Slashdot Mirror
What You Get When You Buy a Spam CD
defender writes "Recently over here in The Netherlands, the spam versus anti-spam 'war' has hardened. More professional spamming coming from a handful of hard-core spammers utilizing bulletproof hosting in India, chained open proxies, more and more false whois information, etc. One of the more known anti-spam people has been sent one of the subjects of those spams: a CD with millions of e-mail addressess of 'individuals' and hundreds of thousands of 'businesses'... Rejo Zenger has done an analysis of such a CD, which is fuelling new debate as to why the recent EU anti-spam directive was weakened because of businesses complaining or indicating that spam wasn't a big issue for them."
It's been reported that SpamCop is paying upwards to $30K / year for bandwidth as a direct cause of the continous DDOS attacks on it.
The spammers are doing everything they can to squeeze the anti-spammers out. They use frivolous lawsuits (aka Mark Felstein and his porn spamming backers) or DDOS attacks that either knock the anti-spam resources off completely or increase the costs so that no hobbyist can run them.
And while all this is going on, the law enforcement agencies are doing nothing to counter the clearly illegal acts of the spammers.
And ISPs are doing NOTHING to reduce the number of zombies on their networks. So the DDOS attacks continue.
Nice going.
It's only a matter of time when someone (Al Queda?) will use the zombie network for something that will truly be noticed.
Any CD that is sold containing email addresses invariably has some that work, but the vast majority are just generated. I once knew someone (and I no longer communicate with that person) who insisted that spam was the only way to sell his products. He paid $400 to some marketing company, and they sold him a CD with a million addresses. He asked me to look at it, and my conclusions were that he got ripped off. He didn't want to believe me, but the sheer number of addresses that were obviously generated proved to me that someone had written a quick script to create addresses. A good portion of the addresses were also old-school, with lots of "71532.4532@compuserve.com" type addresses.
Spammers aren't just evil for selling addresses, they are evil for making up about 3/4 of the ones that they do sell, and anyone who buys a CD with email addresses on it should be aware of that.
libertarianswag.com
The /dev/random method is world reknown[ed]
You joke, but this algorithm was sufficient for human evolution. (Hmm, spam as sperm?)
"with their freedom lost all virtue lose" - Milton
Bulletproof hosting in India? Gee, now I know what we can do with the variety of Kevlar-penetrating bullets in the US. Maybe your servers can survive a Slashdotting, but can they survive a barrage of 7.62mm armor-piercing bullets? I think not.
And if there are a few bullets left over, I'm sure someone can come up with some creative spammer-related uses for them...
can they also please test one of those penis enlargement pills? I'd like to know if they work...
One of the email addresses on the CD: ikautostelen@van.jouw
which translates from dutch to english to something like: me-steal-car@from.you
I can't stand spam and won't use it in business practices, but I don't thin kit should be any more illegal to sell a CD with aggregated e-mail address than it should be to sell a phone book CD with telephone numbers. There is value added in the indexing and providing of tools to manage so many addresses.
... organ" and patronize the spammer, then the spam will continue.
What should be illegal is selling generated, known to be false, addresses. This is basically false advertising.
What should also be illegal is bulk mailing to people who do not subscribe to a service. We need better mail servers that optionally require a "key" to receive mail, otherwise it goes straight to "File 13".
Sadly, all this bulk mail, even if "bounced" back to the sender, uses tons of bandwidth and is ultimately a tremendous waste of everyones time.
Unfortunately, all this Spam would stop is people STOPPED BUYING FROM THE SPAMMERS, but even if 0.0001% of recipients say "yeah, I DO want a larger
I only came here to do two things; kick some ass, and drink some beer...looks like we're almost out of beer.
Pointing out spammer's mistakes and helping them evolve/correct the problem.
I'm not sure what the secret to success is, but the secret to failure lies in trying to please everyone -Bill Cosby
Edit the CD to include the email address of every politician the wolrd over, along with known spammers and the editor of every media outlet. If you can, use addresses that forward a notification to their mobile phone via SMS, then sell the new CD.
We'll soon see a change in the law.
Ahh I can dream.
As for the author's assertion that the "bulletproof" spam hosts are in India, I give you ... China, Brazil, most of the Pacific Rim, as well as clueless/malicious providers such as Level3, Wanadoo.fr, etc. I can count the number of spams I've received from Indian sources recently on one hand, while the Chinese/Brazilian spam numbers in the tens of thousands.
No mod points, no meta-moderating/Firehose/all the other free work Slashdot wants me to do.
Bittorrents, for example, must have a seed site out there somewhere. This site can be taken out, and any other "offical" site that mirrors it. If the data is signed, then the offical sources of such signed data are vulnerable (if you need to revoke the key). The general problem of anonomizing traffic, while being able to trust the data on it at the same time, is Hard.
The wheel is turning, but the hamster is dead.
Why aren't these sites listed, real-time blacklisted, and DDoS'd by the good guys? If there is a SETI screensaver, why not a Pitchforks-and-Torches (my name for the angry mob of ordinary folks) one that, say, once a minute sends a query to known spam-friendly ISPs. A million of these would be a million messages a minute. Hard to call that a real DDoS attack from any one person since all I wanted to see if their page has updated.
The entire analysis boils down to one thing, which I call Rule #5, the King of All Rules: Spammers don't give a shit.
They don't care who you are, what you think, what you would or would not like to receive, what sex you are, if you are a minor or not, if the address they are sending to is valid or malformed, or if you are dead. All the lying that they do and the rationalizing of their behavior exists soley because -- lets chant together -- "Spammers don't give a shit"
The notion that a spammer should clean up a spamming CD to remove duplicate addresses or to remove role addresses at ISPs is simply ridiculous. Why spend the time? It will have zero impact on the number of sales that they make and -- chant it -- spammers don't give a shit.
So forget all the other rules. It is a waste of time to assign qualitive analysis to the behavior of sociopaths. They want money, and they don't give a shit about how they go about doing it. Once you realize that, you will see that all the other "Rules" for spammers are superfulous and stem from Rule #5.