Slashdot Mirror
A Timeline Of Spam And Antispam
Haak writes "American Scientist has a fine article by Brian Hayes summing up the history of spam and proposed measures to deal with it." A shorter article along the same lines is running at The Economist.
← Back to Stories (view on slashdot.org)
The article sums it up well, but is this something that is going to ever stop? SPAM to me seems like another one of those things in life like drug dealing for instance. Whatever tactice we take to stop or outlaw it, people are always going to find a way around it. The stronger we make our SPAM filters, the more normal desired mail that is going to get blocked. DOn't get me wrong, I hate Spammers, but I dont see how any of these solutions are going to work. Thats my opinion at least, but as the article says, I suppose suing spammers might have a good effect.
Okay, troll, give me your email address, and we'll see how you like deleting 10,000 emails a day. If you mean what you say, you'll give me your address. Otherwise, crawl back into your hole.
We Present the world's first Make Money Fast Spam
I'm not Seth.
Uhm, why do you say that? According to Merriam Webster spam is: unsolicited usually commercial E-mail sent to a large number of addresses.
Why can those messages not be 'personalized' and still fit that definition?
Ever notice that spam now-a-days has random strings of characters placed throughout it? That's to make it unique to prevent spam filters from looking the checksum of the message up in a database and marking it as spam.
Today's Aardvark Daily shows exactly why spam is the problem it is -- there are too many stupid people out there who believe they can get something for nothing.
Check out just how lame the spammer in question is and how, in his world, the word "free" has a whole different meaning to the one most people have.
Despite his blatant misrepresentations and the fact that he's promoting his scam via spam, this guy has got people queuing up to hand over their "stupidity tax".
What's worse though is that the spammer is so lame he's effectively exposing the credit card details of *all* those who sign up. You even get to look inside his two email accounts because he doesn't have a clue about choosing sensible passwords.
We're quick to blame spammers for the problem but maybe the truth is that the tide of spam is driven more by the stupid and greedy people who respond to these "too good to be true" emails.
I don't see how to create anti-spam without some form of identification, simply because without an ID, anyone could use a mail type system to send junk messages to people and not get caught - because there's no ID, of course!
stuff |
But of course some of the spammers get paid based on how many 'eyes' (or HTTP requests) are generated, so if they can just get through to an Outlook Express preview pane, it's worthwhile....until 'marketers' wise up.
By virtue of having my own domain name, outside of the United States, I now receive 1200+ spams a day (and noticeably increasing). People who advocate 'just hitting the delete key' make me fume. That's a lot of delete key. And a lot of time. I've now reached the point where false positives on spam detection by automated software are less likely than me hitting delete one too many times. Thanks to DNSBL I can reduce spam from 1200+ a day to 10 a day, and Paul Graham's Bayesian filtering reduces that down to 2 or 3 a week.
I'd like to share some recent observations I've made - I haven't seen this referenced elsewhere but maybe I don't know where to look (so feel free to point me where this is mentioned elsewhere).
First a minor observation that spam increases markedly on the weekends - because peop,e aren't around to close down open relays or spamming accounts?
Secondly, spammers have started adding non-spammy words (eg capacitor) and constrcuted nonsense words (capacitorsggg) inside their messages. I can only see this as a direct response to Paul Graham's approach. I don't see it as working - the rest of the message is just TOO spammy - but it sugegst to me that spammers see such an apprroach as a threat. I've seen these words sprinkled at the start of plain text emssages and after the /body> /html> of HTML messages.
Thirdly, what I've recently noticed is that a spammer will connect to my mail server, say HELO, do a MAIL FROM: and then QUIT. Then they connect to my system again and use a HELO command that is my OWN IP address. They also include a fake Received header that makes it look as though the message originated from my own machine. Nice try you scummy spammers. SpamCop is smart enough to see through that ploy. I wonder how other system's will respond.
Fourthly, I've noticed that often when I complain to SpamCop I become the victim of a JoeJob. Currently I'm getting all the delivery failures coming back to random alphanumeric usernames at my domain. Sigh. Time to strip off my domain when I lodge SpamCop submissions eh?
Recycle PCs and build a wireless community network www.hillsborough.org.nz
There will not be a "new" SMTP because the existing one is too well established.
There have been many wonderful suggestions posted as previous stories and also as responses to previous stories. Many, perhaps most, of the great solutions require a critcal mass of people to adopt a technical solution at the server. None of those will happen.
The best solution will be individuals or companies adopting products like Spam Sleuth or Spam Sleuth Enterprise which have a variety of detection methods including Bayesian (statistical analysis), EMail Stamps (shift cost to sender), Bouncing (trick the spammers), as well as the usual Whitelists, IP Blacklists, e-mail address Blacklists, etc.
