Cornucopia of Spam

Eric Savage writes "The IETF, through IRTF, has formed an Anti-Spam Research Group. If there is any hope for a technical solution the problem, it appears the first significant step has been taken. More info here in itworld and here in ComputerWorld." Three more exciting spam related posts inside, including news from the Nevada legislature regarding spam, Arkansas dislike of the meaty email and "when students go bad" torklugnutz writes "The NV state assembly just voted 41-0 in favor of a bill which allows spam recipients to collect up to $500 per piece of spam. The new law also requires ADV to be added to the subject line so that recipients can more easilly identify unwanted ads. In addition, spoofing of sender's email address or having an invalid return address is made illegal. The old law imposed a $10 fine on spammers, but required prosecuters to collect it. This law will, more than likely, increase my chances of reading the spam I get so that I can try to cash in. So, maybe I CAN make an incredible amount of money from this "Amazing Offer""

And in Arkansas: A.G. Russell writes "With House Bill 1008, Subtitled "Unsolicited Commercial and Sexually Explicit Electronic Mail Fair Practices Act." Arkansas looks to join other states that have criminal and cival legislation in place to deal with spam. Can we help them craft this?"

And from academia: mansemat writes "Seems spammers are using a new tactic these days by paying students to send spam over univeristy networks. This particular student will be disciplined by losing his computing privileges, and being educated on the policy he violated. One can only hope the education includes being subscribed to every pr0n, male enhancement, mortage, etc. spam on the planet." Should have booted the miscreant.

What's the point?

[Omkar]

After all, we know how law-abiding spammers are. And how effective the government is in combating computer criminals. I really don't think this will make a difference.

Re:What's the point?

[cobyrne]

The point is that there is no point in a spammer sending out an email that does not contain instructions on how to obtain the product/service being advertised. And, therefore, it should always be possible to track down the person responsible for the spam. The point is that, without the promise of $500 for each violation, it was not economically viable to track down the spammer. Now, it may very well be.

I once managed to track a spammer to a town about 2 hours drive from where I live. If I had been able to collect $500 out of my efforts, it is something that I would do more often...

Re:What's the point?

As long as the "police" does its' job correctly by making horrifying scapegoat examples (think Mitnick) out of a few spammers, I can imagine a fair amount of spam cartels will go down.

As for other countries being unaffected by this law, I expect those countries will implement their own anti-spam laws after seeing this initiative.

Re:What's the point?

[Dan+B.]

Well if the goverment made as much money out of cracking down on spammers as say, speeding fines, with 'spamming fines', how much more aggressive do you think law enforcement would be on spammers? Then how many people would still do it?

It always about the money, or the budget.

Vicious circle I'm 'fraid.

But people will always speed ;-)

Re:What's the point?

[Dunark]

The point is that there is no point in a spammer sending out an email that does not contain instructions on how to obtain the product/service being advertised. And, therefore, it should always be possible to track down the person responsible for the spam.

There's a little flaw in this logic: It ignores the "joe job", which is spam that is sent to get someone else in trouble by making it look like they are spamming.
What do you do when the apparent beneficiary of the spam claims they were joe-jobbed?

Re:What's the point?

[WCMI92]

"There's a little flaw in this logic: It ignores the "joe job", which is spam that is sent to get someone else in trouble by making it look like they are spamming.
What do you do when the apparent beneficiary of the spam claims they were joe-jobbed?"

If they are a legitimate company, they are required to maintain records.

Records of payments to the spammer should be sufficient. No sane company is NOT going to record an advertising expense, as to not do so is to pay for it twice over.

Sure there will be illegitimate businesses that DONT do this, but if they are involved in "spamcains" to sell their wares, there will be MORE THAN ONE complaint. Claiming that they were "framed" may work once. Maybe twice, but over and over? Won't work.

The fact is, anti-spam laws WILL work if enforced, even if spam is originated overseas, because at SOME POINT, to make money from Americans, money and/or product has to be exchanged IN America...

Re:What's the point?

[Murrow]

The point is that there is no point in a spammer sending out an email that does not contain instructions on how to obtain the product/service being advertised.

