Slashdot Mirror
How to Become A Spammer
permeablepdx points to this story in The Oregonian about
how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Where are these things? I'm sure tons of
Not entirely true. Most cities (including mine) have a recycling program (and most likely a cost-per-bag for garbage); every pound of recycling will end up costing you something in your taxes somewhere, so the more you have, the more cost to recycling, the more of your money in taxes.
So while bulk mailers pay for sending it, it's still costing you to dispose of it.
AC comments get piped to
What I find more interesting is that trivial software was being sold for many many thousands of dollars. He must have spent $20K on software. Are spammers themselves that stupid?
When all you have is a hammer, everything looks like a skull.
You must have quite a few clients willing to pay you
for your "services".
Otherwise, every friend and coworker I have can be a spammer.
Each one of these persons have either a DSL or Cable modem
connection, and most are proficient with computers.
What they (my friends) lack are people willing to pay them for
sending out spam (oh, yeah, another thing working aginst their
success as spammers is morality).
To fight spam and spammers successfully, i think, we must
fight the source and not the messanger (= spammer). That
is finding out who is actually paying for the spam being sent
out and "pound" on them.
I've been fighting spam for several years now. I use RBLs
and ORDBs and even have blacklisted close to 14000 IP
addresses in addition to using spam-filters. But the spam
keeps coming in.
--sidster
Play lotto? Try http://www.alottofun.com/
I have to say that this is a very interesting read. It portrays the spammer's point of view. Some of the points in the article actually make a lot of sense. We do get lots of junk mail from the u.s. post office (they could easily filter that, but they don't), yet we complain about spam the most... why?
I thought that was an interesting point. Although this article doesn't go into too much technical detail, it provided some insight into the business aspects of this which I don't particularly agree with ethically. Sure, it's a very easy way to make money if you know what you're doing, but it's still violating people's privacy by sending them unwanted messages.
Another thought... If your regulary Joe (the guy in this article) can find ways to become a spammer in 5-6 months of research, why can't the government do its own investigations and just put a stop to these facilitating network groups? I thought there were laws against spam in the U.S.
"You had this look that of an angel, it was such a bad disguise" --Dishwalla
Which is why I send it back to them. Postage paid business reply? Right back in the box. Ads and such that come with my gas card bill, etc.? back in the envelope with my payment.
Yeah, its not much, but at least I'm sending a little more $ to the USPS for the PP mail, and I'm having the sending company use their resources to dispose of the trash they shouldn't have sent me.
Don't blame me, I voted for Kodos
If mortgage companies pay spammers $5 for every referral then why can't we spam them back?
Simply create ten million or so "honeypot" email addresses, and have an automated system have them all request information on the mortgage deal.
Once the mortgage company is on the hook for $50 million, they will think again before going to a spam outfit.
This will knock out the mortgage and credit card spams, but won't make a dent in the porn or Viagra spams, as those actually require an order.
If you ask the Post Office to filter out the junk mail, they will. This is not 100% effective, but about 90% of postal junk mail is added on a per address basis by the post office. They can and will stop delivering that if requested.
Also, back when I only got a few spams a week, I used to read them. I never bought anything from them, but I would look at ones I found interesting. The problem is that we have gone from five to ten spams a week to hundreds. My yahoo account (which I mainly use for site registrations) collects hundreds of emails each week in its bulk (spam) folder.
There are several costs to me of that volume. One, I have to spend a certain amount of time checking for legitimate email. Two, what if I incorrectly classify a real email as spam. Three, I don't feel comfortable publishing my email address now, since I don't want to get more spam. In the normal course of business, I would want to publish my email (how much time is spent on taking anti-spam kludges out of email; how much server time is spent trying to send email to these invalid addresses). Four, since spam is sent indiscriminately, it drowns out legitimate uses; if it is a product in which I would be interested, I would like to learn about it. Unfortunately, very little spam is targeted towards my interests (science fiction, fantasy, etc.). Five, when I send email, I am subject to it being indiscriminately deleted because I am not a recognized sender.
