The Life of a Spammer

An anonymous reader writes "The Atlanta Journal-Constitution ran an interesting article today about the life of a "small time" spammer. It is interesting to note that even a religiously zealous grandmother can mire our inboxes with junk." That's Flo Fox, of Slidell, LA.

They need our understanding

I think our society is to quick to judge people and should learn from the African proverb "where one should one kilometre in the other's sandals". What caused the spammer to be so inconsiderate? Perhaps we should blame the people who came up with SMTP RFC who lacked the vision that the mail delivery system could be so easily exploited.

Re:They need our understanding

[ebuck]

Wow, my second troll!

Come on, let's not lose our heads here.

Nearly every week there's a standard spam article on slashdot, every day the less savvy computer people like my stepfather get slammed with spam. The spammers are denegrated to the point of being dehumanized, and laws get bandied about to fix everything via litigation.

Meanwhile, there are a few people who have set up their own private mail relays, which reject all mail coming from "untrusted" servers. A fine step toward combating spam, but oboviously few are beating down their doors to climb on board. I haven't heard from them in years, so mabye they never hit critical mass.

And every two months or so, I read an article on how "redesigning email MY way" could save us all from the SPAM. Nevermind that there are tons of different ways, some of them fatally flawed, being presented. The lack of momentum in actually changing this is phenomenal.

But only on slashdot would suggesting that a less spam-prone mail delivery be designed, and then implemented, be considered a troll. What's next, would posting an article complaining about spam be a troll? Since that would seriously garner quite a few more responses than my quaint message.

Cheers.

How bothersome is spam for most slashdotters?

[prostoalex]

Comparing my daily inbox reading routine a year ago and now, I hardly worry about spam nowadays. I have three e-mail boxes, one at yahoo.com, another one for personal e-mails, and the third one spam-only, that I only check when I expect a registration confirmation to come from some site I register at.

Yahoo Mail has its own filters, my Linux mailserver has spamassassin, and the spam e-mail address gets discarded on a weekly basis automatically.

Yeah, occasionally 2-3 letters per day pass though Spamassassin, but they are easy to see right from the subject line and delete right away. Spamassassin and other free (as well as commercial ) products seem to do a pretty decent job at it, and 2-3 spam e-mails per day can be just treated as a cost of using the system.

Re:How bothersome is spam for most slashdotters?

Yeah, occasionally 2-3 letters per day pass though Spamassassin, but they are easy to see right from the subject line and delete right away.

Don't do that. Pipe those emails through sa-learn --spam before deleting, so that they are also caught by spamassassin the next time around.

Re:Boo Hoo

Boo hoo at this woman's fear of going bankrupt.

I'd agree, but I used up all my furious indignation yesterday when I saw that the OPEC nations want financial aid if the world's energy use shifts from oil to renewable sources.

I'm only 30, but I remember the gas lines during the oil embargo in the 70's. And they want our help once they no longer have us over a barrel? Fuck 'em, let the greedy bastards hock a few of their gold-plated Mercedes-Benzes.

Spam is in the eye of the beholder (=recipient)

[nv5]

The fact, that spam is still worthwhile goes to show, that one person's spam is another person's valued information (worth clicking on and spending money on).

Therefore efforts (legal and technical) to define spam at the sender side seem inherently dubious to me.

On the other hand, weeding out spam at the receiving end doesn't do anything to conserve the bandwidth and other computing resources wasted on items, which ended up being identified as spam by the respective recipients.

So this is a fundamentally tough nut to crack.

Oh the irony

[InfiniteWisdom]

"It's easy to rip people off you have never even seen," Fox says.


You mean just like its easy to steal bandwidth and send annoying or inapporopriate material to people you've never met, bitch?

Spamming DOES pay

The real money is in spam-stopping.

The obvious route to make money would be to use the spam as a base for racketeering.

DoS is about to become big business.

WWJD?

[rnelsonee]

I like her "WWJD?" shirt. If Jesus were around today, one thing he would not do is annoy 40 million people with lousy penis-enlargemnet ads...

Is this her?

http://www.google.com/search?q=flo+fox+slidell&sta rt=0&start=0&ie=utf-8&oe=utf-8

Spam: BSA as a tool?

