Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Become A Spammer

Posted by timothy on from the or-just-look-like-one dept.

permeablepdx points to this story in The Oregonian about how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."

64 of 458 comments (clear)

  1. Text of Article, In Case of Slashdotting... by Murdock037 · · Score: 4, Funny

    Steps to become a better spammer:

    1. Insert head in ass
    2. Click "send"
    3. Profit!

    1. Re:Text of Article, In Case of Slashdotting... by Anonymous Coward · · Score: 5, Funny

      According to the article, he used to be a web designer. After seeing his site, I now understand why he was forced into a life of spam.

  2. Jeez by Dachannien · · Score: 4, Insightful

    "The idea is it's just like a commercial," Shiels said. "You don't just send it to one address once. You send it to one address five or six times. Do commercials only come on once? You get the same crap in your e-mail more than once. You have to bombard the person."

    And they wonder why they get death threats.

    1. Re:Jeez by Anonymous Coward · · Score: 3, Interesting

      How many of you have gotten spam from this "University Degree" program? Want to know who they are? I found them. But I also found a way to really cost them (spammers) a lot of money, and it got to the point where they FINALLY gave up and took me off their list.

      These people have a HUGE call center in London. But they have a USA registered toll free number.

      Interestingly though, the ring sounds like a European type ring (germany, russia, france), but not the Brr brr type OK ring.

      After further invstigation and social engineering some people at the UK call center, I found out the cost of every phone call.

      30 cents - when calling them from a payphone (no charge to the caller of course).

      $1.75/min connection fee from the 800 number through the overseas link to the UK call center.

      SO I encourage all of you slashdotters to work their dialing finger and start calling their number...

      877-722-2413 TOLL FREE to the caller, but over $2/min for the spammer.

      It's best you call them from a payphone (they incurr more charges that way).

      They apparently have about 10 USA lines, so it won't take up that many people to completely cut off their call center from USA calls.

      Tips for keeping them on the line for a long time include giving them a speal about how you want to mail them a check, and to please give out their snailmail address. Of course they won't give it, but ask to speak to a supervisor (Even MORE hold time they have to pay for), then argue with them. I assure you, they are really sneaky people and KNOW they are selling this crap, but I also learned their policy is not to spam just once, but these people just HAVE to send at least 1000 spam messages PER EMAIL address.

      REMEMBER - YOU can fight SPAM - FIGHT BACK. Take advantage of those 800 numbers they give out. Make them pay.

      Waiting for bus or train? Are there payphones handy? Well, take down this number, and put it in your address book, then you can amuse yourself while waiting for train or bus, and put those payphones to good use.

      1-877-722-2413

      After your little dialing binge, you'll feel a great satisfaction, knowing you costed them this money.

  3. In other news by Anonymous Coward · · Score: 5, Funny

    Next week its how to be a pimp, followed the week after by "mugging for fun and profit".

  4. How do you... by bazik · · Score: 4, Funny

    "How do you torture a spammer" would be more interesting.

    Maybe tie him up on a light post and throw AOL CD's at him?

    --


    --
    One by one the penguins steal my sanity...
    1. Re:How do you... by TopShelf · · Score: 4, Funny

      Personally, I think it would be more dramatic to tie him down and place one AOL CD at a time on his chest, eventually crushing him under the weight of 100 million disks. Talk about bulk email!

      --
      Stop by my site where I write about ERP systems & more
  5. In the article, it says... by DragonPup · · Score: 5, Funny

    He'd heard enough complaints about spam from his friends, but he never understood them. The junk mail his mail carrier delivers bothers him much more, Shiels said.

    "It costs money to be processed. And it's a waste of trees. It's intrusive as hell because you have to go through all of it. People don't get mad about that, and I don't understand why," he mused.

    Is anyone else thinking what I am thinking?

    --
    "Useless organic meatbag" -HK-47
    1. Re:In the article, it says... by mutende · · Score: 3, Informative

      whois defibworld.com says:

      Duncan Shiels
      #301 6663 SW Beaverton Hillsdale Hwy
      Portland, OR 97225
      US
      Tel.: 503.702.7466
      --
      Unselfish actions pay back better
  6. Thanks Slashdot! by rolfwind · · Score: 3, Insightful

    Just what we need! To teach more people this valuable trade.... But really, it won't be worth it. In a few years, so many people will be into it that the companies will have the upper hand on who to hire to get the message out........ and unless you have lists of email addresses in the hundreds of millions it won't be worth it. Besides, your customers will be limited to porn or those sleazy as-seen-on-TV type products. I suggest reading some advertising books, since that is the trade, and finding a more novel way to apply it to the net if you want to make real money.

  7. online clubs? by scubacuda · · Score: 5, Interesting
    ...Shiels found the entry point -- online clubs for spammers. The Internet bulletin boards, which charge membership fees, allow "bulk e-mail" entrepreneurs to exchange information on clients...

    Where are these things? I'm sure tons of /.ers would love to go in and wreck havoc on them.

  8. hmm by revmoo · · Score: 5, Informative

    What I find most interesting about this is that the article says that Sheils made over $1000 a week. That just amazes me that there are that many stupid people out there, that actually purchase products from UCE.

    I mean, just on principle alone, I will never purchase something that I get spammed about, and I would think that most people feel the same way, so that just makes me wonder, who DOES buy this stuff? It's those people that are to blame for the continued onslaught of spam. If no one bought their stuff, they wouldn't waste their time(and ours) anymore

    Just a thought

    --
    I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
    1. Re:hmm by treat · · Score: 4, Interesting
      What I find most interesting about this is that the article says that Sheils made over $1000 a week. That just amazes me that there are that many stupid people out there, that actually purchase products from UCE.

