Slashdot Mirror
A Timeline Of Spam And Antispam
Haak writes "American Scientist has a fine article by Brian Hayes summing up the history of spam and proposed measures to deal with it." A shorter article along the same lines is running at The Economist.
← Back to Stories (view on slashdot.org)
is to delete it from your fucking mailbox.
Spam, on the otherhand, is stoppable.
/. postings about spam recently... too much!
But, so many
The article sums it up well, but is this something that is going to ever stop? SPAM to me seems like another one of those things in life like drug dealing for instance. Whatever tactice we take to stop or outlaw it, people are always going to find a way around it. The stronger we make our SPAM filters, the more normal desired mail that is going to get blocked. DOn't get me wrong, I hate Spammers, but I dont see how any of these solutions are going to work. Thats my opinion at least, but as the article says, I suppose suing spammers might have a good effect.
Brightmail reports that 90 percent of all spam messages are now unique
Those messages can't be singularly classified as 'spam', and simultaneously defined as 'unique'.
Try again, using a reference such as 'variants'....better yet, don't, thanks.
At least it wasn't goatse
I feel that SPAM should be considered like Telemarketing. And I think we should be able to opt out without notifying someone that our email address is life and getting filled. Interesting Article..I knew about the Green Card lottery, but I didnt know about DEC sending emails to people.
---
That's the guy that had the debate at MIT with a bunch of students and professors. None of them could defeat him in debate, the story goes, and nobody got the 10000.
To tell you the truth, I don't completely understand the guy, but what I do understand makes sense.
We Present the world's first Make Money Fast Spam
I'm not Seth.
Beef, the anti-spam.
"Derp de derp."
Is this trolling? No.
Is this insightful? Yes. Because time is unstoppable, abd fighting against it is futile.
It IS better acting within it, realising our place in the universe. I guess only Star Trek freaks will mod this as troll as it shatters their dreams.
I'm gonna need all that money from Nigeria to afford the necessary penis enlargement and credit rating accentuation!
Examined from the inside, the world of spam has created its own perverse little self-sustaining ecosystem.
Are you by chance religious? I ask because the phrase 'our place in the universe' smacks of religion. We are the lords of our universe, if we choose to be and develop our minds sufficiently. Not everybody shares your parochial and limited outlook on the place of humans in the universe.
Today's Aardvark Daily shows exactly why spam is the problem it is -- there are too many stupid people out there who believe they can get something for nothing.
Check out just how lame the spammer in question is and how, in his world, the word "free" has a whole different meaning to the one most people have.
Despite his blatant misrepresentations and the fact that he's promoting his scam via spam, this guy has got people queuing up to hand over their "stupidity tax".
What's worse though is that the spammer is so lame he's effectively exposing the credit card details of *all* those who sign up. You even get to look inside his two email accounts because he doesn't have a clue about choosing sensible passwords.
We're quick to blame spammers for the problem but maybe the truth is that the tide of spam is driven more by the stupid and greedy people who respond to these "too good to be true" emails.
I guess you have to be familiar with the works of both Leon Trotsky and Run DMC to get a chuckle out of that. Oh well. Heh.
*scotty voice*
Captain, the spam/antispam reactor is gon ta blow!! I cant give ya any more porno!
Repeal the DMCA!
The beginning of spam:
Moses brought down the ten commandments.
Result:
Related spam has grown exponentially into dozens of religions.
Subject pretty much says it all.
I don't see how to create anti-spam without some form of identification, simply because without an ID, anyone could use a mail type system to send junk messages to people and not get caught - because there's no ID, of course!
stuff |
Not that we should not pursue anti-spam countermeasures but spam will never clearly fully go away. Its like warez, its like mp3's, its like drugs, its like this, that and everything. You can try but you'll never really get a hold on it. Minimise it as much and as conveniently as you can, but as soon as you start spending ages trying to outlaw it you will find you've wasted more time than it would have taken to delete the spam and move on with your life.
Anti-spam activists go to a lot of trouble to help locate and identify people and groups responsible for flooding the net with spam (or who provide spamware to misinformed laypeople). These same good-doers are often sought out by spammers, sued by groups of them, have their privacy invaded (release of home phone, address) in effort to scare them into shutting up.
I am not kidding here. Take a look at some of the projects that scare the hell out of professional spammers:
spamhaus keeps an exhaustive list of major spam operations.
SPEWS lists areas of the Internet that have frequently be used for spamming, including detailed evidence files and histories of ISPs that turn a blind eye to spam.
Spamware vendor list has a listing of sites that sell spamming software -- without which we would have little or no spam.
fuckin moderators. modding shit up without even looking at the link. this fucking site has gone to shit.
it will probably be closed in 6 months along with the rest of the money losing osdn. Our Sinkhole of Dollars Network.
