Slashdot Mirror
Spammers Not Complying With CAN-SPAM
Zelphyr writes "The Register is reporting on a study done by MX Logic found that of 1000 messages tested, only three complied with the recently enacted CAN-SPAM act. Little wonder why the spammers weren't shaking in their boots when this spam friendly anti-spam bill was passed."
It should have been called "CAN SPAMMERS", not "CAN SPAM" act.
What the hell is that? Some sort of buffer overflow exploit?
Life is not for the lazy.
A law that says it's OK to spam, has exactly 0 enforcement behind it, and overrides stronger state laws didn't have an effect on the spammers? Who'da thunk it. Welcome to the U.S. of A. We have the best Government money can buy (off).
i'm to lazy, what is it?
I mean, really. They've shown so much respect for other laws (deceptive marketing, viruses, DDoS, fraud, hacking relays, illegal use of resources like open relays) so why should this be any different?
Kjella
Live today, because you never know what tomorrow brings
Schraegstrich-Punkter
And we're already starting to see spam proudly proclaiming that it's "CAN-SPAM-compliant!" I suspect that we'll soon be able to put in filters to block any message that claims it complies with CAN SPAM because that will be a guarantee that it is, in fact, spam.
And, on the opposite side of the fence, I'm seeing some people claim that relay-testing is now prohibited under CAN SPAM (because CAN SPAM makes unauthorized relaying a crime).
Bah.
Probably a goatse pic. Nothing of interest, move on.
No, just data:-encoded picture :) And no, not goatse or tubgirl.
It doesn't matter if the crime is though hacking, smuggeling, murder....whatever. The fact of the matter is this. If the crime you commit far exceeds the net total loss from being busted, then why would the suspect want to stop? It's not that hard to figure out.
Sometimes, you have to fight fire with fire. So ladies and gents, let the SPAM hacking begin. Anyone feel like being evangelist for Joe Sixpack with an AOL account?
Life is not for the lazy.
Most spammers are from overseas in non-cooperative countries (with the US). This is a US law. What do they care? This law has no effect on illegal spamming. Besides, a vast majority of it comes from compromised home Windows boxes...they should just sue microsoft for making shatty insecure O/S' which help increase your daily spam. All it's going to to is get a lot of innocent and naive computer users in trouble for not securing their boxes and allowing overseas spam to bounce through their home PC's.
Boing! Wrong. No banana. Next!
An anti-spam law ought to ensure that people do not receive spam. Period. It doesn't matter if the addresses are real or not. It does not matter if they are marked for pornographic content or not. They should not be receiving that kind of e-mail in the first place, and it should not be a burden upon the people to ensure non-receipt of spam. And if for some reason someone or other wants this kind of e-mail, they should explicitly consent to itsreceipt.
People say I'm crazy, I got diamonds on the soles of my shoes...
I'm not going to install Fuckzilla or some Base64 decoder to verify it, you Lunix geek.
Whack. It is most definatly whack.
The main idea of the law is to stop non-compliant messages by imposing financial punishment on the spammers. And this won't work. It very easy to avoid such fines, e.g. declare that you don't have any money and then use the absense of local citizen registers to "vanish" from the radar of law enforcement.
I think the real solution would be physical punishment. Just when the feds get their hands on the spammers then they can't avoid punishment. No more bad excuses. Of course, you won't do something imhumane like they do in Saudi-Arabia - cutting of fingers etc. You would just give them a decent spanking. And they would remember that. Furthermore this would be much cheaper than traditional punishment.
Over 90 years and counting !
1) Moz comes with support for that built-in. M$IE SUXORZ
2) Mozilla/win32...?
3) Loser.
I actually received a spam the other day that claimed it was CAN SPAM compliant.
It seems someone got the bright idea to take the portion of the law that specifies the primary purpose of an email literally. So the top part of the mail (proudly pointed out as the "primary purpose") was a short joke. Then the email went on to its "secondary purpose"...
And at the bottom, of course, was a disclaimer that stated again which part was the "primary" purpose and which was the "secondary", just in case you hadn't noticed the big notices above.
I'd love to see someone try to argue this point of view to a judge with a straight face...
Now that we've pretty much proven the the current Congress is entirely incapable of doing squat for it's voting constituents (and worlds for their Special Interest, PACs, and Business/Corporate campaign contributors) I am wondering what will really happen next.
This is pretty clear evidence that Congress doesn't really do a great job in protecting the interests of the voting public.
It seems to me that these people have forgotten that while we live in an Economic system called a Capitalist system, we live in a Political system called a Democracy. They are not the same system and not the same functionally.
Business has done an excellent job at protecting themselves at every turn under the banners of "Don't hurt the already ill economy" or "Free Trade, Capitalism forever" without any voices standing up for the basic rights of the voting public.
I would have expected that the issues surrounding the Internet would have become more political by now, but I believe I assumed that more people would care about these things. Recently I have been approached by a number of people who honestly thought that the CAN-SPAM law was going to solve all their problems. They thought I was full of BS when I told them CAN-SPAM actually legalized spam. But then they never read it and I did.
The reality is this: Congress will never really do anything to protect the private citizen unless there is some Corporation behind the initiative to either make money, or block their competition. I haven't really seen anything of late that would contradict this. Have you?
