Slashdot Mirror

← Back to Stories (view on slashdot.org)

Meet the Spammers

Posted by timothy on from the ask-them-for-viagra dept.

DaveAtFraud writes: "It took a little digging to find an on-line copy of this article that I first saw in my treeware daily newspaper. Thanks to the Salt Lake City Tribune for having it on-line. According to the Spamhaus project, a handful of people are responsible for 90% of the spam that clogs you in box. This is your chace to hear from them and what they have to say is quite interesting. If you don't think the filters and blacklists work, one spammer whines, "My operating costs have gone up 1,000 percent this year, just so I can figure out how to get around all these filters." Stopping spam is simply a matter of economics. When its uneconomical to send spam, people will stop sending it."

11 of 713 comments (clear)

  1. There ought to be a law... by Zathrus · · Score: 3, Interesting

    On one matter, however, spammers and their nemeses agree: the United States needs a federal spam law

    The article claims this... and yet we see big spam houses fighting anti-spam laws left and right everytime they're proposed in the legislature for a state. And I seriously doubt they comply with the current anti-spam laws in the few states that have them -- since all they have is an email address and no state of residence information.

    Frankly, I'm for a reasonable anti-spam law (one similar to the junk fax law, which has worked well). Obviously it's not as clear cut as junk faxes -- with them you can find out who sent you the junk. Spammers routinely obfusacate their information as mentioned in the article. I'm tired of the amount of spam I get, and unless you run your own mail server (something not viable for the vast majority of the Internet populace, and not even viable for the majority of the geeks) there's no way to block it.

    Not that blocking really helps -- the bandwidth has already been consumed. The only thing blocking does is automagically delete it for you. I'd like the bandwidth back personally.

  2. Re:And yet... by jmv · · Score: 4, Interesting

    This has probably been said before, but why are we getting pissed off at spammers? It's the companies we need to "educate" as to the evils of unsolicited e-mail.

    Not exactly. You won't see well established companies sending spam (ever received spam from IBM?). Spam is most of the times for fraudulent/make money quick products. If 1/10000 people fall for it these companies still make a profit and they don't care if they piss off the other 99.99% since they wouldn't be buying anyway.

    --
    Opus: the Swiss army knife of audio codec
  3. Spammers fight back by MeNeXT · · Score: 5, Interesting
    It's funny that this came up today but I guess it's starting to hurt spammers and they are starting to fight back.

    Yesterday I received a funny email that one of my clients was spamming. This email seemed to come from spamcop.net. What was starnge it was close to but not exeactly the warning typically sent by spamcop. So I sent them an email and here is the reply:

    Spamcop spam is forged

    Starting appoximately 12 noon EST 06 Aug 2002, spam purporting to be from spamcop (abuse@julianhaight.com) began being sent in an attempt to 'get spamcop in trouble'. This is a standard spammer tactic (joe job).

    These messages were not sent by spamcop, and the claims made in them are false. Please disregard the email and/or block the originating IP address - 206.161.21.66 (cais.net). This IP has been blocked by SpamCop's blacklist since June. It appears cais.net is not responsive to complaints - their phone number (877-427-3368) leads to a computerized system with no attendant. It *may* be safe to block all of cais netspace: 206.161/16.

    Please do not block mail from julianhaight.com or spamcop.net. If you cannot block by IP address, it is safe to block the origin email addresses, ( 'abuse@julianhaight.com', 'webmaster@julianhaight.com', 'webmaster@spamcop.net', 'abuse@spamcop.net') as no legitimate mail should be sent from these.

    If you would like to contact someone at spamcop about this, you can send email to deputies@admin.spamcop.net. But please refrain from doing so. We are aware of the problem, and we are doing what we can to limit the damage. Unfortunately, since we're not responsible for sending it, there is little we can do to stop it.

    More information on this career spammer is available from spamhaus.org

    - SpamCop mgmt.

    As you can see at least one spammer seems to be fighting back. You can also fing this on the web at http://www.julianhaight.com/forgery.shtml (I did not link directly to the site for obvious reasons. Maybe I should not even put this up?)

    Mabey we should teach them a lesson and start refusing any connection from those IPs....

