Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Not Complying With CAN-SPAM

Posted by timothy on from the shocked-shocked-i-tell-you dept.

Zelphyr writes "The Register is reporting on a study done by MX Logic found that of 1000 messages tested, only three complied with the recently enacted CAN-SPAM act. Little wonder why the spammers weren't shaking in their boots when this spam friendly anti-spam bill was passed."

12 of 296 comments (clear)

  1. Re:Duh! by GammaTau · · Score: 5, Informative

    Most spammers are from overseas in non-cooperative countries (with the US).

    There is evidence to the contrary.

  2. Re:Duh! by abelsson · · Score: 3, Informative

    No, most spammers operate from the US.

  3. No kidding, violation logs from today... by Anonymous Coward · · Score: 5, Informative
    As I understand it, CAN-SPAM makes it illegal to use open proxies to relay messages. We run a proxy scanner on every email that comes into our server, through an exim pipe. Any sending host which is an open proxy on a common port is reported to us via IRC. The following IRC log can be explained one of three ways:
    [01:02] <SpamBot> SpamTrap found a proxy! 82.138.193.50 (host1.greenwichtraining.adsl.telecomplete.net)
    [ 01:05] <SpamBot> SpamTrap found a proxy! 200.95.36.167 (dsl-200-95-36-167.prod-infinitum.com.mx)
    [01:08] <SpamBot> SpamTrap found a proxy! 200.45.247.170 (host247170.arnet.net.ar)
    [01:41] <SpamBot> SpamTrap found a proxy! 200.90.212.26 (26-212-90.adsl.terra.cl)
    [01:41] <SpamBot> SpamTrap found a proxy! 200.95.74.41 (dsl-200-95-74-41.prod-infinitum.com.mx)
    [01:59] <SpamBot> SpamTrap found a proxy! 218.75.131.4 (218.75.131.4)
    [02:10] <SpamBot> SpamTrap found a proxy! 194.2.149.201 (194.2.149.201)
    [02:18] <SpamBot> SpamTrap found a proxy! 61.233.205.110 (61.233.205.110)
    [02:29] <SpamBot> SpamTrap found a proxy! 200.84.79.92 (dC8544F5C.dslam-03-24-3-02-01-01.rmg.dsl.cantv.ne t)
    [02:37] <SpamBot> SpamTrap found a proxy! 81.134.29.16 (host81-134-29-16.in-addr.btopenworld.com)
    [02:55 ] <SpamBot> SpamTrap found a proxy! 200.43.19.71 (dsl-200-43-19-71.users.telpin.com.ar)
    [02:57] <SpamBot> SpamTrap found a proxy! 200.225.210.173 (iplus-ura-225-210-173.xdsl-fixo.ctbcnetsuper.com. br)
    [03:07] <SpamBot> SpamTrap found a proxy! 200.42.43.63 (200-42-43-63.dsl.prima.net.ar)
    [03:27] <SpamBot> SpamTrap found a proxy! 62.236.142.192 (62-236-142-192.hpna.wlannet.com)
    [04:50] <SpamBot> SpamTrap found a proxy! 81.225.52.204 (h204n5c1o1044.bredband.skanova.com)
    [Note: rogue spaces in the timestamps were inserted by Slashdot.]

    1) USA-based spammers don't give a shit about the new law

    2) Overseas-based spammers have increased exponentially

    3) USA-based spammers are offshoring just like every other IT industry

    Will we soon be inundated with reports of Bangalore being the spam capitol of the world? After all, they aren't subject to the jurisdiction of USA-based spam laws. Forget offshoring your tech support, now you can offshore your spamming operations and be in total compliance with the law...
  4. Re:No, you got it all wrong... by fjin · · Score: 5, Informative
    You haven't heard before about:

    Spamassassin
    SpamAssassin(tm) is a mail filter to identify spam.
    Using its rule base, it uses a wide range of heuristic tests on mail headers and body text to identify "spam", also known as unsolicited commercial email.

    and Razor
    What is Vipul's Razor?
    Vipul's Razor is a distributed, collaborative, spam detection and filtering network. Through user contribution, Razor establishes a distributed and constantly updating catalogue of spam in propagation that is consulted by email clients to filter out known spam. Detection is done with statistical and randomized signatures that efficiently spot mutating spam content. User input is validated through reputation assignments based on consensus on report and revoke assertions which in turn is used for computing confidence values associated with individual signatures.

  5. Re:Internet Death Penalty by LiquidCoooled · · Score: 2, Informative

    SPF records CAN work - consider if the majority of ISPs in your own country start using them. 99% of your email comes from your own friends and family within the country, and would be catered for. The rouge ISPs that DONT publish the records can all go to hell as long as my friends can contact me.