      What I find more interesting is that trivial software was being sold for many many thousands of dollars. He must have spent $20K on software. Are spammers themselves that stupid?

    2. Re:hmm by Phroggy · · Score: 3, Insightful

      Note that he didn't necessarily make $1000 a week from people buying the products he advertised. He made $1000 a week from companies who paid him to advertise their stuff. Big difference! He mentioned that mortgage companies would pay him for anyone who requested more informtation, even if that person never actually got the mortgage.

      --
      $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
      $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
    3. Re:hmm by Anonymous Coward · · Score: 4, Interesting

      True Story :

      Somebody's eMail address gets abused as a spam reply-to (yielding a LOT of bounces, replies, etc.), sends it to a friend of mine who then goes on to investigate. Product being advertized is some kind of herbal that is supposed to give you more power, if you know what I mean.
      Either way, site looks flashy (no flash though), with a snappy order-form, asks for cc number, etc. all through normal http. Now of course since you want to find out WHO is the perpetrator, you try variations on the URL, say, / instead of /order.php ... Whoops, directory listing. Interesting folder named orders there. Interesting file named ****orders.txt there. That file contains all the records that have been submitted on the order form, complete with name, address, Credit Card number, the whole package.

      (we did forward said information to mastercard and visa)

      A few days after, we check back. That file has now grown to a couple hundred (!) lines, most of which look legitimate (all @aol addresses though), all ordering them herbal bottles for $50 a pop. Sucks to be them. I don't know whether or not others have found the same facts, but I'm rather sure there are more than one or two persons that have found this gaping hole.

      Either way, spam works, unfortunately. Just think about it ... a couple hundred times $50 for some junk that'll probably cost them less than $5, if they deliver at all, all for the price of sending some shameless eMails (undoubtably quite a few of them, but still).
      Even if most people feel the same way as us, that leaves the 0.5% completely and utterly clueless and desperate for a longer version of a certain organ. Send enough eMails, find enough idiots.

      Woohoo.

  9. Re:spam & mail by Sebby · · Score: 4, Interesting
    "Email spam cost us money and bandwidth on our end, bulk mail dont"

    Not entirely true. Most cities (including mine) have a recycling program (and most likely a cost-per-bag for garbage); every pound of recycling will end up costing you something in your taxes somewhere, so the more you have, the more cost to recycling, the more of your money in taxes.

    So while bulk mailers pay for sending it, it's still costing you to dispose of it.

    --

    AC comments get piped to /dev/null
  10. I don't under stand why... by Exanerd · · Score: 4, Insightful

    > Well first I PAY to have an Internet connection, I do not however, pay for the mail that gets sent to me - thats the mailers responsibility. Also it seems a bit more personal being intruded upon in your own home, than having something sitting in your physical mailbox outside on the step, or the entryway to your building. Personally I think snail mail is far more wasteful in terms of actual resources, I just don't directly pay for it and I don't get as much of it and I can recycle it, but the time I spend sifting through hundreds of ridiculous spam emails a day impacts me more directly.

  11. As much as I hate to make it personal... by JimDabell · · Score: 4, Insightful

    Shiels decided a spamming career wasn't worth the personal cost.

    There you have it. I wonder if there is a way of applying this cost to every spammer.

  12. Re:does this really require a readme.txt?? by dknj · · Score: 3, Interesting

    I was one of the first people to bring spam to AOL. I wrote a program that would jump from chat room to chat room all day and just collect screen names. I would let the program run while I was at school and usually over night (only had one phone line, V.FAST baby). I sold the addresses to businesses and collected a pretty penny while in high school. My mom never believed where I was getting the money and thought I was selling drugs :\ My days of spam came to an end when I found something else to occupy my time. In fact, I never saw spam as something cool.. just an easy way to make money at the time

    -dk

  13. Server Crashes by micaiah · · Score: 4, Funny

    "Because the hyperactivity caused a crash about every other day, Shiels monitored the computers all day."
    Hmmm I guess the spam software is running on Windows.

  14. information wants to be free by ArchieBunker · · Score: 4, Insightful

    Sure its ok to post the source to DeCSS but now all of a sudden you don't like the SPAMMER-HOWTO? Thats odd I thought you didn't have a problem with it just being information and all.

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  15. Early adopter or bad reporter? by isomeme · · Score: 4, Interesting
    Entering a murky world In 1998, Shiels quit his patrol sergeant job at the Adelanto Police Department in Southern California and moved back home to Portland to start a full-time career in Web design, a hobby he had been dabbling in for five years.
    So he started in 1993, the year the first creaky Mosaic browser began filtering out of the lab? I mean, I consider myself a pretty cutting-edge tech dude, and I didn't build my first site until 1994.
    --
    When all you have is a hammer, everything looks like a skull.
  16. What is truly amazing by SCHecklerX · · Score: 4, Insightful
    Is that this scumbag doesn't believe he is doing anything wrong.

    If he feels that this stuff is so legitimate, why is he using software that abuses open relays and proxies, and forges mail headers, instead of publishing the real address he is sending his spew from? Hmmm?

    It's forgery, plain and simple, and there are laws that deal with it. Prosecute the fsckers on it already!!!

    1. Re:What is truly amazing by datavortex · · Score: 5, Informative

      The Computer Fraud and Abuse Act of 1986 covers exploitation of open relays. My company tested this in court against spammer Khan Smith, and we trounced his ass. Using an open relay to send mail is illegal in the states, provided the relay is also in this country. This ex-cop most certainly broke the law.

