Do Unsubscribe Links Stop Spam?

Kaiten writes "Brian McWilliams of Spam Kings fame has just published a fascinating spammer exposé over at Salon. Using a pseudonym, he was hired to send junk email on behalf of a spam operation that has been burying people (me included) with spam for fake Rolex watches. The article details how the spammers handle the 200,000-plus unsubscribe requests they get each month. Seems that LOTS of geeks actually cross their fingers and click those remove links. And, surprise, surprise, the spammers usually ignore the unsubscribe requests."

That's easy...

[killmenow]

NO

Re:That's easy...

[baryon351]

I'm not so sure. As an experiment early this year, march I guess, I went through my entire junk mail folder in an attempt to get as much spam as I could. What the hell, hey, I'm getting several hundred messages a day and more can't hurt, and even if it trebled it'll help train my spam filter, right? I entered my email address in all the unsubscribe links I could find.

I forgot about it for a while, and it wasn't until 2 months later I noticed an EXTREME drop in the number of spam emails. My last entire week of spam totals 51 emails. Curiously, not one of them contains an unsubscribe link. It's not down to "stopping spam" but it's a couple of orders of magnitude less. I never kept detailed stats on exactly when the drop off occurred, so I can't for sure say the unsubscribe links stopped it, but they certainly didn't add to it.

This story has inspired me to test entering a brand new unguessable email address into unsubscribe forms online, to see what happens coming from the other direction. That's going to take effort to dig up email archives though. I just don't have any spam available WITH unsubscribe links any more.

Re:That's easy...

[BMcWilliams]

Fwiw, if you make it to the end of the article, you'll see that the Rolex spammers actually DID remove me from their lists. (Don't try this at home.)

Re:That's easy...

> Fwiw, if you make it to the end of the article, you'll see that
> the Rolex spammers actually DID remove me from their lists.
> (Don't try this at home.)

But you can't say that! that's contrary to Slashdot Presumed Wisdom!.

Re:That's easy...

[baker_tony]

With suggestions like that you're a spammer, aren't you... go on, you can tell me, I won't tell anyone else :-)

Re:That's easy...

[codeconfused]

No...then bounce the hell out of them.....then they bounce the hell outta me....who wins????? nobody knows

Re:That's easy...

[nomadic]

Silly reporter, thinking the people here actually read the beginning of the article, let alone the end...

Re:That's easy...

[Alphi1]

I'm not so sure. As an experiment early this year, march I guess, I went through my entire junk mail folder in an attempt to get as much spam as I could. What the hell, hey, I'm getting several hundred messages a day and more can't hurt, and even if it trebled it'll help train my spam filter, right? I entered my email address in all the unsubscribe links I could find. I forgot about it for a while, and it wasn't until 2 months later I noticed an EXTREME drop in the number of spam emails. My last entire week of spam totals 51 emails. Curiously, not one of them contains an unsubscribe link. It's not down to "stopping spam" but it's a couple of orders of magnitude less. I never kept detailed stats on exactly when the drop off occurred, so I can't for sure say the unsubscribe links stopped it, but they certainly didn't add to it. This story has inspired me to test entering a brand new unguessable email address into unsubscribe forms online, to see what happens coming from the other direction. That's going to take effort to dig up email archives though. I just don't have any spam available WITH unsubscribe links any more.

I did something similar a little while ago... I've had my home e-mail address for many years (going back to when I was more naive than now, with my e-mail posted on web pages, newsgroups, and the like).

Because of all of that, I used to get a bunch of spam e-mails (I don't remember off the top of my head, but I thought it was around 90-120 a day.

I was very close to just closing the account and opening a new one (to get a fresh start), when I decided to try something.

I figured I'd try clicking all the unsubscribe links I could, all the while tracking (weekly) how many spam e-mails I was getting.

To make a good experiment, I kept statistics for a few weeks before I even started, and got my averages then.

Then I clicked the "unsubscribe" links every time I could find one in the spams coming to me.

I did that for about a month.