Well, in the meantime, the US Government is getting a large email list. Can anyone guess how it will first be used? Elections? Non-Profit group?
The Custom Mary
SCO is not complying with the GPL ;^)
The Onion Version of the CAN-SPAM
Adapted from An Article on War Advisors on Yahoo
Bush CAN-SPAM advisors: unfound Reductions in Spam (RIS)matter little - Perle & Frum Jan 09, 2004
Two of President George W. Bush's CAN-SPAM advisors said that the US inability to find legal spam in cyberspace means little.
"I don't think that you can draw any conclusion from the fact that the stockpiles of complaint spam were not found," Pentagon advisor Richard Perle said at the American Enterprise Institute.
Perle said he did not fear that the United States would lose credibility after Bush used spammers supposed weapons of mass mailings of SEX-SPAM as his principal justification for going to war with spammers.
"If others are going to take the view that, because these Reductions in Spam - aka RIS - weren't found, nothing that the United States says can be trusted -- there's not much we can do about that," he said. "It would be a foolish conclusion to draw."
On Thursday, another Washington think-tank, the Carnegie Endowment for International Peace, said in a report that the US "administration officials systematically misrepresented the threat from Spam and SEX-SPAM."
However, Perle said the war on cyberspace was justified: "I think that what was done was right and prudent."
Perle appeared with Robert Frum, the former Bush speech writer who coined "Axis of Liberals." They were two of the hardline members of the administration who argued the need to Can Spam by CAN-SPAM.
Perle and Frum's book, "An End to Evil," promotes the so-called neo-conservative use of military force to pacify the world including the cyberspace.
They take aim at Saudi Arabia, US politicians, journalists and France -- all of whom they said stand in the way of Bush's "War on Terror."
"What troubles us is a pretty persistent Open Relay Mail Servers policy of trying to weaken and marginalize the United States within cyberspace," Perle said.
"All we ask from Spammers is that, in the construction of Spam as a political and commercial tool, spammers think of themselves as a partner with the United States in the protection of Western civilization. That's not a lot to ask."
"Let me add, I think FSF runs the very great risk of becoming isolated."
Frum, who left the White House in 2003, was as unswerving as Bush himself.
"Sometimes the right answer, when a person has a grievance against you, is to say: 'You're completely mistaken; that grievance comes out of a completely wrong way of looking at the world and you're just going to have to get over it'," Frum said.
We're not going to change."
To see a world in a grain of sand, and then to step back and see the beach where the sand lies
hey the act said they "CAN-SPAM" so they spammed. guess they are complient!. Seriously Law should be the first line of defence and shouldn't be the last one. enforcing a law internationally is very very difficult.I am not sure why this is even a news. I am sure this law is just a joke for most of the companies 'cause there would be loop holes which they can exploit.
Even if they are complient there are spam anyway. I don't think it makes much of a difference.
- Pope found to be Catholic. - Scientists conclude sky is "blue". - Evidence found of bear defacating in woods.
I think it is beastiality.
--
FreeNET user? Comfortable with the adverse selection?
Methinks we have to get a little more drastic in order to have any effect on spam. I mean, everything else seems to fail.
Let's get extreme and start dropping packets from entire /24s from which spam is originating. In extreme cases, let's drop entire spam friendly ISPs. This is the only way to get rid of pink contracts, if all the customers of an ISP suddenly find that large parts of the Internet become unreachable to them.
If an ISP finds itself dropped from routing tables and unable to reach most/all of the rest of the 'net, I have a feeling they will get tough on spam and on clueless customers with open relays/proxies real fast. They'll have to, or they'll be out of business.
Yeah, I know this is extreme and drastic, but what else is there? SPF records won't be effective, laws don't do squat (a: because this is a global problem and b: because law enforcement haven't got the resources/motivation/whatever to enforce the laws anyway).
I'm just getting so sick and tired of these antisocial scumbags ruining email for the rest of us.
And remember kids: Never trust a computer you can actually lift.
I have an idea. Why not use a slashdot like feature with emails? You can have your friends, foes and such. And you can rate -1 to +5 sources of email. And you can set a threshold for what emails you accept. Something like accept all emails from friends, and anything with a +2 or higher. All we would need is one database to keep track of the ratings.
Rosco: "If brains were gunpowder, Enos couldn't blow his nose."
Mozilla is bloated, slow and most important of all: downright ugly. Why the fucking hell do you expect me to install this huge pile of shit just to view a picture of some ugly hag eating shit or whatever?
*shrug* Get Firebird. :P
Nooooooo! Just post a LINK.
Of the 1452 spam I received in my 3 accounts this weekend there are 157 references mentioning compliance with the Can-Spam act. Twenty of these said that they complied by including a valid reply address, a valid postal address and a working removal mechanism. The only one which actually met all of these criteria was from hurricane-map.com sent to an administrative address - 69.6.58.0/23 is blocked to everything else but to this address :-(.
So Scott Richter, one of the most infamous spammers on the planet, doesn't seem to be complying with Rule #1, what is the world coming to?
Well, after 1/1 the amount of spam I receive on that account went up again. Right now it's about triple the amount before 12/16, and quickly pushing on four times it. I'm also seeing more efforts at E-mail guessing (sending E-mails to every possible combination of account names at a given host). These are pretty obvious when they show up on an account that's never been used, and has never (and still isn't) listed anywhere on the Internet (or otherwise).