      --

      He either comes off as a real interesting guy with encyclopedic knowledge,or a pathological liar with an ax to grind
  17. Re:does this really require a readme.txt?? by sidster · · Score: 5, Interesting
    I think there is more to it than having bandwidth and software.
    You must have quite a few clients willing to pay you
    for your "services".

    Otherwise, every friend and coworker I have can be a spammer.
    Each one of these persons have either a DSL or Cable modem
    connection, and most are proficient with computers.

    What they (my friends) lack are people willing to pay them for
    sending out spam (oh, yeah, another thing working aginst their
    success as spammers is morality).

    To fight spam and spammers successfully, i think, we must
    fight the source and not the messanger (= spammer). That
    is finding out who is actually paying for the spam being sent
    out and "pound" on them.

    I've been fighting spam for several years now. I use RBLs
    and ORDBs and even have blacklisted close to 14000 IP
    addresses in addition to using spam-filters. But the spam
    keeps coming in.

    --
    --sidster
    Play lotto? Try http://www.alottofun.com/
  18. DeCSS has legal uses... by gilesjuk · · Score: 5, Insightful

    Such as watching DVD movies on operating systems with no DVD playing software. Where as spamming is always a pain in the butt.

    Before DeCSS you would not be able to watch a DVD on Linux. Before spamming it was possible to let kids use email with no fears of them seeing obscene things, you can't now. Which is the biggest menace, I'll let you decide.

  19. Interesting Read by unborracho · · Score: 4, Interesting

    I have to say that this is a very interesting read. It portrays the spammer's point of view. Some of the points in the article actually make a lot of sense. We do get lots of junk mail from the u.s. post office (they could easily filter that, but they don't), yet we complain about spam the most... why?

    I thought that was an interesting point. Although this article doesn't go into too much technical detail, it provided some insight into the business aspects of this which I don't particularly agree with ethically. Sure, it's a very easy way to make money if you know what you're doing, but it's still violating people's privacy by sending them unwanted messages.

    Another thought... If your regulary Joe (the guy in this article) can find ways to become a spammer in 5-6 months of research, why can't the government do its own investigations and just put a stop to these facilitating network groups? I thought there were laws against spam in the U.S.

    --
    "You had this look that of an angel, it was such a bad disguise" --Dishwalla
  20. Best quote: by Saint+Aardvark · · Score: 3, Funny
    "I know this all sounds like you're hiding yourself and doing this illegitimately, but the reason you have to do it is everybody tries to shut you down," Shiels said.

    On another note, anyone got any idea where these "spammer clubs" he mentions might be? I got this new toy I wanna try out...

    --
    Carousel is a lie!
  21. Comment removed by account_deleted · · Score: 4, Funny

    Comment removed based on user account deletion

  22. Controlling their money flow by unsinged+int · · Score: 3, Interesting

    How about making it illegal for a company to finance a spammer? They are starting to pass laws that make spam illegal, but why not go to the root of the problem? If you're going to make spam illegal, then making it illegal for a company to finance an illegal activity doesn't seem that much of a stretch. In fact, that's probably already covered under some more generic existing law.

    If someone receives spam for a product and it could be shown that the company that makes the product financed the spamming, then fine the company some big bucks. It might be hard to prove, but in a lot of cases the fear that it might happen would be enough to stop companies from doing it.

    There were some figures in the article indicating how much the spammer got paid per sale or per inquiry about the product. That has to be showing up (probably under some other name) in some company's advertising budget. With the crackdown on corporate accounting I think some of this could be uncovered.

  23. As usual, someone misread the article by compwizrd · · Score: 3, Informative

    How is a 41 year old man called a boy?

  24. Time for someone to go Cartman on him? by draziw · · Score: 4, Funny

    Wonder what his parents taste like?

  25. Re:spam & mail by i.r.id10t · · Score: 4, Interesting

    Which is why I send it back to them. Postage paid business reply? Right back in the box. Ads and such that come with my gas card bill, etc.? back in the envelope with my payment.

    Yeah, its not much, but at least I'm sending a little more $ to the USPS for the PP mail, and I'm having the sending company use their resources to dispose of the trash they shouldn't have sent me.

    --
    Don't blame me, I voted for Kodos
  26. Weapons against Spammers: by LaceHater · · Score: 5, Informative
    Some useful links for reducing spam income:

    For People with an *nix Account:

    • Spamassassin ruleset-based mail analizer. Detects spam quite well, especially if you enable access to Razor and Realtime-Blacklists. Newest release includes a bayesian filter.
    • bogofilter My favourite bayesian spam filter. Pro: Very good detection rates after training properly. Con: Needs to be trained.
    For everybody
    • Use Mozilla Mail The up-to-date Mozilla release includes a bayesian spam filter which can be easily trained by marking spam messages. Very good detection rate after resonable low training effort.
    • Find your favourite bayesian filter here

  27. We'll Shock Your Heart ... For Pennies a Jolt! by WCityMike · · Score: 4, Funny

    Has anyone actually looked at what the business is that he's now in?

    > "Defibworld is an authorized provider
    > specializing in state of the art new and
    > pre-owned AED's and Defibrillators at
    > the lowest prices!"

    Just what I want some hospital to be shocking my heart with: a "pre-owned" defibrillator purchased "at the lowest price"!

  28. Re:does this really require a readme.txt?? by Anonymous Coward · · Score: 3, Insightful

    My mom never believed where I was getting the money and thought I was selling drugs :

    At least drug users voluntarily buy the drugs from the dealers.

  29. Re:maybe ? by Phroggy · · Score: 4, Insightful

    Note that he says he DOESN'T SPAM ANYMORE. He's not likely to do it again. Let it go. Find somebody who is currently spamming, and go after them.

