Slashdot Mirror
Confession For Two: A Spammer Spills it All
defender writes "Rejo Zenger, well known Dutch anti-spam activist, recently had a very frank talk with a (now retired) spammer. He got information as to how and why S. Pammer started, where and why he was kicked out, who helped him get his bulletproof hosting, his open proxy mailings etc. It gives a nice and concise view of what the costs for a smalltime spammer are. About 200 Euros for the hosting and ability to spam at least half a million addresses (in a months time). That's for a turnover of 6 times and a net profit of well over twice those initial spam-related costs. Complete with screenshots, of course."
Comment removed based on user account deletion
... a 'how to become a spammer' article.
bash: rtfm: command not found
Well there you go, find that domain host, and pull them from the DNS lists. If that fails, hunt them down like the rabid dogs they are.
How about paying those vigilant individuals? maybe yahoo or hotmail could pay them?
Hmmm. Net profit of over 400 euros a month, eh? Wow, that will buy a lot of champagne and BMWs! Yeah, that's worth having everyone on Earth hate you.
If all this should have a reason, we would be the last to know.
He's earned 523 Euros which in America = close to 1000 dollars (no I don't have a currency converter).
Job Paying $8/hr * 40/hrs week = $1280 or about $1,000 after taxes, that's the average rate of your Starbucks Coffee guy in the United states, and the money is legit!
Mid level computer programmer (or someone like me) = $50k/year or $3,000/month after taxes.
In short it's getting pretty damn tough for the Spammers I see. The harder we make it, and pretty soon Spamming will just be unprofitable I hope. In the meantime my advice to this spammer = get a real job...even Starbucks Coffee guy is better than what you're doing.
...in bed
Most orders seem to have been made on impulse: they are done during or immediately after the spam run.
And I'd have thought they'd engage in long, thoughtful consideration before trying an experimental manhood-enhancing product, mortgaging their home, choosing a Third World bride, or deciding which bestiality DVD set to purchase?
The coolest voice ever.
is a "pyramid scheme" of sorts. People who may or may not be the most adept at technology or business get the idea to spam. They pay the more "gifted" people at the top money for things like addresses and hosting etc. These are the people who are really cleaning up on spam and should probably be the ones that the authorities go after, cept that they usually hide in places (Russia, Hungary, China etc)where it's hard to enforce international laws, esp. spam laws. Even if we go after the little guy, there will probably be more to take his place, the lure of such "easy money" is too great for some people.
On a side note, it is kind of interesting the comment about bounced mails. My university disabled my account(because they thought I was no longer a student, even though I was) for about 2 months. As soon as I got it re-activated, the spam started flowing in like water again. Amazing.
Spammer's Cookbook.
Should make the NY Times Bestseller list in a matter of days along with a few more Euros.
Not funny, and likely to happen.
Reading this article gave me a good idea (Although, it's probably been done before)
Would it be possible to set up to send spam through one of those sites to numerous address you set up? Then, after you recieve the spam, you could block those proxies(being relatively certain that they're zombified machines)
Yes, you would have to spend a bit of cash up front, but it seems (at least in principle) to be a fairly accurate way to find spam relays.
My $0.02..
-Bucky
Every time I get one of those "Mic.ro sofT Sof1w.are cheap!" emails, I am always tempted to start some Linux spam.
"For a low, low fee I can show you the best software site on the internet, everything from operating systems, to office suites, to graphics programs can be yours for free. Yes the sourceforge is a wonderful place. To find out, please send CowboyNeal your first born."
This guy is only making a small profit, and the way he did his business wasn't really taking advantage of the "investment".
Shouldn't he be selling more products, ie he paid EURO$388 for the CDs, he should have used the same CDs for many more products at once, and each of them will guarantee the same readership of 30%.
Rock that crushes, Paper & Scissors that don't matter.
I, as an entrepreneurship student at GA State, would really like to develop a business according to the Sierra Club, Greenpeace, insert environmental cause here . Really. I really want to make this world a better place - using the system. As in, I'll become a capitalist/entrepreneur to do it. But, that website you've posted makes no sense at all. I don't get their ideolgy at all...
...would appear to be in the production and sale of address lists.
l @mx.tldd
Seriously, it would be trivial to write a script to generate e-mail adresses (actual reachability is a moot point). All you would need is a list of registered DNS names with mx records, and a list of names (nationality doesn't matter either: as many nationalities as possible). Then just run through the common variables
firstname.lastname@mx.tld
lastname.firstinitia
first6charsoflastname.firstinitial@mx.tl
and so on....
Costs to burn the CD
Yup, that's where the real money is....
If no one behaves, it's useless.
But if most behave, a few have a huge incentive to misbehave.
They key is to increase the penalties for misbehaving so that there is no incentive.
The sort of people to look at this kind of cost/risk ration and think "cha-ching" may actually be stupid enough to punch themselves in the face (even after reading this post). Where's my film?
if you think this is bad, you should have seen my last sig
I guess he hasn't heard of the White Pages....
Link
Have a look at the botton of the screenshot pay a visit for the "Send Safe" home page.
Would somebody PLEASE just kill those fuckers?
To sell such a program should be considered a crime for itself!
And have a look at the testimonials... Gosh... we are doomed.
This guy got an idea and tried it. It sort of worked O.K. How many hours did he actually spend doing this. He could have made quite a bit on an hourly basis. If he could think of a few more products to sell and do this full time, perhaps the BMW would be in his future.
A guy in Kitchener, Canada just got busted and the details were sparse but I got the impression that he had made a lot of money. Does anyone know more about that case?
My favorite alternative to replacing SMTP is to adjust the penalty for activities like this guy S.Pammer to be "head mounted on a stick". There is lots of data that says that a majorit of all spam is sent by the top 200 spammers; kill them all in greusome ways, and they are unlikely to have followers :-)
Crispin
----
Crispin Cowan, Ph.D.
CTO, Immunix Inc.
journalists iconify these assholes making them out to be some sort of innocent guy, genius, or otherwise. bottom line is, they're breaking the law, and pissing me off. let *ME* interview one of these guys, you'll surely see a dissection of a spammer.
whose with me? we'll set up some fake wired interview, and just beat them down, hoping they go tell the tale of horror to all of their buddies.
private funding sent a passenger jet in to near-orbit for a little bit over 20 million. i'll do this for 10 million, and a g-mail invite.. we will travel around the world, kicking spammer ass, guido squad style. take no prisoners. all in the name of national security, of course.
I am pleased however that more proactive steps are being taken by organisations such as Spamhaus in addressing the problem by both a technology and policy driven approach in combatting the problem. And that more prosecutions are happening. But I don't see the tide being turned anytime soon.
As for the internet dying, I don't see it. There is now to much commercial interest in it for corporations to sit idly by and do nothing about SPAM and other problems we encounter on the internet. Even our governments misguided steps at regulation, show that the internet is here to stay. It may transform in the future but I don't see it dying just yet.
hope this article does not recruit more spammers.
that would just suck..
anime+manga together at last.. in real time.
Abu Ghraib, under Saddam (warning: graphic, explicit video!)
The problem with spam is it's much harder to catch spammers than illegally polluting factories where disgruntled workers, regular inspections and so on can be used for enforcement. Spammers are hard to catch since they operate through intermediaries in other countries and fly beneath the radar, and because the legal tools to fight spam have been very slow to catch up. And there need to be government organizations dedicated to tracking down and prosecuting spammers, like there are for polluters.
Read up on Natural Capitalism, co-written by Paul Hawken, which you have no doubt heard of in that field.
:)
There are several interesting ideas in there, and best of all the book is available in its entirety for free
Information: "I want to be anthropomorphized"
domain: SEND-SAFE.COMd i.net
d i.net
owner-address: Ibragimov Ruslan
owner-address: 12 Krasnokazarmennaya
owner-address: 111250
owner-address: Moscow
owner-address: Russia
owner-phone: +7.957235641
owner-e-mail: b35ed568876bf16d66d15c298b2159a8-564687@owner.gan
admin-c: IR14-GANDI
tech-c: IR14-GANDI
bill-c: IR14-GANDI
nserver: dns.send-safe.com 217.107.162.252
nserver: dns2.send-safe.com 217.107.162.200
reg_created: 2001-11-14 04:31:54
expires: 2005-11-14 04:31:54
created: 2001-11-14 10:31:55
changed: 2004-04-27 11:56:07
person: Ibragimov Ruslan
nic-hdl: IR14-GANDI
address: 12 Krasnokazarmennaya
address: 111250
address: Moscow
address: Russia
phone: +7.0953632111
e-mail: 184925540b0f833661410d380e699d0c-ir14@contact.gan
lastupdated: 2004-03-16 20:30:07
/me gets back from looking at the screenshot...
...
:)
i'm banning 213.10.0.0/16
-jk
We've /.ed them.
Bwuha-ha-ha-ha, mwuh-mwu-ah mwuh-mw-a-ha-ha-ha.
Seriously though, how about we find an excuse to link to them every week or so and bring their bandwidth to its knees.
FGD 135
this guy is "normal" non-tech user.
he used all 'download and run' services, he built nothing himself.
I think the real money being made here is providing these programs and websites for them to use and also the lists.
This is interesting stuff to consider and would make an interesting business model to create spamware for the spammers and then feed the data to places like spamhaus etc.
anime+manga together at last.. in real time.
Seriously, just off the top of my head I can think of one much-needed business in my (very small) local town that this spammer guy could set-up and he'd make 10x what he made from spamming. Oh and I've just thought of another one.
The world is full of money-making opportunities if you stop thinking about money and start thinking about what people *want* and what useful products and services you can provide. I'm pretty sure you'll find that those opportunities are more profitable than all but the most serious financial crimes.
Unfortunately it will always be profitable, at some level, to spam with the current email setup. The can is open and it will always remain as much of a problem as unwanted callers and junk faxes. Heck, at some point I'm peckered by street vendors trying to sell me something and I find them annoying too.
:). The .01/email type of setup simply won't catch on (hopefully :), but even with "Caller-ID" email somebody, somewhere will still try and spam you at the cost it needs to get the bandwidth. Clever spammers will continue to rape Windows boxes and instead of DIRECTLY sending out the messages properly send it through the subscribers "registered" and "authentic" mail server -- and if they're smart send out a message every 3 minutes now and forever. Times 5,000 infected computers and I'd bet you could still get the message out and make a buck doing it.
:), harvesting messages to spam traps (their game is a doubled edged sword :), and a little filtering I see maybe a couple of messages a month. Maybe. My logs show a very different story though...
;].
I'm no fan of Microsoft, but their efforts -- coupled with whatever other "standard(s)" are incorporated will go a long way to squelching the issue in short order. Yeah, like many of you I'm sitting here waiting for the "right" standard to catch and implement it into my Linux & BSD servers (and soon to be OS X running the same software
TODAY by simply blocking IP's (spam me once from any IP and that IP will never talk to me again, rule #1
Caller-ID email added into the mix and I could whack 'em and stack 'em even faster -- so it will be on par with the number of soliciting phone calls I get [one maybe every six months
Did the Honey Pot Hunter link on the screenshot get anyone else's attention?
screenshot
It seems to me that there is some level of sophisitication to these spammer sites. I'm guessing they are really ripping off the poor shmucks who sign up.
what? what I thought we were in the trust tree in the nest, were we not?
support@send-safe.com
good@send-safe.com
techsupport@send-safe.com
orders@send-safe.com
For pre-sale only questions please call 813-747-9677.
heh heh heh, not for "pre-sale only" anymore.
Interestingly, it looks like SPF+ may be forked, as an attempt to escape the ludicrous shoehorning of XML into SPF2 by Microsoft.
--
It's on my reading list. The more I hear about it, the higher on my reading list it gets - It's now at #1
Thank you! I want to use the "system" to promote a better world.
You should be incredulous about what I'm saying - I would - My muse is "A Year To Live .
Not in my case; I don't pay extra to receive telemarketing calls or junk mail. Nor does the telephone company or post office block my driveway so I cannot drive to work in the morning. However, spammers have hit my mail server so hard that it cut off my connection to the outside world, preventing me from working from home.