From where I'm sitting, looks like the spammers are having a field day, and the only thing that's changed is the problem got worse. Thanks congress, remind me to vote against all incumbents next election.
How can a question about CAN-SPAM in a story about CAN-SPAM be offtopic?
You really must become a more customer-oriented troll, you know.
Unfortunately /. corrupts the link. (swallows all ;,/) Unless I use normal "outside" link... which requires outside webspace. And the whole concept behind this troll is that it's SLASHDOT that hosts the image (which is illegal in great most of states)
1) USA-based spammers don't give a shit about the new law
2) Overseas-based spammers have increased exponentially
3) USA-based spammers are offshoring just like every other IT industry
Will we soon be inundated with reports of Bangalore being the spam capitol of the world? After all, they aren't subject to the jurisdiction of USA-based spam laws. Forget offshoring your tech support, now you can offshore your spamming operations and be in total compliance with the law...
http://www.faqs.org/rfcs/rfc2397.html
The UDP is nothing compared to SPEWS.
/24, your /24 will be listed and nobody there can send email to SPEWS subscribers.
Your description fits spews.org (the Spam Prevention Early Warning System, a/k/a SPEWS) perfectly. SPEWS has been in operation for a few years now. If a spammer is in your
Okay, okay, great. So I just decoded it with mimencode. So whose hole is it? A monkey's? Or is it just some really ugly nigger woman?
Man, that's the most beautiful animal in the world! A mare!
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Now I have something to point to when people go on and on about how bad South Korea is for spam. I know that they are bad when it comes to security (read open proxies), but for the most part, South Korean spammers abide by the regulation that they must put [ADV] in the subject line of the message.
Aaah. Sex with a mare. I get it. Tee hee. Oh well.
./
Good luck with your future trolls here on
A new study suggests that dictators are shown to be significantly more brutal than democratically elected officials, and big businesses usually fuck the consumer more over than small businesses.
What a fucking surprise!
(please excuse the irony).
Now when we've had spammers that doesn't care about anti-spam laws, I guess that we'll have greedy lawyers and lying politicians any day now...
Over the last three weeks my mail gateway has caught 65400 pieces of spam, 186 claim to be can-spam complient... Go go CAN-SPAM...
PS Thank you Spamassasin team!
but their customers are bloody stupid when they are suckers for "penis patches", "bigger breast" and "everlasting erections"....?
Britons buying fake Viagra.
Grundgesetz * 23. Mai 1949 - 30. November 2007 - http://www.vorratsdatenspeicherung.de/
Microsoft Windows is, fittingly, the official Desktop OS of Olig
You would post something so informative after I've used my last mod point.
Analogy: Certain groups are upset with the amount of rugby being played over in Austailia. So they lobby congress and have a bill passed against it. But wait! They're still playing rugby in Austrailia.. what happened, we passed laws against it!?
Most of the spam does NOT come from the US. It's retarded to assume that these spammers all over the world are expected to change their core business model because the US passes some law.
"But wait, I know that a lot of the ringleaders behind all this MUST be in the US". Sure.. but the reason they can hide themselves so well is because they're breaking a dozen other more serious laws in the process of sending out their crap. CANSPAM is seriously the least of their worries.
The spam situation in the world right now is one of those things we'll tell our grandchildren about some day.. as someone growing up under globalization will laugh at the 'crazy' notion that two individuals on the same internet weren't governed by the exact same set of laws.
So anyway, until full globalization is upon us (hey.. I guess the one perk is that it'll cut down on spam), your best bet is to upgrade your filters and use Shadango.com. In case any of you haven't heard yet, Shadango allows you to check all of your accounts from one interface (imap, pop, aol, y!, hotmail, etc), PLUS if filters ALL of them for you in real time. I seriously did not believe it worked until I tried it.. I've actually had the first spam-free week since the mid 90s. Check it out.. it works.
That's my two cents
Kevin
As an American people have the right to spam others because of the freedom of speech act in our bill of rights but there are limits. Who can decide who has a bigger voice, if all men are created equall then why are there some people that have more power than others and have a bigger sayn in what happens. This is message is just saying that people should haved the freedom of speech, I myself do not condone spam but just was putting out the facts Thank You
MonkeysKickAss
Time is Nature's way of keeping everything from happening at once... the bitch.
I berated a 'sales consultant' that definitely sounded more like a telemarketer, although he claimed it was a 'courtesy call.' When I mentioned that I was on a do-not-call list (I don't know if there is a federal one that has any teeth yet, but we do have a state list) he claimed that they were exempt because "we" had a 'prior business arrangement.' His reponse sounded very scripted, meaning they had anticipated curmudgeons such as myself protesting. This prior business arrangement was dubiously linked to a warranty card I had filled out for some product made by a subsidiary company.
There will be all sorts of loop-holes... and all the caveats attached to the emails will take up even more bandwidth- just as arguing with a telemarketer about a calling list wastes even more time.
The pathetic aspect of all this is someone somewhere is making money on it, or it would not exist-
Those that suggest you "dance like no one is watching" really want to see you make a complete fool of yourself.
