Slashdot Mirror
A Day In The Life Of A Spammer
kaip writes "Internetnews.com has a story of a spammer. The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2). Maybe not
everybody has heard of the Boulder
Pledge... The article also tells how the CAN-SPAM Act,
which legalises spamming, is turning the US into the spam haven of the world. Currently, 86 percent of the total spam volume is coming from the States."
I thought everyone on Slashdot hated the RIAA, the MPAA, and Microsoft. Why do you keep hyping CDs, movies, and Windows games?
Big corporations are what they are. They sell us cool stuff with one hand and tighten the screws on our freedoms with the other. We hate them every morning and love them every afternoon, and vice versa. This is part of living in the modern world: you take your yin with your yang and try to figure out how to do what's right the best you can. If you think it has to be all one way or the other, that's cool, share your opinions, but don't expect everyone else to think the same.
In short, there are some advertiser communications that we don't welcome into our lives and call "spam", while there are other advertiser communications that we invite into our lives when we go through the Sunday Newspaper looking for the ad circular from our favorite store so we can see what's on sale without having to go there.
Wording a rule set so that spam gets shut down but ads we want to see still get through is quite a tough task to do on a one-viewer basis. It becomes even more difficult to do that on a comminity basis. Some of us want to know what's on sale this week at Best Buy, others couldn't care less.
I just don't see a solution that pleases everybody being possible in this area. It'll always be a game of new regulations constantly going up, but only being effective until somebody finds a way to work around them. We can hate spammers as scum, but that seems like the worst we can do to them at times.
Finnaly, now i can track down this person and kill him as revange for all the porn mail I'm receivning. Wait, that i want... hmz pr0n&spam or no pr0n&no spam... Difficult decison
God,root what's the difference? I read slashdot, there for I errr... am stupid?
SPAM will continue to exist until people stop making spam profitable. It's a bad side effect to greed. People will do anything for a buck.
Legislation won't help. Technology hasn't been able to help that much yet. Basically, advertising is here to stay, and you can do one of two things, make yourself invisible so you can't be advertised to, or accept it.
Companies want you to be a consumer, so that they can keep being producers. There's too many companies, so they are going to fight hand over foot to get their product into your mind in whatever method they can.
-Eric
hrrm.
He's nothin' but a low-down, double-dealin', back-stabbin', larcenous, perverted worm!! Hangin's too good for him!! Burnin's too good for him!! He should be torn into little bitsy pieces and buried alive!!!
Humor from a Genetically Molested Mind
Am I the only one who hates email? People send way too much of it for unimportant things and there is so much spam, you can't get anything done. It almost seems like instant messaging is better than email.
There are some things the US Government is just plain contradictory on because, well, We the People are contradictory on the topic.
We shout out that we have the First Amendment rights anytime somebody tries to tell us not to speak, but then we strugle to find a way to make other people we don't want to hear shut up. The fact is, anywhere you create an unregulated communication medium, the smut, scum, and scam people will definitely show up to play. It's just the way things work.
I think MS might have been onto something with Penny Black... if sending unsolicited e-mail (sending to an address that didn't have you on their contact sheet) cost a small micro-payment, it would quickly offset any profits to be made from spamming on the scale described in the article, and wouldn't be prohibitive to those who needed to send the occasional unsolicited e-mail.
It's either that or get into the murky waters of concrete identity, and of the two the former is the least opressive regime.
Thank god for Instant Message applications, otherwise I'd be lost.
Actually, one of my accounts only gets one or two spams a day, but my main business address gets 1000 - 3000 a day now (after spamassassin, however I need to enable some blacklists, sod the customers that get accidentally blocked) - earlier this year it was 100 - 300, and last year 10 - 50. So in my experience, volumes of bandwidth wasting time wasting productivity wasting SPAM has gone up ONE HUNDRED TIMES in a year or so. Where will it be in 3 years time? It will be unmanageable, enough is sent from compromised machines these days and it will only get worse.
The USA needs to sort out its spam problems, and soon.
