Following the Spam Trail

An anonymous reader writes "MSNBC's Bob Sullivan doggedly follows a spam trail from Alabama to Argentina to find out who actually benefits from spam. The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies."

Tea bagger

[mao+che+minh]

The reporter wrote this story as if he actually broke it.

MSNBC: we have known about the relationship between spam, lead generators, and legitimate businesses for years now. For example, when I filled out an add to enlarge my penis 3 years ago, I got all sorts of emails from GNC and other well known health and fitness companies.....oh wait, I mean, when I clicked on the "See Britney Nude XXX HOT Angelina J-Lo-XXX-HOT!" offer I got an ad from her record label and WareHouse Music in the mail. Yea, that's it.

FP

Get Spammed Thru An Anti-Spam Article!

[webguru4god]

If you look towards the bottom of the MSNBC page linked in the story, there is a form that allows you to submit your spam stories, which asks for your name, hometown, phone number and e-mail address. Now what does MSNBC need with that information, in relation to your experiences with spam? Seems fishy to me...

Re:Get Spammed Thru An Anti-Spam Article!

[aengblom]

Now what does MSNBC need with that information, in relation to your experiences with spam? Seems fishy to me...

Well, if they want to do a story on them, they might actually want to be able to CONTACT you. And let's hope that major news organizations require that people who report things to them are actually, REAL PEOPLE. Not just random e-mail addresses signed by Haha G. Ottcha

Pick up the phone.

[pontifier]

If you can nail down a domain that seems to profit, use the whois information and call them on the phone. I usually dont get spam after I have complained to a person. If the phone number is bogus you can report them at http://reports.internic.net/cgi/rpt_whois/rpt.cgi

Re:Pick up the phone.

[Yanna]

Notice how the guy that spams is in Argentina. First, I do not think that your calls will bother him more than they will cost you. Second, this guy is a real mercenary. This is his way of life.

I ran a little query and found that he actually registers his domains under the following address:

Entidad Registrante: Zonda Sistemas S.A.
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Fax: 4803-3824
Actividad Principal: Sistemas

Persona Responsable: Alberto Roberto Meyer
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Horarios Contacto: 10-18

Fecha de registracion: 20/01/2003
Entidad Administradora: Zonda Sistemas S.A.
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Fax: 4803-3824
Actividad Principal: Sistemas

Contacto Tecnico: Alberto Roberto Meyer
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Horario Contacto: 10-18
Fax: 4803-3824

Servidores de Nombre de Dominio
Servidor de Nombres Primario:
Nombre: ns.super-zonda.com
Direccion ip:

Servidor de Nombres Secundario:
Nombre: ns1.super-zonda.com
Direccion ip:

Tercer Servidor de Nombres:
Nombre: ns2.super-zonda.com
Direccion ip:

Cuarto Servidor de Nombres:
Nombre: ns3.super-zonda.com
Direccion ip:

Sorry that it is in Spanish, but the only way to find this guy is by running queries in nic.ar. Were you in a position where you could actually phone this criminals, you need to add +54 11 to the listed telephone numbers (54 being the country code for Argentina and 11 the city code for Buenos Aires).

Good luck!

Re:Pick up the phone.

[notfancy]

Don't bother calling. The number is disconnected. I just called (I'm in BA, so it's local) and the earnest recorded-message lady informed me of the fact.

I pity the poor soul that gets assigned that number.

Huh?

[MoeMoe]

What "well known" company offers penis pumps? Has Gates been up to more no good?

Re:Huh?

[Salgak1]

It's probably in Sweden. That's where they make the brand Austin Powers endorses. . . (g)

Re:Huh?

[AVee]

What "well known" company offers penis pumps? Has Gates been up to more no good?

Yeah, that's his other company, BigHard...

Statement of the obvious

[Gherald]

The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies.

Wow, like we hadn't figured that out already.

All commercial advertising, SPAM included, benefits companies.

Individual spammers are just pawns like their more respectable counterparts in the legitemate marketing industry.

Re:Statement of the obvious

[PhxBlue]

Well, yeah, we have already figured that out. But the article isn't for us, it's for the 85% or so of users who don't even know how to block spam or why they get any. I think Slashdotters take their computer literacy for granted sometimes. :)

but?

[chloroquine]

But what about us pasty faced social misfits? I mean, I deserve my slice of the pie as well.