[Dark+Lord+Seth]

You know, I've been thinking a bit. Spam is becoming a real problem and it's only a matter of time before email itself becomes nearly useless due to the massive amounts of spam. Something has to be done and it has to be done soon in order for it to still be effective enough. Stopping spam itself when it's en-route is not an option, as it will only lead to an arms race between spammer/virus writers and hackers/AV corps. Killing the bandwidth of the computers that send spam isn't an option either as it involves (D)DoSing, which is rather illegal. Killing the spammers themselves, as satisfying and tempting as it may be, is not an option either. Remember, even a spammer is someone's father/mother and/or son/daughter.

Maybe, MAYBE we have a chance by sicking the BSA on them. Yes, the Business Software Alliance, the same people who use some sort of legalized extortion and raid small businesses that "fail to comply" to their rather variable demands. Think about it, most small time spammers are technological idiots who use home computers. Do you really think every spammer who has 10 PCs churning out email has valid licenses for Windows? Maybe a few, but loads don't. And even if they do, MS licensing is so horrid that whatever the heck you did, you're bound to violate at least 3 licenses anyways, excluding other licenses like the spam software itself. This is how we might go after a few small-time spammers. And hey, it actually makes the BSA people do something useful as well! Maybe an idea?

Pretty damn bothersome, thnx

[Hayzeus]

I've had two email addresses since back in the day when domain names were free. waste.com was my initial domain -- I sold waste of in 95 and got a new email address -- swampgas.com. I have had the same address on each of those, and have been pretty stubborn about leaving that single address more or less public (although obfuscated when posting to usenet)-- but that's about to change.

About the time I switced to the new domain, I began seeing a significant amount of email spam. As of 2000, I began to see my rate doubling about once per year. Last year I got about 150/day -- this year it's up to 300 or so. Even using spamassasin, the emails that get through are a major annoyance, especially if I've been away from email for more than a day or two. At this point, it looks like I'll be switching to using multiple addresses, one semi-public, one for ecommerce, and one given out only to friends and family -- I really see no other way at this point (although even THAT isn't a perfect solution).

Of course, maybe it's because I live in St. Tammany Parish (a parish in LA is like a county in other states) -- the same parish as Slidell. In fact, Ron Scelson was our old babysitter's son in law. Maybe the massive spam load is some kind of weird misdirected digital karma bullet, that just happened to hit me instead of the nearby spammer. Dunno -- but I suspect its just the inevitable consequence of keeping a vary public email address.

In any case -- yes -- spam is a major problem for me, and I'm reasonably savy with most of the available anti-spam tools out there.

Yes Spammers can be nice people.

[jellomizer]

Just like in any "Profession" people can actually try to be a good person while doing horrible and annoying things. That is the problem with morality. Part of the problem with spam deals with a larger issue. American Culture will put their money in the larger corps. and less in the mom and pop businesses. Because even though they may not trust larger Corps to do the right thing but at least you know that when you buy a product they will not just take your money and run. But you will get a product with reasonable quality. This level of comfort makes it very difficult for the small business to get a good foot hold, in their own business. Because although their product is better and they are a far more fairer in their practices. But there is a greater chance when you go with a small business that you could get ripped off as well. So now back to Spam, Unfortunately Spam is a result of this so you get both Scammer and Legitimate business men are trying spamming to get at least a couple of customers from a million so they can make enough money so they can use better methods. But unfortunately Spamming is no better or worst then anything else at the same price, but you get these people who figure the "Computer are the way of the future" So they blindly spam thinking that is the only way they can survive.

Re:Boo Hoo

[zapp]

It's the fact your product and actions are not wanted.

Simple capitalism- Sell a product people want in a manner people want it and you will make money. Spam does neither as such will eventually die out.


It doesn't matter what the receiver of the spam wants. What matters is that companies want to get advertisements for their services out to millions of people, and she provides that service. Therefore, she has high demand. And spam filters interfere with her being able to meet her customer's expectations.

That said, I think I should cover my back by saying I hate spammers, they should die, and wtf is she doing sending spam and wearing a "what would Jesus do?" shirt? Just goes to show you ALL kinds of people can be dumb, mean, and detrimental to society.

How harmful is spam... REALLY?

[JayBlalock]

Please don't mod this troll, this is an honest inquiry.

