Slashdot Mirror
A Timeline Of Spam And Antispam
Haak writes "American Scientist has a fine article by Brian Hayes summing up the history of spam and proposed measures to deal with it." A shorter article along the same lines is running at The Economist.
← Back to Stories (view on slashdot.org)
Spam, on the otherhand, is stoppable.
/. postings about spam recently... too much!
But, so many
The article sums it up well, but is this something that is going to ever stop? SPAM to me seems like another one of those things in life like drug dealing for instance. Whatever tactice we take to stop or outlaw it, people are always going to find a way around it. The stronger we make our SPAM filters, the more normal desired mail that is going to get blocked. DOn't get me wrong, I hate Spammers, but I dont see how any of these solutions are going to work. Thats my opinion at least, but as the article says, I suppose suing spammers might have a good effect.
Okay, troll, give me your email address, and we'll see how you like deleting 10,000 emails a day. If you mean what you say, you'll give me your address. Otherwise, crawl back into your hole.
I feel that SPAM should be considered like Telemarketing. And I think we should be able to opt out without notifying someone that our email address is life and getting filled. Interesting Article..I knew about the Green Card lottery, but I didnt know about DEC sending emails to people.
---
We Present the world's first Make Money Fast Spam
I'm not Seth.
Beef, the anti-spam.
"Derp de derp."
But..But ..my delete key wore out
Diplomacy is the art of saying "Nice doggie" until you can find a rock. Will Rogers
I'm gonna need all that money from Nigeria to afford the necessary penis enlargement and credit rating accentuation!
Examined from the inside, the world of spam has created its own perverse little self-sustaining ecosystem.
The ones *they see* could be unique if just one person from that mailing reports it to them. Also, they could be including the random text in every email, which actually does make it so that every spam is unique.
Are you by chance religious? I ask because the phrase 'our place in the universe' smacks of religion. We are the lords of our universe, if we choose to be and develop our minds sufficiently. Not everybody shares your parochial and limited outlook on the place of humans in the universe.
Uhm, why do you say that? According to Merriam Webster spam is: unsolicited usually commercial E-mail sent to a large number of addresses.
Why can those messages not be 'personalized' and still fit that definition?
Ever notice that spam now-a-days has random strings of characters placed throughout it? That's to make it unique to prevent spam filters from looking the checksum of the message up in a database and marking it as spam.
Today's Aardvark Daily shows exactly why spam is the problem it is -- there are too many stupid people out there who believe they can get something for nothing.
Check out just how lame the spammer in question is and how, in his world, the word "free" has a whole different meaning to the one most people have.
Despite his blatant misrepresentations and the fact that he's promoting his scam via spam, this guy has got people queuing up to hand over their "stupidity tax".
What's worse though is that the spammer is so lame he's effectively exposing the credit card details of *all* those who sign up. You even get to look inside his two email accounts because he doesn't have a clue about choosing sensible passwords.
We're quick to blame spammers for the problem but maybe the truth is that the tide of spam is driven more by the stupid and greedy people who respond to these "too good to be true" emails.
*scotty voice*
Captain, the spam/antispam reactor is gon ta blow!! I cant give ya any more porno!
Repeal the DMCA!
The beginning of spam:
Moses brought down the ten commandments.
Result:
Related spam has grown exponentially into dozens of religions.
Unique: only one of it's kind (kind being spam...sub-class being asd;laksdlsakd only).
Variant: a change or slight difference
Thus if you receive two emails, and they are both spam as far as you, the receiver are concerned, but they are from two different non-sensical sources (bobo1234 & jano5678), they are variants on the top level 'spam' class, and not unique. They are variations on one theme....junk email.
I don't see how to create anti-spam without some form of identification, simply because without an ID, anyone could use a mail type system to send junk messages to people and not get caught - because there's no ID, of course!
stuff |
Not that we should not pursue anti-spam countermeasures but spam will never clearly fully go away. Its like warez, its like mp3's, its like drugs, its like this, that and everything. You can try but you'll never really get a hold on it. Minimise it as much and as conveniently as you can, but as soon as you start spending ages trying to outlaw it you will find you've wasted more time than it would have taken to delete the spam and move on with your life.
Anti-spam activists go to a lot of trouble to help locate and identify people and groups responsible for flooding the net with spam (or who provide spamware to misinformed laypeople). These same good-doers are often sought out by spammers, sued by groups of them, have their privacy invaded (release of home phone, address) in effort to scare them into shutting up.
I am not kidding here. Take a look at some of the projects that scare the hell out of professional spammers:
spamhaus keeps an exhaustive list of major spam operations.
SPEWS lists areas of the Internet that have frequently be used for spamming, including detailed evidence files and histories of ISPs that turn a blind eye to spam.
