I, Spammer

PCOL writes "The Washington Post is reporting on testimony before the Senate Committee on Commerce, Science and Transportation by Ronald Scelson, an eighth-grade dropout and self-taught computer programmer from Louisiana, who claims that he sends between 120 million and 180 million e-mails every 12 hours, that he can break sophisticated software filters 24 hours after they are deployed, and that he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet. He added that he obtained all his addresses legally and that AOL gladly sold him the company's entire customer directory which Ted Leonsis, vice chairman of AOL, did not deny." It's a tough life. Here's another story about the Senate committee meeting.

Dang it, there goes my stomach lining...

[Saint+Aardvark]

"This is censorship," he said, arguing that both anti-spam vigilantes and Internet providers that filter out spam are depriving people of their right to see their mail.

Dear God, I hope the committee saw through this pathetic little charade. Last time I checked, I had no oblighation to pay to receive advertising; I had no right to force others to pay the cost of carrying that advertising; I had no right to force others to put up with the deluge of complaints about that advertising.

And if he's right about AOL selling him their membership list and spamming their members (and AOL VP Leonsis' weasel words about "letting members opting out" does nothing to make me think otherwise), all that means is there are two assholes there instead of one. It doesn't give him any moral high ground.

But at least there's the proposal for a "federal antispam SWAT team". I'd pay good money to see a live video stream of that take-down.

Re:Dang it, there goes my stomach lining...

[Dark+Paladin]

For me, the key word is "pay for spam".

One of the reasons why sending advertisements over the Fax is now illegal (without prior authorization, etc, etc, etc) is because it costs *me* money to recieve *your* ad.

In the case of bulk snail mail, 100% of the costs (if you don't include me physically picking up the mail, looking at it, and tearing the latest "Want a 0% interest credit card that jumps to 30% later?" envelope as cost) is payed by the sender.

In the case of a fax, *I* pay the paper, toner, etc. So even at $0.01 per ad, if it wasn't stopped I could wind up paying hundreds/thousands a year for the honor of recieving ads.

In the case of spam email, I believe that the same conditions apply. While I might not pay directly $0.01 per "spam email sent", I am paying by having my web space taken up (for those with ISP's that limit their mail boxes to 5 - 10 MB). And if my business relies on emails, *your* spam interferes with my ability to do work, thereby costing me money.

Add in that most spammers forge their address, hijack (or at least use without permission "open relays" (who should be closed anyway, yes, I'm looking at you, China, Korea, and any other country who's causing this problem)) other people's mail servers (thereby costing the mail server money they did not want to spend on bandwidth, storage, processor, etc).

I should hope that the Senate should make a very simple anti-spam plan:

If you send an unwanted email as an advertisement, you must have a method of truly getting someone off of the list.

If you sell the email addresses of your clients, you should be required to state to whom they have been sold so you can opt out *before* you get spam mail.

There should be a "national opt-out" spam list that all spam senders must check before sending a message.

Violating these agreements, or sending another message after the user has "opted out" is punishable by a $1000 fine per email sent.

Re:Dang it, there goes my stomach lining...

[realdpk]

I've been checking - most of the spam I get is actually from Windows boxes that don't have port 25 open (or other proxy ports). On some of them, the ones that invited me in (because they spammed me, ;) ), I've been able to look around. I've found the usual spyware - Gator, KaZaa, etc. I'm not sure if any of those allow the companies to send spam from 'doze boxes, but it sure wouldn't surprise me.

Re:Dang it, there goes my stomach lining...

[cybermace5]

I work for a company that prints mass quantities of "direct mail." The cost factor is one of the things that keeps my conscience relatively clean: our customers pay for everything. Research, package layout, list maintenance, materials, printing, postage. And the return rate makes it all worthwhile to them. But the DM News magazines still claim "innovative" email solutions, and my company was considering getting into mass email. I doubt they will now, it's just not possible for a spammer to be REALLY successful unless they are mobile, anonymous, and willing to sidestep a few laws.

I have an interesting question though: if receiving spam cost you money because you pay for bandwidth, what about other advertising? How much do you pay for the time commercials are shown on cable channels? How much money per month is spent on electricity, during the times when the TV is being used to display advertisements in your home? How much is your time worth?

Why do people do this?

[blumpy]

Why do people bother with doing crap like this? Just because they can? This guy has the mentality of a script kiddy. Someone find his info and organize a snailmail spam-a-thon.