I remember when this site was good. It's fucking turned to shit cuz the guys that started it don't give a rat's ass anymore since they cashed out long ago.
About 7 years back, when the WWW was still cutting its teeth, I had an epiphene; The best thing about the internet, is now everyone can use it. The worst thing about the internet, is now EVERYONE can use it.
Simply put, we should require some form of an operators' license to own or operate a computer. Despite there being radical differences between the types of machinery, an adequate comparison would be to either automobiles or firearms licensing legislation.
Before anyone makes the claim that this is not an adequate comparison, if could be eventually, the financial costs of such practices is matching, and quickly overtaking those of firearm and auto related damages. With time, eventually it could cross over to life threatening potential (for example, if someone decided to make a virus with a specific angle, wiping out or modifying records for grandma's prescription drugs).
(1) The majority of abuses involving computers involve people who consider themselves "above the law", with no care in regards to potential damages that abusing the system can incur. Virus writers, spammers, script kiddies, warez distributors and DDOS operaters often fall under this category. For sake of comparison, lets file this under speeders, reckless drivers, drunk drivers, or road rage. Similarly, the comparison can be made for firearms.
(2) The majority of problems that occur within the computer industry and most media involve people who are poorly trained (or not trained at all), or poorly advised in using their computers. People who do not patch their systems, do not operate a firewall, and open e-mail attachments to unleash every iteration of klez upon the net. This one can be filed as those who pretend a car or a gun is a toy, and treat them accordingly.
(3) Despite the whole "for the children" trend in regards to the internet, there is no practical method to truly enforce it without trampling every detail in the constitution. Therefore, unlike most offered solutions, informing and training the young'uns in how to go about using a computer responsibly would be ideal. Similarly, do the same with new computer users. Give them a basic course, then a test, and upon passing said test, they can purchase their own computer.
The problem is, as illustrated by current tech problems, along with the e-commerce industry's shortcomings and varied collapses, Joe Sixpack tends to think of the computer as an appliance. A new magical alternative to the TV that can make all their dreams come true. They need to be informed that the computer is a tool. And just like any tool, it can be abused, and that there could be consequences, something that most of them are for the most part either ignorant to, or even defiant of. Therefore, if they have this knowlege, then they cannot claim ignorance, and as such could finally be enforced, then charges can be pressed, and at least for the short run, problems can be avoided.
After all, if they could lock away Mitnick (sp?) for over 5 years for downloading a few files, why can't they lock away a virus author or spammer for operating without a permit? At least that way they can set a precedent. Hell, I'm sure a good deal of spammers out there are in violation of other things, such as unpaid taxes, working without a business license, et al. And how many of them use their proceeds towards drug use, pornography, etc? Make the bill tough enough and at least the spammers in the US can be eradicated virtually overnight.
There. The can of worms is open. Feel free to bait a hook.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
First I ignored it. This worked for a while, but my paitence didn't grow nearly as fast as the spam volume (I've been on the net for years, so I remember when spam was a rare occurace). These are only the major things. I've tried others here and there.
Next I started using MS Outlook's built in spam catcher. This is basically a blacklist that you maintain that you can easily add things too. This actually worked somewhat well, but as the use of forged addresses (and just plain random ones) grew, this became less effective.
Next I started to use SpamNet. I used this up untill about last week. This used to be somewhat effective, and in the last month or so has been almost completely effective. This is the most wonderfull anti-spam device I've used. It was great near the end of the beta. But now it's out of beta and I'm not going to pay $5 a month to stop something I shouldn't get in the first place. Sorry Cloudmark.
When Spamnet started, it was pretty effective, but still left a decent amount to be desired. So I searched around and found SAProxy. This program let's you run Spamassassin on Windows, and the combination of this and Spamnet worked wonders. As Spamnet got better, this became more or less useless.
Unfortunatly, I had to get rid of Spamnet, due to the afformentioned monthly fee. So now all I have is SAProxy. It does work great, and it does get better with each new release. Now only about 3 messages a day get through, which is quite fantastic. Only 5% or so of the spam I get gets though. I could set the limit lower (to catch more spam) but right now I don't have to worry about it catching ham (it never has for me) and I don't want to have to start wading through my spam folder to check for ham. I thought I was using this stuff to not have to do that in the first place?
So in short, I'm now using SAProxy and quite happy. If there was a free version of Spamnet, I'd use it, but there isn't. If you're on Windows and have a supported e-mail client, get SAProxy, and save yourself a huge headache.
