Slashdot Mirror
A Day In The Life Of A Spammer
kaip writes "Internetnews.com has a story of a spammer. The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2). Maybe not
everybody has heard of the Boulder
Pledge... The article also tells how the CAN-SPAM Act,
which legalises spamming, is turning the US into the spam haven of the world. Currently, 86 percent of the total spam volume is coming from the States."
I thought everyone on Slashdot hated the RIAA, the MPAA, and Microsoft. Why do you keep hyping CDs, movies, and Windows games?
Big corporations are what they are. They sell us cool stuff with one hand and tighten the screws on our freedoms with the other. We hate them every morning and love them every afternoon, and vice versa. This is part of living in the modern world: you take your yin with your yang and try to figure out how to do what's right the best you can. If you think it has to be all one way or the other, that's cool, share your opinions, but don't expect everyone else to think the same.
In short, there are some advertiser communications that we don't welcome into our lives and call "spam", while there are other advertiser communications that we invite into our lives when we go through the Sunday Newspaper looking for the ad circular from our favorite store so we can see what's on sale without having to go there.
Wording a rule set so that spam gets shut down but ads we want to see still get through is quite a tough task to do on a one-viewer basis. It becomes even more difficult to do that on a comminity basis. Some of us want to know what's on sale this week at Best Buy, others couldn't care less.
I just don't see a solution that pleases everybody being possible in this area. It'll always be a game of new regulations constantly going up, but only being effective until somebody finds a way to work around them. We can hate spammers as scum, but that seems like the worst we can do to them at times.
Finnaly, now i can track down this person and kill him as revange for all the porn mail I'm receivning. Wait, that i want... hmz pr0n&spam or no pr0n&no spam... Difficult decison
God,root what's the difference? I read slashdot, there for I errr... am stupid?
Haven't we seen this hundreds of times before on slashdot?
I don't care what they do in their life as long as it doesn't involve them getting my E-mail address.
I like muppets.
Hey, why don't they post his email? Is he afraid of spam?
SPAM will continue to exist until people stop making spam profitable. It's a bad side effect to greed. People will do anything for a buck.
Legislation won't help. Technology hasn't been able to help that much yet. Basically, advertising is here to stay, and you can do one of two things, make yourself invisible so you can't be advertised to, or accept it.
Companies want you to be a consumer, so that they can keep being producers. There's too many companies, so they are going to fight hand over foot to get their product into your mind in whatever method they can.
-Eric
hrrm.
He's nothin' but a low-down, double-dealin', back-stabbin', larcenous, perverted worm!! Hangin's too good for him!! Burnin's too good for him!! He should be torn into little bitsy pieces and buried alive!!!
Humor from a Genetically Molested Mind
Am I the only one who hates email? People send way too much of it for unimportant things and there is so much spam, you can't get anything done. It almost seems like instant messaging is better than email.
He left off the daily beating I give him.
At least that's what I always assumed spammers do to warm up in the morning.
Someone sends you porn... you have a serious desire to kill them.
Logical deduction: You find killing less bad, infact a cure, to pornography.
Do you also believe Janet Jackson bareing a nipple is less bad than songs, in the same performance, bragging about killing and mutilating? Americans are fucked up?
There are some things the US Government is just plain contradictory on because, well, We the People are contradictory on the topic.
We shout out that we have the First Amendment rights anytime somebody tries to tell us not to speak, but then we strugle to find a way to make other people we don't want to hear shut up. The fact is, anywhere you create an unregulated communication medium, the smut, scum, and scam people will definitely show up to play. It's just the way things work.
Can we get this straight please? "Spamming" wasn't "illegal" before CAN-SPAM so CAN-SPAM couldn't have "legalized" it. True, there were a number of state laws that RESTRICTED the practice (and even one that prohibited, but that law was never tested and was likely unconstitutional as a blanket prohibition on commercial speech via e-mail).
I think MS might have been onto something with Penny Black... if sending unsolicited e-mail (sending to an address that didn't have you on their contact sheet) cost a small micro-payment, it would quickly offset any profits to be made from spamming on the scale described in the article, and wouldn't be prohibitive to those who needed to send the occasional unsolicited e-mail.
It's either that or get into the murky waters of concrete identity, and of the two the former is the least opressive regime.
Thank god for Instant Message applications, otherwise I'd be lost.
Actually, one of my accounts only gets one or two spams a day, but my main business address gets 1000 - 3000 a day now (after spamassassin, however I need to enable some blacklists, sod the customers that get accidentally blocked) - earlier this year it was 100 - 300, and last year 10 - 50. So in my experience, volumes of bandwidth wasting time wasting productivity wasting SPAM has gone up ONE HUNDRED TIMES in a year or so. Where will it be in 3 years time? It will be unmanageable, enough is sent from compromised machines these days and it will only get worse.
The USA needs to sort out its spam problems, and soon.
This is more proof of why Spamhaus called CAN-SPAM the "National Right to Spam Act."
Blech. Shoot 'em all.
I just don't get it. I mean, Congress bending over backwards to legitimize obnoxious behaviour by big corporations I can understand; that's pretty much what it's for, these days.
But spammers? They're not particularly organized, as far as I know. It's not as if the Viagra-and-penis-extension lobby is a major campaign contributor. So what gives? Are Congresscritters really so consistently stupid right across the board, AND their staff, AND all the IT and telecoms industry lobbyists who must have had something to say?
Or were they worried about the effect of (useful) legislation on political direct-email campaigns? Maybe. But I can't see how that would benefit one party more than the other, so why care?
I say we force feed him 30 million pounds of real spam and see how he likes it!!
On page one of the article:
And on page two:
If he ain't scared, why hide behind a false name?
Life is like a sewer; what you get out of it depends on what you put into it...
sgalton@galtonhelm.com
happy now?
Rule #4: The natural course of a spamming business is to go bankrupt.
The natural course of any process is towards entropy. All schedules of organization, including a business, will naturally fall apart if its owners don't work hard to keep it together.
Any business is on a natural course towards bankruptcy, it isn't limited to just spammers. People get born, and eventually they die. Businesses come into life when they get incorperated, and eventually die when they declare Chapter 7 bankruptcy, and can have near-death experiences as they file for Chapter 11 bankruptcy protection.]
We all wish spammers will just go bankrupt, but the truth is that all businesses will eventually. It's only a matter of time.
- reject_unknown_client is on. This means
that a connecting client MUST have a reverse-dns
lookup for its IP, and the resulting name
MUST resolve back into that IP. This alone
blocks most spammers before their client
can even begin to send a message.
- I use xbl.spamhaus.org. This is a wonderful
thing. This blocks not only any box known
to spam, but also any box found to be
infested by some virus, ie zombies.
Once again, this stops them dead before
the message even starts.
- In the unlikely event that they get past
those hurdles, I have a homebrewed filter
that watches for bogus HTML tags, since
they like to intersperse bogus empty
tags in the middle of words in order to
foil content-based filters. This simple
filter actually blocks 90% of anything
that made it that far.
- Spamassassin. The few brave soldiers of
spam that got this far rarely pass this.
I leave this filter near the end because
it's rather CPU intensive...
-
Finally, a simple procmail rule: If my name
isn't in the "To:" or "Cc:" line, file it
as spam.
I haven't seen a spam message in, uh, maybe a year or two?If you see a spammer stealing copyright or trademarks, work with the IP owner on an infringement suit.
You don't care about winning the suit:
You care about getting this guy's real name and other details. Call the press and have them meet you at the courthouse. Make a big stink in his hometown. Publicly embarrass him.
Just don't kill him or make him feel his life, property, or family is in danger. If you do, the judge will gag you and give him a pseudoname in court.
The article also tells how the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world.
I think CANSPAM is an awful law. It overrides much better and stricter state laws, and it doesn't really do anything to reduce SPAM.
