Spam and the Law Conference Report

Cowards Anonymous writes "The Guardian has a story about a spam and law conference, recently held by the Institute for Spam and Internet Public Policy, in San Francisco. The conferences are usually attended by anti-spammers, from the major ISPs, and spammers; and are an attempt to bring the two sides together. The article's author notes 'It's oddly intimate, watching the spammers and the anti-spammers mill around each other like this. It feels like a temporary ceasefire in a vicious war that to most of us seems to be a stalemate.' Also in attendance was infamous spammer Scott Richter, or 'high volume email deployer' as he wished to be called on his recent Daily Show appearance. Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands."

I've got lots of ammo....

[Jason+Straight]

And I'm waiting for spammer season! :)

"High Volume Email Deployer"

[Slashdot+Hivemind]

Wow. Spam AND bullshit management speak. How many reasons to kill(sorry, terminate with extreme prejudice) him do we need?

Scott Richter: A "Good" Spammer?

[LostCluster]

Well, true, spammers are among the lowest forms of human life and deserve the status. However, at least Scott Richter is willing to do something that most other spammers won't... admit that he does it and is willing to talk about it.

Let's face it, he's willing to explain his motivations and disclose his tactics. Most spammers take great lengths to hide their identity, and are scared to even tell their family what they do for a living. Even if we don't like what he does, at least he's willing to help us attempt to understand the problem. If anybody proposes an anti-spam system, he'll at least do us the favor of pointing out how it's not going to work before we waste our time on it.

Re:Scott Richter: A "Good" Spammer?

[Naffer]

Yesterday I received 144 pieces of Spam. Taking into account that there are 1440 minutes in every day, I get a piece of spam every 10 minutes.
My current total is 18,212 pieces since 11/19/2002. 8,000 of which arrived just since the begining of January. If it wasn't for SpamBayes, I probably would have abandoned email altogether by now. These guys are rubish.

Re:Scott Richter: A "Good" Spammer?

[Jade+E.+2]

Most spammers take great lengths to hide their identity, and are scared to even tell their family what they do for a living.

<<Cue violins>>

Man: Mom... I... I'm sorry. I can't hide it anymore. I... I'm a spammer.

Mom: I... was afraid of that. I mean, I suspected but... I just didn't want to find out. Didn't want to be sure. I had hoped... it would never come to this. I'm sorry.

<<She reaches into her handbag, pulls out a revolver>>

Man: Mom! No! NO!

<<BANG>>

Oh Scott Richter

[hambonewilkins]

Scott Richter, or 'high volume email deployer' as he wished to be called on his recent Daily Show appearance.

Where, it might be noted, it became clear he didn't have a whole lot of experience with the "clitorious."

The best was hearing Rob Corddry say "clitorious" back to him, and Richter not batting an eye. Perhaps the solution to getting this guy to stop spamming is to get him some lovin'? Preferably human?

The first step to getting rid of spam

[Slashdot+Hivemind]

Is admitting it comes from America. A quick glance at any spammer blacklist shows a clear majority of them live in Florida, but American politicians and lawmakers still push the line that it's an African and Asian problem.

Re:The first step to getting rid of spam

[LostCluster]

Florida has an interesting power of attracting rich-yet-lowlife characters who have managed to be declared scum yet have avoided being put in jail.

The key is that unlike other states, Florida has no value limit on what you can claim has your "homestead" when you are claiming bankruptcy. That is to say, you could own a multi-million dollar home and have billions in unpaid debt. You won't be able to own much else in your own name, but you can keep your homestead. With only a few exceptions, creditors simply can't force you to sell your homestead in that state.

That's why spammers live in Florida. Pass all the civil liabity laws you want... you can't touch anything they have. You have to make spamming a crime in order for them to be worried.

Where's the fuzz?

[k4_pacific]

If spammers have connections to virus writers and do all these malicious things, why weren't there cops waiting to arrest them when they showed up? Were they granted immunity to visit the conference or something?

Richter is a funny guy.

[stecoop]

Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands

I wonder if Richter is bigger than they expected or will there be a mysterious freak mishap in San Francisco involving rapidly expanding gases in a container when he start his car? All in all he is funny for going ya know...

Re:What i do with spam

[ObjetDart]

I don't understand...what good does this do? Virtually all reply-to email addresses in spam are bogus. The only thing in the entire message that is real is the link to the site they are promoting. If you want to DOS the spammer, go after the site, not the bogus email address.

Sometimes...

[Bishop,+Martin]

Sometimes I wonder just how much money these spammers really make from the spam. I've never even looked at a piece of spam in serious contemplation of buying whatever "product" they are selling

Re:What i do with spam

[Deraj+DeZine]

You do realize that it's easy for spammers to forge the From address, right? So you might be spamming innocents.

Re:Pictures?

[chadjg]

No, but I found a guy that can print images on long thin strips of soft paper.

Bittorrent of Daily Show Stuffs

[ticklemeozmo]

The Daily Show - 03.30.04 (Xvid) [87 MB] Torrent

Re:What I do with spam

[azav]

As long as SOME reply-to addresses are bogus, it means that the method is useless.

Also, since these spammers are proceeding with illegal activities in the first place, why would we even THINK that they would obey the new opt out rules and not resort to "they replied so it's a valid address to spam"?

Next time

[azav]

Next time we know a meeting like this is coming up, we send a representative and photograph each of the spammers and post a "Most wanted" web page with each spammer's photograph and address.

Then put up forms that can be printed out ala "wanted poster" style and have volunteers post the wanted posters all over the spammers' towns.

Expose them and run them out of where they live. Make their lives as hard as they make ours.

