What You Get When You Buy a Spam CD

defender writes "Recently over here in The Netherlands, the spam versus anti-spam 'war' has hardened. More professional spamming coming from a handful of hard-core spammers utilizing bulletproof hosting in India, chained open proxies, more and more false whois information, etc. One of the more known anti-spam people has been sent one of the subjects of those spams: a CD with millions of e-mail addressess of 'individuals' and hundreds of thousands of 'businesses'... Rejo Zenger has done an analysis of such a CD, which is fuelling new debate as to why the recent EU anti-spam directive was weakened because of businesses complaining or indicating that spam wasn't a big issue for them."

Spammers are beginning to organise

[Tirel]

It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.

The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.

And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.

And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.

Nice going.

It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.

Re:Spammers are beginning to organise

[Lumpy]

A simple answer is a bittorrent solution to the blacklists or other data, or a p2p type of app to get the lists or data out tot he servers/customers.

if you dont have one target to attack, and not allow the scumbags to modify the data file (md5 sums + other means to ensure the file is real... you can end run these spamming scumbags.

I for one dont understand why this has not been done already.

Re:Spammers are beginning to organise

[the_mad_poster]

Seriously... what would happen if everyone here went rogue, said "fuck it", and just actively blew away spammers (online, mind you, we don't need any gun-toting geeks for the love of god)?

With 700,000+ people on slashdot, a less than 1% high techno-competency rate (let the jokes fly...) would yield 7000 individuals from this site alone capable of tracking spam, breaking down proxies and ISPs, stealing and altering logs, etc. How long would it take before 7000 militant hackers working together broke down the spammers under an onslaught of attacks as underhanded as the ones the spammers are using? People like Ralsky aren't even that smart, technologically. I'm willing to bet that once the tough part is done: tracking them, actually beating the daylights out of their systems and them wouldn't be that hard.

Of course, each individual would have to be willing to deal with the fact that they could be one of the people that gets arrested and charged with a couple of felonies. Sort of like the old trick "yep - all three of you can surely beat me, but the first one in to try it dies". Who wants to be the hero?

Re:Spammers are beginning to organise

[svanstrom]

Seriously... what would happen if everyone here went rogue, said "fuck it", and just actively blew away spammers (online, mind you, we don't need any gun-toting geeks for the love of god)?

We could do it without saying "fuck it"...

Seriously, it doesn't take a genius to write a virus/worm that take advantage of the latest virus/worm-problem, patches the local system, spends 30 minutes attacking spammers and spreading to other infected systems, after which it just erases itself.

_ONE_ person is enough for such a thing, and sooner or later someone will do it.

Re:Spammers are beginning to organise

[gmack]

No.. it's not.

Having run an opt in mailing list for a previous employer I can tell you that some people sign up then go complain to spamcop when they actually get the email. And then the mail server gets an Instant blacklist thanks to the automated system and your stuck with the rest of the emails getting bounced.

The problem gets worse when they black out the email addresses so it becomes impossible to tell who actually wanted off.

The same thing happens here...

[bc90021]

Any CD that is sold containing email addresses invariably has some that work, but the vast majority are just generated. I once knew someone (and I no longer communicate with that person) who insisted that spam was the only way to sell his products. He paid $400 to some marketing company, and they sold him a CD with a million addresses. He asked me to look at it, and my conclusions were that he got ripped off. He didn't want to believe me, but the sheer number of addresses that were obviously generated proved to me that someone had written a quick script to create addresses. A good portion of the addresses were also old-school, with lots of "71532.4532@compuserve.com" type addresses.

Spammers aren't just evil for selling addresses, they are evil for making up about 3/4 of the ones that they do sell, and anyone who buys a CD with email addresses on it should be aware of that.

Do me a favour

[skinfitz]

Edit the CD to include the email address of every politician the wolrd over, along with known spammers and the editor of every media outlet. If you can, use addresses that forward a notification to their mobile phone via SMS, then sell the new CD.

We'll soon see a change in the law.

Ahh I can dream.

Attack the Bulletproof Hosting Companies

Type "bulletproof hosting" into Google and you get lots of hits advertising "bulker friendly" and "assistance with spamming -- we do more than just give you a place to send from" sites.

Why aren't these sites listed, real-time blacklisted, and DDoS'd by the good guys? If there is a SETI screensaver, why not a Pitchforks-and-Torches (my name for the angry mob of ordinary folks) one that, say, once a minute sends a query to known spam-friendly ISPs. A million of these would be a million messages a minute. Hard to call that a real DDoS attack from any one person since all I wanted to see if their page has updated.

Re:Selling e-mail addresses shouldn't be illegal

[Alsee]

If you are selling a product that will only make you about $50 a year per customer, and have to spam 10,000 people ... there's no way you are actually turning a profit.

Unfortunately it CAN be profitable. You missed the fact that the cost of sending spam is vanishingly small.

Lets assume that one in ten thousand response rate. Lets assume $50 total profit. Lets assume you send a measly 2 spams per second (1.2 million per week). That is over $314,000 per year.

It will be profitable as long as your expenses are less than that. Hardware costs: insignifigant. Software costs: insignifigant. Address lists: insignifigant. Labor: one person part time. Bandwith: Maybe several thousand, but still not signifigant.

If some of them keep buying herbal viagra every year it becomes that much more profitable. When you find such a "live one" they are prime candidates for every other crack-pot offer you dream up. One single fruit-cake can be a gold mine giving you a few thousand per year.

I hate working out this math, it almost makes me want to go into the spam business. On the other hand if you do the math it becomes clear that each spammer can easily kill entire LIFESPANS worth of other people's time just deleting this crap.

-