    I realise that for certain public addresses SPF wont work, since the idea is to hear from unknown customers no matter where they are, but for the normal user it should cut down on a greater majority of it.

    --
    liqbase :: faster than paper
  6. Re:Silly Fools.... by Brainiac252 · · Score: 2, Informative

    Yo, I was involved in the alpha testing of shadango awhile ago. When I signed up I used the word "alpha10" in the promotional code box. It got me a paid tester account...i think it might still work. Plus, they recently started filtering POP accounts so now the amt of spam I get on my hotmail has dropped considerably. From my experience Shadango is definitely worth the try. Ian Welsh

  7. They don't bust spammers for fraud, either by swb · · Score: 3, Informative

    So why should they bust them for violating the spam law? The government has totally ignored the absolutely fraudulent nature of spamvertised products, despite the fact that the money trail is easier to follow than the email trail.

    I suspect there will be political pressure to "bust" a couple of spammers, and they probably will nail a couple of small-timers and will trumpet it as a success, saying something like "Mr. Spam King sent over one million spam messages" -- the same bogus logic used in drug busts, when they value the drugs based on their smallest-possible-street-transaction value instead of the likely wholesale value.

    Part of the reason I think there will be little enforcement, at least from the Bush administration, is that I've read that mainstream businesses are actually profiting from spam indirectly by selling customer lists that include email addresses. They don't sell directly to spammers, but they filter through direct marketers who ultimately DO sell to spammers.

  8. Mad libs! by GQuon · · Score: 2, Informative

    Recently. spammers have been trying to train spam traps with random words. It's alsmost like seing the words put into a mad libs exercise.
    Will this confuse filters like spamassassin?

    P.S. One of the more interresting ones I got follows. What is an appellant hazelnut? And can diseases be exorcised?

    insinuate guilty overture aegean mcelroy
    emery niggardly bobbin briggs pushout creed quizzes return accomplish
    explanatory cofactor frances melissa
    biharmonic his milieu alphabet groom septate appellant hazelnut diphtheria exorcise

    --
    Irene KHAAAAAAN!
  9. Here's your fire... by $ASANY · · Score: 2, Informative
    For those sites that make money from collecting information from spam victims, there is a way to fight back: check out Web Form Flooder at http://formflood.sourceforge.net

    It's still beta, but I'm unaware of any other tools that allow you to strike back at a spammer. With it you can crapflood a spammer's database, and possibly render it economically useless. So if you're pissed at the hundredth mortgage quote solicitation, fire it up and get just a little bit of revenge.

  10. 1000 spams in a week? by kindbud · · Score: 2, Informative

    The mail servers I run for my employer reject 400 spams every minute. Those are the ones with SpamAssassin scores greater than 10. 1000 spams in a week is a very small amount. They should be grateful. ;)

    --
    Edith Keeler Must Die
  11. Re:If it's so spam friendly, by Halo1 · · Score: 3, Informative
    Stop being stupid and blocking IPs. It's counterproductive. You're throwing napalm on an ant hill and most of the time, the ant you're going after has already moved somewhere else.
    If that were the case, almost nobody would use blacklists.
    It should be a punishable offense for such idiots who block legitimate IP from sending e-mails.
    The recipient has full rights to determine for himself who is legitimised to send him mail.
    If a company is using an ISP that happened to get a spammer onboard and the company ends up being blacklisted and losing business, the makers of the blacklist should rightfully be sued for lost business and denial of services.
    Blacklists don't block anyone's mail. Its users do, and those users have the full rights to decide who gets to make use of their property or the services they pay for.
    Imaine if a citizen set up a road block on a highway just because they heard criminals used it.
    Blacklists merely advise you to avoid a highway. They can not and do not block anything.
    I'd like to see lawsuits start being brought against blacklist runners and won. Their method is in many cases as reported on slashdot but not called as such, criminal.
    Voicing an opinion is actually one of the rights protected in pretty much every constitution around the world.
    --
    Donate free food here
  12. Re:This idea is stupid by abreauj · · Score: 2, Informative
    Righ... Let's say you get some SPAM from an ISP in Argentina (200.x.x.x) - "oh, let's block the entire /24". Great idea, now not only you blocked the whole country, but almost the entire South America.

    I don't believe the entire South American continent shares a single IP range containing only 254 useable addresses.

    What you describe here, 200.x.x.x, is a /8, not a /24. A /24 might be something like 200.47.218.x