Slashdot Mirror
Meet the Spammers
DaveAtFraud writes: "It took a little digging to find an on-line copy of this article that I first saw in my treeware daily newspaper. Thanks to the Salt Lake City Tribune for having it on-line. According to the Spamhaus project, a handful of people are responsible for 90% of the spam that clogs you in box. This is your chace to hear from them and what they have to say is quite interesting. If you don't think the filters and blacklists work, one spammer whines, "My operating costs have gone up 1,000 percent this year, just so I can figure out how to get around all these filters." Stopping spam is simply a matter of economics. When its uneconomical to send spam, people will stop sending it."
I don't know why people think laws against spammers would be ineffective. Even a threat of legal/finacial action against them would be a huge deterrent in sending spam. Heck, if it reduced it 10% wouldn't it be worth it?
Of course, intelligent filters and the like are the best way to treat the symptoms, but they don't treat the problem.
Moderation: Put your hand inside the puppet head!
"My operating costs have gone up 1,000 percent this year, just so I can figure out how to get around all these filters."
And yet he persists.
In the great tradition of slashdot, I haven't read the article, but I assume he's making enough money to cover his costs and then some, else he wouldn't continue. Now, I'm also assuming that companies are paying him to send spam - there's no way he'd make enough of responders.
This has probably been said before, but why are we getting pissed off at spammers? It's the companies we need to "educate" as to the evils of unsolicited e-mail. That's where the money and motivation comes from. Maybe we should e-mail every company in the world and explain to them why they shouldn't spam...
Maran
You reaally oughta love this quote from a friggin' spammer of all people.
ich bin der musikant
mit taschenrechner in der hand
kraftwerk
This AP article has been making the rounds. It's rather shoddy journalism in that it takes the words of the spammers completely at face value. Seeing as how Rule #1 is "spammers lie" you can imagine how well this approach works.
You know we couldn't pass a law like that. Well, maybe in Texas.
Well, operating costs are more than just money. If it takes 1000 seconds to send his bulk mail instead of 1 second, then his operating 'costs' have gone up. If it takes him 6 hours to find a new tool to get around a new filter, instead of 1 hour, then his costs have gone up also. Granted, the return for that time spent is still obscene, but any increase in their operating cost is good. Plus, the sheer visceral pleasure that we enjoy seeing the spammers having a 'hard' time is a bonus also.
On one matter, however, spammers and their nemeses agree: the United States needs a federal spam law
The article claims this... and yet we see big spam houses fighting anti-spam laws left and right everytime they're proposed in the legislature for a state. And I seriously doubt they comply with the current anti-spam laws in the few states that have them -- since all they have is an email address and no state of residence information.
Frankly, I'm for a reasonable anti-spam law (one similar to the junk fax law, which has worked well). Obviously it's not as clear cut as junk faxes -- with them you can find out who sent you the junk. Spammers routinely obfusacate their information as mentioned in the article. I'm tired of the amount of spam I get, and unless you run your own mail server (something not viable for the vast majority of the Internet populace, and not even viable for the majority of the geeks) there's no way to block it.
Not that blocking really helps -- the bandwidth has already been consumed. The only thing blocking does is automagically delete it for you. I'd like the bandwidth back personally.
{pause to let my boiling blood cool down}
Lets see:
1) you send mail people don't want.
2) they have to pay for it
3) it's legally questionable
4) (if you send porn) objectionable stuff will end up in front of children
5) And you're confused when we get pissed off.
DUH!
{goes rummaging for his clue-by-four and for the sourcecode for spamassasin... I need to tune my procmail filters anyway.}
Zapman
Stop the brainwash
I don't see a problem with it. They're in the business of unsolicited harassment too. Tell you what: if they want to opt-out of being stalked, I've got a fake email address that they can write to, and I guarantee that I'll take them off my stalking list.
I spent a year in Iraq looking for WMD and all I found was this lousy sig.
"My operating costs have gone up 1,000 percent this year, just so I can figure out how to get around all these filters."
Yes I feel so bad for him. Um, hello. Apparently he doesn't know what he's doing to other people. And, apparently he never receives any spam himself. I don't think he understands. If so many people are so unhappy about spam and block him and others, causing his marketing cost to rise, doesn't that give him a clue? Spammers have used others bandwidth for their own purpose long enough; let them pay a little themselves.
