Following the Spam Trail

An anonymous reader writes "MSNBC's Bob Sullivan doggedly follows a spam trail from Alabama to Argentina to find out who actually benefits from spam. The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies."

Tea bagger

[mao+che+minh]

The reporter wrote this story as if he actually broke it.

MSNBC: we have known about the relationship between spam, lead generators, and legitimate businesses for years now. For example, when I filled out an add to enlarge my penis 3 years ago, I got all sorts of emails from GNC and other well known health and fitness companies.....oh wait, I mean, when I clicked on the "See Britney Nude XXX HOT Angelina J-Lo-XXX-HOT!" offer I got an ad from her record label and WareHouse Music in the mail. Yea, that's it.

FP

Get Spammed Thru An Anti-Spam Article!

[webguru4god]

If you look towards the bottom of the MSNBC page linked in the story, there is a form that allows you to submit your spam stories, which asks for your name, hometown, phone number and e-mail address. Now what does MSNBC need with that information, in relation to your experiences with spam? Seems fishy to me...

Re:Get Spammed Thru An Anti-Spam Article!

[aengblom]

Now what does MSNBC need with that information, in relation to your experiences with spam? Seems fishy to me...

Well, if they want to do a story on them, they might actually want to be able to CONTACT you. And let's hope that major news organizations require that people who report things to them are actually, REAL PEOPLE. Not just random e-mail addresses signed by Haha G. Ottcha

Re:Get Spammed Thru An Anti-Spam Article!

[dJCL]

I filled it out with a custom e-mail address, only ever entered on their site at that message. If I get any spam from that address, well we know where they stand from there... heh.

Re:Get Spammed Thru An Anti-Spam Article!

[mousse-man]

It's not MSNBC, but the penis-enlargement spammers so they can confirm your email address and check out with their sooper-sekerit spycam whether your male implement is too small (it always is).

Pick up the phone.

[pontifier]

If you can nail down a domain that seems to profit, use the whois information and call them on the phone. I usually dont get spam after I have complained to a person. If the phone number is bogus you can report them at http://reports.internic.net/cgi/rpt_whois/rpt.cgi

Re:Pick up the phone.

[Yanna]

Notice how the guy that spams is in Argentina. First, I do not think that your calls will bother him more than they will cost you. Second, this guy is a real mercenary. This is his way of life.

I ran a little query and found that he actually registers his domains under the following address:

Entidad Registrante: Zonda Sistemas S.A.
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Fax: 4803-3824
Actividad Principal: Sistemas

Persona Responsable: Alberto Roberto Meyer
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Horarios Contacto: 10-18

Fecha de registracion: 20/01/2003
Entidad Administradora: Zonda Sistemas S.A.
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Fax: 4803-3824
Actividad Principal: Sistemas

Contacto Tecnico: Alberto Roberto Meyer
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Horario Contacto: 10-18
Fax: 4803-3824

Servidores de Nombre de Dominio
Servidor de Nombres Primario:
Nombre: ns.super-zonda.com
Direccion ip:

Servidor de Nombres Secundario:
Nombre: ns1.super-zonda.com
Direccion ip:

Tercer Servidor de Nombres:
Nombre: ns2.super-zonda.com
Direccion ip:

Cuarto Servidor de Nombres:
Nombre: ns3.super-zonda.com
Direccion ip:

Sorry that it is in Spanish, but the only way to find this guy is by running queries in nic.ar. Were you in a position where you could actually phone this criminals, you need to add +54 11 to the listed telephone numbers (54 being the country code for Argentina and 11 the city code for Buenos Aires).

Good luck!

Re:Pick up the phone.

[notfancy]

Don't bother calling. The number is disconnected. I just called (I'm in BA, so it's local) and the earnest recorded-message lady informed me of the fact.

I pity the poor soul that gets assigned that number.

Re:Pick up the phone.

[Yanna]

Do you think the address is still useful to send tokens of appreciation to these fine gentlemen?

Re:Pick up the phone.

[XSforMe]

Mmhh... yea that could be a way to go, but given the Argentinian crisis, and the light shed by the article on how ISPs bennefit from this, it would be trivial for him to get reconnection; actually he probably has ISP sales personnel calling 24 hours a day the disconnected number.

Je... coming to thing about it, the only way to really block him would be to disconnect ALL of Argentina's IP range. A bit drastic IMO.

I think the real way to go is to keep driving their response rate down. Educate your users, set up those filters, and report the fishes that get through the filtering.

Re:Pick up the phone.

[notfancy]

I pretty much doubt it. If you notice in the address line, only the street and street number were provided, without indication of office or apartment number. First of all, I doubt the address itself is valid; secondly, if it is, it is a high rise building with 99.95% confidence; so without an office number is anybody's guess where to send gifts to them.

Huh?

[MoeMoe]

What "well known" company offers penis pumps? Has Gates been up to more no good?

Re:Huh?

[Salgak1]

It's probably in Sweden. That's where they make the brand Austin Powers endorses. . . (g)

Re:Huh?

[AVee]

What "well known" company offers penis pumps? Has Gates been up to more no good?

Yeah, that's his other company, BigHard...

Re:Huh?

[tcopeland]

> the brand Austin Powers endorses

"I don't even know what this is! This sort of thing ain't my bag, baby!"

Re:Huh?

[AndroidCat]

Sure, and of course he has to disguise the source.

Who the hell would buy a penis enlarger from Micro-Soft?

Re:Huh?

[Erick+the+Red]

Slashdot theme in 2 years: The only products that MS makes that doesn't suck are the penis pumps.

Re:Huh?

[majorflaw]

More to the point: Would you stick *your* dick into something made by M$.

Re:Huh?

[Hoser+McMoose]

I dunno, Microsoft has been giving us users the shaft for long enough, maybe it's about time to return the favor? :>

Statement of the obvious

[Gherald]

The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies.

Wow, like we hadn't figured that out already.

All commercial advertising, SPAM included, benefits companies.

Individual spammers are just pawns like their more respectable counterparts in the legitemate marketing industry.

Re:Statement of the obvious

[PhxBlue]

Well, yeah, we have already figured that out. But the article isn't for us, it's for the 85% or so of users who don't even know how to block spam or why they get any. I think Slashdotters take their computer literacy for granted sometimes. :)

Re:Statement of the obvious

[Gherald]

I was quoting the story. How can you say it "isn't for us" ?

+1 insightful my ass

but?

[chloroquine]

But what about us pasty faced social misfits? I mean, I deserve my slice of the pie as well.

This article is written for an ignorant audience. I'm an ignorant audience and its smug tone of condescension even pisses me off.

Re:but?

[LostCluster]

The fact is, "pasty faced social misfits" who send spam don't make a product. They need to either buy something from some supplier, or be feeding into some sort of lead generation program like the article lays out. So, something does ripple through the economy...

Obviously

[dragonfly_blue]

Someone must be benefitting if they can afford to make me this kind of offer.

Greetings,

We need a vendor who can offer immediate supply.

I'm offering $5,000 US dollars just for referring a vender which is (Actually RELIABLE in providing the below equipment) Contact details of vendor required, including name and phone #. If they turn out to be reliable in supplying the below equipment I'll immediately pay you $5,000. We prefer to work with vendor in the Boston/New York area.

1. The mind warper generation 4 Dimensional Warp Generator # 52 4350a series wrist watch with z80 or better memory adapter. If in stock the AMD Dimensional Warp Generator module containing the GRC79 induction motor, two I80200 warp stabilizers, 256GB of SRAM, and two Analog Devices isolinear modules, This unit also has a menu driven GUI accessible on the front panel XID display. All in 1 units would be great if reliable models are available

2. The special 23200 or Acme 5X24 series time transducing capacitor with built in temporal displacement. Needed with complete jumper/auxiliary system

3. A reliable crystal Ionizor with unlimited memory backup.

4. I will also pay for Schematics, layouts, and designs directly from the manufature which can be used to build this equipment from readily available parts.

If your vendor turns out to be reliable, I owe you $5,000.

Email his details to me at: info@federalfundingprogram.com

Please do not reply directly back to this email as it will only be bounced back to you.

Anyone else get this one? =P

Re:Obviously

[Arker]

Several times. I couldn't figure out what the scam was so I did some googling. Apparently the guy sending them out is a bit... different. He really seems to believe that some time-traveling bad-guys ruined his life and caused him health and other problems. He seems to believe there are actually many time-travellers on earth at the moment, and wants to get a machine so he can travel back in time and undo the horrid stuff they did to him as a child.

Numerous folk have corresponded with him and he's made the deal many times, but somehow the bad guys always seem to nab his seller at the last moment. Poor guy.

Re:Obviously

[letxa2000]

Oh yeah, I assume they either want you to visit federalfundingprogram.com out of curiosity to see WTF is going on, or have you send an email to info@federalfundingprogram.com which will surely come back with some kind of additional spam and confirm your address is working. Either that or they want you to google for the stuff they mention--presumably the stuff the sell is near the top of the Google list and it's a way to get you to see it even though you think you're doing a service for someone else.

Anyway, been there, seen that, been filtered by my Bayesian. :)

Re:Obviously

[ncc74656]

Greetings,

We need a vendor who can offer immediate supply....

It's a wonder he didn't also spec an Illudium Q-36 Explosive Space Modulator while he was at it...

Re:Obviously

[Mustang+Matt]

Here's mine... I was thinking it was revenge on the person at the email address listed in the parent post. I have to admit, I found it kind of humorous.

I got the one from the parent post as well.

>>>>>>>>>>
Hello,

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional warp generator stopped working. I trusted a company here by the name of LLC Lasers to repair my Generation 3 52 4350A watch unit, and they fled on me. I am going to need a new DWG unit, prefereably the rechargeable AMD wrist watch model with the GRC79 induction motor, four I80200 warp stabilizers, 512GB of SRAM and the menu driven GUI with front panel XID display.

I will take whatever model you have in stock, as long as its received certification for being safe on carbon based life forms.