Well?

[Chris+Acheson]

Surprisingly the anti-spammers didn't tear Richter to pieces with their bare hands.

Well, what kind of weapons did they use, then?

Making it expensive for spammers

[KalvinB]

Aside from from the bandwidth (which who knows what kind of bulk rates they get on that) the most expensive part of spamming is buying domains.

And the kicker is that HTML doesn't allow you to obfuscate an URL. The best you can do is character codes but that's one to one so not effective.

What I do is harvest URLs from spams and then add them to the rule file for my mail server. It's a mostly automated process to avoid accidently filtering out non spam domains like w3c.org or yahoo or whatever that occasionally end up in spam e-mails along with real spam domains.

You can click the link on my sig and then there's a link from there to see the current rule file my server uses. Since I added in web-mail with spam reporting, this is going to be even easier since spams will have a unique subject line and a to address that has no legitimate uses.

Instead of trying to sort out which e-mails to my real addresses were spam or not, I just log in, report them and then it's a simple sort by to address to find all the spam to filter links out of. There's probably around a thousand filtered domains which equals several thousand dollars worth of domains.

If you're worried about people snooping around on your connection, OpenSSL is comming soon for web-access.

If you have a fully TLS enabled e-mail client you can do secure POP3 and SMTP already. Thunderbird has TLS capabilities for SMTP but not POP3 for some reason. Pegasus Mail is fully compatible. Apparently there's no clear standard as to whether the client should just use the standard 110,25 ports with encyption (what my server supports) or use alternate ports. Thunderbird is quite convinced you absolutely must use a fixed alternate port for POP3.

For most people, it'll probably end up that the web access is the most secure way to use Indie-Mail.

Ben

Re:How to avoid spam.

[Caseylite]

Even better: Have a domain. When you own a domain, you can forward all mail not addressed to a valid email address into a common mailbox. I give email addresses based on who I am giving them too, for example: yahoo-list@... microsoft-seminars@... symantec@... When/if I get spam to an address, it is much easier to figure where the leak was. Once an address is completely compromised, I create an actual mailbox for that address, set a size limit of 1, and let the messages bounce.

Good, bad, and ugly

[A+nonymous+Coward]

In some ways (SOME!) I actually see spam as something that could be useful ... in a weird way. See, I classify spam as good, bad, and ugly. Ugly is easy, it's the viruses and phishers. Bad is the stuff with forged headers, misleading subject lines (account canceled, your resume). These two deserve no sympathy whatsoever. They are fraudulent and ought to be dropped in the ocean and fed to the fish.

But the other spam, well, calling it good is pretty optimistic. I would say only that it is not as bad as the other stuff. When I see a spam whose subject is actually correct, even if for viagra or teenage nympho web sites, my blood pressure doesn't get quite as high as with the fraudulent stuff.

But I get 400-500 a day ... 80% is pure trash, with invalid users (I have my own domain), non-ascii in the subject. The rest I have to look at sooner or later just to see what should not have been classified as spam.

You know, if I only got 10 legit spams a day, real advertising for real products, it wouldn't be so bad. But these idiots send it to webmaster, postmaster, root, faxmaster, every sort of imagineable name, and that puts it in the bad category, it is fraudulent. No way has any admin account ever signed up for anything. And sending spam to the admin accounts is just plain deceitful, instantaneous self-indictment of their fraudulent intentions.

I wish spam actually were a useful, cheap advertising medium. I might actually see something once in a while that was useful. But hundreds a day, for pills or porn or loans, that is not useful.

Re:Jesus Christ People.

[shostiru]

The first amendment does not guarantee that I have the right to say what I wish to you and make you pay for it. The cost of junk mail, telemarketing, etc. is paid by the sender. The cost of email is paid primarily by the recipient (and her or his ISP). And, of course, there is substantial precedent that limiting commercial speech is constitutional.

Oh, and your estimates of the waste of energy involved in spam are off by several orders of magnitude. Back of envelope calculations based on incoming mail volume, power consumption (which I've measured), and cluster size has 100,000 emails per day costing at least 10KWhr, and that's just on the receiving mail server cluster (it would be lower without redundancy, of course). Once you add in the sender and all intermediate hops I wouldn't be surprised if that figure doubled. And that's just the beginning; of all network services we run, email is by far the greatest suck of money, brains, and time.

Before you claim free speech in defense of spam again, perhaps you should spend some quality time with systems and network engineers, and see how un-free this "free speech" really is. I'd be glad to do so myself over the telephone ... I assume given your argument you do take collect calls from everyone, right?

Re:Jesus Christ People.

[jfengel]

Spamming is very impolite. The objections aren't really about electricity, or even bandwidth and disk space (for which the costs do begin to mount up) or even the time it takes (which can be a serious imposition.)

The core objection is about impoliteness. Spammers are _very_ impolite on am immense scale. A little bit of impoliteness annoys you. A person pumping out a million pieces of impoliteness an hour...well, that adds up to genuine rage. Especially when it is clear that he knows he is annoying you and hopes you don't care, which is the case with the guy hoping that v1@gr@ will slip past your spam filter.

There's a limit to how loud one is allowed to speak. Beyond that, one is disturbing the peace. A violation of politeness becomes a crime. It's unfortunate when we have to regulate politeness, and it's unfortunate that you can't play your stereo as loud as you'd like, but that's how we live together.

"Courtesy is the lubricant of social interaction," Heinlein said. Spammers are sand in those gears, and that grit is annoying out of proportion to how much actual damage it does.

Is violence justified? No, but I do have to keep reminding myself of that.