Will work for bandwidth
Yesterday I received a funny email that one of my clients was spamming. This email seemed to come from spamcop.net. What was starnge it was close to but not exeactly the warning typically sent by spamcop. So I sent them an email and here is the reply:
Spamcop spam is forged
Starting appoximately 12 noon EST 06 Aug 2002, spam purporting to be from spamcop (abuse@julianhaight.com) began being sent in an attempt to 'get spamcop in trouble'. This is a standard spammer tactic (joe job).
These messages were not sent by spamcop, and the claims made in them are false. Please disregard the email and/or block the originating IP address - 206.161.21.66 (cais.net). This IP has been blocked by SpamCop's blacklist since June. It appears cais.net is not responsive to complaints - their phone number (877-427-3368) leads to a computerized system with no attendant. It *may* be safe to block all of cais netspace: 206.161/16.
Please do not block mail from julianhaight.com or spamcop.net. If you cannot block by IP address, it is safe to block the origin email addresses, ( 'abuse@julianhaight.com', 'webmaster@julianhaight.com', 'webmaster@spamcop.net', 'abuse@spamcop.net') as no legitimate mail should be sent from these.
If you would like to contact someone at spamcop about this, you can send email to deputies@admin.spamcop.net. But please refrain from doing so. We are aware of the problem, and we are doing what we can to limit the damage. Unfortunately, since we're not responsible for sending it, there is little we can do to stop it.
More information on this career spammer is available from spamhaus.org
- SpamCop mgmt.
As you can see at least one spammer seems to be fighting back. You can also fing this on the web at http://www.julianhaight.com/forgery.shtml (I did not link directly to the site for obvious reasons. Maybe I should not even put this up?)
Mabey we should teach them a lesson and start refusing any connection from those IPs....
DRM? No thanks, I'll just get it somewhere else...
Dear interested spammer:
MEDICALLY PROVEN,
OUR PROGRAM WILL ENLARGE YOUR BUDGET,
NATURALLY........
You WILL Gain up to 1000% greater operating costs!
You WILL Get a larger budget!
You WILL Give your accountant MORE pleasure!
You WILL Stay IN DEBT, LONGER!
Most spammers see results within the 1st Month !!! Don't wait! CLICK HERE NOW!!!
I love to answer spam with really really lame messages, do your best to freak them out(if possible, try and fool them into thinking that you are a complete maniac).
Im not sure how effective it is to spam back at the spammers(most use anon email accounts), but it sure is fun. I actually got a couple of replys. One guy had spamed me with a mail trying to sell some sort penis enlargement pill.
I replied that i was hung like a horse, and it actually was a problem. Then explaining what a huuge problem it was for me, since i could only sleep with girls who have given birth to 3-4 kids. In the end i asked for a pill to make my penis SMALLER. Heres the fun stuff, he freaking replied on the mail. Telling me that he HAD a pill that made penis smaller, and how i could buy it.
I replied with a "christ, you're a idiot" and never heard from him again =D
I've also used this tatics before with a very "aggresive" danish religious movement(withnesses of jehova), who spends most of their time going from door to door trying to make people join them.
I told them i thought that Mary was artificially inseminated by aliens, and therefore our religon was something created by a higher race to make us calmer. It freaked the fuck out of them, and im pretty sure that they will NEVER knock on my door again.
Example: A email enters my
A few carefully crafted google searches revealed the other two articles in the series (although the Arizona Star seems to think it's a four-part series- I guess we'll find out tomorrow):
Part 1: It's a war, and spam foes are losing
Part 3: Anti-spam tools more aggressive but frustrated by e-mail's 'dumb' nature
I really hate signatures, but go to my website.
The website of the so-called "stalker" is at http://www.toledocybercafe.com/ivtg/index.htm.
Growing a Spam Killing Community -- "The purpose of this article is to discuss how to eliminate spam through a community of spammer killers. Why take a passive role in spam elimination and why use up precious time and complex tools to track down one spammer? Instead, let's create a community of spammer hunters to track them down and wipe them out, using their own methods against them. Forget killing spam, let's kill the spammers."
