Slashdot Mirror
I, Spammer
PCOL writes "The Washington Post is reporting on testimony before the Senate Committee on Commerce, Science and Transportation by Ronald Scelson, an eighth-grade dropout and self-taught computer programmer from Louisiana, who claims that he sends between 120 million and 180 million e-mails every 12 hours, that he can break sophisticated software filters 24 hours after they are deployed, and that he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet. He added that he obtained all his addresses legally and that AOL gladly sold him the company's entire customer directory which Ted Leonsis, vice chairman of AOL, did not deny." It's a tough life. Here's another story about the Senate committee meeting.
I wonder if anyone inside of AOL has run the numbers to figure out
and compared that to the amount of revenue that they get from selling out their customers.
Scelson tries to make the argument that what he does is no different than other advertisers who send their adverisements through the US mail.
Unfortunately he, like all other spammers, completely misses the point that the two are not related. When LL Bean sends its catalog to you it costs the company X cents to do so per each catalog.
When Scelson sends out his 180 emails a day it costs him X cents in total. However, it costs all the ISPs whose bandwidth he and others chew up X dollars per email. Thus, he is offloading the cost of doing business to the people who are receiving the email.
This reminds me of the old postal system in the UK. In days gone by it was the receiver who had to pay to accept the piece of mail. If they didn't pay the mail was returned. It is only in recent history that the mail system is such that sender pays.
I wonder if Mr Scelson would be happy if all the advertisers who send him their mailings would tell him he has to pay to get those things whether he wants them or not.
But okay, the reports of Al Ral getting buried in mail did make me smile. :^)
One line blog. I hear that they're called Twitters now.
Why isn't this the same crime as handing someone an ID card which says you are someone you are not?
He claims that he "has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous".
Isn't that a bit like saying that when I was 19, I had no choice but to resort to forging my driver's license so I could buy beer?
MORTAR COMBAT!
he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet.
Is that like bank robbers being forced to don a mask so they can remain anonymous and maintain their 'business operations'?
I've had one of my email addresses used as a reply to: for quite a few spams. A real PITA. Not only did that address get the standard spam, it get bounces from nonexistent recipients. Sometimes in the hundreds per day, as the result of dictionary attacks on various ISP's. On top of that, you get the indignant replies from pissed off people.
Blatant forgeries in commercial email headers should be made illegal.
No, it doesn't. Spam is unsolicited e-mail. What AOL does has been going on for long before the term spam came around. It is also different in that there's no forgery, you can return it to sender, etc. Whether AOL should be sending out tons of CDs is certainly debatable, but it is something different from spam.
There should be a "national opt-out" spam list that all spam senders must check before sending a message.
If such a list existed, you can bet your bottom dollar that every spammer will pay very close attention to it. It would be a list of 100% valid email addresses! Normally they would have to pay for lists of email addresses, and here is one that is free and guaranteed to be accurate.
The spammer could then fire up the spambox which is conveniently located outside of the US, bounce the spam off of an open relay in the Far East, and it would be business as usual.
If anyone out there believes that the spammers are honest and trustworthy, they deserve all the viagra, penis/breast enlargement/pr0n spam they get in their inbox...
*** Where are we going? And what's with this handbasket?
If you want to get your slogan and company name out there fast, it makes sense to use the Internet and email systems.
If you want to attract and retain a loyal customer base, it absolutely doesn't make sense to use spam or other annoying methods of advertising on the Internet.
As an example: I work for a company that owns one of the major online travel sites. A few weeks ago, we had an all-company conference call, and one of the members in my group pointed out that another online travel site had recently stepped up its advertising via popup ads on web sites. He asked why we weren't annoying the consumer with popup ads. The leader of the call replied, "I think you just answered your own question." He explained that while popup ads may be effective, they don't make any friends among consumers and they don't build loyalty.
If popup ads have such a negative impression, don't you think unsolicited commercial E-mail has a much more negative impression on the Internet population? Here's a hint: The spammers who sell Viagra (r), Viagra substitutes, penis extension pills, mortgages, and other spamvertised products almost never reveal their real business name. They hide behind throwaway e-mail addresses and make themselves untraceable to their audience.
Would a business concerned with consumer loyalty really have to hide themselves? My local grocery store doesn't have to hide from me. Neither does Target, Borders, Best Buy, or any number of bricks-and-mortar retailers. Amazon.com doesn't have to hide from me, nor do any of the online travel sites. Yet the spammers pushing penis pills don't dare reveal who they are, where they work, how I can contact them, or anything traceable.
I would rather trust a spammer than a lazy computer programmer to get a job done, that's for sure. It's not about being nice, it's about being a hard worker. Stupid isn't forever, but lazy is.
I think you're trolling here, but in case you aren't: That "hard work" relies on hijacking other people's resources. It relies on deception and lies to push a product to people.
(Disclaimer: This is not the opinion of my employer, of course.)
Because most of the actual monetary cost of sending the spam has already been incurred by the time you filter at the client. The message has already been transmitted from client to server to server to server to client over the internet, consuming bandwidth. It has already occupied disk space. Even the end-of-the-server-chain, pre-client filters like SpamAssassin only alleviate the last link in that bandwidth-bonanza (to-client).
.procmailrc to deal with all kinds of situations, but Joe Schmoe email user shouldn't have to learn complex regular expressions.