This is more proof of why Spamhaus called CAN-SPAM the "National Right to Spam Act."
Blech. Shoot 'em all.
I just don't get it. I mean, Congress bending over backwards to legitimize obnoxious behaviour by big corporations I can understand; that's pretty much what it's for, these days.
But spammers? They're not particularly organized, as far as I know. It's not as if the Viagra-and-penis-extension lobby is a major campaign contributor. So what gives? Are Congresscritters really so consistently stupid right across the board, AND their staff, AND all the IT and telecoms industry lobbyists who must have had something to say?
Or were they worried about the effect of (useful) legislation on political direct-email campaigns? Maybe. But I can't see how that would benefit one party more than the other, so why care?
On page one of the article:
And on page two:
If he ain't scared, why hide behind a false name?
Life is like a sewer; what you get out of it depends on what you put into it...
- reject_unknown_client is on. This means
that a connecting client MUST have a reverse-dns
lookup for its IP, and the resulting name
MUST resolve back into that IP. This alone
blocks most spammers before their client
can even begin to send a message.
- I use xbl.spamhaus.org. This is a wonderful
thing. This blocks not only any box known
to spam, but also any box found to be
infested by some virus, ie zombies.
Once again, this stops them dead before
the message even starts.
- In the unlikely event that they get past
those hurdles, I have a homebrewed filter
that watches for bogus HTML tags, since
they like to intersperse bogus empty
tags in the middle of words in order to
foil content-based filters. This simple
filter actually blocks 90% of anything
that made it that far.
- Spamassassin. The few brave soldiers of
spam that got this far rarely pass this.
I leave this filter near the end because
it's rather CPU intensive...
-
Finally, a simple procmail rule: If my name
isn't in the "To:" or "Cc:" line, file it
as spam.
I haven't seen a spam message in, uh, maybe a year or two?The article also tells how the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world.
I think CANSPAM is an awful law. It overrides much better and stricter state laws, and it doesn't really do anything to reduce SPAM.
However, it seems like a stretch to say that CANSPAM is turing the U.S. into a SPAM haven. I think most spam recieved in the U.S. is tied to U.S. businesses, even if it's sent or bounced through servers abroad. Just because spam from US servers have increased doesn't mean CANSPAM is the cause - you can use logic like that to "prove" that pr0n is good for kids.
I wouldn't be surprised if part of the reason for the increase is that there are more virus-laden compromised computers in the U.S. to relay spam off of.
I have blog like everyone else
It is amazing to me that the ultimate benefactors of mortgage spams are generally banks, one of the stodgy, conversative types of organizations around. (And rightfully so). Now, they need several layers of spam-laundering in order to hide themselves with plausible deniabilty from the spammers. But, it seems to me that an organized campaign to lobby and educate banks and other financial institutions ought to be able to eliminate mortgage spam.
It is the same sort of rage that you feel at someone who cuts you off in traffic, or listens to their voice mail with the volume cranked up. Hatred is a common reaction to extreme rudeness and spam is rudeness taken to the nth degree.
The gut reaction of hatred caused by spam has very nothing to do with logic. When I think about spammers logically I think they should be fined to the point at which their business case is destroyed and in extreme cases (fraud, illegal merchandise) they should go to jail. When I waste 30 minutes filtering mail or miss an important mail because of spam then, just for a second, I'd like to bloody the nose of the assholes responsible for it.
[Set Cain on fire and steal his lute.]
Not american, but still... Yes, free speech. Everyone's entitled to free speech. Everyone's also entitled to not listening if they don't want to - and for me, this is where spam crosses the line. The mere fact that you have to go through so much pain to keep your e-mail box spam free is indicator of how annoying these people can get in order to FORCE you to read their advertisements.
Comment removed based on user account deletion
"As long as it makes me money, I'll continue to do it."