How to Download YouTube Videos
Oh, lighten up. It's not a commentary on free speech - just a simple observation on the human condition.
If you're gonna raise swine, don't bitch about the smell. We don't want to hear about it. If you're gonna shout advertisements on a street corner, don't complain when everybody walking by is wearing headphones or hearing protectors. If you're gonna send spam, don't complain about people using blocking software.
Is it just my observation, or are there way too many stupid people in the world?
Why exactly is he trying to get around spam filters?
If someone has a spam filter in place, there is not *way*
they're going to buy your unsolicited crap. There's no point!
A "paltry $250"!? That's more than most programmers (the ones who can still find jobs) make. The really sick part of this is that these guys are complaining that they're making only 90k a year sitting on their ass when hard working programmers can't find jobs.
The society for a thought-free internet welcomes you.
Better than filters would be a program that would trace the originator and auto-respond with 5-10 messages. Imagine if everyone receiving spam sent back 5-10 messages. Maybe then ISPs would put a stop to it.
I remember the first spam I saw, back in '94, IIRC. Some lawyer selling immigration services. I ran a cron job that night that mailed him a core dump every 15 minutes. It didn't take long to swamp his mailbox.
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
A similar thing happenned to me. Someone had sent hundreds of threating e-mails to someone else and forged my address in the 'from' field. The municipal police in my area of Ontario, Canada interviewed me because they researched my domain name and I explained how the 'from' address meant nothing and that forgery of such things is common place.
The officer told me she did not know why they gave her this case and that she did not own a computer!
Not to mention the operating costs of having to constantly find new isps and the time needed to constantly try to keep the current ones from dumping you.
Or the sheer of having to have an unlisted number with privacy options and even then having to constantly change your number.
Ever call Alan Ralsky? You have to leave a 5 second message(only your name) just to get him to answer his phone.
How exactly do you get new buisness when your affraid of who the next caller might be?
Expensive? VERY. It only looks cheap when you don't look at the hidden costs.
Any law against spamming can always be used against free speach
BULLSHI!
Spamming is not speech - regardless of how many spammers tell you otherwise... free speech is the right to say anything you want.. it is not the right to force people to listen to what you say, and it certainly isn't the right to force people to pay to listen to you.
Spamming has nothing to do with the first amendment.
"Well, things are not so bad; I can manage to unglog 25 outhouses per week nowadays, and business is actually booming, thanks to all that junk food", said Balan, a former spammer and junk e-mailer.
The only problem, he says, "up here in the muskeg, are those damn black flies and those drunken prospectors who shoot at me even if I have an appointment to unclog his outhouse". That's because he's forced to change truck every week because he cannot afford a new one.
But that's not his least of worries. Every so often, the bomb squad has to be flown-in because of a suspicious package destined for Balan arrives in the Post-Office. They are usually packages of dead rotten rats or opossums, but sometimes there is some catshit or worse. Everytime, the community points at him because the Post-Office has to be cordoned-off, which wouldn't be so bad if it wasn't also the local watering hole. And, everytime, the municipality has to pick-up the bill, so, for a few time, Balan had to fend-off some angry sober prospectors with prized bottles from his private collection.
...and, among other (really) interesting services (plus a detailed analysis of a proposal website), slightly proposed me to start a 'marketing campaign'.
:) ) or something like that.
what they 'said' (they make me understand the concept, but they never explicitly said it) was something like:
"We could send information about your company to users that could potentially be interested in your product, using some lists of e-mail addresses..."
And they asked for a price. Which wasn't that big.
So here is how spammers get paid: by convincing marketers that spam "might" be poiting customer attention to a website/product. And marketers go trying to convince CEOs and those who buy their services.
After all, spammers gets a little amount of money: why not try that, if it will cost you only few hundred bucks? from a company point of view, that's nothing.
And here the spammers get more and more money.
What I think would be needed is an article on some business-oriented magazine (say, the Economist, the Harvard Business Review, the Wall Street Journal) that explicitly *tells* CEOs and other managers WHY AVOIDING SPAM MAKES YOU SAVE MONEY (sound like a spam mail, doesn't it?
