Slashdot Mirror
How to Become A Spammer
permeablepdx points to this story in The Oregonian about
how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Next week its how to be a pimp, followed the week after by "mugging for fun and profit".
He'd heard enough complaints about spam from his friends, but he never understood them. The junk mail his mail carrier delivers bothers him much more, Shiels said.
"It costs money to be processed. And it's a waste of trees. It's intrusive as hell because you have to go through all of it. People don't get mad about that, and I don't understand why," he mused.
Is anyone else thinking what I am thinking?
"Useless organic meatbag" -HK-47
Where are these things? I'm sure tons of
What I find most interesting about this is that the article says that Sheils made over $1000 a week. That just amazes me that there are that many stupid people out there, that actually purchase products from UCE.
I mean, just on principle alone, I will never purchase something that I get spammed about, and I would think that most people feel the same way, so that just makes me wonder, who DOES buy this stuff? It's those people that are to blame for the continued onslaught of spam. If no one bought their stuff, they wouldn't waste their time(and ours) anymore
Just a thought
I would expect such blatant racism on Fark, but on Slashdot? Mods please ban this asshole.
You must have quite a few clients willing to pay you
for your "services".
Otherwise, every friend and coworker I have can be a spammer.
Each one of these persons have either a DSL or Cable modem
connection, and most are proficient with computers.
What they (my friends) lack are people willing to pay them for
sending out spam (oh, yeah, another thing working aginst their
success as spammers is morality).
To fight spam and spammers successfully, i think, we must
fight the source and not the messanger (= spammer). That
is finding out who is actually paying for the spam being sent
out and "pound" on them.
I've been fighting spam for several years now. I use RBLs
and ORDBs and even have blacklisted close to 14000 IP
addresses in addition to using spam-filters. But the spam
keeps coming in.
--sidster
Play lotto? Try http://www.alottofun.com/
Such as watching DVD movies on operating systems with no DVD playing software. Where as spamming is always a pain in the butt.
Before DeCSS you would not be able to watch a DVD on Linux. Before spamming it was possible to let kids use email with no fears of them seeing obscene things, you can't now. Which is the biggest menace, I'll let you decide.
The Computer Fraud and Abuse Act of 1986 covers exploitation of open relays. My company tested this in court against spammer Khan Smith, and we trounced his ass. Using an open relay to send mail is illegal in the states, provided the relay is also in this country. This ex-cop most certainly broke the law.
He either comes off as a real interesting guy with encyclopedic knowledge,or a pathological liar with an ax to grind
For People with an *nix Account:
- Spamassassin ruleset-based mail analizer. Detects spam quite well, especially if you enable access to Razor and Realtime-Blacklists. Newest release includes a bayesian filter.
- bogofilter My favourite
bayesian spam filter. Pro: Very good detection rates after training properly. Con: Needs to be trained.
For everybodyIf mortgage companies pay spammers $5 for every referral then why can't we spam them back?
Simply create ten million or so "honeypot" email addresses, and have an automated system have them all request information on the mortgage deal.
Once the mortgage company is on the hook for $50 million, they will think again before going to a spam outfit.
This will knock out the mortgage and credit card spams, but won't make a dent in the porn or Viagra spams, as those actually require an order.
What's so great about the article? The reason this particular spammer quit!
He quit because of hostile, harassing emails from the angry public! They work! Every email you've sent telling a spammer that they're a worthless turd of a human being had some miniscule effect!
Even now, the guy admits no moral qualms about his former job. He's still a thoughtless punk who sees nothing wrong with the practice, and I'd still like to punch him in the nose. But he QUIT, because we made his life miserable in return.
The lesson: keep giving 'em hell. It's not just gratifying, it sometimes works.
According to the article, he used to be a web designer. After seeing his site, I now understand why he was forced into a life of spam.
When I was in high school, I had an AOL account. I knew there were other ways to get online, but I actually liked AOL. There actually was "value added" AOL content at the time, and among those were the chatrooms. I used them, and the forums, a good bit. I later on learned that creating a user profile had become a bad idea, because that put you in the Member Directory, which spambots used to get addresses. Pity, because the directory was a good thing at first. The chat rooms were too. You had to dig around to find good ones, but they were there. Now, because of people like you wanting to make a buck by annoying people by the millions, an AOL user can't go into a publicly listed room or even a private one with a non-random title, without instantly becoming a spam target.