In terms of payment:
I dont have any Galactic Credits left. Payment can be made in platinum gold or 2003 currency upon safe delivery of unit. Please transport unit in either a brown paper bag or box to below coordinates on Sunday July 27th at (exactly 3:00pm) Eastern Stand Time. If you miss this timeframe please email me.

42.4845467 & Longitude -71.1576157 and the ground is 101.3' above sea level.

Although those coordinates are a secure guarded area, these channels through email are never secure. Unfortunately it is the only form of communication I have right now. There is a good chance that sombody will try to redirect the signal. The unit must be teleported directly in a way
that nobody will be able to interfere with the transference.

After unit has been sent please email me at: *address withheld*
with payment instructions. Do not reply directly back to this email.

Thank You

squeak

Re:Obviously

[terraformer]

I got one from him as well and he had posted a drop location for something and he gives a lat/long pair (see below). I geocoded it and the location is Woburn, MA on the corner of Willow and S Bedford streets. Now I live in Watertown Ma nearby and I was really tempted to go there an fuck with him. Unfortunately I did not have the time...

Subject: Dimensional Warp Generator Needed wyvid ecasoylxcu

Hello,

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional warp generator stopped working. I trusted a company here by the name of LLC Lasers to repair my Generation 3 52 4350A watch unit, and they fled on me. I am going to need a new DWG unit, prefereably the rechargeable AMD wrist watch model with the GRC79 induction motor, four I80200 warp stabilizers, 512GB of SRAM and the menu driven GUI with front panel XID display.

I will take whatever model you have in stock, as long as its received certification for being safe on carbon based life forms.

In terms of payment:
I dont have any Galactic Credits left. Payment can be made in platinum gold or 2003 currency upon safe delivery of unit.

INSTRUCTIONS MUST BE FOLLOWED EXACTLY:
Please transport unit in either a brown paper bag or box to below coordinates on Wednesday August 6th at (exactly 5:00pm) Eastern Standard Time on the dot. A few minutes prior will be ok, but it cannot be after. If you miss this timeframe please email me. I will not be there prior to 4:45pm EST, so do not transport before then.

Item is to be delivered at (out of service tennis court) located at: Latitude N 42.47935 & Longitude W 071.17355 and the Elevation is 119.
WARNING: DO NOT ATTEMPT TO TRANSPORT ITEM BY REGULAR MEANS OF TELEPORTATION. THEY ARE MONITORING AND WILL REDIRECT THE SIGNAL!!
I DO NOT CARE HOW YOU HAVE TO GET IT HERE, JUST DO IT IN A WAY THAT NO SPYING EYES WILL POSSIBLY BE ABLE TO REDIRECT THE TRANSFERENCE. IT IS VERY IMPORTANT THAT YOU BE ABLE TO MONITOR THE TRANSFER.
HOW ARE YOU GOING TO SEND IT SO THAT THEY CANNOT REDIRECT IT??? If in doubt do not transport actual unit until your method of transfer can be confirmed as a success. You just might need to send a intergalactic courier to deliver item safely to me. If so be VERY careful at how they approach me IN MY WHITE CAR.

After unit has been delivered please email me at: info@federalfundingprogram.com
with payment instructions. Do not reply directly back to this email.

Thank You

Re:Obviously

[Zeinfeld]

Someone must be benefitting if they can afford to make me this kind of offer.

There are a number of possibilities. The most likely one being that the guy is either a crank or a hacker with a wierd sense of humor.

Another possibility is that there is some form of steganographic message being broadcast. This could be a signaling mechanism used to provide deniable communications from an 'owned' computer. Alternatively it might well be a genuine request for some form of parts. If you wanted to buy parts for some form of illegal weapon you might use this type of cimmunication to tell a quartermaster what is required.

The advantage of using a message that appears to bee from a kook is that people tend not to take kooks seriously (unless they get elected to office but that is another matter). On the other hand if you are serious about anti-terrorism you listen to so many kooks that it becomes a warning sign. The type of people who stick a bomb in a litter bin outside a McDonalds tend to be whacko jobs.

Re:Obviously

[gmack]

Or you reply wondering what the guy is on and now all further communication has a "prior buisness relationship" .. I couldn't help but notice the address for more info was one of those financial sites on the email I got.

Re:Obviously

[gujo-odori]

I concur. I was working for an ISP at the time he started sending that stuff out. We saw hundreds of them, and at first we thought it was a troll to gather known-good addresses for future spamming.

The stuff kept showing up from time to time, and eventually, on a day when we didn't have much to do, we did some tracking ourselves. Like you, we found that the guy apparently really believes it. We even found a web site where someone had posted his communications with the guy.

I'm all for getting his Internet access cut off so that he can't bother people, but I think people shouldn't toy with him. He obviously needs help and has enough problems with people baiting him.

Re:Obviously

[kaltkalt]

I think the point is to get people who think they are clever to email him and act like they delivered the stuff and are now asking for payment (as he says to do). "Hope you got the unit okay, I'd now like my payment..." ... now he has your email address and will spam the fuck out of you. If that's not it, then I'd have to vote for some sort of steganographic message (note there are different versions of this email w/ different numbers/specs).

Re:Obviously

[buzzonga]

I received almost the exact same thing earlier this week, except mine was from a stranded time travelor that needed almost the same parts to get home. Nearest I can figure is that either there is/was a web bug on the email to harvest email addresses or there is folks not from here out there and so desperate to get home they are willing to spam everybody to find another of there kind and get home....

Re:Obviously

[pherris]

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional warp generator stopped working. [...] I am going to need a new [...] rechargeable AMD wrist watch model [...]

Glad to see AMD is still going in the future. I need to call my broker and buy some shares.

Re:Obviously

[mousse-man]

So you mean that if my malehood grows, the evil Lumber Cartel is ready to strike?

The idea in itself is interesting, but in that case, I'd just open a pr0n site and use steganography in the pics.

Re:Obviously

[Zeinfeld]

The idea in itself is interesting, but in that case, I'd just open a pr0n site and use steganography in the pics.

That would be far more risky. Any pull protocol has an intrinsic risk of traffic analysis.

Authoritarian governments like Singapore use traffic analysis to monitor and suppress dissent. In Singapore every telephone call is logged and the authorities perform traffic analysis to identify groups of dissenters.

It is not that difficult to perform traffic analysis on the Internet and even with IPSEC this would not change. The only protocol that has any degree of traffic analysis resistance is NNTP

Re:Obviously

[jrumney]

The movie (Timeline) is out in November. This is nothing but old fashioned spam sent out by/on behalf of Paramount Pictures.

Re:Obviously

[SEWilco]

Paramount?

Gee, if they spam me then I get to try out Minnesota's shiny new antispam law.

Re:Obviously

[Saint+Aardvark]

Very cool example. I've got more here -- is there any chance I could include your example on my page as well? Full credit, natch...

what I want to know is....

[inode_buddha]

how many "middle men" are in the typical spam food chain, playing the percentages. Extra bonuses for network names, IP addys, hosting providers, etc. And also, why don't these large companies have the balls to just do it directly, themselves? /me thinks they are much like the Wizard of Oz, in this regard.

Re:what I want to know is....

[dJCL]

If the big business did it directly, you would have an easy target and could hit them pretty hard and fast to stop it. This way they have a large number of layers of seperation(deniability) available. As the one company in the article said, they canned the account of the person who spammed to get the lead, but that person was probably already signed up under 15 other names and loses accounts once or twice a week. But that company has deniability, and can claim they took action, knowing that it was worthless...

Re:what I want to know is....

[hackstraw]

If the big business did it directly, you would have an easy target and could hit them pretty hard and fast to stop it. This way they have a large number of layers of seperation(deniability) available. As the one company in the article said, they canned the account of the person who spammed to get the lead, but that person was probably already signed up under 15 other names and loses accounts once or twice a week. But that company has deniability, and can claim they took action, knowing that it was worthless...

Read that a couple times and think mafia, not spam.

A while back their was a poll on /. about who was the most powerful with multination corps being one of the choices. Hmm........

Who benefits from spam?

[Linux-based-robots]

The mystery is revealed. It is the The Hormel Food Company!

Who benefits from spam?

[Omkar]

Hormel, or course. Free advertising.

But seriously, does anyone here actually think people will care enough to boycott these companies?

Re:

[$exyNerdie]

Such is the messy world of affiliate marketing. Jeff Hain, director of marketing for LoanWeb, blamed his firm's involvement in the spam on an affiliate who acted outside the company's policies. The Internet is full of such arrangements, first popularized by Amazon.com years ago. Small Web sites that push traffic and business toward a larger firm get a small slice of the profits. It is often tempting for affiliates to send out spam to create such profitable traffic.
"We have thousands of affiliates out there," Hain said.

- Amazon.com still uses the affiliates programs to a great extent and Google searches often lead to sites that are nothing but links to Amazon's site in disguise. Wish Google searches could see through such tactics....

An entirely separate set of companies also benefits from the spam economy -- Internet service providers who carry their traffic.
Well-known spam nemesis Ron Scelson filed for bankruptcy earlier this year, and a review of bankruptcy documents shows he owes Bell South $56,463 for "circuits" and Cable & Wireless another $4,407 as his "Internet provider." Neither company responded to requests for information about the bills.
But it's hardly the first time a big-name Internet provider has been caught in a deal with a spammer. In an embarrassing incident for both AT&T and PSINet three years ago, both firms were caught as participants in secret "pink contracts" with spammers. Long suspected in the spam world, the revelations exposed pink contracts as sweetheart deals for the Internet firms, designed to protect spammers. ISPs get premium, well above normal rates, to sell bandwidth to known spammers. In exchange, the ISP agrees to suffer more than normal complaint rates. In PSINet's contract, revealed on News.com, the firm received an upfront payment of $27,000 from Cajunnet, a marketing firm based in Slidell, La. In exchange, PSINet agreed to permit Cajunnet to send unsolicited email "in mass quantity" through PSINet's lines.