When a spammer takes advantage of a poorly secured system belonging to another person without permission and forges the e-mail addresses of other innocent people not involved in spamming, I will use the word "criminal". I know of no better way to summarize fraud, theft, and trespass.
When I write free software and distribute it for free (with my e-mail address in the documentation so people can contact me or know that I contributed to the project) and I receive spam, how does your argument make sense? There are hundreds of thousands of computers with my e-mail address stored in credits files somewhere; how does this keep the Internet free?
how to invest, a novice's guide
this is where the UN has started taking looks at 'managing the internet' and the general response from the tech community has been fear and horror.
either we WANT a system that is monitored and every packed is tracked (ala big brother, 1984, the current US DMCA-Patriot Act version of things) OR we must create a self-managing system that provides accountability and protection from fraud.
spamhaus seems to be a step in the right direction, but the direction that microsoft and the various big companies seem to be going is the 'registered sender' approach, which completely defeats the purpose of the internet altogether and creates instead any number of smaller private networks (ala AOL back in the day when normal email couldn't be sent to AOL users and vice versa).
have we improved the situation? unlikely. have we made things so convoluted as to being nearly useless? likely.
Gekido's Lair
thanks
anime+manga together at last.. in real time.
So the 2000+ pieces of spam I get in my mailbox every week, that causes me to miss important messages occasionally because the filter gets them and they get lost in the noise, the several meg ads that tie up my connection for many minutes at a time as they download one after another, all of that is doing me no harm?
I never asked for spam, I never asked for my email to be used as a forged address (a recent development, so now I get complaints and counter spam too). Also I've never bought from a spammer.
These people ARE NOT direct marketers, they are CROOKS, using the bandwidth -I- pay for, to harrass me with things I do not want. And I have no real legal recourse to stopping them because I can afford to sue these hundreds of people. (If I could even find out who most of them were).
And again, please do not tell me they are not doing me any harm while I'm receiving spam complaint messages because some BUTTWIPE is forging my email address on their messages. It's no fun looking at having to change an email address that you've used for almost a decade, and all the associated grief that causes.
Comment removed based on user account deletion
Aww, missed it. Don't suppose anyone's got another one of them?
--
Spam is fundamentally identical to telemarketing and direct postal mail.
With the minor exception that direct marketting postal mail generally doesn't come "postage due," and telemarketers usually don't call collect. With spam, significant cost is incurred by those receiving the spam--more so, in fact, than it costs to send it in the first place.
There is no real comparision between traditional forms of direct marketting and spam. A far better example is unsolicitied advertisements sent to your fax machine (which, by the way, is illegal.)
What part of "shall not be infringed" is so hard to understand?
Thanks fatso!
This can't be for real...
We apologise for the fault in this post. Those responsible have been sacked. -- Signed RICHARD M. NIXON
Refi = refinance. Or anything dealing with loans? I'm not interested in being a spammer, but I would like to take extreme advantage of these guys who depend on spammers. Reason is, supposedly the loan guys pay up to $50 for each unique lead that responds. Hell, I could "respond" myself via dialup (new IP each time you connect) four times a day, for a cool $200 daily. This wouldn't take but an hour of my time at the most. Add in different loan vendors, and one could rack up EASY money quick.
finally, a post i can agree with.
I was on AOL back in the day, when e-mail was not to be sent between the regular internet and AOL. This was because AOL was a giant BBS. It wasn't even conncted to the internet, it was just a connection of other AOL users conncted together. As soon as AOL added the internet, e-mail possible between all.
Paint.NET, a Free Image Editor, with Source Code Available!
Marketing email directly from a company I do business with is one thing (acceptable, if annoying). Crap for viagra, home mortages, etc. is another. Most of the spam is very misleading anyway, and targetted towards old people that are easily manipulated (e.g. the mortage spams with the 'I spoke with you this morning' headers). That's borderline.
The crap with the viruses setting up spam relays is criminal.
If only that worked. Unfortunately, simply for the fact that I run a few domains and actually find it helpful for people to be able to contact me without unraveling a mangled email address (hence, I put my email up) - it gets harvested and abused. I can turn off the TV if it annoys me (actually don't currently own one) - I can't turn off the spam w/o loosing my business communication.
I've never bought something from spam, nor do they even get the satisfaction of those stupid image-link bugs getting pinged. Unfortunately, I can't stop the people they take advantage of from falling for their scams, any more than I can make the Citibank phishing expedition and Nigerian 419 scams unprofitable.
About 20 spam/day make it through the filter right now, with another 50 or so going to the spam bin. I get 5-10 legit emails per day. Bayesian filtering is dead now with the random garbage-spewers, so I need to test and install another solution on the server end (until the last 6 months or so, client filtering worked best for me - now it sucks ass). My life shouldn't revolve around dealing with spam. But I'm going to need to spend time on it anyway now.
Since I haven't spent much time on it, it *has* cost me more than time. I had a contract offer go into my spam bin, because the random words horked the bayesian filtering so badly. It wasn't the only false positive I've had, but it's the first time the delay before cleaning the spam bin cost me something - a contract. That just sucks.
I write code.
So the 20+ pieces of mail I get in my mailbox every week, that causes me to miss important letters occasionally because I toss them and they get lost in the noise, the several ounce ads that tie up hands for many minutes at a time as I carry one after another, all of that is doing me no harm?
I never asked for mail, I never asked for my address to be used as a forged address (a recent development, so now I get complaints and counter mail too). Also I've never bought from direct mail.
These people ARE NOT direct marketers, they are CROOKS, using the mailbox -I- pay for, to harrass me with things I do not want. And I have no real legal recourse to stopping them because I can afford to sue these hundreds of people. (If I could even find out who most of them were).
And again, please do not tell me they are not doing me any harm while I'm receiving spam complaint messages because some BUTTWIPE is forging my email address on their messages. It's no fun looking at having to change an address that you've used for almost a decade, and all the associated grief that causes.
------------
The only thing that isn't true for direct mail is the bolded bit. In the US, that would be mail fraud.
I'm not saying spam isn't a pain, but your argument is specious. You want something better, then create it. Its called innovation. And no, SPF isn't any better.
--
lds
99.999999% of it is sent via relay rape and compromised machines = criminal trespass, theft of service, unjust enrichment.
the internet survived just fine for a long time without spam. to say spam subsidizes the internet is bullshit -- it raises the costs for everyone and thus makes the internet more expensive, not less. spam isn't a subsidy -- it's a tariff.
spam is destructive because of innocent third parties who are destroyed in the wake of these miscreants sending out their get-rich-schemes and penis pill advertisements.
and these criminals are getting more and more outrageous in their actions. recently a spammer hijacked a california city government network, redirecting them to his own servers where he hosted porn sites and sent out spam. the entire city government network was shut down, utterly destroyed, until they managed to get it back.
if spam is not such a big problem, i'll just forward you all of mine, then.
That's very insightful. Given that spam is an overall economic bad, you can somewhat offset the production of spam by spending money for its removal. Or you could spend money so that it is never produced in the first place.
Maybe we should treat other economic bads (e.g., pollution) in such a way: subsidize the non-production thereof.
Visit their website. /dev/null
Look at all the pages.
Maybe do a wget websuck to
Look for Contact forms, and fill them out.
If it is a Mortgage scam, fill out the forms with random stuff, or put in the name and addresses of known spammers.
Same for the car lookup stuff (How in the world do they make money?)
Keep them busy and waste their time.
If everyone who received a spam visited the site just once I doubt they would be able to afford the bandwidth.
And, just an afterthought on a different note, do most spammers report their spamming income to the tax man? Has anyone ever tried to nail a spammer for tax evasion?
Just thinking about these asshats really burns my toast!
Howdy Doodly Doo!
Anybody want some Toast?
This story illustrates that the profitability of spamming is not that great. It would be even less profitable if spammers e-mail address books were even more polluted by bad addresses. And spam would be even less profitable if spam-using sites were innudated with mail.
I wonder if we could kill two birds with one stone. Littering the web with dummy e-mail addresses that include the domains of spam-supported sites. That way, the sites become overwhelmed by inbound mail traffic. It would be a version of this or, better yet, this using real domains of spam-using sites (from a blacklist service). E-mail addys such as sdadhja@viagraspammer.com, eywheh@viagraspammer.com, wywhdi@viagraspammer.com would both cost the spammer and the site that is using spam.
Two wrongs don't make a right, but three lefts do.
Actually, I would argue that using an open mail relay without concent of the owner of the system it runs on is a criminal act. You have no right to use a system someone else owns without their consent, and if you do so, that is a criminal act. In fact, that defines a great number of criminal acts, appropriating someone else's property for your own use. Be it computational resource or physical one, it is still criminal.
Previously, spammers just used an insecure mail exchange that someone else used, abusing the system. Now, they have worms hack into unsuspecting systems and set up mail relays of their own. These two relays are fundamentally the same.
The only way this would be identical to direct mailing or telemarketing is if, god forbid, they ran their own servers and sent their massive spam blasts. If they did this, then it would not be a criminal act. They won't, however, because that would mean that it would be trivial for most people not wanting spam to blacklist their servers.
I don't believe that "Internet Direct Marketing" can work. Think about it. Many people don't like direct marketing tactics. It's crap in the mailbox that goes right in the garbage. Many many people do not like telemarketing, so much that the telemarketing industry fought tooth and nail to prevent the one tool that could punish and block their attempts to push random promotions onto the masses. Spamming is the same tactic in a new medium, except that unlike direct mail and telemarketing, it uses YOUR resources reguardless if you read the email or not (pick up the phone, open the direct mailer) and you have the potential for much more control over rejecting all kinds of spam at once, and the spammers cannot handle that.
Even better than making money off idiots, you wind up making money off scum who want to make money off idiots.
With the added bonus of course that if you produce a big enough range of (hopefully) crap CD's you can flood the market raising the cost of spamming.
Perhaps a similar scheme could be applied to fake send-safe.com style sites
With the minor exception that direct marketting postal mail generally doesn't come "postage due," and telemarketers usually don't call collect.
Sure they do.
For residential users, who do not pay a per-GB bandwidth transfer fee, spam costs nothing more than time just like telemarketers.
For large organizations that have hundreds of phone lines, telemarketers consume valuable telecom resources just like spammers consume valuable bandwidth. If a corporation has 100 phone lines for use by its employees, and direcct marketers call 5 of those lines, then only 95 lines are available for business. The company now needs to buy 5 extra lines in order to keep its workers productive.
Similarly, if a company needs an full OC3 of bandwidth (155 MB/sec) and spam takes up 5 of those MB, then the company needs to add 4 T1s of bandwidth in order to make up for the losses due to spam.
Spam == direct marketing.
The pro's due that IN A SINGLE DAY!
Well, as the pros continue to ratchet up the numbers of spam sent, they continue to dilute the value of each spam. This ensures more will spammers will retire.
Let's say two years ago, a spam would bring, on average, $0.01. Sending 100,000 would return $1,000. He could do it with a cable modem.
Last year, the spams were now worth $0.0001. He's losing a lot of spam in filters. He now needs to send a ten million mails to get his thousand bucks. He needs a T1 or two to do it, as well as more machines. He needs to proxy, and move around his spamvertised sites more often.
This year, spams are worth $0.00000001 apiece. He now needs to send 10 billion spams to make a thousand dollars. 99.9% of his mails never reach the Inbox. 99% of what makes it is filtered at the client level. He now needs a t3 and a bank of machines to send it. His relays are RBL'd and he needs to hijack priavte machines - potentially a huge bust. He needs costly offshore hosting just to get a week or two in on his spamvertised sites. His old standbys - porno sites -- are laying low due to being deactivated for spamming. His clients are mostly openly illegal things like casinos, drugs and warez. He needs to proxy like a motherfucker; the FBI is coming down hard on spammers, nailing guys like Carmack for federal prison time.
At this rate, things don't look good for next year. He will need terabytes of bandwidth. He will need supercomputers. He will need to actually live in Russia, instead of pretending to.
Its kinda like faking where a letter is sent from and who you are at a bank. Its forgery, and fraud. Personally I think people that do this that get caught should end up in jail or shot.