Spamware vendor list has a listing of sites that sell spamming software -- without which we would have little or no spam.
Variant: a change or slight difference
But if there are 100 variants of something, but none of them are the same as any other one, they are all unique.
Maybe my logic unit is busted or something, but I don't see where you're coming from.
About 7 years back, when the WWW was still cutting its teeth, I had an epiphene; The best thing about the internet, is now everyone can use it. The worst thing about the internet, is now EVERYONE can use it.
Simply put, we should require some form of an operators' license to own or operate a computer. Despite there being radical differences between the types of machinery, an adequate comparison would be to either automobiles or firearms licensing legislation.
Before anyone makes the claim that this is not an adequate comparison, if could be eventually, the financial costs of such practices is matching, and quickly overtaking those of firearm and auto related damages. With time, eventually it could cross over to life threatening potential (for example, if someone decided to make a virus with a specific angle, wiping out or modifying records for grandma's prescription drugs).
(1) The majority of abuses involving computers involve people who consider themselves "above the law", with no care in regards to potential damages that abusing the system can incur. Virus writers, spammers, script kiddies, warez distributors and DDOS operaters often fall under this category. For sake of comparison, lets file this under speeders, reckless drivers, drunk drivers, or road rage. Similarly, the comparison can be made for firearms.
(2) The majority of problems that occur within the computer industry and most media involve people who are poorly trained (or not trained at all), or poorly advised in using their computers. People who do not patch their systems, do not operate a firewall, and open e-mail attachments to unleash every iteration of klez upon the net. This one can be filed as those who pretend a car or a gun is a toy, and treat them accordingly.
(3) Despite the whole "for the children" trend in regards to the internet, there is no practical method to truly enforce it without trampling every detail in the constitution. Therefore, unlike most offered solutions, informing and training the young'uns in how to go about using a computer responsibly would be ideal. Similarly, do the same with new computer users. Give them a basic course, then a test, and upon passing said test, they can purchase their own computer.
The problem is, as illustrated by current tech problems, along with the e-commerce industry's shortcomings and varied collapses, Joe Sixpack tends to think of the computer as an appliance. A new magical alternative to the TV that can make all their dreams come true. They need to be informed that the computer is a tool. And just like any tool, it can be abused, and that there could be consequences, something that most of them are for the most part either ignorant to, or even defiant of. Therefore, if they have this knowlege, then they cannot claim ignorance, and as such could finally be enforced, then charges can be pressed, and at least for the short run, problems can be avoided.
After all, if they could lock away Mitnick (sp?) for over 5 years for downloading a few files, why can't they lock away a virus author or spammer for operating without a permit? At least that way they can set a precedent. Hell, I'm sure a good deal of spammers out there are in violation of other things, such as unpaid taxes, working without a business license, et al. And how many of them use their proceeds towards drug use, pornography, etc? Make the bill tough enough and at least the spammers in the US can be eradicated virtually overnight.
There. The can of worms is open. Feel free to bait a hook.
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
First I ignored it. This worked for a while, but my paitence didn't grow nearly as fast as the spam volume (I've been on the net for years, so I remember when spam was a rare occurace). These are only the major things. I've tried others here and there.
Next I started using MS Outlook's built in spam catcher. This is basically a blacklist that you maintain that you can easily add things too. This actually worked somewhat well, but as the use of forged addresses (and just plain random ones) grew, this became less effective.
Next I started to use SpamNet. I used this up untill about last week. This used to be somewhat effective, and in the last month or so has been almost completely effective. This is the most wonderfull anti-spam device I've used. It was great near the end of the beta. But now it's out of beta and I'm not going to pay $5 a month to stop something I shouldn't get in the first place. Sorry Cloudmark.
When Spamnet started, it was pretty effective, but still left a decent amount to be desired. So I searched around and found SAProxy. This program let's you run Spamassassin on Windows, and the combination of this and Spamnet worked wonders. As Spamnet got better, this became more or less useless.
Unfortunatly, I had to get rid of Spamnet, due to the afformentioned monthly fee. So now all I have is SAProxy. It does work great, and it does get better with each new release. Now only about 3 messages a day get through, which is quite fantastic. Only 5% or so of the spam I get gets though. I could set the limit lower (to catch more spam) but right now I don't have to worry about it catching ham (it never has for me) and I don't want to have to start wading through my spam folder to check for ham. I thought I was using this stuff to not have to do that in the first place?
So in short, I'm now using SAProxy and quite happy. If there was a free version of Spamnet, I'd use it, but there isn't. If you're on Windows and have a supported e-mail client, get SAProxy, and save yourself a huge headache.
