Slashdot Mirror
Following the Spam Trail
An anonymous reader writes "MSNBC's Bob Sullivan doggedly follows a spam trail from Alabama to Argentina to find out who actually benefits from spam. The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies."
MSNBC: we have known about the relationship between spam, lead generators, and legitimate businesses for years now. For example, when I filled out an add to enlarge my penis 3 years ago, I got all sorts of emails from GNC and other well known health and fitness companies.....oh wait, I mean, when I clicked on the "See Britney Nude XXX HOT Angelina J-Lo-XXX-HOT!" offer I got an ad from her record label and WareHouse Music in the mail. Yea, that's it.
FP
If you look towards the bottom of the MSNBC page linked in the story, there is a form that allows you to submit your spam stories, which asks for your name, hometown, phone number and e-mail address. Now what does MSNBC need with that information, in relation to your experiences with spam? Seems fishy to me...
If you can nail down a domain that seems to profit, use the whois information and call them on the phone. I usually dont get spam after I have complained to a person. If the phone number is bogus you can report them at http://reports.internic.net/cgi/rpt_whois/rpt.cgi
-John Fenley
What "well known" company offers penis pumps? Has Gates been up to more no good?
Business \Busi"ness\, n.;
A scam in which all people involved perceive as beneficial...
This article is written for an ignorant audience. I'm an ignorant audience and its smug tone of condescension even pisses me off.
Greetings,
We need a vendor who can offer immediate supply.
I'm offering $5,000 US dollars just for referring a vender which is (Actually RELIABLE in providing the below equipment) Contact details of vendor required, including name and phone #. If they turn out to be reliable in supplying the below equipment I'll immediately pay you $5,000. We prefer to work with vendor in the Boston/New York area.
1. The mind warper generation 4 Dimensional Warp Generator # 52 4350a series wrist watch with z80 or better memory adapter. If in stock the AMD Dimensional Warp Generator module containing the GRC79 induction motor, two I80200 warp stabilizers, 256GB of SRAM, and two Analog Devices isolinear modules, This unit also has a menu driven GUI accessible on the front panel XID display. All in 1 units would be great if reliable models are available
2. The special 23200 or Acme 5X24 series time transducing capacitor with built in temporal displacement. Needed with complete jumper/auxiliary system
3. A reliable crystal Ionizor with unlimited memory backup.
4. I will also pay for Schematics, layouts, and designs directly from the manufature which can be used to build this equipment from readily available parts.
If your vendor turns out to be reliable, I owe you $5,000.
Email his details to me at: info@federalfundingprogram.com
Please do not reply directly back to this email as it will only be bounced back to you.
Anyone else get this one? =P
Free music from Jack Merlot.
how many "middle men" are in the typical spam food chain, playing the percentages. Extra bonuses for network names, IP addys, hosting providers, etc. And also, why don't these large companies have the balls to just do it directly, themselves? /me thinks they are much like the Wizard of Oz, in this regard.
C|N>K
The mystery is revealed. It is the The Hormel Food Company!
After IC Marketing received our data, it sold our information to a firm named Infoclear Marketing in Dallas, which then sold it to Mleads, which in turn sold it to Quicken, according to Newman.
Infoclear immediately terminated its contract with IC Marketing when it heard about the spam offense, said Patrick Thurmond, who identified himself as a founder of Infoclear.
Doesn't it sound a lot like InfoClear and IC (coincidence?) are actually the same company, but can appear to 'sever ties' whenever anyone anti-spam starts nosing around.. sounds like a nice setup to me, and the investigators won't implicate poor infoclear when tracing this back.
Just my $0.02.
Thinko
"I have challenged the entire quality assurance team to a bat'leth contest. They will not concern us again."
What's that you say? Backbones don't police spam across their networks, spam that sucks up huge amounts of bandwidth, which they can charge people for? Whoa!
Next at 11, employees who are responsible for self-policing timecard policies are ripping off employers!
(seriously though- it's time we started taking major networks to task, like refusing to route packets coming from them, or refusing to send traffic to them. Watch how fast UUnet takes care of spammers, when customers find they suddenly can't get to sites. Pretty much the ONLY thing these days that separates backbones is how reliable they are- even a slight decrease in reliability, even just perceived or threatened, could have an astounding effect. Think of all the fuss SCO is causing to see the possibilities.)
Please help metamoderate.
I'm becoming more and more convinced that the only effective way to fight back is to spam the spammers. Not via email, but via their customer databases. Take the example of from this article: the spammers get paid for every lead they generate. But, if just 1% of the people who got the spam went to the site and *lied* about their identity, and their interest, the value of the list containing their info would go down so much as to make it worthless. Even if .1% of the people did this, it would dramatically reduce the value of such customer lists. That's the only way to stop spam, from what I can see: make it no longer economically viable.
paying attention to the spam i got, i managed to get a great morgage on a house, marry a beautiful russian bride, and i pleasure her every night with my enlarged, viagra powered penis.
now, if only i could get some printer toner...
we do have computers in Alabama.
And electricity.
And indoor plumbing.
Interesting, if what the article says about the 20 dollar fee is true. Perhaps we can end spam by answering it.
Facinating.
The story ends with the conclusion that the existence of spam is the consumers fault. The assertion is that if spam didn't generate responses and, in turn, revenue, these business interests wouldn't bother causing it to be created, however indirectly.
That logic is hard to argue with, but I have an additional way to fault the consumer. Why does the consumer continue to tolerate the open sewer that is contemporary email? It's not just spam. Millions of these sheeple have been infected with viruses sent via email. Spam and viruses, and a seaming endless ability to tolerate large quantities of both...