So what will I use next? I've been thinking of setting up a perl script to automatically find the home address of people who spam me and sending them a few ICBMs with notes attached like "HOW TO WIN AT EBAY WITH FREE CHEAP ICBMS THAT INCREASE YOUR SEXLIFE AND GROW HAIR."
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Just took a gander at his site and it is without doubt;
a) the worst example of html I have seen since at least 1994.
b) a complete stinking pile of unsubstantiated crap.
c) racist.
According to This Site, The earliest spam was sent by DEC in 1978.
Einar Stefferud, a longtime net hand, reports that DEC announced a new DEC-20 machine in 1978 by sending an invite to all ARPANET addresses on the west coast, using the ARPANET directory, inviting people to receptions in California. They were chastised for breaking the ARPANET appropriate use policy, and a notice was sent out reminding others of the rule.
Interestingly, a young Richard Stallman argued that spammers had every right to send spam.
I'm not Seth.
But of course some of the spammers get paid based on how many 'eyes' (or HTTP requests) are generated, so if they can just get through to an Outlook Express preview pane, it's worthwhile....until 'marketers' wise up.
By virtue of having my own domain name, outside of the United States, I now receive 1200+ spams a day (and noticeably increasing). People who advocate 'just hitting the delete key' make me fume. That's a lot of delete key. And a lot of time. I've now reached the point where false positives on spam detection by automated software are less likely than me hitting delete one too many times. Thanks to DNSBL I can reduce spam from 1200+ a day to 10 a day, and Paul Graham's Bayesian filtering reduces that down to 2 or 3 a week.
I'd like to share some recent observations I've made - I haven't seen this referenced elsewhere but maybe I don't know where to look (so feel free to point me where this is mentioned elsewhere).
First a minor observation that spam increases markedly on the weekends - because peop,e aren't around to close down open relays or spamming accounts?
Secondly, spammers have started adding non-spammy words (eg capacitor) and constrcuted nonsense words (capacitorsggg) inside their messages. I can only see this as a direct response to Paul Graham's approach. I don't see it as working - the rest of the message is just TOO spammy - but it sugegst to me that spammers see such an apprroach as a threat. I've seen these words sprinkled at the start of plain text emssages and after the /body> /html> of HTML messages.
Thirdly, what I've recently noticed is that a spammer will connect to my mail server, say HELO, do a MAIL FROM: and then QUIT. Then they connect to my system again and use a HELO command that is my OWN IP address. They also include a fake Received header that makes it look as though the message originated from my own machine. Nice try you scummy spammers. SpamCop is smart enough to see through that ploy. I wonder how other system's will respond.
Fourthly, I've noticed that often when I complain to SpamCop I become the victim of a JoeJob. Currently I'm getting all the delivery failures coming back to random alphanumeric usernames at my domain. Sigh. Time to strip off my domain when I lodge SpamCop submissions eh?
Recycle PCs and build a wireless community network www.hillsborough.org.nz
In the late 80's there was a bumber sticker in Texas that said Please God let there be anothor oil boom, we'll do it right next time. They got a tech boom instead.
Maybe it is time to start over again. It is only a matter of time before AOL/MSN gets together and comes up with a tech fix that works, mostly. Maybe it is time to get ahead of them and come up with an open standard. Some day Microsoft is going to see that the only way the butterfly can protect the kiddies like in the commerical is to start over and stick it to Linux at the same time.
Now I have to go off and delete my email account and come of with a new accout.
you sound like your 'educated stupid' to me. funny how you can't disprove the theory, so you attack the html code for the page and throw mud. ad hominam is fallacous.
In 2002 I received over 18,000 pieces of spam, for a total of 163 megabytes. Compare this with the year 2000 (6 MB) and 1996 (183 KB). Based on the spam I've gotten so far this year, 2003 should see a bumper crop of 25 to 30 thousand pieces. This is just my POP3 account, and not my venerable Hotmail account that's now a smoking hole in the ground.
If I'm ever lucky enough to meet a spammer in person, I will kick him in the nuts repeatedly, until he sings soprano. Of course, I'll be chanting "Just hit Delete...just hit Delete" the whole time.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
Yeah, I thought of requiring a license a long time ago too. You can see at http://www.foobarsoft.com/opinions/internetproblem sandsolutions.shtml. Of course, the real problem with this is that you'd have to get every country to agree to do this and make sure no one cheats and such. It would have been nice long ago, but it's way too late in the game to do it today.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
I'm sorry to break this to you cowboy, but most of the 'fuckin moderators' are just ordinary joes like you and me (not employees of OSDN).