It's been a long time since I used the account regularly, but I still have that account. I use it when I'm out of town, because no matter where you are, you'll usually find an access number. Not for email though. Never for email. Sometimes I'll go into my inbox though to show people what eight years' worth of abuse from people like you has done to it...
I log in, and the box is full. Every time. I start my demonstration by deleting about twenty or thirty emails, and then we watch. After a minute, I refresh it. One or two more emails. Another minute, same thing. Wait five minutes and there are at least ten new messages. Wait half an hour, and the box is full again.
Thanks, asshole.
But I do admire your courage in posting non-AC that you used to do this. And I thank you for giving me an opportinuty to actually speak to one of you. I wish your email address wasn't hidden, but I do see a URL. In glancing at your page I don't see an email address, but I do see a form on your page for sending messages to your cell phone.
Fortunately, I don't care enough about it to do anything with that, but I did want to point that little detail out for every one of the good folks on Slashdot to see...
He's been involved in the spamming business for 6 months
He spent the first 5 months researching and one month of spamming
He spent $10.000 on spam-software
He claims he made $1000 a week.
4 weeks times $1000=$4000 income.
$4000 income minus $10.000 is -$6000. So, the guy loses $6000 on spamming.
Film at eleven...
Okay, the above poster is just being stupid.
I thought the goal was to give spammers incentive, whether negative or positive, to stop spamming.
How is abusing someone who gave up spamming going to help?
The message you are saying is:
"Once you've spammed, you're screwed. Doesn't matter if you stop or change."
That is plain stupid and the wrong attitude to take. If someone stops spamming, give them the pat on the shoulder and leave them alone. Move onto the next spammer. Why continue to harass someone who has gone legit?
If you abuse people because they spam and you abuse them if they stop, then you are basically telling them and anyone else that hey, once you have started to spam, there is no reason to stop.
I for one would like to see the spamming stop.
Winged Power Photography
I'm not forgetting that... But you have to remember it's a sales pitch. The more distorted and mangled the message looks, more people will just completely ignore it. Regardless of whether a message was spam or not, I would not take seriously any message that was sent to me in, essentially, SMS-speak. I certainly wouldn't refinance my home or accept medical advice from an organization that wrote me in that fashion.
Second, and more importantly, the majority of people do not wage a 24 hour war against spam and run a Bayesian spam filter. They just put up with it.
For now, that is true. But as time progresses more and more companies and ISPs will offer filters (perhaps Bayesian, others, or both) to their customers--perhaps defaulting it to "on." I wouldn't count on typical users making an effort to avoid spam, but I would expect more and more comapnies and ISP to do so.
If it was purely Bayesian filter vs spammer, spammer would win hands down.
I disagree, and I wonder if you have done much investigating with Bayesian? I've been working on it for the last 7 months and, believe me, Bayesian is surprisingly effective despite its simplicity. Messages I thought it wouldn't catch ARE caught with no special logic whatsoever.
Three things I would mention and which I advocate, especially as spammers try to outwit Bayesian.
1. Bayesian WILL catch their messages unless they munge their messages, which we must assume they will. They already do and, presumably, they'll do it more in the future. This is simple to address. Once your Bayesian corpus gets sufficiently large the expectation is that a typical valid email will not add a significant number of previously-unseen tokens to the corpus. If you have a corpus of thousands of messages and receive a new message of which 40% (for example) are new tokens, you may want to assume that's a spammer munging because a real mail is not going to have that many "new" tokens.
2. Even if you don't assign a cut-off point as in #1, you just make "characteristics" out of the number of new tokens. For example, if you have a message that contains 50-60% new tokens, that itself becomes a new Bayesian token. Perhaps, over time, Bayesian will find that "messages with 50-60% new tokens have an 80% chance of being spam." So the fact that they munge becomes a damning factor even if the computer can't identify the actual munging.