Just like computer viruses, those people who use the technical solutions will be immune, and those that don't will continue to suffer. The tools exist. Slogging through spam each day is a choice.
What makes no sense about spam is that it seems like the only people really making money off of it are the spammers themselves. It's a shame I don't have it on hand, but more than 75% of the services being offered according to one account, aren't even legit, the main exception being pornography websites. (I'm sure many of you will remember the article, and someone will respond to this with it).
Case in point, what I'm wondering is, who are the companies funding spammers? Judging by the relativly low success rate of bulk email, I'd imagine you're actually losing quite a bit of money to pay a company money to send out emails for your company, emails that potentially damage the reputation of your company due to the vast amounts of illigitimate business and anti spam sentiment on the net.
Simply stated, it sounds like:
Step 1: Send mass emails
Step 3: collect profit
I willing to bet their business model was derived from the underpants gnomes...
"In a Democracy, people get the kind of government they deserve." -Winston Churchill
This article does not really gives much of an overview on the history of spam wars. The article leaves out more stuff that it mentions. I couldn't find any references to:
* Evolutionary progress from your garden-variety, run-of-the mill carpetbombing from the sender's ISP to hijacking of external mail relays, leading to most mail relays now being closed; to repeated gang-banging of every mail relay on the Internet, in the late '90s, that was running the completely fucked up Sun sendmail 8.6, which fails to record the sender's identity, turning it into a somewhat efficient anonymous spam forwarding service; to direct-from-dialup spamware that doesn't need mail relays and delivers directly to the recipients' mail servers; to spamware that scans and hijacks open proxies, and spam-forwarding trojan zombies that take over and infest Windows-based clients.
* The rise, fall, and bankruptcy of Apex Global Information Systems, the first commercial attempt to make a business model out of providing dedicated spam connectivity; with Cyberpromo, Nancynet, Marynet, and Sallynet spam factories as their charter "customers".
* The rise and fall of MAPS. The article makes out MAPS as the leading champions, but those in the know sadly know that MAPS is now a shadow of its former self.
* The rise and fall of ORBS, and a gaggle of similar open relay blacklists that sprouted up to supplement and replace.
* The rise, and hopefully the fall, of the trend where large backbones quietly agree to accept premium connectivity and hosting fees, in exchange for ignoring complaints about their spamming parasites, all the while flouting their supposed "anti-spam" Acceptable Usage Policies/Terms Of Service (documentation and proof available per request).
* The rise of the trend where spam farms are set up in third world countries, whose hosts completely ignore spam complaints and are generally better resistent to spam blacklists, since they don't send much mail to the US.
* The rise of SPEWS, as a partial response for a need for a successor to MAPS, and a surprising accept of SPEWS, which has an aggressive blacklisting policies, which flew in the face of conventional thinking that network providers will tremble with fear, run to hide in the nearest closet, and become completely paralized at a mere prospect of rejecting a single non-junk message.
There's plenty more subject matter for anyone who really wants to provide an overview of spam wars. This article seems a bit skimpy on the facts...
This is an idea that ran through my head. There are likely flaws with it (I can think of a few) but, you know, the more ideas that get out there, the better.
E-mail addresses are largely collected from web pages. It would be trivially easy for one person to set up a plain text web page that contains 10 MB of plain text bogus e-mail addresses, changed daily. But what if everyone did it? What if there were thousands of such pages (hundreds of thousands) on the web? Would it be possible to clog up spammers by flooding their address collectors with hundreds of millions of bogus e-mail addresses per day?
(Plenty of obvious objections of course. For example, all that cumulative wasted web storage space costs money. Also, spammers still test for validity of addresses. But, they'd have to do more such testing. And so on...)
Btw, applying OOP thinking to the world is a recipe for mistake and confusion. Fingerprint, under your definition, would be an attribute of a sub-class of mammal. Human is a sub-class of mammal, and fingerprint is an attribute of human. It so happens that no two are exactly alike, so that is why almost everybody except for you says that fingerprints are unique.
Shouldn't we be able to prosecute spammer's under the DMCA?
Spam filters are obviously a device used to regulate what mail you receive. They used to effectively block spam. However, spam has evolved to beat the filters.
This implies that the spammers determined the method the filter used, so that they could beat it. In other words, they reverse-engineered it.
So, aren't spammers circumventing an access-control device via knowledge they gained by reverse-engineering a product?
It's that the epitome of illegal under the DMCA?
Justin Dubs