However, it seems like a stretch to say that CANSPAM is turing the U.S. into a SPAM haven. I think most spam recieved in the U.S. is tied to U.S. businesses, even if it's sent or bounced through servers abroad. Just because spam from US servers have increased doesn't mean CANSPAM is the cause - you can use logic like that to "prove" that pr0n is good for kids.
I wouldn't be surprised if part of the reason for the increase is that there are more virus-laden compromised computers in the U.S. to relay spam off of.
I have blog like everyone else
It is amazing to me that the ultimate benefactors of mortgage spams are generally banks, one of the stodgy, conversative types of organizations around. (And rightfully so). Now, they need several layers of spam-laundering in order to hide themselves with plausible deniabilty from the spammers. But, it seems to me that an organized campaign to lobby and educate banks and other financial institutions ought to be able to eliminate mortgage spam.
Not american, but still... Yes, free speech. Everyone's entitled to free speech. Everyone's also entitled to not listening if they don't want to - and for me, this is where spam crosses the line. The mere fact that you have to go through so much pain to keep your e-mail box spam free is indicator of how annoying these people can get in order to FORCE you to read their advertisements.
Comment removed based on user account deletion
Using the same simple test that makes unsolicited faxes illegal ( and us-mail spam legal ):
The recipient has to pay for the receipt of the unsolicited advertisements..
---- Booth was a patriot ----
like this?
"As long as it makes me money, I'll continue to do it."
That's the key issue here. As long as spam is profitable people will continue doing it no matter how illegal it is. When 1 in 19 AOL users stop clicking on spam, Mr Cunningham and his friends will go away for good. Personally I haven't received any spam whatsoever since I moved away from Hotmail a few years ago. My university email is as clean as a baby's but and my yahoo.se is very clean (1-2 a week). Most likely because my univeristy has a very competent IT staff.
The further development of filters and smarter users are, imo, the things that will make spam go away... in a few hundred years or so...
TDMA replies to an unknown sender and asks to "kindly reply to prove that you are a human". The reply-to is a temporary address with a long serial number. Once added, the address is on white-list. This is 99.999 percent effective.
The only way to educate them is to stop replying to the mortgage spam. As long as they can buy leads, they will because it is profitable for them to do so.
Which is the case with ALL spam. As long as the price of sending the spam is lower than the profit of selling the "product", we will have spam.
Does that mean that if they all would start to wear the patriotic hat all of a sudden, that they could paralyze the rest of the digital world?
With great power comes great electricity bills.
8:35 AM: Morning stretches and exercise.
8:55 AM: Pray for forgiveness for being a subhuman piece of filth, hoping to save already-rotten soul from the deepest pits of Hell.
9:00 AM: Shower.
...etc.
--Rick "If it isn't broken, take it apart and find out why."
"the simple situation is that I don't need _any_ advertising through email"
That's a bit draconian. I would like to be notified when Blizzard is releasing a new game or the new Glen Cook book is being released. To get this info from the web sites, I would have to poll (check regularly) the web sites. I would rather receive a notification.
The key to this is opt in only lists. One way to do this is to make a server with your email provider that allows you to register an email as requested (bulk mail whitelist). Those can go through. Other bulk mail is prevented. There are other methods as well; that is just one example to handle both.
The real key is no *unsolicited* email advertising. If I request it, I want to be able to see it. Frankly, if a newspaper (to get back to that example) drops off their product unrequested, I would like to be able to prosecute them for littering. Further, a newspaper includes other things besides advertising. Spam does not.
And they're sponsored by our old friends, The Bulk Club. Can't we spread a rumour that Osama is actively funding spammers or something?
Carousel is a lie!
... about spam, is it just doesn't apply to me. You see, I have a degree in computer science. This means:
1. I don't want a degree from a prestigious non-accredited university.
2. My sex life is well beyond being helped by Viagra, or anything else in pill form.
3. Outsourcing means I can't afford a mortgage (okay, actually I'm employed, but work with my joke).
No, seriously. If 80+% of spam originates in the USA, and the US congress is daft enough to pass laws like CAN-SPAM global ISPs should hold a "cut the link" week and block email traffic from the USA. Just imagine the chaos and media attention that would cause. And it would be media attention is something that makes politicians squirm. A question, though. Can anyone explain to me what would make US lawmakers vote in favour of this bill? It seems like the kind of thing that any semi-sentient 14 year-old would be able to critically dissect as narf idea in about 12 seconds.
You sig is nerdiliciously funny. In a good way, of course :D
...allow me to pimp two of my favorite projects. First up is the Unsolicited Commando project. It's a little java app that spends its day quietly and merrily filling out forms on spamvertised websites with completely bogus - and yet totally real looking - data. It's especially effective against - surprise! - mortgage/refinance spammers, which seems to be the specialty of the dirtbag mentioned in the article. Go check it out, and the source code is available just in case you think something fishy is going on.
The second page I'd like to point you to is here. It's a 'Lad Vampire' antispam page that also targets spamvertised websites, but in a different way. The page links to individual images on the sites and constantly reloads them without caching, thereby burning up the spammers' bandwidth and driving them out of business (or at least costing them some money and forcing them to sell their children on the black market). Be forewarned that the page has no help, no documentation, and *only* works in IE, so don't yell at me about that. The source code is available for that as well, so here's hoping someone can make it more usable in Moz, Opera, ThunderFireBunnyChicken, or whatever browser is your fave.
While your techniques will all stop spam, they will also stop a great deal of legitimate mail (ham). Stopping spam is not the hard problem Stopping spam while letting ham through is the hard problem.
If businesses did what you did, most of them would go out-of-business.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
You might want to turn off the encryption when posting.
According to the article
"Richard Cunningham" more than likely isn't his real name; he won't say one way or another. But that's the name that appears on the WHOIS record for Spamsoft.biz, a domain he owns.
Here is the WHOIS record
Email: ProMan@animail.net
Web: www.spamsoft.biz
Quickly! Slashdot his website! Send all your viagra, big tit/dick and Nigerian money to his email account!
This is my sig. There are thousands more, but this one is mine.
Because spammers go where the bandwith is.
From an interesting article with some insights about the reason why most spam is US based:
http://www.compliancepipeline.com/28700163
"The United States is the origin of choice for spammers, said Alperovitch, because of the plentiful supply of cheap high-speed bandwidth. "Spammers need big pipes, and they don't want to pay much for it," he said.
That explains the low percentage of spam messages originating from overseas' IP addresses. The lack of cheap bandwidth outside the United States is stymieing spammers' attempts to scale up the volume of their mailings to U.S. sizes."
That's great for the geeks that refure to shut down their computers and leave themselves online with clever away messages like "ZZZzzzzz..." and "Me so tired", but many of us aren't online all the time and like having the ability to be contacted even then. Sometimes, the people at the other end also have lives and can't sit waiting in front of their computer for us to get online.
Isn't this completely obvious?
I'm currently working on a new filtering solution. The first step is SPF record checking. If the sender forged the address of a site that publishes an SPF record, I reject the mail. The second step is all mail now goes through postgrey. Postgrey is a greylist that tells the sender to try again in a while. That actually seems to work pretty well, though it does delay my mail by about an hour. The third step, which I'm still working on, performs two checks. It checks to see if the sender's on a whitelist and if he is, it lets him through. If he's not, it checks to see if the mail's encrypted to my personal GPG key. If it's not, the mail gets rejected (At the MTA, so I don't have to send a bounce message.) I can always eliminate the second step if the spammers ever figure out how to deal with that. I'll be changing the GPG key on a regular basis to keep the target moving.
It's a pretty extreme solution, but all of about 3 people in the world send me legitimate E-Mail and I was getting 200K+ of spam a day. With that S/N ratio, I may as well just turn my E-Mail server off. This is the next best thing.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Exactly. We need to find a way to enforce CAN-SPAM, and then everything else should be up to the user. Spam is free speech, but it's way too open to scamming without an enforced CAN-SPAM to at least give you an opt-out and a trail to follow back.
