the spam problem, and he is a poor choice of people to profile. Martin Roth is yet anoter Maryanne Kehoe

    --

    I'm the best IRC client ever.
  14. Whoa, wrong! by macdaddy · · Score: 4, Insightful

    Don't just delete it. Everybody deletes it and it does no one any good. LART it (read: report)! If you take a few minutes to look into the headers of the spam you'll find a wealth of information. Was the message sent through an open relay, was the message sent through a vulnerable formmail.cgi, was it a proxy, where the message actually originated from (usually but not always), etc.. Looking into the body of the message usually gives you links to the people that advertised through the spammers. LART everyone and send a copy to uce@ftc.gov. Report the open relays to the various DNS blacklist maintainers. Report repeat offenders to their upstream. Report the stock scams to the SEC. Report the penis enlargement pills to the FDA. Report the Nigerian Money scams to the Secret Service. Don't through the message away. Take a few minutes and do something with it. At the very least forward it to the FTC's dropbox. At the very least.

  15. Re:Legitimate products through spam by kaustik · · Score: 4, Funny

    Your post reminds me of KKK members who truely in their hearts believe they are doing something good for this world.
    It doesn't matter that your e-mails were only 1k, you f***ing jerk. I am forced to switch e-mail accounts every 4-6 months because of idiots like you. Sifting through a list of headers containing 1k e-mails and 100k e-mails makes no difference whatsoever.
    How about my buddies and I (about 10,000 of them) pin you down and pummel you with punches all day long. Don't worry, though, they will be "polite" and "little" ones. What was that - you didn't ask to get punched?
    This kind of practice is what will, sooner than later I suppose, drive e-mail back into the dark ages. Wake up!!!

  16. Re:problem with opt-in by Nonesuch · · Score: 4, Interesting
    sugrshack writes:
    ndeed this sounds like a noble and fair approach, but it's much more of an ideal-typical fantasy; one of the big problem of the so-called "opt-in" lists is that once you are on one, you can never get off; largely because the "companies" (read: spammers) that gather these addresses, sell them to others. This is why they do it in the first place.
    My solution

    Get your own domain 'sugrshack.org', and set up an MX record for 'lists.sugrshack.org' pointing to some static-IP Unix-like machine where you can set up a virtual SMTP domain (e.g. Qmail).

    When you visit ZDNet and subscribe to their mailing list, you subscribe as 'zdnet@lists.sugrshack.org'. When a mailing list starts selling your address and refusing to honor unsubscribe requests, you simply stop accepting email for the one address 'zdnet@lists.sugrshack.org', and the problem is solved.

    There are a few complications to this approach. The biggest hassle I have is that I do need to post to several lists that restrict posting to 'members only', which means I need to adjust the 'From' address on outgoing messages to reflect the address with which I subscribed.

    I don't have to worry about forgetting what address I used when subscribing, as Qmail will included a 'Delivered-To:' header for each message received to a virtualhost/alias.

    Another drawback is that I get even more spam than before (identical spam runs addressed to each of many aliases). However, spam sent to 'expired' aliases is easily filtered out and discarded.

    --

    I do not deploy Linux. Ever.
  17. Re:Legitimate products through spam -- HA! by AndroidCat · · Score: 4, Insightful
    It wasn't legit, it was spam. "just one more instance of spam -- which in some sense we were"

    For what values of sense are we talking about? Take a look at GoogleGroups search of news.admin.net-abuse.sightings, and let me know how to your legitimate mystery shopper offer from all the others: URL from Hell Quite a lot of it, isn't there?

    --
    One line blog. I hear that they're called Twitters now.