This article is written for an ignorant audience. I'm an ignorant audience and its smug tone of condescension even pisses me off.

Obviously

[dragonfly_blue]

Someone must be benefitting if they can afford to make me this kind of offer.

Greetings,

We need a vendor who can offer immediate supply.

I'm offering $5,000 US dollars just for referring a vender which is (Actually RELIABLE in providing the below equipment) Contact details of vendor required, including name and phone #. If they turn out to be reliable in supplying the below equipment I'll immediately pay you $5,000. We prefer to work with vendor in the Boston/New York area.

1. The mind warper generation 4 Dimensional Warp Generator # 52 4350a series wrist watch with z80 or better memory adapter. If in stock the AMD Dimensional Warp Generator module containing the GRC79 induction motor, two I80200 warp stabilizers, 256GB of SRAM, and two Analog Devices isolinear modules, This unit also has a menu driven GUI accessible on the front panel XID display. All in 1 units would be great if reliable models are available

2. The special 23200 or Acme 5X24 series time transducing capacitor with built in temporal displacement. Needed with complete jumper/auxiliary system

3. A reliable crystal Ionizor with unlimited memory backup.

4. I will also pay for Schematics, layouts, and designs directly from the manufature which can be used to build this equipment from readily available parts.

If your vendor turns out to be reliable, I owe you $5,000.

Email his details to me at: info@federalfundingprogram.com

Please do not reply directly back to this email as it will only be bounced back to you.

Anyone else get this one? =P

Re:Obviously

[Arker]

Several times. I couldn't figure out what the scam was so I did some googling. Apparently the guy sending them out is a bit... different. He really seems to believe that some time-traveling bad-guys ruined his life and caused him health and other problems. He seems to believe there are actually many time-travellers on earth at the moment, and wants to get a machine so he can travel back in time and undo the horrid stuff they did to him as a child.

Numerous folk have corresponded with him and he's made the deal many times, but somehow the bad guys always seem to nab his seller at the last moment. Poor guy.

Re:Obviously

[Mustang+Matt]

Here's mine... I was thinking it was revenge on the person at the email address listed in the parent post. I have to admit, I found it kind of humorous.

I got the one from the parent post as well.

>>>>>>>>>>
Hello,

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional warp generator stopped working. I trusted a company here by the name of LLC Lasers to repair my Generation 3 52 4350A watch unit, and they fled on me. I am going to need a new DWG unit, prefereably the rechargeable AMD wrist watch model with the GRC79 induction motor, four I80200 warp stabilizers, 512GB of SRAM and the menu driven GUI with front panel XID display.

I will take whatever model you have in stock, as long as its received certification for being safe on carbon based life forms.

In terms of payment:
I dont have any Galactic Credits left. Payment can be made in platinum gold or 2003 currency upon safe delivery of unit. Please transport unit in either a brown paper bag or box to below coordinates on Sunday July 27th at (exactly 3:00pm) Eastern Stand Time. If you miss this timeframe please email me.

42.4845467 & Longitude -71.1576157 and the ground is 101.3' above sea level.

Although those coordinates are a secure guarded area, these channels through email are never secure. Unfortunately it is the only form of communication I have right now. There is a good chance that sombody will try to redirect the signal. The unit must be teleported directly in a way
that nobody will be able to interfere with the transference.

After unit has been sent please email me at: *address withheld*
with payment instructions. Do not reply directly back to this email.

Thank You

squeak

Re:Obviously

[Zeinfeld]

Someone must be benefitting if they can afford to make me this kind of offer.

There are a number of possibilities. The most likely one being that the guy is either a crank or a hacker with a wierd sense of humor.

Another possibility is that there is some form of steganographic message being broadcast. This could be a signaling mechanism used to provide deniable communications from an 'owned' computer. Alternatively it might well be a genuine request for some form of parts. If you wanted to buy parts for some form of illegal weapon you might use this type of cimmunication to tell a quartermaster what is required.

The advantage of using a message that appears to bee from a kook is that people tend not to take kooks seriously (unless they get elected to office but that is another matter). On the other hand if you are serious about anti-terrorism you listen to so many kooks that it becomes a warning sign. The type of people who stick a bomb in a litter bin outside a McDonalds tend to be whacko jobs.