Omnes stulti sunt.
"The Tragedy of the Commons"
Why do we have to allow ANY unsolicitated commercial email?
And don't anyone go into "free speech" on this. You can say anything you want. But you can not use up my bandwidth.
The economics of email ads means that there is NOTHING preventing spammers from flooding your ENTIRE pipeline with ads.
Isn't this the argument Ashcroft, and Meese before him, use to limit porn? Porn is free speach, BUT... How about the flag burning hurrah a few years ago? Flag burning is free speach, BUT... Drop the but's, either you are in favor of free speach, with all it's benefits and hassles, or you're not.
At the bottom of the endless pile of paper work which characterizes all regulation lies a gun.
Alan Greenspan
CAN-SPAM seems, quite simply, to have been ineffective. It was a bad idea, just like everyone who had been involved in the spam problem for some time said.
Come to think of it, I haven't seen a spam that looked to be CAN-SPAM compliant. I suppose they are easy to filter and that I reject them at SMTP time. I guess that is a bit of an improvement, but I think it also means that the tagging approach isn't a good solution, only opt-in is.
Employee of Inrupt, Project Release Manager and Community Manager for Solid
It's a reasonable statistic, when combined with the one about how much spam is sent by zombies. It really just means the US has 86% of the world's Internet users who are stupid enough to run Windows unpatched (which is a large subset of those stupid enough to still be running Windows in the first place), and able to afford broadband.
And if the one about the AOL click thru rate is true, that's additional evidence (add another "stupid enough" clause above.) They're probably also sending tons of spam when they think they're downloading another interminable "update."
I find the most effective spam blocker is DEA's. You either use something like spamex with it's bookmarklet(well worth the 9.95 a year to me) or get an ISP that provides the service(more and more do), or do it with your own Domain/E-mail server.
Then, DON'T ever use your real e-mail address. Make a new DEA for every e-mail address you have to give out, and turn it off if it starts getting spam, or when you're done with it.
Also, use some common sense about where you place an e-mail address.I have to use a DEA for every online purchase, but only once got spam from the account, and rarely get monthly e-mails from the company I bought from - and those opt out easily in my experiance.
Conversly, when I used a DEA for Usenet posts, I got spam in a matter of minutes, but just turned off the account.
Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
You have the freedom to speak on public property. You have no freedom of speech on my land, in my house or on my phone. Or in my computer.
Let me repeat myself:
Free speech does not guarantee you the right to force yourself to be heard if I do not wish to.
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
http://www.tla.org/papers/spa-ndss03.pdf
I bootleg Fizzy Lifting Drinks.
but I was on hotmail then, on yahoo, my bulk folder does a good job, so I rarely see their junk and I am not annoyed as much. A good spam filter is like Tivo...
After having been a victim of the jacked up job market, How is a man to survive? I can see why some of em do what they gotta do.
The original idea of cable TV was to be commerical free. We pay for cable TV just like we do for our internet connection. I consider TV commericals SPAM. I did not ask for it, but likewise they advertisers always go, "We have to make profit." Why is it that people put with cable commericals but not spam? Then there is the movie theaters. It use to be that if you went there, the previews start a few minutes before the movie time, and the movie starts on time. But today? commericals come first at the time the movie is suppose to start, then the previews, then the movie.
Spam is here to stay. It is NEVER going away. The day SPAM can be completed eliminated from the net, well, I certainly wouldn't be on it, cuz it must not be a free net. One of the pain of freedom is that those you do not like are also free to do the things you do not like for them to do.
We should battle SPAM the right way, not by banning it or attempting to. Suing the company for wrong advertisment (if they did.) Ordering from the company then returning the product. Credit card charge backs are in the average range of $20 per charge back for internet companies. Imagine if 1,000 people ordered then cancelled their orders. $20,000 in extra fees for the company selling the junk.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
Let's get a collection have this man removed from the planet in a very slow and painful way.
It amazes me just how ineffective our government can really be at times.
- Zav - Imagine a Beowulf cluster of insensitive clods...
The most effective tool I have seen so far is greylisting. greylisting reduced the amount of spam from 3000 to 6000 a day to 5 to 10 spam a day. Include spamassassin and the spam that does get through greylisting gets nailed. spam problem solved.
Now if everyone greylisted the spammers would be out of business. But people here, which should be technologically knowledgable, seem to just complain about spam. Implement greylisting on your servers along with spamassassin! You will not regret it.
Since doing this I have actually been able to get back to real work instead of worrying about spam.
You have the right to speak. You do not have the right to be heard; nor do I have the obligation to listen to you or assist you in speaking.
Your last sentence sounds like an argument for a completely unregulated medium being a bad thing, which is probably not what you had in mind but given the Net today is starting to make sense.
Please use spam in lowercase when talking about UCE. SPAM in uppercase refers to the meat and is a trademark of Hormel.
SPAM will continue to exist until people stop making spam profitable. It's a bad side effect to greed. People will do anything for a buck.
Legislation won't help.
Why do you categorically state that it won't help? Suppose that there was legislation passed that made spamming punishable by a lengthy prison sentence? Are you going to tell us that it would have no measurable effect on the problem? Spammers may be scum, but damned few of them would want to risk being sent to a federal pound-me-in-the-ass prison (where they could continue to help men increase the size of their penises).
Bank robbery is profitable and you don't see the average bank getting robbed 140 times per day. Mugging is profitable, but, you don't get mugged multiple times per day. Nor do you see anyone saying that we should repeal laws against bank robbery and mugging, either.
Make spamming illegal and punishable by jail time and hefty fines. Figure that the average person takes two seconds to deal with each spam. So make the jail term 2 seconds per e-mail sent plus $.01 per e-mail as a fine. Let's talk about the spammer in the article. He sent 60 million spams over a four day period. Multiply that times 2 seconds and that equals 120 million seconds, which is 1,388 days in dail. That's 3.8 years, and $600,000 in restitution. Now that would dissuade spamming and would make the punishment appropriate for the crime.
I think many people aren't quite clear on the first amendment. It says roughly that we have the right to say what we want. However, it does not say that we can force people to listen or that we have any right to be heardd.
It should be noted, before I say anything else, that corperate speech does not fall under free speech. General unsolicited email might be covered under the first amendment, but spam advertizing something business related isn't.
Additionally, sometimes what people consider free speech crosses over into things which are illegal. You can tell something, but if you follow them around and continue telling them, that could be considered harassment. You can put up a protest, but if you threaten people or indimidate others or keep people from getting to work or cause a large disturbance or many other things, you're protest has crossed the line of what is legal.
The point is that you can say whatever you want when it doesn't affect anybody else, but we don't live in a vacum and your right to swing your fist ends where my nose begins.
The actions of spammers are destructive and cost people time and money, even if you ignore fraudulent spam. To say that it should be legal by first amendment is to ignore much of the issue.
8.30AM: Wake up as Ozzie the mechanic starts work at the garage.
9.00AM: Get pulled out and made to remove some nuts from a 1950's Chevvy.
10.00AM: Get pulled out again and made to tighten same nuts.
10.30AM: Get put back in the toolbox along with all my cousins, as Ozzie has his coffee-break.
11.00AM: Get pullled out and made to remove the differential from an off-roader which went off-terrain.
12.00PM: Made to put differential back on off-roader, and used as a paper-weight as Ozzie goes for his lunch-break and reads the newspaper.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Time to start RBL'ing all of the US then, I guess.
Although I'm kidding, once upon a time simply ignoring incoming connection from Asia and Russia would effectively reduce spam for certain companies. Of course, they couldn't do business in those countries, but most of them never would.
