Slashdot Mirror
Spam and the Law Conference Report
Cowards Anonymous writes "The Guardian has a story about a spam and law conference, recently held by the Institute for Spam and Internet Public Policy, in San Francisco.
The conferences are usually attended by anti-spammers, from the major ISPs, and spammers; and are an attempt to bring the two sides together. The article's author notes 'It's oddly intimate, watching the spammers and the anti-spammers mill around each other like this. It feels like a temporary ceasefire in a vicious war that to most of us seems to be a stalemate.'
Also in attendance was infamous spammer Scott Richter, or 'high volume email deployer' as he wished to be called on his recent Daily Show appearance. Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands."
And I'm waiting for spammer season! :)
Scott wants to hear from you. Drop him a note!
Wow. Spam AND bullshit management speak. How many reasons to kill(sorry, terminate with extreme prejudice) him do we need?
i let it gather to about 100 emails in my inbox, then i forward each of them individually to every address that sent it.
Well, true, spammers are among the lowest forms of human life and deserve the status. However, at least Scott Richter is willing to do something that most other spammers won't... admit that he does it and is willing to talk about it.
Let's face it, he's willing to explain his motivations and disclose his tactics. Most spammers take great lengths to hide their identity, and are scared to even tell their family what they do for a living. Even if we don't like what he does, at least he's willing to help us attempt to understand the problem. If anybody proposes an anti-spam system, he'll at least do us the favor of pointing out how it's not going to work before we waste our time on it.
Where, it might be noted, it became clear he didn't have a whole lot of experience with the "clitorious."
The best was hearing Rob Corddry say "clitorious" back to him, and Richter not batting an eye. Perhaps the solution to getting this guy to stop spamming is to get him some lovin'? Preferably human?
God Bless America. Why? Did it sneeze?
Is admitting it comes from America. A quick glance at any spammer blacklist shows a clear majority of them live in Florida, but American politicians and lawmakers still push the line that it's an African and Asian problem.
If spammers have connections to virus writers and do all these malicious things, why weren't there cops waiting to arrest them when they showed up? Were they granted immunity to visit the conference or something?
Unknown host pong.
I'd be interested in still pics or short video clips of Richter and his buddies. Did anybody snap any?
Do you own a dartboard?
Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands
I wonder if Richter is bigger than they expected or will there be a mysterious freak mishap in San Francisco involving rapidly expanding gases in a container when he start his car? All in all he is funny for going ya know...
Sometimes I wonder just how much money these spammers really make from the spam. I've never even looked at a piece of spam in serious contemplation of buying whatever "product" they are selling
Setec Astronomy
No, but I found a guy that can print images on long thin strips of soft paper.
Why do I have this? I don't smoke.
The Daily Show - 03.30.04 (Xvid) [87 MB] Torrent
When modding "Informative", please make sure it both has a source and IS actually informative.
Next time we know a meeting like this is coming up, we send a representative and photograph each of the spammers and post a "Most wanted" web page with each spammer's photograph and address.
Then put up forms that can be printed out ala "wanted poster" style and have volunteers post the wanted posters all over the spammers' towns.
Expose them and run them out of where they live. Make their lives as hard as they make ours.
- Zav - Imagine a Beowulf cluster of insensitive clods...
Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands.
Well, what kind of weapons did they use, then?
AEIOU: open-source anonymous internet currency
No, no they don't. They can forge the address easily, it doesn't require any access to anyones system, nor does it even require the forged address to exist. I have gotten spam from forged non-existant users on my system, and I, on rare occasions, also get bounces from spam sent with forged headers claiming my address, yet my mail server and home computers are quite secure, and have not been compromised.
Hunt your preferred prey at Aliens vs Predator MUD. Join the war at avpmud.com port 4000
Byond the typical laundry list starting with "opt in," and ending it "don't sell illegal items" I'd like to suggest "clean house".
I've opted in to some spam and had to opt back out again.
Let me make myself perfictly clear. UCE* is what we are bitching about. With the huge volume of UCE the few items of SCE* are lost in the wake.
I have to set up filters for each type of S?E* and a few UPE*.
The fact of the matter is UCE is hurting SCE by flooding it out of existence.
Back in the start Spamford made a play at cleaning the situation up. By play at I mean he actually e-mail bombed anyone who complained and only PRETENDED to handle complaints.
(I should have sued his butt for that)
If your lagit add a code.. Ohh brain drain.. I forget how it works but I use such codes to help me partition e-mail lists I'm on into proper compartments.
I'd like to add a nifty additional suggestion....
As a form of tripple check,
Most Spam is sent in HTML with images downloaded over the web. That means when your target reads the e-mail his computer contacts you.
This is good advice even for the e-mail vetters, harvesters and violaters of the Can Spam act..
If your target dose not conact you in 24 hours (dosen't download the image by reading the e-mail) he isn't reading your message. Your being dumpped into a filter bin.
Just erase that e-mail from your list automagicly or slip into your filter system.