That's the key issue here. As long as spam is profitable people will continue doing it no matter how illegal it is. When 1 in 19 AOL users stop clicking on spam, Mr Cunningham and his friends will go away for good. Personally I haven't received any spam whatsoever since I moved away from Hotmail a few years ago. My university email is as clean as a baby's but and my yahoo.se is very clean (1-2 a week). Most likely because my univeristy has a very competent IT staff.
The further development of filters and smarter users are, imo, the things that will make spam go away... in a few hundred years or so...
8:35 AM: Morning stretches and exercise.
8:55 AM: Pray for forgiveness for being a subhuman piece of filth, hoping to save already-rotten soul from the deepest pits of Hell.
9:00 AM: Shower.
...etc.
--Rick "If it isn't broken, take it apart and find out why."
"the simple situation is that I don't need _any_ advertising through email"
That's a bit draconian. I would like to be notified when Blizzard is releasing a new game or the new Glen Cook book is being released. To get this info from the web sites, I would have to poll (check regularly) the web sites. I would rather receive a notification.
The key to this is opt in only lists. One way to do this is to make a server with your email provider that allows you to register an email as requested (bulk mail whitelist). Those can go through. Other bulk mail is prevented. There are other methods as well; that is just one example to handle both.
The real key is no *unsolicited* email advertising. If I request it, I want to be able to see it. Frankly, if a newspaper (to get back to that example) drops off their product unrequested, I would like to be able to prosecute them for littering. Further, a newspaper includes other things besides advertising. Spam does not.
And they're sponsored by our old friends, The Bulk Club. Can't we spread a rumour that Osama is actively funding spammers or something?
Carousel is a lie!
... about spam, is it just doesn't apply to me. You see, I have a degree in computer science. This means:
1. I don't want a degree from a prestigious non-accredited university.
2. My sex life is well beyond being helped by Viagra, or anything else in pill form.
3. Outsourcing means I can't afford a mortgage (okay, actually I'm employed, but work with my joke).
No, seriously. If 80+% of spam originates in the USA, and the US congress is daft enough to pass laws like CAN-SPAM global ISPs should hold a "cut the link" week and block email traffic from the USA. Just imagine the chaos and media attention that would cause. And it would be media attention is something that makes politicians squirm. A question, though. Can anyone explain to me what would make US lawmakers vote in favour of this bill? It seems like the kind of thing that any semi-sentient 14 year-old would be able to critically dissect as narf idea in about 12 seconds.
...allow me to pimp two of my favorite projects. First up is the Unsolicited Commando project. It's a little java app that spends its day quietly and merrily filling out forms on spamvertised websites with completely bogus - and yet totally real looking - data. It's especially effective against - surprise! - mortgage/refinance spammers, which seems to be the specialty of the dirtbag mentioned in the article. Go check it out, and the source code is available just in case you think something fishy is going on.
The second page I'd like to point you to is here. It's a 'Lad Vampire' antispam page that also targets spamvertised websites, but in a different way. The page links to individual images on the sites and constantly reloads them without caching, thereby burning up the spammers' bandwidth and driving them out of business (or at least costing them some money and forcing them to sell their children on the black market). Be forewarned that the page has no help, no documentation, and *only* works in IE, so don't yell at me about that. The source code is available for that as well, so here's hoping someone can make it more usable in Moz, Opera, ThunderFireBunnyChicken, or whatever browser is your fave.
While your techniques will all stop spam, they will also stop a great deal of legitimate mail (ham). Stopping spam is not the hard problem Stopping spam while letting ham through is the hard problem.
If businesses did what you did, most of them would go out-of-business.
dragonhawk@iname.microsoft.com
I do not like Microsoft. Remove them from my email address.
According to the article
"Richard Cunningham" more than likely isn't his real name; he won't say one way or another. But that's the name that appears on the WHOIS record for Spamsoft.biz, a domain he owns.
Here is the WHOIS record
Email: ProMan@animail.net
Web: www.spamsoft.biz
Quickly! Slashdot his website! Send all your viagra, big tit/dick and Nigerian money to his email account!
This is my sig. There are thousands more, but this one is mine.