Spammers migrated to the Netherlands for a while, and that's one of the countries most of the customers I work for happen to do business with, and now I need to rely on the "traditional" means (read: spamassassin, RBLs, etc).
Why don't we have a secure alternative for e-mail yet? *sigh*
My ISP is helping me a bit with this one. They add a custom header to mark things that have been RBLed so I now have set one of the labels (purple in my case) as "known spammer". I then added a message rule that reads essentially if "X-Warning RBL" = "Listed" then label message "known spammer", mark as read, and move to "Junk" folder.
This way when spam comes in that Thunderbird does not detect on its own, but my ISP has flagged, I don't get notified that I have mail, it gets moved into the Junk folder, and turned purple to verify WHY it's there. This has simplified my life.
Hey!!! the parentheses are good for something
A mortgage is a serious transaction ... so why in the hell would anyone in their right mind trust somebody who can't even spell mortgage in an honest way? It baffles my mind!
No thanks, I'll pass on that m0Rt~ga'gE offer, you shithead.
Skiers and Riders -- http://www.snowjournal.com
DIE SPAMMER DIE!!!!!
no more a day in the 'life' of a spammer
"Currently, 86 percent of the total spam volume is coming from the States."
:)
.... I am in Costa Rica now .. spam sux here too bigtime ... my "sherd" external cable ip cannot send mail to anywhere anymore since some moron spammed the hell outta that IP :(
maybe I should change my settings on my mailservers and block US address-space and open it up for china ?
maybe not
Is to watch the MTA/MTR of people that _send_ millions of mails in a few days. Nmae one ligitimate reason to do so?
Stop the source.
I think it should be pretty obvious doing it this way, and you don't need to snoop - just log counts will tell.
The solution isn't to stop it on it's way! You got to stop it being sent. This shit eats up the Internet by fact of being sent.
Take snailmail junk mail - even though you throw it away anyway, the post office still charges for the postman to deliver it (and pay him) - if he didn't, then he, you and the post office would be a lot better off!
[Whois information is made public in order] to provide contact info for complaints. A domain name is governed by similar rules to a business. If you want to operate (the domain) in public, you need to make public your contact info.
That's just silly though. I would be MORE offended by someone calling me directly to complain about content on my web site than anyone could possibly be offended by what's on all of my web sites (and trust me, there is some very offensive material there, no, not porn). MAYBE a phone number, ok, but no one needs my personal address. If someone was offended enough, they could hunt me down and kill me. That's kinda scary
I'd probably rather have a person file a complain with whatever govt. entity would deal with such a thing. People get offended by the stupidest shit these days, I think the govt. would put the smack down and tell them to shut the fuck up, unless it was actualyl legitimately offensive, which you know 99% percent of the time it wouldn't be.
Luckily all my domains were registered several years ago when I lived in another city. You think I'm going to take the time to update the whois information? HA. Fuck that.
For that matter, phone numbers are the same way. By default, your number, name, and address are public info. One must pay extra to get an unlisted number.
By default, yes they are, that doesnt make the default a good thing though, does it? I used to have Qwest, who we've all heard wonderful things about, they charge 75 cents per month for an unlisted number. They say it "costs them extra money" to not include your name/number in the phone book. Yah right, bastards, it takes the click of a mouse to check that box that says "Dont include in phonebook" and it's done.
Joseph?
What about from China and Russia?
John Kerry is a Joke!
Its down. Slashdotted? Or has some public spirited citizen dealt with them?
"Physics is to math as sex is to masturbation." -R. Feynman
Freedom of speech does not include the "freedom" to use other people's private property without the owner's consent (or, in this case, against the owner's express prohibition -- and wilfully so, as evidenced by the use of filter-evasion tricks).
/. If the government wants us to respect the law, it should set a better example.
Any marketing, whether political, charitable, pre-existing "relationship," whatever, where the cost is directly borne by the recipient should be illegal. Period.
NOW, DAMMIT!
Why is it so hard for the useless pieces of dog crap that have weaseled their way to public office to grasp this? What kind of retards have we been voting for, anyway?
If there are any government officials reading, I am most certainly talking about YOU. Get off of your ass and start explaining this in nice, short, idiot-proof words to everybody you can get your mouth in front of!
Comment removed based on user account deletion
The original idea of cable TV was to be commerical free. We pay for cable TV just like we do for our internet connection. I consider TV commericals SPAM. I did not ask for it, but likewise they advertisers always go, "We have to make profit."
Don't you see the basic difference between spammers and TV advertisers? (I thought cable TV was originally so rural people in valleys could receive TV signals, but that's veering OT). Advetisers in TV, radio, magazines, Web banner ads, all PAY to have their ads put up. Spammers STEAL bandwidth (not just from the receiver and his ISP, but from overseas open relays and spamming viruses on DSL-connected home Windoze machines) to deliver their crap to your inbox.
Spam is here to stay. It is NEVER going away.
This is scary and depressing stuff, I'm terribly afraid that I agree with you on that statement...the Junk Fax law didn't even stop junk faxes, though there's a lot fewer junk faxes than there might have been without the law.
We should battle SPAM the right way, not by banning it or attempting to. Suing the company for wrong advertisment (if they did.)
Good idea except spammer companies morph as fast as they can process the credit card charges. By the time you get who's behind the PO box they've moved on.
Ordering from the company then returning the product.
Return it to where? Presuming there's a place to return it to (and that they actually return your money), it might be illegal to buy something with the intention of returning it to harrass the seller. I agree with the sentiment, but the methods we (TINW) use should be on the high road.
Credit card charge backs are in the average range of $20 per charge back for internet companies. Imagine if 1,000 people ordered then cancelled their orders. $20,000 in extra fees for the company selling the junk.
Spam "companies" will just "go out of business" faster, get orders for the first day or two then close their accounts before most of the chargebacks, and move on, again spewing as a new company and a new merchant account. I can see where this could actually increase spam as spammers try to keep ahead of faster turnover of accounts.
I've seen most of these methods (SPAM-L mailing list and news.admin.net-abuse.email) tried against spammers with varying, usually only mild to moderate success. I don't want to discourage any and all (legal) tactics anyone can think of against spammers, but it's an uphill battle. Google on Benchmark Print Supply, a brick-and-mortar operation that spammed for YEARS despite legal injunctions specifically telling them to stop.
Tag lost or not installed.
"If you don't want to, you don't have to read your e-mail."
== Jez ==
Do you miss Firefox? Try Pale Moon.
How about "The LAST day in the life of a spammer?" That might be more entertaining.
What anti-spammers are trying to put legitimate bulk mailers out of business? Maybe some small time antis are doing that. The major anti-spam groups and lists are not. But some do try to put spammer harboring ISPs out of business, which can affect their other customers, so maybe that is what they are confused about.
now we need to go OSS in diesel cars
One good effect of the CAN-SPAM law is ... although spammers are improving on defeating this effect ... it forces spammers to be more easily identified to be "legal". That makes it easier to identify them for the purpose of tracking them, or blocking them, or forcing their ISP to terminate services if their activities are inconsistent with the services provided by that ISP, or blocking their ISP if that ISP intentionally serves spammers. This benefit is not enough, and is greatly offset by the fact that the overall spam volume has gone up tremendously since the law went into effect (my spamtraps show a 5X increase between January and July of 2004).
now we need to go OSS in diesel cars
Errr, hangon, you're telling me that I'm subsidising companies posting me junk mail? 'cos without some statistics to back this up, I'd suggest that actually their postage costs are paid entirely by them. I believe actually my postgage costs are subsidised by the bulk mailers...
:) I need to talk to work about not allowing inbound e-mail that claims to be from our domain - if I can pre-sort anything from @ into a non-spam folder, it would make things a lot quicker, too.
You're right though, the real problem is the standards. What we really need is sender validation, and enforced AUPs You send spam, you get cut off. If your ISP doesn't cut you off, their upstream provider does. At the moment, tracking down whose fault e-mail is, is somewhat time consuming.