It may also be the person isn't reading e-mail as often as you send it and getting 20 e-mails from the same guy (for any reason) is just dam annoying and instantly earns you a place in the perment filters.
*Translations:
UCE: Unsolicited Commertal E-Mail. (V!agra)
UPE: Unsolicited Personal E-Mail. (I love your website, Wana swap links? I like your artwork. Baka Kitty? Couldn't you be more original or is that all the Japanise you know?)
SCE: Solicited Commertal E-Mail. (Yes please tell me when the new Yugi cards come out. Horray I won an eBay auction. Oh joy someone bought some more "Voodoo computer" pin dolls from me.. Time to ship)
SPE: Solicited Personal E-Mail. (It's your mother. Your computer is making noises. Are you experementing again?)
S?E: All solicted e-mail
U?E: All unsolicted e-mail.
I don't actually exist.
Aside from from the bandwidth (which who knows what kind of bulk rates they get on that) the most expensive part of spamming is buying domains.
And the kicker is that HTML doesn't allow you to obfuscate an URL. The best you can do is character codes but that's one to one so not effective.
What I do is harvest URLs from spams and then add them to the rule file for my mail server. It's a mostly automated process to avoid accidently filtering out non spam domains like w3c.org or yahoo or whatever that occasionally end up in spam e-mails along with real spam domains.
You can click the link on my sig and then there's a link from there to see the current rule file my server uses. Since I added in web-mail with spam reporting, this is going to be even easier since spams will have a unique subject line and a to address that has no legitimate uses.
Instead of trying to sort out which e-mails to my real addresses were spam or not, I just log in, report them and then it's a simple sort by to address to find all the spam to filter links out of. There's probably around a thousand filtered domains which equals several thousand dollars worth of domains.
If you're worried about people snooping around on your connection, OpenSSL is comming soon for web-access.
If you have a fully TLS enabled e-mail client you can do secure POP3 and SMTP already. Thunderbird has TLS capabilities for SMTP but not POP3 for some reason. Pegasus Mail is fully compatible. Apparently there's no clear standard as to whether the client should just use the standard 110,25 ports with encyption (what my server supports) or use alternate ports. Thunderbird is quite convinced you absolutely must use a fixed alternate port for POP3.
For most people, it'll probably end up that the web access is the most secure way to use Indie-Mail.
Ben
Work Safe Porn
Even better: Have a domain. When you own a domain, you can forward all mail not addressed to a valid email address into a common mailbox. I give email addresses based on who I am giving them too, for example: yahoo-list@... microsoft-seminars@... symantec@... When/if I get spam to an address, it is much easier to figure where the leak was. Once an address is completely compromised, I create an actual mailbox for that address, set a size limit of 1, and let the messages bounce.
In some ways (SOME!) I actually see spam as something that could be useful ... in a weird way. See, I classify spam as good, bad, and ugly. Ugly is easy, it's the viruses and phishers. Bad is the stuff with forged headers, misleading subject lines (account canceled, your resume). These two deserve no sympathy whatsoever. They are fraudulent and ought to be dropped in the ocean and fed to the fish.
... 80% is pure trash, with invalid users (I have my own domain), non-ascii in the subject. The rest I have to look at sooner or later just to see what should not have been classified as spam.
But the other spam, well, calling it good is pretty optimistic. I would say only that it is not as bad as the other stuff. When I see a spam whose subject is actually correct, even if for viagra or teenage nympho web sites, my blood pressure doesn't get quite as high as with the fraudulent stuff.
But I get 400-500 a day
You know, if I only got 10 legit spams a day, real advertising for real products, it wouldn't be so bad. But these idiots send it to webmaster, postmaster, root, faxmaster, every sort of imagineable name, and that puts it in the bad category, it is fraudulent. No way has any admin account ever signed up for anything. And sending spam to the admin accounts is just plain deceitful, instantaneous self-indictment of their fraudulent intentions.
I wish spam actually were a useful, cheap advertising medium. I might actually see something once in a while that was useful. But hundreds a day, for pills or porn or loans, that is not useful.
Infuriate left and right
That's a nasty thing to do, sending Bounce messages to random innocent people who happen to be in the forged From address. Getting lots of false bounced junk messages myself, I say you are part of the problem.
Oh, and your estimates of the waste of energy involved in spam are off by several orders of magnitude. Back of envelope calculations based on incoming mail volume, power consumption (which I've measured), and cluster size has 100,000 emails per day costing at least 10KWhr, and that's just on the receiving mail server cluster (it would be lower without redundancy, of course). Once you add in the sender and all intermediate hops I wouldn't be surprised if that figure doubled. And that's just the beginning; of all network services we run, email is by far the greatest suck of money, brains, and time.
Before you claim free speech in defense of spam again, perhaps you should spend some quality time with systems and network engineers, and see how un-free this "free speech" really is. I'd be glad to do so myself over the telephone ... I assume given your argument you do take collect calls from everyone, right?
