Slashdot Mirror
How to Become A Spammer
permeablepdx points to this story in The Oregonian about
how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Steps to become a better spammer:
1. Insert head in ass
2. Click "send"
3. Profit!
"The idea is it's just like a commercial," Shiels said. "You don't just send it to one address once. You send it to one address five or six times. Do commercials only come on once? You get the same crap in your e-mail more than once. You have to bombard the person."
And they wonder why they get death threats.
Next week its how to be a pimp, followed the week after by "mugging for fun and profit".
"How do you torture a spammer" would be more interesting.
Maybe tie him up on a light post and throw AOL CD's at him?
--
One by one the penguins steal my sanity...
He'd heard enough complaints about spam from his friends, but he never understood them. The junk mail his mail carrier delivers bothers him much more, Shiels said.
"It costs money to be processed. And it's a waste of trees. It's intrusive as hell because you have to go through all of it. People don't get mad about that, and I don't understand why," he mused.
Is anyone else thinking what I am thinking?
"Useless organic meatbag" -HK-47
Where are these things? I'm sure tons of
What I find most interesting about this is that the article says that Sheils made over $1000 a week. That just amazes me that there are that many stupid people out there, that actually purchase products from UCE.
I mean, just on principle alone, I will never purchase something that I get spammed about, and I would think that most people feel the same way, so that just makes me wonder, who DOES buy this stuff? It's those people that are to blame for the continued onslaught of spam. If no one bought their stuff, they wouldn't waste their time(and ours) anymore
Just a thought
I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
Not entirely true. Most cities (including mine) have a recycling program (and most likely a cost-per-bag for garbage); every pound of recycling will end up costing you something in your taxes somewhere, so the more you have, the more cost to recycling, the more of your money in taxes.
So while bulk mailers pay for sending it, it's still costing you to dispose of it.
AC comments get piped to
> Well first I PAY to have an Internet connection, I do not however, pay for the mail that gets sent to me - thats the mailers responsibility. Also it seems a bit more personal being intruded upon in your own home, than having something sitting in your physical mailbox outside on the step, or the entryway to your building. Personally I think snail mail is far more wasteful in terms of actual resources, I just don't directly pay for it and I don't get as much of it and I can recycle it, but the time I spend sifting through hundreds of ridiculous spam emails a day impacts me more directly.
There you have it. I wonder if there is a way of applying this cost to every spammer.
"Because the hyperactivity caused a crash about every other day, Shiels monitored the computers all day."
Hmmm I guess the spam software is running on Windows.
Sure its ok to post the source to DeCSS but now all of a sudden you don't like the SPAMMER-HOWTO? Thats odd I thought you didn't have a problem with it just being information and all.
Only the State obtains its revenue by coercion. - Murray Rothbard
When all you have is a hammer, everything looks like a skull.
If he feels that this stuff is so legitimate, why is he using software that abuses open relays and proxies, and forges mail headers, instead of publishing the real address he is sending his spew from? Hmmm?
It's forgery, plain and simple, and there are laws that deal with it. Prosecute the fsckers on it already!!!
You must have quite a few clients willing to pay you
for your "services".
Otherwise, every friend and coworker I have can be a spammer.
Each one of these persons have either a DSL or Cable modem
connection, and most are proficient with computers.
What they (my friends) lack are people willing to pay them for
sending out spam (oh, yeah, another thing working aginst their
success as spammers is morality).
To fight spam and spammers successfully, i think, we must
fight the source and not the messanger (= spammer). That
is finding out who is actually paying for the spam being sent
out and "pound" on them.
I've been fighting spam for several years now. I use RBLs
and ORDBs and even have blacklisted close to 14000 IP
addresses in addition to using spam-filters. But the spam
keeps coming in.
--sidster
Play lotto? Try http://www.alottofun.com/
Such as watching DVD movies on operating systems with no DVD playing software. Where as spamming is always a pain in the butt.
Before DeCSS you would not be able to watch a DVD on Linux. Before spamming it was possible to let kids use email with no fears of them seeing obscene things, you can't now. Which is the biggest menace, I'll let you decide.
I have to say that this is a very interesting read. It portrays the spammer's point of view. Some of the points in the article actually make a lot of sense. We do get lots of junk mail from the u.s. post office (they could easily filter that, but they don't), yet we complain about spam the most... why?
I thought that was an interesting point. Although this article doesn't go into too much technical detail, it provided some insight into the business aspects of this which I don't particularly agree with ethically. Sure, it's a very easy way to make money if you know what you're doing, but it's still violating people's privacy by sending them unwanted messages.
Another thought... If your regulary Joe (the guy in this article) can find ways to become a spammer in 5-6 months of research, why can't the government do its own investigations and just put a stop to these facilitating network groups? I thought there were laws against spam in the U.S.