After that month, I *DID* notice a significant drop in spams (down about 50% on average), which was a pleasant surprise.

The bad thing, is that it was only temporary. After a few months passed, I was right back up to the original level.

So long story short - it seemed to help in the short-term, but long-term it didn't help. On the other hand, long-term didn't exactly hurt either (I'm still not getting MORE spam e-mails on that account than before I started my experiment).

Re:That's easy...

[sootman]

Testing is definitely a good idea, especially if you have complete control over the new address. If you're with an ISP that you can tell to let all mail pass, or if you run your own server, great. I've seen mail (hotmail in particular, but I have many accounts) go up and down, from 100s of spams per week to 10s and back to 100s, as the provider changes filters.

Re:That's easy...

[Tony+Hoyle]

You can't read the article it's paid subscription... unless someone has a link to more than the first couple of paragraphs.

Re:That's easy...

I did a similar thing. I have a brand new email account, that I set up for use when an "email" address was required. I used it 4 times, once for a newspaper sign up, twice for bit torrent trackers, and once for software registration.

This account was receiving over 75 junk emails per day. I decided to see if the unsubscribe links would help, so I went through a days worth of spam, and "unsubscribed". No change in the volume of spam at all. I get more now than I ever did.

I don't know who I hate more, the spammers, or the stupid asshats who actually BUY stuff from the spammers, giving them incentive to spam more.

If Bush wants some new civilians to bomb into next week, why can't he work down a list of known spammers? I would love to watch "shock and awe II", nothing says "take down notice" like a JDAM hitting your server farm, or home address. War crime, maybe, but who would really care?

Re:That's easy...

[bleeware]

I did the same experiment early last summer. After 6 months, the number of spam emails I get did not change. On the other hand, it does not hurt to use the unsubscribe links.

Some things I noticed:
o) a small percentage of spam emails have no unsubscribe link
o) many spam emails purporting to be from different companies have idential email removal pages. Me thinks spammers are using tool kits.
o) About 1/3 of the unsubscribe links don't work. Either the link is bogus or some error occurs when when the form is submitted.

Re:That's easy...

[macdaddy]

Well, I was going to give you a link to NANAS on Google Groups. Unfortunately I see that Google has seriously fucked up the newgroup archive. I can't even find NANA*. What the hell were they thinking? If anyone happens to know of a good newsgroup archive that includes all of NANA* please post it here. I'd even be willing to pay for the feature. I can't believe what Google did to Google Groups. What the hell were they thinking?!

Re:That's easy...

Try http://groups-beta.google.com

Re:That's easy...

[rjamestaylor]

So easy I'm wondering if this story had been queued in 1996 but only now is hitting the front page due to some latent y2k bug... BEWARE LATENT Y2K BUGS, PEOPLE!!

Re:That's easy...

[Beeman]

The trust of an unsubscribe feature is directly related to the legality of the method that was used to obtain the email address. I don't trust unsubscribe for addresses which I know were scraped off a web page. I have, however, had luck getting unsubscribed from the entire list peel.com "affiliates" after signing up for spam in a vain attempt to "win an xbox".

Re:That's easy...

I actually had a really badly screwed up hotmail account I wanted to fix. I kept unsubcribing for 2 or 3 weeks straight, kept getting new e-mail addresses for the same spam over and over, and kept either repying to them if they don't have a link or just using the unsubcribe.

May sound pathetic that I spent 10-20 minutes a day for 3 weeks doing it, but the account today has no spam. I guess it could be coincidence. I could always spam up some other account and then try to clean it up again, but I have no desire to spend that kind of time again.

Re:That's easy...

[lowrydr310]

How much extra time do you have? Opening every single spam and trying to 'unsubscribe' is a VERY tedious task.

Re:That's easy...

[number11]

You can't read the article it's paid subscription... unless someone has a link to more than the first couple of paragraphs.

You just have to click through about five pages of ads.. but there's no animation or sound or anything, so you can click NEXT as soon as the page loads.

Re:That's easy...