One would think that after enough of this crap occurred, consumers would eventually consider dealing with it. RTFA to discover that you can't count on ISPs to deal with it. They value spammers and the extra money they're willing to pay. RTFA to discover that respectable companies participate via a web of indirection and plausible deniability. The only thing we have is the end user. If the end user isn't willing to deal with the problem, no one will.
If the end user was willing to deal with the problem, then it becomes a simple matter. All that would be needed is a requirement that senders provide a verifiable signature in all messages, and easy to use white lists to remember the 'ok' parties. If the end user were willing to a.) obtain a cert that allows them to sign and b.) tolerate the need to not blindly open mail that hadn't been placed on their white-list previously, spam would not exist.
The key here is the end user. Until they come around spam is inevitable.
Maw! Fire up the karma burner!
I don't see what the problem is. I don't get spam any more.
Now, granted, I run my own mail server: Exim, attached to SpamAssassin via SA-Exim. And this combination is highly effective. I have it set up to be more aggressive than most people would want their spam filter to be; if an incoming message even *smells* like spam, my server refuses to accept it and instead gives a failure message with an alternate non-filtered address to use if the email wasn't actually spam. In a year of running it, it's rejected 100 spams per day on average, with only one known false positive in the entire year (it was someone forwarding a spam to me). And if a spam is sent to one of the addresses which I haven't used for years, then I perform the added courtesy of tarpitting the spammer.
But there are a lot of tactics that an ISP's mail server can use to cut down on a huge amount of spam without risking false positives. Check the mail against Razor and the other services which keep track of mass-mailings which have been reported as spam, for example. Refuse mail from a server which pipelines its SMTP commands then drops its connection without waiting for a response. Verify that the sending mail server's address actually can be resolved.
ISP's could go a long way towards making spam much less of an annoyance if they'd just use software to filter out the obvious spams. Hook the mail server up to SpamAssassin, set the threshold high enough to avoid false positives.
as this was a a mortage related spam - aka respectable spam - as opposed to the unrespectable spam like "enlarge ..." spam, it is not too off track to show how the big corporations are lobbying for the ability to send spam directly rather than thru these layers ...
It is also very interesting that the big companies like Microsoft are paying lobbyists for laws that shall allow them to send spam, on the pretext that if only their spam is identified as spam it is no longer spam. I might give my email id to a Microsoft division, and then without my permission it is available to all the divisions of microsoft - even if I have no interest in all their products save one for which I gave my email - so isn't all the unrelated email they send me now spam ???
What the big companies want to do is to send spam themselves, but prevent others from sending it. All knowing that spam is dirt cheap tool for sales, but there is only so much spam a consumer can take before the backlash hurts all spammers ...
it is pure and simple application of game theory - when it becomes lucrative enough for the politicians, they will step into it too ...
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
The article describes how "affiliates" get paid for supplying information gleaned from people who respond to spam e-mails.
This suggests that the economics of spamming could be disrupted rather easily if large numbers of folks would helpfully supply the information that the spammers seek.
Think about it. What would happen if every time a slashdotter got a spam, he responded with all the personal information (randomized, of course) that the spammer requested? The article used the example of a web form that the spamee was invited to fill in with his mortgage information.
A perl script could generate a lot of fills to the web form in a short period of time.
In the short term, affiliates would make extra money by selling truckloads of (phony) personal information. But within a few monthes, the large companies that pay for that information would wise up. That's when the spam economy would start to suffer.
This strategy is only interesting to those of us that have good spam filters in place. I'm getting very good results with bogofilter now. I believe that I could "survive" the major spam wave that would result if I employed this strategy. But this strategy would be a lot more effective if I had some company.
This is why Sneakemail was created over 3 years ago. You can easily bust whoever benefits from your stolen/sold email address no matter how far down the chain it goes. For those who don't know Sneakemail was the first disposable email address service which was designed both for keeping your address clean and tracking those selling your address. Sneakemail got a mention in this months MIT Technology review magazine.
Sneakemail is to spam filters what an ounce of prevention is to a pound of cure.
There is a utility called FormFucker which spams web forms.
It analyzes the web form and then makes 1000s of submissions using realistic-looking but fake names, addresses, zip codes, telephone numbers, credit card numbers, etc.
Note that use of FF is very controversial, as many consider it fighting-abuse-with-abuse.
Oh yeah, I know him. A real wing nut. He was odd when I met him in 2007, and I must say he's even stranger now, er, then. Who would use an Acme 5X24 anyway? Those things are so unstable... kind of like he is, really.
I'd started building an anti-spam site (I was going to call it "Spamintology") and I was planning to launch it with the number up front, suggesting that people call her to tell her what a bad boy her son was.
But I didn't. Because after the visions of glory, I had visions of my own mother's phone ringing off the hook as spammers called her to complain about me. And that's when I cancelled my plans for the site.
These spammers are often criminals, and always scumbags. If you really start to hurt them, hit them where they live, you risk them trying to hurt you back. That's why I decided to abandon my crusade, because I wasn't so altruistic as to put myself and my family in the line of virtual fire for the sake of zinging Spamford.
Some spam will be stopped by current anti-spam laws under proposal, but the only way to truly stop spam is going to be to take it out of the hands of the FTC and put it into the hands of the FBI. Spam will slow when we see spammers on the evening news, walking into federal courthouses to defend themselves against RICO charges like John Gotti.
If we put together an FBI Anti-Spam unit on par with the FBI's Organized Crime unit at its height, we'd see spam decrease and the nightly news would be entertaining again... for a while.
- Greg
Start a happiness pandemic