Slashdot Mirror
Spam Bits
Let's mush a few things together into a nice pink rectangular solid: ipandithurts writes "The FTC Chair Timothy Muris doubts the ability of the "CAN SPAM" law to stop SPAM." ElementCDN writes "The Ottawa Citizen has a story on Bernard Balan the King of Spam. Bernard has closed up shop and moved to cottage country near Huntsville, Ontario." CactusMan writes "CTV (among others) is reporting that a Ontario trio has been named in a suit filed by Yahoo under the new CAN-SPAM legislation. Yahoo is claiming that the father and two sons were 'responsible for sending millions of unsolicited messages to users of the company's e-mail service.'" ilsa writes "According to this AP article, as much as 19% of e-mail sent by commercial entities never reaches its destination. 'Promotions and greeting cards were the types of messages most likely to disappear, the study found.' Although this study may have been intended to be alarming, forgive me for thinking this may not be a bad thing." Reader chrisbtoo responds to an earlier spam story: "In today's story about Spam solutions, monstroyer challenged people to crack the Spam Interceptor Captcha. Turns out it was pretty easy." Finally, we can't fail to mention an attempt at making the world's largest spam musubi.
I run a small publishing firm that relies on email to sent updates to our materials. Every email we send to customers has at least 10% bounce (sometimes as high as 30%); many of which worked a week before or a week after. However, I think the 19% number mimics my personal mail as well: messages allll the time get lost in the shuffle!!
You know, if ISPs made it easier to implement this particular solution, rather than requiring we run our own email servers to do it (or even doing what they can to prevent us from running our own incoming email servers - many ISPs block *incoming* port 25) the spam nuisance would end overnight. Businesses would stop selling email addresses because they know that their ability to contact you stops the moment they do, and people wouldn't buy them because they'd know the email addresses are blocked immediately on receiving the first spam.
I note Yahoo! is implementing such a scheme. More power to 'em!
You are not alone. This is not normal. None of this is normal.
Summary of the verdict: An ISP can demand that a spammer stops (ab)using the computer systems of the ISP for sending unsollicited email to its customers. If he continues after that, the spammer is infringing the ISP's rights.
extern warranty;
main()
{
(void)warranty;
}
Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord? Don't answer that.
Each time I sign up for something with a particular company or organization, I create a new e-mail address at my domain, and give them that. That way, if I start receiving spam at that address, I know who sold my address.
What I've found over the few years I've been doing this surprised me a little. The results: legitimate companies do not sell my e-mail address. Never. None of them. There have been times when an e-mail address has gotten listed on a web page in cleartext (e.g. on an eBay auction page) and those get spam because spammers harvest addresses (I believe eBay has stoopped listing e-mail addresses for this reason). The address I actually use as my return address when sending mail to friends gets spam all the time. Once an address is harvested from somewhere, I'm sure it gets sold on CD-ROM or whatever. But the addresses I create for companies and organizations to use (I've got about a hundred of them) simply do not get spam.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Heh, it's not my system. It's this guy's, i just help out. The slashdotting from hell though...
Good work chrisbtoo, congrats.
FYI, someone else beat the system using Java.
- warp the letters so programs have to actually use OCR techniques instead of simple byte-matching (currently all "A"s have the exact same shape which is trivial to detect due to the small number of hard-edged pixels)
- alpha-blend the background... currently you can easily remove the background because it's the same color all the way across and all the way down (roughly speaking; you have to skip pixels on the horizontal, but it's still trivial)
- don't make the letters be the same color all the way across, contiguous pixel areas are too easy to recognize (better yet, apply randomness to the whole image)
- don't use a clearly different set of colors for the background vs. the text
Was this actually a challenge by the authors? It was trivial to break, and just about every other site on the internet that uses munged letters uses the above methods.Then you've never signed up for Mileage Plus with those shitfucks at United Airlines. United Airlines apparently thinks their customers (or former customers in my case) are interested in the usual assortment of penis-enhancing/mortgage/porn garbage peddled by lowlife spammers. As a test, I kept changing the user part of the email address I am registered at United with, and sure enough, a few weeks later it starts getting spam (and subsequently forwarded to uce@ftc.gov and silently dropped from my server).
