Time-travel Spammer Strikes Back

HopToit writes "Robby Todino is apparently upset about being outed a couple months ago as the source of all those wacked messages about 'Dimenstional Warp Generator Needed.' According to Wired, someone has pulled a major joe-job spam attack (forged 'From:' lines) on three popular sites in retaliation for making fun of Todino's goofy search for alien technology. Robby, if you're out there, you have ceased to be amusing."

spam is beginning to be a real problem

[cft]

It seems that everyone in his right mind despises telemarketing. Spam too. Ask anyone, and they'll tell you that there are few things they hate more in life. It seems as if there are no exceptions to this rule -- everyone, bar none, hates telemarketing and spam.

But it can't be true. Someone must be responding to this stuff by spending their money. Because for some reason, telemarketers and spammers stay in business. Somehow, it must be worth it for them.

If everyone hated the stuff as much as they say they do, if everyone hung up on the unwanted calls and deleted the unwanted mails in nothing flat, like they say they do, then the problem would fizzle out before long. No one could make money doing it, so there would be no reason to keep trying. And yet, the crap just goes on and on and on.

I've read rumors that a certain small percentage of the people called or mailed actually do respond and end up buying something; usually the figure is put about 10%, or something similarly low. Hard to believe that such a business would be worthwhile if the response rate is so low; but whatever it is, it must be high enough that the incentive for telemarketing and spamming is maintained. Otherwise, there'd be no such thing.

A national no-call list is a nice idea, but I can't see the problem going away altogether as long as the telemarketers and spammer still believe there's a chance to make money. Certainly the spammers are not going to let some trivial thing like a Federal law stop them. (They'll just go on spamming from Antarctica, or wherever.) If we really want the problem solved, once and for all, we have to ensure that there is no future for those businesses, and that would require educating the public, right down to the last man, woman and child, to always follow this rule without exception: If someone calls you or emails you to sell you a product, then whatever you do, don't buy that product!

Re:spam is beginning to be a real problem

[Jah-Wren+Ryel]

Many people are too stupid to understand that responding to telemarketing or spam for an item that they *do* want will only encourage more telemarketing and spam for items that they don't want.

There is a guy I know at work who has been getting telemarketing calls for DirecTV. He was actually going to call them back (the telemarketer) and take them up on their offer. No matter how many times I tried to explain it, he didn't think that:

a) he could probably get a better deal if he shopped around for like 5 minutes on the net
b) that he'd probably end up on a "sucker list" and that this telemarketer would now call him to sell other things as well as sell his name/number to other telescummers to bother him with all kinds of stuff he didn't want

5 minutes of convenience today was enough for him to accept the hours of bother that was sure to come in the future.

But, if you ask him if telemarketing and spam piss him off, he complains just as much as the next guy. It is dumbshits like that which telemarketers and spammers are talking about when they say that do-contact lists are keeping them from people who want their services. Assmunches like that guy are the reason these annoyers are business.

Instead of a do not call list, I think we should pass a law that requires mandatory jail time for people who do buy stuff from telemarketers. (Fuck the constitution, Ashcroft's already done that, might as well get something good for society out of it!)

E-mail tax

[cft]

DISCLAIMER: I am not trying to be flamebait here, this is my honest opinion:

I'm torn about the idea of an email tax. While in general I don't like the idea too much, it does occur to me that this might be the only way of dramatically reducing spam.

Look at it this way: Even a wicked-busy web maven likely sends less than 1000 emails a day outside of their own company LAN (with a few exceptions I realise. Individuals likely send less than 100 per day in general.

So, say you put a tax, to be administered by your ISP on each email, of say 0.1 cents per email. Big Business guy gets charged $1/day, home user $0.10 per day. By no means big money. Johny McSuperSpammer, however, who sends out 10 million emails every day, gets a handly little bill for $1000. Kind of changes the economics of his penis enlarger ads.

Like I say, I'm not a huge fan of paying more, but it does seem like making emails cost per message sent might be the best/easiet/only way to dramatically reduce spam.

Furthermore (ideally), to make up for the cost, you ISP could take $5 per month off your bill, to make up for the extra you're spending to send email. They still make money, because of the tax, the financial hit for you is minimal, but the spammers get hosed.

Re:E-mail tax

[bhima]

How do make mailing lists work with scheme?

I subscribe to Dilbert and a couple of SuSE lists. That's about 150 messages a day. Do you expect SuSE to pay these? I'm sure that you scheme would be the end of such things.

Re:E-mail tax

[MarkJensen]

Sure. The honest ISPs will have to bear the burden of administering this tax (for which, they will have administration costs - passed on to users). But what about these Hong Kong spamming sources? Or anything outside the jurisdiction of the 'email tax law'? An email tax is both unworkable and ineffective

What is needed, and has been pointed out in many other places, is a reform of the SMTP method. SMTP was designed many, MANY years ago when the only people on networks were technicians, academics, etc. These people created a system for THEM to use. They didn't really anticipate spam, because for spam to become effective, email needs to be wide-spread to the point near ubiquity. When email services are as common, you are going to get a lot of simple-minded gullible people out there. And these are the people who click on those ads, and bring in the spam revenue.