So what will I use next? I've been thinking of setting up a perl script to automatically find the home address of people who spam me and sending them a few ICBMs with notes attached like "HOW TO WIN AT EBAY WITH FREE CHEAP ICBMS THAT INCREASE YOUR SEXLIFE AND GROW HAIR."
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Just took a gander at his site and it is without doubt;
a) the worst example of html I have seen since at least 1994.
b) a complete stinking pile of unsubstantiated crap.
c) racist.
According to This Site, The earliest spam was sent by DEC in 1978.
Einar Stefferud, a longtime net hand, reports that DEC announced a new DEC-20 machine in 1978 by sending an invite to all ARPANET addresses on the west coast, using the ARPANET directory, inviting people to receptions in California. They were chastised for breaking the ARPANET appropriate use policy, and a notice was sent out reminding others of the rule.
Interestingly, a young Richard Stallman argued that spammers had every right to send spam.
I'm not Seth.
But of course some of the spammers get paid based on how many 'eyes' (or HTTP requests) are generated, so if they can just get through to an Outlook Express preview pane, it's worthwhile....until 'marketers' wise up.
By virtue of having my own domain name, outside of the United States, I now receive 1200+ spams a day (and noticeably increasing). People who advocate 'just hitting the delete key' make me fume. That's a lot of delete key. And a lot of time. I've now reached the point where false positives on spam detection by automated software are less likely than me hitting delete one too many times. Thanks to DNSBL I can reduce spam from 1200+ a day to 10 a day, and Paul Graham's Bayesian filtering reduces that down to 2 or 3 a week.
I'd like to share some recent observations I've made - I haven't seen this referenced elsewhere but maybe I don't know where to look (so feel free to point me where this is mentioned elsewhere).
First a minor observation that spam increases markedly on the weekends - because peop,e aren't around to close down open relays or spamming accounts?
Secondly, spammers have started adding non-spammy words (eg capacitor) and constrcuted nonsense words (capacitorsggg) inside their messages. I can only see this as a direct response to Paul Graham's approach. I don't see it as working - the rest of the message is just TOO spammy - but it sugegst to me that spammers see such an apprroach as a threat. I've seen these words sprinkled at the start of plain text emssages and after the /body> /html> of HTML messages.
Thirdly, what I've recently noticed is that a spammer will connect to my mail server, say HELO, do a MAIL FROM: and then QUIT. Then they connect to my system again and use a HELO command that is my OWN IP address. They also include a fake Received header that makes it look as though the message originated from my own machine. Nice try you scummy spammers. SpamCop is smart enough to see through that ploy. I wonder how other system's will respond.
Fourthly, I've noticed that often when I complain to SpamCop I become the victim of a JoeJob. Currently I'm getting all the delivery failures coming back to random alphanumeric usernames at my domain. Sigh. Time to strip off my domain when I lodge SpamCop submissions eh?
Recycle PCs and build a wireless community network www.hillsborough.org.nz
In 2002 I received over 18,000 pieces of spam, for a total of 163 megabytes. Compare this with the year 2000 (6 MB) and 1996 (183 KB). Based on the spam I've gotten so far this year, 2003 should see a bumper crop of 25 to 30 thousand pieces. This is just my POP3 account, and not my venerable Hotmail account that's now a smoking hole in the ground.
If I'm ever lucky enough to meet a spammer in person, I will kick him in the nuts repeatedly, until he sings soprano. Of course, I'll be chanting "Just hit Delete...just hit Delete" the whole time.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
Yeah, I thought of requiring a license a long time ago too. You can see at http://www.foobarsoft.com/opinions/internetproblem sandsolutions.shtml. Of course, the real problem with this is that you'd have to get every country to agree to do this and make sure no one cheats and such. It would have been nice long ago, but it's way too late in the game to do it today.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Humans are a unique species, and while each of us is an individual, we are not 'unique'....maybe special in the eyes of our loved ones, but simply variants in the eyes of future archeologists.
While a casual definition of unique may be allowed, or even encouraged in water cooler chit/chat, such usage in a 'report' can lead to generalizations and subjective conclusions on otherwise valid data. Why wrap your (specific) data in general terms...not much point, and most people know better than to trust it. An 'opinion' does not a 'report' make. The link is to an opinion, not report that can serve as a foundation for conclusion. Opinions are like....well, you know.
should be as effective as slashdot's anti-troll measures... **ducks**
4) Would a dating service for people on the net be "frowned upon" by DCA? I hope not. But even if it is, don't let that stop you from notifying me via net mail if you start one.
There will not be a "new" SMTP because the existing one is too well established.