Because spammers go where the bandwith is.
From an interesting article with some insights about the reason why most spam is US based:
http://www.compliancepipeline.com/28700163
"The United States is the origin of choice for spammers, said Alperovitch, because of the plentiful supply of cheap high-speed bandwidth. "Spammers need big pipes, and they don't want to pay much for it," he said.
That explains the low percentage of spam messages originating from overseas' IP addresses. The lack of cheap bandwidth outside the United States is stymieing spammers' attempts to scale up the volume of their mailings to U.S. sizes."
And when the TDMA user doesn't use SPF or something to block forged envelopes, they spam the world with their "did you send me some email" replies. And the reply template is customizable - so every TDMA spammer is unique. Also, while using a temporary envelope address for their own reply, the system does not work with other systems that use temporary envelope addresses like SRS or SES. The underlying design assumption is that TDMA is the only anti-SPAM measure worth using.
I'm currently working on a new filtering solution. The first step is SPF record checking. If the sender forged the address of a site that publishes an SPF record, I reject the mail. The second step is all mail now goes through postgrey. Postgrey is a greylist that tells the sender to try again in a while. That actually seems to work pretty well, though it does delay my mail by about an hour. The third step, which I'm still working on, performs two checks. It checks to see if the sender's on a whitelist and if he is, it lets him through. If he's not, it checks to see if the mail's encrypted to my personal GPG key. If it's not, the mail gets rejected (At the MTA, so I don't have to send a bounce message.) I can always eliminate the second step if the spammers ever figure out how to deal with that. I'll be changing the GPG key on a regular basis to keep the target moving.
It's a pretty extreme solution, but all of about 3 people in the world send me legitimate E-Mail and I was getting 200K+ of spam a day. With that S/N ratio, I may as well just turn my E-Mail server off. This is the next best thing.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I find the most effective spam blocker is DEA's. You either use something like spamex with it's bookmarklet(well worth the 9.95 a year to me) or get an ISP that provides the service(more and more do), or do it with your own Domain/E-mail server.
Then, DON'T ever use your real e-mail address. Make a new DEA for every e-mail address you have to give out, and turn it off if it starts getting spam, or when you're done with it.
Also, use some common sense about where you place an e-mail address.I have to use a DEA for every online purchase, but only once got spam from the account, and rarely get monthly e-mails from the company I bought from - and those opt out easily in my experiance.
Conversly, when I used a DEA for Usenet posts, I got spam in a matter of minutes, but just turned off the account.
Opera, Proxomitron-Grypen,GPG 0x0A1C6EE3
You have the freedom to speak on public property. You have no freedom of speech on my land, in my house or on my phone. Or in my computer.
Let me repeat myself:
Free speech does not guarantee you the right to force yourself to be heard if I do not wish to.
If you can't see the value in jet powered ants you should turn in your nerd card. - Dunbal (464142)
http://www.tla.org/papers/spa-ndss03.pdf
I bootleg Fizzy Lifting Drinks.
but I was on hotmail then, on yahoo, my bulk folder does a good job, so I rarely see their junk and I am not annoyed as much. A good spam filter is like Tivo...
After having been a victim of the jacked up job market, How is a man to survive? I can see why some of em do what they gotta do.
The original idea of cable TV was to be commerical free. We pay for cable TV just like we do for our internet connection. I consider TV commericals SPAM. I did not ask for it, but likewise they advertisers always go, "We have to make profit." Why is it that people put with cable commericals but not spam? Then there is the movie theaters. It use to be that if you went there, the previews start a few minutes before the movie time, and the movie starts on time. But today? commericals come first at the time the movie is suppose to start, then the previews, then the movie.
Spam is here to stay. It is NEVER going away. The day SPAM can be completed eliminated from the net, well, I certainly wouldn't be on it, cuz it must not be a free net. One of the pain of freedom is that those you do not like are also free to do the things you do not like for them to do.