Mostly true.

One exception I can think of off the top of my head is the pump-and-dump stock scam spam. All they're after is to get a bunch of victims to buy a worthless stock, push up the price, and allow them to sell the shares they've already bought at 1 cent for 20 cents.

Techinical solution

[Raul654]

Think of spammers like an infection. How does your body deal with it? It attacks the infections in a bunch of different ways. Why can't we do the same with spam? Rather than working hard for the magic bullet, why not use some combination of: Bayesian filtering, artificial bandwidth scarcity, blacklisting, aggressive collection of fines, targeting of domains that are advertised, etc. If you were to do all of these together, I'd imagine spam would not be a pleasant buisness to be in...

Re:Techinical solution

[gmuslera]

Following with the analogy of an infection... you can cure the symptoms or cure the disease as a whole. Doing things in your side simply minimizes how you feel about the problem of the spam ("it almost not happens to me"), but it will still rampart in the rest of internet, slowing things, making email an unreliable method of communication, and people will still be buying things from spammers. This only will make the problem grow much bigger and not matter what measures you had taken, you will be also as affected as the rest of the world.

Re:Techinical solution

[Steve+B]

Once again, Nevada takes the moral high road, leaving the rest of the nation to follow.

I for one would prefer to live in a country where prostitution was legal and the cops conducted nightly sweeps to round up and jail spammers.

Blacks Are People Too

[Mighty_Joe_Stalin]

The point is that no laws have been in place to go after spammers. I don't see where you're getting the idea that the government can't combat criminals using computers. Within this country, people get caught all the time. I mean, have you read Slashdot before? DMCA violations have been noted quite a bit - that law has been fairly well used. What makes you so sure that anti-spam laws won't be?

Not quite

[Raul654]

From the spammer's perspective, if he has to worry about huge fines and/or jail time every time he sends out spam, and if only 1% of the emails are getting through, and after 10 minutes his connection goes dead, how long is he going to be a spammer?

Re:Drink RagingCow!!!!

Whether via blogs or any other Internet media, you can expect ads to invade your screen a lot more following this law's implementation.

Re:Drink RagingCow!!!!

That'll be OK --- no-one reads blogs except the blogger and perhaps the blogger's Mum. Whereas everyone receives email.

Anyway, will anyone be able to tell the difference between ad-saturated blogs and the current thing? I suppose the spelling might get better when professional copywriters get to work. And the references to "mi cat mittenz 3 3 3" might be replaced with "my cat Whiskas".

once again

[JeanBaptiste]

All the spam I get is from asia, africa, and eastern europe.

Great that nevada passed the law, step in the right direction. But this would only apply if the spam or the company profiting from it came from nevada, right? I dont think the male enhancement people from belarus need worry about this law...

All they need to know

[kaltkalt]

As long as homo sapiens can freely send emails the spam problem cannot be solved. It's an analog gap of sorts. The MPAA/RIAA have to accept that as long as a human can hear or see it, it can be copied. We have to accept that as long as email is free, there will be spam. Why waste money researching solutions when there are none? Give the money to starving turtles or something instead.

Spam loopholes...

[SystematicPsycho]

Firstly, they can start by trying to get the following loopholes plugged with the unsubscription methods ..

o unsubscription method is not feasible. I received an unsubscription method that went like this

• "To unsubscribe by
• postal mail, please send a request to P.O Box ..... Florida - quote reference number #blah"

Who is going to send a snail mail letter long distance to seemingly be unsubscribed from a spam list? Now it's starting to cost _me money to be unsubscribed. The law says to have _an unsubscription method of some sort - this falls within the law no matter how bad it is.

o unsubscription web page is non-existent - this happens to often

Spam Relies Upon Deceit

[zentec]

A large percentage of "junk mail" depends upon some fashion of deceit. Either it's by masking the true identity of the sender, a spam-haus using domain after domain and ISP after ISP in order to avoid the blacklists or simply by lying and saying that "you really indeed did ask for this".

The answer to the spam problem is to find technical answers that start peeling away at the ways spammers use deceit.