That smacks of Secular Humanism, which is a religion in it's own right.
should be as effective as slashdot's anti-troll measures... **ducks**
How can you believe that drug dealing is victimless. Not only does this activity create crimes in which innocents are injured, the money that is generated supports drug lords in (usually) Central and South American countries. These people have no trouble killing enforcement agents, alot of which have families that depend on them. Victimless, indeed.
4) Would a dating service for people on the net be "frowned upon" by DCA? I hope not. But even if it is, don't let that stop you from notifying me via net mail if you start one.
There will not be a "new" SMTP because the existing one is too well established.
There have been many wonderful suggestions posted as previous stories and also as responses to previous stories. Many, perhaps most, of the great solutions require a critcal mass of people to adopt a technical solution at the server. None of those will happen.
The best solution will be individuals or companies adopting products like Spam Sleuth or Spam Sleuth Enterprise which have a variety of detection methods including Bayesian (statistical analysis), EMail Stamps (shift cost to sender), Bouncing (trick the spammers), as well as the usual Whitelists, IP Blacklists, e-mail address Blacklists, etc.
Just like computer viruses, those people who use the technical solutions will be immune, and those that don't will continue to suffer. The tools exist. Slogging through spam each day is a choice.
while you're at it, tell me where I can get me some wangled taterhosen?
Drug dealing is a 'victimless' crime in which all parties concerned are consenting.
So all of the people that get killed by stray bullets in drug deals gone bad consented to being shot? Drug dealing is not a victimless crime.
What makes no sense about spam is that it seems like the only people really making money off of it are the spammers themselves. It's a shame I don't have it on hand, but more than 75% of the services being offered according to one account, aren't even legit, the main exception being pornography websites. (I'm sure many of you will remember the article, and someone will respond to this with it).
Case in point, what I'm wondering is, who are the companies funding spammers? Judging by the relativly low success rate of bulk email, I'd imagine you're actually losing quite a bit of money to pay a company money to send out emails for your company, emails that potentially damage the reputation of your company due to the vast amounts of illigitimate business and anti spam sentiment on the net.
Simply stated, it sounds like:
Step 1: Send mass emails
Step 3: collect profit
I willing to bet their business model was derived from the underpants gnomes...
"In a Democracy, people get the kind of government they deserve." -Winston Churchill
Simple.
Money.
Mitnick's foes' lawyers claimed billions of dollars (that's laywer dollars, not real dollars, of course) of damage to the people padding the politician's pockets.
When spam gets there, we could count on the jack-booted thugs raiding a place or two in the night. Unfortunately, the spammers are getting richer, and trying to make laws that favor them...
For us carnivores, "Sucking the marrow out of life" isn't a transcendentalist philosophy but a practical instruction.
This article does not really gives much of an overview on the history of spam wars. The article leaves out more stuff that it mentions. I couldn't find any references to:
* Evolutionary progress from your garden-variety, run-of-the mill carpetbombing from the sender's ISP to hijacking of external mail relays, leading to most mail relays now being closed; to repeated gang-banging of every mail relay on the Internet, in the late '90s, that was running the completely fucked up Sun sendmail 8.6, which fails to record the sender's identity, turning it into a somewhat efficient anonymous spam forwarding service; to direct-from-dialup spamware that doesn't need mail relays and delivers directly to the recipients' mail servers; to spamware that scans and hijacks open proxies, and spam-forwarding trojan zombies that take over and infest Windows-based clients.
* The rise, fall, and bankruptcy of Apex Global Information Systems, the first commercial attempt to make a business model out of providing dedicated spam connectivity; with Cyberpromo, Nancynet, Marynet, and Sallynet spam factories as their charter "customers".
* The rise and fall of MAPS. The article makes out MAPS as the leading champions, but those in the know sadly know that MAPS is now a shadow of its former self.
* The rise and fall of ORBS, and a gaggle of similar open relay blacklists that sprouted up to supplement and replace.
* The rise, and hopefully the fall, of the trend where large backbones quietly agree to accept premium connectivity and hosting fees, in exchange for ignoring complaints about their spamming parasites, all the while flouting their supposed "anti-spam" Acceptable Usage Policies/Terms Of Service (documentation and proof available per request).
* The rise of the trend where spam farms are set up in third world countries, whose hosts completely ignore spam complaints and are generally better resistent to spam blacklists, since they don't send much mail to the US.
* The rise of SPEWS, as a partial response for a need for a successor to MAPS, and a surprising accept of SPEWS, which has an aggressive blacklisting policies, which flew in the face of conventional thinking that network providers will tremble with fear, run to hide in the nearest closet, and become completely paralized at a mere prospect of rejecting a single non-junk message.
There's plenty more subject matter for anyone who really wants to provide an overview of spam wars. This article seems a bit skimpy on the facts...
