Slashdot Mirror

← Back to Stories (view on slashdot.org)

CDT Releases New Report on Origins of Spam

Posted by michael on from the plumbing-the-depths dept.

Carnth writes "CDT has released a new report based on a six month project entitled "Why Am I Getting All This Spam?" The results offer Internet users insights about what online behavior results in the most unsolicited commercial email and also debunk some of the myths about spam." A very good report - read it. There's also a story about yet another sleazy spammer in Ohio.

14 of 346 comments (clear)

  1. Spamburgers for Hotmail by Kelz · · Score: 5, Interesting

    I'm still wondering why when I have my hotmail filter set to "exclusive" (only recieve from those in my address book, which contains 10 addresses), I continue to get loads of spam each day in my inbox, including some very embarassing things that would cause my mom to faint if she walked in.

  2. My spam research by sigxcpu · · Score: 5, Interesting

    I just got a new domain.
    Which means that every email to that domain goes to me.
    Every time I give my Email online I give a diff name, for instance if I buy at yahoo I give "yahoo-shopping@mydomain.com".
    If I get spam to this address I know who gave it to the spammers.
    - only been doing this for a week, no spam so far but there is still hope ;-)

    Note: I am not actively looking to be spamed, just doing my usual stuff.

    --
    As of Postgres v6.2, time travel is no longer supported.
    1. Re:My spam research by Fluid+Truth · · Score: 5, Interesting

      That's a really common thing among my friends. Most of us use qmail, so we can receive mail to username-[anything]. Sign up for financial tracking with yahoo? Then it's username-yahoo@domain.tld Ask for info from buy.com? Use the address username-buy@domain.tld I bought stuff from x10 before they started being so darned annoying. Now, I throw away anything that comes to username-x10@domain.tld

      It helps you track spam AND get rid of annoying companies' e-mails. :-) And best of all, you don't have to get your own domain for this. You can use your existing e-mail address with just a slight tweak to your qmail configuration.

      --
      Apparently, of the rich, by the rich, for the rich.
    2. Re:My spam research by dissy · · Score: 5, Interesting

      I do the same thing with my domains, however I take it once step further.

      Once I get spam sent to one of the addresses, I change the forward so it no longer goes to me, but forwards to a number of addresses at their domain.
      For example, if i signed up at yahoo.com and they spammed me, I would change my yahoo@mydomain.com forward to send to:
      abuse@yahoo.com,staff@yahoo.com,support@yahoo .com, help@yahoo.com,postmaster@yahoo.com,webmaster@yaho o.com
      etc

      As they are all at the same domain, my mail server only sends one copy to the yahoo.com mailserver. Their server breaks it up then so I only really send one email out.

      Using procmail to do this, i usually turn on logging until it hits a certain size.
      If no real/ligit emails come to me before the log of spam reaches a couple megs, i turn off logging and leave it.

      This generates surprisingly little traffic on my mail server, and one would hope they get the point

      This way yahoo (only using as example of course) may remove me from their mailing lists, but they have to deal with the spam from all of their 'business partners' they signed me up for, and at that point i dont care if the address is removed or not :)

  3. happy 1.3 user by aoteoroa · · Score: 4, Interesting

    The promised junk mail control for Mozilla is finally here and I'm loving it. The wait was almost unbearable because all the other guys in the office have had spam filters with their OSX email client for months. I was tempted to switch. But now mail comes in and gets whisked away to the junk folder almost immediatly. It's a beautiful thing.

    1. Re:happy 1.3 user by doublem · · Score: 3, Interesting

      I know what you mean. It's been so good at work that I'm going to use it at home and migrate all my Pegasus and Outlook Express mail to Mozilla 1.3

      I did get a great laugh though. One of the sales guys wants to send out a renewal notice. I read the text and realized it was worded like a stereotypical SPAM. I raised objections, but was ignored.

      Then the Mozilla SPAM filter caught it during the test phase.