Only 'flamers' flame!
Does slashdot hate my posts?
Anyone reading this and thinking "cha-ching", please punch yourself in the face.
OW!!
Or perhaps one could consider setting up a paypal account for them.
Marvin knew: "Think of a number, any number..."
Why not let 'em know you care?
E-mail Service Responsible for support@send-safe.com General
Support All pre-sale questions, etc. techsupport@send-safe.com Send-Safe
Developer Troubleshooting and technical questions about Send-Safe, Proxy Scanner, Proxy Hunter good@send-safe.com Verifier
Support All questions about Verifier software orders@send-safe.com Order process Any questions about order status
What about people who do this but for their own mailboxes? I for example do it. I use multiple web based mail clients, as well as Thunderbird. None of these has my main mailbox as the 'from' address, in fact it's a mail forwarding place. Would I be charged under your plan?
Parent post was a case of an Internet person commenting on the real world. As soon as I posted the comment I instinctively started thinking about the hypothetical business I mentioned, and it's obvious that 1000% profit would be downright impossible to achieve. I still think the spammer guy's an idiot/scum if he's only making 2x/3x profit by *spamming* but apologies for letting my ego run away with me.
...actually buying the products. Good people of earth! STOP BUYING PRODUCTS ADVERTIZED IN SPAM! Good people of the USA. Alter your spam-laws.
Perhaps we can pool together some funds to which gets Send Safe to send to our own honeypots. This information can then be used to build preemptive RBLs.
It is also useful as a gauge of where the compromised servers are. Perhaps even patching the compromised boxes.
Actually, I would argue that using an open mail relay without concent of the owner of the system it runs on is a criminal act. You have no right to use a system someone else owns without their consent, and if you do so, that is a criminal act. In fact, that defines a great number of criminal acts, appropriating someone else's property for your own use. Be it computational resource or physical one, it is still criminal.
I completely agree. My post was referring to spammers who are following the letter of the law. Theft is criminal, fraud is now criminal, using stolen addresses is now criminal, but sending direct marketing to public email addresses is not criminal.
The only way this would be identical to direct mailing or telemarketing is if, god forbid, they ran their own servers and sent their massive spam blasts. If they did this, then it would not be a criminal act. They won't, however, because that would mean that it would be trivial for most people not wanting spam to blacklist their servers.
But they do, because it's not so trivial to blacklist them. You blacklist IP's, not servers, and IP's can be passed around. In fact, you can even pay people to host spambots on their home computers. There are plenty of people eager to receive a few tens of dollars a month for no effort of their own. The spammers, even the legal ones, are lightyears ahead of intuitive thought on this topic.
In fact, here's something that everybody forgets: spammers don't want to spam you. Their interest isn't in using your resources, it's in turning a profit. Vehement anti-spammers don't buy the products and services advertised in spam, so why would they bother advertising to them?
What we really need is a registry of spam-unfriendly email addresses. I know it sounds ridiculous, because you think spammers will just use the list to hit you even more... but it's not. If they can go from a 1% success rate using a purchased list to a 15% success rate by easily subtracting a list of known anti-spammers, they'll do it.
Heck, a reputable group like the EFF could host an anti-spam email list and do the subtraction internally so that the spammers never need to see the list...
1) EFF aggregates list of spam-unfriendly addresses.
2) Spammer submits prospect addresses to EFF.
3) EFF returns list minus spam-unfriendly addresses.
4) Spammer only markets to the rest of the list.
They're not evil. They're capitalists.
If that were only true, few people would worry about it. Telemarketing companies have to pay their telco on a per-call basis and pay the people making the cold calls. Junk mail costs money to design, print and send; if there were no junk mail, first class postage would be higher. Spam costs next to nothing. Your ISP bills you by the month, not for the bandwidth you use. You pay the same amount if you send one email or one million. The cost of the extra bandwidth, extra servers, extra everything is spread out among all the other customers, giving the spammer a free ride. That's why it's so attractive: you get something for nothing. Of course, your response rate is very low, but it doesn't take much to make a profit and that's all that unprincipled, greedy spammers care about.
Good, inexpensive web hosting
Putting executable code, even in an interpretive language like TCL, into DNS records is a terrible idea. That offers a whole new channel for attacks. A good one, too; the code would be executed without any user intervention, and sometimes it would be executed on servers.
*sigh* I wish the government was more intrested in prosecuting spammers. I recently got a new email (gmail :), and now I'm paranoid about giving it away. An idiot friend of mine actualy put my last email into crushlink, a retarded email harvesting system. I also used in on a few web forms before wising up and using whatImSigningUpFor@mydomain for everything.
It's unbeliveably annoying. Yet ashcroft is more intrested in prosicuting indecency cases then stopping spammers, even with the idiotic CAN-SPAM act, lots of spammers could be shut down.
autopr0n is like, down and stuff.
$1386.66
13-unlucky = e-vile
8-death card = e-vile
666!= da DEBBLE = e-vile
math roolz! This proves that starbucks is e-vile, and working there is e-vile! So if you drink coffee there, you drink e-vile juice! And it EATS UR BRANEZ, 2!111! turns you into a...YUPPIE!
neener neener, yuppie nerds how...weird
The next time I hear about a spammer spilling his guts, I expect *real* guts from a real spammer.
Oh yeah, screenshots included !
"Whoever would overthrow the liberty of a nation must begin by subduing the freeness of speech."--Benjamin Franklin
The most important cost of spam is Wasted Time. For businesses, it's time their employees could be spending doing productive work; for home users, it's either time spent working or having fun, and it makes the Internet experience less full as well. Like telemarketing, it's an annoyance and waste of time, and because it's much cheaper to send than telemarketing calls, there's lots more of it, but it's basically the same kind of problem.
Junk faxing is illegal in the US, because when Spamford Wallace invented the Junk Fax industry, the costs of junk faxes and the annoyance of having your machine run out of paper were significantly annoying. These days, receiving faxes on real paper is kind of antique - if you're not using an email-based server, like EFax/JFax/etc, you've probably got some kind of PC with a modem card that lets you decide whether to print, so the cost is lower. But it's still annoying.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
You, sir, are clearly a filthy stinking spamming scumbag, or a troll, or both. However, for benefit of the lurkers out there who might actually be misled by your lies, I'll take some time to refute them:
... and not one of them has paid a penny to me, or to my clients, for any addresses they find. The only person paying anything to anyone is me, for the bandwidth they're using in order to gather those addresses, and my clients, who (like all end users) are the ones who end up paying in the end.
Spam is fundamentally identical to telemarketing and direct postal mail.
Spam is nothing like telemarketing or direct postal mail. It is fundamentally identical to telemarketing to your cell phone where you have to pay for airtime. It is telemarketers calling collect and no option to hang up, postage due junk mail with no choice to refuse to pay.
The money telemarketers pay for those calls goes to the companies that carry the network traffic, namely the local and/or long distance phone companies. The telemarketer pays for the network resources they use.
The cost of handling bulk mail is less than what the Post Office charges to send it. The profits the Post Office makes from the bulk mailers pay for the hardspace "network" resources for everyone else.
Spammers do not pay for the resources they use. I've seen recent figures as high as 4 out of 5 emails sent are spam. To look at it another way, this means that if your ISP allocates $10,000 of their revenues to buy some new mailservers, then you, their customer, are only getting the benefit of $2,000 worth of new hardware; the other $8,000 is spent to deliver spam. Since that money is coming from you and other subscribers, then your ISP either has to raise your rates or not give you the increase in service they otherwise would have. If $1 a month out of your bill goes for hardware upgrades, you're getting 20 cents worth and the rest is going to deliver spam.
Spam in no way subsidizes the Internet. The spammers are not paying for the resources they use. They are forcing other people to pay to handle traffic that they do not want. They are forcing every ISP out there, from the big backbone providers to SouthPodunkNet, to shoulder the cost of their advertising. The only money a spammer pays to actually support the network is the cost of a cheap dialup account somewhere. All the rest is paid to other scum for things like lists of email addresses, access to innocent people's hijacked computers, etc. But he is using 10^6 or more of the network resources as everyone else.
When you give your email to a website operator, and that website operator sells it, that money is what keeps your content cheap or free.
Very, very, very few addresses used for spam are those given voluntarily to a website operator. In fact, out of the hundreds of email addresses I've used with various websites and companies, I've gotten spam at exactly one: the one I gave to iBill. The vast majority of addresses used by spammers are extracted from web pages, forum posts, domain registration information, and just about anywhere else.
I watch spammers' spiders scanning domains that I host
Then there are the dictionary spams. Some hijacked computers in Brazil have been bombarding one of my domains all day with spam to random non-existant addresses, trying to find some that get through. People who don't even exist certainly didn't give their email addresses to anyone!
As it happens, I'm the webmaster as well as host for a site with a fair bit of free content, so I think I am in a position to know something of the economics of it. It works like this:
Neither I nor my client has ever received a single penny from a spammer. This particular client happens to have a mailing list (extremely opt-in, and protected like the vault at Fort Knox) for a newsletter. If he should wish to sell it to a spam list vendor, just how much would a list of under a hu
Here
Get paid to search..It's geniune and
Regarding send-safe...
I write code.
First of all, the cost of spam has never fully been paid by the spammers. Back in the days of Open SMTP relays such the most of the actual cost of the bandwidth was payed by people giving out service for free, because it was cheap and made the internet easier to use by all. Thus spammers stole took free resources and squandered them.
And secondly, spammers never had to pay for the download bandwidth. Imagine if the post office made you pay half postage for every single letter you recived, and someone sent you 10,000 messages. Your choices is either paying thousands of dolars, or forgetting about ever getting postal mail again.
But this is exactly what happend. A mailbox full of spam for a dialup user meant wasted modem time, which whent for as much as $2.95 an hour.
know you don't want to believe that, but it's true. When you give your email to a website operator, and that website operator sells it, that money is what keeps your content cheap or free.
I've never given my email address to a website tht sold it (with the exception being the LA times. But by then I was smart enough to use unique addresses for everything, and all the mail from them gets deleted automaticaly).
Most websites make money by advertizing, not by selling information. On my website, I advertize various pay services, and when the small persentage of people intrested in that service buy something, I get a cut. Some services work pay per click, or by impressions.
Thats the way the vast majority of websites make money. Anyone selling email addresses should be shot.
autopr0n is like, down and stuff.
Spam is not a matter of 20 mails a week, it is a matter of hundreds a day and rising. A friend of mine whose email address was compromised by being listed on his college website recently had to abandon that address, and try to contact everyone who knew him to give them his new one, because he was getting 500+ spams a day: over 99% of his email.
The cost of sending snail mail keeps it to a reasonable level. It also means that it is generally very tightly targeted. For example, I subscribe to a gardening magazine, so I get seed catalogs. I do not even have a penis, so I have very little use for penis enlargement pills, let alone fake Viagra and pictures of naked women (with or without horses involved). But because there is effectively no cost to the spammer, I am bombarded with advertisements for all of the above.
ISPs need to buy extra bandwidth, which is reflected in the users' bill.
And, while you may not realize this, some people value their time, and in many cases a monitary figure can be placed on it.
autopr0n is like, down and stuff.
Also, nobody trusts the UN because outside of the security council, it's just become a vehicle for US-bashing, and synonymous with ineffectual military pseudo-actions.
I am not saying Microsoft's approach is reasonable - nobody trusts Microsoft either. But there's no reason that registered email server must necessarily lead to a fragmented internet, it just means that there always has to be some chain of accountability for every email sent out.
For residential users, who do not pay a per-GB bandwidth transfer fee, spam costs nothing more than time just like telemarketers.
Where does that residential user's ISP get the money to buy the hardware and bandwidth to handle all that spam? The 4 out of 5 emails that their customers would do anything to avoid? Someone has to pay for it. Two words: end users. Just because you don't pay per GB for bandwidth doesn't mean you're not paying for it. It all gets worked into the monthly bill.
1) EFF aggregates list of spam-unfriendly addresses.
2) [...]
3) Profit!