"You had this look that of an angel, it was such a bad disguise" --Dishwalla
Comment removed based on user account deletion
Wonder what his parents taste like?
Which is why I send it back to them. Postage paid business reply? Right back in the box. Ads and such that come with my gas card bill, etc.? back in the envelope with my payment.
Yeah, its not much, but at least I'm sending a little more $ to the USPS for the PP mail, and I'm having the sending company use their resources to dispose of the trash they shouldn't have sent me.
Don't blame me, I voted for Kodos
For People with an *nix Account:
- Spamassassin ruleset-based mail analizer. Detects spam quite well, especially if you enable access to Razor and Realtime-Blacklists. Newest release includes a bayesian filter.
- bogofilter My favourite
bayesian spam filter. Pro: Very good detection rates after training properly. Con: Needs to be trained.
For everybodyHas anyone actually looked at what the business is that he's now in?
> "Defibworld is an authorized provider
> specializing in state of the art new and
> pre-owned AED's and Defibrillators at
> the lowest prices!"
Just what I want some hospital to be shocking my heart with: a "pre-owned" defibrillator purchased "at the lowest price"!
Note that he says he DOESN'T SPAM ANYMORE. He's not likely to do it again. Let it go. Find somebody who is currently spamming, and go after them.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
http://www.email2success.com/?hop=gilly031.e2succe ss
+ so ftware
T F-8&oe=UTF- 8&q=email+marketing&meta=
http://www.spamfreedesign.com/
http://itsmyfranchise.com/sfop99/os.cgi
http://www.anconia.com/?r=1&s=email+advertising
http://www.allaccessmarketing.com/clients.htm
Some more by seaching on google where these scumbags advertise
http://www.google.ca/search?hl=en&ie=U
Siggy Say, Siggy Do
First you get bitten by an existing spammer, then you transform. You'll need to stay out of sunlight and avoid garlic, though.
If mortgage companies pay spammers $5 for every referral then why can't we spam them back?
Simply create ten million or so "honeypot" email addresses, and have an automated system have them all request information on the mortgage deal.
Once the mortgage company is on the hook for $50 million, they will think again before going to a spam outfit.
This will knock out the mortgage and credit card spams, but won't make a dent in the porn or Viagra spams, as those actually require an order.
What's so great about the article? The reason this particular spammer quit!
He quit because of hostile, harassing emails from the angry public! They work! Every email you've sent telling a spammer that they're a worthless turd of a human being had some miniscule effect!
Even now, the guy admits no moral qualms about his former job. He's still a thoughtless punk who sees nothing wrong with the practice, and I'd still like to punch him in the nose. But he QUIT, because we made his life miserable in return.
The lesson: keep giving 'em hell. It's not just gratifying, it sometimes works.
If you ask the Post Office to filter out the junk mail, they will. This is not 100% effective, but about 90% of postal junk mail is added on a per address basis by the post office. They can and will stop delivering that if requested.
Also, back when I only got a few spams a week, I used to read them. I never bought anything from them, but I would look at ones I found interesting. The problem is that we have gone from five to ten spams a week to hundreds. My yahoo account (which I mainly use for site registrations) collects hundreds of emails each week in its bulk (spam) folder.
There are several costs to me of that volume. One, I have to spend a certain amount of time checking for legitimate email. Two, what if I incorrectly classify a real email as spam. Three, I don't feel comfortable publishing my email address now, since I don't want to get more spam. In the normal course of business, I would want to publish my email (how much time is spent on taking anti-spam kludges out of email; how much server time is spent trying to send email to these invalid addresses). Four, since spam is sent indiscriminately, it drowns out legitimate uses; if it is a product in which I would be interested, I would like to learn about it. Unfortunately, very little spam is targeted towards my interests (science fiction, fantasy, etc.). Five, when I send email, I am subject to it being indiscriminately deleted because I am not a recognized sender.
Two thirds of the email traffic overall is spam. Without it (and the computationally intense filtering created by it), we could easily cut the infrastructure in half. Think about it. Half the email servers in use could become web servers, etc. instead.
By contrast, postal junk mail does not increase your delivery costs. In fact, postal junk mail fees pay a good portion of the cost of maintaining mail delivery to people. If postal junk mail stopped tomorrow, the post office would have to raise postage to cover the fact that they would then be running the same delivery routes with less mail. Even if there are disposal costs, these are offset by the savings in postage.
There are very few anti-spam laws in the US. The few that do exist are state laws rather than federal laws. Most anti-spam prosecutions are based on fraud and damage claims. Further, in the US, it is not really possible to shut down a group talking about doing something. It's not illegal to discuss how the law could be broken.