- Is there no legal way to stop ISP's from doing that ?

IC Marketing - InfoClear Marketing ?

[Thinko]

After IC Marketing received our data, it sold our information to a firm named Infoclear Marketing in Dallas, which then sold it to Mleads, which in turn sold it to Quicken, according to Newman.
Infoclear immediately terminated its contract with IC Marketing when it heard about the spam offense, said Patrick Thurmond, who identified himself as a founder of Infoclear.

Doesn't it sound a lot like InfoClear and IC (coincidence?) are actually the same company, but can appear to 'sever ties' whenever anyone anti-spam starts nosing around.. sounds like a nice setup to me, and the investigators won't implicate poor infoclear when tracing this back.
Just my $0.02.

Thinko

"I have challenged the entire quality assurance team to a bat'leth contest. They will not concern us again."

Re:IC Marketing - InfoClear Marketing ?

[Newtonian_p]

Good observation but why would they want to make it so obvious?

I mean, they could instead set up a front company named 'Starglass Inc.' and then set up IC Marketing as an affiliate.

Backbones like spam? Whoa!

[SuperBanana]

What's that you say? Backbones don't police spam across their networks, spam that sucks up huge amounts of bandwidth, which they can charge people for? Whoa!

Next at 11, employees who are responsible for self-policing timecard policies are ripping off employers!

(seriously though- it's time we started taking major networks to task, like refusing to route packets coming from them, or refusing to send traffic to them. Watch how fast UUnet takes care of spammers, when customers find they suddenly can't get to sites. Pretty much the ONLY thing these days that separates backbones is how reliable they are- even a slight decrease in reliability, even just perceived or threatened, could have an astounding effect. Think of all the fuss SCO is causing to see the possibilities.)

From a related link.

[spumoni_fettuccini]

The spam damSpam isn't that big a problem. A noisy, wired minority, the report said, has overexaggerated the spam jam-up. In fact, only 15 percent of workers surveyed say they have to deal with more than 50 e-mails a day. And nearly three-quarters said "only a little" of their work e-mail is spam.

How many Sysadmins are running spam filters to catch that crap so the end user never sees it?

Re:From a related link.

[realdpk]

Let's officially proclaim Monday No Spam Filter day, so people can better see the problem when they're most bitter - having to show up after a fun weekend to sit around in the office and delete spam!

Re:Who benefits from spam?

[Gherald]

And their SPAM museum!

Re:Who benefits from spam?

[Gherald]

No, the reporter was just desperate for a story.

fighting back

[gclef]

I'm becoming more and more convinced that the only effective way to fight back is to spam the spammers. Not via email, but via their customer databases. Take the example of from this article: the spammers get paid for every lead they generate. But, if just 1% of the people who got the spam went to the site and *lied* about their identity, and their interest, the value of the list containing their info would go down so much as to make it worthless. Even if .1% of the people did this, it would dramatically reduce the value of such customer lists. That's the only way to stop spam, from what I can see: make it no longer economically viable.

Re:fighting back

[PurpleRabbit]

Problem with diluting the information pool, as you describe, is that the absolute total of good data remains constant: there remains money to be made on the genuine replies.

The article says that good data is worth $20 on a prospective $1000 profit on a mortgage lend. You'd have to add a lot of bad enquiries to make the process unprofitable. A 1% phony reply rate is barely going to hurt at all, unfortunately.

Re:fighting back

[gclef]

You're right, but I'm not hoping for a 1% phony rate...I'm aiming much higher.

Basically, I'm counting on the real reply rate for spam being very low to begin with, so any measureable response by an annoyed populace will almost by default be at or near the real response rate. From what I've read so far, the real response rate for spam is on the order of 0.05% or so. They make money from volume, obviously. So, if 1% of the people who recive the spam respond falsely, that's a 200:1 ratio of bad:good data. Clearly, that's not going to happen, but given that the real response rate for spam is very low to begin with, I don't think it will take that much active dilution by people like me to cause real headaches for the spammers.

Re:fighting back

[robogun]

True... but if the guy has to sort for eight hours thru false data, that $20 doesn't look so good any more.

Plus, the mortgage company is going to get pissed off at all the false data the spammer is passing along, and probably fire the spammer for trying to get paid for faked leads.

The key is to generate really good fake data (i.e. area code matches state, zip matches city, and the numbers add up). Scripts exist for that. Simply stuffing the form with random characters, after turning off javascript won't do the trick (unless you like to re-write the form removing MAXLENGTH arguments, and send ~1meg form responses).

Re:fighting back

[rediguana]

Ah that will pale into insignificance when compared to the aging of the customer data already in the db. I did a Certificate in Direct Marketing (never used it in the end) 4-5 years ago, it was quite interesting. One of the points we were taught by our national DMA was that in a given year, approximately 25% of the customer records in a database will become outdated - I'm sure it is even higher in Internet time. The relevance to spammers is that they must continually be creating new databases to guard against obselete customer data.

Re:fighting back

[kramer2718]

Great post. Actually that was the first thing that I thought of when I read the article.

We could go one step further, though. We could write a mail filter that would statistically classify spam and then reply to it using fake information. Everyone has three or four addresses on Yahoo!, right?

I'm not exactly the best programmer, but I imagine starting with the source to spam-assassin or similar would be the way to go.

This could be huge. Of course, to really make a dent, we'd have to write a filter for Outlook Express and AOL mail and then install them on relatives computers, but it could be done. Anyone interested?

Re:fighting back

[Sylver+Dragon]

This is something I have been advocating for a while. Create a distributed app of some sort (think SETI@Home) which goes out and slowly fills these databases with real looking fake data. Its has to look real but be semi random, a couple of huge name lists which are used to randomly pick first, last, middle names etc. It would have to be updated occasionally to include new web locations for the forms, and to delete dead ones (possible have a central server which houses the lists). And expand the name lists. Sadly, I am not, and will never be a programmer, so I am not able to do this myself, but anybody else who is willing to put the time into it is free to use my idea, and I will download and sign up for immediatly.

Re:fighting back

[Monkelectric]

I had a similiar idea about the SCO problem. I was wondering if (the royal) we could all mail 1 letter a week to SCO.

The letters would be totally legit, requests for pricing information, comments on the situation, etc. It would be sort of a distributed DOS attack using the post office (I'm sure someone has done this before).

Re:fighting back

[radiotalent]

A 1% phony reply rate is barely going to hurt at all, unfortunately.

I think you've missed out on what the parent was advocating. If "we" reply to 1% of our spam with phoney data, it will (easily?) outweigh the real replies (which I pray is less than 1%) and thus pollute the stream, driving down the rate that the legitimate companies are willing to pay. For more thinking along this line check out this googled karma-whoring link. Automate this idea with a Mozilla plug-in and I'll bet all of us lazy Slashdotters (its not just me right?) will install and escalate things a bit.

Re:fighting back

[bert33]

Most spammers don't use a real reply address. All this filter would do is generate a bounced return mail for every piece of spam, effectively doubling the amount of crap in your inbox.

Re:fighting back

[Eminor]

What I do, is find an email address of a party associated with the spam (wheather it be the company selling a product, or if you are lucky enough to find an email address associated with the spammer). I use that email address at another site which will use it to spam. It is possible, in some circumstances, that they will both be spamming each other.

Re:fighting back

[kramer2718]

I'm not talking about using the reply-to: or from: addresses on the e-mail, but rather expressing interest (at least in the loan scams) via web-based forms. Obviously the link in the spam have to be legit.

MSNBC Got lots of people canned

[Cade144]

According to the story, it seems like MSNBC was responsible for the termination of at least three business relations between "Legitimate" companies and spammers.
If only more news outlets traced their spam the same way, it could put a dent in the demand for spam.

Who am I kidding? Those spammers, er "lead generators" will go right back to work, selling to anyone who will buy, no questions asked. As long as businesses will pay for personal information, there will be plenty of weasels to sell it to them.

Re:Who benefits from spam?

[magsymp]

No... no... You have it all wrong! It's SCO!

I benifitted from spam!

[andy666]

paying attention to the spam i got, i managed to get a great morgage on a house, marry a beautiful russian bride, and i pleasure her every night with my enlarged, viagra powered penis.

now, if only i could get some printer toner...

Re:I benifitted from spam!

[andy666]

how did you know that ? you see the money from the house came from this amazing thing that happened to me!

i was contacted by this nigerian guy, who had 10 million dollars, but....well to make a long story short, i lent him a couple grand, and he split the 10 millon with me! What are there chances of that ? What a decent human being.

Re:I benifitted from spam!

[AndroidCat]

I hope you also bought the septic tank to hold all that .. Bovine Stuff. :^P

Re:Pot... meet Kettle...

[ncc74656]

Great, we get a bunch of moralizing from a bunch of jackasses who allow FUI banner ads on their site.

Banner ads? I didn't see any banner ads...

SPAM will end when...

[ansak]

The really telling remarks came in the final paragraph:

"The only thing that's going to make spam go away is if people do not respond," he said. "When e-mail first started, you could send out 50,000 e-mails a day and make money. Now you have to invest a lot of money and time, you get a return rate of less than one-tenth of one percent. One day it will become so you can't send enough to make any money. And that's the only thing that will stop spam."

0.1% and it's still profitable... sheesh! Won't it be nice when it becomes 1 part in a trillion and the race comes of age in e-mail usage.

and it's always about the money...ank

Re:SPAM will end when...

[kevinatilusa]

It'll be harder and harder to get that to work though. I remember a story in the LA Times that said (don't necessarily trust me on the numbers) that one of the large spammers was still doing well at 10 responses per million. When we get down to numbers that small, it'll become harder and harder to convince each remaining person to stop responding, as we've reached the committed core who think spam really IS good for them.

Re:SPAM will end when...

[Mike+Van+Pelt]

Spam will go away when no one responds...

... Or, when everyone responds, with bogus contact information, so that the spammer or whoever hopes to make money off of spam must follow up on thousands or millions of false leads in order to find the one bite from a real pigeon.