Like talking to them with their own language. No need to talk about bandwidth, e-mail, filtering, regexp. Just concepts.
Is anyone willing to help me write such an article? maybe someone with connections in such business-oriented newspapers...
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
Another telling quote:
Relentless anti-spam vigilantes have hounded the 35-year-old head of Empire Towers Inc., plastering Cowles' home address and phone number all over the Web. Spam recipients call to tell Cowles how they feel.
"These people will go to the lowest depths," said Cowles, of Bowling Green, Ohio. "I have some phone clips that would make you sick."
Ahem...
You want to talk about going to the 'lowest depths'?
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
So is there any reason why we can't use existing laws against them? It may not be a federal crime, but at least under some state laws, it's a crime to show objectionable material to minors. Get the information on the spammer and report it to your local law enforcement authorities.
What about wire fraud or mail fraud, or just plain old fraud? If these spammers are registering for accounts under false names, why can't they be prosecuted under fraud laws?
Vigilante tactics have their place too, of course. Any ISP that claims to have an anti-spam policy but in reality cooperates with these spammers should have their entire IP range blacklisted. After their legitimate customers (if they have any) can't get to websites or send e-mail, and cancel their accounts, those ISPs will either go out of business or rethink their policies.
Finally, grass-roots operations are all well and good, but the anti-spam movement won't make any serious progress until we get some money in our corner. Find some large corporation that hates spam as much as we do. You can't tell me that workers in these corporations aren't getting spam - some of them are probably even reading it. In an era where every dollar counts (especially if you overstated profits for the last two years), some corporation somewhere must want to put an end to this as much as Joe Everygeek does.
There is no sig, there is only Zuul.
Insulting the boot is a bootable offense!
Worm spamming. An outlook worm, which spams: it would connect to a website, get it's "instruction" (spam messages), then send itself along with the spam messages, to your outlook address list.
Now, which filter will be able to trap that, as it will always go to and come from legit addresses???
Scary.
All this article does for me is piss me off even more and make me want to block even more spam. I'll probably go out and dig up another couple hundred spamming domains for my blacklist.
Die spammers, die!
On Sunday the Detroit News featured three articles about spammers, including a front page story. Take a look here: http://detnews.com/2002/technology/0208/04/index.h tm for the stories. (Scroll down a little past the headlines)
So, you want to Meet the Spammers?
The beginning of the story is a bit dull, but it gets better near the end. Skip to the middle if you're too impatient.
Basically, this guy/gal conned a spammer to have a meeting in Amsterdam, and was able to get the spammer on a webcam! The photos are at the end.
(Yeah, slightly off-topic, but what the hell...)
I doubt, therefore I may be.
Dave Codding, president of Internet Direct, an Ohio-based ISP, said his company struggled for a year to get Cowles off his network. Codding said Cowles used a false name to open an account and threatened to sue if he was cut off.
It is well-established law in the US, and probably most civilized nations as well, that using a false name for a fraudulent purpose is illegal. Specifically, it's illegal to use a false name to hide relevant information about your past (e.g. lousy credit, criminal record), which is precisely what these slimeballs are doing.
Somebody needs to convince a local DA to make an example of one of these crooks. Once it becomes too risky to use a pseudonym, it will be a simple matter of convincing ISPs to black-list them.
/. If the government wants us to respect the law, it should set a better example.
The next level in anti-spam measures is to actually IGNORE them. Use "active" countermeasures... I am working on a front-end for email that requires an active response to any unknown email. And, while the email is coming in, the server waits 9 minutes between lines. If the new email is longer than a cut-off, and the sender isn't known, it accepts the rest. The idea is to tie up a port on the spammer (or forwarder) for as long as feasible. Email return addresses are checked, and if not valid, immediately deleted. And, as a last precaution, if there are any http: tags in the email, the address is checked, and if its numeric, the email is discarded. End of story. From then on out I ignore the spammers. I just don't see any, AND (as another benefit), I automatically hurt the spammers (having the port tied up). Also, I have a little GUI gizmo that shows me when UCE is coming in, and records the SMTP IP address. Since my server is running very slowly, I can actually catch them "in the act", and, if desired, start hacking on their box. What fun!