    --
    $x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
    $x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
  30. here are some by ramzak2k · · Score: 4, Informative

    http://www.email2success.com/?hop=gilly031.e2succe ss

    http://www.spamfreedesign.com/

    http://itsmyfranchise.com/sfop99/os.cgi

    http://www.anconia.com/?r=1&s=email+advertising+ so ftware

    http://www.allaccessmarketing.com/clients.htm

    Some more by seaching on google where these scumbags advertise
    http://www.google.ca/search?hl=en&ie=UT F-8&oe=UTF- 8&q=email+marketing&meta=

    --

    Siggy Say, Siggy Do
  31. It's easy to become a spammer by Beryllium+Sphere(tm) · · Score: 4, Funny

    First you get bitten by an existing spammer, then you transform. You'll need to stay out of sunlight and avoid garlic, though.

  32. Killing the demand by Inode+Jones · · Score: 5, Interesting

    If mortgage companies pay spammers $5 for every referral then why can't we spam them back?

    Simply create ten million or so "honeypot" email addresses, and have an automated system have them all request information on the mortgage deal.

    Once the mortgage company is on the hook for $50 million, they will think again before going to a spam outfit.

    This will knock out the mortgage and credit card spams, but won't make a dent in the porn or Viagra spams, as those actually require an order.

  33. Article author by AEton · · Score: 3, Funny

    "Jeffrey Kosseff", jeffkosseff@news.oregonian.com, has written us a wonderful article short on facts and sadly devoid of technical information. This reminds me of one other Jeff K. I know--coincidence? Methinks not.

    --
    We recently had heard in the office over one of the Yellow Machine that's made by Anthology Solutions.
  34. A Warm, Fuzzy, Happy Feeling by altairmaine · · Score: 5, Insightful

    What's so great about the article? The reason this particular spammer quit!

    He quit because of hostile, harassing emails from the angry public! They work! Every email you've sent telling a spammer that they're a worthless turd of a human being had some miniscule effect!

    Even now, the guy admits no moral qualms about his former job. He's still a thoughtless punk who sees nothing wrong with the practice, and I'd still like to punch him in the nose. But he QUIT, because we made his life miserable in return.

    The lesson: keep giving 'em hell. It's not just gratifying, it sometimes works.

  35. It amazes me... by KC7GR · · Score: 3, Interesting

    ...that an ex-cop, who should certainly know the difference between 'Right' and 'Wrong,' would not see spamming for the ongoing theft of bandwidth and resources that it truly is. He got out of it because of all the hate mail and such that he was getting, not because it was just plain unethical.

    I still think the best possible defense against spam is to be self-hosted, server-wise. I would also be interested to know how often this guy had to change ISPs thanks to being (rightfully) shut down for abuse of resources.

    Then again, if he were hosted on AT&T/Comcast, that might never have happened. AT&T likes spammer money too much.

    --

    Bruce Lane, KC7GR,

    Blue Feather Technologies

  36. Re:does this really require a readme.txt?? by letxa2000 · · Score: 3, Interesting
    What they (my friends) lack are people willing to pay them for sending out spam (oh, yeah, another thing working aginst their success as spammers is morality).

    Exactly. Morality. Any woman can be a hooker, they all have the tools... but that doesn't mean that every woman would be a hooker if they had a paying customer. Likewise, just because someone comes to me and offers $2k to spam 10 million addresses from my connection I'm not going to do it. It's not the lack of a paying customer, it's morality.

    Unfortunately, morality is hard to control. There are hookers even where it is supposedly illegal and there will be spam even if its illegal. The solution is not political or legal (other than suing them based on theft of service to drive up costs), but rather technical. While I will not deny spammers have been very innovative in getting around simple filters, there is a limited number of things they can do and still deliver a useful commercial to the intended reader. They already mangle words such as V!^gra, etc. and even so my Bayesian filter gives them a rating of 100%. They're going to have to mangle their message so much to get past ever-improving filters that at some point their messages are going to be so mangled that they will scarcely be readable. At that point, their already astonishingly low response rate will drop even further.

    Spam and anti-spam is a war, as they said in the article. But the anti-spam camp will ultimately win because we have the advantage that, in the end, the spammers have to deliver a readable and understandable message. That puts limits on what tricks they can play to get around filters.

  37. Open proxies by httptech · · Score: 3, Interesting

    This is the primary method of spam distribution today. If the spammers are smart, they are staying away from the Sobig.a proxies on port 1180/1182 due to the fact they will allow anti-spammers to quickly track down the spammer's real IP address. If it truly is a handful of big time spammers sending the bulk of the email, one could make a pretty big impact on them this way.

  38. They do filter postal junk mail--if you ask by mdfst13 · · Score: 4, Interesting

    If you ask the Post Office to filter out the junk mail, they will. This is not 100% effective, but about 90% of postal junk mail is added on a per address basis by the post office. They can and will stop delivering that if requested.

    Also, back when I only got a few spams a week, I used to read them. I never bought anything from them, but I would look at ones I found interesting. The problem is that we have gone from five to ten spams a week to hundreds. My yahoo account (which I mainly use for site registrations) collects hundreds of emails each week in its bulk (spam) folder.

    There are several costs to me of that volume. One, I have to spend a certain amount of time checking for legitimate email. Two, what if I incorrectly classify a real email as spam. Three, I don't feel comfortable publishing my email address now, since I don't want to get more spam. In the normal course of business, I would want to publish my email (how much time is spent on taking anti-spam kludges out of email; how much server time is spent trying to send email to these invalid addresses). Four, since spam is sent indiscriminately, it drowns out legitimate uses; if it is a product in which I would be interested, I would like to learn about it. Unfortunately, very little spam is targeted towards my interests (science fiction, fantasy, etc.). Five, when I send email, I am subject to it being indiscriminately deleted because I am not a recognized sender.