There have been many wonderful suggestions posted as previous stories and also as responses to previous stories. Many, perhaps most, of the great solutions require a critcal mass of people to adopt a technical solution at the server. None of those will happen.
The best solution will be individuals or companies adopting products like Spam Sleuth or Spam Sleuth Enterprise which have a variety of detection methods including Bayesian (statistical analysis), EMail Stamps (shift cost to sender), Bouncing (trick the spammers), as well as the usual Whitelists, IP Blacklists, e-mail address Blacklists, etc.
Just like computer viruses, those people who use the technical solutions will be immune, and those that don't will continue to suffer. The tools exist. Slogging through spam each day is a choice.
Drug dealing is a 'victimless' crime in which all parties concerned are consenting.
So all of the people that get killed by stray bullets in drug deals gone bad consented to being shot? Drug dealing is not a victimless crime.
What makes no sense about spam is that it seems like the only people really making money off of it are the spammers themselves. It's a shame I don't have it on hand, but more than 75% of the services being offered according to one account, aren't even legit, the main exception being pornography websites. (I'm sure many of you will remember the article, and someone will respond to this with it).
Case in point, what I'm wondering is, who are the companies funding spammers? Judging by the relativly low success rate of bulk email, I'd imagine you're actually losing quite a bit of money to pay a company money to send out emails for your company, emails that potentially damage the reputation of your company due to the vast amounts of illigitimate business and anti spam sentiment on the net.
Simply stated, it sounds like:
Step 1: Send mass emails
Step 3: collect profit
I willing to bet their business model was derived from the underpants gnomes...
"In a Democracy, people get the kind of government they deserve." -Winston Churchill
Simple.
Money.
Mitnick's foes' lawyers claimed billions of dollars (that's laywer dollars, not real dollars, of course) of damage to the people padding the politician's pockets.
When spam gets there, we could count on the jack-booted thugs raiding a place or two in the night. Unfortunately, the spammers are getting richer, and trying to make laws that favor them...
For us carnivores, "Sucking the marrow out of life" isn't a transcendentalist philosophy but a practical instruction.
This article does not really gives much of an overview on the history of spam wars. The article leaves out more stuff that it mentions. I couldn't find any references to:
* Evolutionary progress from your garden-variety, run-of-the mill carpetbombing from the sender's ISP to hijacking of external mail relays, leading to most mail relays now being closed; to repeated gang-banging of every mail relay on the Internet, in the late '90s, that was running the completely fucked up Sun sendmail 8.6, which fails to record the sender's identity, turning it into a somewhat efficient anonymous spam forwarding service; to direct-from-dialup spamware that doesn't need mail relays and delivers directly to the recipients' mail servers; to spamware that scans and hijacks open proxies, and spam-forwarding trojan zombies that take over and infest Windows-based clients.
* The rise, fall, and bankruptcy of Apex Global Information Systems, the first commercial attempt to make a business model out of providing dedicated spam connectivity; with Cyberpromo, Nancynet, Marynet, and Sallynet spam factories as their charter "customers".
* The rise and fall of MAPS. The article makes out MAPS as the leading champions, but those in the know sadly know that MAPS is now a shadow of its former self.
* The rise and fall of ORBS, and a gaggle of similar open relay blacklists that sprouted up to supplement and replace.
* The rise, and hopefully the fall, of the trend where large backbones quietly agree to accept premium connectivity and hosting fees, in exchange for ignoring complaints about their spamming parasites, all the while flouting their supposed "anti-spam" Acceptable Usage Policies/Terms Of Service (documentation and proof available per request).
* The rise of the trend where spam farms are set up in third world countries, whose hosts completely ignore spam complaints and are generally better resistent to spam blacklists, since they don't send much mail to the US.
* The rise of SPEWS, as a partial response for a need for a successor to MAPS, and a surprising accept of SPEWS, which has an aggressive blacklisting policies, which flew in the face of conventional thinking that network providers will tremble with fear, run to hide in the nearest closet, and become completely paralized at a mere prospect of rejecting a single non-junk message.
There's plenty more subject matter for anyone who really wants to provide an overview of spam wars. This article seems a bit skimpy on the facts...
First off, the article is WAY behind the times on anti-spam techniques. SpamAssassin's statistical techniques far outstrip the simplistic features discussed. For example, it mentions obfuscation techniques, and yet SA is known to detect almost all of them one way or another, and even when it doesn't it catches the mail because it's in Razor2, comes from a BLed site, has obviously forged bits, doesn't look like valid mail to Bayes, etc, etc, etc.