[naoursla]

The same thing happened to me a few months ago and I didn't unsubscribe to anything.

I credit the FBI and recent spamming busts.

Re:That's easy...

http://www.google.co.uk/ works... but for how long.

Re:That's easy...

[Alphi1]

How much extra time do you have? Opening every single spam and trying to 'unsubscribe' is a VERY tedious task.

I admit, at the time, I had the extra time to do it. However, bear in mind, I wasn't suggesting that anyone (including myself) actually *DO* this to combat spam... It was more of an experiment, to see what effect it would have - to see if it would reduce spam, or even increase it.

And it seems that it did reduce it short-term, but it gradually jumped back up to previous levels later

If anyone's interested, here's the numbers I had (I'm at home now, so I have access to where I saved the data):

Week-ending Spams Spams per day
8/28/2004 683 97.57142857
9/4/2004 535 76.42857143
9/11/2004 409 58.42857143
9/18/2004 280 40
9/25/2004 241 34.42857143
10/2/2004 246 35.14285714
10/9/2004 239 34.14285714
10/16/2004 344 49.14285714
10/23/2004 385 55
10/30/2004 406 58
11/6/2004 499 71.28571429
11/20/2004 567 81
11/27/2004 611 87.28571429

I take back part of what I said before. I guess I only sampled one week (8/28/04) before I started doing the unsubscribe, which I did from 8/29/04 through 9/25/04.

You can see by the numbers how there was a short-term effect, but it went back up to where it was before. And I've not even kept the statistics since the last one.

Re:That's easy...

Warms the cockles of every spammer stroking this thread.

Re:That's easy...

[covertbadger]

I read the whole article, then went and consulted my own voluminous spam directory. To my surprise, I noticed that Rolex spams abruptly stopped on November 10th, having previously arrived at a rate of ~15 a day since August. I didn't unsubscribe from anything, though. Somebody must have gotten themselves well and truly busted.

Re:That's easy...

[JuggleGeek]

I think he's just trolling. Spammers ignore laws, forge domain names, and lie in the subject field. They don't give a shit if you click unsubscribe or not.

Even if they did, to follow their unsubscribe costs a lot of time, as you pointed out, and makes you visit every website they want you to visit. Those sites could be trying to hack your system (windows users beware!), or they could simply be selling "pay per view" advertising on their site and trying to drive as much traffic to the site as possible.

But one thing they are *not* going to do is stop spamming you simply because you don't like spam. Spammers don't care. They already know that hardly anyone wants spam, yet they still spam. Anyone telling you that they follow opt out requests is a bald faced liar.

Re:That's easy...

[JuggleGeek]

The rolex spammers have been forging my domain name in their spam. If you expect me to believe that they forge headers, yet are honest enough to follow unsubscribes, then you are nuts.

Re:That's easy...

[JuggleGeek]

but there's no animation or sound or anything, so you can click NEXT as soon as the page loads.

Not true. I'm writing this as their stupid video plays.

Re:That's easy...

[number11]

Oops. Didn't for me. Maybe Firefox's popup killer or the collection of "don't go there" IPs in my firewall stopped it. It did seem a little too easy to be true.

Don't do it!

[sjrstory]

A reply confirms there is a live person behind the email address. And for those with a HTML-enabled email client, a cleverly placed (and sized, ie 1 pixel) embedded image to an external site with a unquie string keyed to your email address is yet another trick spammers have for confirming your address.

Re:Don't do it!

[patches]

That is another reason I like gmail... when you open an email in gmail they won't open external images unless you specifically ask to....

Re:Don't do it!

[NardofDoom]

Apple's Mail.app has a good feature that doesn't load messages in suspected spam unless you click a button. Quite handy. Not sure if it's in Thunderbird, though.

Re:Don't do it!

[Zorilla]

Since Outlook SP2 blocks images now, I'm wondering if spammers have found any other workarounds to finding ways to validate users through HTML, such as other embedded objects that Outlook has...*snicker*..overlooked.

Re:Don't do it!