    Two thirds of the email traffic overall is spam. Without it (and the computationally intense filtering created by it), we could easily cut the infrastructure in half. Think about it. Half the email servers in use could become web servers, etc. instead.

    By contrast, postal junk mail does not increase your delivery costs. In fact, postal junk mail fees pay a good portion of the cost of maintaining mail delivery to people. If postal junk mail stopped tomorrow, the post office would have to raise postage to cover the fact that they would then be running the same delivery routes with less mail. Even if there are disposal costs, these are offset by the savings in postage.

    There are very few anti-spam laws in the US. The few that do exist are state laws rather than federal laws. Most anti-spam prosecutions are based on fraud and damage claims. Further, in the US, it is not really possible to shut down a group talking about doing something. It's not illegal to discuss how the law could be broken.

  39. Get idea for an email address by Simon+Lyngshede · · Score: 4, Informative
    And it automatically deletes addresses that have such phrases as "info" and "service," those that likely don't immediately bounce to an actual person.
    I'm consider getting a service@ address, maybe that would cut down the amount of spam I'm getting
  40. Sadly, I have to agree with him by JayBlalock · · Score: 3, Insightful

    Postal spam is worse. I've gotten to the point that, whenever I move, I *don't* fill out a change of address card because I'm sick of the fliers following me everywhere I go. I usually get 2 or 3 legitimate items of postal mail a week, versus dozens of bulk-mail ads. I'd simply not check my mailbox (which involves a 6-minute hike to the front of the apartment complex and back) but not checking it for more than a couple days causes my box to be crammed full. So, should I be more annoyed with: A)E-Spam, which takes me a whole 5 seconds to filter every time I check my e-mail, and is almost certainly mixed in with legitimate e-mails or B)A daily 6-minute hike which generally has the sole purpose of emptying my mailbox to physically make room for more bulk mail, with little chance of any practical yeild. See my\his point? (and no comments about needing the exercise, I quite enjoy walking - when it's by my choice out of no other obligation)

    --
    Bush: He's Liberal in all the wrong ways.
  41. Re:does this really require a readme.txt?? by facelessnumber · · Score: 5, Interesting

    When I was in high school, I had an AOL account. I knew there were other ways to get online, but I actually liked AOL. There actually was "value added" AOL content at the time, and among those were the chatrooms. I used them, and the forums, a good bit. I later on learned that creating a user profile had become a bad idea, because that put you in the Member Directory, which spambots used to get addresses. Pity, because the directory was a good thing at first. The chat rooms were too. You had to dig around to find good ones, but they were there. Now, because of people like you wanting to make a buck by annoying people by the millions, an AOL user can't go into a publicly listed room or even a private one with a non-random title, without instantly becoming a spam target.

    It's been a long time since I used the account regularly, but I still have that account. I use it when I'm out of town, because no matter where you are, you'll usually find an access number. Not for email though. Never for email. Sometimes I'll go into my inbox though to show people what eight years' worth of abuse from people like you has done to it...

    I log in, and the box is full. Every time. I start my demonstration by deleting about twenty or thirty emails, and then we watch. After a minute, I refresh it. One or two more emails. Another minute, same thing. Wait five minutes and there are at least ten new messages. Wait half an hour, and the box is full again.

    Thanks, asshole.

    But I do admire your courage in posting non-AC that you used to do this. And I thank you for giving me an opportinuty to actually speak to one of you. I wish your email address wasn't hidden, but I do see a URL. In glancing at your page I don't see an email address, but I do see a form on your page for sending messages to your cell phone.

    Fortunately, I don't care enough about it to do anything with that, but I did want to point that little detail out for every one of the good folks on Slashdot to see...

  42. Re:This quote says it all by letxa2000 · · Score: 3, Insightful
    Yeah... Kind of like there are people in the basement that have nothing better to do than get all upset about people:

    1. Mugging them on the street (theft of service).

    2. "Brrowing" their cars without permission to rob a bank even though they return them later, so what, difference does it make? (using someone elses mail server to relay spam).

    3. Sending threats to politicians using your address as the return address (using some innocent person's email address as the return address for bounced spam).

    4. Handing out pornographic magazines to everyone that walks by--10 meters away from an elementary school (sending porn spam when you have no clue whether or not the recepient is even an adult).

    The NERVE of some of us getting upset about such silly things.

  43. Sentencing for Convicted Spammers by Seek_1 · · Score: 4, Interesting

    When a spammer is actually caught, rather than fining them, I submit this incredibly complex formula for determining PRISON time.

    1 second in prison, for every email that they've sent.

    So if a spammer is caught, and after they raid his computers they figure he did 10 million emails that week, that would be...

    10 000 000 / (24 * 3600) = 115 days in prison (roughly 4 months, for that week)

    I think that would work out to a managable amount of time (ie something that won't overflow the prisons). It also would make things easier since the authorities would only need to analyze a relatively small set of data to get proof and sentencing (ie this month's ISP logs)

    Or even if it wasn't prison-time, they could easily be forced to manual labour for the city the live in or something... (preferably something like cleaning sewers, but basically anywhere that manual labour is needed...)

    sound like a good idea?

  44. small social networks are vulnerable. by Nihilanth · · Score: 3, Insightful

    Ive seen a rehash in this thread of several sensible (and not so sensible) ideas regarding reducing spam, and making life tougher for spammers. One idea this article gave me, however, that i havent seen discussed much, involves these message boards that were alluded to in the article.