Second, the article is also a bit naive on several points regarding blacklists. Many blacklists are good and useful, many are not. But taken as a whole, they present a spectrum of data that can be interpreted through a number of classical techniques that are applied to noisy data sources. Trusting any one BL or a small list is almost always a mistake, you need to build a sample set and determine who you trust and how much. SA does this, but it would be easy enough to build a BL-only SA-like tool for high-speed analysis on high volume ISPs and pipe-providers.
I'm getting worried that the problem of spam erradication is starting to look like the most divisive problem the net has faced to date. There are an awful lot of angry people, and those pitchforks and torches are starting to point in some very "infrastructurish" directions. Articles like this one, really don't help much....
This should be prosecuted under the existing computer-cracking laws. It's no different from shoveling a dictionary at a password prompt -- both are attempts to break past a security mechanism designed to keep you out of other people's computers.
/. If the government wants us to respect the law, it should set a better example.
If there is more than one, then it's not unique. Fingerprints are attributes...a sub-class of a parent 'mammal'. I don't care if one is thick and one is thin....dumbass.
This is an idea that ran through my head. There are likely flaws with it (I can think of a few) but, you know, the more ideas that get out there, the better.
E-mail addresses are largely collected from web pages. It would be trivially easy for one person to set up a plain text web page that contains 10 MB of plain text bogus e-mail addresses, changed daily. But what if everyone did it? What if there were thousands of such pages (hundreds of thousands) on the web? Would it be possible to clog up spammers by flooding their address collectors with hundreds of millions of bogus e-mail addresses per day?
(Plenty of obvious objections of course. For example, all that cumulative wasted web storage space costs money. Also, spammers still test for validity of addresses. But, they'd have to do more such testing. And so on...)
Well, in Houston they did get an energy boom in the 90's. And they messed it up same as they did in the '80s. Enron is the visible example, but all of the energy companies in Houston are suffering as well.
So to continue your analogy - even if we start over with a new idea, it won't work, because we seem to have the infinite capacity to make messes. Any solution to the spam problem that involves starting over would probably also cause one or more of the following (draw the analogies to Houston and Enron if you wish):
My domain name is being forged in headers by a spammer or spammers. I'm now receiving literally hundreds of bounces a day, for a mix of streaming gay porn, something in Russian and "Teenage Sluts Blow Chunks!".
What's the best response? Do I have any legal resource? Will this at least blow over eventually? Some research suggests the answers are deal with it, no and probably, but I'm curious to hear what anyone here has to suggest.
What I'm listening to now on Pandora...
Btw, applying OOP thinking to the world is a recipe for mistake and confusion. Fingerprint, under your definition, would be an attribute of a sub-class of mammal. Human is a sub-class of mammal, and fingerprint is an attribute of human. It so happens that no two are exactly alike, so that is why almost everybody except for you says that fingerprints are unique.
I can't say that I haven't given my address to people who "aren't stupid or assholes", but I doubt that this is the vector for most of the spam I receive.
/users, or your DSL provider "shares" your address with their "strategic partners". Never tasted that canned pink meat? You Will.
You say you've had your POP3 account for over a year; I've had mine for nine years. In that time, I've posted it to Usenet, used it as a mailto: on web pages, signed up for things with it, and used this address to register domains, always unmunged, sans "NOSPAM" or "remove this" or "@@@".
Even if I'd done none of these, or did munge my address, I'd still get spam, albeit somewhat less. Spammers use dictionary attacks, too, or they create a list from
Enjoy it while you can, for I see a million penis enlargers in your future.
k.
"In spite of everything, I still believe that people are really good at heart." - Anne Frank
You do realize that legalizing drugs would address every single problem that you've mentioned in your post, don't you?
Yes, forging headers is fraud. You can sue based on damage to reputation and cost of processing the bounce messages. However, you will first need to determine who is sending the spam. To try to do that, you will have to do some research. If possible, obtain full headers for each type of email, so that you can see who is sending them. The other way you can determine identity is to follow the money. How is the spammer going to make a profit? Selling porn sites? Referrals? Just getting paid to send the emails by someone else?
If you could use help interpreting headers, send me an email at my Slashdot userid at yahoo dot com. Please include Otter from Slashdot in the subject if you send me email; otherwise, I might think it is spam...
Then again, I think driver licensing is too lax anyway. Changing a tire should be a required piece of it unless you are physically incapable of doing it.
Yes, that is the answer. Let's legalize drugs. After all, things like herion and cocaine can be used in a recreational manner. Having had a sister and a teenage daughter who got mixed up in this junk (one cocaine, one herion) I think its safe to say that I think this stuff does not need to be legalized.
"We license drivers. How many idiots do you see on the road every day when you drive to and from work, who do not pay a penalty for being idiots? Think licensing computer users would be any more effective?"
Ahhh, but then what would insurance companies do for a living? Get a real job? No, wait...