[scooby111]

WHich just so happens to prove the submitter is wrong in his assumption that any geek would actually click the "Unsubscribe" link. Any geek that displays external images or clicks on such a link needs to have his head examined unless he or she actually wants more spam.

Re:Don't do it!

[Carrot007]

Ohh paranoia.

Look spammers are lazy. (otherwise maybe they'd get a real job)

Using unsub links to confirm or small images to confirm is like effort. Lazy people don't like effort. They are more likely to just get the list and use it untill they get a new list, ignoreing all removels and maybe using 1 pixel images to produce a web server report to show clients spam is read.

I'm not saying the things you say don;t happen just not as much as you seem to be indicating (ie less than 1% or the time probably lower).

Re:Don't do it!

[Misch]

Thunderbird has a similar feature. It's nice not having images load in e-mails unless I ask for them.

Re:Don't do it!

[Ewan]

Thunderbird has it yeah, it's pretty handy like you say.

Re:Don't do it!

[spac3manspiff]

Sometimes it signs you up for even more spam!

Re:Don't do it!

[WormholeFiend]

Some people say spammers don't clean up their lists of email addresses of the ones that bounce.

If this is true, then why would they bother with confirming that each address is "live"?

Re:Don't do it!

[spanielrage]

... which is why Thunderbird blocks images by default.

Re:Don't do it!

[Nerftoe]

Some people say spammers don't clean up their lists of email addresses of the ones that bounce.

If this is true, then why would they bother with confirming that each address is "live"?

I believe that a very small majority of spammers go through with the efforts of tracking their "spamees". What incentive do they have to clean up their e-mail lists? Why take a chance of eliminating any possible "spamees"? Do they really care if they send out 500,000 spams instead of 750,000 spams? Of course not.

Re:Don't do it!

[DigitalRaptor]

That may have been the case in the past, but it certainly isn't now.

In the past you would get a little spam from a lot of sources, now you get a ton of spam from just a few sources, and these sources are very good at what they do. It's their business.

Many of them have invested countless hours in custom tools to improve their profitability and the ease with which they spam.

There are exceptions to this, of course.

But as evidence that they are very proactive in grooming their lists, see the recent Slashdot story that turning off your mail server for just one day will get you removed from 90%+ of spam lists. That is a very fast response, and does not indicate laziness or complacency.

Re:Don't do it!

Last time I looked (maybe in the 0.8 days), there was a trivial way around the image blocking. Not sure if it's still there in 1.0 - will check later.

Re:Don't do it!

[famebait]

A reply confirms there is a live person behind the email address.

Yes, but a live address that isn't likely to respond well to spam. I find it remarkable that so many people love to try to look smart by repeating that old abiout unsubscribe just getting you more spam lists, while obviously noone has actually checked if it is the case.

Well, I have. At one point my spam bucket just became too big to check in any case (~200/day), so I thought "what the heck; let's see what happens".

I unsubscribed everything that worked for two days straight. Spam went down 50% over the next few days. Then started to slowly rise again, and after a couple of months was back on the curve that previous history would have predicted.

Interestingly, it seemed least effective for viagra and penis enlargement spam (which was also the class that often didn't even have a link), and almost 200% effective against porn spam (for the next two months, only one easily recognisable source kept bugging me).

So the idea that you will necessarily only increase your spam load by using the links does seem to be just a myth, and even the percetion that no spammers heed them.

Now, that doesn't mean I'm claiming the famous opt-out exploitation has never happened, that the majority of spammers will effect your unsubscribtion, that the effort is worth it, that unsubscribing is any sort of good alternative to a proper filter, or that spammers don't deserve to die in screaming agony in any case. Just reminding people that hearsay is hearsay, even if it sounds like the "expert" opinion.

Re:Don't do it!

[justinkim]

Eudora does this, too.

Re:Don't do it!

[lifeblender]

If you read the posts for the story about disabling your mail server, you'll see that that action was probably not what caused their slowdown in spam mail.

Re:Don't do it!