So, I guess we either need to reform and properly lock-down email sending to show only accurate information, or require a simple I.Q. test before logging into email! ;) Of course, the latter opetion would surely bring about the swift demise of AOL...

Re:E-mail tax

[The+Fanta+Menace]

Not going to work. I don't use my ISP to send mail, at least not in a way they can detect. I use my own server, instead.

Are you going to tax me to send email between the users on my machine? If so, how are you going to monitor the logs? Are you going to give government authorities permission to audit my machine whenever they see fit to? Looking kind of authoritarian, now, isn't it?

How about cron jobs sending me email? Do I get taxed for them, too?

Instant messaging? Tax for that? What about when people get fed up with your email tax and implement an email system over an IM service instead? Or just implement some other of email over any other protocol to bypass your tax system?

Filters are an effective way of combatting spam. Much better - and less oppressive - than a tax. SpamAssassin catches 99% of the spam I receive. It, and other filters, are so effective that spammers are now changing the content of their text to attempt to bypass it. And when they do this, it reduces the effectiveness of their advertising, so in the end, they lose.

Re:E-mail tax

[Sexy+Bern]

Surely this falls down when the spammer bypasses a legitmate (ISP's) SMTP server?

Spammers will have their own SMTP servers, or find/use open relays.

Re:E-mail tax

[Isomer]

Shrug, if you want to stop people sending forged email then use PKI. Don't accept mail from people unless it is signed by someone you trust. It's easy to implement, it's reasonably secure. It doesn't change any of the protocols on the internet today, all you need to do is set up a key and start signing email.

Sure spammers can get a key but if nobody signs their key, then they can't spam. So every time they want to spam they need to get a key signed. People who sign spammers keys regularly are going to get their signatures revoked.

This increases the "cost" of spamming by making it hard for spammers to get legitimate keys, but making it relatively cheap for joe bloggs who just has to create a key and perhaps get it signed by his ISP and a couple of friends.

ISP's signatures wouldn't mean much, but it would be enough to get you started on the web of trust, after a few people have signed your key your key will start becoming more important to more people.

So, step up and use GPG today!

Re:E-mail tax

[Illbay]

Personally, I'm all in favor of taxing SMTP traffic, and heavily.

Taxes only hurt the honest. They don't hinder the dishonest because they will find a way to keep from paying the taxes.

Government solutions typically fail utterly; only the "invisible hand" of the market can succeed.

Keep the gov out of all of this.

more tragic than funny

[real_smiff]

i'd never heard of this but after reading the two wired articles i feel sorry for everyone... really, the guy needs medical help, and probably shouldn't be allowed onto a public network (computer, mail, whatever).. and the people taking the piss, well.. it teaches you to be careful, there really are nutters out there, and the internet just lets them fulfil their full nutty potential :o

(off topic, but you'd think it obvious that any time machine breakthrough would be all over the news right! ; i guess basic rationality doesn't come into this though. scary.)

Re:more tragic than funny

[kalidasa]

Paranoia doesn't work that way, though. He saves the phenomena by convincing himself that the time travelers are prohibited from interfering, and are surveilled for violations, and so have to be very careful about how they use time travel. He also believes he is being surveilled, either by the contemporary government or the time cops.

Where to really look...

[cruachan]

For fun putting aside the 'do they exist?' and 'can they get here easily?' questions I've often thought that if you really want to find visiting Aliens and the like then you have to find something on earth that would be worthwhile coming to see - an alien tourist honeypot if you will.

The only thing that I can think of that potentially fits this bill is a total solar eclipse. Although there's some compelling evidence that life like ours can only evolve in a similar 'double planet' system like the earth-moon, there's really no reason to expect intelligent life to be around at exactly the same time as the apparent moon and sun size matches sufficiently closely to see a total eclipse. Indeed total solar eclipses have only been visible on earth for a hundred million years or so and will continue only for a few hundred million more - quite a small window in the history of our planet and something sufficiently rare that it may be worthwhile diverting a few light years to see.

So if I did want to find an alien or the like I'd look in the middle of a path of totality

Re:Where to really look...

[anagama]

Space travelers would probably be unimpressed by an eclipse. I'll tell you the real draw: supermarkets. Don't believe me? Take a trip to Japan, then wander through a supermarket - you will be amazed at how fascinating it truly is.

Aliens would probably find most things here interesting because it would be so foreign - and that's all it takes to grab a "person's" attention, something he/she/it hasn't seen before.

Let's review..

[mumblestheclown]

In the real world, badly-designed car locks would make cars easier to steal. To combat this problem, people would insist that a) the locks be re-engineered to be better and b) people who steal cars be treated as criminals who, when caught, get strict punishments.

