Slashdot Mirror
Following the Spam Trail
An anonymous reader writes "MSNBC's Bob Sullivan doggedly follows a spam trail from Alabama to Argentina to find out who actually benefits from spam. The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies."
If you can nail down a domain that seems to profit, use the whois information and call them on the phone. I usually dont get spam after I have complained to a person. If the phone number is bogus you can report them at http://reports.internic.net/cgi/rpt_whois/rpt.cgi
-John Fenley
How many Sysadmins are running spam filters to catch that crap so the end user never sees it?
-- Some days you're the dog; some days you're the hydrant.
An entirely separate set of companies also benefits from the spam economy -- Internet service providers who carry their traffic... In exchange, the ISP agrees to suffer more than normal complaint rates. In PSINet's contract, revealed on News.com, the firm received an upfront payment of $27,000 from Cajunnet, a marketing firm based in Slidell, La. In exchange, PSINet agreed to permit Cajunnet to send unsolicited email "in mass quantity" through PSINet's lines."
Maybe this might drum some sense into somethingawful.com's heads.
I made a comment 2 days earlier about this. If you do business with ISP's that work hand in glove with spammers, don't go around whining that SPEWS is the one to blame.I don't see what the problem is. I don't get spam any more.
Now, granted, I run my own mail server: Exim, attached to SpamAssassin via SA-Exim. And this combination is highly effective. I have it set up to be more aggressive than most people would want their spam filter to be; if an incoming message even *smells* like spam, my server refuses to accept it and instead gives a failure message with an alternate non-filtered address to use if the email wasn't actually spam. In a year of running it, it's rejected 100 spams per day on average, with only one known false positive in the entire year (it was someone forwarding a spam to me). And if a spam is sent to one of the addresses which I haven't used for years, then I perform the added courtesy of tarpitting the spammer.
But there are a lot of tactics that an ISP's mail server can use to cut down on a huge amount of spam without risking false positives. Check the mail against Razor and the other services which keep track of mass-mailings which have been reported as spam, for example. Refuse mail from a server which pipelines its SMTP commands then drops its connection without waiting for a response. Verify that the sending mail server's address actually can be resolved.
ISP's could go a long way towards making spam much less of an annoyance if they'd just use software to filter out the obvious spams. Hook the mail server up to SpamAssassin, set the threshold high enough to avoid false positives.
Ah that will pale into insignificance when compared to the aging of the customer data already in the db. I did a Certificate in Direct Marketing (never used it in the end) 4-5 years ago, it was quite interesting. One of the points we were taught by our national DMA was that in a given year, approximately 25% of the customer records in a database will become outdated - I'm sure it is even higher in Internet time. The relevance to spammers is that they must continually be creating new databases to guard against obselete customer data.
Oh well, I'll bite.
I don't agree with using SPEWS, as I think it's too drastic, but SPEWS has a right to exist. I should also point out that there is no case of slander/libel as SPEWS keeps evidence. As for staying totally anonymous, they don't want to be spammed, theatened, or be litigated into oblivion. Also, Seeing as how it's the ISP's bandwidth, the ISP's have the right to use, opr ignore SPEWS. Yes, places like SA get caught in the middle, but, honestly, if it's just places like SA, I really don't want them. They're, quite frankly, just childish.
Also, this is a case of consumer ignorance. If a customer does not know they their ISP uses SPEWS, then it's their own damn fault.
When all else fails, use Hotmail, or setup your own mail server.
--LordKaT
You see, most of that stuff stuff is made in sunny Southern California... Swedish Erotica (A.K.A. Cal Exotics) is in Chino CA.
"Four days later, four companies sent us an e-mail indicating they knew we were looking for a new mortgage". Four days!! With the myriad layers of 'affiliates', 'lead generators', and 'spammers' operating in legally grey areas and distributed all over the world, it's amazing that it takes only this long to get a response. I mean, sometimes it takes longer to get a response from legitimate online tech support!
The article opens by saying "There wouldn't be spam if there wasn't money in spam". Truer words were never uttered. And there wouldn't be money in spam if consumer demand didn't exist. All 'solutions' to the spam problem that fail to take this 'demand' problem into account are, IMO, doomed to failure.
Imposing Libertarian views on everyone online since 1992.
This is why Sneakemail was created over 3 years ago. You can easily bust whoever benefits from your stolen/sold email address no matter how far down the chain it goes. For those who don't know Sneakemail was the first disposable email address service which was designed both for keeping your address clean and tracking those selling your address. Sneakemail got a mention in this months MIT Technology review magazine.
Sneakemail is to spam filters what an ounce of prevention is to a pound of cure.
Would you like to make spam drop off tremendously overnight?
:-)
The technology is there right now. All ISPs have to do is is block outbound port 25 TCP and the problem will almost vanish.
What makes it that easy is the economics of spam. Spammers are generally not paying for the resources they use, which is how they can make a profit even at their incredibly small success rates.
Consider the case of a spammer who uses a DSL or cable line to send spam. Assume a relatively expensive plan offering high bandwidth costing $125/month and how many referrals does a spammer need to generate to cover that cost? At $20/referral, the sixth one moves the spammer into the black. If the spammer pumps out 1,000,000 spams per month and gets a 0.1% hit rate, that's 1000 per month. If the spammer gets paid for them all, that's $20,000. Even if only 10% of those hits turn out to be legit leads and the spammer gets paid for only those, that's still $2,000. Put another way, it pays for the spammer's PC and DSL hookup costs in the first month, with profit left over.
But let's assume this spammer knows a friendly ISP and is paying $1000 for a T-1, including local loop (you can go cheaper than that in many areas). If the spammer gets the same $2000 in referrals, that covers the cost of the T-1 and the PC. The next month covers the cost of the T-1 and leaves $1000 left over.
Major spammers send many millions of mails each month, and even the small-scale ones probably do over a million, so these numbers are pretty conservative.
What the spammers must do, however, that doesn't appear in the above numbers, is find some SMTP host(s) to carry their mail, since sending it from their own netblocks gets them quickly locked out by a great many MXes, invites DDOS attacks, results in people calling their upstream to get them shut down, etc.
Enter the open relay. Open relay mail servers are (sadly), not uncommon even today. A pox on all the clueless mail admins who run these things. Spammers need to send outbound traffic on port 25 to get to the open relays. If all ISPs closed off outbound port 25 traffic in their consumer dial, cable, and DSL pools, the spam problem would shrink tremendously. I worked for an ISP that followed this practice, and we almost never had spammers (just a few times a year), and those we did get disappeared in a *hurry* because we would know they were there in short order because they couldn't exploit any open relay; they had to use *our* outbound SMTP hosts because we closed port 25. That mean that if someone started a spam run, their account wouldn't survive the day. By the time the first complaint arrived, we could write back and say "This account has already been terminated."
That still leaves the problem of open proxies, of which there are also many, but those have to be dealt with via RBLs. That notwishtstanding, if all ISPs closed outbound 25 and required their dial, cable, and DSL customers to smarthost through their outbound SMTP hosts, it would take a huge bite out of spam, so to speak