We should battle SPAM the right way, not by banning it or attempting to. Suing the company for wrong advertisment (if they did.) Ordering from the company then returning the product. Credit card charge backs are in the average range of $20 per charge back for internet companies. Imagine if 1,000 people ordered then cancelled their orders. $20,000 in extra fees for the company selling the junk.
------ Curiosity killed the cat. {satisfaction brought it back | it didn't die ignorant | lack of it is killing mankind
Let's get a collection have this man removed from the planet in a very slow and painful way.
It amazes me just how ineffective our government can really be at times.
- Zav - Imagine a Beowulf cluster of insensitive clods...
The most effective tool I have seen so far is greylisting. greylisting reduced the amount of spam from 3000 to 6000 a day to 5 to 10 spam a day. Include spamassassin and the spam that does get through greylisting gets nailed. spam problem solved.
Now if everyone greylisted the spammers would be out of business. But people here, which should be technologically knowledgable, seem to just complain about spam. Implement greylisting on your servers along with spamassassin! You will not regret it.
Since doing this I have actually been able to get back to real work instead of worrying about spam.
I think many people aren't quite clear on the first amendment. It says roughly that we have the right to say what we want. However, it does not say that we can force people to listen or that we have any right to be heardd.
It should be noted, before I say anything else, that corperate speech does not fall under free speech. General unsolicited email might be covered under the first amendment, but spam advertizing something business related isn't.
Additionally, sometimes what people consider free speech crosses over into things which are illegal. You can tell something, but if you follow them around and continue telling them, that could be considered harassment. You can put up a protest, but if you threaten people or indimidate others or keep people from getting to work or cause a large disturbance or many other things, you're protest has crossed the line of what is legal.
The point is that you can say whatever you want when it doesn't affect anybody else, but we don't live in a vacum and your right to swing your fist ends where my nose begins.
The actions of spammers are destructive and cost people time and money, even if you ignore fraudulent spam. To say that it should be legal by first amendment is to ignore much of the issue.
8.30AM: Wake up as Ozzie the mechanic starts work at the garage.
9.00AM: Get pulled out and made to remove some nuts from a 1950's Chevvy.
10.00AM: Get pulled out again and made to tighten same nuts.
10.30AM: Get put back in the toolbox along with all my cousins, as Ozzie has his coffee-break.
11.00AM: Get pullled out and made to remove the differential from an off-roader which went off-terrain.
12.00PM: Made to put differential back on off-roader, and used as a paper-weight as Ozzie goes for his lunch-break and reads the newspaper.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
My ISP is helping me a bit with this one. They add a custom header to mark things that have been RBLed so I now have set one of the labels (purple in my case) as "known spammer". I then added a message rule that reads essentially if "X-Warning RBL" = "Listed" then label message "known spammer", mark as read, and move to "Junk" folder.
This way when spam comes in that Thunderbird does not detect on its own, but my ISP has flagged, I don't get notified that I have mail, it gets moved into the Junk folder, and turned purple to verify WHY it's there. This has simplified my life.
Hey!!! the parentheses are good for something
A mortgage is a serious transaction ... so why in the hell would anyone in their right mind trust somebody who can't even spell mortgage in an honest way? It baffles my mind!
No thanks, I'll pass on that m0Rt~ga'gE offer, you shithead.
Skiers and Riders -- http://www.snowjournal.com
The solution isn't to stop it on it's way! You got to stop it being sent. This shit eats up the Internet by fact of being sent.
Take snailmail junk mail - even though you throw it away anyway, the post office still charges for the postman to deliver it (and pay him) - if he didn't, then he, you and the post office would be a lot better off!
[Whois information is made public in order] to provide contact info for complaints. A domain name is governed by similar rules to a business. If you want to operate (the domain) in public, you need to make public your contact info.