What we need is software like this. (Don't ask, mine isn't ready for release, and I don't code "collaboratively" -- I do it for my own amusement).
Ratboy.
Just another "Cubible(sic) Joe" 2 17 3061
Try telling that to a mother whos 5 year old son has just opened a "Chicks with d**ks" spam e-mail and followed the friggin link!!!!
Actually, I wonder what mother in her right mind would let a preschooler use a computer with a network connection and email. The TV is not a babysitter, and a PC is definitely not built for users without judgement.
If parents would take an active role in raising their kids, then they wouldn't fall victim to the entropy of exposure to inappropriate subjects.
The problem is not the porn on the net, it's the parents who don't take responsibility for their children.
[
No, there is a difference. Sure people can post signs, they can put up websites, they can do all sorts of things, but forcing the issue down the end-users throats through a medium in which the recipient may be paying just to receive it. Spamming is for a number of people the equivalent of having a telemarketer call you collect and the receiver having no choice to decline (this is illegal, of course).
But it doesn't stop there. It is bad enough that end users are abused in this fashion, but the distribution channels for the spam is just exceptionally bad. It is one thing if they had to foot the bill for mail servers and associated bandwidth, but instead they are scanning for open relays to *exploit* for their mail capacity and bandwidth usage. I was called in by one company with mediocre IT infrastructure, enough to be dangerous. They called saying that over the last few days mail through their server was taking hours to get anywhere, if it got anywhere at all. Well I go in and find it is an open relay, and the thing had 400,000 queued messages, among which there where about 350 legitimate messages to retrieve. I closed the exploit, and eventually recovered the messages of interest for them, but they lost a lot of time because of it and their bandwidth charges were really high because of it. Spammer's are doing wrong and they know it, why else hide behind other companies resources?
XML is like violence. If it doesn't solve the problem, use more.
I mean, really. Get a clue people.
. sourceforge.net/i -spam/dcc/
Tell you what, I'll point you to the clues:
http://razor.sourceforge.net/
or
http://pyzor
or
http://www.rhyolite.com/ant
And, no. The spammers can't get round them just by including random characters or personalising the mails.
Government of the people, by corporate executives, for corporate profits.
The spam articles are from the Associated Press and were published in the Houston Chronicle:
SPAMMED! PART I: A costly war of attrition
SPAMMED! Part II: Despite vigilantes, spammers keep e-mail flowing
SPAMMED! Part III: Anti-spam tools more aggressive but frustrated by e-mail's 'dumb' nature
Europe outlaws spam, but it keeps coming
The article complains about a "vigilante", but the woman, Karen Hoffmann, seems very reasonable: Karen Hoffman's website. She says fighting spam is her hobby.
He uses other peoples systems to spread his crap. He forgets that all this spam clutters up many mail servers and screws people who have to pay for their time on line.
This is not a crime, but talking to a 7 year old on line is? Hmm to me this would be one step away from pedophilia(did I spell that right?). What is the difference is you unknowningly send a 7 year old an email that has a URL to a porn site and says things like watch 2 girls do f***, or see cindy take it up the a**, and pedophilia?
Personally if I was their ISP I'd ban them from using my service. I know some ISP's do that. Maybe what we need is a list and take this list to the ISP and get them to ban these people from getting online. No service to spamers is a policy that some already have, if there was a list of people (maybe what is on the .org website that I can't get to right now) then we'd have less spam.
I'm not sure about the rest of /. but I am tired of my mailbox filling up with spam. I do like my new filters though, much of it goes straight to the trash. I still wish my ISP would let me set up my own personal filter rules on their system. Just for my own mailbox, so that I could delete some of these spam messages like the ones that have korean character sets that automaticly go to my trash on my local machine. This would actually cut my spam downloads by about 70%.
Only 'flamers' flame!
FCC hands out record $5.4 million fine to junk faxer.
It's only a matter of time before legislation similar to this gets passed by Congress targeting unsolicited e-mail advertisements (AP writes an article about the problems of spam, it's an election year... you do the math). Change your line of business soon, unless you want to see if you can break that record...
institute a nice, fat $1000 fine and forfeit all prepaid fees, and let'er rip.
Great, if you can actually collect the judgement..
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."