CDT Releases New Report on Origins of Spam

Carnth writes "CDT has released a new report based on a six month project entitled "Why Am I Getting All This Spam?" The results offer Internet users insights about what online behavior results in the most unsolicited commercial email and also debunk some of the myths about spam." A very good report - read it. There's also a story about yet another sleazy spammer in Ohio.

Spam? I thought I was posting!

[chuckfirment]

Spam comes in the form of unrequested text, right? So saying "FIRST POST" every time there's a new topic is simply a way of spamming Slashdot?

Chuck

Spamburgers for Hotmail

[Kelz]

I'm still wondering why when I have my hotmail filter set to "exclusive" (only recieve from those in my address book, which contains 10 addresses), I continue to get loads of spam each day in my inbox, including some very embarassing things that would cause my mom to faint if she walked in.

Re:Spamburgers for Hotmail

[SuDZ]

I have actually had good luck with my hotmail account, yes I get some spam but once I setup a filter against it I pretty much dont see it again. And as far as the amount of it goes, I get maybe 2 spams a day there compared to an old AOL account that gets about 25 -30 a day still.

SuDZ

Re:Spamburgers for Hotmail

[beerman2k]

That worked for me for a while, but then I maxed out the 256 address banning limit. Now I'm back up to about 30 spams a day on that account.
Oh well.

Re:Spamburgers for Hotmail

[Rebel+Patriot]

I'm still wondering why when I have my hotmail filter set to "exclusive" (only recieve from those in my address book, which contains 10 addresses), I continue to get loads of spam each day in my inbox, including some very embarassing things that would cause my mom to faint if she walked in. Dude, you wouldn't have that problem if you didn't put those spammers in your address book!

Re:Spamburgers for Hotmail

You can set up a "blocked" list, but you can also set up an exclusive "accept" list - but of course, this means you can only get mail from people you know about before hand.

Re:Spamburgers for Hotmail

[sharkdba]

I think you set it up wrongly.

Re:Spamburgers for Hotmail

[DuctTape]

Um, maybe it's because you're using Hotmail?

TANSTAAFL, buddy.

Re:Spamburgers for Hotmail

[SpamJunkie]

Are you in your own address book? If so then this is likely the case, an easy trick. And if so then here's a tip for next time: check the email addresses you're getting them from to make sure they aren't in your address book.

Re:Spamburgers for Hotmail

[asavage]

Custom filters also override the exclusive filter. I use to have about 30 filters of words like CUM, xxx, free, adv:, ... in my subject filter.

After setting hotmail's filter to exclusive any email with that string would still go into my junkmail2 folder. I wasn't going to remove them because hotmail now only allows 10 filters, but I couldn't modify any of them until I had 10 or less, so I deleted all my junkmail related filters and use the exclusive junkmail filter.

Other amazing discoveries...

[psoriac]

In other news, it was announced today that after careful study, researchers confirmed that fire is hot and pointy objects hurt.

Re:Other amazing discoveries...

[EvilBudMan]

In related news, after more objective study, it has been postulated, pointy objects that are hot and thrusted hurt more than unthrusted cold pointy objects.

I don't eat pork!

Re:Other amazing discoveries...

[druske]

Some of the CDT's conclusions do seem obvious, but others really contradict prevailing beliefs. For one thing, they found that opting out of future mailings generally didn't result in the email address being sold or shared, thus attracting even greater quantities of spam. It's also surprising that addresses harvested from the web fall into disuse rather quickly, and that the harvesting programs aren't clever enough to overcome very simple obfuscation.

I'm a little sorry that the CDT pointed out that last bit, though; it shouldn't take more than a few minutes to upgrade harvesters to interpret these concealed email addresses. On the other hand, maybe spammers figure that anyone bright enough to use HTML codes or Javascript isn't likely to buy their snake oil.

Re:Other amazing discoveries...

[Tackhead]

> In related news, after more objective study, it has been postulated, pointy objects that are hot and thrusted hurt more than unthrusted cold pointy objects.

Looking at my spam this morning, it appears there's a happy middle ground. Pointy objects that are merely warm and thrusted don't hurt at all, and are in fact, lots of fun.

Re:Other amazing discoveries...

[Spudley]

Some of the CDT's conclusions do seem obvious, but others really contradict prevailing beliefs. For one thing, they found that opting out of future mailings generally didn't result in the email address being sold or shared, thus attracting even greater quantities of spam.

Yes, it is suprising, but I think there is an important distinction between opting out via the same web site form that you opted in through, as opposed to opting out via the dodgy "Reply to remove" message at the end of most spam.

They seem to have used the former of those methods, but not the latter, and I suspect that it's that one that would have really brought the junk mail flooding in. :-/

Re:Other amazing discoveries...

[psoriac]

It depends who's doing the thrusting. =)

Re:Other amazing discoveries...

[andrew_0812]

I have noticed this myself. I had always stayed away from the opt out's in spam, but decided what the hell, my email is almost not usable anyway, might as well see if it works before abandoning the address. If you look at the email, you can be pretty sure which ones come from a site that will honor their opt out clause. After a week of opting out of everything, I get almost no spam any more, and this is at a yahoo account.

Re:Other amazing discoveries...

[berzerke]

...It's also surprising that addresses harvested from the web fall into disuse rather quickly, and that the harvesting programs aren't clever enough to overcome very simple obfuscation...

It's also surprising they didn't mention something very simple to do so you don't have to obfuscate. Put the line <meta name="robots" content="noindex,nofollow"> on any webpage with the addresses. The spambots will ignore that page.

Of course, the search engines won't index it either, but that can be worked around. For instance, make a contact page with prominent links on the home page. Who cares if a contact page isn't indexed so long as the home page is? And any luser who's not bright enough to find that contact page probably wouldn't be able to figure out the obfuscation anyway.

I'm part of the harvester project (an anti-spambot group; google it to learn more), and my results compare with others in the group, and some of the webpoison users I've talked to. Since we've been feeding poison to the harvester bots, the bots have evolved to ignore any page with the above meta tag, since we always put that tag to keep the search engines out. My webstats have shown no looks at the second page in the tarpit since I've been a member (about a year, roughly 24-30K visitors).

We can't stop the spammers (yet), but can be a thorn in their side!

Did they use IE?

[da'+WINS+pimp]

I never saw anything in their methodology about how the spam was analyzed. It would have been interesting to see what effect actually opening spam e-mail in a web enabled browser had on the recurrence rate.

I bet the web bugs would have kept the recurrences high even for addresses that were removed...

Re:Did they use IE?

[Gortbusters.org]

Geh, clicking 'remove me' only begets more spam.

Re:Did they use IE?

[dwsauder]

I recently saw a new kind of web bug in a spam email. It was a CSS style sheet that was retrieved from a CGI-like URL. I'm guessing that Mozilla doesn't even block this kind of web bug.

The Spam Fanclub is the orignin

[Aliencow]

All these damn spam fanboys are ruining the net!

Re:The Spam Fanclub is the orignin

We do we blame spammers for spam?

If NO-ONE ever completed a transaction through an unwanted solicition, then spam would go away completely.

These people don't send spam for fun, they do it for profit, and if there was no profit, they wouldn't do it.
(God, do I ever sound profound.)

Re:The Spam Fanclub is the orignin

[Aliencow]

It was just a shameless attempt at karma whoring. Can't always work. But seriously though, scammers, spammers, all of these scumbags rely on human stupidity. The only solution I see, is forcing people to pass an exam and get a license before they get an IP address.

Burn in Hell, Son of Spam!

[ToadSprocket]

To Internet users who complain that their e-mail inboxes are crammed with ads for products and services they would never purchase, Childs' response is, "Quit your whining. I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies."

I am sorry, smack me down if you must, but... Aaaahhhhhhhh!!!! Die Spammer, Die! Friggin White Trash sonsabitchin spammers. I feel slightly better now. Ready for Karma extraction.

Re:Burn in Hell, Son of Spam!

[ToadSprocket]

And as for angry e-mails and junk mail, he said, "I can give as good as I get."

I smell a challenge.

Re:Burn in Hell, Son of Spam!

[azav]

I love how they basically give his town and address.

Why don't we tell the terrorists that spammers are the "Great Satan" and tell the FBI/CIA to take a vacation?

Re:Burn in Hell, Son of Spam!

[rutledjw]

LOL, I agree. Too bad his info isn't on spanhaus, I was planning on adding it here...

That aside, this guy is a total scumbag. Any cop who is fired for selling drugs and then becomes a spammer gives a perfect image of the integrity level of spammers. His assertion that spammers level the marketing playing field is total garbage. Any company who has to disguise their address and use deception is not one working in the ethical realm.

At some point, these slimy jerks are going to get what they deserve. I just hope I'm there to see it...

Re:Burn in Hell, Son of Spam!

Hopefully someone will be inspired to post this guy's snail mail address so we can see how he likes getting as good as he gives.

Also, anybody want to post the specifics about his selling drugs while a cop and getting fired? Certainly that must be public info somewhere.

Good to see another datapoint for the "only scum send spam" theory.

Re:Burn in Hell, Son of Spam!

[gurps_npc]

I smell an idiot. This moron thinks HE can give as good as he gets? Does he not realize that it is the otherwayu around. WE are trying to give as much crap as he sends us. Yes we are failing to do that, but he should not be proud about the fact that he is more of an a-hole than the rest of the world combined. And this crook actually claims he is not "breaking the law". He admitted to a "mistake" where he falsified a return address/took over someone's server. I guess it was just a "mistake" when OJ killed his wife.

Re:Burn in Hell, Son of Spam!

[n9hmg]

I smell a challenge.
Sure, we can pick on him through technology. We'll all stay nice and legal, and at worst, piss him off a bit. I've got to wonder, though... With more and more people using email, the likelihood of these guys pissing off somebody without our moral limitations increases. When are we going to start seeing news stories like "Noted spammer near death after brutal beating, police interrogating 5.6 billion suspects"?

Re:Burn in Hell, Son of Spam!

[andrew_0812]

I haven't found him yet, but I found Linda Jean Lightfoot, his partner in the Universal Direct scheme:

Linda Jean Lightfoot 51 Willowood Lane London, Oh 43140 741-857-1922

Re:Burn in Hell, Son of Spam!

[Dyolf+Knip]

Charles Childs
8002 Bellcreek Ln
Dayton, OH 45426
(937) 837 - 6997

I also tried to find a satellite image, but no luck.

If someone can verify this info, that'd be great. This was the only one I could find.

Re:Burn in Hell, Son of Spam!

I guess it was just a "mistake" when OJ killed his wife.

Oh please. He was so obviously innocent it's a joke.

Re:Burn in Hell, Son of Spam!

[Paradise+Pete]

Oh please. He was so obviously innocent it's a joke.

You left out the period at the end of innocent.

Mirror

[delta407]

I managed to grab the PDF before the server was trampled by the swarming masses.

Mirror is here.

Re:Mirror

[delta407]

Argh, Slashdot ate my link.

http://www.visi.com/~rwglynn/030319spamreport.pdf

My spam research

[sigxcpu]

I just got a new domain.
Which means that every email to that domain goes to me.
Every time I give my Email online I give a diff name, for instance if I buy at yahoo I give "yahoo-shopping@mydomain.com".
If I get spam to this address I know who gave it to the spammers.
- only been doing this for a week, no spam so far but there is still hope ;-)

Note: I am not actively looking to be spamed, just doing my usual stuff.

Re:My spam research

[spamacon]

That is exactly what I do. For a long while, no spam messages, but then things started coming to contact@mydomain.com, webmaster@mydomain.com, etc. So, I started sending any email to those addresses to /dev/null. Recently, however, I have started getting mail to kurt@mydomain.com, 1321239@mydomain.com, etc, which I can't just filter out, because it keeps changing. Crikey! What to do? Enjoy the silence...while it lasts....

Re:My spam research

[vinnythenose]

You could create your safe list of email accounts.

Any addresses that you use for business or personal stuff. Then anything going to other email addresses on your domain (ie, moofoo@mydomain.com) sent to /dev/null.

As long as you don't have a massive and always changing user base with email addresses at your domain, you should be fine,

I would think...

Re:My spam research

[HermanZA]

Use a negative filter: Only accept the stuff addressed to you and dump the rest. Even the simplest mail clients allow filtering and will execute these in top down order. So as the first filter, move mail to your address to another folder, then as a second filter, delete what is left. That will remove about 90% of all spam.

Re:My spam research

[Fluid+Truth]

That's a really common thing among my friends. Most of us use qmail, so we can receive mail to username-[anything]. Sign up for financial tracking with yahoo? Then it's username-yahoo@domain.tld Ask for info from buy.com? Use the address username-buy@domain.tld I bought stuff from x10 before they started being so darned annoying. Now, I throw away anything that comes to username-x10@domain.tld

It helps you track spam AND get rid of annoying companies' e-mails. :-) And best of all, you don't have to get your own domain for this. You can use your existing e-mail address with just a slight tweak to your qmail configuration.

Re:My spam research

I have a few domains like this. I like to set the fall-through address to forward to uce@ftc.gov.

On another domain I was getting hundreds of attempts daily at guessing email accounts from a machine in Brazil. I finally just blocked their entire /24 network (they used a range of IP addresses for their mail server) at the firewall.

Re:My spam research

[Ark42]

Dont use wildcard addresses, you must manually create a new email address every time you need to give one out. Its as easy as: echo virtualprefix-newemailaddress: realemailbox > /etc/aliases ; newaliases

Re:My spam research

[Ovidius]

I've been doing this for a while (probably over two years) and I don't think I've ever once gotten spam to an address that I'd given when buying something online or registering with a website.

I still get a ton of spam because my email address can be found on a lot of web pages, but it at least gives me hope that people who are doing real business on the web are conducting themselves pretty well.

Re:My spam research

[irc.goatse.cx+troll]

You just removed all of your aliases. I hope you have a backup.
(hint: use >> next time)

Re:My spam research

[Ark42]

yeah yeah yeah, hands faster then the brain again.

Re:My spam research

[B3ryllium]

You little nutjob :) That'll blow away the aliases file.

You need to use >>. :)

Re:My spam research

[dissy]

I do the same thing with my domains, however I take it once step further.

Once I get spam sent to one of the addresses, I change the forward so it no longer goes to me, but forwards to a number of addresses at their domain.
For example, if i signed up at yahoo.com and they spammed me, I would change my yahoo@mydomain.com forward to send to:
abuse@yahoo.com,staff@yahoo.com,support@yahoo .com, help@yahoo.com,postmaster@yahoo.com,webmaster@yaho o.com
etc

As they are all at the same domain, my mail server only sends one copy to the yahoo.com mailserver. Their server breaks it up then so I only really send one email out.

Using procmail to do this, i usually turn on logging until it hits a certain size.
If no real/ligit emails come to me before the log of spam reaches a couple megs, i turn off logging and leave it.

This generates surprisingly little traffic on my mail server, and one would hope they get the point

This way yahoo (only using as example of course) may remove me from their mailing lists, but they have to deal with the spam from all of their 'business partners' they signed me up for, and at that point i dont care if the address is removed or not :)

Re:My spam research

[cafebabe]

If you don't have your own domain, you can set up a free Mailshell account.

Re:My spam research

[Azghoul]

So close to being a perfect post. :) Can you perhaps point us to info concerning said qmail configuration?

I want to know how you can do it if you don't own the domain...