In the bizarro world of the internet, we likewise have broken locks. Email, specifically, is like a car with really, really shitty locks on it. However, instead of knowing about this problem for many years now and a few (some equally bad) proposals for fixing it, the main mode of dealing with the problem is:

• threads on slashdot where everybody bitches about how bad the locks are or what jerks the thieves are
• general discussion that technological problems need strictly technological solutions. even if this we're true (it's not), the fact of the matter is that lack of effective communication is a social problem.

Re:Let's review..

[thoughtcrime]

If you really want to use the car analogy, I'd say it's more like this:

Cars have locks that are just fine when used properly. However, many people are very gullible, and if you go up and ask them, they'll let you borrow their car. You can steal their car after asking to borrow it, and most of them will be too embarrassed that they lent you their car in the first place to ever file a police report. The success ratio is high enough that every day multiple people will walk up to you and ask to borrow your car. To date, we've come up with no useful way of keeping these would-be thieves from taking up your time or your brainspace.

The guy is mentally ill

In the article, the reporter states that Todino's father says his son has mental problems. OK, fair enough. Then his father needs to step up to the plate and get the guy some help.

Barring that, the people being joe'd really need to follow up on this. Either this guy is an unrepentant spammer, in which case he needs to be made to pay the price, or he's mentally unstable, in which case he needs professional help. The latter possibility is really more serious, since Todino could conceivably go off the deep end and do something more serious. Possibly, the best approach would be for them to contact Todino's father and tell him that if he doesn't get his son some help immediately, they're going to pursue the case with law enforcement. Assuming the father's statements are true and that he gives a damn, this should at least get the ball rolling.

Re:The guy is mentally ill

The latter possibility is really more serious, since Todino could conceivably go off the deep end and do something more serious.

No offense, but that's a rather uninformed view of mental illness. I've been fighting depression for about half my life and I'm finally getting past it, and I've seen this attitude before. The world is not made up of sane people and loonies who are likely to go crazy at any moment and start killing people.

I admittedly did some rather odd things when I was in heavy depressive states, but despite behaving stangely I would never ever have done anything harmful to anyone. I'm generally an overly polite person, and I when people found out I had mental problems it seemed to trigger the "but he has so quiet, always kept to himself" idea that people have heard about serial killers. It's not very fun to have people suddenly become afraid of you.

Clearly this guy has problems, and he should be held accountable for the joe job he pulled, which should include some psychiatic help, but we don't know the guy. Reacting with fear when you hear "mental illness" is not productive.

Almost every family has people with serious mental illnesses, it wouldn't hurt to educate youself on the topic a bit.

Re:The guy is mentally ill

[ConsumedByTV]

At the very least, he's going to spam again, and if that doesn't justify cramming some lithium down his throat, strapping his ass to a gurney and running a couple hundred volts through his cerebral cortex and maybe another hundred through his testicles for good measure, I don't know what does.

Wait just a moment.

Do you really believe that?

I mean that, stop and think for just a moment at what kind of a world we would have to live in for that to happen. Physically torturing someone for sending spam?

You sir, are a fucking idiot with no idea of what it is like to watch someone get shock therapy.

Bouncing is moronic. Stop it.

[droleary]

What strikes me is that the major problem is not the spammers doing direct DoS attacks on the targets, but that they're using brain-dead behavior of mail servers to pull off DDoS attacks. If you control an MX, please configure it to issue a 550 error during the connection if you can't deliver the message instead of accepting it and then bouncing to what you almost certainly know is an innocent party. A party who is not the sender of the message, by the way, which means you anal types who say "RFC says I must bounce" have to note that it also says you must not lose a message, which is what a bad bounce does. Please be a friendly network neighbor and stop bouncing spam.

Re:You know who we need right now?

[October_30th]

Well written, pretty consistent and sufficiently evasive not to get caught with outright lies. Smells like a university project by some political/social sciences students...

Challege/Response systems are very dangerous

[AndroidCat]

enter the standard coded-number-in-a-distorted-image

I'm using an ASCII terminal. Or a PDA with a small screen. Or VoiceXML over a telephone. Or I'm sight-impared. Or my ISP bounces your ISP's coded-number-in-a-distorted-image with request that they respond first with a coded-number-in-a-distorted-image, rinse, repeat. Or I have my filters set to autotrash any graphics in email because 99% of the time it's for penis pills. Or it was a Joe-job and your ISP sent me 20,000 coded-number-in-a-distorted-image challenge emails.

Now what?

Re:Bouncing is moronic. Stop it.

It's not that simple. If you want to figure out that you can't deliver the message, you have to check. Checking takes computer resources. Now everyone has a really easy way of DoS'ing your server.

Furthermore, by returning 550 in the SMTP session, you've given criminals an easy way to search for valid email accounts.

Accepting and then bouncing the messages remains the more secure and better performing solution. (Even when it's a 'Joe job' unfortunately.)

I agree with the person who posted that we need a new protocol.