The only problem is that you *will* have another generation of spammers who *will* believe that they can succeed in selling products to this anti-spam community. After all what age group/profession would qualify as the representative majority of the anti-spam movement?
The end result: more porn in your email.
Oh, but you do. First-class mail rates significantly subsidize the cost of bulk mail. The USPS knows better than to antagonize some of its largest customers. Ditto for the good folk at the RBOCs.
Basicly, FBI etc runs an "open relay" that is really a honeypot gobbling up the SPAM.
Leave it going for a while and from there, trace back to the spammers themselves via the logs.
523 euros is 634.056 USD. I'd hardly call that 'close' to $1000 dollars. In the US, it might be enough to live on if you had a really cheap apartment and only spent a couple hundred a month on food. But that would be pretty close to poverty.
autopr0n is like, down and stuff.
Dude, that's a bit sharp. What about UNESCO, UNICEF, the World Health Organisation, etc etc?
YLFIOne god, one market, one truth, one consumer.
Rule # 1 seems to apply to your post - spammers lie.
Or theres the worst case scenario system which most people never even dream of happening. Completely locking and disconnecting servers while distrusting everyone you haven't met in real life/someone you can walk up to and punch in the face. In this scenario, there is nothing free 'free' on the net since everyone assumes it'd be abused for evil rather than good (free Yahoo/Hotmail accounts?). No one would visit Slashdot in fear of the site tanking and then having their IP addresses sold to make what little money they can to break even. Public game servers would be non-existant in fear of being hit by a /. effect causing bandwidth costs to skyrocket. Online shopping would go bankrupt since no one would trust putting their credit card information online. Blogs would become non-existant since everyone would be paranoid of one another (whens the last time you gave out your real life phone number to someone you met less than 5 minutes ago on the internet?).
In otherwords, without the establishment of a 'few good guys' the internet would devolve into a hellhole of distrust, the very foundation of the internet in the first place. Its not about money, remember people did is decades ago for a fraction of what they would've gotten today (ie. billions to make Microsoft look like an internet startup). Its all about the belief that none (to few) people will ever use the software like Internet Explorer to brainwash children into believing the Holocaust never happened. Its all about the belief that Slashdot won't turn into a site where terrorists can hide and recieve secret messages to one another. Etc, etc...
The other people who make money, of course, are the people selling the Herbal Fake Viagra or whatever the product of the week is, because their costs are significantly less than what they're paying the spammers that sell it. Mortgage brokers who pay spammers for leads may be winning or losing - spammer-generated leads are likely to be low quality. Pr0n sites sometimes make money and sometimes lose it - they have to generate enough material to get people to actually pay them rather than just looking at the free sample material, and ISPs often charge them more because they're a high-bandwidth business that's highly likely to fail.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
the commons is polluted because the polluter doesn't pay the cost of the collective damage he does. Just like pollution, the solutions all require some sort of government regulation.
No, they don't.
But they do require an educated populace that agrees to, for the good of all, not do business with companies that pollute. If the company goes out of business they can't pollute, can they?
Unfortunately, most people in the US (and the world) are stupid. They care more about saving a few cents today than about saving the environment so they (or their children) can breath tomorrow.
Cie la vie.
Where to start on the faults in your terrible logic?
Misappropriating computing resources, last I checked that was illegal. Don't like it tough, it's still illegal! Apparently someone needs a dictonary to define criminal because this guy apparently doesn't have the slightest clue as to the meaning.
Moderately anoying not destructive, Lets see wasting my time or my CPU cycles on filtering out garbage like penis/orgasm/other questionable product I'd say that would destroy quite a bit of productivity.
Subsidises the internet, god don't make me laugh. Name one legitimate website that is paid for in even the most minute amount from spam traffic, oh wait you can't. Sites setup to hawk these wares need not apply.
OOOH goodie I can learn about exciting new products and opportunities. Lets see do I need pills to enhance anything, nope. Do I want to help some Nigerian ex-patriot?, nope. Need hardcore porn with barely live grandmas?, again no. So far nothing EVER sent to me has even the slightest appeal to even the sickest parts of my phyche.
If it is such a legitimate marketing tool as you claim why is it you and your ilk make feable attempts at fooling bayesian filtering? How about forged headers? Websites that resemble legitimate businesses to trick the feable minded into handing out their money?
Had you been a legitimate business you wouldn't need to resort to any of these half-assed tools.
Even a brain dead preschooler can see the multitude of rather large cracks in your attempt to make it seem legitimate. So think before you start spouting your bullshit retorik.
For one thing the ORBS blackhole has been doing this for quite some time. Testing relays, and blacklisting them if they're open. It was a widley used blacklist back in the day. Anymore? I'm not sure.
The fact is, no one leaves relays open anymore. You can't, all mail software comes with open relaying turned off. You have to actively turn it back on. The problem these days is open proxies, and hacked boxes. Machines from which no legitimate email will be sent.
autopr0n is like, down and stuff.
Not to be an asshole, but aren't screenshots usually of things that happen on a computer screen? I was thinking maybe you mean pictures... Am I correct?
Not true. If your ISP is charging 19.95 a month, and $5-$6 of that is going to pay for an abuse-desk person and extra bandwidth to help deal with the spam, then while your monthly charge may not go up and down depending on spam levels, it's still cash money out of your pocket. ISP's have to have the bandwidth, server processing, and storage space to handle the spam - and they pass on those costs to their users.
You *might* be able to make that argument about Netzero or some version of completely free ISP - but even there, the fact that the end user doesn't pay the money to cover the extra costs associated by spam doesn't change the fact that the cost is still there, it just changes the argument about who the spammer is stealing from.
And if Telemarketers are bothering you, then you're doing something wrong. Join the DNC list, get a cell phone - something. I practically never get telemarketing calls. It's been so long since the last one, I can't give a close guess how long ago it was - 9-12 months, probably.
Better yet, confiscate the profits from spamming activities and use that to pay them. We need to introduce disincentives. Having some big company pick up the tab just subsidizes the spammers.
US-bashing?
the US deserves to be bashed right now for their horrific record on just about every topic that you could possibly list.
i don't see that this is the problem - if anything the UN is not trusted simply because they MUST do what the US tells them, or the US simply veto's any motion, or simply does not support them (ie kyoto, etc) which effectively kills whatever motion is being attempted.
If the US (and their current militaristic foreign policy approach) continues, and if the UN becomes the global watchdog of the internet, what would stop the US from 'providing' the UN with their patriot technology, because it would really 'make things simpler' to monitor and police spam and those damn 'terrorists'...
Gekido's Lair
Somewhere Douglas Hofstadter is smiling.
"Yields spam when quined" yields spam when quined.
When all you have is a hammer, everything looks like a skull.
The same reasoning that makes it ok to access a web site without the owner's express consent also makes it ok to access an open mail relay.
Previously, spammers just used an insecure mail exchange that someone else used, abusing the system. Now, they have worms hack into unsuspecting systems and set up mail relays of their own. These two relays are fundamentally the same.
No, they aren't. The first involves using a publically offered resource. The second involves *modifying the behaviour* of a *private system* without consent.
/Devil's advocate
When he says that the meat comes from the former Soviet Union, the cheapest food I know of [having lived in Lithuania], seems to come from Belarus or Ukraine, especially from the region around Chernobyl.
Now, if you buy (for example) those add-water-and-heat noodles from the Ukraine, you're going to get a good bit of Cesium(Cs-137?) in it, because -- and this is according to Lithuanian natives, who probably got it in their news -- the Ukrainian government has limits on the amount of Cs that can be in it, but accepts companies taking contaminated grain and mixing it down with uncontaminated grain, to meet the required levels.
Point being, I probably wouldn't suggest that this meat is good to eat, any more than I'd eat lamb from the Scottish moors (sorry, same problem: Chernobyl's Cs-137. It seems that the plants have been recycling the Cs back to the top.)
Correct Horse Battery Staple: 72 bits of entropy. Enter "Correct H" into google. When it generates the phrase, that's
No, it's worse than that. For us geeks, SMTP is about the extent of it, but for Joe and Jane Average the problem extends to their whole machine. Virus infected and malware ridden machines that are unusable aside from viewing porn popups. It's hitting the grassroots first-experience people, and it'll kill the consumer Windows market if nothing else. Maybe not such a bad thing in itself, but still, these are the people the spammers are trying to reach - the mythical "consumer". They're shitting in their own nests, and too dazzled by a few $ to realize it.
That said, how about setting up an anonymous spammer bounty fund?
Forget thrust, drag, lift and weight. Airplanes fly because of money.
1) EFF aggregates list of spam-unfriendly addresses. 2) Spammer submits prospect addresses to EFF. 3) EFF returns list minus spam-unfriendly addresses. 4) Spammer compares cleaned list to original list 5) Spammer now has a list of known good addresses
Wow! 6 Fold turnover of original costs in the first month? Where do I sign up? My email address is...dummy@slashdot.gro ;-)
-=-=-=-=-=-=-=-=-=- "Ask not what your computer can do for you, but what *you* can do for your computer."
Known good doesn't matter if they're known useless.
anybody know any lists these email addresses can be put to? support@send-safe.com, techsupport@send-safe.com, good@send-safe.com, orders@send-safe.com
Every day I get dozens of delivery attempts at an address I used to run a listserver on, which has been invalid since 1998. No human has *ever* been behind that address. The spambags do not care about invalid addresses.
How true. But you can use that against them!
I have several addresses like that. Some were accidentally created for me on other sites by scripts like wpoison. Others are spammer-specific mutations of my real address. And I have a number of old addresses, like special ones generated for Usenet News posts five years back.
Now I feed them all into SpamAssassin's Bayesian classifier. I even looked in my logs to see the 100 most common choices for dictionary attacks and feed those in, too.
Now, thanks to the spammers, I get a lot less spam in my inbox! Yesterday's score was 356 messages fed to the trap, 145 spams in my spam folder, 1 spam in my inbox, and no false positives.
This jackass sent me a spam yesterday. The entire website consists of the same message I got in the email plus a form that doesn't validate submissions. About once an hour I've been dropping by to tell this dude what a worthless scumbag he is. Maybe you'd like to send him your own message. http://seo-profits.com/
If their web site is working well enough to poke around on, you can download their programs for free. There's the main send-safe program, some harvester stuff, a "honeypot detector" for finding anti-spammer honeypots, email address verifiers, etc. The stuff looks like it only runs in demo mode (limited number of addresses per run, etc.) unless you buy a license code. The terms of use talk about not using it to illegally spam, but don't say anything about not reverse engineering it (though I haven't tried installing any of the software.) It'd be interesting to see what tools they use for detecting us, and how we can work around them, and of course all that downloading burns their bandwidth, which they're probably paying for by the megabit.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
First-class mail rates significantly subsidize the cost of bulk mail.
Nope, it's the other way around. Bulk snail costs the postal service very little to process. It's delivered to the sending post office sorted by zip code and pre-coded; basically, all the system has to do is truck it where it's going and put it in the right bag. Your last birthday card, on the other hand, had to be picked up from the snailbox by a carrier, its address deciphered, bar-coded, sorted by destination, etc. For doing all of that, basically everything but the hauling and final delivery, they get a discount of a whopping six cents -- 30.9 cents instead of 37 cents. Bulk mail supports first class, not the other way around.
Don't confuse "the US" with the current administration and president. Many of us are working very hard right now to make sure he doesn't get elected again. The rest of your claims ("horrific record on just about every topic that you could possibly list") just don't hold any water.
Yes, they do. For awhile, I sent spam complaints from an address used for no other purposes - spamcomplaint@ (my domain). That address now receives spam. They havested the address that I used to send complaints about spam, and they use it to send more spam.
What we really need is a registry of spam-unfriendly email addresses.
Spammers have been known to trade lists of known anti-spammers, known spam-trap addresses, and such. Some of my addresses have (correctly) been on those lists. It doesn't seem to lower the spam, though.
Your basic idea is to create a one-stop "do not spam" list. That's been tried by spammers, by anti-spammers, and even the FTC can see that it won't be effective. You, of course, believe this to be a new concept - but that doesn't change facts.
They're not evil.