Re:My spam research

[sigxcpu]

One other thing you might try is sending all the spam you recive from A to B.
Or better yet grep for the 'unsubscribe' link from spam message A and try to unsubscribe the reply-to address from spam letter B.
-who knows maybe they _WILL_ remover him from the list :)

(this might not be leagal - but you might not realy care)

Re:My spam research

[Dimensio]

Here's an idea along that theme...
If you are just giving the address because they demanded one, and you have no reason to expect them to contact you for any reason, set up a filtering/procmail config so that any mail sent to that customized address is automatically forwarded to EVERY corporate address for the site to whom you originally gave it. That way, if someone spams that address, the corporate addresses of the sleazebags who gave it out are the ones who get it returned.

Re:My spam research

[The+Turd+Report]

Yahoo will just discard your email, if you splatter cast complaints to them. Your complaint won't get magicly escalated, it will just get ignored. You are not helping, you are just making it worse.

Re:My spam research

[Lazlo+Nibble]

I've been using "per-site" addresses for about eighteen months now. Last night I finally got the first spam I could track back to one of these addresses -- the one I used at the original cdnow.com. Apparently they decided they could make a little money on the side by selling off their customer list.

I've been pretty lazy about scrubbing my email address from the publicly-accessable web. Guess it's time to start.

Re:My spam research

[sammy+baby]

Eeeenteresting. Does anyone know if it's possible to do something similar using Exim?

Re:My spam research

[Urox]

I have the same problem. My domain (no, I don't own Juno) is listed in exactly two entries: google and arin.

I have gotten spam from random addresses (as I knew would eventually happen) so that I now bounce them. I could send them to dev\null but I want them to stop sending stuff in the first place.

Now what has pissed me off in the last week is that a spammer is forging an email address using my domain name. So I've started getting bounces from the recipients. I've never used that addrss for anything so it isn't someone that either scraped it or is retaliating for a spam report. I know IBM actually had a problem with a spammer sending out a forged address (I've got the connections to check and directly find the sender if they were internal).

My address listed as the owner of the domain also gets spam where I haven't used that email except to list as the registrant. But that still doesn't come close to the previous paragraph in pissing me off.

Re:My spam research

[Fluid+Truth]

Very sorry. :-) As long as the mail server is running qmail and you have shell access, you can set up qmail files for any given "extension." .qmail is what happens to mail sent to username@domain.tld. .qmail-yahoo is what happens to username-yahoo@domain.tld

And, if you want to accept everything that starts with your username, you set up .qmail-default. That will catch everything that isn't just sent to username@domain.tld (that has to be handled by .qmail) and doesn't already have another file handling it.

So, you can have .qmail which handles mail to just username@domain.tld, a .qmail-yahoo that handles everything to username-yahoo@domain.tld, and .qmail-default which handles everything else that starts with your username.

This info is pretty much available in the man page "dotqmail" and some info may be found at the author's web site at http://cr.yp.to/qmail.html
or the Life With Qmail web site, http://www.lifewithqmail.com/.

Re:My spam research

[Eccles]

Use a negative filter: Only accept the stuff addressed to you and dump the rest.

The article mentions getting nearly 10,000 of these, though. It seems like that would take a long time for an e-mail client to go through. Also, the negative filter means you can't make temporary addresses that you ever do want to receive mail through, or else you must add them without fail to your legal address list.

Re:My spam research

[PD]

Look at your /etc/aliases file. I run Exim on my domain, and that's all you need to do to set it up. When you want to blackhole an address do this:

slashdot-1: :include:/etc/bounce-message

That will blackhole slashdot-1@pdrap.org (my domain)

To send everything to a single user add the line:

*: pdrap

That sends everything to the address pdrap@pdrap.org no matter where it was addressed to.

I don't use this setup anymore though. I just use SpamProbe with a procmail filter to invoke it.

Re:My spam research

[PD]

Forgot to include the /etc/bounce_message file: :fail: This address has been disabled because it has been discovered by spammers. For more about spam and the immense problems it causes, visit http://www.cauce.org. The latest e-mail address for Patrick Draper can be found on his home page located at http://www.pdrap.org

It's important to put the :fail: command in front of the message.

Re:My spam research

[HermanZA]

As for myself, generic procmail recipes dump 90% of all spam right on the server to /dev/null. The clients use Mozilla, which now has a statistical spam filter. It works great in getting rid of 90% of the remaining 10% of the crud, so only about 1 spam per day gets through to a user.

Re:My spam research

[PhilipMatarese]

Every time I give my Email online I give a diff name, for instance if I buy at yahoo I give "yahoo-shopping@mydomain.com".

This is a great method to use. Yahoo Mail is supposed to start using this soon, but they might make users pay for the feature.

Re:My spam research

[irc.goatse.cx+troll]

lol, yeah, I think my worst was typing cd .. as cd // right before a rm -rf *

luckily it was on a friends fresh redhat install so there wasnt much loss.

Re:My spam research

[mattdm]

For what it's worth, this is easily done with postfix too. The default character is + instead of -, but basically the same.

Re:My spam research

[Dimensio]

As someone who escalates complaints to as many corporate addresses as I can find when initial spam complaints are ignored, sending out a message to as many addresses as can be found DOES have an effect. I've managed to really irritate some higher-ups at Qwest, but it wouldn't have been necessary if they would just terminate their criminal clients.

Re:My spam research

[ebh]

You left out the best part: If, say, user-ticketmaster@domain.tld (now, why would I pick that as an example?) starts getting spam, create a file called .qmail-ticketmaster in your home directory containing the single line

|exit 100

The 100 exit status causes all mail to that address to bounce, not just get sent to /dev/null. And a bounce is the most reliable way to get off a spam list. AFAIK, qmail is the only MTA that allows user-level control of bounces like this.

Re:My spam research

[The+Turd+Report]

Yeah. The effect is getting your complaints bit-bucketed. The uppers your are irritating, most likely, have NOTHING to do with the abuse department. I know it must feel good to fire of a big splattercast, but it is not helping your cause. If anything, it makes those iritated uppers think that all anti-spammers are kooks and should be ignored.

Re:My spam research

[weave]

I do that, and it's interesting. I've gotten spam to addresses I've used to register for music-boulevard (long since gone), upside, the magazine, and even Dell. In fact, I also registered my brother's Dell computer as another unque one and it got spammed too. I complained loudly to them, they denied it, said they'd investigate, haven't gotten one since. Very very strange -- and disturbing.

You can't avoid it. Eventually you have to give your addy to someone, or a spammer guesses it via random tries, or some drone at your ISP steals the subscriber list and sells it to the spammers. Even if you are safe from all of that, sooner or later one of your friends will be at a web site, click the "forward your friend a copy of this page" and type in your e-mail address, and bingo, you're screwed.

No way to avoid it... :(

Re:My spam research

[SuperFrink]

Your dot qmail files can also call scripts. Any line that starts with a pipe is called. The message and headers get fed into STDIN and you can use an exit code to refuse the message. (I'm not sure about all the codes, I used exit(100);) You can refuse if you don't like the subject or something in the body. For example I check the From line against addresses I accept listed in a MySQL database.

[me@tpb ~]$cat .qmail
| ./scripts/check-from-addr.pl
./Mailbox

Be sure to read life with qmail.

Re:My spam research

[Fluffy+the+Cat]

Add

suffix = -*
suffix_optional

to /etc/exim.conf in the localuser and userforward directors, then user-anything@domain will be delivered to user. In the user's .forward file, $local_part_suffix will match the section after the hyphen which lets you do stuff like

if $local_part_suffix is "bar"
then
save /dev/null
endif

If you want, you can set up a new director that requires a suffix and then treat suffixes differently from unsuffixed mail (pass it to a special forward file, that sort of thing)

Re:My spam research

[Fluid+Truth]

Hey! That's nice! There's another way, using the "boucesaying" program that comes with qmail. if you put this line in the .qmail file, you can actually control what the bounce says (though yours is nice because it's easy and looks more automated):

| bouncesaying "Better luck next time"

Re:My spam research

[Dimensio]

Actually, I make it clear that the reason that they are being hit is because mail to abuse@spammerfriendlydomain.com wasn't getting any results.

Often times the higher-ups are the ones who are keeping the abuse department from doing anything, refusing to allow known criminals to be disconnected.

Re:My spam research

[The+Turd+Report]

The point I am trying to stress is that you are making your point to /dev/nul. Your splattercast is just another spam in their inbox to the higher-ups you are spamming. Do you really thing they are going to jump out of their chair and run down to the abuse department and start killing spammers? They are more likely to A) Ignore your emails or B) have your emails dropped on the server. That is pretty standard for when we get splatter complaints here.

Re:My spam research

[jamesbarlow]

I've been doing this same thing for two years now, and despite getting dozens of emails a day, I am tickled to say that I only get about 5 spam a week. If I ever do get spam to a certain email address (yahoo-messenger@jim'sdomain.com) I just block that address off. If you have your own domain name, I recommend this approach.

For those spam I DO get, I send 'em off to spamcop.

Re:My spam research

[homer_ca]

Here's what the report says:
For the most part,companies that offered users a choice about receiving commercial emails respected that choice.

When you give your address to a legit website, it takes a little longer for it to leak out. Eighteen months sounds about right. I had one address I only used for ecommerce, ebay and registering with legit websites. It had almost no spam for years, but then it must have finally leaked out and the spam just exploded. The strange part is, I used to get Bargaindog ads when I tried Lifeminders years ago, and they stopped when I stopped Lifeminders and opted out of everything. When the flood of spam started years later, the first spam I got was from Bargaindog who stopped sending to me when I complained, but it quickly turned into pure spam like porn and scams. I'm guessing they didn't spam me from one of their old lists, but probably bought a dirty list from a listbroker spammer who's peddling it around on those Millions CDs.

Re:My spam research

[Dimensio]

Do you get splatter complaints because some people are just irritating or because your ISP ignores spammers?

Experience shows that the ISPs who tolerate spammers are also run by techs too incompetent to properly filter mail.

Re:My spam research

[The+Turd+Report]

We get them when someone doesn't get the response they want. I understand why people do it, but you can't run an abuse department based of which single complaintant bitches in the greatest volume. I can get more done by ignoring the .001% of people who splatter cast complaints. Everyone wants to think that their problem is always the greatest concern, but it isn't. Working in an abuse department is like working in a trauma ward. You have to triage.

the two things I've seen increase spam for me...

[AssFace]

1) Sign up on an internet gambling site.
2) Register a domain name.

I have multiple domain names and I know for certain that much of my spam originated from either scanning the whois database, or someone selling the e-mail addresses from there.

I don't gamble, but I noticed that the java applets that were used for 99% of the gambling sites were all from the same place. In other words, if you want to start a gambling site, but you don't want to write software - you can pay to use the java applets of this one company. There is some rebradning that goes on - but in the end, it all goes through their servers and uses their code.
Because of that, I figured if there were any holes in the software, that would mean a whole crapload of open spots out there. So out of curiosity I registered at a gambling site and then looked at the source (you can get the source from a java applet).
After that, my spam increased exponentially - the immediate group was spamming me, as well as selling off the address - which then gets repeated over and over.

I use spamassassin now and I have it tweaked to the point where out of over 100 spams a day, I only have 1 get through - and that is because the code times out and lets it through, not because SA hasn't caught it.
I first installed it in January and in that time have only had it once grab mail that it shouldn't have - from my mom. I added her to the whitelist and have never had a problem since.
I use one of the more recent 2.60 versions, have the spam threshold lowered to 3.5, and I have tweaked a few of the score settings. Workds great for me.

Responses

[Dark+Lord+Seth]

To Internet users who complain that their e-mail inboxes are crammed with ads for products and services they would never purchase, Childs' response is, "Quit your whining. I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies."

Would he also say the same thing if a bunch of people hacked his email server and redirected all his crap toward this guy's own personal email box? Or if he was sent those 2 mil AOL CDs? Also, the places where he has his server's, are they protect against hmmm.... "accidents"?

Why am I getting all this spam?

[Weaselmancer]

Because your penis is small, you'd like to work from home and everybody loves baklava?

Re:Why am I getting all this spam?

I don't like baklava.

Unreported Cost of Spam

[corporatemutantninja]

In the debate over how much spam really costs, one factor that almost never gets discussed is the impact on behavior and openness. How many of us refrain from using our real email addresses in public forums or in correspondence with companies because of a fear of receiving more spam? There may not be a direct economic cost, but it makes the Internet less useful to all of us. Spammers have essentially driven all of us to have unlisted phone numbers on the Internet, which reduces the usefulness of the medium. Off with their heads, I say.

Re:Unreported Cost of Spam

[captaineo]

I certainly feel this effect - I wish I could make it easier for people to respond to me via email without inviting more spam. The best (imcomplete) solutions I've found are to print my email address as a little in-line GIF (which works until someone tries to click on it), or to store the address in obfuscated form and use JavaScript to de-obfuscate it at display time (which assumes a working JavaScript browser).

Re:Unreported Cost of Spam

[jesser]

How many of us refrain from using our real email addresses in public forums or in correspondence with companies because of a fear of receiving more spam?

I agree completely.

Other factors that should also be considered are accidentally deleting/filtering "real" e-mail, having to change e-mail addresses often, and time spent setting up filters. I'd guess that every one of those factors is bigger than the time spent deleting individual spam messages.

Spam makes money?

[ShwAsasin]

I was considering moving into the spam market, but decided that was too controversial. I opted to start pornography business instead.

Re:Spam makes money?

[doublem]

Depends on how you advertise.

If you're up front and don't SPAM people, selling only porn that features consenting adults, then I'd say go for it.

I was thinking of starting a porn site myself, until my GF nixed it.

Good luck though. One of my buddies tried it, and failed due to the stiff competition. You have to have a new and unique angle, something really different, to make it now.

Re:Spam makes money?

....One of my buddies tried it, and failed due to the "stiff competition"

isn't that the point of p0rn sites ? LOL

Re:Spam makes money?

[kien]

Good luck though. One of my buddies tried it, and failed due to the stiff competition.

LOL!! :)

--K.

Re:Spam makes money?

[YrWrstNtmr]

One of my buddies tried it, and failed due to the stiff competition.

Sounds like his attempt was a little limp.

Re:Spam makes money?

[Arkhan]

> I was thinking of starting a porn site myself...
> One of my buddies tried it, and failed due to the stiff competition.

Failed due to the "stiff" competition. Perhaps an appropriate dose of Viagra would have allowed your buddy to compete with the other porn sites, then?

(Contributes his $0.50 to the bad pun collection jar.)

Re:Spam makes money?

[Mandomania]

Heh. "Stiff competition". Heh.

--
Mando

FTC links on Charles Childs

[Randar+the+Lava+Liza]

The FTC already filed a complaint and had a preliminary injunction against Childs back in April. See the press release for more information. The article mentions he lives by Riverside drive in an apartment, could be with Linda Lightfoot, the woman mentioned in the complaints with him?

Re:FTC links on Charles Childs

[doublem]

Sounds like a gay, transexual porn star.

(Apologies to all the real trannies out there, I know slashdot has a few. Nothing against you, Linda Lightfoot just sounds like a bad porn name.)

Re:FTC links on Charles Childs

[Tackhead]

> The FTC already filed a complaint [ftc.gov] and had a preliminary injunction [ftc.gov] against Childs back in April. See the press release [ftc.gov] for more information. The article mentions he lives by Riverside drive in an apartment, could be with Linda Lightfoot [superpages.com], the woman mentioned in the complaints with him?

Rules of spam:

0) Spam is theft.
1) Spammers lie.
2) If you think a spammer's telling the truth, see Rule #1.
3) Spammers are stupid.
Corollary: Spammer lies are really stupid.

So when I read this:

"To Internet users who complain that their e-mail inboxes are crammed with ads for products and services they would never purchase, Childs' response is, "Quit your whining. I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies."