First off, the article is WAY behind the times on anti-spam techniques. SpamAssassin's statistical techniques far outstrip the simplistic features discussed. For example, it mentions obfuscation techniques, and yet SA is known to detect almost all of them one way or another, and even when it doesn't it catches the mail because it's in Razor2, comes from a BLed site, has obviously forged bits, doesn't look like valid mail to Bayes, etc, etc, etc.
Second, the article is also a bit naive on several points regarding blacklists. Many blacklists are good and useful, many are not. But taken as a whole, they present a spectrum of data that can be interpreted through a number of classical techniques that are applied to noisy data sources. Trusting any one BL or a small list is almost always a mistake, you need to build a sample set and determine who you trust and how much. SA does this, but it would be easy enough to build a BL-only SA-like tool for high-speed analysis on high volume ISPs and pipe-providers.
I'm getting worried that the problem of spam erradication is starting to look like the most divisive problem the net has faced to date. There are an awful lot of angry people, and those pitchforks and torches are starting to point in some very "infrastructurish" directions. Articles like this one, really don't help much....
# A conviction that dogmas, ideologies and traditions, whether religious, political or social, must be weighed and tested by each individual and not simply accepted on faith.
# Commitment to the use of critical reason, factual evidence, and scientific methods of inquiry, rather than faith and mysticism, in seeking solutions to human problems and answers to important human questions.
# A primary concern with fulfillment, growth, and creativity for both the individual and humankind in general.
# A constant search for objective truth, with the understanding that new knowledge and experience constantly alter our imperfect perception of it.
# A concern for this life and a commitment to making it meaningful through better understanding of ourselves, our history, our intellectual and artistic achievements, and the outlooks of those who differ from us.
# A search for viable individual, social and political principles of ethical conduct, judging them on their ability to enhance human well-being and individual responsibility.
# A conviction that with reason, an open marketplace of ideas, good will, and tolerance, progress can be made in building a better world for ourselves and our children.
From the Council for Secular Humanism.
This is an idea that ran through my head. There are likely flaws with it (I can think of a few) but, you know, the more ideas that get out there, the better.
E-mail addresses are largely collected from web pages. It would be trivially easy for one person to set up a plain text web page that contains 10 MB of plain text bogus e-mail addresses, changed daily. But what if everyone did it? What if there were thousands of such pages (hundreds of thousands) on the web? Would it be possible to clog up spammers by flooding their address collectors with hundreds of millions of bogus e-mail addresses per day?
(Plenty of obvious objections of course. For example, all that cumulative wasted web storage space costs money. Also, spammers still test for validity of addresses. But, they'd have to do more such testing. And so on...)
My domain name is being forged in headers by a spammer or spammers. I'm now receiving literally hundreds of bounces a day, for a mix of streaming gay porn, something in Russian and "Teenage Sluts Blow Chunks!".
What's the best response? Do I have any legal resource? Will this at least blow over eventually? Some research suggests the answers are deal with it, no and probably, but I'm curious to hear what anyone here has to suggest.
What I'm listening to now on Pandora...
Where can I purchase a wireless waterhose? I am tired of dealing with tangled waterhose when washing my car or the lawn. Thanks.
Sorry, I've already applied for a patent for that. The method to transfer water from one location to another without a "hose" or physical connection between the source and destination.
My marketing company has been working overtime and so far has come up with this hit:
"All of your Humidifiers/Dehumidifiers are belong to us!!"
Some may spout off about the the earths natural rain cycle, evaporation, or the jet stream and clouds and such as prior art but it's too damn late as I got it past the USPTO..
The idea of charging for spam has merit, but the fact that money is involved makes me quesy. Money is expensive to secure and there is no current model on the Net for microtransactions of a penny.
My solution involves requiring the sender to perform one minute's worth of SETI@Home, protein folding, etc., from one of the distributed processing sites (DPS).
With some thought, it probably wouldn't be too hard to implement in an initial small group and then start scaling it up. For example, a listserv could require all participants to subscribe to a DPS's email service. The DPS accepts the completed mini-work-units and creates an X.511 certificate that the sender can place in the header of the email. The SMTP server then verifies the legitimacy of the certificate.
Depending on the success of this, more and more
SMTP servers would pop up that have the option to check for valid x.511 certificates from DPSs for those users that request it.
BTM
That was the turning point of my life--I went from negative zero to positive zero.
I can't say that I haven't given my address to people who "aren't stupid or assholes", but I doubt that this is the vector for most of the spam I receive.
/users, or your DSL provider "shares" your address with their "strategic partners". Never tasted that canned pink meat? You Will.