Being able to work out where e-mail actually originated from would help, too. For example, e-mails to any of my support addresses (for students at the university where I work), from homes in America, can be assumed to be spam
IM 2000 would be another good way of solving this. It would at least cut down on the impact of spam to non-existant addresses, as each takes up less bandwidth, and should help with the zombie problem, as users with infected machines are likely to notice their send-queue full of spam (especially when they run out of quota for e-mail storage).
Anyone else got any good ideas, while I'm at it?
and this is, in my opinion, why spam continues to proliferate. if users stop clicking on the links in spam, there will be no reason to send it anymore.
but, since our sysadmins can't even convince users to stop opening suspicious attachments that turn out to be viruses, i guess this is never going to get solved.
scott king
We need another B Ark.
-- n
I am as anti-spam as a person can get. I battle it every day in my job. I had an incident with another employee this week that makes me wonder if I'm thinking correctly. I'd be interested in other opinions.
Ordinarily, email coming in from the outside goes through a different email gateway than outgoing email. I temporarily took down one of the gateways and reconfigured the remaining one to do all the relaying for both incoming and outgoing email. It also did the spam detection on all email, both incoming and outgoing. It detected spam being sent out from an employee to his home account as a test. I spotted it and talked to him about it. This was most definitely an advertisement. I asked him if he read up on the spam laws to be sure what he was planning was legal. He said, "This isn't spam." He was intending on sending it out to all of our customers of which he has the email address on file for legitimate business reasons. The customers had signed agreements that stated they wanted one particular type of email sent to them as part of our business relationship, but it said nothing about advertising. I told him that the customers would have to sign another agreement that allowed the advertising and/or an electronic opt-out list must be set up and maintained if he wanted to send out this type of email.
I've also gotten an unsolicited text message from my cellular phone provider advertising free text messaging for the next 2 months after I told them I wanted no telemarketing calls. I have never used their text messaging so never even thought of telling them I didn't want advertisements by text messaging. In addition, I've received an advertisement by email from my Internet provider. This email didn't provide any means of opting out.
Now, in my mind each and every one of these situations constitutes advertising that is now illegal. Am I over-reacting on any of this? I'd be interested in seeing the comments of others on this.
But why is the rum gone?
spammers, legitimate bulk mailers and scammers alike
That sounds like someone is saying there are two kinds of spammers: one kine are "legitimate bulk emailers", and the other kind are scammers.
No doubt this is intentional confusion on the part of the spammer to claim legitimacy in sending unsolicited email, using the argument that he's advertising "legitimate products" instead of chain-letter scams, thus he is a "legitimate bulk emailer."
There is a lot of true legitimate bulk email, such as discussion mailing lists to which the recipients have subscribed themselves (the email equivalent of Usenet), but this has no relation to what the spammer is talking about.
Tag lost or not installed.
The First Amendment guarantees the right to speak; it does not guarantee an audience. Spam forces you to be part of the audience. It does not respect your choice to be left alone and ignore the person exercising free speech. Spam is the equivalent of 20 door to door salesmen sitting in your living room waiting for you to come home after work. Just because you don't have steel doors and bars on the windows doesn't mean that they aren't encroaching on your property.
Some spam at least gives you an excuse to get a closer look.
Table-ized A.I.
Walt Rines - That's the son of a bitch that killed my message board (for an evening, anyway). At an antispam/antispyware message board that will remain nameless (but trivial to guess), an anonymous user posted a large, entertaining page of collected "dirt" on ole Walt. This included his home address, several phone numbers, a slew of information about his other ventures (did you know the honourable Mr. Rines is responsible for that spyware-laden piece of crap "Kazanon"?), and similarly-dug dirt about his upstanding family members. Some excerpts:
e ssmen"
Walt's sister sells "Gravestone Artwear" and "Goddess-Sized Medieval/Pagan/Gothic Attire" (Jesus, it makes you shudder to put a visual to THAT one, doesn't it?) under the way-cool, groovy, far out New-Age monniker of "Lily Moonstorm".
Business Address & Phone:
Her business email, , is obviously the place to order 8 million cases of black lipstick, granite earrings and goddess-sized marble dildoes. DON'T MISS THIS AMAZING OPPORTUNITY!!!!!!!!!!!
Then there's Jason C. Rines, Walt's scumbag brother and "opt-in" spammer. Former "VP for Sales & Marketing" for Walt's now-defunct gtminet.net, Jason learned at the knee of the master (or was that BETWEEN the knees, Jay?)
And now he's got his Senator-the-Corleone-family-are-respectable-busin
speech spiffed up real nice--but he's the same old chickenboner in a shinier suit.
Now CEO of MediaHeights, LLC (mediaheights.com, impulseinteractive.com, emailresults.net, market research.net and other spam palaces), Jason apparently dabbles in magic, too, making a "Suite 305" appear in half the buildings in Dover, NH---including those without a third floor.
Dangerous work, magic, so Jason and his "lovely" wife Regina "opted" to live out in Rochester, NH, where they're less likely to be hit by one of
those flying suites.
Perhaps you'd like to call him at home () and discuss, say, the finer points of prestidigitation.
Alright, Walt-Baby, let's get medieval! Let's drag out your main squeeze!
Sara , former Telemarketing Queen, is into "Aroma Therapy". (Can't blame the poor girl, since she probably has to shove a bushel of pine needles up her nose every time you drop trou, eh, Walt?)
Sara , Aroma Therapy Practitioner, PO Box Rochester, NH 03866,
(Unlisted # from a CLEC in Milton, NH)
Sara has *cough*cough* nothing to do with Walt's spy/spam activities. Of course, she DOES use email addresses like @odysseusmarketing.com (a suspended corporation at a dead street address in California with bogus
phone numbers and bogus individuals to contact). Probably drives out there every weekend and picks up her mail from the Los Angeles Post Office, too.
Yeah.
On the other hand, she does have her uses, notably, grunting out Walt's worthless progeny. Probably won't much longer, though, when we post
pictures of Walt and some of some of his "on-the-side" Hip-Hop Bimbos.
Anyway, the cunt rag called up our WWW host making various threats, and succeeded in getting the board chmodded to 000 until they could be bothered to pass along the complaint. At the moment, the board "should be" up again (but isn't, because these boneheads can't seem to keep a copy of mysql running more than a couple days this week) with the spammer's valuable "opt in" information temporarily removed.
We'll be looking for an upstream with bigger, brasser ones to limit this kind of annoyance in the future. Any recommendations on a balls-of-steel host that will serve 40GBytes+/mo on the reasonably cheap?
Caveat Emptor is not a business model.
Because of the Boulder Pledge and my unwillingness to become a spammer myself to promote these two programs, I ask you all this question: Will you reward my efforts and purchase my shareware mailserver program after trying it out first? When properly installed and configured, see for yourself how it blocks spammers altogether or 'safes' hostile email content and clearly and symbolically identifies the message's 'spamlike' attributes on the email message 'Subject: 'line. Email containing content unwanted by the recipient is automatically 'deleted' and *NEVER* appears in their inbox! In doing so, you will help reduce email spam and malware and reward my efforts to provide you the tools to do so. If both programs were in wide use on the internet, spam and malware would be 'almost impossible' to distribute.
Bryan Taylor
iamcf13@hotpop.com
SpamByte code: 7
(see http://www.cf13.com/game-over-spammers.htm )
http://www.cf13.com/press-release.htm
All email containing unwanted content will be summarily deleted or reported as spam.
Ads in the newspaper pay for the paper. It costs a lot more than $.50 to make a newspaper. That probably covers the printing cost, but there was a whole staff of reporters, editors, photographers, etc that went in to making it. They all need to be paid, just like everyone else. So I accept that the ads are part of that.