      The registration notice is now being rewritten. :)

      --
      "Live Free or Die." Don't like it? Then keep out of the USA
  4. Surprised 'bots are that stupid by great+throwdini · · Score: 4, Interesting
    Web Sites received the most e-mails when an address was placed visibly on a public Web site. Spammers use software harvesting programs such as "robots" or "spiders" to record e-mail addresses ... E-mail addresses posted to Web sites using these conventions [Replacing characters in an e-mail address with HTML equivalents.] did not receive any spam.

    The above CDT finding is mildly surprising to me. Is there a reason people haven't built 'smarter' Web scrapers that filter and convert character encodings of things like the '@' sign in email addys? Doesn't seem too difficult, but if the report is to be taken at face value, it seems a simple precaution to take (still). I had always considered it a low-tech defense easily overwhelemed. Guess I was wrong?

  5. Re:FTC links on Charles Childs by Tackhead · · Score: 5, Interesting
    > The FTC already filed a complaint [ftc.gov] and had a preliminary injunction [ftc.gov] against Childs back in April. See the press release [ftc.gov] for more information. The article mentions he lives by Riverside drive in an apartment, could be with Linda Lightfoot [superpages.com], the woman mentioned in the complaints with him?

    Rules of spam:

    0) Spam is theft.
    1) Spammers lie.
    2) If you think a spammer's telling the truth, see Rule #1.
    3) Spammers are stupid.
    Corollary: Spammer lies are really stupid.

    So when I read this:

    "To Internet users who complain that their e-mail inboxes are crammed with ads for products and services they would never purchase, Childs' response is, "Quit your whining. I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies."

    I immediately thought "This asshat wants me to Just Hit Delete. Every time I've heard that excuse, the guy saying it has been either lying (Rule #1), or stupid (Rule #3). This guy sounds like both. (Corollary). So I'll lay odds that this guy's a spammer."

    I was just about to Google for the proof, when you did all the leg-work by posting the FTC links. Thanks. J00 r0x0r!

  6. My Active Michigan Lawsuit by Slashdolt · · Score: 4, Interesting

    I don't want to get myself into any possible legal trouble, so please excuse me if I'm somewhat vague in some respects. IANAL.

    About 2 or 3 years ago, my wife visited a store in the Lansing, Michigan area and gave them my email address. From time to time, I would receive email from them. Eventually, I asked them to stop. They stopped.

    On November 21, 2002, I received an email from them asking me if I would like to begin receiving advertisements and marketing offers from them again. There was a link to click on, if I didn't want to opt-in. I clicked on that link.

    Approximately 2 months later, I received an email from them. They had an option to unsubscribe by sending an email to their unsubscribe address. It said I would be removed immediately. I even received a confirmation stating that I had unsubscribed. For the next month, I continued to get 2-3 emails from them per week. Each time, I clicked unsubscribe and was told that I had indeed been unsubscribed.

    After the 2nd email, I contacted customer service and reported the problem. No response. After the fourth time, I contacted them again, and threatened legal action, if they didn't stop. No response. I called customer service, talked to a live person, and was told that I would be removed from all their lists. But the email continued to come.

    I filed a lawsuit in Michigan small claims alleging violations of the "junk fax" law, having heard about a Michigan man who had won by doing so. 6 violations for $500 each, resulted in $3,000, the maximum allowable under Michigan Law for small claims. As evidence, I have nearly all of the advertisement emails as well as my requests to be unsubscribed, and their acknowlegements stating that I had been unsubscribed. Additionally, I have the emails I sent to customer service, which never received replies.

    About 2 weeks after filing suit, I received an email from their customer service stating that they were finally looking into the problem. I haven't received an email from them in the last 2 weeks, so I assume that I'm finally off their list, and it only cost me $36.50 ($32 small claims, $4.50 certified mail).

    However, now their attorneys have demanded that the case be removed from small claims and placed into general civil court (which is their right). Unfortunately, I plan to do just that.

    The FTC has publicly stated that not honoring removal requests is illegal. However, I'm not sure I have a private right of action in this situation. Using the Junk Fax law in general civil court is probably a bad idea, and I think I would likely have to claim actual damages in order to pursue it in general civil court.