I immediately thought "This asshat wants me to Just Hit Delete. Every time I've heard that excuse, the guy saying it has been either lying (Rule #1), or stupid (Rule #3). This guy sounds like both. (Corollary). So I'll lay odds that this guy's a spammer."

I was just about to Google for the proof, when you did all the leg-work by posting the FTC links. Thanks. J00 r0x0r!

Re:FTC links on Charles Childs

[blibbleblobble]

If anyone is having trouble forwarding their postal junk-mail ("Not known at this address: please forward to..."), here's the address again:

Charles F Childs
and Linda Jean Lightfoot
4132 Pompton Court
Dayton
Ohio 45405

Keywords: "Spammer's address, Universal Direct, Pyramid marketing scam", for the benefit of google.

Re:FTC links on Charles Childs

If you know where he lives, shouldn't someone at least go key his car or some let their dog crap in his yard or something?

Re:FTC links on Charles Childs

Courtesy of the Montgomery county courts online system (where Dayton OH is located).

http://www.clerk.co.montgomery.oh.us/pro/search_ al l_action.cfm

Just search on last name "Childs", first name "Charles". :-)

Re:FTC links on Charles Childs

[usotsuki]

These are my red flags. I use ZZN. Only some of my addies get spammed. The others are secret!!!

• From address has garbage sequences in it, or numbers immediately preceding the @ (YMMV)
• Subject line has trailing garbage
• Reply to nonexistant message (eg: "re: buy viagra!"), especially with the above
• Obviously commercial messages ;)
• Any message over 36K, unless it is from a friend
• Any message with HTML formatting, unless it is from a friend

I see 'em, I delete 'em, often 30 or more a day.

-uso.

Re:FTC links on Charles Childs

[markwusinich]

Then who is this?

Charles Childs
8002 Bellcreek Ln
Dayton, OH
(937) 837-6997

phone.people.yahoo.com

Re:FTC links on Charles Childs

[amber_lux]

From address has garbage sequences in it, or numbers immediately preceding the @ (YMMV)

A while ago I decided that to get freebie email accounts for each outfit on the net that wanted my email address. And to be really nice, my prefix is on the form xxx#X#X#X#@ where x is an alphabetical character and # is a numeral. And look at the address once a month, or so.

Subject line has trailing garbage

That works pretty well.

Reply to nonexistant message (eg: "re: buy viagra!"), especially with the above Obviously commercial messages ;)

Useful. How do you implement a procmail filter that will do that?

Any message over 36K, unless it is from a friend

Once upon a time I bounced all messages that were greater than 1MB in size. A list I was on melted down when somebody sent a 1.5MB message to it. The complaints about the number and size of those bounces were tremendous.]

Any message with HTML formatting, unless it is from a friend

Friends don't let friends use html in email.

Wind under thy Wings

Amber

Re:FTC links on Charles Childs

[legojenn]

It seems that one Charles Childs is 44 and the other 27. I guess you could spam both, I mean how hard is it for the innocent Childs to drop the catalogues and other junk mail in his {blue|green|black} box.

Spam is

[Weenis-X]

a good thing, whether you like it or not. How else would I know that with a single pill, I can elongate my small intestine through a small incision in my lower abdomen, creating a fully functional artificial 18 inch dong?

Spam

[silvakow]

Let's all go register for online lotteries with our new Hotmail accounts. Then we'll give our e-mail address to the airport on that little frequent flyer card because I know they're going to send me only useful info. Oh yeah, let's not forget Kazaa registration, seedy computer retailers, and mail-in rebates.

I participate in none of these activities. I have my email address on my website, but I spell it out instead of using the at@symbol.com . I've had two e-mail addresses since Summer 2001 and the only spam I get is from Windows e-mail viruses, which aren't compatible with my operation system. Yes, it *is* possible to have a public e-mail address that doesn't get spammed.

Re:Spam

[Ed+Avis]

the only spam I get is from Windows e-mail viruses

So these viruses are able to get hold of your email address even though conventional address harvesters cannot. I wonder how long it will be until a spammer creates a virus or worm which as well as mailing itself to everyone in your address book, sends the contents of the address book back to the spammer (by some indirect route). There are probably large numbers of 'lost' addresses which don't appear on the Web but are in somebody's Outlook address book.

Re:Spam

silvakow at mac dot com

silvakow@mac.com

silvakow@mac.com

Now the spam bots will catch you MOAHAH!

Re:Spam

[tepp]

"Let's all go register for online lotteries with our new Hotmail accounts. Then we'll give our e-mail address to the airport on that little frequent flyer card because I know they're going to send me only useful info. Oh yeah, let's not forget Kazaa registration, seedy computer retailers, and mail-in rebates."

Sometimes you have to submit an email address to someone you know is going to spam. For instance, Victoria's Secret. When you purchase a nightgown from there, they email you with the fedex number and a confirmation that it shipped. I want to have that information, if there's an issue, but I don't want to see all their spam...

My solution is to use a hotmail account that I don't read for these purposes. If, for instance, my nightgown doesn't arrive in the 2 weeks they said it would, I go wading in that account for the emails and use that when finding out what happened.

Re:Spam

[da'+WINS+pimp]

Yea, but you should try working for a public institution. Our e-mail addresses are public domain and have to be given to anyone who asks. Thank god for Mozilla's filtering. Thats gotten me down to only 20 or so a day that I have to deal with.

At this point I'm praying for legislation that makes UCE illegal to government entities! You would think it would be misappropriation of resources or something. But the Ashcroft says no, I guess he is too busy chasing terrorists.

Re:Spam

[mike_mgo]

You don't like Victoria's Secret mailings? That's the only type of snail mail spam that's any good.

Seriously though, I don't really consider e-mail I get from Amazon or other online retailers spam. Usually I get an email that they received the order and one when it shipped. With most reputable online dealers it's simply a matter of replying to an email ad that you don't want to receive it any longer to be taken off their list.

Re:Spam

[rgmoore]

Eek! What a terrible concept; too bad you can't take it back now that you've mentioned it. The biggest single problem with this approach is that it could potentially compromise the spammer. The author would need to be very careful to include several degrees of indirection, or interested parties could track him down via the place that the addresses were sent. It might be best to have the worm post the addresses to some third party site, where they could then be harvested by the worm's originator in relative obscurity, rather than having them emailed to any other address.

Re:Spam

[James_Duncan8181]

You really are a complete fucking prick.

Do you have to work hard at that? I hope you fucking die. Slowly and in agony.

Re:Spam

[spagma]

Hey now doesn't spamming support terrorism?

Re:Spam

[Spudley]

Eek! What a terrible concept...

Too right. :-/

The biggest single problem with this approach ... The author would need to ...

Yikes. You've just told them exactly what to do!!! Aaarrrggg!!! The genie is out of the bottle!!! Now we'll never be safe!!!

On the bright side, I suppose, there's not too many evil spammers reading this.... but you just never know!!!

Re:Spam

It's a pleasure! I wish I was a professional spammer! :)

happy 1.3 user

[aoteoroa]

The promised junk mail control for Mozilla is finally here and I'm loving it. The wait was almost unbearable because all the other guys in the office have had spam filters with their OSX email client for months. I was tempted to switch. But now mail comes in and gets whisked away to the junk folder almost immediatly. It's a beautiful thing.

Re:happy 1.3 user

[doublem]

I know what you mean. It's been so good at work that I'm going to use it at home and migrate all my Pegasus and Outlook Express mail to Mozilla 1.3

I did get a great laugh though. One of the sales guys wants to send out a renewal notice. I read the text and realized it was worded like a stereotypical SPAM. I raised objections, but was ignored.

Then the Mozilla SPAM filter caught it during the test phase.

The registration notice is now being rewritten. :)

Re:happy 1.3 user

[ToadSprocket]

Amen to that.

I had been using the 1.3 beta for weeks before the release version. "Yes, this is junk, I am going to mark it as such and then sit here and laugh at you." I felt so... impotent I guess. All of these naked women, and nothing I could do about it. But yeah, since 1.3 came out, I am laying more pipe than Charlie Sheen in his heyday, and not with hookers either.

1.3 kicks ass.

Re:happy 1.3 user

[doublem]

I had wisely saved a lot of SPAM messages from my 100 a day work account, so I had a LOT of them for use in training the filter. After two days I'd say it's catching about 95% of the Spam, and all the false positives are from the Marketing department. (AKA, it's SPAM I need to white list.)

Re:happy 1.3 user

[Brian+Kendig]

The latest version of SpamAssassin also has a Bayesian junk mail filter in it. Tie this together with Exim and SA-Exim, and you've got a tarpit which can learn from the kind of spam which it receives.

Tarpits rule. Why just reject spam, when you can hold the spammer's connection open and continue to suck up resources on his mail server for days? And when the spammer hits enough tarpits, he'll be dead in the water... even quicker if he's stupid enough to try a dictionary attack. If you run a mail server, stick a tarpit on it, and you'll be doing a lot to help stop spammers.

bah

[nomadic]

To Internet users who complain that their e-mail inboxes are crammed with ads for products and services they would never purchase, Childs' response is, "Quit your whining. I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies."

Oh god, here we go with the old "waah why isn't everyone as tough as I am" complaint.
I wonder, does he have children? If not, would he relish the idea of them constantly being hit with sex ads? How about elderly relatives?

Re:bah

[FeloniousPunk]

If you read the article, you find out the guy is a cop who got fired for selling drugs. So, I doubt he'd be much concerned with family values no matter what the circumstance.
And let us all hope that he doesn't pollute this world with offspring.

Re:bah

[bheerssen]

I wonder, does he have children? If not, would he relish the idea of them constantly being hit with sex ads?

Clearly he doesn't care. We're talking about a guy who violated his public oath as a peace officer to make money by selling drugs on the street. In my opinion, breaking that oath is a far worse crime than selling drugs because it illustrates a perfect lack of integrity that the simple act of selling illegal drugs does not. Someone who would sell out the citizens he has sworn to protect certainly would not care about how spam affects other people - just so long as he makes money off of it.

rant <<EOR;

I am amazed that officers are not imprisoned more often for this sort of behaviour. While breaking a public oath of office may not be a crime, selling illegal drugs certainly is. Ordinary citizens get serious jail time for that. Peace officers - apparently - just get fired, as though all that they had done was break their oath, for which they should be fired. What I want to know is: how did his superiors find enough evidence of wrongdoing that they can terminate him, yet not bring him up on criminal charges for the activities that led to his dismissal?

The system is backward. His crime, apparently, was willfully and maliciously engaging in conduct that materially breaches his oath as a police officer. That should be a very serious, jailable offense, not simply grounds for termination. We depend upon these people for our very lives - those who would take advantage of that for their own enrichment endanger all of us as surely as do those whom they are sworn to protect us from.

EOR

Re:bah

I have been saying for years: Penalty for first spam offense should be castration and a high prison term as well as a couple hundred thousand fines. Repeat offenders will be sentenced to death.

There shall be no exceptions.

Zero Tolerance to spam.

Re:bah

Yes! Hit his children with elderly relatives!

Everybody knows

[mivok]

spam comes from tins.
I have no idea why they have that daft pig icon for spam stories though.

moron the bulleading edge..

of Godless phonIE bullonly payper liesense stock markup fraud/spam college can be found at trustworthycomputing.com(post).

fuddles' new' "learn to be a spammer for only $49.95 a month"(tm), is about as useful as va lairIE's PostBlock(tm) device.

lookout bullow.

don't forget to consult with yOUR creator frequently, during times of evile deception, etc...

Re:Big f-pee

Karma's practically free, but that's not a reason to reduce the signal to noise level.

So whining to someone about signal to noise level is a reason to reduce the signal to noise level?

*cough*hypocrit*cough*

Surprised 'bots are that stupid

[great+throwdini]

Web Sites received the most e-mails when an address was placed visibly on a public Web site. Spammers use software harvesting programs such as "robots" or "spiders" to record e-mail addresses ... E-mail addresses posted to Web sites using these conventions [Replacing characters in an e-mail address with HTML equivalents.] did not receive any spam.

The above CDT finding is mildly surprising to me. Is there a reason people haven't built 'smarter' Web scrapers that filter and convert character encodings of things like the '@' sign in email addys? Doesn't seem too difficult, but if the report is to be taken at face value, it seems a simple precaution to take (still). I had always considered it a low-tech defense easily overwhelemed. Guess I was wrong?

Re:Surprised 'bots are that stupid

[crschmidt]

That was always what I thought as well. If a human can read it without any prompting, why can't a spambot?

Then again, I have always used that method of hiding my email address for newsgroup postings, despite the fact that I thought it wouldn't really work. Good to know that it does, I suppose.

I'm actually interested in how well spambots deal with something like the email address listed at this page listing my contact info. Do they parse html info and realize that this is just a normal email address in a table, or is that confusing enough that they don't see it?

Re:Surprised 'bots are that stupid

[stratjakt]

It's not worth doing.

The people who obfuscate their email address to avoid spams arent the ones you want to spam, since they're pretty much 100% guaranteed not to even read the email.

The spammers want the messages sent to the dopes who might actually buy the product/service.

Re:Surprised 'bots are that stupid

[KillerCow]

I would suspect that many bots convert % symbols now. It would only take a pass through a standard URL encode/decode function.

There are better obsfucators available.

Re:Surprised 'bots are that stupid

[mike_mgo]

The spammers want the messages sent to the dopes who might actually buy the product/service.

I'm not sure this is always true since it seems that alot of the money made in spamming is selling the email lists themselves to other spammers.

Re:Surprised 'bots are that stupid

[great+throwdini]

There are better obsfucators available. [link omitted]

The pitch for YASS (Yet Another Silly Script) aside, that solution isn't exactly 'better':

• The original email address is still nicely present in a foo@bar.baz format as a single string entity - how is this any more difficult to parse?
• Denying an email address to those who've disabled JavaScript seems a bit arbitrary.
• Adding about 0.5 KB to a document just to hide a multi*byte* email address seems less than optimal from an efficiency standpoint.

Of course, two of three of those problems can be overcome through inclusion of the script as an external resource (rather than an inline element) with some tweaking of the code presentation. But the 'solution' arbitrarily excludes a (likely small) population of users from actually accessing your email address.

If the whole point is to hide the actual email address, push it to the server-side (peddling a client-side JavaScripted solution is sub-par) and use a contact form. If the point is to present the actual email address (in cases where hiding behind a contact form sends the wrong message to your audience), I'm not certain turning to JavaScript offers all that much protection over plain markup obfuscation. Logically, it might, but at what additional cost?

I remain skeptical that HTML character encodings are enough, but perhaps it is so (still) given the CDT finding. One might combine it with the table-split solution offered up-thread. Turning to JavaScript doesn't offer enough demonstrable benefit to warrant usage.

Now, if one would conduct a nice controlled study of the differing techniques...

Re:Surprised 'bots are that stupid

[chumpieboy]

That's not necesarily true;

If spammers were only concerned with "clean" lists of probable dupes, they could very easily filter out the following probable complainers from their lists:
- role accounts (postmaster@, abuse@ )
- well-known complainers (whitelisting)
- entire spam-unfriendly domains (@spamcop.net)

Yet they don't. Rule #1, folks.

Re:Surprised 'bots are that stupid

[ergo98]

This isn't true, IMHO. Indeed, if this were true then why do spammers use fraudulent subject lines, and techniques in the text to avoid automatic filtration (such as images or text replacements)? The answer, of course, is that filtration and other preventative techniques can be a spammers best friend: If you've filtered 99% of spam, then that's all the more impact that 1% that sneaks through will have (one has to consider that there are hunderds of spammers-- rather than thinking that they beat "spammers", they should realize that it's all a bunch of spammers trying to dig and gouge ontop of each other). That's why fighting spammers is like digging a hole in sand.