Much of the spam I get appears to come from the US, but clearly the spammers can buy hosting in other areas as life is made harder for them in the US.
What is as relevant is that no legitimate email comes to me from (for instance) the Chinas, and little from the rest of Asia, whereas there are people I want to hear from in the US.
So I can easily block large IP ranges but I cannot easily do that against the US spammers.
Let's get extreme and start dropping packets from entire /24s from which spam is originating. In extreme cases, let's drop entire spam friendly ISPs.
/24".
This is the only way to get rid of pink contracts, if all the customers of an ISP suddenly find that large parts of the Internet become unreachable to them.
Righ... Let's say you get some SPAM from an ISP in Argentina (200.x.x.x) - "oh, let's block the entire
Great idea, now not only you blocked the whole country, but almost the entire South America.
Unfortunately the IP gluttony in the Northen Hemisphere didn't leave much IPs left to the "3rd World". -- Thus, you can't treat the networks here as if you were in the Asia or Europe.
this almost deserves an i-told-you-so. spam is not a problem that will be solved by legislation alone, no matter how well (or poorly) it's written. spam laws will only create confusion, needless worries for legitimate email uses, and government overhead.
the spam solution will ultimately be a combo of clear, concise law (HA), tech-based solutions (like verifying the sender, etc), and user savvy.
--krewe
I saw it on Slashdot, it must be true!
This "opt-out" rule is completely backwards. This implies the general public wants to be bombarded with crap by default, unless otherwise specified. And the only way you can "otherwise specify" is by going through hundreds of opt-out procedures for each specific spammer. We might as well just highlight them all and hit delete like we've allways done.
Other countries seem to be on the right track, though. In the UK, you have to opt in if companies want to send you spam (unless you're allready their customer), and in Italy the maximum penalty for spamming is 3 years in prison as well as big fines.
Why do I have a sneaking suspicion that if we were to have some law completely barring unsolicited spam that groups like the DMA would have a Free Speech fit and call it unconstitutional?
-C.
No, but then it doesn't cost me money to download commercials, the commercials go towards supporting the programmes I actually want to watch, commercials provide a useful break during longer programmes, and it takes me no effort to ignore a commercial without them building up until my TV no longer shows me programmes any more.
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
How can we enforce spam laws on companies based offshore?
My ghEtt0 webpage.
CAN he SPAM it? Bob the SPAMMER, yes he CAN.
: A company that sells products to block spam conducts a study that finds that there is still a need for products that they sell.
I just find it ironic.
"Give a woman two glasses of wine and some pad thai, and they'll agree to just about anything." the Sports Guy
The CAN-SPAM act has only been in effect a couple weeks. Did you expect miracles? I don't know what the ultimate effectiveness of this law will be. It may never work. But if the FTC starts really cracking down, the lives of hard core spammers could get very interesting. But I suspect the FTC will wait some time before they do anything. That way, anyone still not in compliance will have no excuse.
Although the spam problem looks pretty ugly today, I think with a few simple changes it can be brought under control. I believe a combination of CAN-SPAM, deployment of SPF, and wide spread use of tools like spamassassin (or similar) will take a real bite out of the spam problem. It won't be any one thing, it will be a combination of small things.
Should it not be relatively easy to detect a brute force E-mail guessing attempt? I'd say that if you get a series of emails to several different bad email addresses in a very short period of time, you should automatically block the IP address from which they are coming.
Of course, I also regularly see dictionary attacks against mailservers where someone's script is trying to get in as 'root' 'admin' or 'administrator'. One of these days I need to get around to logging and blocking that.
"You CAN indeed SPAM" is probably what the authors intended.
get your head out the sand, blind patriot
http://www.spamhaus.org/rokso/index.lasso
For some reason I have been receiving a lot less spam in the past few days than I did before. So have a lot of my friends (and yes we are using different email servers, even in different continents). I doubt that we can thank the flawed CAN SPAM legislation, but what else could it be?
It would be interesting to hear if others have noticed the same and have theories on why this is happening.
Lock'em up and make them eat ... SPAM!
Most spammers are from overseas in non-cooperative countries (with the US). This is a US law. What do they care?
The vast majority of spam I get is US-based. Sure, it's been passed through a Chinese server or a hacked Italian ADSL box on the way, but the request to send US dollars to a US postal address is sometimes a bit of a give-away.
Apart from the Nigerian stuff, most of which seems come from Amsterdam these days, spam is very largely a US product.
Does this new law make it illegal for US citizens to spam foreigners (whether or not using an offshore relay)? Thought not. Business as usual.
So why should they bust them for violating the spam law? The government has totally ignored the absolutely fraudulent nature of spamvertised products, despite the fact that the money trail is easier to follow than the email trail.
I suspect there will be political pressure to "bust" a couple of spammers, and they probably will nail a couple of small-timers and will trumpet it as a success, saying something like "Mr. Spam King sent over one million spam messages" -- the same bogus logic used in drug busts, when they value the drugs based on their smallest-possible-street-transaction value instead of the likely wholesale value.
Part of the reason I think there will be little enforcement, at least from the Bush administration, is that I've read that mainstream businesses are actually profiting from spam indirectly by selling customer lists that include email addresses. They don't sell directly to spammers, but they filter through direct marketers who ultimately DO sell to spammers.