Just because you can mod me down, doesn't mean you're right. Shoes for industry!
I'm surprised TMDA hasn't been mentioned yet. The Economist does note "challenge and response" systems, this seems the right answer to me.
http://www.tmda.net/ seems quite good, check it out.
Shouldn't we be able to prosecute spammer's under the DMCA?
Spam filters are obviously a device used to regulate what mail you receive. They used to effectively block spam. However, spam has evolved to beat the filters.
This implies that the spammers determined the method the filter used, so that they could beat it. In other words, they reverse-engineered it.
So, aren't spammers circumventing an access-control device via knowledge they gained by reverse-engineering a product?
It's that the epitome of illegal under the DMCA?
Justin Dubs
I've been trying to figure out how to set up evolution to work with spam assasin. I'm running debian unstable, so I can get pretty much whatever packages I need, but I'm not really sure where to start.
Is anyone aware of any good guides or howtos, so I can RTFM (read the fine manual) and get this set up. I've been toying with just using Mozilla 1.3 w/ the built in baysean filtering, but I really kind of like the pim aspects of evolution. Thanks.
Liquor dealers don't go shooting each other on the street corners, though people do rob liquor stores and drunks do get into fights. A day's worth of medical-priced opiates is cheaper than a half-bottle of bad gin.
Zucchini dealers don't go shooting each other, though there are the occasional Midwestern terrorist events (leaving bags of zucchini on other people's doorsteps during the growing season); marijuana's about as easy to grow as zucchini if you're not trying to hide it from the cops.
If we legalize drugs, street gangs may not stop carrying, but they'll mostly stop dealing, because you'll be able to get better-quality pharmaceutical drugs at the drug store and marijuana at the tobacco or liquor store, and at that point drug dealing turns into honest work, not significantly more profitable than selling flowers on the street corners except for a bit of low-markup business selling to minors along with selling them cigarettes. Might as well go back to stealing hubcaps.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Not true. A couple years of years ago two pump'n'dump stock spammers/scammers were ventilated in New York. They obviously tried their scams on the wrong people.
One line blog. I hear that they're called Twitters now.
so that's 121%? cool.
The following article in The New York Times recently cought my attention: http://www.nytimes.com/2003/04/27/national/27JOBS. html?th=&pagewanted=print&position=
Specifically, the last 2 paragraphs. To spare you the trouble of registering and scrolling down: it's a 56 years old woman laid off from Bayer in 2001, unable to find a job in 2 years.
Guess what is she poised to do now...
Try to plot those "spam volume surged from 10% to 40%" and Dow Jones charts together, - I don't think it's a coincidence. Several million people including hundreds of thousands of programmers went out of the loop in 2 years, with less and less hope for better economy. What fraction of that army is looking for "business opportunities" now? A plausible estimate would be the same as for the spam response rate, which is 0.01-1% (the numbers i see in various articles on the subject), - quite enough to fill up everybody's in-box.
The future is promissing though. Sooner or later people will sort out all those enrons and worldcoms, figure out what they want and push Dow and Nasdaq over 12,000 and 5,000 respectively, and you'll find Alan Ralsky toiling in the cubicle next to yours, bitching about the boss...
I too have noticed that the vast majority of spammers now seem to forge the HELO/EHLO greeting. And as most non-spammers don't, this is actually a wonderful way to catch them. I've even seen them send the IP address of my secondary mail gateway in hopes that my primary mail server would fully trust it (obtained probably by looking up my MX records). I run a mail gateway for a corporate domain an get on average 30 to 40 thousand spams per day. Using sendmail with it's milter programming interface I put the HELO greeting though a very strict check. For those contemplating doing the same...
One last note about Forged AOL Spam after talking to one of their postmasters...all their legitimate mail by corporate policy is always sent from within the *.aol.com or *.aol.net domains. This will be in both the HELO as well as a reverse DNS lookup of the connecting IP address. If you don't see this in the HELO and DNS but you see a MAIL FROM for aol.com, it's probably spam.
I wish more big ISPs would provide public information about how to better detect forged mail claiming to come from their sites. For instance if I see a MAIL FROM *@yahoo.com, then should the connecting IP address always be from a *.yahoo.com host? Some ISP's like hotmail seemingly always add in a known predictable header whose absence indicates spam. But I can't reliably make these calls unless the ISPs provide that information. Also, beware that some semi-legitimate sites, like Monster.com forge the sending address on purpose; so if you want to receive resumes you may need to whitelist them.
Certainly, heroin and cocaine can be used in a recreational manner. I personally have never played with cocaine as I'm not particularly interested in stimulants (I'm naturally an overstimulated person), but I have experimented fairly extensively with opiates (never heroin directly), and have not demonstrated any particular tendencies towards addiction in that domain.