When I was in high school, I had an AOL account. I knew there were other ways to get online, but I actually liked AOL. There actually was "value added" AOL content at the time, and among those were the chatrooms. I used them, and the forums, a good bit. I later on learned that creating a user profile had become a bad idea, because that put you in the Member Directory, which spambots used to get addresses. Pity, because the directory was a good thing at first. The chat rooms were too. You had to dig around to find good ones, but they were there. Now, because of people like you wanting to make a buck by annoying people by the millions, an AOL user can't go into a publicly listed room or even a private one with a non-random title, without instantly becoming a spam target.
It's been a long time since I used the account regularly, but I still have that account. I use it when I'm out of town, because no matter where you are, you'll usually find an access number. Not for email though. Never for email. Sometimes I'll go into my inbox though to show people what eight years' worth of abuse from people like you has done to it...
I log in, and the box is full. Every time. I start my demonstration by deleting about twenty or thirty emails, and then we watch. After a minute, I refresh it. One or two more emails. Another minute, same thing. Wait five minutes and there are at least ten new messages. Wait half an hour, and the box is full again.
Thanks, asshole.
But I do admire your courage in posting non-AC that you used to do this. And I thank you for giving me an opportinuty to actually speak to one of you. I wish your email address wasn't hidden, but I do see a URL. In glancing at your page I don't see an email address, but I do see a form on your page for sending messages to your cell phone.
Fortunately, I don't care enough about it to do anything with that, but I did want to point that little detail out for every one of the good folks on Slashdot to see...
When a spammer is actually caught, rather than fining them, I submit this incredibly complex formula for determining PRISON time.
1 second in prison, for every email that they've sent.
So if a spammer is caught, and after they raid his computers they figure he did 10 million emails that week, that would be...
10 000 000 / (24 * 3600) = 115 days in prison (roughly 4 months, for that week)
I think that would work out to a managable amount of time (ie something that won't overflow the prisons). It also would make things easier since the authorities would only need to analyze a relatively small set of data to get proof and sentencing (ie this month's ISP logs)
Or even if it wasn't prison-time, they could easily be forced to manual labour for the city the live in or something... (preferably something like cleaning sewers, but basically anywhere that manual labour is needed...)
sound like a good idea?
He's been involved in the spamming business for 6 months
He spent the first 5 months researching and one month of spamming
He spent $10.000 on spam-software
He claims he made $1000 a week.
4 weeks times $1000=$4000 income.
$4000 income minus $10.000 is -$6000. So, the guy loses $6000 on spamming.
Film at eleven...
Okay, the above poster is just being stupid.
I thought the goal was to give spammers incentive, whether negative or positive, to stop spamming.
How is abusing someone who gave up spamming going to help?
The message you are saying is:
"Once you've spammed, you're screwed. Doesn't matter if you stop or change."
That is plain stupid and the wrong attitude to take. If someone stops spamming, give them the pat on the shoulder and leave them alone. Move onto the next spammer. Why continue to harass someone who has gone legit?
If you abuse people because they spam and you abuse them if they stop, then you are basically telling them and anyone else that hey, once you have started to spam, there is no reason to stop.
I for one would like to see the spamming stop.
Winged Power Photography
Comment removed based on user account deletion
I'm not forgetting that... But you have to remember it's a sales pitch. The more distorted and mangled the message looks, more people will just completely ignore it. Regardless of whether a message was spam or not, I would not take seriously any message that was sent to me in, essentially, SMS-speak. I certainly wouldn't refinance my home or accept medical advice from an organization that wrote me in that fashion.
Second, and more importantly, the majority of people do not wage a 24 hour war against spam and run a Bayesian spam filter. They just put up with it.
For now, that is true. But as time progresses more and more companies and ISPs will offer filters (perhaps Bayesian, others, or both) to their customers--perhaps defaulting it to "on." I wouldn't count on typical users making an effort to avoid spam, but I would expect more and more comapnies and ISP to do so.
If it was purely Bayesian filter vs spammer, spammer would win hands down.
I disagree, and I wonder if you have done much investigating with Bayesian? I've been working on it for the last 7 months and, believe me, Bayesian is surprisingly effective despite its simplicity. Messages I thought it wouldn't catch ARE caught with no special logic whatsoever.
Three things I would mention and which I advocate, especially as spammers try to outwit Bayesian.
1. Bayesian WILL catch their messages unless they munge their messages, which we must assume they will. They already do and, presumably, they'll do it more in the future. This is simple to address. Once your Bayesian corpus gets sufficiently large the expectation is that a typical valid email will not add a significant number of previously-unseen tokens to the corpus. If you have a corpus of thousands of messages and receive a new message of which 40% (for example) are new tokens, you may want to assume that's a spammer munging because a real mail is not going to have that many "new" tokens.