>> An anti-spam law ought to ensure that people do not receive spam.
How would you propose doing that? Making something illegal doesn't make it go away. One might as well argue that "an anti-murder law ought to ensure that people do not commit murder."
Fine or arrest everyone who creates spam? OK. What's your definition of spam?
Mandate changes to SMTP? OK, but the cost of implementing the changes will be paid by you and me.
Mandate some kind of magic spam blocking code in all operating systems and mail programs? OK, but if legislation can compel you to use one kind of software, it can compel you not to use another.
No one likes spam. But, stompinmg your feet and decaliming that someone ought to make it go away isn't especially useful.
-- Slashdot: When Public Access TV Says "No"
The spammers must be making money from sending all this spam, how many people actually click through and order the junk being peddled? I imagine if nobody ordered anything from spammers there'd end up being no profit and no reason to spam.
My ghEtt0 webpage.
I think what he meant was to "CAN" (as in get rid of) spammers.
I love the idea that this is news to you. :)
"Well, gosh, the Congress always stood up for the little guy before, or so we thought. But then along come this CAN-SPAM act and blam, their cover is blown. Turns out they're just handing out pork to their friends in their districts! If it weren't for this bill, we might have never known!
Those f****ers are wreaking havoc with my filters!
The CB App. What's your 20?
If you penalize the person who actually sells the product advertised in spam, then what stops a person from spamming with ads for their competitor or some other company the spammer may not like simply in order to cause that company some financial discomfort?
File under 'M' for 'Manic ranting'
Remember, you don't have to be a moron to be a politician...but it sure helps.
Recently. spammers have been trying to train spam traps with random words. It's alsmost like seing the words put into a mad libs exercise.
Will this confuse filters like spamassassin?
P.S. One of the more interresting ones I got follows. What is an appellant hazelnut? And can diseases be exorcised?
insinuate guilty overture aegean mcelroy
emery niggardly bobbin briggs pushout creed quizzes return accomplish
explanatory cofactor frances melissa
biharmonic his milieu alphabet groom septate appellant hazelnut diphtheria exorcise
Irene KHAAAAAAN!
The big difference I've seen, though, is they're all of the penis/ebay/paris hilton/viagra/drugs variety, all from open proxies and owned windoze boxen. What's totally vanished from my mailbox is spam from any company that pretended to have any legitimacy, the ones who sincerely pretended that I opted in, and the ones who didn't try to hide their origins.
I wonder if they scoured their "opt-in" lists and dropped me (doubtful), or if they're gearing up for the The Big Push CAN-SPAM or not, I'm not going to press any of their damn links to unsubscribe. I'll still report them to Spamcop.
It's still beta, but I'm unaware of any other tools that allow you to strike back at a spammer. With it you can crapflood a spammer's database, and possibly render it economically useless. So if you're pissed at the hundredth mortgage quote solicitation, fire it up and get just a little bit of revenge.
I want to subscribe to a service which sues spammers. The CAN-SPAM act's definition of an ISP seems to include a service like SpamCop. But SpamCop doesn't have a litigation staff, and their parent, IronPort sells spammer-friendly million-email-per-hour "mail delivery engines". We need a replacement for SpamCop which sues at least one spammer per month.
Get some black leather jackets with "CAN-SPAM" on them in big yellow letters and find some ex-cops to wear them. Have your crack team of spam police hunt down spammers and make them sign over their computer hardware.
Most spammers use the opt out list to sell to other spammers.
Scott Richter clames to be all for the anti-spam laws and runs a strictly opt in operation.
However this seams highly unlikely when he is also listed as one of the top spammers.
Refrence links:
Why Scott Richter is Doomed
PC world artical on spam
Microsoft artical This one on the illegal activitys of Scott Richter.
Scott Richter clames he's folowing all the rules but evedence suggests otherwise.
I don't actually exist.
Of course, I also regularly see dictionary attacks against mailservers where someone's script is trying to get in as 'root' 'admin' or 'administrator'. One of these days I need to get around to logging and blocking that.
...and you answer your own question. It is easy, but it's a low-priority iron on the fire. (And usually, those dictionary attacks are coming from a distributed zombie base.)
1|08|04
MX Logic Finds Nearly 100 Percent of Spam Not Compliant with New CAN-SPAM Law
12|16|03
MX Logic Applauds National Anti-Spam Law
-----
Ok, they applaud the CAN-SPAM act but then turn around and realize that it was a bad idea less than a month later. Heh.
why aren't they complying?
Because if they complied current big name filters would stop being idiotic and counterproductive and actually block spammers at a reasonable level of accuracy.
Stop being stupid and blocking IPs. It's counterproductive. You're throwing napalm on an ant hill and most of the time, the ant you're going after has already moved somewhere else.
It should be a punishable offense for such idiots who block legitimate IP from sending e-mails. If a company is using an ISP that happened to get a spammer onboard and the company ends up being blacklisted and losing business, the makers of the blacklist should rightfully be sued for lost business and denial of services. Imaine if a citizen set up a road block on a highway just because they heard criminals used it. When cops break into the wrong house, they get sued. So should blacklist runners.
It is not YOUR job to deny ME the ability to send e-mail just because someone on my IP range sent spam.