[artemis67]

Gmail also has a similar feature, although it's a little more aggressive than Apple's Mail. Mail will block images only on email suspected of being spam, Gmail seems to block it on all messages.

Re:Don't do it!

So do both Outlook and Outlook Express. You are not as fancy as you think, retard.

Re:Don't do it!

[Tezkah]

I have just sent a letter into my local paper, in a recent letter it appears one guy has been innundated with spam. Of course, we find out in the letter that he clicks on the "unsubscribe" links, and now has taken to sending a reply back to the spam address. I replied with a letter detailing how using the Mozilla products (Mozilla, Firefox/Thunderbird), can help you not only with spam on your end, but prevent the installation of programs that can cause your box to become a zombie, which can easily be used to send spam. Hopefully the message got through.

On a related note, does anyone know why they keep sending these CI1IAS` emails? I mean, do people actually order pills from people who can't even spell properly?

Re:Don't do it!

[homer_ca]

Some of us don't have a choice in mail clients at work. Until they upgraded to Outlook 2003, the only way to disable external images in Outlook was to disable images in Internet Explorer. At a time when Mozilla/Firefox were less mature and more sites were IE only, that was a major annoyance, although less of an annoyance than loading images from spam.

Re:Don't do it!

This might have been informative back in 1998. Now saying it just makes you look like a retarded butt whore. Nice going, idoit.

Re:Don't do it!

[Enrico+Pulatzo]

What's interesting that Mail.app only blocks images that require download. Embedded images (multi-part MIME) are shown.

Re:Don't do it!

[remosain]

Look spammers are lazy. (otherwise maybe they'd get a real job)

That's not entirely true. There is a lot of money going back and forth with this SPAM issue. This are not teenagers bored. Trust me, there is people putting money and a lot of energy into this.

Re:Don't do it!

[jacksonj04]

Actually, this doesn't bother me. I rely on always having one or two spams get through my filter in order to train it, for clicking the 'This Is Spam' button once a day is far easier than having to deal with lots of spam as tactics change.

Re:Don't do it!

[djeddiej]

Even Microsoft's Outlook 2003 does this too (when set correctly).

Re:Don't do it!

[DigitalRaptor]

In any event, you can't just assume that spammers are lazy and not good at what they do.

For almost all of the remaining spam, the source of that spam is a full time professional spammer that is very good at what they do.

Re:Don't do it!

[nocomment]

I use evolution and set it to no images.

Re:Don't do it!

[Fishstick]

Yahoo mail also has the option to block html/images from all mail, but then provides a link to 'show html images' (can't remember the last time I actually wanted to see anything other than text in an email)

Re:Don't do it!

[tomofdarknesss]

i have Apple's mail configured to block all images on incoming mail until I tell it to. it was like 2 clicks.

Re:Don't do it!

[fafalone]

GMail also does this, it's very nice.

Re:Don't do it!

[zerocool^]

Newsflash.

If you install Service Pack 2, Outlook Express does too.

Re:Don't do it!

[kesuki]

Some spammers create 'verified lists' of e-mail and sell them to to other spammers on a cd-r for like $40 or $50... So yeah some spammers go to great length to verify that someone is a. recieving said spam, and b. opening it to look at it. it's not to 'remove' names from mailing lists, but rather to 'add' them to a list of people who 'opened' the e-mail despite it's unlikely subject and sender..
Call it a sucker list. You opened the e-mail they're gonna send you 10x as many spams, because they beleive if they send you enough you're gonna click-thru... and if you won't click through, they can always inject code to hijack your browser and force ads to display through athe latest vulnerability in your web browser..

Re:Don't do it!

[havoc]

Actually they do. My company used to send out a news letter for a client of ours. It was an opt-out news letter that you were subscibed to when you ordered from their web site. I'm sure many people didn't even bother to read the opt-out information and would have considered the news letter spam. At any rate, at the bottom of every news letter we included a link to unsubscribe that worked. This not only made the consumer happy, it made the company happy because they didn't have to pay us for sending out emails that were unwanted, although we lost some revenue from it, (this wasn't our primary income and we were just doing it as a service for our client) it cut down on the load on our outgoing mail server (which serviced many of our other clients). So to wrap it up, unsubscribe links that work and removing bounced email addresses were in the best interest of all involved!