    A digital social network (in the form of bullitain boards, etc) through which people can trade information about addresses, software, and spamming methods should be a trivial thing for a large digitally sophisticated crowd (ie slashdot) to find and then attack, either by trolling/flooding, or more outright destructive means.

    This dosent address the actual hardware involved in sending and receiving spam, but rather constitutes a multi-front assault against a subculture. Maybe it wont stop all spam, but it would make it harder for people to get into the spam business, by either exposing this social infrastructure and diluting it, or disabling it violently by disrupting the virtual real-estate it resides in.

  45. Do the math by broothal · · Score: 5, Insightful

    He's been involved in the spamming business for 6 months

    He spent the first 5 months researching and one month of spamming

    He spent $10.000 on spam-software

    He claims he made $1000 a week.

    4 weeks times $1000=$4000 income.
    $4000 income minus $10.000 is -$6000. So, the guy loses $6000 on spamming.

    Film at eleven...

  46. Cable & DSL are geting BIIIIG here. by jpellino · · Score: 3, Interesting
    "Ready, set, spam Armed with swaths of information, Shiels purchased four computers and two cable-modem connections, which soon were running above full capacity with only about six hours of rest each day. But that was just the beginning of the investments. "

    This makes sense. In the past month or so, the amount traceable to DSL or cable clients has now pushed over 50% of my spam. I'm slowly automating turfing them to the abuse depts - but some don't even let you send directly - you have to go fill out a form. And they demand the full message- difficult when the email grabs an image as you open it - those don't stay. Seems the cable/dsl companies have this very low on their priority list.

    --
    "Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
  47. I thought the idea was to rid ourselves of spam! by digital+photo · · Score: 5, Interesting

    Okay, the above poster is just being stupid.

    I thought the goal was to give spammers incentive, whether negative or positive, to stop spamming.

    How is abusing someone who gave up spamming going to help?

    The message you are saying is:

    "Once you've spammed, you're screwed. Doesn't matter if you stop or change."

    That is plain stupid and the wrong attitude to take. If someone stops spamming, give them the pat on the shoulder and leave them alone. Move onto the next spammer. Why continue to harass someone who has gone legit?

    If you abuse people because they spam and you abuse them if they stop, then you are basically telling them and anyone else that hey, once you have started to spam, there is no reason to stop.

    I for one would like to see the spamming stop.

    --

    Winged Power Photography
  48. Comment removed by account_deleted · · Score: 4, Interesting

    Comment removed based on user account deletion

  49. Re:does this really require a readme.txt?? by letxa2000 · · Score: 5, Interesting
    First, the human brain is fantastically good at interpretation. It will take such an enormous amount of mangling to make the message unreadable that you'd have to filter out virtually everything.

    I'm not forgetting that... But you have to remember it's a sales pitch. The more distorted and mangled the message looks, more people will just completely ignore it. Regardless of whether a message was spam or not, I would not take seriously any message that was sent to me in, essentially, SMS-speak. I certainly wouldn't refinance my home or accept medical advice from an organization that wrote me in that fashion.

    Second, and more importantly, the majority of people do not wage a 24 hour war against spam and run a Bayesian spam filter. They just put up with it.

    For now, that is true. But as time progresses more and more companies and ISPs will offer filters (perhaps Bayesian, others, or both) to their customers--perhaps defaulting it to "on." I wouldn't count on typical users making an effort to avoid spam, but I would expect more and more comapnies and ISP to do so.

    If it was purely Bayesian filter vs spammer, spammer would win hands down.

    I disagree, and I wonder if you have done much investigating with Bayesian? I've been working on it for the last 7 months and, believe me, Bayesian is surprisingly effective despite its simplicity. Messages I thought it wouldn't catch ARE caught with no special logic whatsoever.

    Three things I would mention and which I advocate, especially as spammers try to outwit Bayesian.

    1. Bayesian WILL catch their messages unless they munge their messages, which we must assume they will. They already do and, presumably, they'll do it more in the future. This is simple to address. Once your Bayesian corpus gets sufficiently large the expectation is that a typical valid email will not add a significant number of previously-unseen tokens to the corpus. If you have a corpus of thousands of messages and receive a new message of which 40% (for example) are new tokens, you may want to assume that's a spammer munging because a real mail is not going to have that many "new" tokens.

    2. Even if you don't assign a cut-off point as in #1, you just make "characteristics" out of the number of new tokens. For example, if you have a message that contains 50-60% new tokens, that itself becomes a new Bayesian token. Perhaps, over time, Bayesian will find that "messages with 50-60% new tokens have an 80% chance of being spam." So the fact that they munge becomes a damning factor even if the computer can't identify the actual munging.

    3. You add new characteristics as in #2. Perhaps another characteristic is "Messages that contain no body except for a URL." Perhaps 85% of those messages are spam, and Bayesian can count that as a damning characteristic. Or, perhaps, messages where over 50% of the body are devoted to URLs have a 90% chance of being spam. All these add new "characteristics" that can be used to calculate a spam probability for Bayesian.

    So, the point is, Bayesian itself is very, very capable of solving the spam problem. I'm not saying that we write a Bayesian filter today and it never has to evolve. But now when spammers implement new countermeasures, we just have Bayesian do analysis that looks for those countermeasures and, when found, counts them as another characteristic. The algorithm remains untouched, but we have a growing number of characteristics that Bayesian is scoring--not just tokens (words) in the message, but characteristics OF the message.