Yes, they are. That's why I get bounces because they forge my addresses. Almost all spam is sent using forged addresses because these people are dishonest, unwilling to admit who they are, unwilling to deal with the bounces they cause, unwilling to pay their own bandwidth costs. They don't give a shit if they ruin email for everyone else. They'll do anything they can if they think it *might* get them what they want. Just like a rapists decides that he doesn't care if the woman doesn't want to have sex, he does it anyway to get what he wants. Just like a thief doesn't care that he's screwing some honest citizen when he robs them - as long as he gets what he wants. And just like the rapist and the thief, the spammers are evil, out to get what they want, regardless of the damage it does to others.
Known good doesn't matter if they're known useless.
... fake bounce messages ... using images to replace keywords ... irrelevant words to fool filters ... false subjects, false senders, false headers, false everything ... and, of course, using "remove" addresses for validation.
Then why do you spammers go to great lengths to dodge around every attempt we make to avoid your deluge of sludge? Isn't the mere fact that someone filters out emails with the phrase "penis enlargement" in them just possibly a clue that the person is not a likely buyer of penis enlargement pills?
Yet you persist. You find new tricks. You use fake "personal" emails
Yeah, you really don't want to spam people who don't want your sludge. Right. Go tell it to Satan.
I think most of the slashdot community would agree.... ping -t -l 65500 send-safe.com
ItWasFree.com - Take the mystery
I personally found the screenshots at http://www.send-safe.com/screenshots.php to be VERY informative and would recommend that everyone interested in how spam works to check out the site. In fact it probably changes a lot so you should hit reload often...
Oh, but you do. First-class mail rates significantly subsidize the cost of bulk mail. The USPS knows better than to antagonize some of its largest customers. Ditto for the good folk at the RBOCs.
Actually, that is incorrect. First class is low volume and collected in many places. Bulk mailings are high volume and usually collected at either one location or several locations regionally (like national periodicals). Bulk mailings for the USPS must meet strict guidelines. The more guidelines a mailing meets, the cheaper it is per item. With magazines, for example, if the cover is approved by the USPS, it is cheaper than an unapproved periodical cover because it is easier for machines and letter carriers to read the address. Bulk mailings are cheaper because their collection is streamlined, they are sorted for further discounts, and they have lower priority than first class.
You're right. Some of them are evil. The scammers, the relay theives, and the people who forge your address as your return really are evil. We're both guilty of over-generalizing.
While some use the above practices, others are just operating creative businesses as legitimate entrepreneurs. They're creepy "SELL!!! SELL!!! SELL!!!" people, just like the one's who produce infomercials and "No Money Down Real Estate" seminars, but they aren't all evil.
Then why do you spammers go to great lengths to dodge around every attempt we make to avoid your deluge of sludge? Isn't the mere fact that someone filters out emails with the phrase "penis enlargement" in them just possibly a clue that the person is not a likely buyer of penis enlargement pills?
... fake bounce messages ... using images to replace keywords ... irrelevant words to fool filters ... false subjects, false senders, false headers, false everything ... and, of course, using "remove" addresses for validation.
Because they don't know whether or why a filter's there, or even whether you or your ISP put it there. Even legitimate, non-commercial mailing lists have to fight against filters now...
Yet you persist. You find new tricks. You use fake "personal" emails
Yeah, you really don't want to spam people who don't want your sludge.
And please don't use "you". I'm not a spammer. I just know some well enough to be an aplogist for those particular ones. Yes, there are "evil" spammers who do plainly illegal things, but there are also some that are just well-meaning and creative businessmen trying to make a buck.
They work towards efficient prospect lists, avoid stealing relays (theft), avoid using other people's from addresses (fraud), and other such things. Yes, they use some of the tricks you mentioned to defeat filters, but mostly because the filters are too restrictive. In many cases, the filters aren't even optional for users. It's rarely the user who put in the filter, but the ISP; the marketer has no way to know, and therefore works to circumvent the filter.
Flamebait? That must be someone with moderator points and a large bruise on their face.
if you think this is bad, you should have seen my last sig
You slashdorkers really are a scary bunch!
As current events go, I can quite easily and unreasonably extend this analogy to the actions of coalition forces in Iraq, with such things as prisoner abuse. But I suppose we shouldn't go there. I better not as I wouldn't want to be labelled as a troll.
Dumbass.
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
All mail admins out there take note. Rejecting connections from blacklisted open relays saves spammers money! Whereas accepting mail from blacklisted relays means the spammer has to pay!
Don't block China, accept all the mail you get from there and stream it to
One of the things I noted in the article was that the bulker only gets "charged" if the email is accepted. Why not begin actually accepting the messages for those that show up in the RBL's, but dumping them after the final "OK" just never sending them onto the final recip?
That doesn't help server load, or bandwidth, but in the end, bulker "A" will get "billed" for sending all these great and informative pieces of crap, and the end result is the same as if we'd refused it with a message they'll never really see, only with this they'll pay for it--small as the cost may be.
The world according to SComps
Thats the thing about collatoral damage. Those doing the damage have the arrogant assumption that it is acceptable because the greater good is served and do not think that they have to take responsibility for it.
So ISPs that allow criminal activities on their network shouldn't have to accept the consequences of their actions, that being that no legitimate networks want their traffic?
As current events go, I can quite easily and unreasonably extend this analogy to the actions of coalition forces in Iraq, with such things as prisoner abuse. But I suppose we shouldn't go there.
No, you shouldn't. No one is forcing anything upon the rogue ISPs. Blacklists are a way for a network to protect itself from the criminal actions perpetuated by ISPs that don't care about their criminal customers by voluntarily refusing traffic. There is absolutely no paralell to voluntarily rejecting packets from a known 'net sewer and torturing Iraqi prisoners. Only a moron would suggest that an effective analogy could be constructed from that.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
the current administration and president ARE what the rest of the world sees as far the general outlook of the US, after all it is the economic policies and foreign policy directions that they provide that affect the rest of the world the most.
;}
of course every american isn't the same, but every american isn't in control of the largest military force the planet has ever seen either
Gekido's Lair
I completely agree. My post was referring to spammers who are following the letter of the law.
Given that the very nature of spamming involves theft of resources and trespass, you should never EVER trust that any given spammer is a "law-abiding citizen". Yes, they might be "obeying the law", but that's only because the DMA bribed congress into passing a law that essentially makes a form of electronic theft legal. It has nothing to do with them wanting to be law-abiding citizens.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
but they aren't all evil.
You're right. Some of them are just too damn stupid to understand that what they are doing is stealing. They're mentally incompetent. I guess that they should be instutionalized rather than jailed.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
All these comments and nobody used the term "Tragedy of the Commons"? Just two references to "commons".
Man, you're a genius. I was totally saying that spam is a non-issue, you sure put me in my place. Thank the lord.
Oh wait, no, that's wrong.
Did you read my comment before replying? I never said spam wasn't a problem; I called it "a pain" - I generally consider pain to be a problem, but maybe you're an easily confused masochist - perhaps I should have been more clear. Allow me to elaborate for your edification:
The point of my post, the grandparent of this post, was that the great-grandparent of this posts argument was specious. That is all. It is not a commentary on spam inasmuch as it was a commentary on the lack of logic one commonly finds in this forum.
Thank you, Jethro Rose, for decreasing the signal to noise ratio on slashdot even further. In the future, please try to think of something to say before speaking.
I never talked about ISPs not having to suffer the consequences of their actions. I was talking about the innocent parties that get involved in these kind of fights having to suffer through no fault of their own. My previous posts are in support of measures to stop SPAM but I argued that the methods should be reasonable to stop innocent parties from being hurt. I believe that no amount of harm done to innocent parties is acceptable.
As for your other reaction to my comments may I draw your attention to the fact that I said my analogy was unreasonable already. My analogy was merely constructed to show how a reasonable assertion that collateral damage is acceptable can turn into real world nightmares for the people caught up in said damage. Perhaps I should of made it clearer that I wasn't comparing the blocking of network traffic to the abuses happening in Iraq.
However they tend to get rather uptight about you earning money in any way shape or form. This is infact the weak point in our system (the american is that you have homeless families). that it is at times simpler and more cost effective to stay unemployed than to get a part-time or worse shortterm job.
I guess you have to be a big time spammer to make a profit. Next time he better buy 3 cd's worth of addresses.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
... it's still cash money out of your pocket
You are missing my point. I'm well aware of the economics of ISPs. What internet people seem to forget is that the voice networks are built with nearly the exact same resource that data networks are built with. Each spam I receive eats up a few K of bandwidth as it makes its way to my desktop. Each second of voice communication with a telemarketer takes up a minimum of 8k of bandwidth, 64k if no compression is used.
It takes several seconds for me to recognise that a voice caller is actually a telemarketer. If it takes 8 seconds, then the telemarketer has wasted between 80Kb and 640Kb of bandwidth. The largest spam sitting in my inbox is 30k, most are 10k or less. Clearly a single message from a telemarketer consumes up to an order of magnitude more bandwidth than a spam.
Now, consider my time. Mail.app finds and deletes almost all of my spam, so I rarely have to worry about it. When one does slip through, it may take a maximum of 10 seconds for me to identify it as spam and delete it. When a telemarketer calls, It takes a minimum of 10 seconds to identify the call as a marketing call, and possibly many more seconds to dismiss the caller depending on how polite I am.
If you are going to complain about spam, kill two birds with one stone and take out the telemarketers while you are at it.
Maybe we should treat other economic bads (e.g., pollution) in such a way: subsidize the non-production thereof.
;)
Taxing excessive pollution is rather common in Europe. Unfortunately actually paying people for doing the opposite is not
.: Max Romantschuk
With all this talk about it being important to hit the big boys instead of just small fry spammers... I was just googling when I saw the AdSense link to this company that sells, essentially, spamming lists.
They've got a snappy site design, and obviously shelled out enough to be a top google hit, so they're obviously doing well for themselves. Call them at 1-800-395-7707 (number from the page) to let them know how you feel (*wink* *wink*).
Schmiddy
http://cltracker.net -- powerful craigslist multi-city search
I pay for traffic.
80% of my traffic is mail.
50% of my mail is spam.
Therefore, 40% of my bandwidth costs are spam.
Comprende?
smash.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
My previous posts are in support of measures to stop SPAM but I argued that the methods should be reasonable to stop innocent parties from being hurt. I believe that no amount of harm done to innocent parties is acceptable.
Okay. Let's take a hypothetical ISP, we'll call it "Vertigo" or "Qworst" or "SpewYou Net", doesn't really matter. They allow their customers to engage in unethical, criminal activities. Not only do they let their customers spam, but they also allow their customers to use proxy hijacking to illegally hide the true location of their webservers by using hijacked machines as web proxies. They let their customers engage in DDoS attacks against anti-spam websites without action. They are openly abusive toward people who report the abusive activities of their customers, to the point of threatening lawsuits.
Now lets say that an organization -- an anonymous organization -- publishes a list of known crime-ridden ISPs run by corrupt management. They support the claims of the list with documentation of the criminal activities of the ISP's customers. This list is then used by responsible ISPs to block all traffic from the crime-ridden ISPs, since the ISPs who voluntarily use these lists have decided that they do not want to trade packets with known criminals.
Now let's say that you are a "legitimate" customer of SpewYou Net (now WorldCon). You're not actually doing anything unethical, you just happen to be giving money to a company that openly enables criminal activities in exchange for network space. Unfortunately, you discover that -- because your ISP has allowed their IP space to become a cesspit -- no one wants to trade packets with you.
Who is at fault here? The people who compiled the list of IP addresses owned by crime-friendly ISPs, the ISPs that voluntarily choose to reject your packets, or your ISP for allowing the netspace that they rent to you to become so undesirable to the outside world?
I agree that it's unethical to allow antispam activities that cause harm to third parties. I'm just a little better at assigning appropriate blame.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
why not slashdot the fuck out of send-safe.com
MOD PARENT UP TO 5: Insightful. I agree. spammers should be quartered, hung, shot, pickled, head-shrunk and then REALLY hurt.
