Confession For Two: A Spammer Spills it All

defender writes "Rejo Zenger, well known Dutch anti-spam activist, recently had a very frank talk with a (now retired) spammer. He got information as to how and why S. Pammer started, where and why he was kicked out, who helped him get his bulletproof hosting, his open proxy mailings etc. It gives a nice and concise view of what the costs for a smalltime spammer are. About 200 Euros for the hosting and ability to spam at least half a million addresses (in a months time). That's for a turnover of 6 times and a net profit of well over twice those initial spam-related costs. Complete with screenshots, of course."

Comment removed

[account_deleted]

Comment removed based on user account deletion

Baiting?

[bucky0]

Reading this article gave me a good idea (Although, it's probably been done before)

Would it be possible to set up to send spam through one of those sites to numerous address you set up? Then, after you recieve the spam, you could block those proxies(being relatively certain that they're zombified machines)

Yes, you would have to spend a bit of cash up front, but it seems (at least in principle) to be a fairly accurate way to find spam relays.

My $0.02..

Not a true example?

[fembots]

This guy is only making a small profit, and the way he did his business wasn't really taking advantage of the "investment".

Shouldn't he be selling more products, ie he paid EURO$388 for the CDs, he should have used the same CDs for many more products at once, and each of them will guarantee the same readership of 30%.

The real money...

[j3ll0]

...would appear to be in the production and sale of address lists.

Seriously, it would be trivial to write a script to generate e-mail adresses (actual reachability is a moot point). All you would need is a list of registered DNS names with mx records, and a list of names (nationality doesn't matter either: as many nationalities as possible). Then just run through the common variables

firstname.lastname@mx.tld
lastname.firstinitial @mx.tld
first6charsoflastname.firstinitial@mx.tld
and so on....

Costs to burn the CD
Yup, that's where the real money is....

Re:Green Economics and the Net

[Crispin+Cowan]

The costs these fucktards incur upon everyone else leaves us with a wasteland. If it weren't for vigilant individuals spending their free time trying to fight the problem, the internet would probably die

And praise be to those vigilant individuals. However, it is not that the Internet would die; more like this crappy insecure non-authenticated protocol called SMTP would die. The only problem with just pre-emptorily killing it ourselves is that it would cost many $billions to replace it.

My favorite alternative to replacing SMTP is to adjust the penalty for activities like this guy S.Pammer to be "head mounted on a stick". There is lots of data that says that a majorit of all spam is sent by the top 200 spammers; kill them all in greusome ways, and they are unlikely to have followers :-)

Crispin
----
Crispin Cowan, Ph.D.
CTO, Immunix Inc.

Re:It seems like spam

[McDutchie]

Every day I get dozens of delivery attempts at an address I used to run a listserver on, which has been invalid since 1998. No human has *ever* been behind that address. The spambags do not care about invalid addresses.

Re:Green Economics and the Net

[halowolf]

I'm not trolling, (and I'm not have a jab at every BL project out there) but these "vigilant individuals" also create problems of their own as they counter the problems of SPAM, blacklisting without accountability and the like. Their actions can also degrade the quality of the internet. I'm not saying do nothing but sometimes doing a knee-jerk reaction can be just as harmful. The word vigilant, is too close to vigilante for my comfort :)

I am pleased however that more proactive steps are being taken by organisations such as Spamhaus in addressing the problem by both a technology and policy driven approach in combatting the problem. And that more prosecutions are happening. But I don't see the tide being turned anytime soon.

As for the internet dying, I don't see it. There is now to much commercial interest in it for corporations to sit idly by and do nothing about SPAM and other problems we encounter on the internet. Even our governments misguided steps at regulation, show that the internet is here to stay. It may transform in the future but I don't see it dying just yet.

Re:I can see it now

[actiondan]

Remember, the book wouldn't have to actually be accurate in order to sell - it would just need to promise to tell readers what they need to know in order to spam effectively.

In fact, the book could quite easily lead prospective spammers down a route that will get them quikcly caught and shut off...

The book could make a lot of money from people who want to spam their way to riches _and_ help to make sure that such people get identified and stamped on early in their (hopefully short) careers.

Hmm, better that I make the money with a fake spamming guide than some real spamming expert...

Would it be wrong to scam people who want to become spammers?

Dan.

Re:Green Economics and the Net

[bersl2]

That's very insightful. Given that spam is an overall economic bad, you can somewhat offset the production of spam by spending money for its removal. Or you could spend money so that it is never produced in the first place.

Maybe we should treat other economic bads (e.g., pollution) in such a way: subsidize the non-production thereof.

Re:Green Economics and the Net

[UnrepentantHarlequin]

You, sir, are clearly a filthy stinking spamming scumbag, or a troll, or both. However, for benefit of the lurkers out there who might actually be misled by your lies, I'll take some time to refute them:

Spam is fundamentally identical to telemarketing and direct postal mail.

Spam is nothing like telemarketing or direct postal mail. It is fundamentally identical to telemarketing to your cell phone where you have to pay for airtime. It is telemarketers calling collect and no option to hang up, postage due junk mail with no choice to refuse to pay.

The money telemarketers pay for those calls goes to the companies that carry the network traffic, namely the local and/or long distance phone companies. The telemarketer pays for the network resources they use.

The cost of handling bulk mail is less than what the Post Office charges to send it. The profits the Post Office makes from the bulk mailers pay for the hardspace "network" resources for everyone else.