Downside, a few people spamming on behalf of "legitmate" companies will reap a windfall when they get to sell a whole lot of leads. But that will dry up quick when the companies paying for these leads find that the leads are all bogus.

Re:SPAM will end when...

[ansak]

So perhaps the thing to do is to have CAUCE and other such groups fight fire with fire. How many interns or welfare re-trainees do you think they could afford to pay to sit there generating bogus responses to spam?

ooohhhh. I feel a shell script coming on...

All this, and my pre-ordered Babylon-5 Season 3 just shipped! (small pleasures)...ank

Re:SPAM will end when...

[gujo-odori]

Would you like to make spam drop off tremendously overnight?

The technology is there right now. All ISPs have to do is is block outbound port 25 TCP and the problem will almost vanish.

What makes it that easy is the economics of spam. Spammers are generally not paying for the resources they use, which is how they can make a profit even at their incredibly small success rates.

Consider the case of a spammer who uses a DSL or cable line to send spam. Assume a relatively expensive plan offering high bandwidth costing $125/month and how many referrals does a spammer need to generate to cover that cost? At $20/referral, the sixth one moves the spammer into the black. If the spammer pumps out 1,000,000 spams per month and gets a 0.1% hit rate, that's 1000 per month. If the spammer gets paid for them all, that's $20,000. Even if only 10% of those hits turn out to be legit leads and the spammer gets paid for only those, that's still $2,000. Put another way, it pays for the spammer's PC and DSL hookup costs in the first month, with profit left over.

But let's assume this spammer knows a friendly ISP and is paying $1000 for a T-1, including local loop (you can go cheaper than that in many areas). If the spammer gets the same $2000 in referrals, that covers the cost of the T-1 and the PC. The next month covers the cost of the T-1 and leaves $1000 left over.

Major spammers send many millions of mails each month, and even the small-scale ones probably do over a million, so these numbers are pretty conservative.

What the spammers must do, however, that doesn't appear in the above numbers, is find some SMTP host(s) to carry their mail, since sending it from their own netblocks gets them quickly locked out by a great many MXes, invites DDOS attacks, results in people calling their upstream to get them shut down, etc.

Enter the open relay. Open relay mail servers are (sadly), not uncommon even today. A pox on all the clueless mail admins who run these things. Spammers need to send outbound traffic on port 25 to get to the open relays. If all ISPs closed off outbound port 25 traffic in their consumer dial, cable, and DSL pools, the spam problem would shrink tremendously. I worked for an ISP that followed this practice, and we almost never had spammers (just a few times a year), and those we did get disappeared in a *hurry* because we would know they were there in short order because they couldn't exploit any open relay; they had to use *our* outbound SMTP hosts because we closed port 25. That mean that if someone started a spam run, their account wouldn't survive the day. By the time the first complaint arrived, we could write back and say "This account has already been terminated."

That still leaves the problem of open proxies, of which there are also many, but those have to be dealt with via RBLs. That notwishtstanding, if all ISPs closed outbound 25 and required their dial, cable, and DSL customers to smarthost through their outbound SMTP hosts, it would take a huge bite out of spam, so to speak :-)

Re:SPAM will end when...

[sapped]

Downside, a few people spamming on behalf of "legitmate" companies will reap a windfall when they get to sell a whole lot of leads. But that will dry up quick when the companies paying for these leads find that the leads are all bogus.

How is this a downside? I think of it more in terms of a fine on the "legitimate" company for using spammers in the first place.

See, I told y'all

[reboot246]

we do have computers in Alabama.

And electricity.

And indoor plumbing.

Re:See, I told y'all

[PhxBlue]

. . .all that, and a chemical weapon disposal facility, too. That's the part that really makes me piss my grits.

Re:See, I told y'all

[barzok]

Yeah but most residents get confused and try to combine them. And leaving a "core dump" on a running computer isn't good.

Re:See, I told y'all

[reboot246]

Aha! And all this time I thought that smell coming from my computer was Windows.

Re:

[Arker]

- Is there no legal way to stop ISP's from doing that ?

No, and it would be dangerous if there were.

The inhibiting factor for most is simply the risk of being blackholed by the rest of us if they do.

Sadly there are a few that have such a huge chunk of the net under their thumb they are basically immune to this threat. I think that's the number two contributor to the spam problem (number one being fools that buy from spamvertisers.)

The way out is through?

[rmarll]

Interesting, if what the article says about the 20 dollar fee is true. Perhaps we can end spam by answering it.

Facinating.

Re:The way out is through?

[Omega+Hacker]

In selected cases, yes. Answering the loan spams would cause all the loan vendors to start looking a lot more closely at the lead rates they get, and probably start investigating why the rates suck for certain suppliers. That assumes of course that a given lead company is predominantly spam-generated or not.

Re:The way out is through?

[danila]

Even if they are not predominantly spam-generated, there is some layer, which gets most leads from spammers (but doesn't spam itself). Hopefully, this layer would stop paying spammers for the leads and quit the business... Doesn't sound likely, though...

ISP connections

[abhisarda]

"ISPS MAKE MONEY, TOO
An entirely separate set of companies also benefits from the spam economy -- Internet service providers who carry their traffic... In exchange, the ISP agrees to suffer more than normal complaint rates. In PSINet's contract, revealed on News.com, the firm received an upfront payment of $27,000 from Cajunnet, a marketing firm based in Slidell, La. In exchange, PSINet agreed to permit Cajunnet to send unsolicited email "in mass quantity" through PSINet's lines."

Maybe this might drum some sense into somethingawful.com's heads.

I made a comment 2 days earlier about this. If you do business with ISP's that work hand in glove with spammers, don't go around whining that SPEWS is the one to blame.

Re:ISP connections

[Agent+R]

Gotta love their trolling on NANAE though. Piss off that many more admins that'll toss those bozos into their permanent blackhole list.

Re:ISP connections

[Agent+R]

Unfortunately for a growing number of ISPs the loss due to the waste of bandwidth to handle spam is outpacing the potential for customer loss.

Mortage quota

[rf0]

Read the article about mortgage rates. Guess what a popup advertised? Yup mortgage rates

Fantastic

Rus

In the end it's the Consumers fault.

[Tailhook]

The story ends with the conclusion that the existence of spam is the consumers fault. The assertion is that if spam didn't generate responses and, in turn, revenue, these business interests wouldn't bother causing it to be created, however indirectly.

That logic is hard to argue with, but I have an additional way to fault the consumer. Why does the consumer continue to tolerate the open sewer that is contemporary email? It's not just spam. Millions of these sheeple have been infected with viruses sent via email. Spam and viruses, and a seaming endless ability to tolerate large quantities of both...

One would think that after enough of this crap occurred, consumers would eventually consider dealing with it. RTFA to discover that you can't count on ISPs to deal with it. They value spammers and the extra money they're willing to pay. RTFA to discover that respectable companies participate via a web of indirection and plausible deniability. The only thing we have is the end user. If the end user isn't willing to deal with the problem, no one will.

If the end user was willing to deal with the problem, then it becomes a simple matter. All that would be needed is a requirement that senders provide a verifiable signature in all messages, and easy to use white lists to remember the 'ok' parties. If the end user were willing to a.) obtain a cert that allows them to sign and b.) tolerate the need to not blindly open mail that hadn't been placed on their white-list previously, spam would not exist.

The key here is the end user. Until they come around spam is inevitable.

Re:In the end it's the Consumers fault.

[CycleMan]

When I can convince my grandmother to establish a challenge-response system on her AOL account, I'll consider blaming stubborn end-users.

Fortunately, she hasn't purchased any penis pumps or Russian brides yet. It can't just be the consumer solving this problem any more than we can ask every human to go certify organic farms or kosher sausage factories. It's a question of time, a question of costs to benefits, and with verifiable signatures, a question of creating a binding international law that would have most /.ers foaming over privacy concerns.

Awareness, education, and group pressure are the tricks we need here. Just as Upton Sinclair's book "The Jungle" caused Teddy Roosevelt to investigate the sausage factories, saying that "radical action must be taken to do away with the efforts of arrogant and selfish greed," so we need powerful individuals and organizations to take committed stands on spam at the source. Otherwise our individual protection efforts will only divert the spam to the inbox of someone less savvy.

Re:In the end it's the Consumers fault.

[Tailhook]

When I can convince my grandmother to establish a challenge-response system on her AOL account

Do you suppose AOL wouldn't be happy to establish it for her for a small fee? All that's left now is for your grandmother to ask for it. That's where you come in...

It can't just be the consumer solving this problem

Actually, it has to be. All other interests involved would very much like to either a.) send you spam, or b.) sell the means for spam to be sent to you. This includes your ISP, and your bought-and-paid-for government. The day the Senator from Disney is told of the need for an exception to whatever spam laws get created, the process of erosion will begin. I am predicting the ultimate fate of something that doesn't exist yet, but you know I'm right.

and with verifiable signatures, a question of creating a binding international law that would have most /.ers foaming over privacy concerns

Binding international law? What for? If I choose not to receive a message from you unless it's signed by a cert issued by an authority I trust, directly or indirectly, how would a global government improve my spam blocking ability?

Anonymity is the enabler of spam. If and when spam is ever dealt with anonymity, by definition, will be the first thing to go. Bank on it. Slashsnot may foam all it wants. It will anyway.

Otherwise our individual protection efforts will only divert the spam to the inbox of someone less savvy

When an individual can not send mail without a signature, signatures will become ubiquitous ISP provided built-in boiler-plate for the less savvy. Not a problem.

No spam no spam

[Brian+Kendig]

I don't see what the problem is. I don't get spam any more.