This article got me thinking again. Every time the subject of spam comes up, there are always innumerable people talking about how if spam is left unchecked, it's going to destroy the Internet and\or e-mail as we know it. Thus spammers MUST be stopped for the common good.

Are there, in fact, any NUMBERS backing this hypothesis up? Any statistics showing that at current rates of growth, by 20XX spam will consume so much bandwidth that the Internet will collapse? Or that spam accounts for bandwidth costs which are significantly higher than any other popular form of packets flying around? (I never hear ISPs complaining that popup ads are causing them huge extra bills...) Or that somewhere along the line, the innumerable filters that exist will cease to be of any use, and suddenly everyone really WILL be flooded with more spam than they can ever deal with?

I ask the latter especially, since filtering is becoming more and more common. Some browsers have it built into their mail clients. All of the major webmail clients automatically filter - I get approximately 1 piece of spam in my yahoo box a day. (and the spam folder cleans itself without my even looking at it) And even, increasingly, ISPs are preemptively filtering before the mail even gets past them.

If we want to debate the merits of "freedom to market" versus "intrusive annoyance," that's one thing. But I see on any thread involving spammers a sort of reflexive hatred - and assumption of Evil Intent - which would seem more appropriate for a religious war on some Christian board.

So, I ask, simply - is there any substantial evidence that Spam is truly a threat larger than just being a general annoyance?

Re:How harmful is spam... REALLY?

[Madame+Sosostris]

Hm. My first comment on /.
http://www.eprivacygroup.com/pdfs/SpamByTheNumbers .pdf

I see spam as a threat to ISPs because it makes increased expenditure on bandwidth and filters necessary. Also, as the above link shows, it decreases workplace productivity because people keep having to clean it out of their inboxes.

I get the free-market thing -- I'm a libertarian too. However, I think there's an essential conflict going on between spammers and other businesses. I wouldn't go so far as to compare it to industrial sabotage or anything melodramatic like that, but spam is interfering with businesses by decreasing productivity and increasing costs. I'm pretty weak on economics, but it bothers me that businesses should have to spend money dealing with a problem caused by someone who has no relation to their business whatsoever. It's like having to deal with the "ILOVEYOU" virus -- it sucks up resources and provides no benefit to anyone, anywhere, except the person who is causing problems for everyone else.

The problem is, of course, that you can turn it around and say that ISP filters are interfering with the spammers' business. I'd say, though, that people are going to pay spammers to do mass mailings regardless of whether the mailings get blocked or not. Getting blocked doesn't hurt the spammers' income, in my understanding, whereas the process of blocking hurts ISPs' budgets.

As for the companies who use spam to advertise -- "freedom to market" aside, how many of those companies would pass the standards of the BBB? I don't recall ever receiving spam from a company whose name or credentials I could trust in the slightest. For the reasons I mentioned above, plus the annoyance factor, I view spam as an underhanded, illegitimate advertising technique, and frankly I wouldn't shed a tear if companies who resorted to spam were deprived of their "freedom" to cause other people problems.

Re:How harmful is spam... REALLY?

[Desert+Raven]

Calling me ignorant, and then launching into a sadistic revenge fantasy, hardly bolsters your argument. In fact, I would say it automatically denotes you as being too emotionally involved to be a reliable source of information.

Ah yes, ten years of experience definitely disqualifies me as a reliable source of information, how amazing of you to have figured this out.

Surprisingly enough, it is possible to be highly knowledgable AND pissed off. You've got the pissed off part down, why not try being knowledgable next?

Re:This Flo Fox?

[vadim_t]

Here's an idea:

Somebody should make a website listing all those numbers, and keeping them up to date. Sure, people are going to annoy a lot somebody for a week or two, but then the story disappears from the front page, people forget...

There should be some good place where to find the phone numbers of all those morons so that they hear from people who are unhappy with their methods for a few months at least.

Chockingly!

[AmoebafromSweden]

They only want free speech when it supports their viewpoints, From the article:
Fox and Connelly have their limits. They don't peddle Viagra, breast enlargement pills or smut, they say. "When I defend what we do, I talk about free speech," says Connelly, a rugged man with silver hair and a full beard. "When it comes to porn, I don't care about [the pornographers'] free speech."

So do I interpret the text anyway. Btw, The article have a poll if the new spam law is good, take your time to vote.

religious?