    --
    DRM? No thanks, I'll just get it somewhere else...
  4. a web-marketing company came to me... by kipple · · Score: 3, Interesting

    ...and, among other (really) interesting services (plus a detailed analysis of a proposal website), slightly proposed me to start a 'marketing campaign'.

    what they 'said' (they make me understand the concept, but they never explicitly said it) was something like:

    "We could send information about your company to users that could potentially be interested in your product, using some lists of e-mail addresses..."

    And they asked for a price. Which wasn't that big.

    So here is how spammers get paid: by convincing marketers that spam "might" be poiting customer attention to a website/product. And marketers go trying to convince CEOs and those who buy their services.

    After all, spammers gets a little amount of money: why not try that, if it will cost you only few hundred bucks? from a company point of view, that's nothing.

    And here the spammers get more and more money.

    What I think would be needed is an article on some business-oriented magazine (say, the Economist, the Harvard Business Review, the Wall Street Journal) that explicitly *tells* CEOs and other managers WHY AVOIDING SPAM MAKES YOU SAVE MONEY (sound like a spam mail, doesn't it? :) ) or something like that.

    Like talking to them with their own language. No need to talk about bandwidth, e-mail, filtering, regexp. Just concepts.

    Is anyone willing to help me write such an article? maybe someone with connections in such business-oriented newspapers...

    --
    -- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
  5. Re:I feel so sorry for this guy by Bonker · · Score: 4, Interesting

    Another telling quote:

    Relentless anti-spam vigilantes have hounded the 35-year-old head of Empire Towers Inc., plastering Cowles' home address and phone number all over the Web. Spam recipients call to tell Cowles how they feel.

    "These people will go to the lowest depths," said Cowles, of Bowling Green, Ohio. "I have some phone clips that would make you sick."

    Ahem...

    You want to talk about going to the 'lowest depths'?

    --
    The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
  6. The next step? by Pig+Hogger · · Score: 3, Interesting
    What could be the next step?

    Worm spamming. An outlook worm, which spams: it would connect to a website, get it's "instruction" (spam messages), then send itself along with the spam messages, to your outlook address list.

    Now, which filter will be able to trap that, as it will always go to and come from legit addresses???

    Scary.

  7. Next Level by ratboy666 · · Score: 3, Interesting

    The next level in anti-spam measures is to actually IGNORE them. Use "active" countermeasures... I am working on a front-end for email that requires an active response to any unknown email. And, while the email is coming in, the server waits 9 minutes between lines. If the new email is longer than a cut-off, and the sender isn't known, it accepts the rest. The idea is to tie up a port on the spammer (or forwarder) for as long as feasible. Email return addresses are checked, and if not valid, immediately deleted. And, as a last precaution, if there are any http: tags in the email, the address is checked, and if its numeric, the email is discarded. End of story. From then on out I ignore the spammers. I just don't see any, AND (as another benefit), I automatically hurt the spammers (having the port tied up). Also, I have a little GUI gizmo that shows me when UCE is coming in, and records the SMTP IP address. Since my server is running very slowly, I can actually catch them "in the act", and, if desired, start hacking on their box. What fun!

    What we need is software like this. (Don't ask, mine isn't ready for release, and I don't code "collaboratively" -- I do it for my own amusement).

    Ratboy.

    --
    Just another "Cubible(sic) Joe" 2 17 3061
  8. Re:This is *why* we need laws! by WEFUNK · · Score: 3, Interesting

    We certainly need laws, but I don't know how they're going to discourage the kind of people who think they can make money by sending spam filled with blatent spelling mistakes, that often makes no logical sense, and sometimes doesn't even have a means of actually responding to it.

    To really attack the issue, I think we need to first stop labelling everyone involved as a "spammer" when there appears to be a hierarchy of culprits, including:

    1. The ISP that provides refuge for spammers.
    2. The spam enablers that provide the software, lists, and sometimes mailing services.
    3. The spammer who may be an independent jerk, or who may be misled and effectively taken advantage of and pimped out by a #2 organization.
    4. The people who actually buy their products.