Now, granted, I run my own mail server: Exim, attached to SpamAssassin via SA-Exim. And this combination is highly effective. I have it set up to be more aggressive than most people would want their spam filter to be; if an incoming message even *smells* like spam, my server refuses to accept it and instead gives a failure message with an alternate non-filtered address to use if the email wasn't actually spam. In a year of running it, it's rejected 100 spams per day on average, with only one known false positive in the entire year (it was someone forwarding a spam to me). And if a spam is sent to one of the addresses which I haven't used for years, then I perform the added courtesy of tarpitting the spammer.

But there are a lot of tactics that an ISP's mail server can use to cut down on a huge amount of spam without risking false positives. Check the mail against Razor and the other services which keep track of mass-mailings which have been reported as spam, for example. Refuse mail from a server which pipelines its SMTP commands then drops its connection without waiting for a response. Verify that the sending mail server's address actually can be resolved.

ISP's could go a long way towards making spam much less of an annoyance if they'd just use software to filter out the obvious spams. Hook the mail server up to SpamAssassin, set the threshold high enough to avoid false positives.

Re:No spam no spam

[realdpk]

I do not want my ISP deciding what is and what isn't spam for me. Others may be comfortable with that however. At most, ISPs could offer it as an option.

Re:No spam no spam

[big-magic]

Most service providers that have anti-spam software will allow you to turn it off.

But I think the real advance will come when service providers give individualized Bayesian filter to each customer. That way, each customer can decide what is spam to them. Of course, that's a lot of data to keep track of when you have a lot of customers. But I think it is doable. The downside is that during the training process, the customer would need to use a web based client rather than your IMAP/POP client in order to mark messages as spam. But once they are satisfied with the training, they could use their regular mail client.

And when a customer is happy with their filter setup and "turn it on" so that the system will delete spam directed at them, the inbound mail server could do the spam check in real time and refuse to accept such spam. I know it sounds like a lot of processing, but I think it's possible.

Re:No spam no spam

[realdpk]

I think it's possible, too. And ya know, I think if there's a way to offload some of that processing to the user's PC somehow, I think they'd be willing to do it. I know the ideal is to have spam cost the end-user zero (in terms of cost and resources), but if they have to do some text processing to see no spam, I think they'll be fine with it.

Re:No spam no spam

[Brian+Kendig]

I do not want my ISP deciding what is and what isn't spam for me.

Why not?

If you get an email whose checksum matches the checksum of a message which has recently gotten multiple reports on several spam-tracking services -- or an email delivered from a server which violates the SMTP protocol by blasting all its commands then dropping the connection -- or an email with a sender domain which doesn't even exist -- why would you want to receive it?

Microsoft & others want to spam too - legally

[leoaugust]

as this was a a mortage related spam - aka respectable spam - as opposed to the unrespectable spam like "enlarge ..." spam, it is not too off track to show how the big corporations are lobbying for the ability to send spam directly rather than thru these layers ...

It is also very interesting that the big companies like Microsoft are paying lobbyists for laws that shall allow them to send spam, on the pretext that if only their spam is identified as spam it is no longer spam. I might give my email id to a Microsoft division, and then without my permission it is available to all the divisions of microsoft - even if I have no interest in all their products save one for which I gave my email - so isn't all the unrelated email they send me now spam ???

What the big companies want to do is to send spam themselves, but prevent others from sending it. All knowing that spam is dirt cheap tool for sales, but there is only so much spam a consumer can take before the backlash hurts all spammers ...

it is pure and simple application of game theory - when it becomes lucrative enough for the politicians, they will step into it too ...

Re:Backbones like spam? Whoa!

[kapok_tree]

Thing is, how could that be implemented? All told, there aren't all THAT many backbones to work with. Take out UUNet, or AT&T, and you've blocked off a very big part of the market. From a business standpoint, it would be equivalent to deciding not to sell to anyone in, say Great Britain. Principle's fine, but that's going to cut into profits. I worked for Sprint for a while, and their network is severely overengineered. The fibre backbones are generally only using 10% of their capacity. So long as that's the case, the beancounters are going to continue to search for ways to get more money out of that resource. They'll keep looking for - and finding - loopholes that allow them to sell their bandwidth. They'll keep doing this so long as they don't have anything better to sell their bandwidth for.

I would be willing to donate money

[Mustang+Matt]

I would put money into a cause that went after spammers that attack me in hopes of enforcing state laws and potentially winning a lawsuit against them.

Re:I would be willing to donate money

[Rob+Riggs]

I would put money into a cause that went after spammers

You like pay taxes to fund the FTC and Justice department?!?

The only real solution

[mabu]

People still don't get it....

No new spam laws are needed to stop spam.

99.9% of the spam on the Internet already is illegal and many cases criminal, involving the theft of computer resources and bandwidth, mail relay hijacking, forged headers, etc.

The problem is the Feds won't enforce the existing laws on the books. Unless there is X amount of damage involved to a specific politically-connected corporation, they turn the other cheek.

People need to ask their local District Attorney to start prosecuting these cases. A friend of mine had a spammer break into his computer and he filed a report with the FBI. They identified exactly who the spammer was and had all the logs and everything, and the DA refused to prosecute or pursue the case. This is the problem! Law enforcement authorities aren't enforcing the laws!!

Re:The only real solution

[mousse-man]

Is a goddam baseball bat. As long as spammers can use and abuse the resources with just facing monetary penalties, they will do it because there's money in the spam business. However, the moment they have to fear to be beat up and possibly to death because of their spamming, they'll usually stop. And the remaining hard-core spammers will die out one by one.

Fight spam by replying to it?

[owlmon]

The article describes how "affiliates" get paid for supplying information gleaned from people who respond to spam e-mails.

This suggests that the economics of spamming could be disrupted rather easily if large numbers of folks would helpfully supply the information that the spammers seek.

Think about it. What would happen if every time a slashdotter got a spam, he responded with all the personal information (randomized, of course) that the spammer requested? The article used the example of a web form that the spamee was invited to fill in with his mortgage information.

A perl script could generate a lot of fills to the web form in a short period of time.

In the short term, affiliates would make extra money by selling truckloads of (phony) personal information. But within a few monthes, the large companies that pay for that information would wise up. That's when the spam economy would start to suffer.

This strategy is only interesting to those of us that have good spam filters in place. I'm getting very good results with bogofilter now. I believe that I could "survive" the major spam wave that would result if I employed this strategy. But this strategy would be a lot more effective if I had some company.

Re:Fight spam by replying to it?

I was thinking of that the entire time I read the article...

This would effectively kill spam the way it's killed banner ads... early on, I remember being able to get upwards of $.10 per click-through from random companies, for a site with very little hits.. but once companies realized that click-throughs rarely equaled sales, the payments started dropping dramatically

Hell, if some large group (say, slashdot, or fark, or something) all took one of these sign-up pages, and all proceeded to sign up a ton of times using false names/info, it would probably be enough to destroy a few affiliate programs (also, it would be immensely funny for some huge bank/mortgage company to have to pay out millions for false info)

Re:Fight spam by replying to it?

Google for software called FormFucker.

Re:Fight spam by replying to it?

I like to do this on a smaller scale whenever I am asked for personal information. For example I received a survey from Sun and gave them a bunch of random answers. Hopefully that will lead them a little further off course.

Likewise when the new york times wants my info, or yahoo asks some questions I randomly give them answers. Of course, they could eliminate noise from people like me by asking the same questions again.

If everyone on Slashdot started to adopt these tactics, we would make all this personal information that has been harvested less valuble.

The obvious solution to that downside...

[kevinatilusa]

Start your own "spam" company as part of the slashdot program to end spam. Solicit e-mail addresses from willing slashdotters who provide the desired false leads. You get both the benefit of bogus leads and the windfall from all the extra false leads

Suprise... err ... no

[BelugaParty]

In advertising there are divisions much like the white red black hats of hackers. Often times a company will submit a block of money to an advertising group, which will then employ dozens of different strategies. Often times, these techniques are not follow known or endorsed by the sponsoring company.
Take for instance when IBM launched a "edgy" campaign where peace signs were spray painted on the sidewalks of SanFran. Or some TV show that quietly advertised by sending a non-existant football team to various locations claiming to have one state finals, when in actuallity, it was a ploy to get name recognition.
Spam is simply a new form of information dissemination. It is not Microsoft or any other giant who is actively pushing this, but marketing and advertising firms who are supported by them. So you have to make a distinction because the big advertisers are linked to just about every big company.
Anyway...
Dream on.

Don't forget Spam Haikus!

[CycleMan]

Die SCO, die.
Spare us from all the lame jokes.
Worse than porcine snouts.

If you buy Hormel,
SCO and IBM
Won't sue your tail off.

Write your own and submit them to:
http://www.spamhaiku.com/spamhaiku/site/

Well, kind of...

[Dimensio]

SPEWS can be used to pressure spam-friendly ISPs into dropping their spamming customers. It's perfectly legal, but then you'll get a bunch of whiners who think that they shouldn't be blocked just for giving money to an outfit that they know is run by criminals.

Re:Well, kind of...

[canajin56]

SPEWS is the crap. There is no oversight, and there are a lot of compalints of the admins, who are completely anonymous, adding entire ISPs to the blacklist just because they don't like somebody who uses that ISP.

Spamhaus SBL is a better list, IMHO, because there is oversight, and they confirm that the ISP is aware, and has chosen not to do anything about it.

Re:Well, kind of...

[Dimensio]

and there are a lot of compalints of the admins, who are completely anonymous, adding entire ISPs to the blacklist just because they don't like somebody who uses that ISP.

Given that the admins are anonymous, how could you know who they like and who they do not like? Also, do you have any evidence of such abuses?

If such abuses occured within SPEWS, ISPs would cease to use SPEWS. That is the "oversight" within the system -- if it becomes unreliable, becomes a means of 'punishing' people over petty vindictiveness, then no one will use it anymore.

Spamhaus SBL is a better list, IMHO, because there is oversight, and they confirm that the ISP is aware, and has chosen not to do anything about it.

SPEWS listings only occur when complaints regarding a spammer go ignored for many weeks. What excuse, exactly, does an ISP have to claim that they were "not aware" of the conditions that landed them into SPEWS?