And tell me again, why "a religiously zealous" anything would be less likely to spam than an atheist?

Sorry, I didn't get the memo.

If people kill in the name of a religion, even if it is expressly forbidden by that religion, then they sure as hell can spam in the name of religion.

An active response to spam - what do you think?

I have been thinking about a good way to stop spam and I have convinced myself that the only way that will prove genuinely effective is to make it prohibitively expensive. Not through per email micropayments or any other such scheme, but by doing what the spammers are asking for: visiting their sites.

Imagine if everyone who got a spam visited the site mentioned in it, perhaps reloading periodically. This would be a slashdot effect that would cost the spammer a fortune. Some might say it would be a DDOS - but I'm not talking about flooding them. Just loading their website a few times (obviously one would remove any information from the URL that might indicate that your email address was live).

There are a few solutions out there to do this, such as active spam filters on mail servers. But those would be easily firewalled out by a spammer.

Take a look at http://www.astrobastards.net/uc/ - this is a program that runs in the background and visits spam sites. It gets it's list of sites to visit from a central server. I think this is the sort of thing we need, but it has to be more distributed, not under the control of a single person, and without a single point of failure. This is vital, because it has to be trustworthy, and it has to be impervious to DoS attacks from the spammers.

What are the thoughts of the community on this?

The geeks of the world can certainly build such an anti-spam network. We can make it work, and once enough people are using it, we can make spamming cost a fortune. And we can make it reliable and trustworthy. But will enough people support it for it to work?

What to Say to Flo When You Call Her ...

[WCityMike]

If you do call Flo after reading this comment, you might want to quote some Scripture at her, since she's got the whole "WWJD?" thing going.

Acts 13:10. "You are a child of the devil and an enemy of everything that is right! You are full of all kinds of deceit and trickery. Will you never stop perverting the right ways of the Lord?"

Matthew 19:19. "Jesus replied, 'Do not murder, do not commit adultery, do not steal, do not give false testimony, honor your father and mother,' and 'love your neighbor as yourself.'"

John 10:1. "[T]he man who does not enter the sheep pen by the gate, but climbs in by some other way, is a thief and a robber." (It's a slight stretch, but it's a little applicable.)

Mark 4:18-19. "Still others, like seed sown among thorns, hear the word; but the worries of this life, the deceitfulness of wealth and the desires for other things come in and choke the word, making it unfruitful."

Matthew 19:23-24. "I tell you the truth, it is hard for a rich man to enter the kingdom of heaven. Again I tell you, it is easier for a camel to go through the eye of a needle than for a rich man to enter the kingdom of God."

Revelations 3:16-17. "So, because you are lukewarm -- neither hot nor cold--I am about to spit you out of my mouth. You say, 'I am rich; I have acquired wealth and do not need a thing.' But you do not realize that you are wretched, pitiful, poor, blind and naked."

1 Timothy 6:17. "Command those who are rich in this present world not to be arrogant nor to put their hope in wealth, which is so uncertain, but to put their hope in God, who richly provides us with everything for our enjoyment."

Might want to tell her to read her Bible a little more carefully.

If she tells you, "The Devil can quote Scripture to his purpose," then point out that that's Shakespeare (Merchant of Venice, Act I, Scene iii), not Holy Writ.

(However, if Satan's on the Internet, Bible.Gospelcom.Net would sure let him do it.)

Re:hmmm....

[sketerpot]

From what I hear, it is that difficult. There are lots of filters out there being put in place by ISPs and businesses, and spammers have to worry about them all the time. It's interesting to see how the spammers justify their t r 1 c k z. A comment on ISPs filtering out spam:

"This is just like racketeering," Fox says. "It's the big guy squeezing the little guy out."

How stupid is that? Sometimes the little guy deserves to be kicked out. It only takes a few assholes to ruin things for a lot of people, even if the assholes are "little guys".

No. Don't blame SMTP

[minas-beede]

SMTP was designed to be a robust mail protocol in an environment in which trust was perfectly reasonable. The environment changed, the protocol was retained. Fine - but then you have to do something about the lost appropriateness of trust. Some things have been done - they've been inadequate. That's not the fault of SMTP or of the designers.

