Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Day In The Life Of A Spammer

Posted by ryuzaki0 on from the pay-it-forward dept.

kaip writes "Internetnews.com has a story of a spammer. The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2). Maybe not everybody has heard of the Boulder Pledge... The article also tells how the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world. Currently, 86 percent of the total spam volume is coming from the States."

16 of 313 comments (clear)

  1. Make unsolicited e-mail cost... by Numen · · Score: 2, Informative

    I think MS might have been onto something with Penny Black... if sending unsolicited e-mail (sending to an address that didn't have you on their contact sheet) cost a small micro-payment, it would quickly offset any profits to be made from spamming on the scale described in the article, and wouldn't be prohibitive to those who needed to send the occasional unsolicited e-mail.

    It's either that or get into the murky waters of concrete identity, and of the two the former is the least opressive regime.

  2. sgalton@galtonhelm.com by Anonymous Coward · · Score: 1, Informative

    sgalton@galtonhelm.com

    happy now?

  3. My spamproofing by Clueless+Moron · · Score: 5, Informative
    I use postfix, but sendmail can do the same:
    1. reject_unknown_client is on. This means that a connecting client MUST have a reverse-dns lookup for its IP, and the resulting name MUST resolve back into that IP. This alone blocks most spammers before their client can even begin to send a message.
    2. I use xbl.spamhaus.org. This is a wonderful thing. This blocks not only any box known to spam, but also any box found to be infested by some virus, ie zombies. Once again, this stops them dead before the message even starts.
    3. In the unlikely event that they get past those hurdles, I have a homebrewed filter that watches for bogus HTML tags, since they like to intersperse bogus empty tags in the middle of words in order to foil content-based filters. This simple filter actually blocks 90% of anything that made it that far.
    4. Spamassassin. The few brave soldiers of spam that got this far rarely pass this. I leave this filter near the end because it's rather CPU intensive...
    5. Finally, a simple procmail rule: If my name isn't in the "To:" or "Cc:" line, file it as spam.
    I haven't seen a spam message in, uh, maybe a year or two?
    1. Re:My spamproofing by Clueless+Moron · · Score: 2, Informative
      Once mail gets past the ipcheck/spamhaus, it gets filed to a spam folder which I check occasionally, so there's no problem there.

      Most false positives have come from weird mail clients that don't put me on to "To:" line. It's typically some friend doing a "mass mailing" to all his buddies. I don't recommend the ^To:" filter if you're worried about false positives.

      The ipcheck/spamhaus stuff, however, blocks delivery completely which is indeed a different problem. But here it gets interesting.

      Spammers try to deliver once, and never retry if rejected. By contrast, real mailservers retry if the ipcheck fails (because the reject code is marked as "temporary"). I have a logscanner that tells me if some site has been retrying for 24 hours, and if it looks legit I just add it to the trusted site list.

      spamhaus rejected stuff bounces back to the sender. I've has one case of a legit business being bounced this way, but they didn't mind because it revealed to them that they DID in fact have a zombied machine on their intranet that was spamming! Once they fixed that, they quickly got delisted and all was well again.

      But in short, since I don't run a business, false positives don't worry me much. If I were to run a business, I think I'd stick to just the spamhaus and bogus-html checks. Spamhaus rbl is very reliable and effective.

  4. Opt in lists by mdfst13 · · Score: 3, Informative

    "the simple situation is that I don't need _any_ advertising through email"

    That's a bit draconian. I would like to be notified when Blizzard is releasing a new game or the new Glen Cook book is being released. To get this info from the web sites, I would have to poll (check regularly) the web sites. I would rather receive a notification.

    The key to this is opt in only lists. One way to do this is to make a server with your email provider that allows you to register an email as requested (bulk mail whitelist). Those can go through. Other bulk mail is prevented. There are other methods as well; that is just one example to handle both.

    The real key is no *unsolicited* email advertising. If I request it, I want to be able to see it. Frankly, if a newspaper (to get back to that example) drops off their product unrequested, I would like to be able to prosecute them for littering. Further, a newspaper includes other things besides advertising. Spam does not.

  5. Holy crap... by Saint+Aardvark · · Score: 3, Informative
    Take a look at http://www.specialham.com/. I had no idea spammers were being this open. For example, check this message:

    Anyone interested in an undetected socks 4 bot for computers that you have access to? Completely undetected and self-spreads via unique methods.

    -Executable for sale only (no source)
    -Updates
    -CGI/PHP notification
    -Random Ports or user defined port.
    -EXE only

    aim: ofno
    "self-spreads via unique methods": Hello, I am selling MSDoom.VQY. Jesus Christ.

    And they're sponsored by our old friends, The Bulk Club. Can't we spread a rumour that Osama is actively funding spammers or something?