Re:Obviously

[gujo-odori]

I concur. I was working for an ISP at the time he started sending that stuff out. We saw hundreds of them, and at first we thought it was a troll to gather known-good addresses for future spamming.

The stuff kept showing up from time to time, and eventually, on a day when we didn't have much to do, we did some tracking ourselves. Like you, we found that the guy apparently really believes it. We even found a web site where someone had posted his communications with the guy.

I'm all for getting his Internet access cut off so that he can't bother people, but I think people shouldn't toy with him. He obviously needs help and has enough problems with people baiting him.

what I want to know is....

[inode_buddha]

how many "middle men" are in the typical spam food chain, playing the percentages. Extra bonuses for network names, IP addys, hosting providers, etc. And also, why don't these large companies have the balls to just do it directly, themselves? /me thinks they are much like the Wizard of Oz, in this regard.

Re:what I want to know is....

[dJCL]

If the big business did it directly, you would have an easy target and could hit them pretty hard and fast to stop it. This way they have a large number of layers of seperation(deniability) available. As the one company in the article said, they canned the account of the person who spammed to get the lead, but that person was probably already signed up under 15 other names and loses accounts once or twice a week. But that company has deniability, and can claim they took action, knowing that it was worthless...

Re:what I want to know is....

[hackstraw]

If the big business did it directly, you would have an easy target and could hit them pretty hard and fast to stop it. This way they have a large number of layers of seperation(deniability) available. As the one company in the article said, they canned the account of the person who spammed to get the lead, but that person was probably already signed up under 15 other names and loses accounts once or twice a week. But that company has deniability, and can claim they took action, knowing that it was worthless...

Read that a couple times and think mafia, not spam.

A while back their was a poll on /. about who was the most powerful with multination corps being one of the choices. Hmm........

Who benefits from spam?

[Linux-based-robots]

The mystery is revealed. It is the The Hormel Food Company!

Who benefits from spam?

[Omkar]

Hormel, or course. Free advertising.

But seriously, does anyone here actually think people will care enough to boycott these companies?

IC Marketing - InfoClear Marketing ?

[Thinko]

After IC Marketing received our data, it sold our information to a firm named Infoclear Marketing in Dallas, which then sold it to Mleads, which in turn sold it to Quicken, according to Newman.
Infoclear immediately terminated its contract with IC Marketing when it heard about the spam offense, said Patrick Thurmond, who identified himself as a founder of Infoclear.

Doesn't it sound a lot like InfoClear and IC (coincidence?) are actually the same company, but can appear to 'sever ties' whenever anyone anti-spam starts nosing around.. sounds like a nice setup to me, and the investigators won't implicate poor infoclear when tracing this back.
Just my $0.02.

Thinko

"I have challenged the entire quality assurance team to a bat'leth contest. They will not concern us again."

Backbones like spam? Whoa!

[SuperBanana]

What's that you say? Backbones don't police spam across their networks, spam that sucks up huge amounts of bandwidth, which they can charge people for? Whoa!

Next at 11, employees who are responsible for self-policing timecard policies are ripping off employers!

(seriously though- it's time we started taking major networks to task, like refusing to route packets coming from them, or refusing to send traffic to them. Watch how fast UUnet takes care of spammers, when customers find they suddenly can't get to sites. Pretty much the ONLY thing these days that separates backbones is how reliable they are- even a slight decrease in reliability, even just perceived or threatened, could have an astounding effect. Think of all the fuss SCO is causing to see the possibilities.)

From a related link.

[spumoni_fettuccini]

The spam damSpam isn't that big a problem. A noisy, wired minority, the report said, has overexaggerated the spam jam-up. In fact, only 15 percent of workers surveyed say they have to deal with more than 50 e-mails a day. And nearly three-quarters said "only a little" of their work e-mail is spam.

How many Sysadmins are running spam filters to catch that crap so the end user never sees it?

Re:From a related link.

[realdpk]

Let's officially proclaim Monday No Spam Filter day, so people can better see the problem when they're most bitter - having to show up after a fun weekend to sit around in the office and delete spam!

Re:Who benefits from spam?