I'd attribute the spammers not having more intelligent scrapers simply to laziness and stupidity: Most spammers, you will notice, are hucksters and fraudsters who happened to switch their game to the PC. These aren't technical wizards who decided that spamming was a great career choice.

Re:Surprised 'bots are that stupid

[nerdsv650]

Spammers are *slightly* less stupid than we give them credit for being. The reality is that they only want email addresses of people who are likely targets. By investing any effort at all in obscuring your email address you've indicated that your address is not even worth the infinitesimally small cost they incur in maintaining and utilizing their lists. It is not at all likely that this rather simple feature will be added to spiders/robots. Of course, IMO.

-michael

Re:Surprised 'bots are that stupid

[40000]

The fraudulent subject lines work because once you have opened that message (thinking it could be important), you have probably downloaded a small image (very few spam messages are in plain text now). That download has been logged as a visit and the spammer's client is charged for it.
How often do you get plain text spam with any sort of contact details or a description of the product?
HTML e-mail with images, frames or tables is a starting point for spam filtering.

Re:Surprised 'bots are that stupid

[dwsauder]

Okay, how about these:

j,o,e,@,a,o,l,.,c,o,m

<table><tr>
<td>j</td><td>o</td> <td>e</td><td>@</td> <td>a</td><td>o</td> <td>l</td><td>.</td> <td>c</td><td>o</td> <td>m</td>
</tr></table>

jo<!-- jabiuaiwoiuvklakj -->e@<!-- j89euB -->ao<!-- 88ba0s9 -->l.co<!-- a9aBVU9d0 -->m

Need more ideas? You'll get a lot more ideas from the spam emails in you get every day.

Re:Surprised 'bots are that stupid

[sqlrob]

RIIGGGHHHT

Which is why the e-mail address I post to usenet with is obsfuscated with NOSPAM, yet routinely gets scraped and spammed.

Re:Surprised 'bots are that stupid

[ChangeOnInstall]

I've found this works quite well. I didn't use their technique, but instead embedded HTML comments in the addresses, e.g.

bob<!--NOSPAM-->bobson<!--NOSPAN-->@
<!--NOSPAN -->bob<!--NOSPAN-->son<!--NOSPAN--&gt ;
tech.<!--NOSPAN-->com

The address is encased in an <A> tag that whose target is JavaScript code:

<a href="javascript:doMail('bobbobson');">...

Where the doMail() method appends @bobsontech.com onto the email and redirects to "mailto:bobbobson@bobsontech.com".

When I was building the web site I figured it was worth a shot, although I didn't think it would work. There are about six email addresses on a single page, and I've yet to see a single spam show up in all of them together. Some of the addresses have never received a single spam.

Re:Surprised 'bots are that stupid

The reality is that they only want email addresses of people who are likely targets

Ahem, Bullshit.

I've received spam addressed to my abuse@ address, my postmaster@ address. I've received spam that promises to buy drugs for me from Canadada, that were addressed to several of my .ca domains, which were harvested from the .ca whois database.

If spammers only want addresses of "likely targets", why the hell would they send this crap to me? Why would they offer to buy prescription drugs from Canada for me, a Canadian, who has a Canadian address?

Spammers are stupid sociopaths.

Re:Surprised 'bots are that stupid

the bot-writers MAY not be that stupid,
but as someone else mentioned - if YOU
go to the trouble of obscuring your addy,
then you are not a likely target.

awhile ago, for fun i created a "junk"
account that actually added the word
_junk into the username. for 2 years
i have gotten surprisingly little spam.

i decided that the bots were probably
removing the word junk (or nospam) and
the remaining address was not valid...

this report suggests that maybe it could
be due to the length of the addy (or
username) getting too long. whatever.

ymmv, ac.

Re:Surprised 'bots are that stupid

[peccary]

yeh, the email I use to post to usenet has nospam in the name. The catch is, it's not obfuscated, that's the correct address. It never gets spam -- the spammers seem to scrape out the 'nospam', and the resulting address does not exist.

Overall 80% spam...

[Judebert]

An interesting read, altogether. I know I'll be obsfucating my email adress when it goes on my website (not that the spammers won't figure that one out soon enough).

Still, notice that they received more than 10,000 emails... and more than 8,000 were spam. That's around 80% spam, and it includes the accounts that actually took some measure of protection against it. Naturally accounts that didn't bother to protect their email addresses got a much greater proportion of spam.

It's a shame we have to protect ourselves from what should be an open and valuable exchange. I know 80% spam would just swamp me altogether.

Spammers are to blame for spam

"We do we blame spammers for spam? If NO-ONE ever completed a transaction through an unwanted solicition, then spam would go away completely."

Spammers are 100% to blame for the spam. Your argument is like saying that mugging victims are the cause of robberies because they dare to have money in their wallets.

Re:Spammers are to blame for spam

[valkraider]

Uhh, not exactly. He was saying that people get mugged because the muggers need money to buy penis enlargement formulas from west africa to increase breast size so they can get a lower interest rate on their home for tellecommuting...

Yeah, right . . .

[Our+Man+In+Redmond]

Childs blamed the mix-up on a programming accident and said he has since apologized to Smithson [for using her site as an open relay].

Reminds me of the old saying, "I might have believed it was an accident if you hadn't stopped twice to reload and once to chug a couple of beers."

Re:the two things I've seen increase spam for me..

you can get the source from a java applet How exactly did you "get the source"?

ARG

[autopr0n]

These fucking spammers. Fucking DMA preventing tough anti-spam laws. I don't know about you, but I never buy anything from telemarketers and I'm more likely to just throw out any physical mail advertisements, after hitting the 'delete' button so many times.

Re:ARG

[e2d2]

I am opposed to the solicitation in your .sig sir which under my new spam laws would make you guilty of a felony and penalized under the US PATRIOT act, sentenced to enjoy the sunshine at Guantanamo Bay in a 4x4 cage for 25 years.

Sleazy Spammers in Ohio.

[garcia]

there's another one that has house/offices located near Tontogany, Ohio and also in Toledo. He lives in a LARGE house located in a richer area in the country. Their house is full of expensive toys, computers, LCDs, and furniture. He looks something like Marilyn Manison having a good day. He chain smokes. He doesn't get up till 2 oe 3 in the afternoon. He claims he is completely for "mass mailings". He wants people to believe that his emails are making their day.

I wish I remembered his name.

He is a fucking asshole. Die you spamming fuck.

Re:Sleazy Spammers in Ohio.

How does he make money? What is he selling that people buy? Does spam really pay? I've never heard of a single person ever responding to spam email let alone buy something.

Re:Sleazy Spammers in Ohio.

he provides the means for people wishing to advertise in this way.

that's how he makes the money.

Re:Sleazy Spammers in Ohio.

That would be Tom Cowles of Empire Towers fame. He lives in the Toledo area.
Here's his SPEWS file: http://spews.org/html/S888.html
Lovely man. The Houston Chronicle did a bit on him: http://www.chron.com/cs/CDA/story.hts/tech/1516754

The gauntlet has been thrown!

[douglips]

None of this puts a chill into Childs, who said he has nothing to fear from anti-spammers. "I don't ask for understanding from anybody. I follow the law." And as for angry e-mails and junk mail, he said, "I can give as good as I get."

Geez, I sure hope he's right. It sure would be a shame if his physical mailbox overflowed with a gazillion free catalogs.

Did anyone explain to him what happened to Alan Ralsky?

Re:The gauntlet has been thrown!

[apoupc]

he sholdn't have a problem if he received a gazillion free catalogs.....all he has to do is throw them away!

Re:the two things I've seen increase spam for me..

[great+throwdini]

I have multiple domain names and I know for certain that much of my spam originated from either scanning the whois database, or someone selling the e-mail addresses from there.

This is true for me, as well. Along with spam targeted to generic accounts (info@... is a favorite for domain-related services spam). Unfortunately, this class of unasked-for email falls outside the scope of the posted CDT study.

huh...

[autopr0n]

Well, when I set my spam-filters to exclusive I didn't get a single peice of email. of course I didn't have anyone in my address book.

Re:huh...

[Lshmael]

And why wasn't this obvivous? That's the entire point of the "exclusive" filter!

HOT NEWSFLASH

Some blowhard wrote a story about spam and thinks he has all the answers!

This is a once in a lifetime event!

Thank you /., for keeping me up to date with the whinings of every know-it-all jackass 'pooter expert'.

Re:the two things I've seen increase spam for me..

[AssFace]

Look into things such as Jet, Mocha, Dj, etc.

Many newer editors have it built in.

There are ways around it - but for the most part, Java is just bytecode and therefore you can go backwards and get the source - it isn't truly compiled in the sense of C/C++ exe code.
You don't get comments, but the code is there.

This is why you need to be very careful about how you do things in Java applets if you want security. Not really an issue if your code is server side - but in the case of a client side applet - once they have it, they can go through it all easily.
For the most part, the way around it is to have anything that needs to be secure done server side over an ssl connection and have the applet as dumb as possible - only relaying what has happened to the server or the user, depending on which is needed. Also, the server should keep track of what "should" be happening, that way if something comes back to it that doesn't match what it is expecting, it can be suspicious that the data has been tampered with.

In the case of the online casino code - they had done this in all of their newest code, and in older code it looked like they had hacked it in - so I presume at one point it wasn't done this way and they likely ran into someone winning too frequently as a result.

Hmmmmm.

[Unknown+Poltroon]

Charles F. Childs, Dayton Ohio.
Can anyone narrow that down a bit?

Re:Hmmmmm.

I sure hope not, 'cause it'd be a real shame if he got, say, a couple tons of catalogs dropped in front of his door. Each day. And that doesn't even count the amount he might get if a publication like The Register also picked this up so all the Brits who read it and who may not see Slashdot would find out.

Re:Hmmmmm.

"...Childs' apartment off Riverside Drive..."

My Active Michigan Lawsuit

[Slashdolt]

I don't want to get myself into any possible legal trouble, so please excuse me if I'm somewhat vague in some respects. IANAL.

About 2 or 3 years ago, my wife visited a store in the Lansing, Michigan area and gave them my email address. From time to time, I would receive email from them. Eventually, I asked them to stop. They stopped.

On November 21, 2002, I received an email from them asking me if I would like to begin receiving advertisements and marketing offers from them again. There was a link to click on, if I didn't want to opt-in. I clicked on that link.

Approximately 2 months later, I received an email from them. They had an option to unsubscribe by sending an email to their unsubscribe address. It said I would be removed immediately. I even received a confirmation stating that I had unsubscribed. For the next month, I continued to get 2-3 emails from them per week. Each time, I clicked unsubscribe and was told that I had indeed been unsubscribed.

After the 2nd email, I contacted customer service and reported the problem. No response. After the fourth time, I contacted them again, and threatened legal action, if they didn't stop. No response. I called customer service, talked to a live person, and was told that I would be removed from all their lists. But the email continued to come.

I filed a lawsuit in Michigan small claims alleging violations of the "junk fax" law, having heard about a Michigan man who had won by doing so. 6 violations for $500 each, resulted in $3,000, the maximum allowable under Michigan Law for small claims. As evidence, I have nearly all of the advertisement emails as well as my requests to be unsubscribed, and their acknowlegements stating that I had been unsubscribed. Additionally, I have the emails I sent to customer service, which never received replies.

About 2 weeks after filing suit, I received an email from their customer service stating that they were finally looking into the problem. I haven't received an email from them in the last 2 weeks, so I assume that I'm finally off their list, and it only cost me $36.50 ($32 small claims, $4.50 certified mail).

However, now their attorneys have demanded that the case be removed from small claims and placed into general civil court (which is their right). Unfortunately, I plan to do just that.

The FTC has publicly stated that not honoring removal requests is illegal. However, I'm not sure I have a private right of action in this situation. Using the Junk Fax law in general civil court is probably a bad idea, and I think I would likely have to claim actual damages in order to pursue it in general civil court.

I don't really want to get in over my head. I'm sure they realize this, which then makes me WANT to get in over my head. However, I'm still not sure that I have a legal basis for my case. Even in a state like Washington, where anti-spam laws exist, half of the cases get dismissed by the judge.

I called a local attorney and was told that I should dismiss, or risk being counter-sued for a frivolous lawsuit. Essentially, what they did is illegal, but there really isn't much I can do about it other than contact the FTC and the state attorney general, and if I pursue my case against them, I could wind up paying them.

--
Slashdolt

Re:My Active Michigan Lawsuit

[Slashdolt]

Now why dont you sue me, you shitwit?

Because you didn't do anything illegal. They did. Read the law, shitwit.

-- Slashdolt

Re:My Active Michigan Lawsuit

[michael]

Better to stay in small claims court if at all possible. Small claims is geared toward individuals representing themselves - you'll (almost) be required to hire a lawyer to pursue the case in regular court (which will, of course, cost you more than you're claiming in damages).

There's no advantage to you in going to regular court, and many disadvantages. Oppose their motion to move the case to regular court.

Re:My Active Michigan Lawsuit

[Jens_UK]

Best of luck with your lawsuit - perhaps this earlier Slashdot article can be of assistance.

Re:My Active Michigan Lawsuit

An activist! Bless you.

For anyone out there who cannot convince FirstUSA bank to stop telemarketting to your house, call the assistant to the CEO at 888-622-7547 x6839.

Tell her that you will call her back each time you get one of their calls. If she tells you that it could take several months to get off their lists, then tell here that it will also take several months for her to get off *your* list.

I went thru this about 7 years ago and finally put a stop to it with this method after my "properly channeled" requests were ignored. They started up again recently; so I went straight to plan B. It works! Just call the CEO, or as close as you can get.

Re:My Active Michigan Lawsuit

[dasheiff]

IANAL but, what about the $36.50? And any other costs incured in the civil suit? I wouldn't try to get anything outragous. But if you just ask for that money, and refuse to settle out of court, you would be doing your part to get more cases on the records.

Woah woah woah, wait a minute.

[thesolo]

A former Dayton police officer who was fired in 1996 for selling drugs on the street, Childs said he doesn't rise most days now until 1 p.m.

So let me get this straight. Not only is this Childs guy a commercial spammer who says people should "Quit your whining" about receiving spam, but he was also a drug dealer and a corrupt cop.

So now, my question is how the hell isn't this guy in jail? You'd think between dealing drugs, being a corrupt police officer, and being a spammer this guy would be behind bars, wouldn't you? Apparently not!

Furthermore:
The Federal Trade Commission, however, has questioned the honesty of at least one of Childs' Internet ventures. The federal agency sued Childs in federal court last year for operating an Internet chain-mail scheme that enriched a few early participants at the expense of others.

So now he was basically running a pyramid scheme as well. This is just revolting.

Re:Woah woah woah, wait a minute.

Well I bet it's because all his cop buddies have big penises, cheap mortgages, no wrinkles and lots of professional degrees :)

where does he live.

[p51d007]

Let the internet take care of itself.......I"m sure as we speak, someone who lives in Charles F. Childs area, is tracking down his address, and some forum somewhere will post his address, then as happened to the other spammer, his snail mail box will be filled with every catalog, etc you can imagine!

Who started this?

[GoneGaryT]

What was the first spam? AFAIR it was "Make Money Fast" on Usenet when AOL came on line, must've been 1994 or 1995. Everyone's first reaction was anger; that's never really changed.

