Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Research Six Month Report

Posted by CowboyNeal on from the porn-nigeria-and-unrequited-crushes dept.

Zoomer writes "Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as 'spam.' Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address? In the summer of 2002, CDT embarked on a project to attempt to determine the source of spam. To do so, we set up hundreds of different e-mail addresses, used them for a single purpose, and then waited six months to see what kind of mail those addresses were receiving. The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam." Update: 04/12 15:47 GMT by CN : About a minute after this went live, I found that michael posted this earlier. Mea culpa.

11 of 193 comments (clear)

  1. spam is a killer by Anonymous Coward · · Score: 4, Insightful

    you can't just put your email address on your website like you once did
    you can't add your email address to your usenet posts
    even if you email someone and they get an email virus, then you're on every spam list this side of Mars faster than you can say kazaa
    spam is harrasment, spam is bad, spam is undermining the internet. What would my mother think if she suddenly received "cum see horny l0litas" just because someone she emailed got a virus
    Legally treat spammers like vandals I say.

  2. Do as I say... by iconian · · Score: 5, Funny

    .... E-mail addresses composed of short names and initials like bob@ or tse@, or basic combinations like smithj@ or toms@ will probably receive more spam. E-mail addresses need not be incomprehensible, but a user with a common or short name may want to modify or add to it in some way in his or her e-mail address.

    For further information, please contact Ari Schwartz at the Center for Democracy & Technology, 202-637-9800, ari@cdt.org.

    Anybody see the irony in that?

  3. WHOIS by SamMichaels · · Score: 5, Interesting

    They mentioned that no spam was received from emails listed in the WHOIS database...

    I'd be interested in seeing a study for companies that harvest snail mail addresses from the database.

    I've received junk snail mail from every shady company on the face of the planet when I register a new domain or when it's up for renewal...plus I've even received phone calls (back when I used a real phone) about "we're ready to setup your web hosting and web design. Call us back immediately!" Persistant bugger, too...he kept calling back.

  4. Really good report by dtolton · · Score: 5, Interesting

    It's interesting to see those results. While I knew that spammers
    harvested e-mail addresses from Web Sites, I didn't realize the
    magnitude of it.

    of the 10,000 spam messages they received over the six month period,
    8,609 of them were from simply posting it publicly to a web site. I
    always opt out of the subscription services where I can, and most of
    the time I avoid posting any of my e-mail addresses publicly, now I
    will redouble that effort.

    They had some really useful suggestions also, my favorite was using
    multiple "disposable" e-mail addresses and forwarding them to a main
    e-mail address that you keep private. When you sign up for a site,
    create a new disposable e-mail address and use that. If you start
    getting spam from it, just shut off that disposable e-mail. That is
    incredibly good advice.

    I like the idea of disguising or masking your e-mail address,
    although I think using HTML characters or a "Human readable"
    equivalent is something that spammers will easily be able to
    circumvent if the practice becomes widespread. They don't bother now
    because not many people do it.

    What I would like to see is a standard practice of generating your
    posted e-mail address into an image. This would make it
    *significantly* more difficult to harvest e-mail addresses in mass,
    while remaining easy for a single use of sending someone an e-mail message.

    --

    Doug Tolton

    "The destruction of a value which is, will not bring value to that which isn't." -John Galt
  5. Bad Addresses by mongus · · Score: 4, Informative
    Almost all of the spam I get is to invalid addresses. I get all of the incorrectly addressed email for about 10 different domains - somewhere around 1000 messages per day. I don't know if the spammers just made up the addresses or if someone intentionally filled out forms with bogus addresses.

    I'm happy to get all of this spam because it increases the effectiveness of my anti-spam system Herbivore. Herbivore is a distributed anti-spam system. Everybody that uses it increases it's accuracy. If you're interested, any Slashdot readers can get two years for free by entering "slashdot" as the promotional code. Help us fight spam!

  6. Re:Hotmail by Servants · · Score: 5, Insightful

    No... that just means Hotmail receives a lot of spam. So many people use it that a reasonable proportion of possible usernames are taken, and that means spammers can and do use "dictionary" attacks, where they send e-mail to random usernames and then just hang onto the addresses that don't bounce.

    I believe that big providers like Hotmail and Yahoo try reasonably hard to prevent people from sending spam from their accounts, as it uses up bandwidth and creates ill will, so they do things like limit number of recipients per message, or recipients per day, that sort of thing. (Can anyone confirm that?)

    But a spammer can make their e-mails appear to come from whatever address they want, and if there's a URL in the message they don't need to worry about whether people can reply.