[Gherald]

And their SPAM museum!

fighting back

[gclef]

I'm becoming more and more convinced that the only effective way to fight back is to spam the spammers. Not via email, but via their customer databases. Take the example of from this article: the spammers get paid for every lead they generate. But, if just 1% of the people who got the spam went to the site and *lied* about their identity, and their interest, the value of the list containing their info would go down so much as to make it worthless. Even if .1% of the people did this, it would dramatically reduce the value of such customer lists. That's the only way to stop spam, from what I can see: make it no longer economically viable.

Re:fighting back

[rediguana]

Ah that will pale into insignificance when compared to the aging of the customer data already in the db. I did a Certificate in Direct Marketing (never used it in the end) 4-5 years ago, it was quite interesting. One of the points we were taught by our national DMA was that in a given year, approximately 25% of the customer records in a database will become outdated - I'm sure it is even higher in Internet time. The relevance to spammers is that they must continually be creating new databases to guard against obselete customer data.

MSNBC Got lots of people canned

[Cade144]

According to the story, it seems like MSNBC was responsible for the termination of at least three business relations between "Legitimate" companies and spammers.
If only more news outlets traced their spam the same way, it could put a dent in the demand for spam.

Who am I kidding? Those spammers, er "lead generators" will go right back to work, selling to anyone who will buy, no questions asked. As long as businesses will pay for personal information, there will be plenty of weasels to sell it to them.

I benifitted from spam!

[andy666]

paying attention to the spam i got, i managed to get a great morgage on a house, marry a beautiful russian bride, and i pleasure her every night with my enlarged, viagra powered penis.

now, if only i could get some printer toner...

SPAM will end when...

[ansak]

The really telling remarks came in the final paragraph:

"The only thing that's going to make spam go away is if people do not respond," he said. "When e-mail first started, you could send out 50,000 e-mails a day and make money. Now you have to invest a lot of money and time, you get a return rate of less than one-tenth of one percent. One day it will become so you can't send enough to make any money. And that's the only thing that will stop spam."

0.1% and it's still profitable... sheesh! Won't it be nice when it becomes 1 part in a trillion and the race comes of age in e-mail usage.

and it's always about the money...ank

Re:SPAM will end when...

[gujo-odori]

Would you like to make spam drop off tremendously overnight?

The technology is there right now. All ISPs have to do is is block outbound port 25 TCP and the problem will almost vanish.

What makes it that easy is the economics of spam. Spammers are generally not paying for the resources they use, which is how they can make a profit even at their incredibly small success rates.

Consider the case of a spammer who uses a DSL or cable line to send spam. Assume a relatively expensive plan offering high bandwidth costing $125/month and how many referrals does a spammer need to generate to cover that cost? At $20/referral, the sixth one moves the spammer into the black. If the spammer pumps out 1,000,000 spams per month and gets a 0.1% hit rate, that's 1000 per month. If the spammer gets paid for them all, that's $20,000. Even if only 10% of those hits turn out to be legit leads and the spammer gets paid for only those, that's still $2,000. Put another way, it pays for the spammer's PC and DSL hookup costs in the first month, with profit left over.

But let's assume this spammer knows a friendly ISP and is paying $1000 for a T-1, including local loop (you can go cheaper than that in many areas). If the spammer gets the same $2000 in referrals, that covers the cost of the T-1 and the PC. The next month covers the cost of the T-1 and leaves $1000 left over.

Major spammers send many millions of mails each month, and even the small-scale ones probably do over a million, so these numbers are pretty conservative.

What the spammers must do, however, that doesn't appear in the above numbers, is find some SMTP host(s) to carry their mail, since sending it from their own netblocks gets them quickly locked out by a great many MXes, invites DDOS attacks, results in people calling their upstream to get them shut down, etc.

Enter the open relay. Open relay mail servers are (sadly), not uncommon even today. A pox on all the clueless mail admins who run these things. Spammers need to send outbound traffic on port 25 to get to the open relays. If all ISPs closed off outbound port 25 traffic in their consumer dial, cable, and DSL pools, the spam problem would shrink tremendously. I worked for an ISP that followed this practice, and we almost never had spammers (just a few times a year), and those we did get disappeared in a *hurry* because we would know they were there in short order because they couldn't exploit any open relay; they had to use *our* outbound SMTP hosts because we closed port 25. That mean that if someone started a spam run, their account wouldn't survive the day. By the time the first complaint arrived, we could write back and say "This account has already been terminated."