But for the most part, I agree. Most reputable companies don't sell your address.
Hey.
I submitted the story about the Canadian spammer trio yesterday and it got rejected.
I also submitted an article from The Ottawa Citizen. Interesting bits in it. He claims to be retired, and used to make 140,000$ a week. He sent 30 million messages a day.
Notice how he calls anti SPAM activists "terrorists". Nice moniker there, just like Commie was in the 1950s/1960s.
Perhaps my joking remark about US invading Canada because of all that put off the editors? ;-). I knew that CAN-SPAM had a Canadian sounding name!
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Unfortunately for the most part they still allow you to email username@isp.com, so anyone reselling email addresses need only remove the +box@... bit and the floodgates are open.
You are not alone. This is not normal. None of this is normal.
Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord?
I subscribe to a few mailing lists and promotional emails that fall within my interests. From receiving online coupons by the local grocery chain, news about my local sports team (go Sens go!), TechTV newsletters, weekly recipes sent from Kraft Canada, etc...
There are plenty of mailing lists and promotional emails that do interest me, and I have no problems receiving them, as I signed up for them.
I can also state that the mailing lists/promotional emails I have subscribed to, none of them have given my address to someone else, nor have they ever sent me something that I didnt request (I run my own mail server with my own domain, and create an alias for each thing I subscribe to. Makes it easy to control what I get from whom. The only spam I ever get from these are from registering on questionable websites. When that happens, boom goes the alias).
It's better to burn out than to fade away
Notorius Spammer Alan Ralsky is currently residing at: 5733 Stone Rd, Lockport, NY 14094
His current home phone: (716) 434-9173
His current cellular phone: (716) 807-7120
Please go ahead and let him know how much you love him--being Spamhaus's number 1 offender and all.
I belong to a club that does mass emails to our members and to folks that members have invited to our club functions. Everyone on our email list gave us their email in writing and every email we send allows opt out. But still this is thousands of people and some of them, rather than click the the unsub button, identify us as spam to block the emails. The result is that many of our dues paying members cannot get mass or even individual emails from the club they belong to (and pay money to belong to).
With the CAN SPAM laws now we're running around wondering if we now have to worry about being hassled for simply emailing someone who is too lazy to click the unsub link. My take to our board was that we are fine, but some are still worried about having to deal with court costs because someone decided to abuse this law and doesn't understand the difference between SPAM and emails that you asked for and then changed your mind.
So the potential result of this law is hassling small legitimate groups that want to cut postage costs - while the real spammers, who you don't have any prior relationship with you and who you didn't give out your email to, continue to fill your email box with crap.
Ugh...
http://www.sneakemail.com
Then there's Spam Gourmet, which lets you set up an auto-expiring disposable address to use for those "confirmation" emails.
The only downside of course is that it takes a bit of time (10 ~ 20mins) before a new forwarding account is created and I am only limited to 99 aliases with my current domain name provider.
Get a domain host that provides a "catchall" account, that collects everything sent to your domain that isn't for an explicitly created address (account).
Collect messages for the catchall account with your email client. (Or forward them -- my deal with my host, hostica.com, provides a catchall but only one POP account, so by necessity, the catchall (and the explicit but non-POP accounts) all forward to the single POP account. But for only $12 a year, having to channel everything through a single POP account is a small annoyance.)
Filter the messages in your email client software (or in a proxy server like POPFile), to separate out addresses that hit the catchall that you care about (either care because you want to see them, or care because you've decided that address has been compromised).
The advantage to this is that I don't need to create an account, all I need to do is make up some-address@mydomain.tld. It's so easy that I do it all the time I'm asked for an email address. If that address begins to get a lot of mail, then and only then do I bother to make a filtering rule for it in my email client.
Opinions on the Twiddler2 hand-held keyboard?