Re:Why do people do this?

[pboulang]

I like most of this logic with the exception of how spammers are paid. If it is a matter of a percentage of revenue generated, makes sense to target people who might buy. If a spammer gets paid by the number of emails successfully sent (maybe counted by an html image ref download) then it is just a matter of putting things in front of eyes.

Anyways, this is just scary as a solution to the problem.

Slam his customers

[st0rmshad0w]

Ok, another spammer, joy, so when are we going to start getting lists of those who HIRE these urchins? I frankly would love to start re-routing all the spam that comes to me BACK to the idiots who hire spammers. Oh, and how about some postal addresses on these spam-buying scumbags too, eh?

Re:Slam his customers

[lysium]

From what I've seen, the products offered through spam come from the finest snake-oil salesmen that the world has to offer. Pretty much all an outrageous rip-off, if not an outright con. These businesses could probably be persecuted for other violations without even legislating spam, if some law enforcement types went over them with a fine-tooth comb.....

Now -that- would be slamming the customers. p.------------

Nothing Good Is Going To Come Of This

[nemski]

Why do I have this knot in my stomach as Congress prepares legislation to stop spam? Remember when they 'deregulated' the cable industry and all our rates went up? I know it is possible to go from bad to worse, but what is after that?

He's the Norton SystemWorks guy!

[sulli]

Watch for the lawsuit, Mr. Scelson:

Scelson, who said he does not distribute mail containing pornography, said one of his biggest clients sells a package of anti-virus computer software called Norton SystemWorks at cut-rate prices. Officials at Symantec Inc., which makes the Norton software, said in an interview that although they have not seen the package Scelson's client is selling, other similar offers that they have tracked down have proved to be counterfeit.

I get 1-2 Norton SystemWorks spams a day. If they're from this fucker, let's hope the Symantec people are able to find out where he lives, and sue him into oblivion.

Scelson, as all spammers, is a liar

[gorbachev]

There is NO way he bought the AOL address information from AOL.

One thing to keep in mind when talking with spammers is that they always lie. They lie to themselves ("everything I do is legal", "I am forced to hijack open proxies") and they lie to everyone else ("Here's the information you requested").

The career spammers are, indeed, bold enough to even lie to the US Government, face-to-face. Too bad the US Government is usually totally cluefree when it comes to the spam problem, so these conmen get away with lieing to senators.

Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death

Re:Scelson, as all spammers, is a liar

[gorbachev]

Read my response to the previous reply.

Also consider this. How much do you think a little weasel like Scelson could've afforded to pay for the customer list? $20K, maybe, if he borrowed money from his stepmom.

AOL would NEVER sell complete (as in without AOL's involvement) access to their most valued asset for anything not in 6-7 figures.

Scelson is putting on a smoke-and-mirrors game trying to confuse people involved so that they won't notice he's a thief, liar and a conman. This is Spammer 101 tactics.

Proletariat of the world, unite to kill spammers

Return to sender!

[st0rmshad0w]

I think I have it. If we get the spammer's postal address, and the postal address of those who hired him, maybe we should just print out all the spam we get and sent it to the one who hired him postage due. :)

As an added bonus use the spammer's postal address as the return address.

How early can you drop?

[rxed]

8th grade dropout? How early can you drop?

Lots of good info here...

[johannesg]

"People still buy this stuff," he said, claiming that his clients get a response rate to his e-mail of 1 to 2 percent.

Let's say 10 million emails per hour (lowest), 1% response rate (lowest), that's 100,000 responses per hour! That means that over the course of a year, we are talking about 876 million responses. Divide that by the 165.75 million internet users in the US, and we learn that each and every one of you respond to him 5 times per year!

Well, maybe he spams the entire world. I have no idea how many internet users there are in the world, but let's say it is something like one billion. That means everyone responds to him almost yearly! Amazing! Now I only have one question: those responses, are they sales or deaththreats?

Re:Lots of good info here...

[Just+Some+Guy]

1% response rate is extremely unlikely.

I agree. Some loser just used one of my domains in the forged From: headers for a batch of spam. After seeing a bunch of "User unknown: kim@mydomain.com" entries in my maillog, I set up aliases for all of the usernames that the spammer(s) used just to see what kind of stuff was coming back.