That still leaves the problem of open proxies, of which there are also many, but those have to be dealt with via RBLs. That notwishtstanding, if all ISPs closed outbound 25 and required their dial, cable, and DSL customers to smarthost through their outbound SMTP hosts, it would take a huge bite out of spam, so to speak :-)

See, I told y'all

[reboot246]

we do have computers in Alabama.

And electricity.

And indoor plumbing.

Re:

[Arker]

- Is there no legal way to stop ISP's from doing that ?

No, and it would be dangerous if there were.

The inhibiting factor for most is simply the risk of being blackholed by the rest of us if they do.

Sadly there are a few that have such a huge chunk of the net under their thumb they are basically immune to this threat. I think that's the number two contributor to the spam problem (number one being fools that buy from spamvertisers.)

The way out is through?

[rmarll]

Interesting, if what the article says about the 20 dollar fee is true. Perhaps we can end spam by answering it.

Facinating.

ISP connections

[abhisarda]

"ISPS MAKE MONEY, TOO
An entirely separate set of companies also benefits from the spam economy -- Internet service providers who carry their traffic... In exchange, the ISP agrees to suffer more than normal complaint rates. In PSINet's contract, revealed on News.com, the firm received an upfront payment of $27,000 from Cajunnet, a marketing firm based in Slidell, La. In exchange, PSINet agreed to permit Cajunnet to send unsolicited email "in mass quantity" through PSINet's lines."

Maybe this might drum some sense into somethingawful.com's heads.

I made a comment 2 days earlier about this. If you do business with ISP's that work hand in glove with spammers, don't go around whining that SPEWS is the one to blame.

In the end it's the Consumers fault.

[Tailhook]

The story ends with the conclusion that the existence of spam is the consumers fault. The assertion is that if spam didn't generate responses and, in turn, revenue, these business interests wouldn't bother causing it to be created, however indirectly.

That logic is hard to argue with, but I have an additional way to fault the consumer. Why does the consumer continue to tolerate the open sewer that is contemporary email? It's not just spam. Millions of these sheeple have been infected with viruses sent via email. Spam and viruses, and a seaming endless ability to tolerate large quantities of both...

One would think that after enough of this crap occurred, consumers would eventually consider dealing with it. RTFA to discover that you can't count on ISPs to deal with it. They value spammers and the extra money they're willing to pay. RTFA to discover that respectable companies participate via a web of indirection and plausible deniability. The only thing we have is the end user. If the end user isn't willing to deal with the problem, no one will.

If the end user was willing to deal with the problem, then it becomes a simple matter. All that would be needed is a requirement that senders provide a verifiable signature in all messages, and easy to use white lists to remember the 'ok' parties. If the end user were willing to a.) obtain a cert that allows them to sign and b.) tolerate the need to not blindly open mail that hadn't been placed on their white-list previously, spam would not exist.

The key here is the end user. Until they come around spam is inevitable.

Re:In the end it's the Consumers fault.

[CycleMan]

When I can convince my grandmother to establish a challenge-response system on her AOL account, I'll consider blaming stubborn end-users.

Fortunately, she hasn't purchased any penis pumps or Russian brides yet. It can't just be the consumer solving this problem any more than we can ask every human to go certify organic farms or kosher sausage factories. It's a question of time, a question of costs to benefits, and with verifiable signatures, a question of creating a binding international law that would have most /.ers foaming over privacy concerns.

Awareness, education, and group pressure are the tricks we need here. Just as Upton Sinclair's book "The Jungle" caused Teddy Roosevelt to investigate the sausage factories, saying that "radical action must be taken to do away with the efforts of arrogant and selfish greed," so we need powerful individuals and organizations to take committed stands on spam at the source. Otherwise our individual protection efforts will only divert the spam to the inbox of someone less savvy.

No spam no spam

[Brian+Kendig]

I don't see what the problem is. I don't get spam any more.

Now, granted, I run my own mail server: Exim, attached to SpamAssassin via SA-Exim. And this combination is highly effective. I have it set up to be more aggressive than most people would want their spam filter to be; if an incoming message even *smells* like spam, my server refuses to accept it and instead gives a failure message with an alternate non-filtered address to use if the email wasn't actually spam. In a year of running it, it's rejected 100 spams per day on average, with only one known false positive in the entire year (it was someone forwarding a spam to me). And if a spam is sent to one of the addresses which I haven't used for years, then I perform the added courtesy of tarpitting the spammer.