I've found simply filtering out links that spams contain is perfectly fine at getting rid of spam. And if spammers want to e-mail me, they still can. I only block their advertisments. That's the idea. You block the spam, not the person or legitimate e-mail.
I'd like to see lawsuits start being brought against blacklist runners and won. Their method is in many cases as reported on slashdot but not called as such, criminal.
A simple means to block spam Countless spammers link to the same URLs so block the URLs and you block countless spammers. Block 1 IP and you maybe block a spammer, and most likely piss off a legitimate user who's now using that IP.
Ben
Work Safe Porn
What's the problem is the fact that it is assumed that I wanted to be opt-in'ed. Who decided for me that I WANTED all the spam. If the government would simply make it into law for spammers and telemarketers that they assume I'm not already opt'ed in, the things would be better. Make the people that contact us PROVE that we signed up for their crap.
The mail servers I run for my employer reject 400 spams every minute. Those are the ones with SpamAssassin scores greater than 10. 1000 spams in a week is a very small amount. They should be grateful. ;)
Edith Keeler Must Die
If you block a range of IPs that happens to have a legitimate user that relies on e-mails to conduct business I hope you get your house repossesed.
People subscribe to my web-site and I send them e-mails back to give them their account information with password. If you blacklist my IP you've just stolen money from me. I'll still get their notices since I can check my account for funds transfers. But there's no way to send them their passwords. So you just cost me money and I will sue you. I'm on a one year contract with the ISP so I can't very well move. Or maybe you'd also like to be sued for the costs of breaking the contract and for the cost of moving somewhere else.
These braindead blacklist runners (such as yourself who thinks dropping IP ranges is a good idea) have probably pissed off enough people by now to start a decent sized class action lawsuit.
It doesn't work. It's counterproductive. And you're inviting lawsuits from your "collateral damage" and frankly I'd like to see some go to court.
ISPs don't need to answer to blacklists. They do not define the law. ISP's who happen to get a spammer on board have committed no criminal act. If you blacklist them, they have every legal right to sue you for everything you own.
If your method of dealing with spam invades my privacy or my pocketbook it's wrong. Use your brain and come up with something better.
Ben
Work Safe Porn
You mean...
;)
People who were criminals under already established state laws...
Are STILL BREAKING THE LAW in the face of a crappy, un-needed federal law?
I mean, why isn't there a law against breaking the law or something?
I keep saying this, and will do so until somebody actually listens: When spammers start dying, spam will cease. Make the death penalty mandatory for repeat offenders, do it today. It's the only way to stop the problem. Write your congressbot today!
I haven't recorded the numbers on my @yahoo.com account, but I am definately getting less spam there. This email account is the one I have used in almost all usenet postings for the past 8 years or so, therefore all spammers have it on their lists.
The biggest difference has been the HUGE reduction in SWEN and similar crap. My 6MB of freebie space would be full in just a few hours (2 hrs during two separate SWEN flurries) and now it might not even fill up in 24 hours. I wonder if many corps did some major maintenance over the holidays and finally patched up their desktops, nuking the viruses and spam relays that infected their networks.
What's amusing to me is that while my hotmail account now receives about one spam a day, my isp mail account now receives about 50 percent more spam than a year ago. And, yes, I know this is due to hotmail's spam filtering, but my isp has spam filtering too, and for some reason it's not as effective.
Spammers must have figured out sending to hotmail addresses is pointless. I'm even motivated to start using again for serious communication.
DUH!
Why do idiot politions think they can regulate SPAM like they did with the do not call list. Which I must say is working great. I have had ZERO calls since it started.
What's the point of having this anti-spam law in the US anyways? The real point I mean. Is it an attempt to make American citizens or the people of the world think that the US is tough on spam or something?
Of course it is- the same way the U.S. government this it's going to fight terrorism by repealing the 4th Amendment to the U.S. Constitution. Same mindset, and most likely, the same results.
I'm on a one year contract with the ISP so I can't very well move
If you didn't do the due diligence and get a contract that lets you drop the ISP for being a cluless spam hoster, that's your problem, and nobody else's.
If you blacklist them, they have every legal right to sue you for everything you own.
First amendment, sunshine. Go cope.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
What else did you expect from a company that sells anti-spam software? Did you think they would say "Problem solved, yay!" NOOO The anti-spam industry is big like the anti-virus industry. They keep the bad, so they can make some bucks.
Did you read the law? It does not say it's OK to spam. It bans the vast majority of spam and prescribes harsh penalties. It allows up to one year imprisonment for sending spam with false headers, which is pretty much all the spam I get. Without false headers, spam becomes impractical for lots of reasons.
And what is your basis for claiming that there is no enforcement? The Justice Department doesn't usually publicize investigations until they're over. It will take months for investigators to start tracking down spammers and building solid cases against them.
This is a good, strong, well-designed law. For some reason the groupthink on slashdot claims it is "weak". I'd urge everyone to actually read the law before commenting on it.
Lately the filter in Apple's Mail.app (10.3.1 version, not 10.3.2) has gotten close to 100% effectiveness for me. Combined with my "Anything base64-encoded is junk" filter, I'm only getting about one spam a week outside the Junk folder. So far it doesn't seem to be thrown off by the mad-libs stuff.
