How to Become A Spammer

permeablepdx points to this story in The Oregonian about how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."

DeCSS has legal uses...

[gilesjuk]

Such as watching DVD movies on operating systems with no DVD playing software. Where as spamming is always a pain in the butt.

Before DeCSS you would not be able to watch a DVD on Linux. Before spamming it was possible to let kids use email with no fears of them seeing obscene things, you can't now. Which is the biggest menace, I'll let you decide.

A Warm, Fuzzy, Happy Feeling

[altairmaine]

What's so great about the article? The reason this particular spammer quit!

He quit because of hostile, harassing emails from the angry public! They work! Every email you've sent telling a spammer that they're a worthless turd of a human being had some miniscule effect!

Even now, the guy admits no moral qualms about his former job. He's still a thoughtless punk who sees nothing wrong with the practice, and I'd still like to punch him in the nose. But he QUIT, because we made his life miserable in return.

The lesson: keep giving 'em hell. It's not just gratifying, it sometimes works.

Do the math

[broothal]

He's been involved in the spamming business for 6 months

He spent the first 5 months researching and one month of spamming

He spent $10.000 on spam-software

He claims he made $1000 a week.

4 weeks times $1000=$4000 income.
$4000 income minus $10.000 is -$6000. So, the guy loses $6000 on spamming.

Film at eleven...

Re:It doesn't seem terribly complicated

[jonadab]

> Obtaining a valid list of e-mail addresses is not very easy,
> you either need to invest money or you need to figure out how
> to harvest e-mails from the web/usenet.

That part's trivial. You'll get 50% invalid addresses, but so what?

Step 3 is easier than you think: at this time, you don't have to
fool the filters of the 0.05% who use even moderately complex
filters[1]; all you have to do is get past the things that are
deployed ISP-wide, like psmtp.com's filtering service. (This is
trivial to get past: write three spams at random, and two of them
will get past. No cleverness required.)

If you have to get past word blacklists, then you also need to use
a thesaurus (or 1337 sp33k), but word blacklists are relatively
uncommon, because they get too many false positives. Really, all
you have to do is get past the filters that ISPs deploy, not the
ones individuals install. Remember, if you have to send twice as
many messages to get the same response, it doesn't cost you that
much more. (This is what makes spam so problematic. *Almost*
makes me want the estamps thing to succeed.)

The hard part is convincing businesses that have money (and are
therefore presumably profitable) that they can gain more than
they lose by investing in your services. I assume you send all
the businesses in the universe adverts for your services and hope
0.001% of them bite. I would like to think that more than 99.9%
of them know better, but... I know better. Fortunately each
spammer has to compete with all the others for limited business,
so the number of spammers who can make money spamming is finite.
Praises be.

As for point 4, finding a spam-friendly ISP is a real pain; it's
much easier to run port scans and find open relays, then test
them to see which ones *don't* do a reverse lookup of your IP.

Then you send to the open relay from a custom MTA that you run
on a dynamic IP in such a way that it randomly generates From
and Received headers and such for each message, thus making it
a real pain for the recipient to track down where the spam
*originated*. Finding out where it came from to your ISP is
easy, but that's an open relay in the APNIC block whose IP is
not reverse-lookupable (virtually *nothing* in APNIC supplies
PTR records), and so tracking down the owner of the relay is
hard, and they don't speak your language, and they don't give
a rodent's posterior about your spam problem. For extra bonus
points, get a hosting deal in Asia and run your MTA there, so
that tracing you back to your ISP in the US is basically
impossible, and if we *do* figure out who runs the MTA in Asia,
we'll assume it's an open relay, provided you insert the usual
forged Received headers. Yes, I've spent way too much time
looking at mail headers.

So in conclusion, the main thing preventing a lot of people such
as myself from becomming spammers is that we hate spam. That, and
it's so obviously *wrong*.

[1] e.g., people like me, who trained a naive bayesian mail
classification system (ifile) on a collection of tens of
thousands of well-categorised messages in 3 dozen distinct
categories, including several distinct spam categories.

But actually, with a modicum of cleverness, a naive bayesian
system can be easily defeated. As soon as I read how the
algorithm works, I realised inside ten minutes how they can
defeat it. Consequently, they can figure it out too; if
enough people start using such systems they'll do that, and
we'll have to get more clever with our mail classification
systems, taking context into account for tokens, at which
point they'll drag out the Markov chain generators, which
will be *hell* to try to filter against. At that point it
might be easiest to hire somebody in the third world (where
the ecconomy is suc