Re:Well, kind of...

[CustomDesigned]

I know of companies where the *only* available ISP (other than dialup) is spam-friendly. To run a business, you have to have broadband (such is the new millenium), and they have you over a barrel. For one company in Tulsa with this situation, we tried getting two 56K dialup accounts and trying to distribute the traffic. It wasn't very satisfactory. The dialup accounts disconnect every 6 hours or so regardless of traffic.

These ISPs are rightly listed by SPEWS - but have a monopoly. (No, satellite is not suitable.) To be able to send mail in these situations, we relay it through a machine on another ISP.

Re:Well, kind of...

[Dimensio]

That is an unfortunate situation. Perhaps you should bring this up to your ISP and ask if there is anything that they can do about it -- such as killing the spammer sites.

Re:Well, kind of...

[Dimensio]

If no one in a *real* position of authority cared about SPEWS, then no one would be using SPEWS and customers of criminal ISPs wouldn't be whining about their mail being blocked.

Or do you mean some government agency? Pray tell, exactly what is SPEWS doing that is illegal?

1 percent phone reply rate would drown them

[GGardner]

If you could somehow get a 1 percent phone reply rate, the spammers would drown -- the current reply rates are something like 1 in 10,000. With a one percent bogus reply rate, there would be 100 bogus responses for every good one.

That could be effective, if the spamvertised product or service requires some human time or money to process. Mortgages, for example. If each mortage application that looks remotely serious takes 30 minutes of some human's time to process, a relatively low bogus reply rate could swamp them, and make it unprofitable.

If there is no time or money required to process the orders (for example, some medicinal product the spammer never intended to send anyway), then a high bogus return rate won't make a difference.

Re:1 percent phone reply rate would drown them

[Cybertect]

Unfortunately I'll have to rely on the good citizens of the United States for this tactic to succeed, as most of the spam I receive with telephone contact details is from the USA. As I'm in the UK, I'm not going to pay for a transatlantic phone call for every complaint I want to make.

I have, however, done this once, when someone spammed the address I had posted on Slashdot (a .co.uk address no less) - advertising PC repair services in the Chicago area. How clueless can you get? Sadly I only got to leave a message on the answering machine.

Only way to stop spam

[Robawesome]

I think the only way to stop spam is to ban selling of email address lists. For any purpose. Except, of course for the protected solicitaions; charities, non-profits, etc. Spam on the client side is nearly impossible and a losing proposition to stop. If the selling of addresses is illegal, then companies cannot spam you. Of course this has some slight problems, like email scrapers, but that could come under simpler laws.



Die, SCO, DIE!

Re:Only way to stop spam

[CycleMan]

For any purpose. Except, of course for the protected solicitaions; charities, non-profits, etc.

Why would we allow non-profits to sell their lists? Just picture your inbox:

Greetings, YOURNAMEHERE.
As a supporter of the American Heart Association, you are helping us to find cures for heart disease, and they appreciate it.
Healthy hearts mean healthy people, and healthy people can enjoy ACTION FROM HOT YOUNG TEENS (CLICK HERE)!!!

MSNBC Spam article asks for email address

Anyone find it funny that the article asks: "How does unsolicited commercial e-mail affect you?" and then prompts for your email address?

Re:SPEWS and SomethingAwful

[LordKaT]

Hasn't this been played TO DEATH on fark?

Oh well, I'll bite.

1. SPEWS doesn't block anyone. The ISP's do.
2. SPEWS only adds one IP. When the spam-friendly ISP/Host changes the spammers IP, the block of IPs gets larger.
3. SomethingAwefuls visitors are not exactly the ... brightest ... people on the planet. You're not going to get into a debate so much as an argument.
4. SA and it's members often encourage one another to flood the mentioned websites with crap, pages of text, and a general amount of spamming.
5. While I do sense a bit of sarcasam and a bit of "we're never really going to win this fight" in the article, SA has two options: either get a new host, or get a seperate IP address for their mail server.
6. The article goes on and on into what seems to be perpetual whining. If he had at least attempted to talk with his host about the situation, rather than bitch and moan, and encourage the readers to flood the newsgroup.
7. 4 TB a month? I call bullshit.
8. If they're not making enough money to get on a different host, then they really need to review their course of action.

I don't agree with using SPEWS, as I think it's too drastic, but SPEWS has a right to exist. I should also point out that there is no case of slander/libel as SPEWS keeps evidence. As for staying totally anonymous, they don't want to be spammed, theatened, or be litigated into oblivion. Also, Seeing as how it's the ISP's bandwidth, the ISP's have the right to use, opr ignore SPEWS. Yes, places like SA get caught in the middle, but, honestly, if it's just places like SA, I really don't want them. They're, quite frankly, just childish.

Also, this is a case of consumer ignorance. If a customer does not know they their ISP uses SPEWS, then it's their own damn fault.

When all else fails, use Hotmail, or setup your own mail server.

--LordKaT

That makes sense.

[Population]

Particularly when there is nothing stopping them from setting up another fake company and "selling" the leads to themselves again.

Infoclear terminates its relationship with IC and immediately starts another relationship with C Marketing.

When it is found out that C Marketing uses spam, C Marketing is dumped.

And a new relationship is formed with I Marketing.

lather
rinse
repeat

As long as companies like Quicken are willing to PAY for "leads", there will be a market.

Simply put, spam pays. It's easy money for very little effort. There are no risks. And you can work from home.

Hey, that sounds like a lot of the spam I get.

Mainsleazes.

[Agent+R]

"The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies."

Been well known for quite a while now. Check out the famous spamdemic map. Real marketing takes work to make it successful, but mainsleaze bozos like Ameriquest slack off with these "shortcuts".

"Most of the ISPs are good to their word and are fighting it very, very hard," he said. "But as you get into the larger ISPs, especially those that are in any form of financial difficulty, the engineers, abuse staff and technicians all want the spammers off the network, but you have the sales staff looking at the money. ... The engineers will be fighting internally with the sales managers, but of course the sales managers always win."

Which is why these ISPs should not complain when I use some choice blackhole lists like SPEWS, Spamhaus, or SpamCop to protect my inboxes from these sleazoids. Anyone remember when Aegis thought they were invincible when they allowed spammers to run amuck on their system? And where are they now? :-)

[I am not a covert ops agent of the Lumber Cartel (tinlc).]

Re: Sort of

[justMichael]

You see, most of that stuff stuff is made in sunny Southern California... Swedish Erotica (A.K.A. Cal Exotics) is in Chino CA.

English translation - Pick up the phone.

[MisterMoney]

Registrant Organization: Zonda Sistemas S.A..
Address: Callao 1253
City: Postal Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Fax: 4803-3824
Main Activity: Systems

Responsible Person: Alberto Meyer Robert
Address: Callao 1253
City: Postal Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Hour Contact: 10-18

Date of recording: 20/01/2003
Organization Administrator: Zonda Sistemas S.A..
Address: Callao 1253
City: Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Fax: 4803-3824
Main Activity: Systems

Tecnicnal Contact: Alberto Meyer Robert
Address: Callao 1253
City: Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Hour Contact: 10-18
Fax: 4803-3824

Servants of Name of Dominion

Primary Servant of Names:
Name: ns.super-zonda.com
Direction IP:

Secondary servant of Names:
Name: ns1.super-zonda.com
Direction IP:

Third Servant of Names:
Name: ns2.super-zonda.com
Direction IP:

Fourth Servant of Names:
Name: ns3.super-zonda.com
Direction IP:

personal note - i kinda like the sound of 'Primary Servant of Names' over 'name server one'.

Incredible Market Efficiency

[tabdelgawad]

"Four days later, four companies sent us an e-mail indicating they knew we were looking for a new mortgage". Four days!! With the myriad layers of 'affiliates', 'lead generators', and 'spammers' operating in legally grey areas and distributed all over the world, it's amazing that it takes only this long to get a response. I mean, sometimes it takes longer to get a response from legitimate online tech support!

The article opens by saying "There wouldn't be spam if there wasn't money in spam". Truer words were never uttered. And there wouldn't be money in spam if consumer demand didn't exist. All 'solutions' to the spam problem that fail to take this 'demand' problem into account are, IMO, doomed to failure.

Re:Incredible Market Efficiency

[Rob+Riggs]

All 'solutions' to the spam problem that fail to take this 'demand' problem into account are, IMO, doomed to failure.

Court mandated rehab!

1. Patent SPAM Rehab business model
2. Convince administration to declare "War on SPAM"
3. Convince Congress to require SPAM Rehab(tm) (patent pending) for repeat users
4. Open SPAM Rehab Centers (including a few exclusive celebrity resorts)
5. Profit!

Whoa

[dragonfly_blue]

That's pretty bizarre.

Amusing ad in the article

[swordgeek]

Don't know if the ads are static or dynamic, but the one I got, in the middle of an article about sleazy tactics and spammers, was a "CLICK HERE TO ENTER THE GREEN CARD LOTTERY!!!!!"

Heh.

Re:Spam solution

[(void*)]

Your solution, while admirable, will not work because of FAKE SPAM. For example, some random luser might FAKE a post from M$, getting M$ into trouble. You aren't stopping spam, you're changing the nature of it.

Thinking further for you, you could amend your proposed law so that only verifiable spam that can be traced back to these companies will be fined. Then I would say that these companies who desire to advertise spam, will find an open SMTP server somewhere to send spam anonymously, even in the face of your better amended law. We'll be back to square one.

Do you see the problem we are dealing with here?

What we need, is your proposed level of political balls, and a TECHNOLOGICAL SOLUTION to unauthenticated emails. Both must have done. The technological solution is doable, but the political will is not there, and I foresee it not being there.

So please don't say I'm part of the problem. I protest because your law is not the whole solution.

Sneakemail.com

[KevinMS]

This is why Sneakemail was created over 3 years ago. You can easily bust whoever benefits from your stolen/sold email address no matter how far down the chain it goes. For those who don't know Sneakemail was the first disposable email address service which was designed both for keeping your address clean and tracking those selling your address. Sneakemail got a mention in this months MIT Technology review magazine.