Two thirds of the email traffic overall is spam. Without it (and the computationally intense filtering created by it), we could easily cut the infrastructure in half. Think about it. Half the email servers in use could become web servers, etc. instead.
By contrast, postal junk mail does not increase your delivery costs. In fact, postal junk mail fees pay a good portion of the cost of maintaining mail delivery to people. If postal junk mail stopped tomorrow, the post office would have to raise postage to cover the fact that they would then be running the same delivery routes with less mail. Even if there are disposal costs, these are offset by the savings in postage.
There are very few anti-spam laws in the US. The few that do exist are state laws rather than federal laws. Most anti-spam prosecutions are based on fraud and damage claims. Further, in the US, it is not really possible to shut down a group talking about doing something. It's not illegal to discuss how the law could be broken.
When I was in high school, I had an AOL account. I knew there were other ways to get online, but I actually liked AOL. There actually was "value added" AOL content at the time, and among those were the chatrooms. I used them, and the forums, a good bit. I later on learned that creating a user profile had become a bad idea, because that put you in the Member Directory, which spambots used to get addresses. Pity, because the directory was a good thing at first. The chat rooms were too. You had to dig around to find good ones, but they were there. Now, because of people like you wanting to make a buck by annoying people by the millions, an AOL user can't go into a publicly listed room or even a private one with a non-random title, without instantly becoming a spam target.
It's been a long time since I used the account regularly, but I still have that account. I use it when I'm out of town, because no matter where you are, you'll usually find an access number. Not for email though. Never for email. Sometimes I'll go into my inbox though to show people what eight years' worth of abuse from people like you has done to it...
I log in, and the box is full. Every time. I start my demonstration by deleting about twenty or thirty emails, and then we watch. After a minute, I refresh it. One or two more emails. Another minute, same thing. Wait five minutes and there are at least ten new messages. Wait half an hour, and the box is full again.
Thanks, asshole.
But I do admire your courage in posting non-AC that you used to do this. And I thank you for giving me an opportinuty to actually speak to one of you. I wish your email address wasn't hidden, but I do see a URL. In glancing at your page I don't see an email address, but I do see a form on your page for sending messages to your cell phone.
Fortunately, I don't care enough about it to do anything with that, but I did want to point that little detail out for every one of the good folks on Slashdot to see...
When a spammer is actually caught, rather than fining them, I submit this incredibly complex formula for determining PRISON time.
1 second in prison, for every email that they've sent.
So if a spammer is caught, and after they raid his computers they figure he did 10 million emails that week, that would be...
10 000 000 / (24 * 3600) = 115 days in prison (roughly 4 months, for that week)
I think that would work out to a managable amount of time (ie something that won't overflow the prisons). It also would make things easier since the authorities would only need to analyze a relatively small set of data to get proof and sentencing (ie this month's ISP logs)
Or even if it wasn't prison-time, they could easily be forced to manual labour for the city the live in or something... (preferably something like cleaning sewers, but basically anywhere that manual labour is needed...)
sound like a good idea?
True Story :
/order.php ... Whoops, directory listing. Interesting folder named orders there. Interesting file named ****orders.txt there. That file contains all the records that have been submitted on the order form, complete with name, address, Credit Card number, the whole package.
... a couple hundred times $50 for some junk that'll probably cost them less than $5, if they deliver at all, all for the price of sending some shameless eMails (undoubtably quite a few of them, but still).
Somebody's eMail address gets abused as a spam reply-to (yielding a LOT of bounces, replies, etc.), sends it to a friend of mine who then goes on to investigate. Product being advertized is some kind of herbal that is supposed to give you more power, if you know what I mean.
Either way, site looks flashy (no flash though), with a snappy order-form, asks for cc number, etc. all through normal http. Now of course since you want to find out WHO is the perpetrator, you try variations on the URL, say, / instead of
(we did forward said information to mastercard and visa)
A few days after, we check back. That file has now grown to a couple hundred (!) lines, most of which look legitimate (all @aol addresses though), all ordering them herbal bottles for $50 a pop. Sucks to be them. I don't know whether or not others have found the same facts, but I'm rather sure there are more than one or two persons that have found this gaping hole.
