FTC Encourages Consumers to Forward Them Spam

Burl Ives writes "See this CNN Article. 'The FTC encourages consumers to forward any spam they receive to the e-mail address uce@ftc.gov'. I'd say if they've posted their e-mail on the web, they are probably getting as much as the rest of us already, which isn't to say I'm not hoping to see some discussion of using the statistical spam sorters to auto forward a lot to them in encouragement..." I've been using SpamAssassin for some time now with excellent results. Perhaps now I need to have my spam folder auto-forward to the FTC as well.

What will they do?

[pgrote]

I like the idea of forwarding the spam, but the question remains what will they do with it?

For instance, Yahoo Mail has a feature where you can forward Spam to their Yahoo! Customer Care department. Yet, you don't know what happens.

I don't know if this is a "feel good" attempt at showing that they are handling spam or they actually run some super secret program and change their spam variables.

I'd like to see what the FTC is doing with the spam sent to them. Are they going to start a black list? Will they take action against the spammers?

Re:What will they do?

[Amit+J.+Patel]

I used to send them all my spam, but like you, I started wondering what they did with it. I think I'd start sending them spam if they sent me a summary monthly of:

You sent us 1385 spam messages.
We had not seen 18 of them before.
We prosecuted 58 of the spammers:
13 were shot
19 were beheaded
26 were forced to read spam in prison

They'd probably get a lot better response rate that way.

- Amit

Re:What will they do?

[Coppit]

They prosecute when they can. And (blatant self promotion) they use grepmail to help them. I got a bug report from a guy on the project:

Specifically, grepmail -r reports a grand total of 3,046,173 messages, but MHonArc generated only 2,558,869 HTML files.

And you thought your mail archive was big. ;)

How about international use?

[vidnet]

Should I forward my spam even though I'm not American?

Re:How about international use?

[Angry+White+Guy]

If you're that interested, I would forward anything that apparently originated from the US, or is promoting US company interest. And lobby your government to do something about spam coming to your accounts.
Hopefully, an honest attempt will be made by the US authorities to combat spam, and it sets a precident in other countries.

Now if only Nigeria would set one up, I could do something about those damned 419 emails I keep getting!

If...

[darkov2]

...we find FTC commissioners have suddenly become very thin and rich with enourmous penises, we will know they got the spam.

Sample .procmailrc and .forward file

To use with spamassasin username is "cartman"

bash-2.05$ cat .forward
"|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #cartman"

bash-2.05$ cat .procmailrc
LOGFILE=/home/cartman/proc.log

:0fw
| /home/cartman/SpamAssassin/spamassassin -P -c /home/cartman/SpamAssassin/rules

:0:
* ^X-Spam-Status: Yes
/dev/null

Yeah and lets stay anonymous not to be a carma whore...

/cartman

Increasing the waste of resources

[ergo98]

Is this really necessary? Personally I'd think a much better approach would be to simply set up test accounts (not with .gov, but I mean on AOL, local ISPs, etc) and reference the email on a couple of webpages, and perhaps in a usenet posting. They will, without any doubt, very quickly get every spam that everyone else gets, without getting hundreds of thousands of duplicates of each and every spam. This idea of forwarding all spams, either a request or some people who have mentioned that they do this by default, is just a grotesque waste of internet resources, doubling or tripling the damage a spam does.

Having said that, spam is grotesquely out of control: My hotmail inbox now gets about 90 spams a day, and while Hotmail's spam filter catches most of them, I still have a noise floor as a dozen or so make it into my inbox every day (and conversely I have to go through the Junk Mail folder every week or so as real emails get stuck in there, particularly when associates or friends use subject lines like "BTW").

This is news?

[uhmmmm]

Heck, it even made it into a slashdot poll

Read about Microsoft's efforts to do this.

[fmaxwell]

From http://www.bbspot.com/News/2002/03/block.html

Microsoft Unveils New Spam Blocking Technology
By Francisco Rangel

Redmond, WA - Microsoft has taken a new step in the ongoing fight against spam. The software company will offer a new Spam Blocking service named "Block XP". Initially, the service was tested on Hotmail accounts, but now is included as an IIS Service.

At a press conference, Steve Ballmer explained, "Our new system is guaranteed to only let through the e-mail that you want to see." He then proceeded to dance around singing, "Unspamable! Unspamable! Unspamable! Unspamable!"