That's just silly though. I would be MORE offended by someone calling me directly to complain about content on my web site than anyone could possibly be offended by what's on all of my web sites (and trust me, there is some very offensive material there, no, not porn). MAYBE a phone number, ok, but no one needs my personal address. If someone was offended enough, they could hunt me down and kill me. That's kinda scary
I'd probably rather have a person file a complain with whatever govt. entity would deal with such a thing. People get offended by the stupidest shit these days, I think the govt. would put the smack down and tell them to shut the fuck up, unless it was actualyl legitimately offensive, which you know 99% percent of the time it wouldn't be.
Luckily all my domains were registered several years ago when I lived in another city. You think I'm going to take the time to update the whois information? HA. Fuck that.
For that matter, phone numbers are the same way. By default, your number, name, and address are public info. One must pay extra to get an unlisted number.
By default, yes they are, that doesnt make the default a good thing though, does it? I used to have Qwest, who we've all heard wonderful things about, they charge 75 cents per month for an unlisted number. They say it "costs them extra money" to not include your name/number in the phone book. Yah right, bastards, it takes the click of a mouse to check that box that says "Dont include in phonebook" and it's done.
Joseph?
and this is, in my opinion, why spam continues to proliferate. if users stop clicking on the links in spam, there will be no reason to send it anymore.
but, since our sysadmins can't even convince users to stop opening suspicious attachments that turn out to be viruses, i guess this is never going to get solved.
scott king
Because of the Boulder Pledge and my unwillingness to become a spammer myself to promote these two programs, I ask you all this question: Will you reward my efforts and purchase my shareware mailserver program after trying it out first? When properly installed and configured, see for yourself how it blocks spammers altogether or 'safes' hostile email content and clearly and symbolically identifies the message's 'spamlike' attributes on the email message 'Subject: 'line. Email containing content unwanted by the recipient is automatically 'deleted' and *NEVER* appears in their inbox! In doing so, you will help reduce email spam and malware and reward my efforts to provide you the tools to do so. If both programs were in wide use on the internet, spam and malware would be 'almost impossible' to distribute.
Bryan Taylor
iamcf13@hotpop.com
SpamByte code: 7
(see http://www.cf13.com/game-over-spammers.htm )
http://www.cf13.com/press-release.htm
All email containing unwanted content will be summarily deleted or reported as spam.
This is yet another content filter. The real solution to spam will prevent my servers and bandwidth from being overloaded by spam, rather than use even more of it to to accomplish keeping it out of my mailbox. The ultimate solution is to have spammers disconnected from the internet by their ISPs, or disconnect their ISPs if the ISP continue to help spammers steal and waste the resources I pay for. You say you don't have a mail server and don't need to be worried? How much is your ISP charging you? How much is your ISP taking out their own profits to cover the costs of spam you just end up deleting?
now we need to go OSS in diesel cars
I'm tired of the argument you make honestly. A little "collateral damage" does not cause a business to go "out-of-business".
I host a mail server for 2 (small) businesses, both rely on their web site to win customers. Both sell products which require communication with the customer (usually through email).
The mail server gets about 6000+ emails per day. As of now:
- Spamhaus SBL blocked 1084 (16%)
- Spamhaus XBL blocked 2014 (30%)
- Spamassassin caught 2067 (31%)
- The virus scanner caught 105 (2%)
only 1337 (how funny) or 20% were delivered today.
Are there falso positives? Maybe. Are they killing the businesses, which rely on customer communication - NO!
Going throught 1000+ spam emails a day would CERTAINLY have them go out of business. In fact, both business owners decided to have the Spamassassin spams discarded serverside. As in, they dont even want to go through them to check for false positives (anymore). Why? Because once again, if they had to check 1000 emails a day for false posisitves, they would never be able to read their legitimate emails.
Also, maybe there are some customers who try emailing them once and then give up, but I would suspect that most people are smart enough to pick up the phone or try a different form of communication.
Both businesses, are doing fine.
So it's a business tradeoff. Maybe you lose a few people through false positives, but you're gonna get your other customers served quicker and can build a reputation for good service.
YMMV
Cheers,
Andre
Well actually I don't get spam but that is because I use a very paranoid email strategy.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.