Out of about 20,000 incoming emails to those fake accounts (I wish I could find the sonofabitch that sent that batch), only about 2 or 3 were from real people, all of whom were writing to threaten a boycott of my domain if I didn't quit spamming (heh!).

Another bad Slashdot analogy

[JSkills]

Yes - many people use analogies to make their point on Slashdot - so here's mine.

People need to guard their email addresses in the same way they practice safe sex. Don't go sticking your email address just any old place ...

Ok, that was bad. The exceptions are cases where your ISP screws you and sells your name (like those sorry AOL customers had happen to them) or people who use brute force address guessing algorithms.

Although I think the legislation being considered is a good first step --

The Burns-Wyden bill would make it illegal for bulk mailers to forge their sending location, have deceptive subject lines or prevent users from removing their names from e-mail lists. Owners of networks would retain the ability to block mail, and the legislation gives Internet providers legal standing to hunt down and sue spammers.

The committee also heard from Sen. Charles E. Schumer (D-N.Y.), who advocates a nationwide do-not-spam registry similar to a newly created do-not-call telemarketing list, plus an international treaty on spam.

Nothing really beats good filtering. I put together a server side filtering process using a Mail::Audit. I support several end users who can administrate their mail rules (e.g. block if subject has "viagra" or if sender is spamboy@jizzmop.com, etc.) using a web based interface and MySQL back-end. People can share rules as well. It's working pretty well for everyone. Additionally, Mail::Audit allows you to tap into the RBL which essentially will give you an "unlisted number" - only those you have expilicity granted permission to recieve from can reach you. Sounds extreme, but I get ZERO spam.

Here's an idea.

[Greg@RageNet]

Here's a proposal, as it seems like the world is moving closer to 'whitelist' (reject by default) method of spam combatantcy. Perhaps there should be a global whitelist set up, where a user signs up, and must verify their mail address, then the mail address is MD5 hashed and stored in a database. Recipients recieve an email from this sender they simply hash the from address and check to see if the hash exists in the database. If it's present the mail is accepted, if not, rejected. Solves the problem of invalid from addresses always used in spam, as well as solving the problem of preventing data-mining of such a 'whitelist' database by spammers (as it contains only checksums).. And it solves the problem of being able to recieve messages from people you haven't personally explicitly whitelisted; ie. old friends from highschool, aquantances with new email addresses, etc..

Whaddya think?

-- Greg

Re:Profit on selling customer list?

[epsilon720]

Someone here could do it with the same logic the RIAA uses for their financial analysis, and show that had AOL not sold out, they would own the entire world. Since customer loss is clearly purely due to spam, AOL would then sue the spammers for $97 Billion. Then AOL would be allowed to attack any spammer's computer and delete or alter anything that has the same name as an e-mail client....

one less spammer

[mikeee]

Isn't it a felony to lie in congressional testimony?

Well overhere

[Anonymous+MadCoe]

In my wonderfull country (!= US). We have a systenm where you can put an official sticker (free at townhall). on your mailbox that you don't want Junk Mail, and you don't get any (mistakes excepted, but hey once a year or so). The same stickers also allow you to differentiate between "Junk mail" and "local advertisements papers" (Which can be handy if you want to know what's going on in your local community). If a similair system could be implemented for email (I doubt that, at least any time soon). then I would not mind electronic junkmail (allthough I would opt-out). Now I object since I have no means of opting out and be done with it.

Re:Just a few

[BrookHarty]

Actually, this is a Bad idea, this is why we have laws against people posting addresses for doctors at abortion clinics.

While I hate spam, I think Ronald Scelson is on the right track. He wants to send spam with correct headers, make all spam use [ADV] and let the user filter spam. Seems a win/win solution. No need for black lists, just create a little client side filter [ADV*] -> Trash. Then the people who want discounts on software, or whatever can be part of the 1-2% that actually buy from spam.

Of course, why Ronald Scelson isn't using [ADV] type tags already is a slap in the face. Spamers should team up and start everything they can to do things legit, before we start legislating them into the history books.

Also on opt-out, You don't even need opt-out if you have [ADV] tags. Thou nice to have opt-out, the power to filter correctly is more important (imho)...

He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you. - Friedrich Nietzsche

A modest proposal

[John+Harrison]

We should designate some day in the near future as "Everybody is a Spammer" day. On that day, everyone will send as much spam as possible to every email address they have. Since 8th graders are capable of spamming effectively I would guess that a significant percentage of the population is as well.