    Most spammers (#3) are just idiots that will probably keep on trying regardless of whether they ever make money, and there's a new one born every minute. It's #2, the spam enablers (or spam pimps, perhaps?), who should be the most vilified and attacked. They're the ones making money off of spam regardless of whether anyone actually buys it or make money and they present much larger targets. With empty promises of wealth, they take advantage of the idiots who make up #3 by taking their money in return for mailing lists and sometimes actually sending out the spam. Many of these "clients" are probably people with legitimate and sometimes severe mental health problems (hence non-commercial spam about aliens and time travel) who might never be diswayed by legal means without eliminating the means.

    Like prostituition, strong laws should be made against this kind of pimping activity (spimping?), both directly, and at the ISP (#1) level. Also, maybe an ISO 9000 type practices and auditing standard for ISPs can be developed and widely publicized. This might require that an AUP include certain anti-spam requirements, and/or that the ISP takes responsibility for bulk mailing. ISP's might be encouraged or even forced to restrict bulk mailing to lists that can be independently confirmed to be opt-in and/or have a verified individual who will sign-off to that effect (under penalty of law), and to label all bulk mail with a certain identifier etc.

    --
    My next sig will be ready soon, but friends can beat the rush!
  9. Re:I think... by Junta · · Score: 3, Interesting

    No, there is a difference. Sure people can post signs, they can put up websites, they can do all sorts of things, but forcing the issue down the end-users throats through a medium in which the recipient may be paying just to receive it. Spamming is for a number of people the equivalent of having a telemarketer call you collect and the receiver having no choice to decline (this is illegal, of course).

    But it doesn't stop there. It is bad enough that end users are abused in this fashion, but the distribution channels for the spam is just exceptionally bad. It is one thing if they had to foot the bill for mail servers and associated bandwidth, but instead they are scanning for open relays to *exploit* for their mail capacity and bandwidth usage. I was called in by one company with mediocre IT infrastructure, enough to be dangerous. They called saying that over the last few days mail through their server was taking hours to get anywhere, if it got anywhere at all. Well I go in and find it is an open relay, and the thing had 400,000 queued messages, among which there where about 350 legitimate messages to retrieve. I closed the exploit, and eventually recovered the messages of interest for them, but they lost a lot of time because of it and their bandwidth charges were really high because of it. Spammer's are doing wrong and they know it, why else hide behind other companies resources?

    --
    XML is like violence. If it doesn't solve the problem, use more.
  10. free enterprise?? With a price... by josepha48 · · Score: 3, Interesting
    This guy is a butt head!

    He uses other peoples systems to spread his crap. He forgets that all this spam clutters up many mail servers and screws people who have to pay for their time on line.

    Legally speaking, sending a 7-year-old an e-mail advertising hardcore pornography might be a nuisance, but it's not a crime, said Timothy Healy, chief of the FBI's Internet Fraud Complaint Center, based in Fairmont, W.Va. "There's not much we can do," he said.

    This is not a crime, but talking to a 7 year old on line is? Hmm to me this would be one step away from pedophilia(did I spell that right?). What is the difference is you unknowningly send a 7 year old an email that has a URL to a porn site and says things like watch 2 girls do f***, or see cindy take it up the a**, and pedophilia?

    Personally if I was their ISP I'd ban them from using my service. I know some ISP's do that. Maybe what we need is a list and take this list to the ISP and get them to ban these people from getting online. No service to spamers is a policy that some already have, if there was a list of people (maybe what is on the .org website that I can't get to right now) then we'd have less spam.

    I'm not sure about the rest of /. but I am tired of my mailbox filling up with spam. I do like my new filters though, much of it goes straight to the trash. I still wish my ISP would let me set up my own personal filter rules on their system. Just for my own mailbox, so that I could delete some of these spam messages like the ones that have korean character sets that automaticly go to my trash on my local machine. This would actually cut my spam downloads by about 70%.

    --

    Only 'flamers' flame!

  11. Spammers, Read This! by Guppy06 · · Score: 3, Interesting

    FCC hands out record $5.4 million fine to junk faxer.

    It's only a matter of time before legislation similar to this gets passed by Congress targeting unsolicited e-mail advertisements (AP writes an article about the problems of spam, it's an election year... you do the math). Change your line of business soon, unless you want to see if you can break that record...