But there are a lot of tactics that an ISP's mail server can use to cut down on a huge amount of spam without risking false positives. Check the mail against Razor and the other services which keep track of mass-mailings which have been reported as spam, for example. Refuse mail from a server which pipelines its SMTP commands then drops its connection without waiting for a response. Verify that the sending mail server's address actually can be resolved.

ISP's could go a long way towards making spam much less of an annoyance if they'd just use software to filter out the obvious spams. Hook the mail server up to SpamAssassin, set the threshold high enough to avoid false positives.

Re:No spam no spam

[big-magic]

Most service providers that have anti-spam software will allow you to turn it off.

But I think the real advance will come when service providers give individualized Bayesian filter to each customer. That way, each customer can decide what is spam to them. Of course, that's a lot of data to keep track of when you have a lot of customers. But I think it is doable. The downside is that during the training process, the customer would need to use a web based client rather than your IMAP/POP client in order to mark messages as spam. But once they are satisfied with the training, they could use their regular mail client.

And when a customer is happy with their filter setup and "turn it on" so that the system will delete spam directed at them, the inbound mail server could do the spam check in real time and refuse to accept such spam. I know it sounds like a lot of processing, but I think it's possible.

Microsoft & others want to spam too - legally

[leoaugust]

as this was a a mortage related spam - aka respectable spam - as opposed to the unrespectable spam like "enlarge ..." spam, it is not too off track to show how the big corporations are lobbying for the ability to send spam directly rather than thru these layers ...

It is also very interesting that the big companies like Microsoft are paying lobbyists for laws that shall allow them to send spam, on the pretext that if only their spam is identified as spam it is no longer spam. I might give my email id to a Microsoft division, and then without my permission it is available to all the divisions of microsoft - even if I have no interest in all their products save one for which I gave my email - so isn't all the unrelated email they send me now spam ???

What the big companies want to do is to send spam themselves, but prevent others from sending it. All knowing that spam is dirt cheap tool for sales, but there is only so much spam a consumer can take before the backlash hurts all spammers ...

it is pure and simple application of game theory - when it becomes lucrative enough for the politicians, they will step into it too ...

Fight spam by replying to it?

[owlmon]

The article describes how "affiliates" get paid for supplying information gleaned from people who respond to spam e-mails.

This suggests that the economics of spamming could be disrupted rather easily if large numbers of folks would helpfully supply the information that the spammers seek.

Think about it. What would happen if every time a slashdotter got a spam, he responded with all the personal information (randomized, of course) that the spammer requested? The article used the example of a web form that the spamee was invited to fill in with his mortgage information.

A perl script could generate a lot of fills to the web form in a short period of time.

In the short term, affiliates would make extra money by selling truckloads of (phony) personal information. But within a few monthes, the large companies that pay for that information would wise up. That's when the spam economy would start to suffer.

This strategy is only interesting to those of us that have good spam filters in place. I'm getting very good results with bogofilter now. I believe that I could "survive" the major spam wave that would result if I employed this strategy. But this strategy would be a lot more effective if I had some company.

The obvious solution to that downside...

[kevinatilusa]

Start your own "spam" company as part of the slashdot program to end spam. Solicit e-mail addresses from willing slashdotters who provide the desired false leads. You get both the benefit of bogus leads and the windfall from all the extra false leads

Suprise... err ... no

[BelugaParty]

In advertising there are divisions much like the white red black hats of hackers. Often times a company will submit a block of money to an advertising group, which will then employ dozens of different strategies. Often times, these techniques are not follow known or endorsed by the sponsoring company.
Take for instance when IBM launched a "edgy" campaign where peace signs were spray painted on the sidewalks of SanFran. Or some TV show that quietly advertised by sending a non-existant football team to various locations claiming to have one state finals, when in actuallity, it was a ploy to get name recognition.
Spam is simply a new form of information dissemination. It is not Microsoft or any other giant who is actively pushing this, but marketing and advertising firms who are supported by them. So you have to make a distinction because the big advertisers are linked to just about every big company.
Anyway...
Dream on.

MSNBC Spam article asks for email address

Anyone find it funny that the article asks: "How does unsolicited commercial e-mail affect you?" and then prompts for your email address?

Re:SPEWS and SomethingAwful

[LordKaT]

Hasn't this been played TO DEATH on fark?

