Slashdot Mirror
Spam Bits
Let's mush a few things together into a nice pink rectangular solid: ipandithurts writes "The FTC Chair Timothy Muris doubts the ability of the "CAN SPAM" law to stop SPAM." ElementCDN writes "The Ottawa Citizen has a story on Bernard Balan the King of Spam. Bernard has closed up shop and moved to cottage country near Huntsville, Ontario." CactusMan writes "CTV (among others) is reporting that a Ontario trio has been named in a suit filed by Yahoo under the new CAN-SPAM legislation. Yahoo is claiming that the father and two sons were 'responsible for sending millions of unsolicited messages to users of the company's e-mail service.'" ilsa writes "According to this AP article, as much as 19% of e-mail sent by commercial entities never reaches its destination. 'Promotions and greeting cards were the types of messages most likely to disappear, the study found.' Although this study may have been intended to be alarming, forgive me for thinking this may not be a bad thing." Reader chrisbtoo responds to an earlier spam story: "In today's story about Spam solutions, monstroyer challenged people to crack the Spam Interceptor Captcha. Turns out it was pretty easy." Finally, we can't fail to mention an attempt at making the world's largest spam musubi.
I run a small publishing firm that relies on email to sent updates to our materials. Every email we send to customers has at least 10% bounce (sometimes as high as 30%); many of which worked a week before or a week after. However, I think the 19% number mimics my personal mail as well: messages allll the time get lost in the shuffle!!
e-mail recipients risk losing newsletters and promotions they've requested.
Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord? Don't answer that.
The coolest voice ever.
I hang out in various anti-spam communities (news.admin.net-abuse.email and some IRC channesl) and most of us (tinu) agrees that (I) Can Spam is pretty clueless. Now, I'd like to hear comments from someone who's not an anti-spam zealot. Is there anyone who thinks Can Spam is worth the paper it's written on? (Anyone not associated with Direct Marketing).
The AP/ReturnPath story is interesting, in that the actual number of messages that never see their intended recipients is probably even higher than 19%.
This wouldn't even begin to account for the number of messages filtered by larger companies, universities, and other entities that maintain their own spam-filtering and spam-blocking systems. It also wouldn't account for the growing number of individual end-users who are installing and using commercial or free spam-blocking software on their local machines. Anti-spam software isn't just for geeks anymore. According to download.com, the top 25 results for a search on "anti-spam" have been downloaded 2,493,051 times, in aggregate.
Well isn't that a good thing?
If you are an end user, and missing a message doesn't matter that much to you, then no. If you are a company using E-mail to communicate with your customers, but you aren't sending anything critical, then no.
If you miss the electronic notification from your bank, credit-card, or student loan company that your last payment is late, or the notification from your airline that your flight was cancelled, then it does matter.
And if your one of the,"oh, it can't be more than five or ten", companies in the world that is using E-mail as part of your business processes, whether for sales, marketing, customer service, CRM, purchase or account notifications, etc... well then, hell yeah it matters.
Things are probably going to get worse before they get better, but E-mail for business has so much potential that I can't but hope that we will solve this problem.
The facts have a liberal bias. --The Daily Show
No entry found for rectagonal.
Did you mean octagonal?
Prevent email address forgery. Publish SPF records for y
So we have a name, of Bernard Balan, and it looks like he's living in the Muskoka regions of Ontario, Canada. How long before he gets Ralskyed?
And shame on the Ottawa Citizen for even trying to portray a bandwidth/storage space thief in a positive light. Neutral at most, and negative more appropriate.
Also, the Challenge Response bit, an interesting solution but slowly you'll start making the tradeoffs between "hard for computer" and "some people can't do this, their vision is poor or they are colourblind."
Doing the Right Thing should not be preempted by making a buck.
2971 lines in my Junk Senders file and growing.
But that, and about 20 rules filtering out Viagra and various misspellings, cans about 80% of the spam I get. It's almost enough for me.
Now if I could figure out how to get Outlook to hide the mail envelope in the taskbar for messages automatically deleted, I'd be laughing.
SCO, Microsoft, P2P, what's your hot button?
So Bernard Balan claims to be the (ex) king of spam and "one of the best programmers around"? Oh wait, spammer rule #1.
One line blog. I hear that they're called Twitters now.
Summary of the verdict: An ISP can demand that a spammer stops (ab)using the computer systems of the ISP for sending unsollicited email to its customers. If he continues after that, the spammer is infringing the ISP's rights.
extern warranty;
main()
{
(void)warranty;
}
The yesterday, I recieved what had to be the greatest piece of spam mail I've ever seen.
It had to have been 20 pages long from someone calling himself "Lawrence Jesus Christ", and went on about how they were coming back, and specifically mentioned that the document wasn't spam until the Can-Spam act, how keeping this email from people would allow the sender to sue the company for $7000, a bounce-back would invite a lawsuit for denial of service attack, on and on.