Re:Don't do it!

[twofidyKidd]

If enough spam filters could reliably bounce back spam as undeliverable, then the economics might eventually take it's toll on the spammers, and the ISPs that provide spamming tools. That, at least, might provide incentive for them to go away altogether.

Re:Don't do it!

[jafomatic]

I had read (on slashdot, I thought) that the "live" email address is worth much more than the "unconfirmed" address' value.

What a lot of slashdot readers seem to miss (or so it appears) is that the objective of spam is not just sales.

I've read articles --again, here on slashdot-- that contained commentary such as "I can't believe people are actually buying this v14gr4," and "how are spammers making money?"

The answer, which I think we all know, is to sell the improved list. The business appears to be not only sales of the v14gr4, but advertising (page impressions), as well as verified email addresses. If those addresses were confirmed to have opened spam and been shown an advertisement, a list of such addresses is worth a shitload more than a stack of "cold" leads. Even if no one buys the "v14gr4" the website can still sell advertising to someone else, such as a pr0n site, and that entity is a lot more likely to get joe-just-been-spammed's business.

...provided that Joe can still jerk one off without this "h3rb41 v14gr4."

Re:Don't do it!

[tomhudson]

Also, why bother cleaning up their lists when it means that they are reducing the number of email addies they're selling the rubes who buy their spam services?

If you're a spammer, which list are you more interested - the one with 100,000,000 addies, or the one with 20,000,000 addies?

Re:Don't do it!

[DJStealth]

Outlook doesn't load any images unless its from a 'safe sender', or you explicitly tell it to view images on the page.

Re:Don't do it!

[MalaclypseTheYounger]

Who DOESN'T do this?

Yahoo mail does this, Gmail does this, HotMail does this...

Newsflash indeed. (I hope you were being sarcastic).

Re:Don't do it!

[C0vardeAn0nim0]

the full mozilla suite has an option to not only block external images in messages, but to also sanitize _ALL_ html messages, displaying them as plain text. defeats all web bugs and iframes embeded in spam messages. some of them display as empty messages.

open mozilla's mail and select View/Message Body As. you have 3 options. "original html" (all web bugs and iframes. java script still disabled), "simple html" (disarms and defangs most bugs and tricks while keeping some formating) and "plain text" (only links are kept. formating is hosed but all bugs and images are cleaned).

"plain text" is a nice option if you're paranoid. but in this case you're probably using mutt or pine anyway, so why boter ?

Re:Don't do it!

[PhilHibbs]

Outlook 2003 does this as well - I hate every other new feature, but that one is good. If you forward the message, though, it downloads the images anyway. D'oh!

Re:Don't do it!

[kaustik]

Microsoft Outlook 2003 also has this feature. External images are not loaded until you specifically tell it to. I would expect this in any modern mail application.

Re:Don't do it!

[rednip]

...So the idea that you will necessarily only increase your spam load by using the links does seem to be just a myth, and even the percetion that no spammers heed them.

I am sure that you know much more than the U.S. Computer Emergency Readiness Team (US-CERT), which makes that warning quoted in the article.

Yes, but a live address that isn't likely to respond well to spam.

A typical spam operation lives on a response rate of something like .01% (That's one in 10,000). They know that most of the time, their message is never even seen or considered. Those who has taken the time to complete an unsubsribe link shows them that they have considered the spam offering and decided against it. "So, they don't want a new Morgage, but perhaps they will like what I am offering next month....". To a spammer, bandwidth is generally cheap, but anything they can do to increase eye balls is considered important. Perhaps the spammers are holding off for a week or two, but I am sure that your address is being sold. One thing that I noticed years ago was that when I started to get the "buy this bulk email list" spams, my total spams increased a couple of days later. I tried the unsubsribe links several years ago, my spam showed a marked increase (like double). That account, which I haven't regularly used in more that 2 years, still gets more than 50 spams a day.

