Slashdot Mirror
Time-travel Spammer Strikes Back
HopToit writes "Robby Todino is apparently upset about being outed a couple months ago as the source of all those wacked messages about 'Dimenstional Warp Generator Needed.' According to Wired, someone has pulled a major joe-job spam attack (forged 'From:' lines) on three popular sites in retaliation for making fun of Todino's goofy search for alien technology. Robby, if you're out there, you have ceased to be amusing."
when i was in school i took some pr course where it was presented that a direct mail campaign (snail mail, addressed directly to the recipient) with a response rate of 3% was considered a "roaring success".
spam can survive even with miniscule response rates (one hundredths of a per cent) because the actual transmission is free. direct mail has postage and printing costs. telemarketing needs actual wage-earning callers and phone connections. but spam once you find that open relay, spam is free.
with costs like that, revenue can afford to be low.
2 1337 4 u!
10%? A bit much. Last numbers i've heard was less than 0.01% respond. Much less that actually buy's someting of falls for the scam. But when you think of the number of spam messages sent 0.01% adds up.
A joe-job is a spam run forged to appear as though it came from an innocent party, who is then generally flooded by the bounces or complaints.
If I had mod points I would up this guy. This would be a perfect topic for Coast to Coast AM!
http://www.xpurple.com
Its referred to in the article
Joe Job [joa~juhb]
A Joe job is an e-mail spoofing exploit in which someone sends out huge volumes of spam that appear to be from someone other than the actual source. A Joe job is sometimes conducted as an act of revenge on someone who reports a spammer to their Internet service provider (ISP) or publicly advocates anti-spam legislation. The perpetrator is said to be Joeing the legitimate owner of the e-mail address they use. The Joe job is one of the oldest spamming operations in existence, and one of the simplest ones to carry out: the spammer may not have to do anything more than change the "Reply To" address in their e-mail program.
I think it really depends on how you spin it. It goes without saying that someone has to be making money from spam, and also that there are gullable fools who buy the stuff on offer. The problem is that many of the gullable fools are not the same ones that actually buy the porn and pills being peddled, but those that by the spamming services too.
The spam "business" seems to be constructed in several levels. At the top you have the metaspammers (see the ROKSO for a list) who don't really sell anything other than spamming tools and services. These guys are the ones raking in the bulk of the cash, and are probably the only ones with the werewithal and resources to run the global spamnets without getting nailed (so far). Underneath those is a mesh of "affliate programs" and small fry who do spam their own products and finally, at the bottom, are the dregs of humanity that actually buy the physical products.
The problem is, that everytime something like this comes up on Slashdot, Kuroshin, or even the "mainstream" TV and press media, there is a chance that someone has the following chain of "reasoning":
- There is money to be made in spam.
- Why shouldn't that be me?
- How do I spam?
And all this does is send another gullable fool off to the metaspammers that peddle the "guaranteed" opt-in address lists, bulk mailers and similar services. The money floats up to the top of the tree and the cycle perpetuates. Occasionally, I'm sure, one of these guys gets lucky and makes a decent amount of cash in exchange for thier soul, but I'll bet that the majority do not, and soon pull out of the game with a somewhat lighter bank balance. The spam business seems to be a pyramid scheme in all but name, if you ask me.UNIX? They're not even circumcised! Savages!
Regarding this statement:
Possibly, the best approach would be for them to contact Todino's father and tell him that if he doesn't get his son some help immediately, they're going to pursue the case with law enforcement. Assuming the father's statements are true and that he gives a damn, this should at least get the ball rolling. It is *very* difficult to enforce medical treatment on someone who has NOT been legally declared mentally incompetent and assigned a guardian. This is why you have a situation where many clinically diagnosed schizophrenics, manic depressives, etc. can STOP taking their medication and going to treatments and they are perfecty within their rights to do so.
Note, I'm talking about mentally ill people referred to as "high functioning", meaning they are mostly normal acting or their quirks are not considered "dangerous" to society, i.e. wearing tin-foil because the "aliens are out there" is ok, but killing "all girls who look like Brittany Spears" is not.
In general, a high-functioning, but clinically mentally ill person is going to be very emotionally tiring to live with, but there's really nothing Todino's father can do. His son is an adult and therefore dad is no longer the responsible guardian. Filing a motion to declare his son mentally incompetent and assigning dad as the guardian has its own drawbacks, not to mention earning the unending emnity of the very person you are trying to help. It's just too much of a lose, lose situation.
If you control an MX, please configure it to issue a 550 error during the connection if you can't deliver the message instead of accepting it and then bouncing to what you almost certainly know is an innocent party.
I can tell you that the problem is all but easy to fix.
Not only do our Postfix servers (On the DMZ) have to accept mail to Exchange accounts (Servers on a different inside-DMZ) without knowing what accounts exist, but also for other mail servers we have no control over. For example, we send incoming emails back out over VPN tunnels to Japan, Germany and Washington without having the slightest clue or control over what accounts exist over there.
Before, I used to work for a big ISP that only serviced companies and the setup was similar there, we had this huge Sun Enterprise cluster to accept incoming email for our clients, and then sent the emails to each customer's dedicated server without having any control over them.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
If you control an MX, please configure it to issue a 550 error during the connection if you can't deliver the message
Many Internet-accessible MX hosts are not also running delivery services (POP, IMAP, etc.) They often relay the mail to a non-internet-accessible SMTP hub for the domain, which in turn relays the mail to the hosts running the delivery agents. There's usually no way the Internet MX host can know which users are valid.
Don't try to pass this off on mail admins. We're doing what we can, spending way more time setting up ways to filter out this crap than we should have to. Direct your bile at the spammers.
which means you anal types who say "RFC says I must bounce" have to note that it also says you must not lose a message, which is what a bad bounce does.
I do not think "lose a message" means what you think it means. I like the RFCs. I just don't think your little suggestion does much good except for the poor joe-jobbee. I've been joe-jobbed. Yeah, it sucked. But I'd rather delete a couple thousand messages once in a blue moon than ask every admin on the Internet to set up their mail servers so that the spammers can more easily validate their address lists.
include $sig;
1;