Funniest damned thing I've seen in some time. And I've been wondering if that's the deal with the other spam I've been seeing like how "I had a 36 hour erection with v-i.g.r.@ - click here" or "Bob crossed the room to find the school girls getting rich quick".
No, I'm not making that up. Well, a little - but it seems like spammers are now trying to use humor to get their messages through.
As for Lawrence Jesus Christ or whatever, I deleted it anyway. I'm still waiting for my lawsuit.
52 Weeks, 52 Religions with John Hummel
1.) SPAM
2.) P2P
3.) Pop ups
4.) Virus
Just when US companies think they have it figured out, some kid in a bedroom will figure out a new way to distribute smarter ones.
Sorry monstroyer, didn't realise it was your system that you were challenging people on. Guess you'll have some work to do tonight, eh?!
I'd recommend throwing some extra noise in there, and possibly varying the relative darknesses of the background and foreground. If you can distort the characters too it might make it harder to beat.
Registering accounts later than some other chrisb since 1997
I am beginning to think we can't ever get rid of spam through legal measures. I am not an expert on the subject... an I admit that I haven't paid that much attention to it. IT just feels like this is gonna be another case where the US or any other country can't control the global internet. We make it illegal and it isn't going to go away... it might go overseas...
I am convinced that the answer lies in spam filtration. If we stay one technological step ahead of the spammers, they will have to find some other way to make money. I suppose the next problem will be that not all email providers will implement the filters.. but having free software out there to do it will surely increase the number of filtered servers out there.
I think that clients with built in filters (see like stuff from mozilla are a good option). If more people would use these type of clients, it would really hurt spammers.
I have an email address that I have been using for a while now and I have not yet recieved ANY spam (thanks to the good admins of that server I am sure). So if more servers were like that one spam could be a thing of the past.
Obama is a twitter sock puppet
We have been depending on the difficulty computers have recognzing the shapes of obfustacated letters.
Why not make the try to identify things, objects.
There are a substantial number of warping effects that can be applied to a picture, and so long as the users language is known, and they are reasonably congnent, they cold recognize a barn, a duck, etc even if it was warped, twisted, or miscolored to some extent.
(example: there is a picture of a barn in the forground, the question is what is the color of the object in the picture, or what is the object, many questions based on one picture=)
I feel that this is the next generation of captchas. Personaly I like a picture scheme better, it could be easier to decipher than some of theose HORRIBLY degraded captchas I've seen. Plus it relies on a deeper ability to recognize shapes and patterns and colors and resolve them into a recognizeable image in our minds, and computers now cannot hope to recognize a warped human face from a barn.
I feel that this sort of authentication could also be the key to blocking spam all together.
A user could add E-mails to their trused list, and certain sites (ebay, hotmail, etc) could be on there by default, all others will have their message bounced with a captcha included, and an explination of what is happening. When they prove themselves human, they can get added automagically. Put the work on the senders end. If you send an email to someone, add them to the trused list, etc, for ease of use on users.
I feel that computers and spammers will have a hard time with any scheme that does not involve standardized things, like letters.
md5sum
d41d8cd98f00b204e9800998ecf8427e
If your customers are that valuable in their purchasing habits...why not simply direct them to a web site to pull the information? Then you can stop emailing people and they will read your web site if you are truely competative. For the most part, this avoid 19% loss -> 0% loss.
I think nobody should be using the email protocol for commercial purposes. It's just so much push technology that is waste and bog. "on demand" seems to be much more suitable for volume.
When people sign up "to get periodic updates about our products" they are opting-in for another type of spam, but it's still scatter that seems misguided to me. Why not just ask people to come back? You could email them the address and everything else once, but they usually already have that from a puchase receipt.
peh
"No entry found for rectagonal.
Did you mean octagonal?"
recta, from the latin "rectum" and gonal, from the english verb "to go".
there you have it.
Is this a joke? You can make that much money being a spammer?
No offense people, I but I'm seriously looking at switching careers! I make half that in a year!
I could work less than a single single year and retire. Amazing!
Linux O Muerte!
Hey.
I submitted the story about the Canadian spammer trio yesterday and it got rejected.
I also submitted an article from The Ottawa Citizen. Interesting bits in it. He claims to be retired, and used to make 140,000$ a week. He sent 30 million messages a day.
Notice how he calls anti SPAM activists "terrorists". Nice moniker there, just like Commie was in the 1950s/1960s.
Perhaps my joking remark about US invading Canada because of all that put off the editors? ;-). I knew that CAN-SPAM had a Canadian sounding name!
2bits.com, Inc: Drupal, WordPress, and LAMP performance tuning.
Going offshore won't help, if the banking system is forced to cooperate. The credit card system can collect chargebacks from faraway merchants without much trouble.
So that's like, what? 25 lines of Perl?
I kid because I love.
-B
Ash and Hickory, straight-grained and true, make excellent bludgeons, dandy for the cudgeling of vegetarians.
Have you normalized your "facts" by relating the number of exploits to the number of installations
Not relevant. He was talking about the number of vulnerabilities, not the number of machines affected. If he complained about the millions of instances of infected hosts, then you'd have a point.