Re:Don't do it!

[amuro98]

You should at least give customers the option of receiving your newsletter or not at the time of purchase. You could even have the option checked by default (which some find a bit scummy - but I'm OK with it - so long as I can UN-check it.)

You should also point out in the newsletter that the reason people are getting it is because they did business with your website, foo.com (or whatever).

Otherwise, yes, I would probably nail the newsletter as spam - ESPECIALLY if you insist on using spammer lingo like "opt-out".

Re:Don't do it!

[erlenic]

when set correctly

You mean when set to the defaults?

Re:Don't do it!

"(for the next two months, only one easily recognisable source kept bugging me)"

Your subscription? :-)

Re:Don't do it!

[__aawavt7683]

I hope you don't mean to imply that _only_ windows XP SP2 has this:

HKEY_CURRENT_USER\Identities\<GUID>\Software\Mic ro soft\Outlook Express\5.0\Read in Plain Text Only = dword, 0x1.

That's a little key I found one day while browsing the registry... outlook express version 6.00.2800.1123, windows 2k SP4. It has the effect of removing image displays (spam comes up as a lot of ugly, random characters most of the time, often text saying "click here if you can't see the image," etc). It may work with other versions, but I can't say.

Oddly, I don't believe I've found a way to turn off HTML (backgrounds and such in e-mails, ugly font colors, etc) in Thunderbird.

-DrkShadow

Re:Don't do it!

If you install Service Pack 2, Outlook Express does too.

The freedom to innovate! ;)

Re:Don't do it!

[jaeson]

a cleverly placed (and sized, ie 1 pixel) embedded image to an external site with a unquie string keyed to your email address is yet another trick spammers have for confirming your address

Actually, the image doesn't have to be transparent or small. they can use any image from the HTML to perform such tracking.

Re:Don't do it!

[jez9999]

I haven't installed SP2, but still use OE. Try Tools | Options | Read | Read all messages in plain text.

Re:Don't do it!

[MilenCent]

Also, neither does Gmail, which disables image display by default.

Gmail, by the way, has a really sharp spam filter, I I've gotten less than one spam message a week on my normal account for months now. It (probably) works because it can use Baynesian filtering where the imputs are the spam reports of tens of thousands of users.

Re:Don't do it!

[gulfan]

Oh your nothing but a Microsoft supporter, you probally posted this from Microsoft too!

What's that? Your IP is tide76.microsoft.com?

Yeah, I thought so - Another Microsoft employee.

Re:Don't do it!

[eneville]

Wake up!!! HTML email is EVIL http://www.georgedillon.com/web/html_email_is_evil .shtml

Re:Don't do it!

[Ctrl-Z]

One of my pet peeves of this feature is that you can't reply to a message with images in it without first loading the images. Sure, I guess that stops most of these attacks, but it is kind of annoying nonetheless.

Re:Don't do it!

[UranusReallyHertz]

Large webmail providers like gmail are in a unique position to detect spam. Simply analyse all the mails coming in to all the mailboxes and if an identical or nearly identical message is being sent to thousands of inboxes it gonna be spam.

Re:Don't do it!

"Apple's Mail.app has a good feature that doesn't load [messages|images?] in suspected spam unless you click a button. Quite handy."

You say that as if it's not an absolutely necessary feature in any email client. Next thing you know, we'll be hearing about these neat browsers that don't run arbitrary code supplied by the network...

Re:Don't do it!

[g-doo]

Hotmail also has this feature now, I've noticed.

Re:Don't do it!

[_Sprocket_]

Yes, but a live address that isn't likely to respond well to spam. I find it remarkable that so many people love to try to look smart by repeating that old abiout unsubscribe just getting you more spam lists, while obviously noone has actually checked if it is the case.

A friend of mine worked for a spammer. The outfit wasn't as shady as these guys - they did sell legitimate products, as far as that goes. But they purchased email databases and didn't use any opt-in verification.