Now I have tried a wide variety of drugs in recreational and spiritual settings, and the only ones that I have ever gotten addicted to are alcohol and tobacco. Because of this and the hardships that alcohol abuse instilled in my life, do I propose that alcohol should be illegalized? No - just because I was unable to be responsible with alcohol is no indication that others cannot drink in moderation or without negative consequences.
Drug use is a victimless crime. I'm all for drug awareness education and full legalization, and I see no reason why our bodies should be governed. You know when you get into certain classes of drugs that you may be treading dangerous territory, and you have to be willing to accept the consequences. Put the responsibility on the individual, not on the legal system.
Besides, personally, I would feel *much* safer ingesting cocaine and opiates (which have both been in use by humans for hundreds of years) than the bevvy of experimental, poorly-understood chemical additives that are being crammed in our food in ridiculous levels these days. At least, drugs have something to offer me, whereas preservatives, flavour enhancers, growth hormones, pesticides, etc... serve no purpose other than to fatten some corporation's bank accounts.
What about Junk mail I receive on a daily basis? I would say that 75% of my mail is junk mail. I don't see SPAM ever going to go away.
Years ago I got a offer from Madera International (symbol WOOD) and they said their stock was going to hit $1.20 per share at any time. This was very early in the spaming game and I wanted to find out how much people would fall for this. I called up my broker and asked how much to buy this fine stock. She said it would be $25 in fees and the smallest lot I could buy was something like 400 shares since their value was so low. Due to some miscommunication, she took this as a request to buy 400 shares. Since it would cost me another $25 to unload it, I decided, I would keep it as a reminder to chart its progress over the next few years. From a high of nearly .06 a share it simply fell. Today I found that its value is now $0.00. Right now the 1st link from google is a SEC report about fraud and stuff. One of these days I think I'll write up this story to tell other people what kind of people are dealing with when they get stock tips from people they don't know.
Madera International started out importing assult rifles until a law stoped that. Then they went into the business of cutting down rainforest. For a while they had a nice web page up saying how you could give them $10 and they would plant a tree in the rainforest to replace one cut down by loggers. According to the SEC, that wasn't their only scam.
Drugs are guarenteed to be bad for you. Additives at least try to be beneficial. You feel safer w/ drugs? Too much "experimentation."
Just set up a procmail filter to block any mail that isn't signed or encrypted with PGP.
Of course, you'd miss out on a lot of legitimate mail.
The US Army: promoting democracy through unquestioned obedience
Drugs are "guaranteed" to be bad for you? What are you talking about??? Very few drugs are addictive or physically damaging. Indeed, it's highly likely that a single meal at McDonald's is ridiculously worse for you, in terms of cholesterol or sheer chemicals, than smoking a joint. And people have been able to use opiates for most of their lives without significant physical problems (apart from physical addiction, which in itself, is not dangerous with respect to opiates).
You can't make sweeping generalizations about drugs with regards to issues like dangers. Comparing marijuana to crack cocaine is like comparing apples to water buffalo; certainly, there are some commonalities, but there are many more differences.
Additives try to be beneficial? Again, I don't see the logic in this. How is MSG beneficial to me, the consumer? All it does is allow Campbell's Soup to skimp out on the chicken in their broth and cut corners with regards to quality. Since I've gotten off MSG and other chemicals, I dropped 67 lbs without doing a lick of exercise or cutting calories (apparently, this is not uncommon, either), and I haven't felt better.
If 71% got no more than a little, that obviously would INCLUDE the half who got none... since half is, in fact, no more than a little.
Sean
Trying to attack the spammers themselves is futile. They'll just change ISP's, accounts, use foreign relays, etc. Also there is a growing trend of innocent victims whose email addr has been put as the "Reply-to" field in the spam emails. Passing laws and other "infrastructure" changes also are a threat to freedoms of speech and general internet use.
No, what has to be done is to go after those who sponser the spams in question. They cannot hide by using false addresses -- if they did, what would be the point of paying the spammers to send email?
The article has it wrong, I think, in saying that we cannot concentrate on the commercial aspects of spam. The only reason it is so pervasive is that the spammers get paid to send their spam. Your average "Jesus-saves" freak is not going to be spending the money to do that. Even if there are some who do it, they aren't businesses; the level of spam that they fund will be below the level at which a spammer can stay in business.
So... how do we go after the spam-sponsors? A coordinated DDOS attack could get one thrown in jail, because it's a knowing attack on the accessibility of a legitimate business. But there's one thing about spam -- what the article called the defining characteristic -- in that it's sent to hundreds of thousands, or millions, of addresses at a time. The spam itself provides the coordination for an attack; no individual attacker has to do more than access the web site a few times. Or enter bogus credit-card orders*. Or anything else that the web-site owner will have to pay for if done in enough volume.