Bill Gates spoke to the audience, explaining how the system works. "We've replaced unreliable computer filtering with specially trained third-world laborers. These workers, or 'Spam Blockers' as we like to call them, will personally check each and every one of the e- mails you are getting. Any suspicious messages will be sent to a Junk Mail folder or deleted right away."

The initial Hotmail users, were impressed by the new technology. "This system really has cut down on the spam I've been receiving. Come to think of it I haven't gotten any e-mails recently," said Harold Gorman, MSCE.

Consuela Xiang a 12 year old veteran employee of Microsoft's Block XP project said, "I get mail. I delete mail. I eat today."

Some users did remark that they were receiving more "special offers" about Windows XP and MSN than they did before the system was put in place.

George W. Bush chastised Microsoft for exporting e-mail monitoring jobs when the US had a fully staffed FBI already in place.

Sorry, but it looks like someone beat you to the idea. ;-)

Re:Self-inflicted DDOS

[RiotXIX]

...and then blames terrorists.

Re:Some costs of spam.

[realgone]

Ah, the "lost time" argument -- rhetoric at its most manipulative and least accurate. (Nothing personal against you, arkham. Your post was actually an entertaining read.)

The fallacy here is in assuming that every employee exists in a continual "on-and-working" state from the moment she sits down at her desk. Under such an assumption, 10 seconds spent doing something else equals 10 seconds of quantifiable production loss. Problem is, most white-color jobs are task based: I need to get X done today, where X equals a presentation, a subroutine, a sales call to Duluth -- whatever. Ten seconds spent doing something else don't result in 10 seconds less of X.

The only place where these efficiencies would truly come into play is repetitive (and, might I add, borderline inhumane) assembly line work like meatpacking. And I'm assuming most meatpackers are less concerned about getting spam than making it.

Heck, given the original argument, we could calculate astronomical amounts of monetary loss for just about everything. Employee time spent blinking could bankrupt a third world country. The time spent typing smiley faces? There goes Luxemburg. =)

Re:I won't do it

[Guppy06]

"and that the government should not be allowed to restrict the free flow of information"

Please allow me to gratuitously quote myself:

I have seen some ineffective bills drift through both houses of Congress that are written to allow unsolicited messages so long as they have an "opt-out" mechanism. Ignoring the fact that such legal loopholes would essentially negate the law entirely (can you prove that you tried to opt out?), it quite literally sickens me the way some of your fellow members of Congress feel that spam is somehow an issue dealing with the freedom of speech. The mere existence of the internet and the supposed changes it has on how business and the legal system work (even though such "changes" have been shown to be a lie) have helped to convince these poor fools that people should somehow have a right to use and abuse the property of others. Does my neighbor have the constitutional right to break my kneecap so long as they provide me with the ability to "opt out" of future kneecappings?

The United States Constitution guarantees that all citizens are free to say what they want. It does not guarantee a soapbox upon which they can say it. Just as I am not guaranteed the right to have a billboard on Interstate 10, spammers should not have the "right" to use the resources of others simply because they're there.

Spam isn't about the "free flow of information." It is the equivalent of graffiti. You are free to say whatever the hell you want, just don't use my e-mail account space.

SpamAssassin

[ceswiedler]

For me, the killer app for using Linux at home was fetchmail / IMAP / procmail / SpamAssassin. I was using POP3 to download email from several accounts, into mail clients at home and at work. I was tired of re-downloading the same messages, and of sorting the messages into folders in one place and having those changes not reflected other places.

So I set up my Linux server, which up to that point didn't do much except NAT, to fetchmail my messages from various accounts, run them through procmail and Spamassassin, and then publish the messages via IMAP. Now my email is accessible from anywhere, through an IMAP client or over the web (running IMP) or through ssh/pine. It's filtered for spam and sorted into folders, and I can back it up easily.

I wish Mozilla mail supported addressbooks stored in IMAP folders, but instead I have to run an LDAP server (way overkill) to manage contacts. IMP's address book component, Turba, is just about the only LDAP client which acts like a sensible contact manager and allows adding / editing entries.

I'm serious when I say this is a killer app for me. Before, I could have replaced my Linux server with a NAT router and not really missed it. Now it's essential to the way I work and communicate.