"Doing what i can, with what i have." ~ Burt Gummer
The word vigilant, is too close to vigilante for my comfort :)
This is the most civilized way of handling any annoying situation:
1) Confront the annoying person directly, and politely.
2) If 1) fails, inform his superiors or some authority that can punish him for his misdeeds.
3) If 2) fails, try again.
4) If 3) fails, inform said authorities that if they cannot deal with the problem properly, you will take matters into your own hands since they are clearly not doing their jobs.
5) If 4) fails, bury the fucker appropriately out of sight of a backroad in New Jersey.
I'd have to admit that for the most part net.vigilantes jumped right to 5 about 10 years ago, but considering what the government is doing to stop known spammers despite the fact that we have more than enough evidence against them to convict, I think it's about bloody time that we started putting some heads on sticks. If it doesn't teach the others the error of their ways, it will thin their ranks considerably.
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
All you really need to know is that you (yes, you!) need to quickly patch together a perl or shell script that repeatedly accesses the site http://www.send-safe.com.
Let the uberslashdotting begin!
"No problem. I have the capacity to do infinite work so long as you don't mind that my quality approaches zero."-Dilbert
I am so sick and fucking tired of having to educate people who make 2 to 3 times what I do and have a shitload of useless letters after their name. Why the fuck should I NOT become a professional spammer? It would not only maybe fill in some of the fiscal insults I endure everyday giving morons the education their stupid "certs" are supposed to represent, but some satisfaction knowing my "fuck you" is spread throughout the world. Hell yeah I would be a professional spammer. (Thanx for the startup info by the way)
Go on and cry about social injustices and all that rot, maybe if the industry did not so fucking easily toss gasoline all over their workforce who can't buy that higher salary with a fancy piece of paper to show less knowledge and less intelligence, they would not be risking starting raging fires. I don't need a fancy piece of expensive paper or a bunch of useless letters after my name to clusterfuck your inbox and get paid.
Take that to the bank assholes.
Modding the post away wont stop the onslaught coming to your inbox!
I simply forward all of these (including full headers) to piracy@microsoft.com. Fighting these spammers is in the interest of MS, let them handle the problem.
Wrong again. Legitimate businesses, and legitimate entrepreneurs, do not send spam.
Unfortunately.
I believe you are a spammer. You sure sound like one. Even if you are telling the truth, the fact that you defend spammers for doing what they do means that you are a slimeball, just like them.
Wrong wrong wrong. AOL justifies that their $23.95 a month charge/ $3 is what is used to combat spam. Who pays that $23.95 a months/ Guess. And no, it aint the "high end users"
If you start complain on the protocol level you'd better understand it first!
SMTP is for the delivery of messages. There is nothing insecure about it.
I dare you to sketch how a protocol that doesn't deliver spam would work! Remember you are dealing with spyware-infested machines out there spewing out e-mail and you must somehow differentiate it from the normal e-mail they send. Plus there are the twin problems open proxy and open relay, but blackhole lists have taken care of them pretty well -- they were made around seven or eight years ago.
There IS a perfect technical solution, it's called PGP and was invented over ten years ago. Simply filter out non-trusted e-mail and you'll be all fine.
There you have it. Just as an example I've shown you TWO successful methods against spam. Exactly NONE has anything to do with SMTP.
I get my email bounced sometimes because AOL and some other ISPs have blacklisted mine; meanwhile I still get tons of spam. So I'm getting screwed by both the spammers and anti-spammers.
Imagine you are living in a place where you have a choice of two and two only broadband ISPs. One is a large phone company that is going broke and perhaps therefore is slack at preventing abusive customers from spamming, etc. So I go with the other one. But I find my mail is bounced by Americans who simply ban geographically. That's where the Iraq analogy comes in, BTW, Americans' cheerful willingness to inflict massive collateral damage on people who happen to be living in the same country as someone they don't like.
Since you didn't give me much to go off, here's what you say in the anti-spam part of your website:
Bulk email is perfectly acceptable as long as the recipients are willing.
Bingo. Those are the people I've been talking about. People who send bulk email in complete accordance with the perfectly reasonable opt-in laws. Maybe they make up a minority of spammers, but they're out their and there's no reason they should receive the abuse that people throw at spammers as a whole. You should be fighting against bad practices, not the whole thing. Otherwise you risk framing the problem wrong and putting yourself into a no-win situation.
Or to put it another way: there's always going to be spam as long as there's a profit to be made out of it. No matter what measures are taken, technical or social, it will only be an escalating arms race of spammer vs anti-spammers (whoever they are). Look at all the wrong things for sale out there: arms dealings, drugs, people and so on. As long as there's someone buying, the incentive remains. The harder it is to sell those things, the bigger the risks, the bigger the profit. The fewer the sellers, the harder they try. The answer to stopping spam is simple: ordinary people must stop responding to spam, stop buying the things they advertise because of the aggressive manner in which they are advertised. The moment the profits are not there anymore because spam itself kills it, spam will go away.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
No, it's pretty easy. If a spammer is selling something, he has to have a way to receive payment. In the story linked, the spammer simply directed people to directly deposit into his bank account (in Holland). He mentioned he got a lot of abusive phone calls after each spam run, so he wasn't hard to find. The problem is that individually each spammer is below the threshold to trigger action by authorities, like the FBI, that catch fraudsters etc. If they decided to make an effort and catch and prosecute some of these small spammers that would have the "heads on stakes" effect elsewhere advocated. Govts just don't care, and are heavily influenced by direct marketers to keep it that way. There's some hope though, since the "Do not call" legislation finally was enacted against similar lobbying.
I guess send-safe.com is aware of the article I wrote and the fact that it was slashdotted. Any link from this article to their website will send you back to my website. If you want to be able to follow all links from this article, switch of the Refereren in your browser.
Someone should go and break his legs, that way the medical bills can eat into his profit even further. The message it sends to other spammers is also worth it.
Dont blame all the spam on these companies, just because they sell the tools to mass email at high speeds anonymously, the Government organizations are the ones that approve these Companies to go ahead, but I think as long as they pay their tax the Government really doesn't care. What do you think??
If spammers were legitimate direct marketters then they would:
a. not forge addresses and headers
b. not repeatedly try to get around the filters that those of us who don't want spam set up.
However, my oppinion on all direct marketting is that it should be banned - it is intrusive, I never asked for it and no matter how many times you ask the marketters not to contact you they still do. I make a point of never buying anything from anyone who has tried to direct market to me. I wonder if anyone has done any research on how many customers companies lose through direct marketting (obviously it's offset by the morons who respond to the marketting but I'd still be interested to see the results of such research).
Most of the direct marketting I receive is completely untargetted:
Mailshots - I get both junk addressed to me (even though I'm registered on the Mail Preference Service) and stuff hand delivered (no, oddly I'm not interested in selling my house... especially since there is a bloody "sold" sign outside indicating that I only just bought the place)
Telemarketting - luckilly most of the telemarketters actually take notice of the Telephone Preference Service register and I don't get too many of these... I still occasionally get cellphone companies phoning my cellphone (which is still on contract - I can't change provider for another 10 months) asking if I want to switch provider.
Spam - oddly enough I'm not interested in making my pen!5 big.g3r - it's just fine as it is thank you.
SMS spam - all those people who claim that charging per email would prevent email spam take your lessons from SMS spam - the operators pay per message there and there is still a huge amount of untargetted crap delivered to my phone even though it's been illegal since December 11th last year. The messages also usually arrive in the middle of the night and wake me up (I have to have my phone turned on when I'm on call)
I am also having problems with the reverse-billed SMS services - technically you have to subscribe to them, but I have never subscribed but have been receiving reverse billed SMS messages. My operator won't do anything about it and tell me I have to contact the company sending the messages (who never answer their phone), so instead I have to contact ICSTIS, who's phones are always busy. Orange have told me there is no way for me to block reverse billed SMS messages and that if I refuse the pay the bill then they will cancel both my handsets and record a bad debt on my credit record. Nice industry - I hate them more than the email spammers.
http://blog.nexusuk.org
Kill the spammers
Kill the spammers
Kill the spammers
Kill the spammers
Kill the spammers
---
You can fool some of the people all of the time, and You can fool all
of the people some of the time, but You can't fool mom.
"...and nothing ever could."
You can't even be vaguely serious with what you are saying.
As much as I hate spam, I can not agree with calling for cruelty and violence. Is that the spirit of our ages? Torture and abuse grown into a trend? Violence as an appropriate mean? Shock and awe as social corrective measures? Is there not other way?
Somehow in my naive mind I had the impression that we had left this behind in the middle ages, but these days I am disillusioned more and more.
Even with the smiley I can not find funny what I read there.
-silence
Dyslectics of the world, untie!
send-safe_DOS.pl flooder:
Then launch 32 simultaneous flooders:
"When you give your email to a website operator, and that website operator sells it, that money is what keeps your content cheap or free."
And how about that operator being honest and upfront about their selling emails to spammers? Chances are I wouldn't want their content in the first place.
When did it become anything else but fraud to lie about the costs to your customers?
What these fucktards are doing is no less than if I were to advertise "FREE pens!!!" But once you got one, I start showing up at your place, reading your mail (a RL equivalent of spyware), changing your channel on TV to what _I_ want you to see (adware and spam do a good equivalent of this), and interfering with your phone calls (an equivalent of spam again.) Oh yeah, and start shouting in front of your windows that you better pay for that pen already, you damn freeloading cheapskate. Even though it was advertised as FREE. (Some software advertised as FREE, e.g., RealOne, just loves to behave that way.)
Oh, and there's no way to opt out of that, for the rest of your life. Except if you move and don't give anyone your new address.
It wasn't in the contract, it wasn't in the fine print, and I conveniently forgot to tell you about it when you registered to get a cheap pen. But hey, you should be grateful. You got something for free. Right?
Would you put up with that kind of annoyance just for a stupid pen you probably didn't really need to start with? Chances are that if you knew up front about the real cost you're about to get, you wouldn't want it. And chances are that if I pulled that kind of fraud IRL, you'd sue the pants off me.
So why is dishonesty and fraud suddenly OK just because it happens online? Since when is having some piece of fucking useless and uninteresting HTML text justification enough for fraud? No, really. I want to know.
Oh, and another thing. You may think that making yet another obscure free site is God's gift to the Net. Don't flatter yourself. Most of those sites are free for a damn good reason: that noone would pay for their content even if it was the last site left on the Net.
Here's your free bit of economic clue for the day: the measure of how much something is worth, is how much people would pay for it. If noone wants to pay, maybe that's your clue that your precious content is worth exactly nothing.
And that goes double for blogs. Now far from me to keep people from doing the HTML equivalent of wanking in public and hoping to actually get some attention. But it always cracks me up to see _some_ of them get all infatuated about how their incoherent retarded whining is some valuable source of public information. Oh puh-lease.
And no, it doesn't give you the right to lie, cheat and sell addresses to spammers to keep your worthless content online.
A polar bear is a cartesian bear after a coordinate transform.
I must say Americas attitude really makes me cringe at the moment, it basically amounts to if a foreigner does something we consider morally wrong then kill them. I'm from the UK and I totally agree that spamming is destructive and unwanted, however try looking a little deeper into why people do it.
If I lived in a poor Eastern Europe or run down soviet area I might find myself doing the same as some of these spammers. Imagine you lived in one of these countries and had tried to get legitimate work only to find that it doesn't make you enough money to buy food or pay for expensive American drugs that would save your dying mother etc., what would you do well chances are you'd probably turn to spamming as an extra source of income. Perhaps justifying it to yourself with, well if the drugs didn't cost so much I wouldn't have to steal etc.
A contrived example granted and I'm not saying that everyone ripping off America is doing it to help their poor sick mother. What I am saying is that people usually have their reasons for doing what they do and until we concern ourselves with what they are and look at dealing with them, rather than trying to solve all problems with greater punishments we will remain in this situation.
Like I say I don't in any way condone this behavior. However I do understand it! The fact of the matter is that you will never succeed in beating the rest of the world into accepting your way of life. We need to help other countries to build up their infrastructures to the point where crime isn't the most profitable business they can lay their hands to; while at the same time closing legal and technical loopholes that allow this abuse in the first place.