Oh well, I'll bite.

1. SPEWS doesn't block anyone. The ISP's do.
2. SPEWS only adds one IP. When the spam-friendly ISP/Host changes the spammers IP, the block of IPs gets larger.
3. SomethingAwefuls visitors are not exactly the ... brightest ... people on the planet. You're not going to get into a debate so much as an argument.
4. SA and it's members often encourage one another to flood the mentioned websites with crap, pages of text, and a general amount of spamming.
5. While I do sense a bit of sarcasam and a bit of "we're never really going to win this fight" in the article, SA has two options: either get a new host, or get a seperate IP address for their mail server.
6. The article goes on and on into what seems to be perpetual whining. If he had at least attempted to talk with his host about the situation, rather than bitch and moan, and encourage the readers to flood the newsgroup.
7. 4 TB a month? I call bullshit.
8. If they're not making enough money to get on a different host, then they really need to review their course of action.

I don't agree with using SPEWS, as I think it's too drastic, but SPEWS has a right to exist. I should also point out that there is no case of slander/libel as SPEWS keeps evidence. As for staying totally anonymous, they don't want to be spammed, theatened, or be litigated into oblivion. Also, Seeing as how it's the ISP's bandwidth, the ISP's have the right to use, opr ignore SPEWS. Yes, places like SA get caught in the middle, but, honestly, if it's just places like SA, I really don't want them. They're, quite frankly, just childish.

Also, this is a case of consumer ignorance. If a customer does not know they their ISP uses SPEWS, then it's their own damn fault.

When all else fails, use Hotmail, or setup your own mail server.

--LordKaT

Re: Sort of

[justMichael]

You see, most of that stuff stuff is made in sunny Southern California... Swedish Erotica (A.K.A. Cal Exotics) is in Chino CA.

English translation - Pick up the phone.

[MisterMoney]

Registrant Organization: Zonda Sistemas S.A..
Address: Callao 1253
City: Postal Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Fax: 4803-3824
Main Activity: Systems

Responsible Person: Alberto Meyer Robert
Address: Callao 1253
City: Postal Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Hour Contact: 10-18

Date of recording: 20/01/2003
Organization Administrator: Zonda Sistemas S.A..
Address: Callao 1253
City: Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Fax: 4803-3824
Main Activity: Systems

Tecnicnal Contact: Alberto Meyer Robert
Address: Callao 1253
City: Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Hour Contact: 10-18
Fax: 4803-3824

Servants of Name of Dominion

Primary Servant of Names:
Name: ns.super-zonda.com
Direction IP:

Secondary servant of Names:
Name: ns1.super-zonda.com
Direction IP:

Third Servant of Names:
Name: ns2.super-zonda.com
Direction IP:

Fourth Servant of Names:
Name: ns3.super-zonda.com
Direction IP:

personal note - i kinda like the sound of 'Primary Servant of Names' over 'name server one'.

Incredible Market Efficiency

[tabdelgawad]

"Four days later, four companies sent us an e-mail indicating they knew we were looking for a new mortgage". Four days!! With the myriad layers of 'affiliates', 'lead generators', and 'spammers' operating in legally grey areas and distributed all over the world, it's amazing that it takes only this long to get a response. I mean, sometimes it takes longer to get a response from legitimate online tech support!

The article opens by saying "There wouldn't be spam if there wasn't money in spam". Truer words were never uttered. And there wouldn't be money in spam if consumer demand didn't exist. All 'solutions' to the spam problem that fail to take this 'demand' problem into account are, IMO, doomed to failure.

Amusing ad in the article

[swordgeek]

Don't know if the ads are static or dynamic, but the one I got, in the middle of an article about sleazy tactics and spammers, was a "CLICK HERE TO ENTER THE GREEN CARD LOTTERY!!!!!"

Heh.

Sneakemail.com

[KevinMS]

This is why Sneakemail was created over 3 years ago. You can easily bust whoever benefits from your stolen/sold email address no matter how far down the chain it goes. For those who don't know Sneakemail was the first disposable email address service which was designed both for keeping your address clean and tracking those selling your address. Sneakemail got a mention in this months MIT Technology review magazine.

Use of FormFucker to spam spammers' web sites

[Huusker]

The only effective way to fight back is to spam the spammers. Not via email, but via their customer databases.

There is a utility called FormFucker which spams web forms.