It isn't just SMTP that is abused: open proxy abuse is a big contributor to the spam problem. There, again, trust is inappropriate - but still exists. Spammers take advantage of other system and human vulnerabilities to set up spam zombie servers. Too much inappropriate trust yet again.

Some basic human behavior needs to change - and the ISPs should be in the lead. They aren't. The security experts might be in the lead. They aren't. Many security experts appear to believe that securing a small fraction of systems and bitching about all the rest is adeqaute. Well, take a look - is it? Few security experts do anything towards identifying and stopping the abusers who constantly search the internet for vulnerabilites. It's like a city is plagued by burglars and the security experts simply make sure the doors and windows of their buildings can't be forced. They could put in cameras to get pictures of the burglars when they try the window - but instead merely complain about those who don't secure their windows. Of course in this case it's spam, not burglary, and the abuse commited on the other guy's system can hit the security experts own system, in the form of spam. If the security expert would help rid the community of the abusers then the abuse would be reduced. The security expert would rather point fingers at others and hurl blame than do what he himself could do beyond excluding just one form of abuse. Some expert - he doesn't even look to see how allowing the abusers to continue hurts him.

Who is better placed than an ISP to watch for attempted proxy port abuse? What ISP do you know of that watches? Recent actual experience by someone who did watch showed that many spammers commit the abuse form their own IPs. Watch for the abuse and you find the spammers' IPs (so much for the much-vaunted "anonymity" of the spammers.) The spammers aren't that particularly clever: it's mostly that those who could act don't.

An idea

Similar to that idea that someone has presented about spidering every link in a spam message to consume spammer/spammer user bandwidth.

Why not a tool that will filter spam, and also reply with a basic reply - make every they use appear a sucker? Right now, they are already sending johna, johnb,johnc...johnz emails to every domain they know, so why not make all thoss CD's of 'guaranteed valid' email addresses totally useless?

Re:Yay!

[bhtooefr]

Fox, Florence F
1711 W Hall Ave
Slidell, LA 70460-2536
(985) 781-2542
(985) 643-9417

or

Fox, Flo
127 Rue Acadian
Slidell, LA 70461-5203
(985) 646-2225

Nobody's sure as to which one, though. However, we need her e-mail, and we need to send her the Fetish Catalog (I only know of it from reading KillCat.com, an anti-CueCat site that came up with creative ways of destroying them, and noticed that missing the G key and pressing F when typing "getcat.com" gave you the Fetish Catalog's site) under multiple names. Also, we need some collect calls.

Hacking DNS to annoy spammers

[billstewart]

If you've got a DNS server you're willing to hack on, you could have it check whether the requests are coming from known open proxies or open relays. If they are, or if they're requesting information on your spammer-bait domains, or searching for too many non-existent subdomains in your real domains, you can give them more interesting IP addresses.

127.0.0.3 is always good, or 255.255.255.255, or 192.168.255.255, or 169.254.255.255. If you've got a BGP feed, so you can figure out their upstream provider, you could always hand them that provider's main mail server.

If they're an open relay, though, an obvious IP address to hand them is the address of another open relay. So it'll send the mail there, and that relay will try to send it - so it'll look up your-fake-domain.com, which you'll respond to with the address of another open relay... I realize that open relays are passe, and all the cool spammers use open proxies these days, but you can still have fun letting misconfigured Korean relays bounce the spam around each other, and you'll only have to do the occasional DNS lookup until they get the addresses cached.

Re:Sending snail mail to spammers.

[ngoy]

>I'm surprised I haven't heard of anyone running an operation to automatically read those addresses and fill in lots of webforms requesting free catalogues!

I was fed up with a certain set of mortgage spam that I wrote a vb app that used the browser object to open up the spammer's web site, then proceed to fill in the information with random stuff, but had the area codes match the zips and states. I let it run and put about 40-50,000 false entries into 3 or 4 websites. Pretty funny, IMHO. The nice thing about wrapping the browser object in vb is that you can load the page and then remove the validation code that loaded with the page. So this works equally as well with sites that do the credit card verification before it does a submittal. I had a site on geocities a while back but they deleted my program and the site for some reason. I called it "spam the spammer". Unfortunately, now most spammers embed a tracking link into the url so they can link the hit back to an email address. But if we had an open source project to collect the identifiers from spam trap addresses we could really screw up the spam operations. I don't think mortgage companies like getting 10,000 false leads.