Spammers do not pay for the resources they use. I've seen recent figures as high as 4 out of 5 emails sent are spam. To look at it another way, this means that if your ISP allocates $10,000 of their revenues to buy some new mailservers, then you, their customer, are only getting the benefit of $2,000 worth of new hardware; the other $8,000 is spent to deliver spam. Since that money is coming from you and other subscribers, then your ISP either has to raise your rates or not give you the increase in service they otherwise would have. If $1 a month out of your bill goes for hardware upgrades, you're getting 20 cents worth and the rest is going to deliver spam.

Spam in no way subsidizes the Internet. The spammers are not paying for the resources they use. They are forcing other people to pay to handle traffic that they do not want. They are forcing every ISP out there, from the big backbone providers to SouthPodunkNet, to shoulder the cost of their advertising. The only money a spammer pays to actually support the network is the cost of a cheap dialup account somewhere. All the rest is paid to other scum for things like lists of email addresses, access to innocent people's hijacked computers, etc. But he is using 10^6 or more of the network resources as everyone else.

When you give your email to a website operator, and that website operator sells it, that money is what keeps your content cheap or free.

Very, very, very few addresses used for spam are those given voluntarily to a website operator. In fact, out of the hundreds of email addresses I've used with various websites and companies, I've gotten spam at exactly one: the one I gave to iBill. The vast majority of addresses used by spammers are extracted from web pages, forum posts, domain registration information, and just about anywhere else.

I watch spammers' spiders scanning domains that I host ... and not one of them has paid a penny to me, or to my clients, for any addresses they find. The only person paying anything to anyone is me, for the bandwidth they're using in order to gather those addresses, and my clients, who (like all end users) are the ones who end up paying in the end.

Then there are the dictionary spams. Some hijacked computers in Brazil have been bombarding one of my domains all day with spam to random non-existant addresses, trying to find some that get through. People who don't even exist certainly didn't give their email addresses to anyone!

As it happens, I'm the webmaster as well as host for a site with a fair bit of free content, so I think I am in a position to know something of the economics of it. It works like this:

Neither I nor my client has ever received a single penny from a spammer. This particular client happens to have a mailing list (extremely opt-in, and protected like the vault at Fort Knox) for a newsletter. If he should wish to sell it to a spam list vendor, just how much would a list of under a hu

Re: Direct mail is not Destructive? Bull...

[UnrepentantHarlequin]

Spam is not a matter of 20 mails a week, it is a matter of hundreds a day and rising. A friend of mine whose email address was compromised by being listed on his college website recently had to abandon that address, and try to contact everyone who knew him to give them his new one, because he was getting 500+ spams a day: over 99% of his email.

The cost of sending snail mail keeps it to a reasonable level. It also means that it is generally very tightly targeted. For example, I subscribe to a gardening magazine, so I get seed catalogs. I do not even have a penis, so I have very little use for penis enlargement pills, let alone fake Viagra and pictures of naked women (with or without horses involved). But because there is effectively no cost to the spammer, I am bombarded with advertisements for all of the above.

A few big ones, many small wannabees

[billstewart]

The Top 200 spammers on Spamcop's ROKSO list are probably mostly making a lot of money, except the ones who've recently dropped out of sight (Anybody gotten spam from OptInRealBig lately? We may have killed them.) But there are a lot of smalltime wannabee operators like this columnist's S.Pammer who think they'll make money fast, get ripped off buying shoddy spamware products like that disk of 60% useless names, and either lose money or make less than they could working at MacDonald's. And if you _are_ big and successful, you need to worry about hiring lawyers to defend you against multi-million-dollar lawsuits and hiring hackers to get around anti-spammer techniques and hiring actual professional money-launderers to get your ill-gotten cash out of Nigeria.

The other people who make money, of course, are the people selling the Herbal Fake Viagra or whatever the product of the week is, because their costs are significantly less than what they're paying the spammers that sell it. Mortgage brokers who pay spammers for leads may be winning or losing - spammer-generated leads are likely to be low quality. Pr0n sites sometimes make money and sometimes lose it - they have to generate enough material to get people to actually pay them rather than just looking at the free sample material, and ISPs often charge them more because they're a high-bandwidth business that's highly likely to fail.

Re:"Nothing comes from violence..."

[The+Ultimate+Fartkno]

> You can't even be vaguely serious with what you are saying.

I'm not the OP, but as someone who's called for spammer abuse on so many occasions I feel totally qualified to reply. Do I frequently shout "death to spammers!" and imagine Scott Richter being serially molested by the '76 Raiders? Yes. If I had Alan Ralsky tied in front of me with a bat in my hand, would I cave his skull in? Of course not.

But I'd sure think about it.

And, depending on the state of my inbox that morning, he might walk out with a severe limp.

I'm not a violent person, but spammers sure bring out the black thoughts in me. Why? Because at the core of it they're just *rude*, and that's maddening to me. Imagine this dialogue...

"I am a spammer. I will clog inboxes, I will waste the bandwidth of countless ISP's, and I will force countless thousands of dollars to be spent on support that could be easily avoided. I will send pornography to children, I will taunt truly lonely people by making them think that they have a secret admirer, and I will help people in dire financial straits sink further into debt by promising them spectacular returns on garbage investments. I know that my messages are unwanted, as evidenced by the elaborate and unethical means by which I operate, but I will send them anyway. When I press this button I will harass, inconvenience, and annoy literally millions of people. With each email I send, I confirm that for a few dollars in my pocket I will rob countless others of their time, their money, and the promise of what the net used to be. But I am a spammer, I am an asshole, and I don't care."

Now imagine that coming out of Ralsky's smug face as he stands in his mansion.

And imagine that bat in your hand.

You don't want to swing? Not even a little?