    Believe me, 7 months of research and development on this has convinced me that Bayesian is going to be the headache to end all headaches for spammers. Will it catch 100% of spam? No (more like 99.5%, actually |grin|). But will it catch enough so that the typical user isn't bothered by spam and to further reduce the response rate of spam to reduce the incentive to send it? Yes, it will.

    And regardless of whether or not the w

  50. Re:I thought the idea was to rid ourselves of spam by nyseal · · Score: 3, Insightful

    Regardless of anyone's single belief, SPAM is still not a felony. To make the analogy: Someone spams me today and tomorrow it becomes a federal offense punishable by law. He is subject to the law as it was writtn YESTERDAY. Now, if I killed someone 10 years ago...I'm still going to punished; under the law written 10 years ago. Either way, the laws today should NOT reflect those of 10 years ago, unless an aspiring lawyer wants to set precedent.

    --
    [SIG] Remember Mattel handheld games?
  51. Fear a 30 day warranty on a Defibrillator... by Dareth · · Score: 3, Funny

    Doctor: "I'm sorry, we did everything we could, but the damn defibrillator we bought from a former spammer wouldn't work."

    Patients Loved One: "Oh no... .. but .."

    Doctor: "Don't worry, it came with a 30 day warranty, we will get our money back."

    --

    I only look human.
    My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
  52. Talk about fucked up facts! by autopr0n · · Score: 3, Informative

    And it was not until March 1995, that CERN handed over the control of the web to the WWW Consortium run by MIT and INRIA (France). It was only at this point that the Internet was first available for outside use by non-academics.

    WTF!? The 'internet' was available for outside use long before that. Intel.com was registered in 1989. There are other uses of the internet besides 'the web'. Like, I donno, email... Also, before the web, people used things like IRC, email, gopher, telnet, ftp, and Usenet (around since the mid-80s).

    and not only that, mosaic wasn't the first web browser, it was just the first 'good' one. HTML and hypertext had been around (but in limited use) since 1989.

    I'm not saying that this guy isn't full of shit. I'm just saying that you are as well.

    --
    autopr0n is like, down and stuff.
  53. Re:It doesn't seem terribly complicated by jonadab · · Score: 5, Insightful

    > Obtaining a valid list of e-mail addresses is not very easy,
    > you either need to invest money or you need to figure out how
    > to harvest e-mails from the web/usenet.

    That part's trivial. You'll get 50% invalid addresses, but so what?

    Step 3 is easier than you think: at this time, you don't have to
    fool the filters of the 0.05% who use even moderately complex
    filters[1]; all you have to do is get past the things that are
    deployed ISP-wide, like psmtp.com's filtering service. (This is
    trivial to get past: write three spams at random, and two of them
    will get past. No cleverness required.)

    If you have to get past word blacklists, then you also need to use
    a thesaurus (or 1337 sp33k), but word blacklists are relatively
    uncommon, because they get too many false positives. Really, all
    you have to do is get past the filters that ISPs deploy, not the
    ones individuals install. Remember, if you have to send twice as
    many messages to get the same response, it doesn't cost you that
    much more. (This is what makes spam so problematic. *Almost*
    makes me want the estamps thing to succeed.)

    The hard part is convincing businesses that have money (and are
    therefore presumably profitable) that they can gain more than
    they lose by investing in your services. I assume you send all
    the businesses in the universe adverts for your services and hope
    0.001% of them bite. I would like to think that more than 99.9%
    of them know better, but... I know better. Fortunately each
    spammer has to compete with all the others for limited business,
    so the number of spammers who can make money spamming is finite.
    Praises be.

    As for point 4, finding a spam-friendly ISP is a real pain; it's
    much easier to run port scans and find open relays, then test
    them to see which ones *don't* do a reverse lookup of your IP.

    Then you send to the open relay from a custom MTA that you run
    on a dynamic IP in such a way that it randomly generates From
    and Received headers and such for each message, thus making it
    a real pain for the recipient to track down where the spam
    *originated*. Finding out where it came from to your ISP is
    easy, but that's an open relay in the APNIC block whose IP is
    not reverse-lookupable (virtually *nothing* in APNIC supplies
    PTR records), and so tracking down the owner of the relay is
    hard, and they don't speak your language, and they don't give
    a rodent's posterior about your spam problem. For extra bonus
    points, get a hosting deal in Asia and run your MTA there, so
    that tracing you back to your ISP in the US is basically
    impossible, and if we *do* figure out who runs the MTA in Asia,
    we'll assume it's an open relay, provided you insert the usual
    forged Received headers. Yes, I've spent way too much time
    looking at mail headers.

    So in conclusion, the main thing preventing a lot of people such
    as myself from becomming spammers is that we hate spam. That, and
    it's so obviously *wrong*.

    [1] e.g., people like me, who trained a naive bayesian mail
    classification system (ifile) on a collection of tens of
    thousands of well-categorised messages in 3 dozen distinct
    categories, including several distinct spam categories.

    But actually, with a modicum of cleverness, a naive bayesian
    system can be easily defeated. As soon as I read how the
    algorithm works, I realised inside ten minutes how they can
    defeat it. Consequently, they can figure it out too; if
    enough people start using such systems they'll do that, and
    we'll have to get more clever with our mail classification
    systems, taking context into account for tokens, at which
    point they'll drag out the Markov chain generators, which
    will be *hell* to try to filter against. At that point it
    might be easiest to hire somebody in the third world (where
    the ecconomy is suc

    --
    Cut that out, or I will ship you to Norilsk in a box.
  54. Re:does this really require a readme.txt?? by letxa2000 · · Score: 3, Informative
    Defeating naive bayesian filtering is easy: weight the message with N random words from a dictionary file, where N is calculated to be sufficiently large that it will surely contain at least half as many squeaky clean words as the number of "most interesting" tokens the filter considers.