Anyone else remember their earliest encounter with it?

DOS TIP: Mozilla 1.3 Bayesian spam filtering = :-))

Re:Who started this?

I don't remember when I first received spam, but I remember when I helped invent it! My friend, in 1992, wanted to create a new extracurricular group and we came up with the brilliant plan of finding interested people by emailing every address at the University. We got a lot of response, since no one had ever received any unsolicited email before.

Of course, now we are thoroughly ashamed.

How about, "Burn in Hell, Dirty Cop"?

[UberOogie]

Actually, if you read carefully, this guy was a cop who got fired after being caught selling drugs.

Yeah, this guy is a real success story to be immitated.

Re:How about, "Burn in Hell, Dirty Cop"?

Actually, if you read carefully, this guy was a cop who got fired after being caught selling drugs.

Yeah, and he hasn't improved any since.

Origins of spam?

[Joe+the+Lesser]

On the first day, the Lord created email, and it was good.
On the second day, the Lord created spam, and it was bad.

Smart Programmers proved Lawful Good

[bill_mcgonigle]

Obscuring an e-mail address is an effective way to avoid spam from harvesters on the Web or on USENET newsgroups... ("example at domain dot com")

I thought for sure by now spammers would have figured out regular expressions and e-mail address verifying modules, and I'm glad they haven't.

But doesn't that prove that there's never been a smart programmer who's worked on an e-mail harvester?

I think that says alot about the profession.

Re:Smart Programmers proved Lawful Good

[stratjakt]

If someone is going out of their way not to recieve spam, why bother going out of your way to send it?

They aren't going to order the penis pills or join the pyramid scheme.

They dont make money per spam sent, they make it per order recieved. They want to spam the stupids who will buy the products.

It'd be like trying the old "sell the brooklyn bridge" con on a NYC realtor. It's a waste of time.

Fix for problem number two

[archos]

When i registered my domain, I gave the address archos@myprivacy.ca. Any mail sent to this address is is held while a challange is sent to the sender. The sender just has to reply to the challange email, and the original will be sent to me. Automated spammers won't reply to the challange. myprivacy.ca is a free service provided mainly for .ca domains, or for domains registered with a participating registrars.
Does anyone know of any other services like this?

Re:Fix for problem number two

[u38cg]

I do something similar; every email I get that flags as spam receives a bounce, telling them it's been blocked, and if they want to contact me, fix whatever's broken in their message (I also include a description of what my filters are set to; I used to just send a pass-phrase they could stick in their subject, but I found that that just meant I ended up with more rubbish. Now I tend not to get crappy forwards all day log :)

Re:the two things I've seen increase spam for me..

[Ed+Avis]

This is why you need to be very careful about how you do things in Java applets if you want security. Not really an issue if your code is server side - but in the case of a client side applet - once they have it, they can go through it all easily.

Very true. But in fact, it doesn't just apply to Java. Even in other languages you can disassemble the code and work out what it does. It takes longer than it would to decompile Java bytecode, but it can be done, and if security is important to you then the mere fact that it is 'difficult' to reverse engineer the code shouldn't be enough.

In other words: you cannot trust any code that runs on the client side.

My plan for spam..

[xchino]

Spam needs legitimization. Hear me out, now, before you add that -1, Troll. By legitimizing spam we put ourselves in control. We need laws on a national level defining exactly what is valid spam and what is illegal.

We need the ISPs to work WITH the spammers ( or vice cersa). Make it trvial to filter, and only send it once. Give everybody a shared "Spam box", as place to go and see if they really need to acclerate their dialup to new levels, or a vacation, or whatever (I'm assuming 18" Penis and XXX TEEN LESBIANS will not be considered legit). We need stiff penalties to those who violate the law. We can't enforce the law in other spammer friendly countries, but we can enforce the law in our own. The company marketing should also be held responsible for violations, preventing American companies from just outsourcing their spam. Any spammer friendly ISP's either deal with their spammers or risk the entire range being blocked (voluntarily) by American ISPs. I know 99% of service providers would have no problem blocking out spammers voluntarily, especially if they are being good Americans while they are doing so. Let's not forget that as rapidly as it's changing, a majority of popular sites are American based. I know all you Norwiglians out there would probably drop your ISP if you couldn't get to slashdot just because your ISP supported spam.

The DMA has too much money to let spam die, and apart from the slashdot crowd a majority of people don't find spam to be a big problem in their daily lives (albeit mostly thhanks to us busting ass). Some people actually enjoy getting spam. I don't understand it either, but to each his own. As an option in a recent poll said, grey areas definately exist.

I think spam is a fact of life. Sometimes I get emails from business friends who include a small ad as their sig. We can't kill spam but we can change the face of it to be ever os less intrusive. We're going to have to compromise our "FUCK YOU AND YOUR GOD DAMN SPAM" attitudes if we plan on giving our credibility to our cause.

We want complete restriciton, and they want no restriciton. Somewhere in the middle there's a feasible solution for both of us.

Re:My plan for spam..

[Steve+B]

We need laws on a national level defining exactly what is valid spam and what is illegal.

Simple:

Non-Bulk or Opt-In: Legitimate
Bulk and Non-Opt-In: Illegal

Duh.

Re:My plan for spam..

[ewhac]

We need the ISPs to work WITH the spammers ( or vice cersa). Make it trvial to filter, and only send it once. Give everybody a shared "Spam box", as place to go and see if they really need to acclerate their dialup to new levels, or a vacation, or whatever [ ... ]

Hmm. Interesting. The "shared mailbox" you describe already exists, and is called a newsgroup.

If all unsolicited ads were deposited into a single newsgroup, and my ISP sent me a single email summarizing the day's posts to that group (which doesn't need to be more than a listing of all the Subject: lines), I think that might be something I could live with.

I loathe and despise spam, and wouldn't turn away the opportunity to corner a spammer in a dark alley, me with my five-foot cocobolo staff and him with fear in his eyes... Er, I digress. But at the same time, spam has a certain fascination -- sort of a cross between anthropology and a train wreck. You can't look away, because you just can't believe people could be this stupid.

So if there were a centralized place spam could exist without harming anyone but still be available for viewing -- rather like animals kept in a zoo -- I think I could live with that.

Schwab

Re:My plan for spam..

[jjo]

Unfortunately, making a particular type of speech illegal has constitutional difficulties. I much better approach is like this:

Non-Bulk or Opt-In: Legitimate
Bulk and Non-Opt-In: Legitimate if labeled, illegal otherwise

Requiring an automatically-recognizable label such as "ADV:" in the subject line will allow recipients to accept all of it, reject all of it, or apply their own filters to it. The DMA should have a hard time defending the 'right' to deceive people about the kind of e-mail they are getting.

Ecco Ping! Ecco Pang! Ecco Pong!

Re:My plan for spam..

[Openadvocate]

I just block servers and subnets of ISP's that bothers me. The list in the router is growing everyday. People trying to abuse webservers,scripts,proxies etc.

Just re-added entire Dialtoneinternet today, the slipped in my router upgrade and,, surprise +5000 attempts today to tunnel SMTP trough proxy CONNECT method. Even though I don't have a proxy, not even mod-proxy. A bunch of subnets from Worldcom/uunet also got in my list this winter for directory attacks to my mailserver.
Then I use the most nasty RBL etc lists for my mail server.

Re:My plan for spam..

[Steve+B]

I can accept that with the proviso that the rejection may occur at any point (i.e. an ISP may decide as a matter of policy to discard non-opt-in bulk email without further ado -- if you want to be spammed, sign up with a different ISP).

Re:My plan for spam..

[Dimensio]

The speech wouldn't be illegal. The delivery method for the speech -- that is, theft by conversion and trespass to chattel -- would be illegal. It does not matter if the spam is for a charity benefit or pornography, it is wrong all the same and the sender should lose his or her account with his or her ISP.

The objection is about consent, not content.

Re:My plan for spam..

[jbolden]

Its still got to come over the wire which is a waste of bandwidth and server space. ADV mail should have to come from specific IP addresses so it can get filtered on the router level and not cost any bandwidth if not desired.

Uhh

[arvindn]

Many surveys have shown that the vast majority of computer users (up to 95 percent) do not want to receive spam.

Which means 5% want to receive spam? I'm surprised there's anyone at all that doesn't loathe spam except the spammers themselves.

Re:Uhh

[slasher+guy]

Imagine how many spammers there are...

Use javascript

[autopr0n]

A good way to prevent spamming is to use javascript to generate your address. So rather then writing "me@wherever.tld" you write
<script>
document.write("me");
document.write("@");
document.write("wherever");
document.write(".tld");
</script>

It works pretty well, I've found.

Re:Use javascript

[pomakis]

A good way to prevent spamming is to use javascript to generate your address. So rather then writing "me@wherever.tld" you write document.write("me"); document.write("@"); document.write("wherever"); document.write(".tld"); It works pretty well, I've found.

You don't even really have to get that fancy. Using simple HTML character codes is pretty effective at tricking most (if not all) e-mail-address-searching spiders. E.g., simply write:

me&#64;wherever.tld

It will show up on the web page as:

me@wherever.tld

but it won't be recognized as an e-mail address by evil e-mail-address-searching spiders. You can even write working mailto: links like this. E.g.:

<A HREF="mailto:me&#64;wherever.tld">me&#64;wherever. tld</A>

Re:Use javascript

[dvdeug]

A good way to prevent spamming is to use javascript to generate your address

But does it work for text-only browsers? (I know that doesn't really matter with your website, but still . . .)

Can we close the holes?

[Migraineman]

Waiting for the gub'ment to take action is like expecting the local politicians to care about your best interest. (aside - the local turkeys just raised the taxes again because their "revenue" is down.)

We need to deal with this ourselves. Anyone who is connected with email software (especially the relays) needs to make sure the software is shipped with everything turned off. This will prevent the doofi out there from accidentally breeding open mail relays. While it won't fix the immediate problem, it'll stop propagating it in the future.

To really stop the spammers, we need to upgrade the email system to support something more robust than SMTP. It was great 30 years ago, but the world has changed. We need to take the painful step of upgrading the email system.

Yes, there is a cost associated with it. Yes, it will be painful for a period. Yes, it is necessary.

Re:Can we close the holes?

Fucking yankee moron. The government is an institution you should respect and help to improve. If you don't, as we can see with you lazy fucks, it turns into fascism. That is why you're not free.

Re:Can we close the holes?

[RatBastard]

Agreed. SMTP is simply not up to the task any more. A new protocol needs to be implemented. The problem, of course, is getting it out into teh field. You'd need to force everyone to upgrade. This would mean upgrading the software on every server and in every client. I don't even know if this is possible. SMTP is too deeply entrenched in too many systems.

It's possible that some government fiat could ram this new standard down everyone's throats, but I don't think anyone would be happy with that.

Re:Can we close the holes?

[e2d2]

What new standard? See that's the problem, there is no quick fix to this situation because the idea of the internet is that everyone can access it and every host can connect to every other host. Otherwise it's a closed system and restricted to those with access. Many ideas have been proposed for revising SMTP or adding additional functionality to existing systems, from white listing authorized hosts to trust based solutions like Vipul's Razor - TeS. But you can't simply say we need a new standard without really looking at the current SMTP RFC and related RFC's and fixing their supposed flaws. I personally think they work as intended and spam cannot be defeated without totally killing the current email implementations.

But if you wanna get some recognition for changing the world you have your work cut out for you, simply propose an RFC that allows what SMTP allows AND defeats spam. That is the holy grail of email. This task is not to be underestimated. Many have tried and failed.

Re:Can we close the holes?

[terrent]

Okay, another cranky idiot.
Seriously, tho, your repeated and skillful use of the f-word makes me rethink. Someone brave enough to use such language just has to be right.
(ya idiot)

Spammers and arses

[supabeast!]

It seems to me that the origin of spam deserves a really good goatse.cx link, but I've trolled enough this week.

Re:Big f-pee

[irc.goatse.cx+troll]

Thats why we're all posting replies as to a modded down post - this whole thread will be ignored.
signal to noise level rejoices.

How come...

[sconeu]

How come nobody's posted this guy's address yet?

Re:the two things I've seen increase spam for me..

[bughunter]

Unfortunately, you can do a lot to minimize spam, but there's very little you can do to eliminate it completely. I've had my earthlink account for 8 years now, and it is becoming overwhelmed by spam. Even with Earthlink's spam filter, and my spam filter, there's still a couple of dozen emails per day that are unsolicited and include my address in the mailto header.

Yes, I've posted to usenet, and with only a couple of instances excepted, I've munged my address both in the from header and in the sig.

Yes, I've used the address when shopping online, registering shareware, signing up for other services, etc. Some of these actions have been followed by noticeable increases in spam.

One of the things that really bugs me is web services who solicit email addresses for their service (such as a greeting card or "e*kiss"), and then sell those addresses to spammers.

My ex-girlfriend once sent me an e-greeting using some unknown service, and addressed it to my earthlink account. I strictly use the ".net" tld when I give out that address, but for some reason, my ex used the .com tld for this greeting card. Before I even viewed the card, my inbox was flooded with spam addressed to me "@earthlink.com"

Needless to say, I was pissed. I sure wish I could remember which e-card website she used. Bastards.

...but these guys deserve it.

Hope it is thousands. This company basically kept harassing him after being told to stop. There is no excuse for that.

Sarxpam

What about sarxpam? Is there any solution to the sarxpam (unsolicited and unwanted sexually-oriented E-mail) epidemic? I'm always receiving offers to enlarge certain parts of my anatomy, watch young teens perform disgusting acts, etc.etc.

Short of changing my email address, is there any way I can stop them?

Re:Sarxpam

yes, stop visiting pr0n sites.

Re:Sarxpam

Buy the aforementioned penis enlargment device.

When I read Center for Democracy & Technology

[Ded+Bob]

I keep thinking Center for Disease Control and Prevention (CDC). With the topic being spam, it would make sense.

Slashdotted.... Mirror Available

[Clipper]

Their server is totally slashdotted. I'm mirroring the article at my personal site.

The Game Is Afoot!

[Steve+B]

Childs' apartment off Riverside Drive

Wink, wink, nudge, nudge....

Re:The Game Is Afoot!

http://www.ftc.gov/os/2002/04/universaldircmp.pdf

Gentlemen, we have an address. Sic 'em. :)

Charles F. Childs
4132 Pompton Court
Dayton, OH 45405

--Posted by myself

Re:The Game Is Afoot!

Dang, I blew all my mod points yesterday. Somebody give the parent post a boost!

Re:The Game Is Afoot!

[Steve+B]

LOL; didn't take long to ferret that out!

Methinks that the reporter has been spammed as much, and appreciated it as little, as the rest of us....

New Acronym

[luzrek]

YASS = Yet Another Sleasy Spammer

Re:Start the war wagons and lets attack

okay the address again is...

Charles F Childs
and Linda Jean Lightfoot
4132 Pompton Court
Dayton
Ohio 45405

Lets see if we can stuff HIS mail box like the last spammer recieved!

Lots of filters, just a few spam

[MBCook]

On my PC (win 2k, using MS Outlook (not express)) I've managed to get almost all my spam filtered out. I still get 1 or 2 a day, but that's way better than the 30+ I used to get. All it took was spamassassian (to catch most of the spam) and cloudmark spamnet (which catches many/most of the viruses that seem to find their way to me). Works great.

Oops...

[Slashdolt]

After rereading my message, I removed a line of text. It was supposed to read something like:

"They're trying to get my to dismiss. Unfortunately, I probably do just that."

--
Slashdolt

spammer's home address

Here's what I presume to be home address of the spammer named in the article.