However, *I* pay for my e-mail account. I pay a hosting company to give me space on a server, part of that space being e-mail access. There is no ad subsidy here, it's a straight cash for services transaction. SPAM is from a third party, that is then abusing that. Their ads don't lower my costs, in fact they raise them. My cash-for-service agreement is that I get a fixed amount of bandwidth per money for my cash. SPAM takes up part of that bandwidth with shit I don't want.
So in one case the ads are beneficial, they lower my cost, and they are put there by the people that produce the document. In the other case, the ads are detremental, and are put there by a theird party. Gee, I wonder why I'd hate one not hte other?
There's also the fradulant nature of SPAM. If there is a newspaper ad for pizza from Pizza Hut, that's a real offer. Pizza Hut honestly wants to sell me a Pizza, and will do so if I call them and buy one. It'll be a real Pizza, and what I expect. SPAM isn't like that. If I order a pill gaurenteed to make my penis bigger, it's a crapshoot that I even get anything or they just steal my money. If they do send me something, it won't be a pill that makes my penis bigger. Why? Because such a thing DOES NOT EXIST. It's a scam, and a very unwelcome one at that.
So I personally see a major difference between SPAM and classic advertising. Normal advertising helps pay for the item you recieve, and it more genuine than fradualant. SPAM increases the cost of the service you recieve, and is more fradulant then genuine.
Among other problems with implimenting a charge-per-email, I'm on several list which have hundreds of subscribers. At as little as a penny per email, sending a single message to one of these list would cost (either the sender or the list owner) SEVERAL DOLLARS. Discussion list traffic would go way down, and this is a Bad Thing.
Tag lost or not installed.
Your post advocates a
( ) technical ( ) legislative (x) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(x) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
( ) Requires too much cooperation from spammers
( ) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
( ) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
( ) Jurisdictional problems
(x) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
( ) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
( ) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(x) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
(x) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
( ) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
This is yet another content filter. The real solution to spam will prevent my servers and bandwidth from being overloaded by spam, rather than use even more of it to to accomplish keeping it out of my mailbox. The ultimate solution is to have spammers disconnected from the internet by their ISPs, or disconnect their ISPs if the ISP continue to help spammers steal and waste the resources I pay for. You say you don't have a mail server and don't need to be worried? How much is your ISP charging you? How much is your ISP taking out their own profits to cover the costs of spam you just end up deleting?
now we need to go OSS in diesel cars
Comment removed based on user account deletion
And the way things work is that if you have a email address like in a domain registration or any other place, 95 out of 100 mails you recieve in a day, are spam. /dev/null.
I don't know why I should be forced to sort through tons of mails about how I get a bigger dick.
So now all mails in my public email addresses like that are routed to
On my websites, the email adr. are not clickable but a png image.
Clearly, spammers are destroying a communicationmedia, the email.
There is a reason for all these spamfilter companies can make a living selling their software and hardware. It is more than a minor annoyance.
Further more, spammers try hard to avoid getting caught in the measuers taken that can not be understand as other than "go away". Like using hijacked PC's(trojans), open proxies, sending to backup MX etc.
I have no sympaty at all.
For my money/vote, CAN-SPAM is a MUCH bigger issue than what someone did in Vietnam 30+ years ago.
...than a 9mm bullet.
I guess thats true for political spam too.... my god, I'm tired of DMCA and softwarepatents and other IPR absurdity coming from the states :(
Richard Cunningham is also the name of one of the main characters of the TV Hit "Happy Days". Remember that? The Fonz: "Heeyyy, Mrs. C!"
I only post comments when someone on the internet is wrong.
http://www.specialham.com/specialham/showProfile.a sp?memid=265
dollar
Homepage: http://www.spamsoft.biz
ICQ: 155795487
AOL: sencode
Interests: $$
Occupation: online
Gentlemen, start your engines.
I disagree with the article's assertion that "the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world." The US was the spam capital before that: it's where everybody has access to a computer, cheap.
Yes, they do have the right to send spam in this country, but only under certain conditions. Very little spam (effectively none) is in compliance with the CAN-SPAM act. If it was, we'd be filtering it out.
The problem isn't the CAN-SPAM act itself but the fact that there has been almost no enforcement. Well, that and the fact that act prevents people from pursuing it individually, but I haven't seen ISPs pursuing it much, either.
I'd really love to see the FBI nail a few dirtbag spammers, watch 'em spend a few years in prison, and then see if people start complying with the act (and promptly get their spam filtered out).
But it probably won't happen, because the real problem is that the FBI has far more important things to worry about than spam. Terrorism, for example. I work with the FBI and I can tell you nobody there gives a rat's ass about how clogged your inbox is. They'd much rather get the guy trying to kill you.
So the legislation could provide executions for anybody selling v1@gra, and it still wouldn't make any difference. No legislative solution is going to work as long as the executive branch has zero interest in enforcing it.
Folks, "swank" or "dollar" or "sencode" as he's known, is NOT anonymous." His name is Chris Brown.
o _id=ROK1061
http://www.spamhaus.org/rokso/evidence.lasso?roks
I'm not going to give you a street address. You can find that on your own, and besides, I know full well what you're likely to do with that info once you get ahold of it. I'd prefer not to be attached to that kind of behavior.
I disagree with the article's assertion that "the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world." The US was the spam capital before that: it's where everybody has access to a computer, cheap.
Yes, they do have the right to send spam in this country, but only under certain conditions. Very little spam (effectively none) is in compliance with the CAN-SPAM act. If it was, we'd be filtering it out.
The problem isn't the CAN-SPAM act itself but the fact that there has been almost no enforcement.
Well, that and it officially changed the paradigm to "opt-out" for the poor spam victim instead of the (always alleged) opt-in.
In the article, they even mentioned about the addresses that were trawled. But that no longer matters because of CAN-SPAM; the slimeball spammers don't even have to pretend that the user consented to getting mailed.
That's a HUGE paradigm shift.
include $sig;
1;
Create a legal penalty for spamming, and the spammers will just go overseas and/or start working harder at covering their tracks. There is no infrastructure on the worldwide e-mail system that ensures that you know or can find out who is contacting you. This will make this law almost unenforcable. Besides, a legal solution is always the worst possible solution and should be chosen after any other options. As evidence, I present the DMCA and prohibition.
The real problem is and always has been that SMTP is a piss-poor protocol for handling this problem, and it is vital that it gets replaced. I don't want to hear about growing pains - ISPs can implement both protocols and leave it up to their users to choose which one to work with. I imagine that everyone will move to the new protocol of their own volition fairly quickly, and as soon as spammers lose their anonymity they will be out of business because we will be free to retaliate. All without ever having to deal with the law.
And while we're at it, we can make the same update for Usenet. I'd love to see a spam-free Usenet, especially since I didn't get on Usenet until after the spammers had already turned it into a radioactive wasteland.
I'm tired of the argument you make honestly. A little "collateral damage" does not cause a business to go "out-of-business".
I host a mail server for 2 (small) businesses, both rely on their web site to win customers. Both sell products which require communication with the customer (usually through email).
The mail server gets about 6000+ emails per day. As of now:
- Spamhaus SBL blocked 1084 (16%)
- Spamhaus XBL blocked 2014 (30%)
- Spamassassin caught 2067 (31%)
- The virus scanner caught 105 (2%)
only 1337 (how funny) or 20% were delivered today.
Are there falso positives? Maybe. Are they killing the businesses, which rely on customer communication - NO!
Going throught 1000+ spam emails a day would CERTAINLY have them go out of business. In fact, both business owners decided to have the Spamassassin spams discarded serverside. As in, they dont even want to go through them to check for false positives (anymore). Why? Because once again, if they had to check 1000 emails a day for false posisitves, they would never be able to read their legitimate emails.
Also, maybe there are some customers who try emailing them once and then give up, but I would suspect that most people are smart enough to pick up the phone or try a different form of communication.
