Slashdot Mirror

← Back to Stories (view on slashdot.org)

Following the Spam Trail

Posted by CmdrTaco on from the stuff-to-read dept.

An anonymous reader writes "MSNBC's Bob Sullivan doggedly follows a spam trail from Alabama to Argentina to find out who actually benefits from spam. The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies."

6 of 232 comments (clear)

  1. Pick up the phone. by pontifier · · Score: 5, Informative

    If you can nail down a domain that seems to profit, use the whois information and call them on the phone. I usually dont get spam after I have complained to a person. If the phone number is bogus you can report them at http://reports.internic.net/cgi/rpt_whois/rpt.cgi

    --
    -John Fenley
    1. Re:Pick up the phone. by Yanna · · Score: 4, Informative

      Notice how the guy that spams is in Argentina. First, I do not think that your calls will bother him more than they will cost you. Second, this guy is a real mercenary. This is his way of life.

      I ran a little query and found that he actually registers his domains under the following address:

      Entidad Registrante: Zonda Sistemas S.A.
      Direccion: Callao 1253
      Ciudad: Buenos Aires
      Codigo Postal: 1024
      Pais: Argentina
      Telefono: 4803-3824
      Fax: 4803-3824
      Actividad Principal: Sistemas

      Persona Responsable: Alberto Roberto Meyer
      Direccion: Callao 1253
      Ciudad: Buenos Aires
      Codigo Postal: 1024
      Pais: Argentina
      Telefono: 4803-3824
      Horarios Contacto: 10-18

      Fecha de registracion: 20/01/2003
      Entidad Administradora: Zonda Sistemas S.A.
      Direccion: Callao 1253
      Ciudad: Buenos Aires
      Codigo Postal: 1024
      Pais: Argentina
      Telefono: 4803-3824
      Fax: 4803-3824
      Actividad Principal: Sistemas

      Contacto Tecnico: Alberto Roberto Meyer
      Direccion: Callao 1253
      Ciudad: Buenos Aires
      Codigo Postal: 1024
      Pais: Argentina
      Telefono: 4803-3824
      Horario Contacto: 10-18
      Fax: 4803-3824

      Servidores de Nombre de Dominio
      Servidor de Nombres Primario:
      Nombre: ns.super-zonda.com
      Direccion ip:

      Servidor de Nombres Secundario:
      Nombre: ns1.super-zonda.com
      Direccion ip:

      Tercer Servidor de Nombres:
      Nombre: ns2.super-zonda.com
      Direccion ip:

      Cuarto Servidor de Nombres:
      Nombre: ns3.super-zonda.com
      Direccion ip:

      Sorry that it is in Spanish, but the only way to find this guy is by running queries in nic.ar. Were you in a position where you could actually phone this criminals, you need to add +54 11 to the listed telephone numbers (54 being the country code for Argentina and 11 the city code for Buenos Aires).

      Good luck!

    2. Re:Pick up the phone. by notfancy · · Score: 5, Informative

      Don't bother calling. The number is disconnected. I just called (I'm in BA, so it's local) and the earnest recorded-message lady informed me of the fact.

      I pity the poor soul that gets assigned that number.

  2. No spam no spam by Brian+Kendig · · Score: 4, Informative

    I don't see what the problem is. I don't get spam any more.

    Now, granted, I run my own mail server: Exim, attached to SpamAssassin via SA-Exim. And this combination is highly effective. I have it set up to be more aggressive than most people would want their spam filter to be; if an incoming message even *smells* like spam, my server refuses to accept it and instead gives a failure message with an alternate non-filtered address to use if the email wasn't actually spam. In a year of running it, it's rejected 100 spams per day on average, with only one known false positive in the entire year (it was someone forwarding a spam to me). And if a spam is sent to one of the addresses which I haven't used for years, then I perform the added courtesy of tarpitting the spammer.

    But there are a lot of tactics that an ISP's mail server can use to cut down on a huge amount of spam without risking false positives. Check the mail against Razor and the other services which keep track of mass-mailings which have been reported as spam, for example. Refuse mail from a server which pipelines its SMTP commands then drops its connection without waiting for a response. Verify that the sending mail server's address actually can be resolved.

    ISP's could go a long way towards making spam much less of an annoyance if they'd just use software to filter out the obvious spams. Hook the mail server up to SpamAssassin, set the threshold high enough to avoid false positives.

  3. Re:fighting back by rediguana · · Score: 4, Informative

    Ah that will pale into insignificance when compared to the aging of the customer data already in the db. I did a Certificate in Direct Marketing (never used it in the end) 4-5 years ago, it was quite interesting. One of the points we were taught by our national DMA was that in a given year, approximately 25% of the customer records in a database will become outdated - I'm sure it is even higher in Internet time. The relevance to spammers is that they must continually be creating new databases to guard against obselete customer data.

  4. Sneakemail.com by KevinMS · · Score: 5, Informative

    This is why Sneakemail was created over 3 years ago. You can easily bust whoever benefits from your stolen/sold email address no matter how far down the chain it goes. For those who don't know Sneakemail was the first disposable email address service which was designed both for keeping your address clean and tracking those selling your address. Sneakemail got a mention in this months MIT Technology review magazine.

    --
    Sneakemail is to spam filters what an ounce of prevention is to a pound of cure.