    --
    Carousel is a lie!
  6. Re:TDMA by CustomDesigned · · Score: 2, Informative
    TDMA replies to an unknown sender and asks to "kindly reply to prove that you are a human". The reply-to is a temporary address with a long serial number. Once added, the address is on white-list. This is 99.999 percent effective.

    And when the TDMA user doesn't use SPF or something to block forged envelopes, they spam the world with their "did you send me some email" replies. And the reply template is customizable - so every TDMA spammer is unique. Also, while using a temporary envelope address for their own reply, the system does not work with other systems that use temporary envelope addresses like SRS or SES. The underlying design assumption is that TDMA is the only anti-SPAM measure worth using.

  7. Re:Our love-hate relationship with business-scum by Vlad_the_Inhaler · · Score: 2, Informative

    I use Mozilla and have been doing so since before they offered a filter. The filter hardly ever has a false positive, but it does miss about 30% of the spam I get - despite training.

    Maybe 20 a day is not enough.

    --
    Mielipiteet omiani - Opinions personal, facts suspect.
  8. Re:Spam: born in the USA. Why? by Anonymous Coward · · Score: 1, Informative
    The US probably has about 25% of the world's broadband subscribers (between 20% and 30% we'll say). The United States ranks 10th in the world in per-capita broadband subscriptions. "The United States also trails these countries in terms of the average speeds available over their broadband connections." (from the same article). Broadband is more expensive in the US than it is in Canada, Japan, South Korea, Sweden, and possibly others.

    I don't see how all this adds up to the US providing some obscene proportion of the world's spam.

  9. Re:I don't get CAN-SPAM by jsebrech · · Score: 2, Informative

    But spammers? They're not particularly organized, as far as I know.

    I would guess it's mainly the direct marketing association that lobbies for weaker spam regulation. They are opposing a national do-not-spam list, and they're the main reason why the do-not-call list has no power.

    Now, they're not that big, but there's not really anyone lobbying against them. At least, not in the ways it counts, through money and people actually in congress talking with congressmen day in day out.

  10. Disposable E-mail addresses by jp10558 · · Score: 2, Informative

    I find the most effective spam blocker is DEA's. You either use something like spamex with it's bookmarklet(well worth the 9.95 a year to me) or get an ISP that provides the service(more and more do), or do it with your own Domain/E-mail server.

    Then, DON'T ever use your real e-mail address. Make a new DEA for every e-mail address you have to give out, and turn it off if it starts getting spam, or when you're done with it.

    Also, use some common sense about where you place an e-mail address.I have to use a DEA for every online purchase, but only once got spam from the account, and rarely get monthly e-mails from the company I bought from - and those opt out easily in my experiance.

    Conversly, when I used a DEA for Usenet posts, I got spam in a matter of minutes, but just turned off the account.

    --
    Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
  11. Single Purpose Addresses by airConditionedGypsy · · Score: 2, Informative
    A cute technical solution to some email woes:

    http://www.tla.org/papers/spa-ndss03.pdf

    --
    I bootleg Fizzy Lifting Drinks.
  12. Network traffic!! by Skiron · · Score: 2, Informative

    The solution isn't to stop it on it's way! You got to stop it being sent. This shit eats up the Internet by fact of being sent.

    Take snailmail junk mail - even though you throw it away anyway, the post office still charges for the postman to deliver it (and pay him) - if he didn't, then he, you and the post office would be a lot better off!

  13. Re:Our love-hate relationship with business-scum by Robmonster · · Score: 4, Informative

    6 months!!! If I had to train a filter for 6 months before it becase effective I would go insane.

    You need K9.

    http://keir.net/k9.html

    RM

    --
    I have no sig yet I must scream.
  14. Re:Our love-hate relationship with business-scum by Nogami_Saeko · · Score: 2, Informative

    Spam has ceased to be a problem for me.

    I use POPFile. http://popfile.sourceforge.net/

    My current stats:

    Messages classified: 9,144
    Classification errors: 67
    Accuracy: 99.26%

    80% of the classification errors were in the first 2 weeks of training - and classification errors are almost always on the "let spam through" rather than "good message marked as spam", so it's not at all dangerous.

    It's easy to set up, and includes instructions for popular email clients. Spammers just can't do much to beat something like this.

    --
    "Nothing strengthens authority so much as silence." - Charles de Gaulle
  15. Yet another content filter - move along by Skapare · · Score: 3, Informative

    This is yet another content filter. The real solution to spam will prevent my servers and bandwidth from being overloaded by spam, rather than use even more of it to to accomplish keeping it out of my mailbox. The ultimate solution is to have spammers disconnected from the internet by their ISPs, or disconnect their ISPs if the ISP continue to help spammers steal and waste the resources I pay for. You say you don't have a mail server and don't need to be worried? How much is your ISP charging you? How much is your ISP taking out their own profits to cover the costs of spam you just end up deleting?

    --
    now we need to go OSS in diesel cars