    I don't think it's that easy. Bayesian filtering assumes each user has his or her own corpus of good and bad tokens. Taking dictionary words is not likely to find words that have extremely low Bayesian scores--they are likely to find words that are either previously not in the corpus (Paul Graham and I assign those 0.40) or will find words that are not particularly innocent.

    For example, if you look at my corpus right now, the word "CAT" has a 20% chance of being spam, "DOG" has a 56% chance of being spam, "KITCHEN" has a 50% chance of being spam, "THE" a 56% chance of being spam, "RED" a 21% chance of being spam. The point is, you find that you need some truly exceptional CLEAN words (i.e. spam score of 1% or 2%) for a message to NOT be considered spam. If you have a few that rank 99% and your best "dictionary" word comes in at 10%, it's probably still going to be 90%+ overall. In fact, with just 100 good emails and 100 bad emails in the corpus Bayesian will do really good at catching pretty much all spam: the problem is with 100 and 100 you'll get many false positives. A large Bayesian corpus isn't necessary to CATCH spam: a large Bayesian corpus IS necessary to reduce false positives.

    So the point is: Dictionary words will seldom be the words that are going to reduce a message's spam score. It's person-specific words, such as "TED" if you know someone named Ted, or "PARIS" if you like to discuss Europe, etc. that's going to get a message through--not a dictionary attack.

    Plus even if a dictionary attack happens to get through, it will work only a few times at best: The words used in the dictionary attack will eventually have a spam probability assigned to them that makes the very use of the dictionary attack RAISE the spam score rather than lower it. :) It's really quite slick. :)

    I believe Paul Graham is right: This is going to stop current spam big-time. Eventually you'll see really short spams, 1-liners with reference to a website. I'm seeing that already, actually. Messages with a 1-liner that is nothing more than a URL to some incest site. That's where spam is going--and that's going to be even less effective than current spam which will reduce even further the incentive to send spam in the first place. But even those 1-liners will soon be filterable by Bayesian as developers add new characteristics to the Bayesian filter that rank the probability of a message being spam if it consists of nothing but a single URL link, etc.

    Don't underestimate Bayesian. I think you'll find it's much harder to get around than you think.

  55. Re:I thought the idea was to rid ourselves of spam by WalterSobchak · · Score: 3, Insightful

    As much as I hate spam, I disagree.
    The article shows various interesting things, one of them being that spammers are hated like beelzebub himself. If that does not prevent one from starting it, what does?
    I must admit I was tempted about the idea of "taking revenge" on a spammer, but no. Stop spamming and repent, that is good enough for me.

    Alex

    P.S.: Then again... he raked in $4.000/mo. Maybe he should donate some of that money to spamhaus.org

    --
    Absinthe makes the heart grow fonder
  56. Vengence and getting back at someone who wrongs u by digital+photo · · Score: 3, Interesting

    Some people who posted responses made many good points. They mainly center around one of the following:

    1) The person wronged the online community and profited from it. "Just" letting them go would be wrong!

    We all want satisfaction. That is the difference between enforcement of Law and dealing out of Justice. Persons who abuse online resources would be in violation of the law. The anguish they cause people isn't as clearly defined by the Laws. That leaves us without satisfaction. Without closure.

    Taking it unto yourself to right what you percieve to be a wrong by taking the law into your own hands is called vigilantism(sp?). Those actions typically land outside of what is condoned by the Law as it currently stands.

    I do believe that people should be penalized for doing something which is wrong and costs everyone in the community. Spam and Spamming falls under this kind of community abuse.

    If you want satisfaction, change the Laws so that Spamming and Spammers will be penalized and not just slapped on the wrists.

    2) "Spammers will think it is okay to spam and quit when they have made their money if we take the 'give them an out' attitude!"

    The real problem here is that there is the question of satisfaction of our sense of justice being served. When a person goes to prison and serves their term and are released, we believe them to have repaid their debt to society. If they are repeat offenders, we consider them to be lost causes. (Sorry, I'm generalizing here.) And then, there are those who commit crimes and get away with it. They decide to quit while they are ahead and try to be productive elsewhere. If they slip back into the lifestyle, they will eventually screw up.

    I guess my point is: Here is an example of someone who tried it out. Saw it was profitable, but due to the stream of hate mail and just having to dodge the proverbial bullet, has decided to quit the lifestyle and earn a living in a more accepted way.

    He's already quit the spamming life. Harassing him more doesn't make him quit spamming any more than he has. Nor will it set an example for others to quit. Quite the opposite.

    Then, you have those who are career spammers. They are the ones raking in 5+ digit earnings per month and they escape the reach of the law. Given death threats and harassment, they continue on.

    I see them as the repeat offender criminal. The lost causes. They will continue to commit crimes both legally and socially. They should be the ones hatred and "requests to stop" be directed at. Not at people who have already stopped.

    When you try to bring someone out of a life of crime or who has taken the wrong path, you don't continually harass them after they have stopped. That just pushes them back into the life. You don't pat them on the back either. You watch them carefully to make sure they don't repeat their offense. They ask for forgiveness from the community and work to re-earn the communities' trust. They are in essence, the little fish who have a future.

    The repeat spammers who have been at it for years are the ones which deserve a lifetime of punishment for the ill they have caused and willingly continue to cause.

    What we all want is spam to go away. So give them a reason to stop if they are spamming. Give them a reason to stay stopped if they have decided to stop. And get the law/government in on it if they refuse to stop.

    --

    Winged Power Photography