Slashdot Mirror

← Back to Stories (view on slashdot.org)

Attacking the Spammer Business Model

Posted by Cliff on from the a-spammer-in-the-gears dept.

Stephen Samuel asks: "Spammers spam because it's an 'easy way to make money'. They send out millions of spams knowing that 99.995% of them will be ignored, but the other 0.005% of responses are pure gold (Andrew Leung at Telus has an excellent report on the economics of spam). Responses to mortage spams are reportedly worth $50.00 each. What would happen if, instead of technical and legal approaches, we simply started attacking their business model? If people started responding to just 1% of the spam we received, spammers would drown in the responses, and the mortage spam responses wouldn't be worth an email, much less $50. The Nigerian Sweet Revenge is an example of this. The nice thing about this sort of statistical approach is that it would start to reward spammers for sending out -fewer- emails. (fewer emails -> fewer bogus responses). What other ways can people think of to attack the spammer business models, and what are the expected downsides of such approaches?" Of course, the one major drawback to this is the likelihood of more spam, since you'll be giving them a valid email address. However, many of you may be receiving increasing amount of spam as it is (even through your filters) so might an organized spam-the-spammers movement work?

13 of 655 comments (clear)

  1. Richest spammers could afford to handle replies by eaglebtc · · Score: 5, Insightful

    The top 1% of spammers who can afford the bandwidth and the hardware could still theoretically handle the volumes of email they would receive. Then they just have to expand their operations to go after the potential business contacts.

    Now what about sending them bogus email addresses and phony information? That would send them on a wild goose chase.

    --
    Homestarrunner.net -- It's Dot Com!
    1. Re:Richest spammers could afford to handle replies by magarity · · Score: 5, Insightful

      It isn't about bandwidth. This plan is to make the flood of loan referrals, or whatever, have lower value. If the only people who respond to loan spams are people searching for loans then each one has a good chance of being a customer. But if there are a thousand bogus loan seekers then there are suddenly less real customers and the loan companies will not want to pay very much to chase bad leads. At least, that seems to be the idea here.

    2. Re:Richest spammers could afford to handle replies by perrat · · Score: 4, Insightful

      In addition to this there is the costing model used by most ISP's, where the user will pay for items that they download but not for what they upload. In the current situation the 'economy of SPAM' is based upon having a massive number of emails and a very small number (percentage wise) of responses. The current ISP costing model advantages the spammers. If your anti SPAM software actualy sent a 'no-thanks' type response of the origionator, they would by paying to download each of these messages. Even by counter blocking at the other end they still need to download the message first before they can determine it's legitimacy. If you can break the economy of SPAM your put the spammer out of business. Even the richest spammer still has to rely on a tiny percentage return to generate their income.

    3. Re:Richest spammers could afford to handle replies by Bronster · · Score: 5, Insightful

      Because many of them are in datacenters on hosting accounts that were purchased from reputable companies who didn't know they were selling to spammers, and DDoS'ing these poor hosting companies will likely put them out of business for nothing more than a simple mistake.

      Those reputable companies might be a bit more careful in future to ensure that they aren't selling to spammers - by doing background checks, by educating their customers (for those spammers who don't actually realise it's a bad idea) and by being very public about kicking spammers when they're caught.

      Provide a strong enough financial dis-incentive to host spammers and eventually spam friendly ISPs will dry up - but while there's profit to be made hosting spamers, then of course these "reputable companies" will 'accidentally' host them.

  2. Ironic, don't you think? by The+Munger · · Score: 4, Insightful

    They work by flooding us with crap, hoping that they get one in a million to answer. We could fight them by flooding them so they have to look through a million emails to find the one legit order. Hmmm...

    Sorting through a pile of junk to get the stuff you're looking for. Sound familiar email junkies?

    --
    Refuse to make a statement in your sig!
  3. Re:Bogus spams? by Rascally · · Score: 5, Insightful

    Those are usually just spams sent out to verify valid email address and filter out bounces, etc so they have a "cleaner" (I use that term in a very loose fashion) list to use for their actual "real" spamming operation.

  4. Re:in the short run... by Stormie · · Score: 4, Insightful

    How long will people pay spammers $50 a referral once it becomes clear that 99% of said referrals are for non-existent names and addresses?

  5. Spam their 800 numbers.. by James_G · · Score: 5, Insightful
    If I get a spam that makes it through spamcop and spam assassin, and contains an 800 number (this doesn't happen often), I'll try and call them. It's not cheap to run an 800 number, and they tend to have a several minute long message rather than a real person answering the phone. If you have multiple lines, the fun thing to do is to call up on one line, let the message finish, get to the part where you get to record a message and then call them up again on a second line and conference the two together. Record their outgoing message as your message, rinse, repeat.

    It feels good to cost the spammers some money, even if it does waste your time to do it.

  6. The BIG Problem here..... by baximus · · Score: 4, Insightful

    ...is that the majority of spam I receive has forged headers, so I would in effect be sending the bogus replies to some poor sucker who had no idea their email address was being used as the "From:" header in a major spam operation.

    The number of spam emails that get through SpamAssassin because of forged "From:" headers is ridiculous. And worse is the number of bounce messages I get because someone has used my email address as the "From:" header in a massive spam mailout.

  7. Not applicable to most spam by MobyDisk · · Score: 4, Insightful

    Most of the spam I receive doesn't ask me to reply to purchase anything. They simply direct me to a web site of some sort. This eliminates mass-email replies as a possibility. If they use web forms, they can easily tell legitimate orders from phony ones by verifying the credit card numbers, phone numbers, addresses, etc.

  8. Re:Filters that fight back... by grotgrot · · Score: 4, Insightful
    automatically crawls any links listed in the spam, it would bring their web servers to their knees

    It doesn't distinguish between good guys and bad guys. In fact none of the "automatic" schemes mentioned do. Say the spammers decide they hate Paul, they can very easily deliver several spams pointing to his web site/email address/phone number. Remember that the cost of sending extra emails by a spammer is pretty much zero.

    The spammers are already picking on the anti-spam people.

    So how will your auto-responders etc tell the difference between bad guys and good guys?

  9. Re:Filters that fight back... by mrklaw · · Score: 4, Insightful

    Wow, what an easy way to DDoS. Just send out a bunch of Spam with a link to your least favorite website. The spam filters take care of the work for you.

  10. Re:automated replies / anon remailers by bgog · · Score: 4, Insightful

    If we all used anonymous remailers, they could simply filter them out and then they would have the legitimate responses. The only way this would work, (and it probably woulnd't unless everyone id it), is for the responses to be as real as possible, from real email addresses. That way they have to spend the time and effort to follow up on the leads. All 10 trillion of them.