You say you've had your POP3 account for over a year; I've had mine for nine years. In that time, I've posted it to Usenet, used it as a mailto: on web pages, signed up for things with it, and used this address to register domains, always unmunged, sans "NOSPAM" or "remove this" or "@@@".
Even if I'd done none of these, or did munge my address, I'd still get spam, albeit somewhat less. Spammers use dictionary attacks, too, or they create a list from
Enjoy it while you can, for I see a million penis enlargers in your future.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
damn, that's the funniest shit I've seen for a while. You managed to combine a humourous sounding dyslexiaism with the cliched boxen method of making a plural. Classic!
Bah. Obviously "American Scientists" are not "programmers", because each of those sub-pages generates a JavaScript error for me. (If you "scientists" are reading, the onload handler for the BODY tag has a call to some Macromedia Dreamweaver JavaScript libraries which are missing. Either supply the libs or remove the onload.)
Yes, forging headers is fraud. You can sue based on damage to reputation and cost of processing the bounce messages. However, you will first need to determine who is sending the spam. To try to do that, you will have to do some research. If possible, obtain full headers for each type of email, so that you can see who is sending them. The other way you can determine identity is to follow the money. How is the spammer going to make a profit? Selling porn sites? Referrals? Just getting paid to send the emails by someone else?
If you could use help interpreting headers, send me an email at my Slashdot userid at yahoo dot com. Please include Otter from Slashdot in the subject if you send me email; otherwise, I might think it is spam...
-SpamTroll
TroLL
tROll
TROLL!
Then again, I think driver licensing is too lax anyway. Changing a tire should be a required piece of it unless you are physically incapable of doing it.
I read through the site, and it seems to be an incoherant ramble at best. If he wants to "prove" something, why can't he go about it in a more direct fashion instead of attacking the reader with nonsensical gibberish?
"We license drivers. How many idiots do you see on the road every day when you drive to and from work, who do not pay a penalty for being idiots? Think licensing computer users would be any more effective?"
Ahhh, but then what would insurance companies do for a living? Get a real job? No, wait...
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
I'm surprised TMDA hasn't been mentioned yet. The Economist does note "challenge and response" systems, this seems the right answer to me.
http://www.tmda.net/ seems quite good, check it out.
Shouldn't we be able to prosecute spammer's under the DMCA?
Spam filters are obviously a device used to regulate what mail you receive. They used to effectively block spam. However, spam has evolved to beat the filters.
This implies that the spammers determined the method the filter used, so that they could beat it. In other words, they reverse-engineered it.
So, aren't spammers circumventing an access-control device via knowledge they gained by reverse-engineering a product?
It's that the epitome of illegal under the DMCA?
Justin Dubs
I've been trying to figure out how to set up evolution to work with spam assasin. I'm running debian unstable, so I can get pretty much whatever packages I need, but I'm not really sure where to start.
Is anyone aware of any good guides or howtos, so I can RTFM (read the fine manual) and get this set up. I've been toying with just using Mozilla 1.3 w/ the built in baysean filtering, but I really kind of like the pim aspects of evolution. Thanks.
Liquor dealers don't go shooting each other on the street corners, though people do rob liquor stores and drunks do get into fights. A day's worth of medical-priced opiates is cheaper than a half-bottle of bad gin.
Zucchini dealers don't go shooting each other, though there are the occasional Midwestern terrorist events (leaving bags of zucchini on other people's doorsteps during the growing season); marijuana's about as easy to grow as zucchini if you're not trying to hide it from the cops.
If we legalize drugs, street gangs may not stop carrying, but they'll mostly stop dealing, because you'll be able to get better-quality pharmaceutical drugs at the drug store and marijuana at the tobacco or liquor store, and at that point drug dealing turns into honest work, not significantly more profitable than selling flowers on the street corners except for a bit of low-markup business selling to minors along with selling them cigarettes. Might as well go back to stealing hubcaps.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
When one does, the rest will reconsider.
Some big corp with just a little bit of insight is going to buy the intellectual rights of the theory, patent it and make billions, control all the possibilities for time-travel as described in the guys maths. We're screwed....
Still looking
so that's 121%? cool.
The following article in The New York Times recently cought my attention: http://www.nytimes.com/2003/04/27/national/27JOBS. html?th=&pagewanted=print&position=
Specifically, the last 2 paragraphs. To spare you the trouble of registering and scrolling down: it's a 56 years old woman laid off from Bayer in 2001, unable to find a job in 2 years.
Guess what is she poised to do now...
Try to plot those "spam volume surged from 10% to 40%" and Dow Jones charts together, - I don't think it's a coincidence. Several million people including hundreds of thousands of programmers went out of the loop in 2 years, with less and less hope for better economy. What fraction of that army is looking for "business opportunities" now? A plausible estimate would be the same as for the spam response rate, which is 0.01-1% (the numbers i see in various articles on the subject), - quite enough to fill up everybody's in-box.