ABUSERS: C. Fielding Childs
cf_childs@yahoo.com
Bulker's Paradise
4132 Pompton Ct.
Dayton, Ohio 45405
FAX: (937) 275-3741

ALSO: Charles Fielding Childs, Jr.
"MAIL ORDER ALLIED COMPANY"
2936 Melbourne Ave.
Dayton, OH 45417

Funniest part...

... a user with a common or short name may want to modify or add to it in some way in his or her e-mail address.
For further information, please contact... ari@cdt.org.

Not taking their own advice?

Re:Spam? I thought I was posting!

I didn't request your text. Stop spamming me, asshole.

Google Groups

[iso]

I have the same email address that I've had since 1994 (basically firstname@lastname.com). Unfortunately I used it on the Usenet many years ago, before this was considered to be a bad idea. Nowadays, Google Groups (and perhaps others?) have my postings, and email address, forever immortalized.

I imagine that harvesting software would crawl Google groups regularly. Is there anything I can do about this? This study makes it clear that after an email address is removed from the web, the amount of spam it receives drops off dramatically. It makes sense that removing my email address from google groups (the last remaining place it exists on the web) could help substantially.

So the question is, will Google remove my email address from their site if I ask them? Has anybody else tried this?

- j

Re:Google Groups

[clarkie.mg]

You can ask google to delete any post that you have made. They explain the whole thing there : http://www.google.com/contact/groups.html.

Mod parent up, let the stuffing begin

No text

Spam is an end in itself.

[douglips]

Sure, spammer X knows that someone who spells out their email address in an attempt to avoid spam is not going to buy anything.

But, many spammers exist solely to sell other spammers email addresses. So, an obscured email address is just as valuable to such a spammer as any other email address.

Of course, they won't tell their spammer clients that the email address is for a spam-averse user, they'll collect their .003 cents for the email address for each spammer they sell to and buy a silk kimono and leather slippers and sleep until 1 PM. Bastards.

How is old Alan doing?

[RatBastard]

Is that maggot-eaten sack of whale drek still getting a gazillion pieces of snailmail every day?

Re:How is old Alan doing?

[Tackhead]

> Is that maggot-eaten sack of whale drek still getting a gazillion pieces of snailmail every day?

Ahem.

I represent the Cetacean Fecal Matter Anti-Defamation League. Please retract at once your defamatory comments against whale dreck.

I have also been informed by the Head Maggot of the Fly Larva Anti-Defamation League that although his members will gleefully chow down on any form of cetacean poop ranging from Dolphin Doo to Blue Whale Bombs, they'd definitely draw the line at Ralsky's carcass. They've got standards, y'know.

Have you already forgotten the lesson?

[fudgefactor7]

Here is a link that Slashdot previously posted about a guy who successfully used 47USC227 to sue spammers. You can do it too. Go for the money, or gonads, whichever turns you on the most.

Who wants to help me elimate spam?

I've come up with a solution to the spam problem that is fiendishly clever, but I lack the programming skill to implement it. What I propose is every email is automatically deleted unless it contains the following in the body.
"This email is intended for x@y.com. This paragraph is copywrited by the owner of that email address. Reproduction or redistribution of this paragraph without the owner's express permission is forbidden and punishable by law."
Finally, a good use for the DMCA. If someone sends you spam, you can sick the DMCA on their ass to force them to reveal their information and where they got your address from (assuming they didn't just guess). Then you can sue the spammer and the seller of your address for copywrite violation. Plus you can root around in their networks, etc. in case you THINK they might be hiding other copywrited works... The real key to this is to write a program/filter/whatever that only accepts emails matching the format, and then to get everyone to use it. You could even have the program automatically add the format to outgoing emails (assuming you have the recipients permission as well...). So, who wants to write it? Open source, free as in beer, etc. etc.
-Will

Green Cards

[RatBastard]

The first large-scale spam was the infamous "Green Card" Usenet spam from the Cantner and Seigel (sp?) "Law Firm" way back in late 1993 or early 1994. The outcry was deafening. They got tossed off of every ISP they could find and were harrassed for weeks, possibly months.

Now I wade through mountains of spam in my favorite Usenet groups (spam is still being sent to dead newsgroups like alt.ensign.wesley.die.die.die for Pete's sake!) and don't even bother trying to get the bastards knocked off their ISPs. Sigh.

Re:the two things I've seen increase spam for me..

[AssFace]

One of the funnier (to me - others likely hate it) things I've seen are those "somebody has a crush on you" sites. you then have to "guess" who sent you the thing, so you put in emails and it collects them. I don't think that anyone ever really sends you anything, it just says that, then collects all the emails that generates and then tells those people that someone has a crush on them, etc etc.
Then that list can be resold.

I have my email address up on slashdot, I have it on my webpage (current and an old school one). I have posted to various discussion boards, yahoo groups, newsgroups, mailing lists, etc. I have purchased online from literally hundreds of online stores (I pretty only buy anything aside from dinner online).
Our of all of those, I definitely saw increases in spam coming in - but it wasn't huge increases until the two things that I mentioned up there - the online gamling and the domain registration.

I thought...

[Repugnant_Shit]

I was getting more spam because the other penis enlargement products I ordered don't work.

Spam tracking

[Snowgen]

I just got a new domain ... Every time I give my Email online I give a diff name, for instance if I buy at yahoo I give "yahoo-shopping@mydomain.com".

People without their own domain who still want to do this can use a free Spam Gourmet account.

In Ohio, SPAM is Illegal!

[adamkuj]

The Dayton Daily News article discusses Charles F. Childs, an Ohio native. Last year I testified before the Ohio Senate Commerce Committe regarding a proposed spam bill. That bill was later passed into law . Among other things, the bill has opt-out requirements, requires a pre-existing business relationship, and makes it a feleny to forge headers and/or abuse open relays or proxies to send email. I would imagine that Mr. Childs, and another Ohio spammer, Tom Crowles, are in violation of some or all of the provisions of the Ohio spam law. Here's a new get rich quick scheme for you: hire an attorney and start collecting damages from these scum (up to $100 per email plus legal expenses).

Re:In Ohio, SPAM is Illegal!

[jafiwam]

I don't get it. (Seriously, I really don't get it, no sarcasm intended.)

Why, if forging headers is illegal, and this guy is doing so (presumably) and bragging about it to the newspaper are the cops not already at his door? It is a felony no?

Why would a private citizen need to get the guy in court or even try? Should not forwarding the evidence that they have to the proper law enforcement authorities be enough for them to go after him for committing a felony?

Is this some sort of wierd "civil-felony" or something?

As a counter example, I got fined for having a too loud stereo once (it was, I admit) and it was because someone complained, the cops showed up, decided it indeed was too loud and issued a ticket. The guy didn't have to take me to court, and I certainly never got to find out who it was.

I am confused.

Re:In Ohio, SPAM is Illegal!

[dev11]

MAKE BIG MONEY SUING S.P.A.M.M.E.R.S!!!

Friend, if you're like me, and you've already got a University Diploma from a presigious non accredited university, a lifetime supply of herbal viagra to keep your 12 inch penis hard to satisfy those hot teen sluts, and a low rate mortgage to buy a warehouse to put all those toner cartridges, all made possible by helping out some swell Nigerian prince, then this offer is for YOU!!

Get in on the ground floor of this new growth industry!!! For only $30, you receive my start up kit for making money suing spammers. I made 1 million dollars in the first month alone and I want to offer YOU this once in a lifetime opportunity! You can make $3000 a week working entirely from home. Just think of all cable descramblers and prescription drugs you can buy with that cash! Plus you get that warm and cozy feeling that you caused some scumbag spammer a little harm. Don't wait, act now!

You have received this email because you opted in to one our marketing partner's mailing lists. If you don't wish to receive informative marketing messages from our subsidiaries, click on link below and your address will be immediately removed from this list and put on our Preferred Customers lists to receive even more helpful messages from our marketing associates.

So what??

[EvilStein]

That doesn't change the fact that you're still getting spammed!!! So what if you know who did it? Great, you won't do business with them again because they sold your address.

Your still getting spammed because in most places, it's perfectly legal for them to do so. Your bandwidth is still absorbing spam. Your mail server still deals with the spam/bounces.

Just making a cute address doesn't solve the problem.

Re:So what??

i know who not to buy from, i also drop them an email saying you can close my account because i will not do business with spam companies. One of these wont deter xyz.com but a few hundred a week would. because the lost business is more than the few hundred they get from the spammers.

Irony. HAH!

Subtle like a brick to the head.

One of the good, rare times a first post has made me chuckle.

next up

[cygnus]

CDT has released a new report based on a six month project entitled "Why Am I Getting All This Spam?"/blockquote stay tuned for their next report, "Why Do I Have This Burning Sensation.... Down There?"

Re:the two things I've seen increase spam for me..

[AssFace]

I was seeing so much spam because of this (over 500 a day) that I just setup my server to redirect any mail that comes in to an address that doesn't exist to /dev/null. That brought me down to the "reasonable" 100+ a day.

I'm on a shared server (pair.com - I highly recommend them) - so my scripts are only allowed to run for a max of 30 seconds. They don't run the spamassassin c daemon, so I have to use the spamassassin perl script. With the default settings, it was getting slow going through my mail - so it would timeout, and then when that happened, the mail it was looking at would just get dumped into my inbox, unscanned.
I've adjusted the settings of SA so that it doesn't talk to the RBLs and it only autolearns on 20 or higher scores. I also set the bayes_90 and the bayes_99 to higher scores (3.5 and 4 respectively) just because I personally had never seen those be wrong on my mail.

With those settings and whichever version of the 2.60 I have, I'm loving it right now.

It saves caughtspam out to a "caughtspam" file and I also have yesterday's caughtspam in another file.
I can then just run "frm caughtspam | more" and see it formatted out to the screen in an easy way to read. If I have free time I will glance over it to make sure I'm not missing anything.
I also have scripts that run against it as well to warn me of things that might be things I'd want to keep - but those can only be so smart - but are better than not reading through it at all.

Whole article suspect

[sharkey]

...the acknowledged father of the Internet, MCI vice president Vint Cerf...

No metion of Al Gore in that Dayton article, they must not be researching in the correct "manner".

Re:Whole article suspect

[ubernostrum]

No metion of Al Gore in that Dayton article, they must not be researching in the correct "manner".

Wow, that was almost-but-not-quite funny the first time somebody said it years ago. And I'm sure it's improved with the 5.3x10^7 tellings since.

Re:Whole article suspect

[msm1th]

OH MAN, That's some funny stuff! Did you make that up? I've never heard that before! AL GORE! Hahhaha! You my friend are a TREASURE. A TREASURE! So funny! So witty! So droll!

Dare I say it? Dare I? Yes! SHARKEY IS A COMIC GENIUS. Unlike so many of the other tired, worn-out jokes and pseudo-witticisms I've seen here, THIS POST is a true original.

Stay gold, Ponyboy, stay gold.

Re:the two things I've seen increase spam for me..

> I first installed it in January and in that time have only had it
> once grab mail that it shouldn't have - from my mom. I added her to
> the whitelist and have never had a problem since.

Why would your mom try to sell you a penis enlarger? That's just creepy.....

Re:the two things I've seen increase spam for me..

[AssFace]

Very true. And to be fair, just because something is server side, that obviously doesn't mean it is secure either.
All kinds of generalizations I made there - I was just trying to get ideas out :)

Re:the two things I've seen increase spam for me..

[AssFace]

LOL

well, that's just how mom is. always wanting more more more. their her damn genes in the first place.

address

Found the address to this spammer
Childs, Charles F.
5407 Hoover Ave
Dayton, OH 45427

No spam at my main email address

[mitzman]

Not that I'm complaining but I don't receive email at my primary account anymore. I use it for a lot of things and at one point I was receiving spam constantly. I used to request a removal from the system and then I'd still get spam from certain spammers. What did I do? After some stealthy research and a ton of time spent, I was able to find legitimate emails to people and threatened legal action of harassment or something. I know that's a b.s. thing but the last thing anybody wants to see is the threat of a lawyer regardless of what they would be charged with. I tell ya, I don't know about you but we should all do what the guy in that commercial does; fly over to the company headquarters and smash the phone of the telemarketer. Just a final thought: SPAM BAAAAAAAAAAAAAAAAAAAAAAAAD! FREE INTERNET PORN GOOOOOOOOOOOOOOOOOOOD!

Re:No spam at my main email address

[BobRooney]

Does it complicate matters that Free internet porn and ads of the like are themselves often spam? A = Bad, B = Good, A = B... ????

Re:No spam at my main email address

[mitzman]

Yes I believe it does. Damn I got moderated as a troll. Ah well, I'll have to be more careful in my posting next time.

If they ask you to do something...

[Dimensio]

Like move it to a civil court, then you should oppose. IF they want to do that, then they think that there is an advantage to doing that. As it is, if they demonstratably broke the law then they have no claim that your lawsuit is frivilous.

Al Gore said he invented the Internet

Al Gore said he invented the Internet. This is a correct paraphrasing of a wild claim by Al Gore that is not true.

In the actual quote, he said he created it, which means the same as inventing it in this context. Also, is is a big lie (or big dumb error) since it was around and it was called the Internet before Gore was ever involved.

Re:Al Gore said he invented the Internet

[stevel]

No he didn't. What he said was this:

During my service in the United States Congress, I took the initiative in creating the Internet. I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country's economic growth and environmental protection, improvements in our educational system.

His wording could have been better, but he was not trying to take credit for actually creating the Internet, despite all the jokes that followed.

For more on this, see snopes.com's writeup.

Mirror

[cultobill]

Their bandwidth is pretty low, so here's my copy.

/me wonders how the school server will respond to the /. monster

Won't work

[Dimensio]

There is no way to "legitimize" unsolicited bulk e-mail. Spammers are, by their very nature, sociopathic scum whose existence is a waste of carbon, oxygen and water. They won't play by the rules, they will do whatever they can to evade filters and they will seek out crime-friendly ISPs like Verio, VDI and Qwest to commit whatever felonies they want. The fact is that I should not have to tell someone not to use MY resources to create advertisements that I DO NOT WANT. "Legitimizing" spamming in any way will simply give the scumbags yet another excuse on which to fall back when someone complains about their unsolicited garbage, yet another reason for them to launch legal threats against anyone who complains about the spam.

Heck, spammers still quote the failed bill proposed by Frank Murkowski as "proof" that their spamming is legitimate (not only citing a non-existent law, but also completely misstating what the law would have done had it passed), and threatening people who complain because they "followed the law". We don't need to give them any more ammo.

Unicode Converter

[imscarr]

I found a nice unicode converter so you can disguise your email address with "HTML numeric equivalent" like the article mentions http://www.mikezilla.com/exp0012.html

add
< A href="
&#109;&#97;&#105;&#108;&#116;&#111;&#5 8; [your unicode email address] "> Send Me Email </A>
to your web page

&#109;&#97;&#105;&#108;&#116;&#111;&#5 8; <-- says mailto:

New Tactic

[thecoolestguy]

I've also noticed that lately spammers have been putting a 1 pixel wide image in the email message itself. (I.e. img src=spammers_server/pixel.gif?email=youremailaddre ss ) If the message gets opened or previewed - the pixel is pulled from the spammers server and a web log is created with your email address in it. Even viewing a potential spam email can verify your email address to the spammer as a valid account.

Re:New Tactic

[inerte]

Not new. In fact quite common.

I use Evolution and it can block loading images from the web.

Re:New Tactic

[VirtualWolf]

Which is exactly why I've set Mail.app to not display any HTML content.