At the end of the day we are not isolated islands we are all connected and our actions affect other people and as the saying goes you will reap what you sow. Be very careful about wanting other peoples heads on a stick until you've walked a few miles in their shoes. An eye for an eye makes the whole world blind.
Bingo. Those are the people I've been talking about. People who send bulk email in complete accordance with the perfectly reasonable opt-in laws. Email sent to people who opted in is, by definition, not spam. Regardless, there are no opt in laws in the US.
The US does have a very unreasonable opt-out law that lets people spam legally. That doesn't change the fact that they are spamming. It doesn't make it morally right. The people they send to still don't want their crap.
I'm not arguing that email can't be used to market. There are a lot of legitimate email lists used just for that purpose - but those lists are opt in lists, not spam. (Hint - I run two opt in lists myself, and one is used to market to a very small niche group.) I'll stand by my statement - legitimate businesses, and legitimate entrepreneurs, do not send spam.
Agreed wholeheartedly. If you hand your details to a website and it then sells them, it's a violation of trust and privacy.
However, I think I read that nearly all spam comes from China, where ye great Communist government is keener to block anti-government propoganda than it is to cut down on the waves of spam radiating from is country. What can we do about it except turn our filters up?
PocketGamer.org - For the gamer on the go!
> the commons is polluted because the polluter doesn't pay the cost of the collective damage he does That's exactly the the problem of Liberalism in the economy. The "invisble hand" that makes the bad companies go away and regulate the economy doesn't fix stuff like pollution, because the companies themselve don't care since it would only push down profit.
of course spam would be rendered useless if no open relays were about (smtp auth replaced smtp) and hotmail, yahoo et al had challenge-response spam systems, instead of fairly useless bayesian (sp?). i left a mail server open to relaying by mistake a few months ago, and had 1.5 million emails in the spool directory after 2 weeks. It took 6 hours to delete the files in windows (in DOS)
While the current administration has made US-bashing almost too easy, it would be nice if there was more recognition outside the US that, as often as not, wherever there's an American (corporate or otherwise) buggering up the world in the pursuit of profit, there's another American working to try and put it right.
Award for most ironic spam email has to fall the one I got advertising the anti-spam services of http://www.spamarrest.com . I admit i signed up...
Nothing costs nothing
Sorry, you lose; The Chinese outnumber us now, the Soviet Union outnumbered everybody in the day. We won't go into how many men the Roman Empire fielded at one time.
That's more or less what the Kyoto Accord was trying to do (carbon credits, etc). Unfortunately for the human race, America has a mongoloid fuckwhit as president...
The problem with Kyoto is that it's not nessesarily based on reality. Carbon dioxide emissions as a cause of global warming is only one of many different theories about climate change. Among others, some have noticed that solar flare patterns coincide with climate change far more readily than carbon dioxide emissions, and new work put out also shows that the warm period we're in might be just beginning, and could last as long as 13 thousand years more.
Without a definitive, agreed upon set of facts, we shouldn't go rushing off to change anything. Long before we decrease CO2 emissions(actually, we(civilization at large) already have -- in the past 50 years or so, our CO2 emissions have dropped dramatically), I'd be more interested in continuing to reduce sulphur emissions, since that DOES have a direct impact on the health of humans, and other toxins which have a direct impact on humans.
It's been a long time.
I also noticed that the Send-safe's Screenshots link from the article has been turned into a redirect back to the article's site homepage!
Save Maine's economy: write stuff down. All comments are exclusively my own, not my employer.
Actually, in raw number of soldiers, you are probably right... However, in military might you are VERY incorrect. A single US soldier could quite probably utterly destroy about a full roman legion without breaking a sweat.
It is not the number of soldiers that matter, is what you can do with those, and in that matter, there is no doubt that both in terms of absolute and relative military power, the US is very probably the greatest military empire of the last centuries.
If they reveal his identity, he's going to need bulletproof clothing as well.
I love C++
...more like this crappy insecure non-authenticated protocol called SMTP would die.
Well, then, why don't you authenticate? Until you start PGP/MIME signing all your emails, you have no place to complain about SMTP's "insecurities". HTTP is just as "insecure", but people use it for web commerce every day. How? They added a level of security over the HTTP transport layer. Do the same with SMTP. SMTP works just fine, and will never be replaced (and if by some chance it is, the replacement will have the same vulnerabilities).
The first step to ending spam is PGP/MIME signing your email. If everyone did that, the spammers would quickly be out of business. Even if they *did* sign their emails, it would take more processor time (think hashcash) and would be more easily filterable.
I sign all my email -- why don't you?
"Save the whales, feed the hungry, free the mallocs" -- author unknown
I used to get about 500 spams a day until my ISP started using Brightmail filtering, now I just get a handful.
However, a few months ago I got 11000 spams (all for colonic irrigation) in one day. It took several hours just to delete them all.
Cress, cress, lovely lovely cress
Am shutting down about 150,000 infected hosts per month. reporting about 5000 - 6000 spams a day.
GET INVOLVED - report your spam today.
Any spam WE get, is immediately sent back to the ISP's "abuse" email within 30 seconds.
The spam reports are very consistent, accurate, and very easy to write a script to temporarily disable the infected host during the spam operation.
I noticed that the proxy scanner trial version uploads found proxies to their own system for their own use.
I wonder how hard it would be to pollute their database through this.
It was quite something that they talk about honeypot makers as if _they're_ the bad guys - out to stop an honest spammer doing their work. Surely this site is offering to hack other people's networks on your behalf, which must be illegal!
Caller ID is all well and good, but all it proves is the computer that sent the mail. These spammers are using open proxies and virus compromised Windows machines.
As long as its possible, and likely, that a virus can take over a user's computer and perform actions as that user, then it is possible to send junk email. If email is charged, then I see a lot of innocent users having their bank accounts drained by virus spending their money on their behalf.
I'd hope that this would spur more people into securing their boxes, or using more secure software, but the complete lack of change after all the previous virus problems makes me doubt it. Pity.
http://www.send-safe.com/screenshots.php very interesting software...
Reading the article (gasp), it occurs to me that one technique we could use for fighting spam could be accepting the spam as though it will be delivered, but not delivering it. The spammer in the article got charged by safe-send for each email accepted by a targeted email server. Rejected mails or refused connections impose no cost on the spammer. So maybe we need to seed a few fake open relays to absorb spam.
http://www.send-safe.com is up, not down.
/.'d it for a while last night.
Maybe we
FWIW, it is pretty interesting to read the "Manual" at that site. It's a complete packaged solution for sending SPAM through zombie-proxies, they provide a proxy network in the price, extensive use of randomization, base64 encoding options, etc. The manual is well-done.
It is very, very clear in the manual that SPAM uses hijacked consumer PCs.
It's a complete packaged solution that lets small-fry spammers use some of the tricks of the big-bad-boys. It's an indicator of that part of the current state-of-the-art that someone has packaged as a solution. It also shows that spamming is enough of an established, stable business for someone to invest to do this.
I think we should take the manual and show it to politicals and anyone else who might believe that spammers are semi-responsible.
-- Sally
Why would Americans be blocking traffic based upon geographic location?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
At least with direct mail, if a marketer sends you something with a "Business Reply Mail" - Postage Will be Paid by Addressee, just follow these simple steps: 1.) Fill large brown box with phone books or old tires 2.) Tape Business Reply Mail postcard to box 3.) Mail at your nearest USPS post office! 4.) Voila! no more direct mail from that marketer! I have a friend who's done this and when he gets Fax spam, he just sends a fax back to the individual saying please remove him from their mailing list and sends about 400 copies.
There is lots of data that says that a majorit of all spam is sent by the top 200 spammers; kill them all in greusome ways, and they are unlikely to have followers :-)
:-D
Personally, I think that when these shit heads are sentanced, it should be based on how stupid their spamming is. For example, I'm getting a bunch of "Popular software - very low price" emails, to the same email address**, on the same day. How is that fucking useful? How is that going to increase their sales? Surely it is very fucking obvious that this is going to piss people off? (appologies for the rant!)
My own feelings about sentancing are that prison just costs society even more. Me, I'd nail their genitalia to a table and kick them in the back of the knee.... firm but fair!
Seriously though, I'd have slightly (not much mind) more simpathy (or is that empathy?) with them if they'd clean their database a little (removed "webmaster@" addresses maybe?) and not send the same email n times per day.
Okay... I think I'm done now.
**And the email addresses they are using are "webmaster@" and "domreg@".. the former I've never used anywhere and the latter I've only used when registering domains.
Go with something other than broadband. Send your mail through some other server. Call your recipient and ask them to whitelist your IP address.
There are plenty of alternatives. There's no reason I should be inundated with spam because your ISP is unethical.
FNKMASTER: I don't know what the heck this "green economic" theory is,
I'll help you. Here's a quick definition:
FNKMASTER: We covered this in AP Economics in high school, many years ago before spam existed. These are called negative externalities - the commons is polluted because the polluter doesn't pay the cost of the collective damage he does.
There's a little more to it than that, but the above definition is good enough.
Fnkmaster, meet Fnkmaster.
I like how you edited my message from 2000+ to 20+, reducing my problem by several orders of magnitude.
I'd also like to point out that direct marketing pays for me to get their messages when using postal mail or the phone. But with SPAM, I'm the one paying the freight! This is why fax marketing was banned in the US.
SPAM is illegal in the state that I am in as well. But again, I don't have the resources to go after these people, or the time.
So quite trying to defend the indefensible. And my argument is not spacious. Spam does me harm by using my money and my resources.
or would be compelled to make deals with actual organized crime.
I remember reading somewhere that various mob-type groups in Europe/Asia were basically selling off huge lists of compromised machines as well as ways to make use of them.
Some spammers were buying these lists to use the zombie machines as spambases. So really, they're already involved with organized crime.
If people must contact you (and don't already know your email address), have a CGI form which may be filled out to send you contact email. Add a little security such as checking the referer record (that it matches your site and isn't a bot) etc.
Did this with my site and it does seem to help.
The current bidder is: nelly4269 (21 items) from the UK Huddersfield, West Yorkshire (Spammers lie, but hes been buying stuff)
29.00 GBP
No website, has hosted images, (ripped from some IT site).
From previous, cached, purchases:
He seems to, like GOLF, so I'll play the probabilities and say it IS a 'HE'. the amount of golf clubs he "owns" suggests he may have a golf shop somewhere, but not on ebay (other items).
Nelly also likes quick get rich schemes, specifially from ebay (book).
The LARGE polo shirt and heart monitor suggests he is a FAT B*ST*RD, with a heart condition. Stressed?
The rocking chair may suggest he late middle aged or above.
Everybody seems to like him, but could not sell his NINETY EIGHT (electronic!?!) copies of.
"How To Get One Million Visitors To Your Website"
.
Suggesting FAT EVIL SPAMMING CON-MAN GOLFER/shop owner.
.
.
I wear a tin foil hat for a reason, you know!
I think that some moderators mis-moderate intentionally; i.e., I think that some people use moderation as a trolling mechanism.
Those who sacrifice security to condemn liberty deserve to repeat history or something. - Benjamin Santayana
Consider $0.1 average payment per spam email sent: P. Spammer has circa $27,000 in costs, $1280 in reveniue, no profit. He switches to something else, stops polluting the net. So does everyone else. Problem solved.
17779 eligible voters in a district, 17779 'vote' as one. This is Russia.
This comment should not be modded Troll. It presents important points about the debate regarding global warming that are widely unreported by the mass media. I can only surmise that someone out there decided it was politically incorrect to mention differences of opinion among the scientific community. If so, it's too bad that the moderator(s) haven't done their own research, but just blindingly follow the media's line.
It's easier to be a result of the past, but more fun to be a cause of the future! http://www.spacefinancegroup.com/
Try using java script to print out your email address. Completely human readable but since most bots just grab source code they won't be able to piece it together, unless they implement bots that can do java script..... but I don't see that happening right now.
Technology, the cause of and solution to all of life's problems.