It analyzes the web form and then makes 1000s of submissions using realistic-looking but fake names, addresses, zip codes, telephone numbers, credit card numbers, etc.

Note that use of FF is very controversial, as many consider it fighting-abuse-with-abuse.

Re:Use of FormFucker to spam spammers' web sites

[gclef]

Very interesting. Thanks. I had thought about writing something like that for a while, but never got around to it.

I think one of the big problems with FormFucker, which I'm trying to avoid, is that it's really a vigilante justice system. For some reason, which I can't totally put my finger on, having lots of people fill out one order form each (but with all of them lying) just seems less abusive than one person flooding the site with orders...even if the total number of fake orders comes out the same.

I guess having each person just fill out one fake order each, and trying to get lots of people to do that together makes the attack seem more like a community protest akin to a sit-in, rather than vigilante justice.

Thanks for the link, though. If I lose the "I really should behave" inhibition, it's entirely likely I'll use that.

Money for everybody!

[Barryo_Stereo]

The article points out how ISPs will ignore their rules when the spammers slip them a little extra cash. And then, at the head of the Slashdot list of comments, the most violently anti-Microsoft site I know has: a Microsoft ad!

Filters and blocks will never work

[swordgeek]

Every time I read an article about spam, I see a bunch of people promoting the spam filters on their system, or their ISP, or some other way of dealing with spam at the destination.

The only way to deal with spam is at the source. The only way to stop spammers is to keep them from sending their shite in the first place. As soon as it leaves their computer, it becomes an arms race--we get better filters, they figure out a new way around them, we tweak our filters again. Eventually the entire email system worldwide becomes one big armed camp, and that's BAD! Worse yet, I see people proposing we go straight to that end right now, as a solution.

We have to stop spammers from being able to spam, not stop the spam from reaching us.

Re:SPEWS and SomethingAwful

[XSforMe]

I think this is a problem more to be blamed on clueless sys-admins than organizations like SPEWs. Remember, it is the sys admin, not the the black hole who is choosing to accept the message.

People who filter based on spews and others alike basically don't care about getting a 1%-10% of false positives. To an individual that might be cool, but try setting up that policy in your workplace server.

I have my filters based on spamhaus, blitzed and dsbl. The analysis, done by sgifford was a real eye opener. I recommend it to anybody in charge of running a realiable server with black list filtering enabled.

Re:Face it, its here for good..

[rt+swank]

I forgot to mention.. Everyone thinks spam is so aweful yet they have no idea how horrid anti spammers can be as well. Antis will resort to even illegal ways to attack spammers adn even legit optin mailers.

MSNBC ignores Microsoft spamming

[sfjoe]

Noticeably absent is any mention of Microsoft's support of spam, including their spammer-for-hire subsidiary, bCentral.com .
Listbuilder is one of the worst at harvesting email addresses from any source they can get their hands on.

I know this guy

[flux4]

Oh yeah, I know him. A real wing nut. He was odd when I met him in 2007, and I must say he's even stranger now, er, then. Who would use an Acme 5X24 anyway? Those things are so unstable... kind of like he is, really.

Spam, the Mob, and RICO

[gbulmash]

A number of years ago, back when Sanford Wallace was still the self-proclaimed spam king, I did a little detective work... locating his mother's phone number.

I'd started building an anti-spam site (I was going to call it "Spamintology") and I was planning to launch it with the number up front, suggesting that people call her to tell her what a bad boy her son was.

But I didn't. Because after the visions of glory, I had visions of my own mother's phone ringing off the hook as spammers called her to complain about me. And that's when I cancelled my plans for the site.

These spammers are often criminals, and always scumbags. If you really start to hurt them, hit them where they live, you risk them trying to hurt you back. That's why I decided to abandon my crusade, because I wasn't so altruistic as to put myself and my family in the line of virtual fire for the sake of zinging Spamford.

Some spam will be stopped by current anti-spam laws under proposal, but the only way to truly stop spam is going to be to take it out of the hands of the FTC and put it into the hands of the FBI. Spam will slow when we see spammers on the evening news, walking into federal courthouses to defend themselves against RICO charges like John Gotti.

If we put together an FBI Anti-Spam unit on par with the FBI's Organized Crime unit at its height, we'd see spam decrease and the nightly news would be entertaining again... for a while.

- Greg