What would the result of this be? Email would be totally unusable that day and perhaps for many days afterwards. Not only would it get government officials to take notice, it would cause even the spammers to see the evil of spam. Those that are capable of seeing it anyhow, most of them are probably blind to it.

Also, everyone that became a spammer for a day would Profit!

Re:Spamming != bulk mailings

[misterpies]

To go wildly offtopic...

Postage stamps were first introduced in Britain, in 1840. As you say, before then it was the recipient who paid for the mail, not the sender.

Now in those days that was sensible, since there was no mail system as such anyway. Cash on delivery was the only way you could be fairly sure that the messenger would actually deliver your letter -- since if he didn't, he wouldn't get paid.

Problem was, people cheated the system. Early hackers, shall we call them, figured out that they didn't need to have their letters actually delivered & paid for to communicate. For instance, if someone wanted the answer to a simple yes-no question (remember, all long-distance communication was by letter then, so this happened a lot), they could set up a code for the response to be communicated by the colour of the envelope. So: messenger arrives with a letter -- but the recipient, having seen the colour of the envelope, says he doesn't want it and refuses to pay.

Solution: set up a national postal system that people trust, so they're willing to prepay for delivery.

Of course, 150 years later and US phone companies make the same mistake with cellphones. Charge people to receive calls + caller id -> don't answer, just call back on a land line.

How about a global "Do Not Call" list for email?

[EmagGeek]

Why not just mandate what exists in many states for telemarketers? Establish a global blacklist that people can sign up for, and spammers must check that list before sending an email? The fines could be made substantial enough to be a deterrent - say 5 years in the pokie with a 300lb hairy "woman" named "Bubba" and siezure of all assets without forbearance of liabilities. That way, after 5 years of hell, they can get out of prison to a mountain of debt with no hope of ever climbing out.

This might be a technical challenge, but so was landing on the moon...

Re:One email a day - BS

[EmagGeek]

The article claims he sends 120 to 180 million emails every 12 hours, so that's up to 360 million emails per day. At that rate, it takes approximately 18 days to email every man, woman, and child on the planet....

Even worse than being spammed

[cmpalmer]

I've grown used to logging on in the morning, deleting 20-50 spams that made it through my ISP's filter, then reading the 1-10 valid messages.

Until a few days ago...

Then I started getting bounced messages showing up in the inbox. First a dozen or so, and now 300+ per day. Some unscrupulous bastard put my e-mail address as the return address on those damned "Penis enlargement" spams and sent out a coupla hundred thousand. All have a different name ("Buffy", "Steve", "Frank", etc.), but all with my e-mail address.

I've had that address for nearly 10 years, which is the reason I put up with spam on it, but now I'm going to have to kill it all because some moron (the messages originated in China according the to headers) picked my name at random to hide behind.

Re:Spamming != bulk mailings

[leviramsey]

Spam is a direct consequence of the fact that the email system was designed without taking this possibility into account.

The only way to stop spam is going to be junking some major portion of the email infrastructure. Every antispam measure yet proposed does this.

• filtering and auto-deleting, along with its close cousin, whitelisting: junks the assumption that the mail will actually be read by a recipient
• blacklisting IPs and networks: junks the assumption that there will be open communication
• replacing SMTP with some new protocol: junks the underlying protocol by which the email system works
• banning anonymity: junks the assumption that the uses of anonymity would be "good" uses.
• ending common carrier (at least for the purposes of civil liability; this is quite possibly the best option): junks the idea under which the internet as a whole has operated for the past few decades (namely that the carrier of the data is not necessarily responsible for the data).

Either the spam problem continues, or you espouse getting rid of some part of the traditions by which email and the Internet have operated since the early days.

DMCA

[Zed2K]

"He boasted that in 24 hours he could crack sophisticated software filters designed to block spam."

So isn't that in violation of the DMCA? Or am I stretching it? If he said he could get around them then its different but he specifically said he could crack them.

Blacklist AOL on your mailserver!!!

[Medievalist]

After dozens of attempts to get AOL to implement the most rudimentary outgoing filters on their Email system, and getting ZERO response, I have regretfully informed our user base that we will no longer accept any Email emanating from any machine with an AOL.COM IP address.