That's even funnier. :-)
Need a Python, C++, Unix, Linux develop
Conclusion: PGP signing is completely ineffective, because even in extreme cases, users ignore the absence of signatures.
Furthermore, this is all irrelevant to the point of spam. Spam prevention requires authentication at a different level:
- PGP authenticates that this mail did in fact originate from the hands of Crispin Cowan
- SMTP-layer authentication would authenticate that the mail did in fact come from immunix.com (and not some trivially forged "From:" header) and if SMTP AUTH was a required part of the protocol, could authenticate that "crispin" was in fact authorized to send mail via immunix.com
The difference is that the former is presented to users, possibly with a "bad/no signature" flag on the e-mail if the authentication fails. The latter is just never delivered at all without authentication, because your server would not accept mail from immunix.com without a signature matching immunix.com, and the immunix.com MTA would not let me send any mail without a valid password (that last part is actually true thanks to SMTP AUTH).Crispin ----
Crispin Cowan, Ph.D.
CTO, Immunix Inc.
Every time spam comes up you'll find a bunch of posts advocating polcies like "banning .cn. .kr. .tw" etc, on the grounds that 1) they don't know anyone there and 2) they get a lot of spam from these TLDs. If their personal mail, go ahead. If it affects a company or an ISP, it's another thing.
Every time spam comes up you'll find a bunch of posts advocating polcies like "banning .cn. .kr. .tw" etc, on the grounds that 1) they don't know anyone there and 2) they get a lot of spam from these TLDs.
.cn and South America is a result of not finding a single responsible ISP in the continent.
Actually, the reason for a blanket block on all mail from
Just try and find an ISP in China that kicks spammers off as soon as they pop on.
Moreover, most major blocklist sites (like SPEWS) won't just list an entire country. SPEWS specifically only lists based upon network ownership -- if there is an ISP in China that is not a customer of one of the major spam-havens and they have a reputation for booting spammers, they won't find themselves listed in SPEWS.
It seems as though you realise that you've lost the argument on blocking entire spam-friendly ISPs, so you've changed the subject to blocking entire countries.
If their personal mail, go ahead. If it affects a company or an ISP, it's another thing.
What if the company or ISP has polled users and determined that no legitimate mail is coming from that country?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
If spammers were legitimate direct marketters then they would:
If spammers were "legitimate" direct marketers (assuming that the term itself is not an oxymoron), they wouldn't be spamming.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
Go with something other than broadband. Send your mail through some other server.
Brilliant. I thought of that. I do it. It's a real pain, and costs me money and time. I could always print it out and post my messages too.
Call your recipient and ask them to whitelist your IP address.
I tried that. They don't have the authority.
There are plenty of alternatives. There's no reason I should be inundated with spam because your ISP is unethical.
In case you didn't read the post you're replying to, MY ISP DIDN'T DO ANYTHING UNETHICAL. It just happens to be in the same country as one that might have, some years ago.
As for being inundated with spam, 95% of my spam is from Americans. You know who they are: 140 out of the 180 in ROKSO are American. Get your own house in order.
I use SpamBayes, and I got 80 spam yesterday. 78 were filtered automatically into my spam folder, and 2 were sent to my "unsure" folder for manual attention. I had no false positives.
Bayesian filtering does work, even with those "random garbage spewers". But the cost of receiving, storing, and filtering those spam were still borne by my company. Those spam were 276 KB, so let's double that and call it 552 KB of network traffic. That's 0.0000175% of hte daily capacity of my company's 3 Mbps pipe. We pay US $60/day for that connection, so receiving that spam cost me just US$0.001. We have 100 users, and I know they get less spam than me, but let's call it $0.10 per day for spam bandwidth costs for my whole company. $3 a month.
Now storage costs are also minimal, our SAN arrays are about $2.50 per gigabyte. So we have 276 KB * 100 users * 30 days = $1.90 to store a month's worth of spam for my company.
CPU power spent on filtering is too cheap to worry about.
Employee time is the real cost. Say each employee has to sort 5 spams per day after Bayesian filtering, at an average of 5 seconds each, and an average hourly cost of $50 to the company. That's $1040 per month in employee time spent dealing with spam, even with the best filtering available. Add in the hours I spend chasing down phishing attacks and administering the spam filters, and we're talking a few grand per month spent on spam by my smallish company!
Rubbish
1)China is not a continent.
2)You never hear about the "responsible" ones, because they don't get complaints. There are enough who willingly host spammers, and others that don't know or care how to block them, but that by no means includes every ISP.
Moreover, most major blocklist sites (like SPEWS)
I wasn't talking about SPEWS.
It seems as though you realise that you've lost the argument on blocking entire spam-friendly ISPs
Who was talking about blocking spam friendly ISPs?
What if the company or ISP has polled users and determined that no legitimate mail is coming from that country?
Fine. But have you ever heard of such a poll being taken? And how long are the results considered valid for? Was it framed as "Should we block known spammers?" or as a list of ISPs affected?
Right, telemarketing costs the recipients as well, but it costs the senders more because they have to hire high schoolers to call people. Spam is much cheaper for the senders than it is for the recipients. The reverse is true for telemarketing. And in the USA, there's already a "Do-not-call" list for stopping telemarketers, and if my experience is representative of others, then they actually respect that list.
Whats wrong with a bit of conventional advertising?
http://blog.nexusuk.org
When someone makes an argument based on principles he/she rejects, it's reasonable to scrutinize the argument with prejudice.
The current Administration has nothing but contempt for the Scientific Method, and science in general. Yet they will borrow some of its trappings when politically convenient. The appropriate doubt shown by scientists is used as an excuse for inaction. Yet when there is the most tentative conclusion from the most suspect source, the Administration leaps on it like it was Gospel - if and only if it supports preconceptions.
There are wingnuts in every discipline. Some disciplines are nothing but wingnuts. In climatology, there really is a consensus - absent wingnuts - that human produced greenhouse emmissions are contributing to global warming. Waiting for an agreed upon set of facts means waiting for wingnuts to receive proper medication and industry prostitutes to suddenly lose sight of where their economic interests lie. It would be like expecting the Tobacco Institute of old to discover that, by gosh, smoking does not enhance stamina or increase max o2. Waiting for complete information is paralysis.
I don't run sinfulshirts.com, a friend of mine just started it. Yeah, if you're talking aobu the stileproject webring, then yes.
I just told him that he should take the link down, and he just did.
autopr0n is like, down and stuff.
Bush is not moral - he is a compulsive liar. I take his photo-ops in job training centers to be lies, since after the photo op his budgets kill them off. He loads scientific panels with ideologues who will simply use the right rubber stamp. He picks Orwellian names for initiatives - "Clear SKies" when "Pollution-Fest" would be more accurate, and "Healthy Forests" for "Clear Cut-Amundo!!!"
He lied about privatizing social security. He lied about even CALLING it privatizing. He lies about the impact of his tax cuts. His whole "starve the beast" approach is a lie. He IS leaving a mess for our children to clean up, debts they will have to pay. All because he lacks the courage to propose cuts. Any asshole can promise free money, which is what those tax cuts are. The money doesn't belong to the taxpayers if they are still receiving the government services they clamor for.
I consider crony capitalists like him thieves. No-bid cost-plus contract for Halliburten? Sure. Defend Enron from the ratepayers they stole from? Sure. As Governer - turn over management of UT endowment to a contributer, with no public oversite (and predictable churn-and-burn)? Sure.
If you start counting on Sept. 12, the record in the U.S. isn't that bad. I start the count at least a month earlier, when he was taking a month vacation. Nutcases like you would certainly have called for Gore's head had he been in office during the 9/11 attacks. I call for W's. His administration's indifference to the threat seems to stem largely from the Clinton administration's attention to it. Whatevery they did, we do the opposite. Weren't they supposed to be grown-ups? If it had been a priority, they might have stopped it. Maybe, maybe not. If they had made the effort, I might give them a pass. But Asscrack was too busy investigating New Orleans prostitution to be bothered. (Guess what: they found some!)
Bush is pretty good at fighting enemies because he creates so many of them. Do you think there is a finite number of terrorists and they are all in Iraq? We are more effective recruiters than OBL by himself could ever be. Did you notice the State Department revised its report, which indicates that terrorism has increased in the last three years? Horrific attacks in Bali and Spain. Did you notice that OBL is still at large? Did you notice who is bogged down in Iraq? It's the American army, which diverted resources from the real fight in Afghanistan for W's Imperial Adventure in Iraq. And make no mistake - W lost that war. The prison torture scandal sealed the deal. And he bears real responsibility for it. IT's not just passive idiocy - it is a fact of human nature that guards will abuse prisoners absent strong controls. But they went beyond mere indifference and catastrophic incompetence: they actually made sure it would happen. And I worry about future U.S. POWs now that we've trashed the Geneva Convention. W has alienated the world, which hurts our security.
Kerry fought for his country. He didn't use family pull to jump the line into the Texas Guard. Kerry served. Bush went AWOL. Bush refused orders for a physical, costing him his flight status and the Guard a pilot it paid millions to train. I find it interesting that this refusal coincides with the introduction of drug testing. It is contemptable that the right wing attack machine would even think of attacking Kerry's service, when Bush's is so affirmatively disgusting.
What do you see in this guy? He shows no moral clarity - the tyrants he supports are no better than the one he deposed. He surrounds himself with crooks. He refuses to accept democratic oversite. At every turn, he classifies for political purposes, changes longstanding process to conceal information (5 year economic forcast for a backloaded 10 year tax cut), hiding the cost of the prescription drug bill, on and on.
The guy is a fuck up. A disaster. And you like him- for predictable gay-bashing? anti-abortion stance? Why doesn't he call for denying
I was reading it and thinking that based on my experiences with ebay, he probably could have had his 64 orders with a much lower overhead cost.
In a manner of speaking, if the website owner set up the website and failed to restrict it to the appropriate few he wanted to have view it, and left it open to the world, then yes, one can see that accessing a website may happen against the owner's wishes. However, most people who set up websites do so with the express purpose of having everyone be able to view it. I would argue that this is not the case with the majority of open mail relays back in 'the day'. These old versions left relaying open as a convenience for the person installing it, and it was the responsibility of the owner to lock it down. Nowadays, mail systems (I believe) come with relaying blocked, as this is a generally undesirable thing.
No, they aren't. The first involves using a publically offered resource. The second involves *modifying the behaviour* of a *private system* without consent.
If most of the open mail relays out there are intended for the purpose of public consumption, then yes, the statement you make is true. If most open mail relays are there because some nimrod didn't alter the default configuration appropriately and close it, than my analogy is closer to accurate. Again, though, I don't believe most open mail relays were intended to be for public consumption.
How do you guarantee that an email is from a specific entity? You ask the sender to sign it.
How do you prevent spam from being delivered to you? You, you, er... ok, you control access to your email address, you run your own SMTP server if possible so that you can give different entities different email addresses that you can revoke if they're compromised; failing that you use Bayesian (or similar) filters with an overriding whitelist to make sure email from friends definitely arrives and isn't filtered out.
How does signing email help prevent spam? Answer: it doesn't. It never will. Spammers can sign their own email too, so filtering on the basis of the absense of a signature is a tad pointless. Filtering on the basis of known mail senders also doesn't help, whether you do it by From: line or by signature, because that pretty much prevents you from receiving email from new sources. If it worked, people would already be filtering on the basis of the From: line.
It's time to stop proposing it. It's silly. It's irrelevent.
I'm firmly of the opinion we could stop spammers in their tracks without breaking SMTP, without IP-based blocklists, destroying port 25, undermining anonymonity, or any of the other kooky measures proposed by the anti-spam community. It doesn't involve killing anyone either ;) But while people propose solutions to other problems as solutions to spam, we will not see an end to spam.
You are not alone. This is not normal. None of this is normal.
Have you ever taken a look at sendmail's config file?
Confusing to say the least, what a bunch of out of touch geeks, no one can figure that out, no wonder we have so much spam.
Sendmail should check against a versign type of list before allowing a incoming connection, and EVERY server should be using SSL anyway by now, WHY AREN'T YOU GEEKS doing this now?
All this technology and the geeks are still geeking off with their games...
oh well..