If Linux were as popular as Windows is today, it would be just as plagued by security holes.
You're diregarding the fact that UNIX has had people probing it for security holes long before MS even offered TCP/IP in their standard product.
UNIX had a bunch of these kinds of problems years ago, (Robert Morris' Great Internet Worm being one of the more well-known examples) and sendmail used to sprout a new remote-root exploit every couple of weeks for a while there, but the proof of the pudding is in the eating, and today a security exploit in a UNIX system is notable for its rarity.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Submitting an email address to the "do-not-spam list" risks that address leaking to foreign spammers (or domestic spammers operating in a foreign country). They would know the address is "for real" so they would be happy to add it to the lists they sell.
If the email addresses were distributed in MD5 encrypted format, it would be a little harder for spammers to do much else with it. Of course, as they scan their list to see who is on the "do-not-spam list", they can still sell those addresses to others (outside the US) as "for real". They won't get to know about new addresses from the list, but they will get to know whether or not new addresses gained from other places is real or maybe not.
Perhaps better would be to limit the list to domain names only. The domain name owner would have to authorize being on the list, but then it would specify any email address with any username part would be effectively listed. And even still, it would be MD5 encrypted so spammers aren't handed a list of domain names.
Ultimately, it will have very little effect (big time spammers will move operations to outside the US), and have some problems (spammers will be detecting many "for real" addresses in this). The real solution is to send spammers to the gallows.
now we need to go OSS in diesel cars
BEGIN RANT:::
:::END RANT
If I hear one more spammer refer to himself as a victim I'm going to lose my lunch. Yeah, spammer, you're a victim, just like Charles Manson and Kenneth Bianchi were victims.
And hearing spammers justify what they do based on how much money they bring in likewise makes my stomach start to heave.
Another favorite is when they claim an inherent right to spam people. "Hey, don't use email if you don't want to get advertisements," is their repugnant, pathetic little battle cry, like a serial killer who justifies committing murder by claiming that people who don't want to be murdered shouldn't be born.
I remember this humorous tagline in a Car Wars supplement that read, "If you don't like the way we drive, stay off the streets (and the sidewalks and the lawns)." Spammers have the same kind of tagline going in real life, "If you don't like getting spammed, stay off the internet." But that's quite a bit less humorous, especially when people are having to weed hundreds of stupid spam messages out of their inboxes every day, after waiting fifteen minutes to download them all.
Time for popcorn.
You are in error. No-one is screaming. Thank you for your cooperation.
If Linux were as popular as Windows is today, it would be just as plagued by security holes.
First, wrong. Apache runs 60%-70% of the world's web servers, yet MS II has far more security holes (at least judging by # of exploits). Following your logic, this would not be the case.
Second, what that generates spam zombies is not really "security holes" in general, but more than anything, a particular type of exploit, namely viruses (virii?). These are nearly exclusive to Windows. (Indeed, by some accounts, Linux installations on the internet are more exploited than Windows installations -- discounting viruses. Take it with a grain of salt, but you get the idea - we are not talking about "security" in general).
Third, even though Windows may be more widely used by home users than Linux, most crackers ("evil hackers") are more familiar with the world of UNIX and Linux -- typically these OSes are their own tools of choice. Moreover, the source code for Linux (and *BSD) is widely available, and so any holes are much easier to find. (You saw that based only a tiny fraction of the Windows source code, leaked to only a tiny fraction of the worlds cracker population, several new "critical" exploits surfaced within days, if not hours).
-tor
Spamarrest seems like it has a better CAPTCHA mechanism: sample image. The loops are pretty ugly; certainly more difficult to subvert than dark characters on a light background (with no dark obfuscators). For myself, I use bogofilter. After piping a bunch of known good ("ham") and bad ("spam") through the engine. I get almost no spam that isn't caught and quarantined for later inspection.
I belong to a club that does mass emails to our members and to folks that members have invited to our club functions. Everyone on our email list gave us their email in writing and every email we send allows opt out. But still this is thousands of people and some of them, rather than click the the unsub button, identify us as spam to block the emails. The result is that many of our dues paying members cannot get mass or even individual emails from the club they belong to (and pay money to belong to).
With the CAN SPAM laws now we're running around wondering if we now have to worry about being hassled for simply emailing someone who is too lazy to click the unsub link. My take to our board was that we are fine, but some are still worried about having to deal with court costs because someone decided to abuse this law and doesn't understand the difference between SPAM and emails that you asked for and then changed your mind.
So the potential result of this law is hassling small legitimate groups that want to cut postage costs - while the real spammers, who you don't have any prior relationship with you and who you didn't give out your email to, continue to fill your email box with crap.
Ugh...
When do they come back? I wouldn't want to keep checking a website just in case there was something new there this week. If I an genuinely interested in something, then I don't mind signing up to hear that there is an update. Maybe you college students have time to go looking for new things every day, but I don't.
Alan Ralsky