Re:SPEWS and SomethingAwful

[AndroidCat]

Add this one: 9. news.admin.net-abuse.* is not SPEWS.

The Other Solution

[renard]

The article ends with the following conclusion (courtesy of an anonymous "small time" Spammer):

The only thing that's going to make spam go away is if people do not respond.

But that's not actually the case. As the article demonstrates, the companies making money off of spam are big, legitimate companies - companies that can be sued, or subpoenaed, or fined for their support of the Spam economy.

What should happen is that the companies that are ultimately hiring the spammers - Ameriquest, Quicken Loans, LoanWeb, and Ivy Mortgage - should be legally obliged to keep an audit trail for every contact email they send out on their "bought leads." Then if one of their "leads" complains, and they cannot provide a spam-free audit trail, they pay a fine.

As it is, they can say they have a "no tolerance" policy for spam (ha!), but there is no teeth to it; one person complains, and one relationship gets "severed", but no one really suffers, and the affiliate can pop right back up with another batch of "legitimate" leads the very next day. Once the companies have incentive to actually police their own affiliates, the profit margin for spamming goes way down.

-renard

Use of FormFucker to spam spammers' web sites

[Huusker]

The only effective way to fight back is to spam the spammers. Not via email, but via their customer databases.

There is a utility called FormFucker which spams web forms.

It analyzes the web form and then makes 1000s of submissions using realistic-looking but fake names, addresses, zip codes, telephone numbers, credit card numbers, etc.

Note that use of FF is very controversial, as many consider it fighting-abuse-with-abuse.

Re:Use of FormFucker to spam spammers' web sites

[gclef]

Very interesting. Thanks. I had thought about writing something like that for a while, but never got around to it.

I think one of the big problems with FormFucker, which I'm trying to avoid, is that it's really a vigilante justice system. For some reason, which I can't totally put my finger on, having lots of people fill out one order form each (but with all of them lying) just seems less abusive than one person flooding the site with orders...even if the total number of fake orders comes out the same.

I guess having each person just fill out one fake order each, and trying to get lots of people to do that together makes the attack seem more like a community protest akin to a sit-in, rather than vigilante justice.

Thanks for the link, though. If I lose the "I really should behave" inhibition, it's entirely likely I'll use that.

Money for everybody!

[Barryo_Stereo]

The article points out how ISPs will ignore their rules when the spammers slip them a little extra cash. And then, at the head of the Slashdot list of comments, the most violently anti-Microsoft site I know has: a Microsoft ad!

Re:Money for everybody!

[spike+it]

A little cash will go a long way in the world of ISPs. Who doesn't have green in their eyes?

Filters and blocks will never work

[swordgeek]

Every time I read an article about spam, I see a bunch of people promoting the spam filters on their system, or their ISP, or some other way of dealing with spam at the destination.

The only way to deal with spam is at the source. The only way to stop spammers is to keep them from sending their shite in the first place. As soon as it leaves their computer, it becomes an arms race--we get better filters, they figure out a new way around them, we tweak our filters again. Eventually the entire email system worldwide becomes one big armed camp, and that's BAD! Worse yet, I see people proposing we go straight to that end right now, as a solution.

We have to stop spammers from being able to spam, not stop the spam from reaching us.

Re:SPEWS and SomethingAwful

[XSforMe]

I think this is a problem more to be blamed on clueless sys-admins than organizations like SPEWs. Remember, it is the sys admin, not the the black hole who is choosing to accept the message.

People who filter based on spews and others alike basically don't care about getting a 1%-10% of false positives. To an individual that might be cool, but try setting up that policy in your workplace server.

I have my filters based on spamhaus, blitzed and dsbl. The analysis, done by sgifford was a real eye opener. I recommend it to anybody in charge of running a realiable server with black list filtering enabled.

Re:Face it, its here for good..

[rt+swank]

I forgot to mention.. Everyone thinks spam is so aweful yet they have no idea how horrid anti spammers can be as well. Antis will resort to even illegal ways to attack spammers adn even legit optin mailers.

Re:Spam solution

[1u3hr]

Your solution, while admirable, will not work because of FAKE SPAM. For example, some random luser might FAKE a post from M$, getting M$ into trouble.

MS could undoubtedly defend itself, most likely by finding the real source, and he would be in very deep shit -- aside from spam penalties, stuff like forgery, and civil suits from MS. In any case, as no one could make money from spam, or supplying spam services, it would disappear in those regions where the law was enforced. You'd still get some random stuff from overseas (really from overseas, not some prick in Florida bouncing spam off Korea), but the volume would be much less.

spam

[webdav]

spam is a big problem that has been around for a long time but sadly, it will never go away. As hard was we try to get laws passed and report spammers they will not stop. Last year i did a research paper and it was all about spam. What i found out is that spammers do not host thier pages in the usa, they use anonymous offshore bulletproof servers in hong kong, china, korea, russia, sweden, canada, and a list of others. The problem is that these bulletproof hosts simply don't care if thier customers spam to the pages because there are no cyber crimes in these countries. Countries like china and hong kong know that spam can bring them lots of cash without very many problems. I'm sure the usa won't declare war on them for ignoring spam complaints, no other country will care because they are all getting thier share of the money too. While doing my research i found a forum of people who were all spammers, i can't remember the name but they had about 500 members who often posted information such as affiliate networks that allowed you to spam, email lists for sale, bulletproof hosting, and even hacked computers that ran proxy servers in order to avoid getting cought. When i read all this i quickly came to the thought that these spammers are nothing but scum and a parasite to online users. But then i ran into the people who are doing everything they can to fight the war against spam. These people are known as anti-spammers and sometimes do crazy things to try and stop a spammer. One anti-spammer got an email from a company offering mortgage loans, he quickly did a trace route to find the isp and every phone number he could. He then got on his phone and began to place calls to the isp, the domain register and the isp of the ip that was showed in the headers. He then sent emails to the isp's and filed complaints. He then made another post talking about how he wasted 2 hours on the phone talking to isp's about the person who sent him the spam but it did not help because they just ignored his complaint. He then claimed that this is why he hates spam, because it often makes him call up a few people and argue for long periods of time but i then thought to myself. If he would just click that box thats to the left of his email and click delete it would have only taken him 5 seconds and he could have moved on with his life. Anti spammers often claim that spam takes up lots of time, but they would rather spend many hours a week on the phone and sending emails complaining about the spam they recieved in thier mailbox. Now i can understand being angry about recieving 200 spam emails a day like most anti spammers claim but there is a reason why they do get so much spam. As it turns out, anti spammers don't just get spam out of nowhere, they go around the internet and put out thier email address everywhere and anywhere they can, often in newsgroups and the guestbooks that some sites have. They place thier email in sites that are known to resell your email address to spammers. I thought this was flat out stupid, i see so many posts of anti spammers complaining about how many emails they get but the only reason they get it is because they go around the internet to attract it on purpose and then file complaints to the isp's. The thing is that most of these sites will say that they have the right to do whatever they want to your email address and are allowed to sell it and that your email address may be sold to a spammer. But Isn't submitting thier address everywhere doing so the exact opposite of thier goals? They claim they don't want spam and don't want to waste time because of spam. But when they go around and do this it makes me think that they are just people with nothing better to do so they complain. But this is not the only action they take against spam. Often they will perform a DDoS on the hosting company and sometimes even the routers of the isp of the ip in the mail headers in order to discourage spamming. They also make bomb threats, murder threats, and will even go as far as stealing the spammers cars. I guess this is the reaso

MSNBC ignores Microsoft spamming

[sfjoe]

Noticeably absent is any mention of Microsoft's support of spam, including their spammer-for-hire subsidiary, bCentral.com .
Listbuilder is one of the worst at harvesting email addresses from any source they can get their hands on.

Re:Suprise... err ... yes...

In advertising there are divisions much like the white red black hats of hackers. Often times a company will submit a block of money to an advertising group, which will then employ dozens of different strategies. Often times, these techniques are not follow known or endorsed by the sponsoring company.
Take for instance when IBM launched a "edgy" campaign where peace signs were spray painted on the sidewalks of SanFran. Or some TV show that quietly advertised by sending a non-existant football team to various locations claiming to have one state finals, when in actuallity, it was a ploy to get name recognition.

The companies throw money out, then don't know what the advertisers do with the money? How does this let them off the hook?

In NYC, when the companies were held liable for individuals posting posters on light poles, and were fined, they protested they didn't know who was doing it. This was the exact situation with the small movie studios giving money to a marketing firm, and that marketing firm turning around and hiring people to hand the movie poster announcements on construction sites, abandoned buildings, and city property. So in your exact situation, in NYC, the companies in the advertisement, who didn't hang the posters, had to pay up.

NYC construction sites, city property, and light poles went from ugly sites that were plastered with layer upon layer upon layer of movie posters, to nothing. This happened virtually overnight after the fines starting being imposed and upheld. The companies protested, and they lost. And had to pay. And the posting dropped to virtually nothing.

And as for your ibm analogy, in NYC, where they also did the peace sign campaign, the reaction was swift and immediate. Even though ibm has a building with many employees in NYC, and contributes a lot to the local economy, they received telephone calls from city officials as soon as the news reporters started inquiring, which was the next day. The peace sign postings stopped, and if I recall correctly, a spokeperson even went on one of the local news stations and said that it would be cleaned up. The specific law I mentioned above was brought up by some city officials, and ibm was staring at fines of $100, or $150, or whatever the fine is, for each and every peace sign posted, regardless of whether it was paint or chalk.

As for san francisco and ibm's peace campaign, can't help you with info about that, as I doubt they have nyc's anti-posting law which holds companies in the ads responsible, they have willie brown as mayor, support taxpayer funded sex change operations, and have a bunch of other wacky, to put it nicely, laws. It wouldn't surprise me a bit if ibm had the right to piss on police officers' legs in san francisco.