Sure, that's a great idea... until company A starts sending out spam advertising company B's products, having been paid by company C (B's competition)...
Have you been touched by his noodly appendage?
Some say I must be on the verge of losing my sanity, some say the IDP wouldn't work, most of you say that there would simply be too much collateral damage.
You're all correct, of course (except the guy who threatened with a lawsuit. He can go play in traffic). My point still stands though, we have to come up with something new as nothing so far has worked. The worthless and scumsucking social rejects commonly known as spammers are ruining email and costing the rest of us a lot of money.
I run several email servers, for various sites and companies, but let me use my own server as an example here. I host about 20 domains on it, mostly vanity domains for friends, but also a couple of small mom-and-pop type businesses. That server is currently rejecting close to 100,000 SPAM messages per month on the frontend (through the use of DNSBLs). On the backend SpamAssassin identifies another 3,000 or so per month.
Anyone see a problem with this picture? A small server like this having to fight off over 100K SPAM messages every month? This is insane and yes, I am losing both patience and sanity. The problem is only getting worse too, only back in October the rate was 75K messages per month. That's a 33% increase in SPAM in two months! A look at my daily logs since the new year tells me it's still increasing. This means I'm going to have to upgrade the hardware on my email gateway yet again in not too long.
I. Have. Had. Enough.
Note: I've been patient. I've been constantly upgrading defenses for years, keeping track of which DNSBLs work and which have closed down, tuning SpamAssassin and trying out various bayesian filters etc. All the while I've been waiting for lawmakers to realize that this is a big problem and that it is a global problem. I've been thinking that technology probably isn't the best way to deal with this, as at its core it's a social (or is that sociological?) problem.
As many have said before me, this is a classic case of the tragedy of the commons. A small group of socially irresponsible people are abusing a common good, in the process ruining it, all in the name of making a quick buck.
How does society protect itself from people like that in other contexts? With laws. We reject, we ostracize and we punish. In civilized society we leave the punishment to law enforcement. In the case of SPAM many countries have passed laws against it, but there are really only a handful of countries that "count" and those countries have been less than vigilant in their fight against SPAM so far. I'm talking about China and Korea of course, as well as Brazil and Argentina. These countries may not originate all the SPAM out there, but they sure do host a lot of spammers and relay a lot of SPAM.
But most of all I'm talking about the US of A, simply because a whole lot of the SPAM relayed through those other countries originates in the US. I've held on to my sanity, clutching at the hopes of impending legislation with teeth. For a while there really was hope, several states passed good laws. And then came CAN-SPAM.
Now what? The volume of SPAM is not going down, even if CAN-SPAM was enforced to the letter. I'd still have scumbags out there trying to steal my bandwidth and server resources. To all of you complaining that blacklists (and the IDP) are evil, why is this so hard to understand? The spammers are stealing my resources, period! Yes, I have voluntarily connected my network to the Internet, but I have never asked for this deluge of electronic sewage!
I want these anti-social misfits punished by society, I want the common good to prevail over the stupidity and greed of a few scam artists and I want this to happen in a civilized way (through laws and law enforcement).
If that doesn't happen we will have no recourse but to fall back on technology and in that case we
And remember kids: Never trust a computer you can actually lift.
Actually, given the Howard government's sycophantic attitude towards the US, if America passed a law limiting the amount of rugby we in Australia could play, it would probably be rubber stamped here too. Maybe you should have chosen a less compliant nation, like New Zealand, for your example.
If the pattern goes 9am, 10am, 11am, why isn't noon 12am?
On one hand, I think the law takes the right approach. It's an attempt to kill off the worst of the spammers ... those who obfuscate, spoof, mislead, and generally piss people off, while still leaving room for legit businesses to send legit advertisements within certain limits. If it were enforceable, it'd be a perfect law.
The problem is that it's a law that only applies to people that are already almost impossible to track down. It's sort of like a law against prank calling from a payphone... unless you watch every payphone and trace every call, you'll never catch anyone.
I think the thought behind the act was pretty solid, but the framers obviously have no clue about the technology they're ruling on. They've passed a law with no teeth at all.
"THEY are the ones that are costing you money"
No, they're not. Blacklists cost legitimate businesses and ISP customers money because blacklists are run by incompetent people that think they're in charge of the internet. There are better ways to block spam than by napalming an ISP. They're not solving anything. They're just making the problem worse by annoying and possibly destroying the businesses of more innocent people than spammers.
And nobody said I was blacklisted. But I stongly suggest that those who have been start a class action lawsuit. It would also be a good idea to avoid ISPs that make use of these idiotic blacklists. I'd rather be at an ISP that takes an intelligent stand on SPAM.
Maybe it will finally wake up the idiots in charge of the lists so they finally do something productive to stop spam. Blacklisting IPs of countless innocent people over an IP that the spammer is most likely not using anymore is idiotic and irresponsible.
If it invades my privacy, my pocket book, or napalms a village it's not a solution.
The people running programs that fingerprint spam are actual solutions. Why? Because the stop SPAM. Not spammers. Fuck the spammers. You can never stop them. But you can stop their messages by filtering intelligently. Trying to stop people from sending any and all e-mails is just dense.