Both businesses, are doing fine.
So it's a business tradeoff. Maybe you lose a few people through false positives, but you're gonna get your other customers served quicker and can build a reputation for good service.
YMMV
Cheers,
Andre
Well actually I don't get spam but that is because I use a very paranoid email strategy.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
You have a meeting at 14:00 on Thursday to discuss purchasing a house from a 19 year old virgin Viagra sales rep you met at a mortgage expo last week at the university.
"He who throws mud, loses ground." - proverb
Actually, for me the worst failure of CAN-SPAM is its failure to distinguish between bulk and personal messages.
I am a theater producer. If I write an email to a theater in the area and say, "My troupe would like to perform at your location; what are your terms?", as far as I can tell I've just sent a unsolicited, commercial email. "Commercial" is undeniable, and "unsolicited" is arguable if I've written to a general info address rather than a specific email address designed for such communications (which often don't exist.)
I don't believe that's what we think of as spam. To me, spam has a scattershot effect: not just unsolicited but almost certainly unwanted, because they make no effort to tailor the mailing list. Their "target market" is fools who will r e f i n a n c e their m0r+g4g3.
I believe that the act is deeply flawed, but I still think the real problem is enforcement. A few public drawings-and-quarterings of convicted spammers would make me a hell of a lot happier. I'll worry about refining the definitions, and cutting out the spam-spewers from overseas, once the closest, most obvious offenders have been either jailed or filtered out.
1) Check if the connecting IP address is a bonafide MX'ed mailserver on file with the DNS system.
2) POP3-BEFORE-SMTP for all other IP addresses at the MAIL FROM command to restrict SMTP access to the mailserver to only authorized users who are not connecting remote mailservers. Another 'siderule' would prevent 3-rd party relay abuse by prohibiting email from a third party domain from being passed through one of the two domains who take part in an SMTP session. In a perfect internet, only bonafide, properly DNS registered mailservers would transfer email like so:
Doing this would simplify tracing emails as there is no apparent reason for a non mailserver IP to 'talk' to anyone other than their own ISP's mailserver. Blocking port 25 outbound does nothing but funnel the spammers spam through the ISP's mailserver. By the time the complaints come and the spammer's account is suspended/terminated, the spammer has likely moved on to another acount at another ISP to repeat the process all over again.
3) If either test fails, drop the TCP/IP connection.
I know rule number 1 doesn't work in real life as I have 2 examples I know of:
1) My email domain, hotpop.com, uses 'hidden mailservers' not on file with the DNS system that appear in the 'Received:' lines of past email messages I've received.
2) The last time I checked, the mailservers at hotmail.com service both hotmail.com and msn.com -- there aren't any mailservers at the msn.com domain (Microsoft's Online Community).
Because of this, I have to use elaborate, but effective ways to stop the spammer from spamming. For starters, I limit all remote IPs to 1 connection. Any more than that will result in a long delay and a 'already connected' 421 error message sent back to punish multithreaded spambots. Next is filtering against a IP and/or sender email/domain blacklist. If found on either blacklist, the spammers time is wasted and a 'blacklisted' 421 message is sent. Should they spam by using the DATA command, the message, like all messages received by my mailserver at this point, is 'safed' of all potentially hostile content and scanned for 'spammines' and their time is wasted after sending the spam in proportion to the 'spamminess' of the message denoted by the message's SpamByte 'score': the spammier the message, the longer the spammer has to wait for their spam to be processed by the mailserver. If the spammer disconnects before the delay expires, their spam is summarily discarded. This will reduce the influx of spam to the mailer daemon part of the program. Sending legitiamte email will result in little or no delay. Surviving email have their spam score inserted on the email subject line. This allows recipients to 'preview' a message at the email header level before downloading it. This will also permit *MUCH SIMPLIFIED* rules-based filtering in the email client. Local email delivery is attempted by the mailer daemon part of the mailserver by comparing the SpamByte score of the message with the SpamByte 'mask' of the recipient.
Any email containing content unwanted by the recipient is 'deleted' and *NEVER* appears in their inbox! Automatic, recipient-based email filtering!
As a result, system resources are conserved as mail is refused to recipients that are 'over quota' as well. Incoming email messages that are processed are logged and saved to disk. This can
And 74% of stats are made up on the spot.
I hate sigs.
Here is what burns me when spammers make the claim that they are like bulk mailers. A bulk mailer or any direct mail marketer pays for each piece of mail he or she sends out. On the other hand, we all wind up paying for the spam that is sent out by these guys in increased costs for the ISPs which eventually result in slower expansion of technology and/or increased rates for consumers.
So here is my proposal, for what little it's worth, make any person who wants to spam, i.e, send more than say 100 emails to people who have not registered to recieve them, pay for a license that is based on the number of emails he or she is going to send. Perhaps they should be charged a penny per email. The money can be used to pay for the computers for schools and public libraries, expanded Internet capability, and to enforce the anti-spam laws.
The price might be too high, or perhaps even too low. That's not the important part. The important thing is to make it clear to people who send unsolicited emails that the bandwidth they are using has a cost and that they will pay it.
-All that is gold does not glitter - Tolkien
www.ra
The remaining 140 or so are spam. No, I'm not exageratting the numbers
No, you're lucky, your spam levels are pretty low.
Here's the spam to my mail server that was just blocked outright by IP address, for about half the day today:
129 messages from ONE cable modem in Ohio
220 From a known spam operation that's been targeting us
226 From AOL users in Mexico
371 From cable modems caught by SORBS
1508 From China (yes, I'm blocking whole countries at the SMTP level)
4146 From Korea
4257 From cable modems blocked by NJABL
15626 From known spam sources blocked by SBL-XBL
3984 blocked by my greylisting software and my own spamtraps
That left 1443 messages that hit my spamtraps, and 483 messages actually delivered, most of which were blocked by header and body filters.
I presume all the previous posters (mostly US) who advocate blocking entire countries for relaying spam, will now volunteer to cut america off from the world.
:)
Certainly most of the civilised (and uncivilised) world will be happier for that
In the God-Blessed United States of America:
- They eat junk food
- They grow junk genetically-modified food
- They have a junk culture
- Their education is junk
- Their understanding of the world is junk
- Their divorced family units are junk
- Their newspapers publish junk news
- Their CIA present junk evidence for war
- Their president only talks junk
- Their government is fighting a junk war in Iraq
- Most of their software is junk
- They dress like junk, no taste whatsoever
- Their society is junk
- Even their christian sects are junk
Every day, I pray that the American Empire is destroyed. It will come. Every Empire eventually fell.
You just came up with Assasination Politics. I was wondering when someone would mention that.
would be whether Spam is taken at lunch.
Know your pads. One time pad: good for cryptography. Two timing pad: where to take your mistress.
It doesn't matter how good the technology is, if there is a way for someone you don't know to send you email, then there's a way for a spammer to send you spam.
Email addresses are cheap. Domain names are cheap. Blocking forged addresses will just mean that a spammer will buy a new domain name for each spam run, at a cost of $9.00 every other week or so - $9.00 which he'll simply pass on to the moron paying him $1500 to do the spam run.
Spammers ultimately want you to give them money. Assuming the govt actually wanted to enforce the laws, you would pass the email to the FBI, they follow the instructions and attempt to buy their product. Once they've accepted a credit card number, they are identified. Even if they can't be prosecuted, due to being overseas (though the majority of spammers are American residents, and I doubt many have the will or resources to emigrate) the credit card companies can cancel their merchant accounts (which are not all that easy to get) and do chargebacks. Actually, if there were real penalties, the credit card companies would be gatekeepers. Then spammers would resort to "fold a dollar bill in brown paper and mail to... which would open them up to mail fraud. really, it's easy if, and only if, the government wanted to.
funny how with each new slashdot story on spam, first 64 percent of spam comes from russia, then 72 from china, then 43 from who-knows-where, and now 83 percent from the US. hmmm....