What'd be /really/ good however, is if Apple put in an option in the Rules section "Is HTML Mail". Thinking back, I don't think I've gotten a single e-mail that's been HTML mail that hasn't been spam.

Re:New Tactic

[Dimensio]

A proper mailreader can be configured not to respond to that HTML.

Of course, it's another site to whom to send a complaint to get that image pulled.

Re:New Tactic

[dasheiff]

You are correct, though this is actually an old tactic. Which is why I still don't use a modern GUI to read my mail.

Re:New Tactic

[WoodstockJeff]

Get a better email program... The Bat! can be configured to open HTML messages as straight text, which will avoid loading all the garbage. Great even for those "friends" who forward the latest HTML joke page they found...

Re:Big f-pee

This is not the behavior I would expect from a Functional Obedient Replicant. Had your fill of Online Xenocide?

Another idea

[dacarr]

What surprises me is that they didn't test any fandom newsgroups - you know, rec.arts.anime.* or anything with "furry" in the name. I'm curious as to how much spam that would have generated.

Spammers can contribute

[demo9orgon]

Spammers aren't a complete waste of skin. I know this is hard to believe.

We just need to remember that when we strap their heads into the kill-device, that the bolt-gun sends the bolt crashing through their head, pulping their brains. After all, this does destroy the one rotten organ in their body, leaving the rest of the body harvest-worthy. This is much more humane that what they have planned for us, because unlike our daily RTS-inducing spam-deletion cycles and the stress of having to deal with bandwidth fees and inappropriate porn content we're just going to shoot them in the head _once_.

And think of how they could give back to the non-spamming populace; retinas, eyes, livers, heart/lung, and kidney transplants.

OTOH...treating them like war criminals wouldn't be a bad thing either. It's just the whole "normal" execution thing is such a waste.

Re:Spammers can contribute

[Steve+B]

Spammers aren't a complete waste of skin. I know this is hard to believe. We just need to remember that when we strap their heads into the kill-device, that the bolt-gun sends the bolt crashing through their head, pulping their brains.

You'd need a precision aiming system.

Another question

[Tikiman]

I wonder what happens if you follow all "unsubscribe" or "remove" instructions that are attched to some spam. People say you shouldn't do it because it lets spammers know that the advertisement is getting noticed, and thus they will hit you even more. However, this seems like speculation to me. Hard evidence that this is the case would be useful.

fraud

I would think that falsifying your email address to avoid blacklisting would be considered fraud. I would also think that you could argue that using someone else's email server to relay your spam would be a violation of private property laws. Of course if your email server requires authentication, even clear text authentication, I would think that logging in as a user who you are not would definately be fraud.

NR

to counter that New Tactic

[clarkie.mg]

Wether the image is one pixel or larger, to avoid that, never enable html while reading mail or read your email offline or read your email in html but whithout downloading anything.

spam from slashdot

[sirinek]

I am one of those people who has all mail for a domain delivered to him.

slashdot's fucking worthless email munger changed my email to username-COLA@domain.com

Real fucking smart. Bastards.

So I turned it off completely.

proof that US economy is in the dumper

[witts]

I read the report and was immediately struck by the fact that email addresses posted to us.jobs newsgroup received ZERO spam. Don't try this in alt.sex.erotica, however, as that newsgroup received the most spam. Further proof that pr0n really is the driving force behind the internet... p.s. now you know where to post email addresses of thy enemies

Another harvesting idea?

[dacarr]

PGP keyservers. Those who use PGP or GPG will understand.

Re:Another harvesting idea?

[WhiteDragon]

I thought so too, but for whatever reason, I don't think I have ever received much, if any spam from the address on my keys. Also I have certainly never received a single spam that was OpenPGP signed. I was thinking about requiring all incoming messages to be pgp signed, or else they get smtp bounced. I could include a link to hushmail or a faq about OpenPGP... What do you all think?

Heh.

[autopr0n]

Well, you know you can turn off sigs if you want. But it's not like I'm going around posting nothing but advertizing. Seeing a few ads attached to content isn't so bad (IMO). And after all, why should VASoftare get all the advertizing revinue from my comments?

Re:Heh.

[e2d2]

I was just kidding, I don't mind what you post in your sig ;-) Just thought I'd poke and prod a little bit.

oops.

[fanatic]

yet another sleazy spammer

Redundant.

HTML copy of the report now available

[mclarkcdt]

I have posted an HTML version of the report at http://www.cdt.org/speech/spam/030319spamreport.sh tml . Thanks for your interesting comments, I am collecting them for ideas for future research projects. Mike

Forget the spammers..

Spammers are just leeches attached to the internet. These low-lifes will always exsist, regarless of what you do.

Why cant I go directly for the jugular? Why isnt there legislation that would let me sue 'free-teen-sex.com' or whatever for sending me unsolicited and extremely ofensive material? Or 'xyz.com' for stealing my bandwidth for rubbish and unwanted promotions? Etc, etc...

Yes, Gore took credit for the Internet

"What he said was this: During my service in the United States Congress, I took the initiative in creating the Internet

In this context, the meaning of create is the same as the meaning of invent. He took credit for something he didn't make.

"His wording could have been better, but he was not trying to take credit for actually creating the Internet"

Yes, he was. The meaning of "I took the initiative in creating the Internet" is awfully hard to spin. He is claiming to create it in his sentence, so of course he is trying to take credit for creating it.

What this amounts to is a simple matter of:

Person A: "I did Action A"
Person B: "Person A did not credit for Action A"

"For more on this, see snopes.com's writeup [snopes.com]."

Snopes is not a good source on this one, it is too much like spin since it leaves out many facts (the most important of which being that Gore claimed he created the Internet, and that the Internet was around before he got involved.)

The Snopes thing attempts to get around the facts by padding their claim with lots of information about how Gore helped the Internet long after it was created.... which has nothing to do with his claim that he did create it.

Look beyond Snopes, look beyond the spin. Look at the actual dates of creation of the Internet, naming of the Internet, Gore's appearance in Congress, and Gore's involvement with the Internet.

Here is an excellent example of Snope's spin: "he was responsible for helping to create the environment (in an economic and legislative sense) that fostered the development of the Internet". This is their translaction of "I took the initiative in creating the Internet".

More spin from them "Any statement about the "creation" or "beginning" of the Internet is difficult to evaluate". The fact is that the exact years of the invention/creation of the Internet are known, as is the year that ARPAnet was named "Internet". Such statements are very easy to evaluate!

The Snopes article is also self-contradicting: it's tone is "he did not say it and it is true anyway", but it also includes the Vint Cerf quote that states that Gore did not create it and his statement cannot be validated.

They are clearly distorting things to make Gore look better. I have no idea why, as it is not democrats.org

The reason this comes up again and again is the people like you who go into bizarre lingustic somersaults rather than admit the man made a false statement.

----------------
I took the iniative in creating this Slashdot message, by the way.

Re:the two things I've seen increase spam for me..

[KjetilK]

I sure wish I could remember which e-card website she used.

123greetings.com? They spammed me massively, and I wouldn't be surprised if they sold the address too... :-(

Unfortunately, one of my female friends sent me a card to my new address. Haven't got spam from 123greetings.com itself to that address, but I can't trace it if they sold it.

Not stressful at all...

[gillbates]

I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies.

Oh, say, no more stressful than pulling the trigger on a high powered rifle...

Some people just don't get it. Spam is an invasion of a personal space - it's the intrusion into our personal lives by a stranger that we resent, not the fact that we have to hit the delete key.

Quite frankly, I'm surprised that these guys are still alive. Spam is something that really angers people, and I can imagine someone unfamiliar with the 'net getting scammed and taking a high powered rifle to some spammer's house. Not everyone believes in the sanctity of life, you know, and if you blanket email the U.S., you're bound to put spam in the inboxes of criminals... But hey, the risk is up to you.

Fax number (possibly outdated)

Fax +1 937 275 3741 per http://gerald-dietze.de/spammer/spam.html http://www.openldap.org/lists/ietf-ldapext/ 200203/msg00088.html

Opt-out solution sounds good...

[marhar]

It sounds as if it would be easier to pass, and the spam filters will probably add the feature "auto-reply to opt-out messages" very quickly.

Can you believe this?

[megazoid81]

Just look at a spam I got today:

--- BEGIN QUOTE ---

A friend and I had an idea one night that the best way to seek revenge on someone is to post their personal information on the internet, for everyone in the world to see, and let everyone seek revenge on that person for us. Thus, The Dox Depot was created. If you want to get revenge on someone and ruin their life, post their personal information on our page. Put their phone number so they get thousands of calls. Click here to get revenge

http://www.doxdepot.com/

To be removed from our mailing list please send an email to us admin@doxdepot.com

--- END QUOTE ---

Doesn't mention

[Ace905]

This report is great, but it doesn't mention email authentication systems like spam interceptor. It's an absolute shame that the media overlooks this new technology consistantly. I know a lot of SI users have even tried getting stories posted on slashdot but it doesn't happen because it's not an open source project. Yet microsoft gets a lot of press attention everywhere and they suck. I guess you have to be extremely good or extremely bad to get noticed.

The pdf is also mirrored at si20, you can get it from the home page on bottom right.

Great article but one fundamental oops

[forged]

The article was a great informative piece, and their conclusion was interesting:

• Conclusions
  1. E-mail addresses harvested from the public Web are frequently used by spammers. By an overwhelming margin, the greatest amount of spam we received was to addresses posted on the public Web.

They have forgotten to mention the very mailto: tag in their research. IMHO this might have been a crucial factor to their research.

Although on the majority of web pages you have the mailto: link to be the same as your email address (duh), for research purpose it would have been interesting to separate the visible email address and the one in the mailto: tag. I am confident that whatever is in the mailto: link is what attracts spiders, and the email address displayed on the page gets less.

Can someone with knowlege of harvesting get back to us and tell me if this assumption is correct ? Better yet, does someone has any data ?

My experince is very different

[q2k]

I ask because my experience directly contradicts the study. I have had the same Yahoo address on my web site since 1998. The Yahoo account was created specifically for use on the web site. The address is a simple mailto link - I'm doing nothing to hide the address. That account gets 4 or 5 spams a day. Another address I used only for Internet.com / ZDnet newsletters is overrun with spam, 50+ daily.

Re:My experince is very different

I have had the same Yahoo address on my web site since 1998. The address is a simple mailto link - I'm doing nothing to hide the address. That account gets 4 or 5 spams a day.

Have you considered that your website is just not very popular with spammers? :o)

Make spam work against itself

[zornorph]

Tired of your legislators not doing anything about spam? Then perhaps they need to see just how much fun it is... send an email with their return address to several of those "remove me from your mailing list" links, and see how long till they come around. Of course, you should only do this where it is legal to do so, but I'm sure if you repeat this many times over, that should change soon enough :)

How to detect HTML mail in Mail.app via Rules

[valkraider]

This article tells you how to set up a rule that will detect HTML mail in Mail.app:

Add an HTML filter to catch more spam in Mail.app

It works great!

I don't receive spam!

This is really just a test to see how long it will take.

ghislain.leblanc@videotron.ca

Re:I don't receive spam!

[BobWeiner]

Nice try. You're probably trying to get everyone to spam the person who's email address you've given. Why hide behind "Anonymous Coward" if that's not your intent?

Re:I don't receive spam!

[SpamAttractor]

I set up an account to test an SBL, so I posted on usenet asking the best way to attract spam.
They sent me here :)
billy@testmail.wtsn.net

sounds neat but,

[Erris]

what happens when Yahoo decides that mydomain.com is a spam domain and sends a bounce message for each of your spliners? The only solution is what yahoo is supposed to stand for, "You Always Have Other Options". So, if Yahoo is obnoxing you it's time to learn not to do anything with yahoo and tell your friends.

Re:sounds neat but,

[dissy]

> what happens when Yahoo decides that mydomain.com is a spam domain and sends a
> bounce message for each of your spliners?

Those bounces will be forwarded back to them, so whatever floats the spammers boat, they can have fun with it.

> The only solution is what yahoo is supposed to stand for,
> "You Always Have Other Options".

Well, as i said i was just using Yahoo as an example.
try a s/yahoo.com/fly-by-night-computer-parts.com/

Hell, even slashdot has a customized address.
I dont exclude anyone, but i have very few 'fucked-via-bounces' forwards setup.

> So, if Yahoo is obnoxing you it's time to learn not to do
> anything with yahoo and tell your friends.

Well, thats great and all.. But by the time you know not to do business with whoever (by getting spammed on the address you gave the company) chances are your business transaction is done and overwith.

Its sorta like saying "I posted to usenet and started getting spammed cuz of it. Well, im not ever going to post to usenet again, that'll show em!"
I mean thats your choice and all, but it wont help one bit about the spam your getting now and will continue to get in the future.

For a real world example, yahoo actually listens to spam complaints, and atleast claims to take action, so i would never do this to yahoo.

However for a trip i took, i made email accounts for Orbitz.com and delta.com, both of which got heavily spammed while i was on vacation.
I've sent emails to both complaining, and only delta responded, and even then only to remove me from their list.

I told them i fully expected to be removed from all of their partners lists, and i will put no more effort into it than i did to get subscribed.
They actually had the nerve to reply to me and say i should be thankful im getting offers from them.
Orbitz never replied.

Both are now having their spam sent back to them.

zones.com is an online store i made one purchase from (I believe it was a pricewatch reference), and the address i made for them got heavily spammed.
They tried to claim they dont sell email addresses, so i simply explained how my setup works, and that anything sent to that address must have come from them, as noone else would ever have that email address to send to.
They finally admitted to sharing my email address but said there was nothing they could do, and told me to use some webform that wasnt functioning to remove me from their own internal list.
using the webform did not work, further emails simply resulted in them telling me to use the webform (even after i stated that wasnt working, i would have thought it was a template reply if they wernt worded so different)
Anyways, they clearly have no desire to remove me from any spam lists and think its fine. They are also liars. They can eat their own spam now.

zones.com was the first place that actually started spamming me on an address i made up (i was doing it for maybe a year before that) and this started over a year ago. Their outright lying and lack of care for a customer pushed me to do this.
They dont care about my inbox, why should i care about theirs?

The nice part is the only spam they ever get from my server is what they send to the address noone but they have for me.
zones.com only gets zones.com spam... orbitz only gets orbitz spam.

If they dont want to get spammed, they should take me off their spam lists, and all will once again be well.

removal to GD court - standard bluff

[horseshoe]

When I sued my former landlord a few months ago, the only reply I got from her lawyer was a form type letter threatening removal to general district court. It seems to me that this is the first thing lawyers do when contending with laymen. I did not reply. Two days before the court date the lawyer called me and we settled out of court. While talking to him I was given the distinct impression that they cannot interfere with the small claims case (indeed, in VA they cannot even enter the court), but of course can counter sue in general district court. Go for a settlement.

Tresspass to Chattles

[queenb**ch]

For those of you who are not familiar with this, it's how Ebay forced some bid watching web sites to quit their constant scanning of the ebay site. It's worked in other places. I'm suggesting that we band together and file class action law suits against them and shut them all down. I have had excellent success with sending out a "Cease and Desist" notice that my lawyer drafted. My spam complaints is very thorough, and include the open relays (if any) and all of their upsteam ISP as well as the spammer's site and all of his upstream ISP's as well. This has worked well even for overseas spammers because sooner or later, the ISP is stateside.

Over & Out,

Queen B

Posting e-mail addresses on websites is easy...

[Shamashmuddamiq]

...just put it in an image instead of plain text. It'll be awhile before it's reasonable to OCR *every* image in order to scan for possible e-mail addresses...