If we all just made it a habit -- receive a spam, go to the web site referenced, and click around a bit, enter in your credit card # with the wrong address a few times, etc, then there would be very real costs mounting, which would quickly overshadow the increased sales that the 0.05% spam respondents would bring. It doesn't even have to be a majority of spam recipients doing this, as the article points out is a drawback of spam-shielding techniques; it only has to be enough to do the required damage to the spam sponsors.
"Orthodoxy is unconsciousness" - Orwell
I would love to see some references to some reputable scientific studies on this topic - at least, studies that support your opinion. Considering that entire government agencies are filled to the brim with studies that state otherwise, I'd think you have your work cut out for you.
By using CPU or monetary postage for unidentified users. Or the are "you human"? Bitmap techniques, you can essentially stop spam in it's tracks.
The problem is implementing a new e-mail protocol that supports this.
I personally realized this a while back when I started recieving porn spam on my yahoo messenger. By only accepting messages from my friends list, I was able to stop it. If someone I didn't know wanted to IM me they had to request that I add them (standard challenge and response). Since them I signed up for a mailblocks account to manage my hotmail spam (200 spams per week). Spam has dropped to Zero (although there are still a few bugs they are working out to handle mail lists etc.
-Nuke the moon
"Simply put, we should require some form of an operators' license to own or operate a computer. Despite there being radical differences between the types of machinery, an adequate comparison would be to either automobiles or firearms licensing legislation."
That's going in exactly the wrong direction. All the anti-spam solutions that aren't succeeding against spam (but you really should make sure you define "succeed" if you don't want to err in this sort of statement) came from people you would (I presume) license to be on the internet. All those smarts haven't done the job, have they? You also (like many before you) gloss over the fact that the huge majority of the people you would deny a license to be on the internet are running exactly what the software vendors sold them, configured exactly as the vendor had it configured as the default. The smarts you would require them to have would be to not trust the software vendors. OK, I'll give you that one. But why isn't that repeated incessantly until people learn it? You want to make them be smart - what do you do to educate them?
The "smart" people on the internet, the ones you would grant licenses, still almost 100% ignore their big daily opportunity to hit spammers where it hurts: the tests the spammers are doing on systems in these "smart" peoples' own domains to see if there are vulnerable IPs. Spammy as much as says "hurt me," the "smart" people say "no." That makes no sense, that's worse than trusting the vendors.
So: watch out: the licensing might get into what you'd consider the wrong hands: mine, say. I'd require every operator to demonstrate the ability to think logically - there go 90% of your "smart" people down the tubes. They still don't get it that telling a spammer "550 we do not relay" is telling him exactly what he needs to know - it helps the spammer. There's a difference between what you do to protect your own system (and what you do to secure your own system) and what works best for the benefit of the internet as a whole. Spammers every day provide opportunities for operators to cause the same spammers significant harm - opportunities on the operators' own computers. 99.99% of them simply secure the system and throw away the opportunity. Then they complain about spammers and maybe about the dummies that shouldn't be licensed to be on the internet. Uh-huh. Sure. There's Dummies and then there's Dummies.
Thee's a reasonable, non-Draconian solution: hit spammers where it hurts and where they are not now being hit. Most spam is abuse spam. Screw up the abuse pathway and that spam dies. That can be done, now, with no change in the internet or in any protocol. While spammers test IP's on DSL and cable blocxks for open relay the battle cna be engaged on those same DSL and cable blocks - individuals can fight spam. Even individuals running (gasp) Windows.
See: http://jackpot.uk.net
Drug dealing is harmful to families.
Children of drug-addicted parents are often under nourished, under educated and abused.
Drugs affect your ability to make reasoned choices. Dependancy is not good and any child of a drug-dependant would tell you (if they could). It makes for a crazy perspective and the result is that healthy behaviors are rejected because they are not familiar.
Babies born from crack-addicted mothers can be crack-addicted at birth and have a higher rate of birth defects due to the impact of the drug use and blood flow.
...which is problematic for many users, as they don't have effective ways of regularly updating their systems.
Of course, Debian GNU/Linux shines in this regard, and several of the RPM-based distros are starting to address the need, though IMO poorly.
Windows users are SOL until someone decides to offer a service specifically of providing SpamAssassin updates. This tends to make the proxy solution more appealing, however it's the crucial last bit of fine-tuning of SA rules which is the golden touch, and running through a proxy makes this more difficult.
What part of "gestalt" don't you understand?