"the only products he deals with range from legal advertisements for herbal supplements or leads programs"
*cough* viagra *cough*
This statement is forty-five characters long.
So the legislation could provide executions for anybody selling v1@gra, and it still wouldn't make any difference. No legislative solution is going to work as long as the executive branch has zero interest in enforcing it.
What about legislation that allowed sysadmins to act as judge, jury and executioner for spammers? Basically legalize vigilate justice and lynch mobs for pursuing spammers. I'd be happy to use up all of my vacation time this year to spend a couple of weeks taking my turn in the anti-spam death squad.
"Listen: We are here on Earth to fart around. Don't let anybody tell you any different!" - Kurt Vonnegut
SpamAssasin rated today's Slashdot newsletter as a 5.2, because the description of this article talks about mortgages and AOL users clicking.
Final 2006 "Proof of Global Warming" US Hurricane Count -> 0
I simply put up something like this:
"What colour is this square:"
(random red, green or blue square)
"Select the colour of the square from the buttons below, and click 'go'. If you are colour blind, blind or anything else that prevents you from seeing this image, here's a hint: it's (colour)
O Red
O Green
O Blue
[Go]"
The day an address collection bot gets through that to my address, I'll give them permission to spam it. (It's fine, I'll just change the addr on my website, and delete the old account.)
ND
This statement is forty-five characters long.
"According to Cunningham's figures on mortgage leads, he can get a click-through rate for his messages from anywhere between 1:60 to 1:240, which means that one person will respond for every 60 to 240 e-mails; for AOL e-mail addresses the click-through rate is as favorable as 1:19."
Perhaps AOL should spend the same amount of money educating their customers as they do fighting spam?
Kind of makes you wonder why the spammers don't just spend all their energy on getting past AOL's spam filters and leave the rest of us the fsck alone.
And remember kids: Never trust a computer you can actually lift.
The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2).
It's part of his sales pitch so the figure is probable highly inflated, however, if you are an ISP, it should be possible to measure the HTTP traffic to sites that are advertised in spam to come up with a real figure.
"If the filter uses a challenge response instead of dropping the message on failure"
Google for "spam backscatter" and "spam joe job" and learn about just what a huge problem that is. As you point out, spammers tend to use forged return addresses. So sending a DSN in response to spam results in nearly double the amount of problem mail that the spam alone causes.
Challenge/response systems make the spam problem worse.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
A little "collateral damage" does not cause a business to go "out-of-business".
It depends on the business. I base my statements on the several dozen small businesses I consult for as part of my job. If they blocked mail the way the original poster did -- specifically, if they required everybody to have forward and reverse DNS entries for their MXes -- they would lose huge volumes of legitimate mail.
I do note that your checks don't include that one. That may have something to do with your disagreement.
We configure intelligent anti-spam systems, based on weighted rules with multiple inputs. Third-party blacklists, custom blacklists, technical analysis, content analysis, all with user feedback components, result in a workable anti-spam solution that does not result in lost business.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
Think about it this way. If you wouldn't get caught, would you off a spammer?
This will infuriate many people but I care to submit the following "Alexism" for your careful consideration:
"If someone goes above and beyond the call to become a blight upon society, willfully and purposefully, should they be removed from it? If so when?"
I firmly believe that they should be but hey, that's just me.
BTW, you should not have been modded down. Sorry man.
- Zav - Imagine a Beowulf cluster of insensitive clods...
I'd really much prefer a sanctioned execution system for spammers. In that scenario, sure I'd pull the lever. Either that or they get sentenced to be force fed everything they advertise (and in the event its not tangible, a hardcopy of every message...)
(BTW that guy didn't get modded down - he posted as AC.)
Well you think you'd pull the lever. In fact, I want first dibs and if he doesn't die the first time I'll let you go on the second pull.
Seriously, you could sell execution rights. I think the demand would be rather high.
Ahhh. Deep calming breaths. Relax. Relax.
It's not that I love killing people. I don't. I love killing people who deserve it. And ohhhhh, how they deserve it.
Hugs,
- Zav - Imagine a Beowulf cluster of insensitive clods...
You will note that some cowardly, childish moderator modded down all of my postings in this thread solely because he disagreed with me. He wasn't man enough to debate the topic, so he tried to hide what I wrote so that others would not see it. What a pussy!
Most of the posts were modded down as "off-topic", yet the person which whom I was conversing received no similar moderation. How can two people talk about one topic and yet only one of them is posting off-topic. That's hard for me to fathom.
Since he wasted all five of his moderator points doing this, and since I have karma to burn, at least he won't be annoying others with his use of moderator points as vandalism.
Yo quote your site: How does CF13-POP3(TM) work? 1) It is hostile to spammers and computer crackers. 2) It is simple to use and fast. 3) It is extremely reliable when operating under nominal conditions. Doesnt exactly answer how this works? I am interested in your software, and if its as good as you claim, then count me as a buyer / donator / whatever you classify it as.
Thank you very much for your interest in CF13-POP3(TM), ShepyNCL. Below, I answer your questions about the program. If the information below lives up to your expectations, please by all means spread the word about both programs and give others the URL to this post. I *HATE* email spam and malware and tried to make it 'almost impossible' to spread. My solution is, I belive, the best possible, least complicated, and least expensive solution to the spam/malware problem that I am using it myself to check my own POP3 accounts.
How does CF13-POP3(TM) work?
1) It is hostile to spammers and computer crackers.
This is done by the use of the SpamByte code, by 'neutralizing' unsafe HTML content, and by 'renaming' all incoming file attachments to 'text files'. Allow me to explain these points in further detail:
The SpamByte code is a number from 0 to 255 that is calculated for all messages that are processed. It represents the presence or absence of the eight 'halmarks' of spam. They are, in decreasing order of 'spamminess':
1) File attachments
2) HTML
3) Quoted printable content (usually used with HTML to encode 'unprintable' characters)
4) Percent signs (% - used in commerce and a potentially 'expensive' web browser exploit)
5) Dollar signs ($ - used in commerce and in assembler source code listings)
6) Numbers (0123456789)
7) URLs ( http://www.example.com example.com )
8) Email addresses ( user@example.com )
These attributes are assigned a numeric value like so:
128-attachments wanted 64-html wanted
32-quoted printable wanted 16-percent signs wanted
8-dollar signs wanted 4-numbers wanted
2-URLs wanted 1-email addresses wanted
Therefore, my SpamByte code of 7 indicates I want emails with numbers, URLs and email addresses in them. If you add up the numerical values assigned to these three attributes, you get the sum of 7. The SpamByte scanner 'scores' all email using the above information. The SpamByte of the email is compared with the user-defined SpamByte code using this one simple rule:
All email containing content unwanted by the user is treated as spam.
CF13-POP3(TM) is a command line program. Here is the relavant part of the programs 'startup blurb':
usage: cf13pop3 svr port login pw SpamByte wantspam
svr - server address (e.g. 127.0.0.1 or mail.example.com)
port - server listening port (usually 110)
login - user login (e.g. user@example.com)
pw - user password (e.g. secretpassword)
SpamByte - numeric sum of all email content wanted by user (e.g. 7)
128-attachments wanted 64-html wanted
32-quoted printable wanted 16-percent signs wanted
8-dollar signs wanted 4-numbers wanted
2-URLs wanted 1-email addresses wanted
Some content may be inaccurately identified due
to improper content or formatting.
IMPORTANT: ANY EMAIL CONTAINING ANY UNWANTED CONTENT
WILL BE DELETED IF WANTSPAM=N!
wantspam - Y=User wants spam without attachment extracted.
N=Spam email is deleted.
Use with care as non-spam messages could be deleted.
Sample command line parameters would look like this: