Slashdot Mirror
UK ISPs to Shut Down Spamvertised Websites
JebuZ writes "The Register is currently reporting that UK ISPs are targeting ecommerce websites run by spammers in a new 'get tough' policy on junk mail. ISPs belonging to the London Internet Exchange (LINX) have voted through a code of practice which gives them the mandate to shut down websites promoted through spam, even if junk mail messages are sent through a third-party or over a different network. The move is intended to remove the financial incentive to send spam." There's also a BBC story.
what will just happen is that these fine folks (cough) will just move elsewhere. It's not like they haven't done it already.
Since there is apparently less than 100 people worldwide responsble for sending out the spam, just find them and shoot say, half of them as a warning to others.
...as they're likely to have the same kind of site hosted in multiple places to avoid this problem. :( At best, it will drive up the costs of maintaining said sites, but those costs aren't that high to begin with.
Furthermore, this does nothing to the spammers whose hosters are in collusion with them, and who are profiting themselves.
Find out about the Lexus Rx400h Hybrid!
Or
Address of 0wn3d computer
Offshore server
Doesn't do any good for those which run scripts on open or 0wn3d servers and forward email, i.e. phishing
A feeling of having made the same mistake before: Deja Foobar
Fighting with spammers is not going to work ever, as long as they can make even a single penny of profit from their sleazy operations. If their income source is forced to dry, their flow of spam will follow the trend.
IMHO, the companies, who sell their products through the spamvertized channels should be put into the same tight squeeze. I want to see Pfizer sweat for those Viagra ads I receive day in and day out in hundreds.
__________
The more I know people, the more I love animals
To those of you saying how bad this is because you could basically DoS your competitor by spamvertising their site, here is a basic explanation of how it should work.
Complaints start rolling in. If its not caught soon, dsbl lists will start blocking the ISP. Is the spam legit? Lets contact the owner of the site. Not legit? Prove it. Usually, it IS legit. We investigate thoroughly and determine the source of said spam, and if its truly not legit spam, done by someone else (this *has* happened with us) then we notify spamcop or whatever list needed that an investigation has been done and its taken care of.
So, with due diligence when it comes to enforcing policies such as this, and not a "shoot first ask questions later" attitude toward shutting off sites, then it becomes a reasonable policy.
Nobodies Prefect
Tidbits for Techs Technology Blog
Could we do that in the United States, too?
But what about repeat offenders? Those that open up a new website and advertize by spam on that site, too? Setting up a webpage isn't too hard these days, and one could always send one's servers offshore. This needs to be an international policy.
Haec merda tauri est. Ceterum censeo Carthaginem esse delendam.
That allows the people who have been spammed to identify and track the spammer.
Fight Spammers!
Give them some credit - I'm sure they actually thought about it. Sheesh. They're a bunch of ISPs. Not just one pokey little one with no clue, but many large ISPs. The police are pissed off with spammers just as much as anyone else, so investigating the spammer and the sites involved will be high on everyone's list.
Other than the obvious abuse possibilities, this is a good way to remove the incentive to spam people. Until I started getting too much junk mail to keep up with, I would go to the website that was advertised (stripping out the personal identifier junk-text string) and e-mail the webmaster saying that I would never buy their product because of their advertising techniques and that I would actively warn people away from them. I doubt that they took me seriously, but it was nice to rant anyways, and yes I did follow through in my threat for many of those advertisers.
Also, if the spammers are getting a [very low percentage] click-through number, I wonder how many of those are people who have never gotten spam before. The number of people on the internet is growing so quickly, I'd imagine that many of the click-throughs are actually people who have never seen a "bulk unsolicited e-mail" before.
- "Nobody came out that night, not one was ever seen. But Old Man Stauf is waiting there, crazy sick and mean!"
Then again. providing an 800 number is nice clue for spam filters that it IS SPAM.
Of course, like most of the people I deal with at work, my email signature includes our 1-800 number.
Speak before you think
I know, but that too has come to be known as a joe job (at least in the news.admin.net-abuse.email newsgroup), since it's done with the same objective: to get X shut down or to harrass them away from the net. It's generally equally ineffective.
They have been doing that for years
Actually, this is different. They are going to shut of sites that are advertised in the spam, so all a spammer has to do is send out a 'free' promotion for a valid website. The addresses used in the spam mail are irrelevant, what they are looking for is site addresses included in the body of the spam.
This is already going on. Last month I got a notification from our ISP at work of a possible spam violation (a very annoying, threatening notification) on our site. It appears that a spammer included our domain name in one of his messages and our ISP was alerted. I explained the we did NOT send out the message, was NOT selling viagra and did NOT want the traffic generated from the spam message, so we still have a website and that was the end of it.
What happens if a spammer, rather than just including my address, crafts a marketing message promoting my site. Might be a little harder to convince my ISP that I didn't initiate the spam.
Find coupons in Greeley
I have mentioned this before at Slashdot and I'm always ridiculed for it. However, I greatly reduced my spam intake from well over 2,000 spams a day to well under 100 by simply blocking any email that contains a link to a server that I've put in my "that is a spam-advertised IP address" file. It isn't difficult to do. In fact, I make what I've written freely available on my website.
Every time I mention this, someone says, "Oh my God! You're going to block some good little Mom&Pop store because they share a server with a spammer!" If that is what you are thinking, you didn't read my previous paragraph. I block any email WITH A LINK TO A SERVER that is in my block list. I DO NOT block any email originating from a server in the block list.
As this article explains, the incentive is to remove the profit margin from spam. I think my method works better than kicking them off the server if my method was used by a majority of the Internet users. The reason is that my method hopes the spammers keep the same IP addresses. If you kick them off the server, they change IP addresses and I have to block the new one.
The previous comment is purposely vague and generalized, but all of the facts are completely true.
Not just websites, like you say, 800 or worse toll numbers. For lack of a known term for such -- foll this scenario:
Bob's computer gets 0wn3d while he's making tea, or he simply never turns it off.
Colin 0wns Bob's computer and sets up a quick webpage on it and sends out spam, directing readers to the current ip address for Bob's computer.
All that's needed is maybe 20 minutes... people follow the link in the email, come up on a page on Bob's computer and submit a CC or other vital personal/financial info.
Colin's app running on Bob's computer forwards to a mailbox elsewhere in the world.
Bob may find his computer's been 0wn3d and cleans it up, but wtf, banning the ip address, unless it's fixed (which is unlikely these days) is pointless.
There's undoubtably tens of thousands like Bob to do this to and they don't necessaryly reside in the UK
The point of this is, enough spam and enough fish caught in the trap in a short time presents a problem and is a possible direction for spammers and scammers to go.
A feeling of having made the same mistake before: Deja Foobar
if you leave the keys in it. EXACTLY
most laws require, some sort of diligence.
if the thief had to hotwire the car, then there was some sort of effort taken to prevent that
but if the keys are in the ignition, that is YOUR PROBLEM.
(and the law already is set up that way in a lot of places in regards to cars)
you report your car stolen and the keys were in it (even not in the ignition) the cop rights you a ticket. and the insurance companies can have a field day on that one too.
Is the site in question selling something or asking for CC info? Is it on a residential-type connection? Is it using an IP address or randomized hostname instead of a legitimate domain name? Is it a single page with a submit form and no other links?
.0001% of false positives, the owner can call up and explain that they've been falsely targeted, and have the account reinstated, maybe with a small credit for their hassles.
Yes to any of these? KILL THE FUCKER!
On the
This is NOT hard, it just requires a person to look at the site to make a final judgement call if there's not an obvious positive hit.
Now, my friend's boss is putting a lot of pressure on him to send these emails. My friend asked me for help but I flatly refused regardless of price. He really doesn't want to do it, but his boss is leaning on him, and his wife's opinion is that since he's getting paid for it, he should just do the work (my retort being that if his boss wanted to pay him to star in gay porn, then would he still be expected to do so?).
I've explained at great length that this is immoral, probably illegal, and a really stupid idea all around. He agrees, but his boss really wants that check from the client and I don't know the boss well enough to confront him directly.
Any suggestions on what I can do to put an early end to my friend's career as a spammer? I love the guy like a brother and don't want to see him rendered unemployable and hated by his family and friends, but I also don't want him to lose his job.
My best idea so far is to get him to convince his boss to start with a very small batch of spam (say, 1000 addresses) and to have my friend report back after a few minutes that the batch has been sent (but without actually doing it). Then, about five minutes later, call the client and scream, curse, and scream some more at them for filling my inbox with their crap. Get about 10 other people to do the same thing, perhaps even in person at the company (a restaurant), until the client keels over dead in their panic to call of the "advertising campaign". Note that my friend is the only technical person at his company, so the odds of anyone other than him being able to determine whether those 1000 test emails were actually sent is roughly zero, and if there were any question, I'm probably the person that his boss would call to seek confirmation ("Yep, looks like he sent 'em at 11:30. What? The client went out of business at 11:45? What a coincidence!").
To repeat: "my friend" is not me, so don't bother lecturing me on the evils of spamming. I just want to help him stay an honest man.
Dewey, what part of this looks like authorities should be involved?
Just send spam on their behalf.
Obviously, you haven't been examining spam messages. Putting dozens of random, unclickable links in spam has been going on for more than half a year. It's used to break up words, as in:
With nothing between the anchor and its close for "bob.com", there's nothing to click on, so a user doesn't go to the "wrong" website... but a spam checker has to weed through all the links to find which ones are valid, and, therefore, which ISPs to complain to.
I have a few that had more than 40 links in them, only a couple of which were to the real spam site.
Only spam I see is what people show in stories like these.
So I was wrong. Lets just hope then that since these ISP's will be kicking paying customers from their networks that they will make certain that they got the right person. I can see it being a problem for "shady" but non-spamming companies that have spamming rivals, think porn sites. But non-spamming porn companies are good customers and ISP's need those.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.