I only maintain two post offices. I have one that I don't care about that I give out to people who run MS Outlook/Express, since I know that their address books are going to get heisted on a fairly routine basis. Then I have another one that I give out to fellow Linux users. The former is constantly full of get-rich-quick penis-pill mortgage contest car job ads, while the latter remains virtually empty except for the occasional message conveying worthwhile information from people I care about. I'm almost convinced that I need to get an additional spam address as the original is starting to overflow regularly between my weekly janitorial reads.
Must remember to check and see if I've won that 53-inch HDTV yet. I wonder if I can take it with me on my 1st-prize Mediterranean cruise....
What's the future of spamming? There's enough effort now being expended that spamming won't continue. So where's the future? What's the sustainable model?
A lot of bad shit happens in this world. For some reason, it never makes the front page. Hell, it's unusual for it to make any page in the US papers.
What's the story on 9/11? Sounds like the US really fucked up. We knew about the threat in advance. Just didn't respond to it. You can read all about it in the UK papers, back long before the US papers picked up the story...
What about that drug raid at a high school a few months back. High school kids handcuffed and thrown on the ground with a gun to their head if they didn't "cooperate" fast enough? Over a hundred kids abused. Video footage available. No drugs found...
The list goes on and on. Ashcroft's porn views. The "lets confiscate all their property and drive them out of business" technique for suing companies. IRAQ. (Need I say more?) What about that guy who spoke against invading IRAQ, and was courtmatialled for it. Or the recent decision to allow arbitrary searches (withOUT cause) of gas tanks belonging to citizens, including removing them from the vehicle by underpaid, underskilled government employees. The Patriot Act? How the Patriot Act II was slipped through congress? Or the efforts currently underway to re-active the draft in 2005?
IN THE US, WE HAVE FREEDOM OF THE PRESS. But that only holds true when you own the press.
EVENTUALLY, INEVITABLY someone will discover spam as a means of publishing "alternative" viewpoints. Probably with google-style text ads. And they'll make a mint...
Spamming is very impolite. The objections aren't really about electricity, or even bandwidth and disk space (for which the costs do begin to mount up) or even the time it takes (which can be a serious imposition.)
The core objection is about impoliteness. Spammers are _very_ impolite on am immense scale. A little bit of impoliteness annoys you. A person pumping out a million pieces of impoliteness an hour...well, that adds up to genuine rage. Especially when it is clear that he knows he is annoying you and hopes you don't care, which is the case with the guy hoping that v1@gr@ will slip past your spam filter.
There's a limit to how loud one is allowed to speak. Beyond that, one is disturbing the peace. A violation of politeness becomes a crime. It's unfortunate when we have to regulate politeness, and it's unfortunate that you can't play your stereo as loud as you'd like, but that's how we live together.
"Courtesy is the lubricant of social interaction," Heinlein said. Spammers are sand in those gears, and that grit is annoying out of proportion to how much actual damage it does.
Is violence justified? No, but I do have to keep reminding myself of that.
Our plan is to sue those companies which are pitching products that will make them more amenable to suit in California, and that may have some assets to go after. I am thinking the companies that are pitching mortgage loans ("Mor|tgage rates tumble - Refinance today ozg w9l") and insurance are prime targets. I realize, of course, that these companies may not be sending out the spam themselves, but I really don't care. If these companies are marketing themselves so irresponsibly, they are just as culpable as if they were pressing the "send" button. Through the discovery process, I certainly do plan on finding out who is pressing the "send" button.
Not being an uber-geek, but only a humble lawyer, this is the role I can play. And I must express my appreciation to /.ers who have inspired me. I plan on keeping a Slashdot journal of the process.
No Inflation Taxation without Representation
* get a free domain so that it's easy for people to find this & so that it won't cost you
* don't have any email addresses [or as few as possible], so that it is easy to reject spam
* list their credit card info & banking info, if possible
* list their phone numbers if possible
* list their fax numbers if possible
* make the whole thing searchable, in case somebody wants to verify whether or not a particular person is a spammer
testing out my trending skills
THis seems stupid to me. It's just like the current throwaway accounts. Get on a mailing list. You UNC key becomes visible. Spammers grab it and start spamming you with it. Back to point one. That doesn't solve anything at all.
Non-Linux Penguins ?
Everyone knows free speech is about being able to state opinions without government intrusion, not the ability to say whatever you want whenever and wherever you want. Outside of the classic "Shouting fire in a crowded theatre..." example, "commercial speech" is a concept that's been around for awhile. Look at legal cases surrounding the Do Not Call registry for more information.
Member of Orkut? Annoyed with spam?
Were this to be implemented, you have to tell everyone who you want to e-mail you your key. You already tell people your e-mail address. If you want any old joe to e-mail you, you put up your key, and then you get spammed. Since you can already use an ISP e-mail adress where you decide what comes AFTER the "@," you can already do this, should you wish to.
So if you'd kindly explain the difference between this and the current solution...
im in ur