Re:SpamAssassin

[ceswiedler]

If I have time I'll write a formal HOWTO and maybe submit it to /. In the meantime, here's a synopsis:

You need a Linux machine with a static IP address. If you can't have a static IP I suppose you can play games with dynamic IP addresses to access the server. Get a DNS entry to make it easier to access.

Set up fetchmail . Fetchmail is a simple program (written by ESR) which downloads mail via POP or IMAP. You configure it with your mail server, username, and password, and it downloads mail to the local machine. Actually, it re-delivers your mail locally. Your remote email might be chris2912@earthlink.net, and your username on your Linux server might be ces; fetchmail delivers the mail it downloads to ces@localhost.

At this point, you can use pine or mutt to read your mail. By default, they read mail from your local spool. Note that your "inbox" is /var/spool/mail/username, but other mail folders are usually under your home directory. Configure pine or mutt to put your mail folders in ~/mail.

Install procmail. Procmail allows you to set up filters for handling mail. It will let you move mail to a folder based on sender (something like various mail client's rules) and more importantly, it will let you run SpamAssassin (or junkfilter, but I recommend SpamAssassin). Set up procmail to run SpamAssassin on each email, and then either delete the spam or move it to a certain folder. The SpamAssassin documentation is pretty clear on how to do this. Make sure procmail is configured to use the folders in ~/mail.

Install an IMAP server. I use the standard UW server; there are others. The UW server runs via [x]inetd. I recommend setting up the SSL support (imaps).

What IMAP does is allow you to access your email remotely, without downloading it like POP. Mail is kept on the server, in folders. Through an IMAP client, you "subscribe" to a certain set of folders; these are the only folders IMAP clients will see. You want to configure your IMAP clients to use ~/mail as your root folder; otherwise you will see any other folders in your home directory (IMAP isn't limited to email).

When you set up an IMAP client (Outlook will work, though Outlook 2000 has an annoying bug, always reporting "server dropped connection", I use Mozilla mail) you provide the IP address of your server, and your username and password on that server.

IMAP is strange about deleting. Many IMAP clients by default want to move deleted messages into a folder. That's okay if you want to do that, I prefer to actually delete them. Even if you actually delete a message, it is only marked as deleted; it's still there until you purge it. Pine asks if you want to purge messages when you leave a folder; other clients do similar things.

Finally, install a web email package. IMP is the best, but it can be very hard to set up. I resorted to another package called squirrelmail before I finally got IMP set up. Squirrelmail is perfectly fine. Configure the package to use IMAP, using localhost as the server.

That's the basic points. Email me at ceswiedler@mindspring.com if you want any further help.

Expiring subdomains are very helpful against spam

[DocSnyder]

If you're running your own DNS and email server, use email addresses with subdomains which will become invalid after some time.

For example, I'm a quite active Usenet poster, using "[something]@expires-[year][month].[mydomain]" as my email address. "expires-200209" means the entire subdomain will be kicked after Sep 30. After that time, the spammer won't find a MX record for that subdomain and has no possibility to annoy me with his junk.

For legitimate correspondents, I'm telling them email adresses with a subdomain which will never expire or only very far in the future.

Running the risk of having my cute web server /.'d until it blows the whistle, here is a more detailed draft.

/.
DocSnyder.

Re:Be Careful What You Wish For

[elemental23]

I had exactly the opposite problem. Earthlink has an address where you can forward spam, and every time you do, they send you an acknowledgement message!

What address are you sending it to? Spam originating outside Earthlink's network may be sent to junkmail@earthlink.net. This mailbox does not send an auto-response. You will get an auto-response if you send mail to abuse@earthlink.net (or variations, ie, abuse@corp.earthlink.net, etc), but you should only send mail to abuse if it originated on Earthlink's network.

Then I carefully read their web page about forwarding. The only people they are going after are the ones that use Earthlink's own facilities to send spam.

This is correct if you are referring to mail sent to abuse. What can Earthlink do about spam from a MSN (for example) user?

Mail sent to the junkmail address, on the other hand, is forwarded on to Brightmail who runs Earthlink's Spaminator. They will consider it for inclusion in their incoming mail filters. So this mail is being looked at, and something is being done with it (albiet not by Earthlink directly).