The future is promissing though. Sooner or later people will sort out all those enrons and worldcoms, figure out what they want and push Dow and Nasdaq over 12,000 and 5,000 respectively, and you'll find Alan Ralsky toiling in the cubicle next to yours, bitching about the boss...
I too have noticed that the vast majority of spammers now seem to forge the HELO/EHLO greeting. And as most non-spammers don't, this is actually a wonderful way to catch them. I've even seen them send the IP address of my secondary mail gateway in hopes that my primary mail server would fully trust it (obtained probably by looking up my MX records). I run a mail gateway for a corporate domain an get on average 30 to 40 thousand spams per day. Using sendmail with it's milter programming interface I put the HELO greeting though a very strict check. For those contemplating doing the same...
One last note about Forged AOL Spam after talking to one of their postmasters...all their legitimate mail by corporate policy is always sent from within the *.aol.com or *.aol.net domains. This will be in both the HELO as well as a reverse DNS lookup of the connecting IP address. If you don't see this in the HELO and DNS but you see a MAIL FROM for aol.com, it's probably spam.
I wish more big ISPs would provide public information about how to better detect forged mail claiming to come from their sites. For instance if I see a MAIL FROM *@yahoo.com, then should the connecting IP address always be from a *.yahoo.com host? Some ISP's like hotmail seemingly always add in a known predictable header whose absence indicates spam. But I can't reliably make these calls unless the ISPs provide that information. Also, beware that some semi-legitimate sites, like Monster.com forge the sending address on purpose; so if you want to receive resumes you may need to whitelist them.
What about Junk mail I receive on a daily basis? I would say that 75% of my mail is junk mail. I don't see SPAM ever going to go away.
The only actual, straightforward, factual claim I can find on that page is this:
"Your midday is someone else's midnight, someone else's sundown and even someone else's sunup."
No shit, Sherlock! Shame I had to scroll through a couple of dozen screenfuls of self-aggrandisement and incoherent bragging before I got to this.
Let me guess... this is your site, right? ;-)
Years ago I got a offer from Madera International (symbol WOOD) and they said their stock was going to hit $1.20 per share at any time. This was very early in the spaming game and I wanted to find out how much people would fall for this. I called up my broker and asked how much to buy this fine stock. She said it would be $25 in fees and the smallest lot I could buy was something like 400 shares since their value was so low. Due to some miscommunication, she took this as a request to buy 400 shares. Since it would cost me another $25 to unload it, I decided, I would keep it as a reminder to chart its progress over the next few years. From a high of nearly .06 a share it simply fell. Today I found that its value is now $0.00. Right now the 1st link from google is a SEC report about fraud and stuff. One of these days I think I'll write up this story to tell other people what kind of people are dealing with when they get stock tips from people they don't know.
Madera International started out importing assult rifles until a law stoped that. Then they went into the business of cutting down rainforest. For a while they had a nice web page up saying how you could give them $10 and they would plant a tree in the rainforest to replace one cut down by loggers. According to the SEC, that wasn't their only scam.
Just set up a procmail filter to block any mail that isn't signed or encrypted with PGP.
Of course, you'd miss out on a lot of legitimate mail.
The US Army: promoting democracy through unquestioned obedience
If 71% got no more than a little, that obviously would INCLUDE the half who got none... since half is, in fact, no more than a little.
Sean
It's worth noting that the RFCs specifically say that you shouldn't refuse mail based on the contents of the HELO or EHLO commands. It's your MTA, so it's your choice to do so, but it does mean you're not RFC compliant.
Trying to attack the spammers themselves is futile. They'll just change ISP's, accounts, use foreign relays, etc. Also there is a growing trend of innocent victims whose email addr has been put as the "Reply-to" field in the spam emails. Passing laws and other "infrastructure" changes also are a threat to freedoms of speech and general internet use.
No, what has to be done is to go after those who sponser the spams in question. They cannot hide by using false addresses -- if they did, what would be the point of paying the spammers to send email?
The article has it wrong, I think, in saying that we cannot concentrate on the commercial aspects of spam. The only reason it is so pervasive is that the spammers get paid to send their spam. Your average "Jesus-saves" freak is not going to be spending the money to do that. Even if there are some who do it, they aren't businesses; the level of spam that they fund will be below the level at which a spammer can stay in business.