They are breaking the rules of the Internet (see: SMTP RFCs) by improperly implementing postmaster@aol.com (see rfc-ignorant .orgfor details) and their mail relays have sent hundreds of viruses into my domain.

I have asked all AOL users at my site who wish to continue emailing their home addresses from work to get a new service provider and given them two months to do so. I have recommended several small local ISPs to them that I know provide good service and never allow easily detected virii like Yaha, Klez and SoBig to transit their mail hubs.

We, fellow slashdotters, can use our enormous power as administrators of email hubs to get AOL's attention - since it seems more civilized methods are useless. The social contract of the Internet is simple; play by the rules (i.e. implement the required RFCs) or you are not part of the community.

you pay for bulk (snail) mail too

[Travis+Fisher]

• In the case of bulk snail mail, 100% of the costs (if you don't include me physically picking up the mail, looking at it, and tearing the latest "Want a 0% interest credit card that jumps to 30% later?" envelope as cost) is payed by the sender.

This is a common misconception. If you use the postal service to send letters with actual first class stamps on them, you are paying for bulk mail to be sent. Why? Because the postal service charges bulk mailers less than cost to send their junk to your mailbox. They make up for it with higher rates for first class customers.

See for instance this statement from the former chief financial officer of the postal service.

Re:are you kidding?

[DunbarTheInept]

ALso, the USPS is a government sponsored monopoly but it doesn't receive any tax payer dollars. It is self funding.

Not only that, but it's even older than the government. The post office was concieved under the Articles of Confederation, before the current government under the Constitution. And not only did it pay for itself, but it was once the primary source of revenue to fund the government.

A Somewhat Simple Solution

[Iron+Chef+Unix]

I know this doesn't really address the problem of bandwidth, but we already have advertising legal models for printed material, why not apply some of this to email?

For instance, in the case of newspaper or magazines, an advertisement must clearly be identifiable as an ad, otherwise the ad must contain a very visable "This is a Paid Advertisement".

So, I figure spam is trying very hard to be indistinguishable from regualar email or email sent from a legitamate company with which you do business. Let's just make a law that says that any email that is an advertisement must contain ADVERTISEMENT in the subject and body.

Sure, they can break this rule pretty easily, but this will allow the user and or government to identify which emails are not following the rule and find them.

This also gives the user and software developer and easy route to dispose of spam. If you don't want it, just filter for the word ADVERTISEMENT and push it to an ads folder or the trash.

Sure, there are still issues with this, but its a start.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Snailmail DoS

[awptic]

I've already signed him up for every catalog in the first 6 pages of google search results for "free catalog" .. anyone wanna pick it up from here ?

has everyone missed the point?

[maxpublic]

Do you honestly think Congress gives a good goddamn about spam? Congressman don't have to deal with this shit; their lackeys do.

This issue isn't about killing spam - it's about using spam as an 'issue' to kill anonymity online. It's yet another attempt by the government to throttle what remains of our privacy, and spam is a very convenient complaint to base this sort of legislation on.

Thanks but no thanks. I'll take the spam in exchange for privacy. My privacy is far more important than any government attempt to curb unwanted email, especially when it's just a ruse to eliminate what few rights I have left.

Max

why not hit their web sites?

[dougnaka]

With valid requests for the content.. so you can "cache" it proactively. Have the mail server query every http link and download whatever it is a couple times... but maybe your download script is accidently broken and just keeps sending the SYN requests, it could keep a list of "active" http requests to make ever few minutes or so. Of course you would want to whitelist some sites, and do some kinds of filtering to be closer to sure that it's an actual spam.
As a seperate note, I've used popfile for a while now and I don't even notice the spam. anymore, my popfile is 99.6% accurate. Popfile is easy to use also, I setup 3 non-techies on it and they haven't called since the initial configuration. Spam is no longer the headache it used to be.

Super-DMCA

[Elequin]

Holy *%&@.

I just realized something. (Yes, I'm probably a bit behind, and just mod me redundant if this has been discussed before.)

The Super-DMCA that's been going around basically makes it a crime to attempt to hide the destination or originating point of any communication with the intent to defraud a communications provider.

This Super-DMCA has been passed a lot of places. Doesn't it pretty much already make forging headers for sending spam illegal?

A trend is emerging

[cardshark2001]

Have we seen a SINGLE article about a spammer here on Slashdot, EVER, where the spammer did not claim that they don't send pornography spam? Where the hell do I get it all from then? Santa?