3. You add new characteristics as in #2. Perhaps another characteristic is "Messages that contain no body except for a URL." Perhaps 85% of those messages are spam, and Bayesian can count that as a damning characteristic. Or, perhaps, messages where over 50% of the body are devoted to URLs have a 90% chance of being spam. All these add new "characteristics" that can be used to calculate a spam probability for Bayesian.
So, the point is, Bayesian itself is very, very capable of solving the spam problem. I'm not saying that we write a Bayesian filter today and it never has to evolve. But now when spammers implement new countermeasures, we just have Bayesian do analysis that looks for those countermeasures and, when found, counts them as another characteristic. The algorithm remains untouched, but we have a growing number of characteristics that Bayesian is scoring--not just tokens (words) in the message, but characteristics OF the message.
Believe me, 7 months of research and development on this has convinced me that Bayesian is going to be the headache to end all headaches for spammers. Will it catch 100% of spam? No (more like 99.5%, actually |grin|). But will it catch enough so that the typical user isn't bothered by spam and to further reduce the response rate of spam to reduce the incentive to send it? Yes, it will.
And regardless of whether or not the w
> Obtaining a valid list of e-mail addresses is not very easy,
> you either need to invest money or you need to figure out how
> to harvest e-mails from the web/usenet.
That part's trivial. You'll get 50% invalid addresses, but so what?
Step 3 is easier than you think: at this time, you don't have to
fool the filters of the 0.05% who use even moderately complex
filters[1]; all you have to do is get past the things that are
deployed ISP-wide, like psmtp.com's filtering service. (This is
trivial to get past: write three spams at random, and two of them
will get past. No cleverness required.)
If you have to get past word blacklists, then you also need to use
a thesaurus (or 1337 sp33k), but word blacklists are relatively
uncommon, because they get too many false positives. Really, all
you have to do is get past the filters that ISPs deploy, not the
ones individuals install. Remember, if you have to send twice as
many messages to get the same response, it doesn't cost you that
much more. (This is what makes spam so problematic. *Almost*
makes me want the estamps thing to succeed.)
The hard part is convincing businesses that have money (and are
therefore presumably profitable) that they can gain more than
they lose by investing in your services. I assume you send all
the businesses in the universe adverts for your services and hope
0.001% of them bite. I would like to think that more than 99.9%
of them know better, but... I know better. Fortunately each
spammer has to compete with all the others for limited business,
so the number of spammers who can make money spamming is finite.
Praises be.
As for point 4, finding a spam-friendly ISP is a real pain; it's
much easier to run port scans and find open relays, then test
them to see which ones *don't* do a reverse lookup of your IP.
Then you send to the open relay from a custom MTA that you run
on a dynamic IP in such a way that it randomly generates From
and Received headers and such for each message, thus making it
a real pain for the recipient to track down where the spam
*originated*. Finding out where it came from to your ISP is
easy, but that's an open relay in the APNIC block whose IP is
not reverse-lookupable (virtually *nothing* in APNIC supplies
PTR records), and so tracking down the owner of the relay is
hard, and they don't speak your language, and they don't give
a rodent's posterior about your spam problem. For extra bonus
points, get a hosting deal in Asia and run your MTA there, so
that tracing you back to your ISP in the US is basically
impossible, and if we *do* figure out who runs the MTA in Asia,
we'll assume it's an open relay, provided you insert the usual
forged Received headers. Yes, I've spent way too much time
looking at mail headers.
So in conclusion, the main thing preventing a lot of people such
as myself from becomming spammers is that we hate spam. That, and
it's so obviously *wrong*.
[1] e.g., people like me, who trained a naive bayesian mail
classification system (ifile) on a collection of tens of
thousands of well-categorised messages in 3 dozen distinct
categories, including several distinct spam categories.
But actually, with a modicum of cleverness, a naive bayesian
system can be easily defeated. As soon as I read how the
algorithm works, I realised inside ten minutes how they can
defeat it. Consequently, they can figure it out too; if
enough people start using such systems they'll do that, and
we'll have to get more clever with our mail classification
systems, taking context into account for tokens, at which
point they'll drag out the Markov chain generators, which
will be *hell* to try to filter against. At that point it
might be easiest to hire somebody in the third world (where
the ecconomy is suc
Cut that out, or I will ship you to Norilsk in a box.