That spam email should never be sent, period. It should not ever proceed across the internet whose bandwidth is being paid for by millions of users, providing benefit to the sender. It should never touch the hard disk of a server.
In addition, it simply takes too much sophistication for the VAST majority of email users to properly set up filters. A simple [ADV*] -> Trash filter would delete some email that quite honestly some users want -- special coupons from Amazon.com for repeat customers, for example. Those emails would by (proposed) law have to have the [ADV] tag on them. So then you add another filter above the Trash filter to allow ADV from Amazon through... and so on, and so forth.
Pretty soon the hassle of organising your filters has exceeded the hassle of having to just click 'delete' to spam (for the average email user). I can easily enter a new expression in my
MORTAR COMBAT!
Of course, as you suggest, he could be counting death threats as responses as well :-)
Still, with todays bandwidth prices, and an estimate of 10kb per e-mail, if he's sending 10 million messages an hour, he'd be sending around 100GB an hour at around $50 an hour (likely less, given the volumes and since it's mail traffic where he doesn't need to pay a premium for low latency connectivity). A product with a reasonable markup and he might be able to recoup the cost of those 10 million messages with a single sale, possibly even making a nice profit.
And that's why asking people not to buy from spammers won't be enough to get them out of business.
Can we stop with the cut-and-paste of text from the WaPo site? The site seems to be extremely well architected to handle high demand, and has never been Slashdotted as far as I know.
"And this is my boy, Sherman. Speak, Sherman." "Hello." "Good boy."
I guess that explains statements like the following, that display his keen insight into our system of government:
"But carriers should be held accountable when they submit to anti-spam groups. Terminating services to companies' such as my own without any legal reason to do so is not the democracy that we should all be living."
Jackass, if you're reading:
1) This is not a democracy. We're a democratic republic. There's a big difference.
2) Forcing someone else to provide you a service is neither freedom, nor related to a democracy. In fact, that would be contrary to freedom.
3) Claiming you're FORCED to forge email addresses because of "bullying tactics" is akin to claiming you were forced to break into my house and dump junk mail on my desk because I refused delivery.
Apparently you think America is all about you, and that you somehow have a level of freedom that compels others to act according to your wishes.
Rot in hell, dickhead.
I have been looking at the source of my spam lately, and, although the email addresses are always forged, the body of the messages nearly always point to some website.
What we should do is have a way to automatize the slashdotting of these sites. The resource cost for every recepient is very small, but is very high for the target web site. If the site is run directly by the spammer, then that's great (he get's to pay the bandwidth bill). If it is run by the spammer's client, then that's even better. If it is hosted on a free non-commercial facility, it will wake them up and will make them find a way to make their users accountable.
So how to do this in a very user-friendly and convenient way ? /dev/null. The app should have a funny user interface, that let's you know when a target host becomes unavailable (victory ! another one bites the dust !), etc. The downloadable list of target hosts should be maintained by a trusted source (it could be GPG signed for example), maybe mailed to you though a MixMaster remailer to avoid spammer suing the originator.
Make a distributed-computing application, very light-weight, that runs on every platform. You should be able to set the maximum bandwidth you want to use (the default could be very low, like 5kbps), when it should start and stop, etc.The app will go and fetch a list of URLs of images or HTML pages on the target servers, and start downloading them to
This could make all the Spam issue a lot more fun !
There are a few possibilities:
There's no reason Leonsis would know every dealing that AOL does (especially those before he rose to this level); if he affirms, he's fucked. If he denies, the best he can hope for is status quo ante if he's right; if he's wrong, he's fucked. So if he answers, 4 things can happen, and 3 of them are bad.
Opt-out is a cop-out. Why should ANYone ever be required to opt-out of any E-mail list that they never opted into in the first place?
You, like many others (thieving parasites like Scelson included), are still overlooking one critical fact:
The Internet is not now, nor has it ever been, a truly "public" resource. Nobody in the government pays me any subsidy to operate my servers, and I don't know of any ISPs in the U.S. that are receiving any similar subsidies.
I pay, out of my own pocket, for the electricity and bandwidth that my servers require to work as they do, just as anyone from a mom-n'-pop ISP to a giant like Earthlink pays for the electricity and bandwidth to run theirs.
In each case, whether you're a single individual or a multinational conglomerate, or anywhere in between, your servers are YOUR PRIVATE PROPERTY, along with the mailboxes on them. You might rent them to others, as ISPs do, but the only guarantee that ANYone has in terms of sending and receiving mail is whatever guarantees are in the contract that gets signed between an Internet provider and their customers.
When spammers spam, they're violating private property rights. Period. When someone spams me, or one of my other users, they're STEALING from me. When someone spams AOL, they're stealing from AOL and its users. When someone spams ANYone with a 'net-connected system, it is theft of resources. Period.
I will do whatever it takes to protect my systems from such intrusions. If that means risking the loss or delay of some legitimate E-mail, so be it.
Apparently, AOL is taking a similar path. That's fine. They have absolute and final authority over their own equipment. Scelson can scream "censorship!" all he wants, but he still has no right to mail to someone else's network if they don't want to receive his (or any other spammer's) crap.
Bruce Lane, KC7GR,
Blue Feather Technologies
This national database could store irreversible hashes of the addresses. This way it would not be possible to extract addresses from the database, while it would still be possible to check whether some address is present in it.