Open Relays and an Immodest Proposal

[jefu]

I tend to try to turn problems around and see if there's not a fun backwards approach. (Like instead of trying to stop a bulldozer you find a way to lure it into a swamp.) It doesn't always work and often ends up with people pointing at me and laughing. So be it.

In the case of spamming I've started to wonder about open relay blocking. Most sites that offer information about open relays to facilitate blocking (such as ordb.org) do not make the contents of their open relay lists public. And that made perfect sense to me until yesterday when (while looking into several spam filtering methods) I got curious and started looking for a list of open relays. I found at least one such - but it was clearly aimed at the spammers as it had incomplete information and a way to purchase a subscription.

So, by making open relay lists private and secret, we're actually supporting the spam industry (not necessarily the spammers directly, but the folks who sell them stuff).

Maybe its time to think about releasing the lists. This could have several interesting effects (positive :) , neutral :| and negative :( ) :

1. :| The organizations who collect open relay lists would continue to function as they do now, but sites that would like to use the lists heavily could download their own copies.
2. :) The folks who sell open relay lists would find it harder to do that if the information were freely available. With a bit of luck they'd go out of business.
3. :) it would become much harder for site admins to ignore open relays they control if everyone used them and the traffic went way up. This would be an incentive to close them. (Of course, it would be unethical to suggest that anyone else route their mail through the relays - that would amount to a denial of service.)
4. :) As the relays got closed, the traffic on those left open would increase dramatically - thus increasing the pressure on those site admins.
5. :) Knowing that a site has open relays might prompt users, friends of the site admins and so on to bug them into closing them. Currently it would require rather more work on the part of such buggers to determine that the buggee needing bugging.
6. :) Eventually, with a bit of luck, the great majority of the open relays would be closed and spammers would end up using very slow machines. Indeed, it might become profitable for major sites to run a couple of open relays on (for example) an old 80286 on a 1200 baud serial line).
7. :) Eventually, faced with a small pool of (slow?!) open relays, spammers would turn to spam support sites that could send the mail for them. And I'd be willing to bet that such sites would charge nicely for the service. And there's still nothing to prevent a user from blocking those sites.
8. :( There would be a serious (but I suspect temporary) increase in spam. Current spam filters would not stop working.
9. :( There would be problems with people forging open relay lists with machines of people they might want to annoy. (This could be handled by digitally signing such lists from trusted sites.)
10. :) It would keep the congresscritters from meddling in things they dont understand - with what is almost certain to be disasterous effect.

Maybe it wouldn't work, but the stuff written about the spam proposal before congress is seriously scary - it would essentially legitimize whole classes of spam and make it much harder to turn off such "legitimate" spam.

Re:Open Relays and an Immodest Proposal

[jefu]

The plusses and minusses of this have been wandering through my brain for a day or two now and a couple more facets of this kind of thing have surfaced and floated around long enough to be worth mentioning.

Open relays could have interesting uses - both anti-spam and pro-spam.

An organization wanting to curb spam could operate an open relay set to run very, very slowly. This has (I read it in /., so it must be true) been done.

More interestingly, such a machine could forward only some of the spam moved through it. Maybe only one message out of a thousand. Spammers would still get a response, but the total amount of spam would be reduced substantially.

Or, if the idea of dropping mail does not agree with you, the mail could be wrapped in another message, forwarded, with whois and contact information (to the extent it is available) from the originating host, and a message explaining that it is spam.

This has the nice side effect of being able to also collect spammer origination IP addresses for use in future blocking. Or to collect spammer websites.

But the most intriguing notion to me is that spammers themselves could do the same thing, dropping mail - which would make their spam service look better than their competitors. Better still, at the same time, it could be harvesting the email addresses for use in their own spam delivery. Such a machine could clearly cull out the "I'm trying every three letter id possible." email addresses.

Or, you could do the wrapper thing above and.... but I've likely said too much already. ("You've yourselves to blame if its too long, you should never have let me begin.")

So, any spammers out there want to confess? Is anyone doing that? Go ahead, be an anonymous coward and tell us. I promise (on behalf of all the /.'ers) that we won't use it against you.

I'd wonder myself about the people who sell open relay lists - putting a machine or three to harvest emails on it could generate email address lists that they could sell as well.