Spam Bits

Let's mush a few things together into a nice pink rectangular solid: ipandithurts writes "The FTC Chair Timothy Muris doubts the ability of the "CAN SPAM" law to stop SPAM." ElementCDN writes "The Ottawa Citizen has a story on Bernard Balan the King of Spam. Bernard has closed up shop and moved to cottage country near Huntsville, Ontario." CactusMan writes "CTV (among others) is reporting that a Ontario trio has been named in a suit filed by Yahoo under the new CAN-SPAM legislation. Yahoo is claiming that the father and two sons were 'responsible for sending millions of unsolicited messages to users of the company's e-mail service.'" ilsa writes "According to this AP article, as much as 19% of e-mail sent by commercial entities never reaches its destination. 'Promotions and greeting cards were the types of messages most likely to disappear, the study found.' Although this study may have been intended to be alarming, forgive me for thinking this may not be a bad thing." Reader chrisbtoo responds to an earlier spam story: "In today's story about Spam solutions, monstroyer challenged people to crack the Spam Interceptor Captcha. Turns out it was pretty easy." Finally, we can't fail to mention an attempt at making the world's largest spam musubi.

19% of commercial email? At least!

[neiffer]

I run a small publishing firm that relies on email to sent updates to our materials. Every email we send to customers has at least 10% bounce (sometimes as high as 30%); many of which worked a week before or a week after. However, I think the 19% number mimics my personal mail as well: messages allll the time get lost in the shuffle!!

Re:Wow, they requested this?

[squiggleslash]

Set up an email address for each entity you do business with, and this becomes possible and easy to control. There are some entities I do like to receive newsletters etc from on a regular basis, simply because I buy enough from them for it to matter and they've put a lot of work into making them relevent - Amazon.com is one that springs to mind. People I know subscribe to things like newsletters from airlines that highlight specials, as another example.

You know, if ISPs made it easier to implement this particular solution, rather than requiring we run our own email servers to do it (or even doing what they can to prevent us from running our own incoming email servers - many ISPs block *incoming* port 25) the spam nuisance would end overnight. Businesses would stop selling email addresses because they know that their ability to contact you stops the moment they do, and people wouldn't buy them because they'd know the email addresses are blocked immediately on receiving the first spam.

I note Yahoo! is implementing such a scheme. More power to 'em!

Dutch supreme court rules that ISP may forbid spam

[MathFox]

The Dutch supreme court (Hoge Raad) ruled today (March 12) that an ISP can forbid a spammer to make use of their machines. (press release in Dutch). "XS4ALL has exclusive rights on its computer capacity" and "Freedom of expression doesn't allow infringement on the rights of others".

Summary of the verdict: An ISP can demand that a spammer stops (ab)using the computer systems of the ISP for sending unsollicited email to its customers. If he continues after that, the spammer is infringing the ISP's rights.

Re:Wow, they requested this?

[Phroggy]

Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord? Don't answer that.

Each time I sign up for something with a particular company or organization, I create a new e-mail address at my domain, and give them that. That way, if I start receiving spam at that address, I know who sold my address.

What I've found over the few years I've been doing this surprised me a little. The results: legitimate companies do not sell my e-mail address. Never. None of them. There have been times when an e-mail address has gotten listed on a web page in cleartext (e.g. on an eBay auction page) and those get spam because spammers harvest addresses (I believe eBay has stoopped listing e-mail addresses for this reason). The address I actually use as my return address when sending mail to friends gets spam all the time. Once an address is harvested from somewhere, I'm sure it gets sold on CD-ROM or whatever. But the addresses I create for companies and organizations to use (I've got about a hundred of them) simply do not get spam.

Re:Monstroyer says congrats!

[interiot]

There are some simple steps they can take:

• warp the letters so programs have to actually use OCR techniques instead of simple byte-matching (currently all "A"s have the exact same shape which is trivial to detect due to the small number of hard-edged pixels)
• alpha-blend the background... currently you can easily remove the background because it's the same color all the way across and all the way down (roughly speaking; you have to skip pixels on the horizontal, but it's still trivial)
• don't make the letters be the same color all the way across, contiguous pixel areas are too easy to recognize (better yet, apply randomness to the whole image)
• don't use a clearly different set of colors for the background vs. the text

Was this actually a challenge by the authors? It was trivial to break, and just about every other site on the internet that uses munged letters uses the above methods.

Re:Wow, they requested this?

[squiggleslash]

Unfortunately for the most part they still allow you to email username@isp.com, so anyone reselling email addresses need only remove the +box@... bit and the floodgates are open.