Either way, spam works, unfortunately. Just think about it
Even if most people feel the same way as us, that leaves the 0.5% completely and utterly clueless and desperate for a longer version of a certain organ. Send enough eMails, find enough idiots.
Woohoo.
Okay, the above poster is just being stupid.
I thought the goal was to give spammers incentive, whether negative or positive, to stop spamming.
How is abusing someone who gave up spamming going to help?
The message you are saying is:
"Once you've spammed, you're screwed. Doesn't matter if you stop or change."
That is plain stupid and the wrong attitude to take. If someone stops spamming, give them the pat on the shoulder and leave them alone. Move onto the next spammer. Why continue to harass someone who has gone legit?
If you abuse people because they spam and you abuse them if they stop, then you are basically telling them and anyone else that hey, once you have started to spam, there is no reason to stop.
I for one would like to see the spamming stop.
Winged Power Photography
Comment removed based on user account deletion
I'm not forgetting that... But you have to remember it's a sales pitch. The more distorted and mangled the message looks, more people will just completely ignore it. Regardless of whether a message was spam or not, I would not take seriously any message that was sent to me in, essentially, SMS-speak. I certainly wouldn't refinance my home or accept medical advice from an organization that wrote me in that fashion.
Second, and more importantly, the majority of people do not wage a 24 hour war against spam and run a Bayesian spam filter. They just put up with it.
For now, that is true. But as time progresses more and more companies and ISPs will offer filters (perhaps Bayesian, others, or both) to their customers--perhaps defaulting it to "on." I wouldn't count on typical users making an effort to avoid spam, but I would expect more and more comapnies and ISP to do so.
If it was purely Bayesian filter vs spammer, spammer would win hands down.
I disagree, and I wonder if you have done much investigating with Bayesian? I've been working on it for the last 7 months and, believe me, Bayesian is surprisingly effective despite its simplicity. Messages I thought it wouldn't catch ARE caught with no special logic whatsoever.
Three things I would mention and which I advocate, especially as spammers try to outwit Bayesian.
1. Bayesian WILL catch their messages unless they munge their messages, which we must assume they will. They already do and, presumably, they'll do it more in the future. This is simple to address. Once your Bayesian corpus gets sufficiently large the expectation is that a typical valid email will not add a significant number of previously-unseen tokens to the corpus. If you have a corpus of thousands of messages and receive a new message of which 40% (for example) are new tokens, you may want to assume that's a spammer munging because a real mail is not going to have that many "new" tokens.
2. Even if you don't assign a cut-off point as in #1, you just make "characteristics" out of the number of new tokens. For example, if you have a message that contains 50-60% new tokens, that itself becomes a new Bayesian token. Perhaps, over time, Bayesian will find that "messages with 50-60% new tokens have an 80% chance of being spam." So the fact that they munge becomes a damning factor even if the computer can't identify the actual munging.
3. You add new characteristics as in #2. Perhaps another characteristic is "Messages that contain no body except for a URL." Perhaps 85% of those messages are spam, and Bayesian can count that as a damning characteristic. Or, perhaps, messages where over 50% of the body are devoted to URLs have a 90% chance of being spam. All these add new "characteristics" that can be used to calculate a spam probability for Bayesian.
So, the point is, Bayesian itself is very, very capable of solving the spam problem. I'm not saying that we write a Bayesian filter today and it never has to evolve. But now when spammers implement new countermeasures, we just have Bayesian do analysis that looks for those countermeasures and, when found, counts them as another characteristic. The algorithm remains untouched, but we have a growing number of characteristics that Bayesian is scoring--not just tokens (words) in the message, but characteristics OF the message.
Believe me, 7 months of research and development on this has convinced me that Bayesian is going to be the headache to end all headaches for spammers. Will it catch 100% of spam? No (more like 99.5%, actually |grin|). But will it catch enough so that the typical user isn't bothered by spam and to further reduce the response rate of spam to reduce the incentive to send it? Yes, it will.
And regardless of whether or not the w