So the distinction you are making, the big companies being linked to marketing and advertising firms, therefore they can't be responsible is backasswards. That is precisely the distinction. If ibm decides to email their peace signs to everyone, along with their marketing message, unsolicited, and they use a spam mailer to do it, who forges headers, who fails to provide a working return email address, who's mail server doesn't reverse resolve, who uses other tactics that spammers use, and IBM is benefitting from this, ie: their message is meant to raise awareness of their company, their product, or sell a product or service, then ibm gets fined, not the spammer. And not the advertising or marketing firm. IBM is responsible for who they hire to spread their message. Just as a contractor is responsible for their sub-contractor's actions on a job site. Or just as, in NYC, any company is responsible for the illegal posting actions of any marketing firm they hire to post posters.

How many times does this have to be explained to you?

Mindo, like a typo but client-side.

[bluephone]

I had a mindo when I read tha theadline. I swore it said "Following the Sperm Trail". Sadly, I reread the headline and saw it was just worthless spam. And I do mean worthless. Spam costs two bucks for 12 ounces. Sperm can get you $50 a shot!

traceable, fake information

[Maimun]

We clicked on the link and were transported to a Web page at LWSMortgage.com, where we filled out the form with traceable, fake information and waited to see what happened to our data.

I wonder what they mean by traceable, fake information. Do you think it includes credit card number and expiry date?

I know this guy

[flux4]

Oh yeah, I know him. A real wing nut. He was odd when I met him in 2007, and I must say he's even stranger now, er, then. Who would use an Acme 5X24 anyway? Those things are so unstable... kind of like he is, really.

Someone went to meet him

[flux4]

As discussed here, an intrepid blogger actually went to one of the pickup points. What he observed was somewhat... strange.

Re:Someone went to meet him

[`Sean]

Ha, yup...that was me. I was extremely bored that day and, as much as he refuses to admit it, was egged on by a cow-orker.

Comment removed

[account_deleted]

Comment removed based on user account deletion

I can help ...

[pherris]

Really. I recently purchased the parts you need on eBay. Please check in to the this hotel in Belmont and wait for further instructions. The Front Desk staff are quite helpful and will assist you in getting a room. Be forewarded that they have a 30 day minimum stay but you can still pack lightly. I don't accept Galactic Credits but do accept payments via PayPal (hope that helps). Also, when you check in pretend you have a gun.

(Those in the Boston area will get it).

Why not take their money?

[Quizo69]

After all, M$ pays Slashdot to run these ads, but if, as you say (and I agree), everyone here hates M$, then no one is going to click on the ads are they?

Me, I don't even SEE ads in my web browsing anymore, or popups, or dodgy Javascript etc, all thanks to a wonderful program called The Proxomitron.

So let M$ give /. money for nothing, after all, it's better in our pockets than theirs right?

Quizo69

Only then it doesn't end....

[Kjella]

...now I must admit I don't know about wholesale price of bandwidth, but my residential access has gotten cheaper and cheaper (or conversely, faster and faster). What does that mean to a spammer? Lower cost/mail, or more mails/$

On the other hand, the time involved to identify and delete one spam mail remains quite constant, and it is at best a temporary solution when the filters get smarter.

Actually, I find it scary that 1 in 1000 spam mails are actually answered. I mean, I've gotten probably 50 SPAM messages advertizing the same product (say any one of penis enlargement, herbal viagra, nigarian moneylaundry). If we assume that no idiot will buy it multiple times, that means that 1 in 20 is buying it.

Kjella

Re:Only then it doesn't end....

[Jussi+K.+Kojootti]

On the other hand, the time involved to identify and delete one spam mail remains quite constant, and it is at best a temporary solution when the filters get smarter.

How is it temporary if the filters continually evolve? My impression is that filters and such are getting better and better pretty fast, advancing even faster than the amount of spam grows.

The problem of network abuse is of course not solved by filtering...

Whitelists do not work

[Kjella]

If the end user was willing to deal with the problem, then it becomes a simple matter. All that would be needed is a requirement that senders provide a verifiable signature in all messages, and easy to use white lists to remember the 'ok' parties. If the end user were willing to a.) obtain a cert that allows them to sign and b.) tolerate the need to not blindly open mail that hadn't been placed on their white-list previously, spam would not exist.

Part of the point of having an email address is so that people can conract me without having a prior relationship. Just as I don't have a whitelist of who can put a letter in my physical mailbox. Only there people pay to send, not I to recieve, which keeps advertisements to a reasonable level.

What *would* help would be a real traceable email without going through a bunch of hoops so that I could be reasonably sure johndoe@hotmail.com actually is him and sent from hotmail, and not a trojaned residential DSL routing through a open relay in China that has nothing to do with neither the email address or hotmail. I would suggest the following.

1. Reverse MX look-up
2. Server signed messages (so you know for real which servers it passed through)
3. Report-back function servers along the chain, particularly first (if rouge user) and last (your ISP) for proactive spam filtering by them.

Kjella

Re:Whitelists do not work

[Tailhook]

Part of the point of having an email address is so that people can conract me without having a prior relationship.

Yes, obviously. Your client would accept messages not on your block lists. Before you open a new message you validate the signature. If it's not spam you "open, and accept future messages signed by this party," which updates your white list. If it's spam you "delete and block future messages signed by this party." If it's not signed you never see it or send it to another folder for examination. People having no prior relationship need only send a message that contains a valid signature. You only need to sign off on that signature one time. What's the problem?

so that I could be reasonably sure johndoe@hotmail.com actually is him and sent from hotmail

The messages would be signed using certs issued by ISPs which were signed by certificate authorities. If you trust that authority you would have your ability to verify the signature.

If an ISP starts selling bandwidth to spammers you can block that specific ISP. If someone's cert is compromised you can block that specific signature. Now that a universal method of identifying senders exists (independently of any namespace like DNS) we can easily build collaborate block lists. ...all we need are verifiable signatures

Now this...

[Kjella]

...is something that should be integrated in the next generation mail protocol. Of course it doesn't help with publicly availiable addresses like on business cards, but if you could then alias everything after the first "point of contact", it'd be great. It doesn't have to be separate accounts (they like to charge extra for that), just one big "aliased" inbox...

Kjella

Anti-spam systems need a cooperating bank

[Animats]

The real anti-spam approach is to follow the money. You can do that now by hand, but it's a pain. It needs to be automated.

The next level in spam systems is to get some cooperation from a bank that issues credit cards. Have them give you credit card numbers which will never pass authorization, but for which, whenever the number is used, the transaction information is immediately transmitted to the cardholder, identifying the merchant to which the money would have been paid.

This creates a trail that provides evidence allowing you to go after the business behind the spam.

Spam, the Mob, and RICO

[gbulmash]

A number of years ago, back when Sanford Wallace was still the self-proclaimed spam king, I did a little detective work... locating his mother's phone number.

I'd started building an anti-spam site (I was going to call it "Spamintology") and I was planning to launch it with the number up front, suggesting that people call her to tell her what a bad boy her son was.

But I didn't. Because after the visions of glory, I had visions of my own mother's phone ringing off the hook as spammers called her to complain about me. And that's when I cancelled my plans for the site.

These spammers are often criminals, and always scumbags. If you really start to hurt them, hit them where they live, you risk them trying to hurt you back. That's why I decided to abandon my crusade, because I wasn't so altruistic as to put myself and my family in the line of virtual fire for the sake of zinging Spamford.

Some spam will be stopped by current anti-spam laws under proposal, but the only way to truly stop spam is going to be to take it out of the hands of the FTC and put it into the hands of the FBI. Spam will slow when we see spammers on the evening news, walking into federal courthouses to defend themselves against RICO charges like John Gotti.

If we put together an FBI Anti-Spam unit on par with the FBI's Organized Crime unit at its height, we'd see spam decrease and the nightly news would be entertaining again... for a while.

- Greg

Florida

[Gonoff]

In the UK, we had an article on TV recently where they discovered that a large percentage of spam comes from Flrida.
If someone from the US now starts discovering it actually comes from Argentina, it sounds like they are doing a PR damage limitation exercise instead of journalism.

Re:Face it, its here for good..

[jafiwam]

Boo fucking hoo.

They started the stinking War, street justice is the only thing they deserve.

If I were in charge, they would be *DEAD*.

Re:Spam solution

[(void*)]

Maybe MS could, but if it happened to you, you would not want to be in the position of having to go after that random luser.

Re:Wrong on two counts, but better than nothing.

[(void*)]

You are just so wrong. Someone with a grudge against MS (or any other large company) can use your law against the large company. This law has EXTREMELY BAD UNINTENDED CONSEQUNCES that you have not addressed. IT CAN BE SUBVERTED by individuals or organizations having a grudge against the addressing company. Asking people to maintain good records of advertising only encourages those who want to send spam, to keep it off the books. Experience with taxes should be that way.

Your law is subject to abuse, just like any other well-intentioned, but unthoughtfully enacted law. Therefore, this law by itself, cannot accomplish anything, be it on th state level or nation level.

The CRUCIAL PROBLEM we are solving, is technological - unauthenticable SMTP. Nothing more than that. Solving this involves RFCs and the political will (who cares where it comes from?) to make everyone else do it.

Re:Wrong on two counts, but better than nothing.

[(void*)]

In case you still didn't get it, here's the facts as the article shows: Legitimate companies use SPAM to do their business. They do this becuase sending SPAM does not cost them anything, but has rewards. So they send spam by proxy.

Putting in such a law in place opens up the case for Random Joe Luser to send fake email advertising in some companies' name. Spam by proxy. That unethical company can avoid your law by maintaining clean books, but paying Random J Luser and keeping it off the books.

This is not a solution for spam, unless there's a widespread structure in place for authenticaed SMTP.

No problem.

[Mustang+Matt]

Go for it!

Re:No problem.

[Saint+Aardvark]

Many thanks!

I am now blessing your keyboard...