    I don't really want to get in over my head. I'm sure they realize this, which then makes me WANT to get in over my head. However, I'm still not sure that I have a legal basis for my case. Even in a state like Washington, where anti-spam laws exist, half of the cases get dismissed by the judge.

    I called a local attorney and was told that I should dismiss, or risk being counter-sued for a frivolous lawsuit. Essentially, what they did is illegal, but there really isn't much I can do about it other than contact the FTC and the state attorney general, and if I pursue my case against them, I could wind up paying them.

    --
    Slashdolt

  7. Fix for problem number two by archos · · Score: 3, Interesting

    When i registered my domain, I gave the address archos@myprivacy.ca. Any mail sent to this address is is held while a challange is sent to the sender. The sender just has to reply to the challange email, and the original will be sent to me. Automated spammers won't reply to the challange. myprivacy.ca is a free service provided mainly for .ca domains, or for domains registered with a participating registrars.
    Does anyone know of any other services like this?

  8. My plan for spam.. by xchino · · Score: 3, Interesting

    Spam needs legitimization. Hear me out, now, before you add that -1, Troll. By legitimizing spam we put ourselves in control. We need laws on a national level defining exactly what is valid spam and what is illegal.

    We need the ISPs to work WITH the spammers ( or vice cersa). Make it trvial to filter, and only send it once. Give everybody a shared "Spam box", as place to go and see if they really need to acclerate their dialup to new levels, or a vacation, or whatever (I'm assuming 18" Penis and XXX TEEN LESBIANS will not be considered legit). We need stiff penalties to those who violate the law. We can't enforce the law in other spammer friendly countries, but we can enforce the law in our own. The company marketing should also be held responsible for violations, preventing American companies from just outsourcing their spam. Any spammer friendly ISP's either deal with their spammers or risk the entire range being blocked (voluntarily) by American ISPs. I know 99% of service providers would have no problem blocking out spammers voluntarily, especially if they are being good Americans while they are doing so. Let's not forget that as rapidly as it's changing, a majority of popular sites are American based. I know all you Norwiglians out there would probably drop your ISP if you couldn't get to slashdot just because your ISP supported spam.

    The DMA has too much money to let spam die, and apart from the slashdot crowd a majority of people don't find spam to be a big problem in their daily lives (albeit mostly thhanks to us busting ass). Some people actually enjoy getting spam. I don't understand it either, but to each his own. As an option in a recent poll said, grey areas definately exist.

    I think spam is a fact of life. Sometimes I get emails from business friends who include a small ad as their sig. We can't kill spam but we can change the face of it to be ever os less intrusive. We're going to have to compromise our "FUCK YOU AND YOUR GOD DAMN SPAM" attitudes if we plan on giving our credibility to our cause.

    We want complete restriciton, and they want no restriciton. Somewhere in the middle there's a feasible solution for both of us.

    --
    Everyone is entitled to their own opinion. It's just that yours is stupid.
  9. Re:bah by FeloniousPunk · · Score: 3, Interesting

    If you read the article, you find out the guy is a cop who got fired for selling drugs. So, I doubt he'd be much concerned with family values no matter what the circumstance.
    And let us all hope that he doesn't pollute this world with offspring.

    --
    I know this because Tyler knows this.
  10. New Tactic by thecoolestguy · · Score: 4, Interesting

    I've also noticed that lately spammers have been putting a 1 pixel wide image in the email message itself. (I.e. img src=spammers_server/pixel.gif?email=youremailaddre ss ) If the message gets opened or previewed - the pixel is pulled from the spammers server and a web log is created with your email address in it. Even viewing a potential spam email can verify your email address to the spammer as a valid account.

    --
    A man, regardless or age, is old when regrets of the past replace hopes of the future.
  11. Re:Burn in Hell, Son of Spam! by Dyolf+Knip · · Score: 4, Interesting
    Charles Childs
    8002 Bellcreek Ln
    Dayton, OH 45426
    (937) 837 - 6997

    I also tried to find a satellite image, but no luck.

    If someone can verify this info, that'd be great. This was the only one I could find.

    --
    Dyolf Knip