2. Even if you don't assign a cut-off point as in #1, you just make "characteristics" out of the number of new tokens. For example, if you have a message that contains 50-60% new tokens, that itself becomes a new Bayesian token. Perhaps, over time, Bayesian will find that "messages with 50-60% new tokens have an 80% chance of being spam." So the fact that they munge becomes a damning factor even if the computer can't identify the actual munging.
3. You add new characteristics as in #2. Perhaps another characteristic is "Messages that contain no body except for a URL." Perhaps 85% of those messages are spam, and Bayesian can count that as a damning characteristic. Or, perhaps, messages where over 50% of the body are devoted to URLs have a 90% chance of being spam. All these add new "characteristics" that can be used to calculate a spam probability for Bayesian.
So, the point is, Bayesian itself is very, very capable of solving the spam problem. I'm not saying that we write a Bayesian filter today and it never has to evolve. But now when spammers implement new countermeasures, we just have Bayesian do analysis that looks for those countermeasures and, when found, counts them as another characteristic. The algorithm remains untouched, but we have a growing number of characteristics that Bayesian is scoring--not just tokens (words) in the message, but characteristics OF the message.
Believe me, 7 months of research and development on this has convinced me that Bayesian is going to be the headache to end all headaches for spammers. Will it catch 100% of spam? No (more like 99.5%, actually |grin|). But will it catch enough so that the typical user isn't bothered by spam and to further reduce the response rate of spam to reduce the incentive to send it? Yes, it will.
And regardless of whether or not the w
> Obtaining a valid list of e-mail addresses is not very easy,
> you either need to invest money or you need to figure out how
> to harvest e-mails from the web/usenet.
That part's trivial. You'll get 50% invalid addresses, but so what?
Step 3 is easier than you think: at this time, you don't have to
fool the filters of the 0.05% who use even moderately complex
filters[1]; all you have to do is get past the things that are
deployed ISP-wide, like psmtp.com's filtering service. (This is
trivial to get past: write three spams at random, and two of them
will get past. No cleverness required.)
If you have to get past word blacklists, then you also need to use
a thesaurus (or 1337 sp33k), but word blacklists are relatively
uncommon, because they get too many false positives. Really, all
you have to do is get past the filters that ISPs deploy, not the
ones individuals install. Remember, if you have to send twice as
many messages to get the same response, it doesn't cost you that
much more. (This is what makes spam so problematic. *Almost*
makes me want the estamps thing to succeed.)
The hard part is convincing businesses that have money (and are
therefore presumably profitable) that they can gain more than
they lose by investing in your services. I assume you send all
the businesses in the universe adverts for your services and hope
0.001% of them bite. I would like to think that more than 99.9%
of them know better, but... I know better. Fortunately each
spammer has to compete with all the others for limited business,
so the number of spammers who can make money spamming is finite.
Praises be.
As for point 4, finding a spam-friendly ISP is a real pain; it's
much easier to run port scans and find open relays, then test
them to see which ones *don't* do a reverse lookup of your IP.
Then you send to the open relay from a custom MTA that you run
on a dynamic IP in such a way that it randomly generates From
and Received headers and such for each message, thus making it
a real pain for the recipient to track down where the spam
*originated*. Finding out where it came from to your ISP is
easy, but that's an open relay in the APNIC block whose IP is
not reverse-lookupable (virtually *nothing* in APNIC supplies
PTR records), and so tracking down the owner of the relay is
hard, and they don't speak your language, and they don't give
a rodent's posterior about your spam problem. For extra bonus
points, get a hosting deal in Asia and run your MTA there, so
that tracing you back to your ISP in the US is basically
impossible, and if we *do* figure out who runs the MTA in Asia,
we'll assume it's an open relay, provided you insert the usual
forged Received headers. Yes, I've spent way too much time
looking at mail headers.
So in conclusion, the main thing preventing a lot of people such
as myself from becomming spammers is that we hate spam. That, and
it's so obviously *wrong*.
[1] e.g., people like me, who trained a naive bayesian mail
classification system (ifile) on a collection of tens of
thousands of well-categorised messages in 3 dozen distinct
categories, including several distinct spam categories.
But actually, with a modicum of cleverness, a naive bayesian
system can be easily defeated. As soon as I read how the
algorithm works, I realised inside ten minutes how they can
defeat it. Consequently, they can figure it out too; if
enough people start using such systems they'll do that, and
we'll have to get more clever with our mail classification
systems, taking context into account for tokens, at which
point they'll drag out the Markov chain generators, which
will be *hell* to try to filter against. At that point it
might be easiest to hire somebody in the third world (where
the ecconomy is suc
Cut that out, or I will ship you to Norilsk in a box.