My experience - harvesters are smarter!

[WoodstockJeff]

Having read the article, I find it amazing that CDT never received any spam to an encoded-on-webpage address; we routinely encode addresses, even have a PHP function embedded in our base code to handle it. And we also receive several spams per month to our "encoded test address".

At least some harversters decode the page before searching it for addresses, and several advertise the ability to get through the "bob at domain dot com" subterfuge.

But, we also have several domains that have no mail address set up, except those required by RFC. They routinely get spammed, even when no email address was used in creating the domain.

Lots of good advice, though!

Death of SMTP

[jbolden]

I think its almost over for the DMA. A huge number of technical people are upset about spam. Its consumming roughly 50% of corporate networks. If spam isn't legistlated soon I think there will be a move away from SMTP to another mail protocol. Its pretty easy to end the ability to send mail anonymous. Once the "sent by" address is always correct I think its over for the spammers.

We are probably in the last 2 years of spam.

Re:Death of SMTP

[t0ny]

While I do think legislation is definitely in the future, and yes, there definitely should be a move to something more secure than SMTP, I think it will take much longer than 2 years (unfortunately).

If you want two examples off the top of my head, look at SNMP (v3?) and IPv6. Both have been around for a long time (in some form), but nobody is really looking at it, implimenting it, or preparing for it.

Its generally the same story; people will not do things til there is an outside proposed deadline. HDTV was around forever, but is finally getting a big push because the FCC deadline is looming.

Re:Death of SMTP

[jbolden]

Well the last few years were bad for tech spending and companies have been shying away from any kind of major overhauls. Look how fast web standards were adobpted though during the golden years. Something like 5 years from drawing board to first mainstream users, not bad at all.

In the case of email the "outside deadline" in this case is the exponential growth of spam and possibility that they stop being able to handle their current email loads without making some changes.

Re:Death of SMTP

[t0ny]

Even technical necessity isnt always the best thing to push companies into adoption. Just because you and I know that we need to replace SMTP, the guy in accounting is just looking at the figures and going "UGH!", and thinking that email seems to be working fine to him. So he figures it will be a bit cheaper to just get some spam filtering softare.

One thing that amazes me is how people get fixated on their one-time costs (like upgrades), but neglect their recurring costs (like bandwidth or support).

About the only thing that will do here is having a date set at which everyone will be required to convert. Its not the best example, but lets say that after May 2004 you cant use SMTP email anymore- that is the kind of thing people need for compliance.

But I would imagine that anything replacing SMTP will need to be compatible for quite some time. Anything else is as monumental a task as asking everyone in America to stop speaking English. Oh man, it hurts just thinking about how much work this will probably be =)

Re:Death of SMTP

[jbolden]

Well a mandate would be perfect. But the anti-regulation spirit in America has gone pretty far. I can't see a simple mandate being issued, much as it would make the whole thing so easy.

BTW I don't actually think it would be that hard given a mandate.

a) Very few computers actually use email only the desktops, and the large scale servers. So for example roughly 0% of embedded systems would be effected.

b1) Upgrading high end commercial email clients to include another protocol is pretty easy. For example SMS for Windows based machines

b2) Replacing or upgradign the small business clients is pretty easy.

-- so I don't think clients would be that difficult to handle. Say much worse than implementing a Microsoft service pack.

c) On the automated level most calls to mail are pretty high level. So in Unix you often have the report being generated then sendmail -t or mailx being invoked. So those won't present a problem

d) Most components of a mail server are also abstracted and would do OK with non SMTP based mail

So I don't actually think it would be hard to do

Re:Death of SMTP

[t0ny]

oh i agree, its not hard technically, but actually getting people to do it is what I think will be hard. In Exchange 5.5, all you would need is another version of the Internet Mail Connector (IMC), which is the SMTP service. You can (and do, in a multi-site environment) run multiple connectors over the same lines.

The Sendmail I dont know about, but dont imagine it would be any more difficult. However, these things need to be planned, tested, etc. You cant bring down a server which sends out at least 500 mails per hour unless you know it will still work when it comes back up.

Logic-Police friendly warning.

Logical Error.

"A" has been defined as a Person.
"A" has been defined as an Action

Please refrain to use twice the same letter in the same example. This post is going to create Chaos and Confusion.

Are you sure you don't want to preview again? (y/n)_

Not with Mozilla

[aaandre]

In version 1.3:
Edit > Preferences > Privacy&Security > Images: Do not load remote images in Mail & Newsgroup messages (check!)

also, in Preferences >Advanced > Scripts & Plug Ins: Enable Javascript for News & Newsgroups (uncheck!)

This, along with whitelisting sites with popup windows and Bayesian email filtering should make your life easier.

Cheers
-- Andre

oh no!

[Erris]

> what happens when Yahoo decides that mydomain.com is a spam domain and sends a > bounce message for each of your spliners?

Those bounces will be forwarded back to them, so whatever floats the spammers boat, they can have fun with it.

I detect recursion of a sort that might quicly eat all of your bandwith.

Re:oh no!

[42forty-two42]

Aliases don't rewrite Return-Path, From, or Reply-To headers - it goes directly to the sender. Which is usually forged.

Now this is getting dangerous.

This was fun and good for the SpamKing...
But we gotta be careful with that.

Let's do a test in (insert famous online magazine), and post the link to /.

Let's see.. jonkat's jokes have made a comeback, no?

"Hi, My name is Jon Katz. I'm a spammer. I used to be a regular at (name board X where I posted kat's address a few months back) and I'm happily sending 200 billion messages per month, all from the server room of my mansion in (insert state to confirm address found above) where I also test various products on cute furry animals with big sad eyes. (throw one or two insults), I sell drugs in kindergarden, etc.."

And there you go. Just made someone's life very miserable.

Of course, in this case, there is proof.
Thing is, there's always proof.

It could be ANOTHER Charles F. Childs.. but I guess it's too late to check.

CDT?

Shouldn't it be the CDC, not CDT?

Opting Out Worked!

[terrent]

Ok. I may not have beleived this myself...
BUT! Just before resorting to a filter, I went ahead and tried the 'opt out' link at the bottom of a spam message that was part of a 4-5 message a day flood from a service calling itself "Opt-In" email service. After a couple of days, I never heard from them again.
Funny thing is, tho: the very next day, a new flood began from a company calling itself "YourMailServer"...
CONSPIRACY?!

Summary of the PDF for the lazy :

3.E-mail addresses harvested from the public Web appear to have a
relatively short "shelf life." When e-mail addresses we posted on the public
Web were removed, there was a pronounced drop in the amount of spam they
received each day. The change was not absolute -- on a given day, an address
might receive a few spam messages even months after it had been removed
from the public Web. But such spam was on the order of 2 or 3 messages per
day, compared to the thirty or more messages received by addresses still on the
public Web.

That right there, folks, is the nugget of wisdom inside this report. Take note.

Perl program to hide your email address

#!/usr/bin/perl -w
use strict 'vars';
use vars qw( $addr $flag $count );

print "Please enter your email addr: ";
$addr=<>;
chomp $addr;
print "\n\nMy email addr is : \n\n";
$flag=0; $count=0;
foreach (split(//,$addr))
{ $count++;
print "," if $flag;
print "\n" if $count % 10 == 0;
print ord($_);
$flag=1;
}
print "\n\n";
print <<EOT;
Decimal - Character

| 0 NUL| 1 SOH| 2 STX| 3 ETX| 4 EOT| 5 ENQ| 6 ACK| 7 BEL|
| 8 BS | 9 HT | 10 NL | 11 VT | 12 NP | 13 CR | 14 SO | 15 SI |
| 16 DLE| 17 DC1| 18 DC2| 19 DC3| 20 DC4| 21 NAK| 22 SYN| 23 ETB|
| 24 CAN| 25 EM | 26 SUB| 27 ESC| 28 FS | 29 GS | 30 RS | 31 US |
| 32 SP | 33 ! | 34 " | 35 # | 36 $ | 37 % | 38 & | 39 ' |
| 40 ( | 41 ) | 42 * | 43 + | 44 , | 45 - | 46 . | 47 / |
| 48 0 | 49 1 | 50 2 | 51 3 | 52 4 | 53 5 | 54 6 | 55 7 |
| 56 8 | 57 9 | 58 : | 59 ; | 60 < | 61 = | 62 > | 63 ? |
| 64 @ | 65 A | 66 B | 67 C | 68 D | 69 E | 70 F | 71 G |
| 72 H | 73 I | 74 J | 75 K | 76 L | 77 M | 78 N | 79 O |
| 80 P | 81 Q | 82 R | 83 S | 84 T | 85 U | 86 V | 87 W |
| 88 X | 89 Y | 90 Z | 91 [ | 92 \\ | 93 ] | 94 ^ | 95 _ |
| 96 ` | 97 a | 98 b | 99 c |100 d |101 e |102 f |103 g |
|104 h |105 i |106 j |107 k |108 l |109 m |110 n |111 o |
|112 p |113 q |114 r |115 s |116 t |117 u |118 v |119 w |
|120 x |121 y |122 z |123 { |124 | |125 } |126 ~ |127 DEL|
EOT

"I can give as good as I get."

In December of last year, Ralsky told the paper that anti-spammers had been flooding his postal mail with coupons, brochures and ads. Others have left threatening voice mails, he said, and one person left a plastic bag of excrement on his front doorstep.

None of this puts a chill into Childs, who said he has nothing to fear from anti-spammers. "I don't ask for understanding from anybody. I follow the law." And as for angry e-mails and junk mail, he said, "I can give as good as I get."

It might be difficult to find out where he lives unless you knew that deeds are part of the Public Record. And if this is not his primary residence and he is actually living in an apartment at nearby Riverside Drive as the article states then I wonder if he is writing the mortgage interest from this home off on his taxes. Remember that it was the IRS that got Al Capone. Are there any IRS/CPA geeks reading Slashdot?

Re:"I can give as good as I get."

And search these fun links too:
http://www.mcrecorder.org/
http://www.mcboe.org/
http://www.clerk.co.montgomery.oh.us

Using our powers for good instead of stupid.

[poorhaus]

I'm sure this has been suggested before, but why don't we utilize the dread Slashdot Effect for good? We could have a "Spammer of the Day" feature where a link pulled from a random (or not-so-random) spam message gets posted to the front page. The only way to actually stop spam is to remove the financial incentive to send it in the first place. If enough of the 0.01% of users who actually click those links can't buy the product because the commerce server in question is being gang-banged by a zillion /. users, then perhaps that would at least discourage some of the more faint-of-heart spammers. We could rank spammers by the moral bankruptcy of their tactics, so that spammers who use unsubscribe requests as address confirmation, subject-line obfuscation, and other sneaky/deceptive tricks would get reamed more often than the lesser evils. Higher-volume spammers should get hit more, too. The smarter rodents might start blocking requests by referrer, but there *has* to be a way around that, maybe a mailto: link with the spammer link pre-coded into it. You want traffic? You got it!

There should also be fines for unsecured mail relays, imposed if not by the government, then by the ISPs, who have a vested financial interest in the non-wasting of their bandwidth.

Re:Using our powers for good instead of stupid.

stick it in an iframe on the front page...

why HTML Mail should be banned

[DuckWing]

email is not meant to be in HTML form. It's text and should always be text and never allow HTML Mail at all. Man I love mutt!! Many email programs (Entourage on the Mac, Ximian Evolution and I THINK MS Outhouse) have options to not d/l images from the net so this is easily defeated.

Letter?

[4mn0t1337]

have had excellent success with sending out a "Cease and Desist" notice that my lawyer drafted.

You wanna maybe post the contents of said letter? Spread the love.
Or, spread the SPAM hate?

Another filter term

[4mn0t1337]

I use to have about 30 filters of words like CUM, xxx, free, adv:, ... in my subject filter.

Once of the best ones I have found is a series of spaces. Spammers will have a subject header like:

Buy my stuff %20 %20 %20 %20 %20 %20 %20 HXDHEWSEW

with a bunch of spaces (due to lamenss filter = %20) to separate the contents of the subject line from the random characters that are used to avoid some filters. If they stick in enough spaces, it usually will push the junk random characters out of the viewer's sight in order to disguise the Spam a bit.

Only accurate in the short-term

[WoodstockJeff]

The conclusion that email addresses removed from web pages aren't as likely to get spammed is only accurate for short periods of time. Like, as long as it takes the harvester to publish the latest "32 million fresh email addresses" CDROM!

We have email addresses that have not been valid since before web pages were popular... last used in May 1995, to be exact, when we shut down our internet-connected BBS system. Addresses like "ftpmail" (remember having to do that?) were discontinued in 1993. And yet, they would be getting spam every day, if our filters weren't keyed to block it.

Within the next month or so, I believe CDT will find the spread between active web addresses and ones they've removed will flatten out. Those old BBS addresses get more mail each day than I do!

Are longtime Net people just screwed?

[Brian+Kendig]

Here's a question. The report says:

E-mail addresses harvested from the public Web appear to have a relatively short "shelf life." When e-mail addresses we posted on the public Web were removed, there was a pronounced drop in the amount of spam they received each day. The change was not absolute -- on a given day, an address might receive a few spam messages even months after it had been removed from the public Web. But such spam was on the order of 2 or 3 messages per day, compared to the thirty or more messages received by addresses still on the public Web.

Is this just referring to recently-posted email addresses which don't exist on the web for more than a couple of weeks? Do the address harveters focus their attention on web sites which change often?

Or are those of us who have been on the Internet for many years and have our email addresses all over the place just screwed, even if our addresses aren't appearing in any new places?

My email address shows up most frequently in discussions on web sites, and on Google's newsgroup archive. I don't want to have to go asking them to delete all of my old news postings...

disappointed

[iocc]

"In December of last year, Ralsky told the paper that anti-spammers had been flooding his postal mail with coupons, brochures and ads. Others have left threatening voice mails, he said, and one person left a plastic bag of excrement on his front doorstep."

Im disappointed on USA, I had hoped that he was shoot by now.

Spam is a low-tech virus

[objekt]

And spammers should be treated no less harshly than any other virus creator.

Semi-tangent

[Omestes]

While not really spam, telemarketers are much worse in my opinion. I check my email maybe 3 times a day, but answer my damn phone anytime it rings. With email I can just click the handy del key, but with the phone I have to amble over to it, pick it up, and listen to it for a few moments. Spam is imediatly identifiable, a telephone marketer is not.

Bringing me to my question: If we are always so gung-ho about spamming the spammers, and go and find their addies, why don't we do the same for telephone people?

Lately I have been harrased by this one company that call roughly 3 times a day (always at 3:30ish, and 9:30ish, and sometimes at 9am), they have a timed message (the recording waits for answering machine pickup), and it is always the same. "We have been trying to reach you with an important..."

The rub is, they don't give a phone number until the last minute of the message, and that phone number isn't real. It is an 866 number that hasn't been connected yet. Never in the message do they say who they are, or what they want.

Any advice on tracking these bastages down?

Need conversion?

http://www.menendez.com/convert.cfm

Last Post!

[alpg]

A master was explaining the nature of Tao to one of his novices.
"The Tao is embodied in all software -- regardless of how insignificant,"
said the master.
"Is Tao in a hand-held calculator?" asked the novice.
"It is," came the reply.
"Is the Tao in a video game?" continued the novice.
"It is even in a video game," said the master.
"And is the Tao in the DOS for a personal computer?"
The master coughed and shifted his position slightly. "The lesson
is over for today," he said.
-- Geoffrey James, "The Tao of Programming"

- this post brought to you by the Automated Last Post Generator...