I've said this before and I'll say it again, the first place is to rewrite RFC-821 and require valid reverse-name lookups before accepting mail. Also permit as an authentication scheme that allows the administrator of the accepting mail system to set permissable trust levels. Example, mail that's verified (through an SSL certificate might be one way) as coming from gm.com is accepted, but mail coming from slashdot.org is set to a lower trust level (because they don't want to spend the money for a certificate). Mail from getyerviagra.com is immediately tossed into a review folder, trashed or denied because they don't reverse properly and they have a forged or self-signed certificate or simply don't have one.

The LAST thing anyone here wants is ANY government telling us how to manage electronic mail. In the US, it'll be frought with hooks and back-doors so the feds can snoop your mail.

Let's get it together and fix the problem on our own.

Re:Something Smarter Is Needed

[SerpentMage]

The only reason why the SPAM is coming from the US is because right now there are no legal ramifications. Just like how there was Napster and then Kaaza. Napster was State side, shut down and now Kaaza is NOT state side.

Once laws start up the SPAMMERS will move offshore. Just like the guy who lives in Detroit. This SPAMMER lives in the US, but does not send the SPAM via the US.

Once again

[deblau]

Since the attention span here seems to be about 5 minutes, I will reiterate a basic argument about spam (and many other problems plaguing us):

Just as you can't solve a technology problem with laws, you can't solve a social problem with technology.

Spam is a social problem. Scam artists have been around for millenia, 'spamming' you with unwanted and unsolicited communications. The Internet is only the latest communication tool that they use to peddle their wares. Previous tools have been faxes, TV, radio, telegraph, snail mail, courier, and shouting at you from the next hill over. Don't think for one second that the 'let's DDoS them out of existence' or 'let's make email expensive to send through some complicated protocol' arguments will work. They won't.

Here are three easy steps to stop spam:

1. Don't buy anything you get from spammers. Yes, that 24" penis must be really tempting, and I know you're dying to lose 10^6 pounds, but don't do it.
2. Encourage other people to restrain themselves. The indiscriminant spam approach only works if the percentage of buyers (a.k.a. suckers, marks) is high enough to justify the cost of spamming (which is very low for email). If you can knock down that percentage, spamming won't be as successful.
3. Educate people you meet about spam. Let them know that not every email they read is for real. Let them know that responding to spam encourages spammers. Let them know that if you catch them replying to spam, you will give Indian burns to their entire family.

In short, technology isn't the problem here. The problem is that too many people keep falling for the spam. If you do your part, we can make it more expensive for scammers to use the Internet for their schemes.

In addition to spam...

[cindik]

...what about the people who never send you anything original, just stuff that's been forwarded 20 times (with indents, attachments within attachments, and the email addresses of people they didn't think to protect by using bcc)? From where does this stuff originate anyway? I always seem to get the stuff that's been forwarded at least five times. Maybe I just don't know any creative people.

I've come up with a name for these emails. It's full of miscellaneous stuff (indents, headers), no one knows where it originally came from, no one seems to really want it, and it gets passed around endlessly (I frequently get several copies of each - often from people who were on the same to: line as I was the first time I got it!).

I call it "fruitcake".

Now here's the question:

Would it be reasonable to write a filtering program that:

1. Strips out indents, headers, and whitespace
2. Creates a crc or other signature for the actual cute story or magic "scroll down to see the answer" quiz
3. Checks a database to see whether this is a known fruitcake and, if so, deletes it
4. Allows the user to add additional fruitcake references

Any thoughts?

How to defeat spam

[GnuVince]

Spam is a business. Like all business I know, its fuel is money. When spam stops being profitable, it will probably stop being so much a problem. Most geeks, nerds and hackers know how to recognize spam a mile away and most of us have spam filters installed, but common users do not. We need to help them by explaining them how spam works, by installing them filters (PopFile is an excellent free one on Windows and other platforms).

Just make sure as much people in your neighborhood never see spam, and after a while spamming will not be as much as a problem as it is right now.

Informing the common computer users is the first step.