So... how do we go after the spam-sponsors? A coordinated DDOS attack could get one thrown in jail, because it's a knowing attack on the accessibility of a legitimate business. But there's one thing about spam -- what the article called the defining characteristic -- in that it's sent to hundreds of thousands, or millions, of addresses at a time. The spam itself provides the coordination for an attack; no individual attacker has to do more than access the web site a few times. Or enter bogus credit-card orders*. Or anything else that the web-site owner will have to pay for if done in enough volume.
If we all just made it a habit -- receive a spam, go to the web site referenced, and click around a bit, enter in your credit card # with the wrong address a few times, etc, then there would be very real costs mounting, which would quickly overshadow the increased sales that the 0.05% spam respondents would bring. It doesn't even have to be a majority of spam recipients doing this, as the article points out is a drawback of spam-shielding techniques; it only has to be enough to do the required damage to the spam sponsors.
"Orthodoxy is unconsciousness" - Orwell
By using CPU or monetary postage for unidentified users. Or the are "you human"? Bitmap techniques, you can essentially stop spam in it's tracks.
The problem is implementing a new e-mail protocol that supports this.
I personally realized this a while back when I started recieving porn spam on my yahoo messenger. By only accepting messages from my friends list, I was able to stop it. If someone I didn't know wanted to IM me they had to request that I add them (standard challenge and response). Since them I signed up for a mailblocks account to manage my hotmail spam (200 spams per week). Spam has dropped to Zero (although there are still a few bugs they are working out to handle mail lists etc.
-Nuke the moon
"Simply put, we should require some form of an operators' license to own or operate a computer. Despite there being radical differences between the types of machinery, an adequate comparison would be to either automobiles or firearms licensing legislation."
That's going in exactly the wrong direction. All the anti-spam solutions that aren't succeeding against spam (but you really should make sure you define "succeed" if you don't want to err in this sort of statement) came from people you would (I presume) license to be on the internet. All those smarts haven't done the job, have they? You also (like many before you) gloss over the fact that the huge majority of the people you would deny a license to be on the internet are running exactly what the software vendors sold them, configured exactly as the vendor had it configured as the default. The smarts you would require them to have would be to not trust the software vendors. OK, I'll give you that one. But why isn't that repeated incessantly until people learn it? You want to make them be smart - what do you do to educate them?
The "smart" people on the internet, the ones you would grant licenses, still almost 100% ignore their big daily opportunity to hit spammers where it hurts: the tests the spammers are doing on systems in these "smart" peoples' own domains to see if there are vulnerable IPs. Spammy as much as says "hurt me," the "smart" people say "no." That makes no sense, that's worse than trusting the vendors.
So: watch out: the licensing might get into what you'd consider the wrong hands: mine, say. I'd require every operator to demonstrate the ability to think logically - there go 90% of your "smart" people down the tubes. They still don't get it that telling a spammer "550 we do not relay" is telling him exactly what he needs to know - it helps the spammer. There's a difference between what you do to protect your own system (and what you do to secure your own system) and what works best for the benefit of the internet as a whole. Spammers every day provide opportunities for operators to cause the same spammers significant harm - opportunities on the operators' own computers. 99.99% of them simply secure the system and throw away the opportunity. Then they complain about spammers and maybe about the dummies that shouldn't be licensed to be on the internet. Uh-huh. Sure. There's Dummies and then there's Dummies.
Thee's a reasonable, non-Draconian solution: hit spammers where it hurts and where they are not now being hit. Most spam is abuse spam. Screw up the abuse pathway and that spam dies. That can be done, now, with no change in the internet or in any protocol. While spammers test IP's on DSL and cable blocxks for open relay the battle cna be engaged on those same DSL and cable blocks - individuals can fight spam. Even individuals running (gasp) Windows.
See: http://jackpot.uk.net
There is a talk at my university that makes sense. It has to do with not accepting email unless it has a certificate that the sender did a 10 second compution. This would cripple mass email sending. Fighting Spam may be easier than you think
Drug dealing is harmful to families.
Children of drug-addicted parents are often under nourished, under educated and abused.
Drugs affect your ability to make reasoned choices. Dependancy is not good and any child of a drug-dependant would tell you (if they could). It makes for a crazy perspective and the result is that healthy behaviors are rejected because they are not familiar.
Babies born from crack-addicted mothers can be crack-addicted at birth and have a higher rate of birth defects due to the impact of the drug use and blood flow.
...which is problematic for many users, as they don't have effective ways of regularly updating their systems.
Of course, Debian GNU/Linux shines in this regard, and several of the RPM-based distros are starting to address the need, though IMO poorly.
Windows users are SOL until someone decides to offer a service specifically of providing SpamAssassin updates. This tends to make the proxy solution more appealing, however it's the crucial last bit of fine-tuning of SA rules which is the golden touch, and running through a proxy makes this more difficult.
What part of "gestalt" don't you understand?