I get virtually no spam simply by filtering the URLS spammers use. It's simple and if Joe Spammer suddenly gets a genuine interest in my site and wants to talk to me, he can. But if he sends spam advertising URLS I've filtered they don't get through. And it doesn't matter who Joe Spammer is. If an URL does get through, it's caught with the next update and countless spammers are taken care of. All without blocking a single IP.
More Info Here
Ben
Work Safe Porn
One would assume that spam is sent for a reason - commerical reason that is. What is needed is a law that makes it illegal to advertise via spam. Instead of chasing elusive spammers nail those who pay them. That should be easy:
- follow he link in the spam to the commercial site
- make a credit card payment
- get the identity of the receiver from the credit card company
- put them in jail
- from their records get the identity of the spammer
- put them in jail too
So let's say everyone signs.
option 1: just a signature.
that's the same problem as an email address. easy for a spammer to use someone else's.
option 2: what i think you intended: pr-key signed message digest.
who checks the signature before dropping it in the bit bucket? each end-user? could work, but how does the proggy know where to get the public key?
keygen for each spam doesn't really matter if you are a spammer. who cares if someone fakes your fake signature? make fake key pairs that aren't really sets of primes. or just gen 1415 real primes and use each x,y combo to generate 1,000,405 key pairs. sure, that would be cryptographic suicide, but again, why would a spammer care if they are just going to ignore the existing laws?
okay, so maybe you then slow down the servers that register pks so that people can't register keys so quickly. but just one "rogue" signature server and you are SOL. don't have all the signature servers in your list--well, then you start dropping legimate mail. and, you create a chokepoint like DNS for people to start holding you up for charges.
what's wrong with SPF? that seems like an idea that can work.
--
does the "normal" signature algorithm take into account the recipient? i'm guessing it doesn't. then the message digest pre-signature will be the same for each message the spammer sends, which would negate the real compute time problem.
finally, i thought that network capacity was the real constraint on spammers, not compute time. already they slightly vary each message to try to get around kill lists.
sorry to be a naysayer - i get as much spam as everyone else.
--
Same here, everything's of the definitely ilegal type of spam. (Since we all know there is no magic pill to make you have greater sex, etc. And if they mention Viagra, 99 to 1 they're not legally selling it.) I've just started fowarding them all to the ftc's collection address, epecially since I get about one Nigerian scam letter a month as well.
While it would be interesting to see what the "you can spam" act changes or doesn't, MX Logic won't tell you anything.
/. It's just an advertizing press release.
They say they tested 1000 spams. How did they select them? How many were from the US? (Foreign spams are not supposed to comply with the US law anyway). In the US-originated spams, what wasn't compliant? False headers? No working "remove" link? What else?
They will not tell you what they tested, probably because they didn't do it seriously, and their only point is to say "spam is still a problem" (what a scoop!), and "therefore you need to buy our anti-spam software".
This bogus "study" should not have made any news in The Register or on
America does have local democracy, with citizens initiatives and things like that, but the federal level is locked up solid to keep the established ruling classes in power. You have to join the elite club or you don't get elected. Somehow I don't think this was what the writers of the constitution really had in mind...
Further comment superfluous.
If you were blocking sigs, you wouldn't have to read this.
I won't claim my statistical selection of spam is representative but I re-check all of the spam getting through my spamassassin (1-2 out of ~100 per day). More than half of the spammer domains are registered in the USA. Go figure.
That's just too unrealistic. I can hit 20+ open 802.11 access points just driving 5 miles to work.
Well, I should have seen this coming. Since it's now OK for any company to spam just as long as the subject isn't overtly fraudulent and there's a valid way to unsubscribe, I just received spam from our friends at x10.com. I've never gotten anything form them before and it would appear that the spam is indeed in compliance with the CAN SPAM act.
Let the floodgates open...
-S
--- What parts of "shall make no law", "shall not be infringed", and "shall not be violated" don't you understand?
I use an intelligent method (mentioned in my post no less so feel free to learn how to read. It's even posted with source code at my web-site as indicated in the post) to filter spam that doesn't involve screwing legitimate businesses or invading anyone's privacy.
I think advocating suing blacklists who fuck over legitimate businesses is the only way to get them to start being more responsible.
We've allowed these idiots to do more damage than the spammers.
"I will use these filters."
I'm not talking about you numbnuts. I'm talking about the rampant irresponsible use of these braindead blacklists by major companies. You know, people who actually matter.
If you want to tear down a building you can use a nuclear weapon but some intelligently placed dynamite will do the job much better.
Morons like yourself can pretend that blocking IPs that spammers don't use is going to solve problems or you can start taking an intelligent approach to spam.
So yes, my new stance is that legitimate companies that become victims of blacklists should form a class action lawsuit and sue the people who own those lists.
Seeing how blindly defensive you are of such lists, it's obvious it's the only way. They've been given way too much power by the geek community.
To the point now that sacrificing privacy and hard earned money over spam sounds like a good idea.
It's braindead.
Ben
Work Safe Porn
This just in...
Beer importers in 1921 found not to be complying with the Volstead Act.
Back then, government agents would raid warehouses and smash barrels with axes (we all remember those scenes from The Untouchables). How about doing the same with spammers? Send agents to their homes and offices to smash up their computers. What fun!
You are in error. No-one is screaming. Thank you for your cooperation.