  7. Worth saying again. by JKConsult · · Score: 4, Informative
    It seems every article (dupe or not) on spam returns a thousand people throwing out their personal solution to fighting it. Most involve mail-server solutions, such as SpamAssassin, but I've read about MailWasher a number of times. After the last article (the original of this dupe, actually), I finally decided to try it.

    A week later, spam to my hotmail account has dropped from 30 or so a day to about 2. (Warning: Hotmail support is only provided in the pay version, but there's a 30-day trial.) Preview the spam on the server, and you're able to delete it, blacklist it, and best of all, bounce it back to the sender. In my wildest dreams, I never thought it would work so well. YMMV.

    Another kick-ass product is Spam Gourmet. Some website wants your email address? Give them (unique identifer).(some number).(your user name)@spamgourmet.com . The number is the number of emails they can send before the address is killed, and the user name is your user name at spamgourmet. Go sign up, and you never have to go back to the site again. It works.

    I'm sure many people are like me, and read these testimonials and figure that they're hype. Trust me. They're not. I wish I had done it the first time I read about them.

  8. Odd coincidence and report summary. by phillymjs · · Score: 4, Informative

    Just this past Wednesday night I discovered that I left the PDF version of this report sitting on my iBook from the last time this article was posted. Before I deleted it, I actually read the entire thing. Here's pretty much all you need to know:

    1. Don't give out your e-mail address any more freely than you have to.

    2. For the love of God, NEVER put it in unadulterated form (i.e. user@domain.com) in a Usenet posting or in a publicly-accessible HTML page-- even in the comments or other places that it won't appear on the final, rendered web page. If you do, it WILL get picked up and you WILL get an assload of spam.

    3. If you MUST provide your address on a web page or Usenet posting, slightly obfuscating it (i.e. "user at domain dot com") is, for now, 100% effective against fooling the spambots. Which frankly I find amazing, because that trick has been around for years.

    ~Philly

  9. Who wants to get rid of spam? by ZaPhOd42 · · Score: 4, Funny
    I love spam!

    Since I've had an e-mail address I've had my penis extended 6 times, my breasts enlarged 8 times, I own the worlds supply of viagra and, and I get to have hot teen sex every night with 18 year old nymphos!

    And to top it all off I've just received £3498435784354085 from Senator Hamza Kalu from Nigeria just for opening a bank account! ;)

  10. Easy by iamacat · · Score: 4, Interesting

    DMCA regulates something that is strictly my own business, like do I watch my DVD under Windows or under Linux? If you send spam, you are making it a million people's business.

    I tend to talk to people I know on the phone and just check my e-mail once per week to see if anyone sent a message about my programs. Even if you are right, I have to sit for 14 minutes doing nothing except deciding which messages with "Hi, Oleg" subject to open. And I deleted quite a few legitimate messages because I didn't recognize the address.

    By the same token, if I went to sleep at 4am I won't want to have a chat with a telemarketer at 9. So I end up turning off my phone until I wake up and possibly missing calls from friends. And I don't want my physical mailbox to overflow just because I went on a one week trip during the holiday season. But spam is definitely the worst.

    Communication between people is good. I should be able to publish my postal address, my phone number and by e-mail on the web and invite people to contact me if they looked at my stuff and want to chat. Remember when shareware came with a README file with all kind of contact information to send $15? I actually got a few nice snail mail letters with checks.

    Spam has destroyed our ability for this kind of casual communication. People sending it or selling the products advertized make very little money compared to the value of our time or forced changes in our behaviour. It's time to stop them using technological, political or cultural methods, whatever works best.

  11. Re:What I want to know.... by McDutchie · · Score: 5, Informative
    .... is the profile of the average spammer. Most of my spam is poorly spelled and frequently points to sites that don't have anything to sell. My suspicion, and I have no way of verifying it, is that most of these messages are sent by people who get suckered into a "Make Money From Home!" offer, send a few messages to a giant list of addresses, and then give up when they're not living in MC Hammer's mansion by the end of the week. Does anyone know who the average spammer is?

    At Spamhaus they know. Not only does Spamhaus run the SBL, the most widely used blocklist of spam sources in existence, they also run ROKSO, the block-on-sight public database of notorious spam gangs. This database is used by many ISPs for background checks when signing up clients. It's also used by the FTC and state Attorney General offices.

    According to Steve Linford, head of the Spamhaus team, 90% of the spam originating from America is sent by some 150 top spammers. If these were eliminated, our spam problem would virtually vanish overnight. This seems to contradict your suspicion that most spam is sent by suckers. In reality it's a small number of committed criminals that send most of it, and you can see all the publically available data on them at ROKSO. Go check it out - very educational indeed. So are many of Steve Linford's postings in news.admin.net-abuse.e-mail.