My friend was hired to manage their email. When he started working there, they ignored opt-out requests. But since they were trying to be "legitimate" one of his first tasks was set up a simple system to begin scrubbing their contacts database and removing opt-out addresses; much to the Sales' disgust. Then he started going through the database and picking up hits on inappropriate "root@" and "abuse@" type addresses. These did the company no good and were very, very unlikely to generate anything other than hassle for the company. Yet Sales fought the scrubbing of those addresses. To them, each address was worth $.15 no matter how legitimate it may or may not be.

These guys operate with a shotgun mentality (or maybe closer to fishing-with-dynamite). They don't understand what they're playing with. Nor do they really care if any particular aspect of what they do is legitimate. All they want is big numbers in hopes that it generates a sufficiently large enough, yet much smaller number of returns.

Re:Don't do it!

[droleary]

Well, I have. At one point my spam bucket just became too big to check in any case (~200/day), so I thought "what the heck; let's see what happens".

This is where your little experiment went wrong. You used an address that was already on all the spammers' lists. You saw a drop when they shifted from one temporary domain to another (brand new domain == brand new unsubscribe necessary, according to spammer logic), but you never left their master lists and you were never added to any new ones. I suggest trying again with a fresh address that has only just begun to receive spam.

I unsubscribed everything that worked for two days straight. Spam went down 50% over the next few days. Then started to slowly rise again, and after a couple of months was back on the curve that previous history would have predicted.

And that is the point (or pointlessness) of the issue with unsubscribe links. Whether or not you see a big jump after using one isn't really significant. What matters is that you never stop getting spam. Its volumes is always increasing; and there is no solution worth trying unless it permanently reduces the spew.

Re:Don't do it!

[jonbrewer]

for those with a HTML-enabled email client, a cleverly placed (and sized, ie 1 pixel) embedded image to an external site with a unquie string keyed to your email address is yet another trick spammers have for confirming your address.

One of the more important reasons for not having preview-pane turned on in Outlook - if it looks wrong, delete it without opening it. Even with script execution turned off (preventing Javascript exploits), HTML email is a blessing and a curse. Handy to get it from vendors, lousy to get it from spammers.

Re:Don't do it!

only an idiot that voted for Kerry would actually believe your nonsense

Re:Don't do it!

[Fraser+Cain]

I'll second that. I've had several email addresses published on the web for about 6 years now, and I just started using Gmail as my only mail interface. It handles all of my SPAM beautifully, properly classifying about 30 messages an hour as junk, and leaving me the correct email.

Re:Don't do it!

[MilenCent]

That's interesting, because Hotmail has had, for a long time, a really crappy filter. They just never had ZE WILL to improve it, I suppose.

In other words, hooray for competition!

Re:Don't do it!

[Reziac]

Probably indicates a good script for "dump this dead address outta the database, which is worth more when it has a max percentage of confirmed live addresses".

Re:Don't do it!

[haruchai]

It couldn't be easier: View > Message Body as > ( choose from ) Original HTML | Simple HTML | Plain text

Re:Don't do it!

[amuro98]

Bounce it...where?

Over 99% of all spam uses forged headers, and has for many many years. Bouncing to the reply-to or from headers will either send the spam to another non-existant mailbox, or worse still, spammers will start sticking the email addresses of people they don't like in there, so that they get a nice DDOS style email bomb (boom) I've already had idiots do this to me. Over 3 days, I got over 5000 bounces, angry messages, viruses, and lots of "remove requests" (what was that about remove requests working again?)

Furthermore, since most spam is sent through zombie'd or otherwise misconfigured machines that act as proxies, the spammer doesn't know - and doesn't care! - which addresses bounce or why.

Re:Don't do it!

Agreed, and it's far superior to my Hotmail spam filter too.

Oh look, yet another thing you're behind in Microsoft!

Re:Don't do it!

[g-doo]

Oh, and so does Yahoo! Mail.

Re:Don't do it!

[puppet10]

They were too busy trying to transition it away from apache servers to IIS to bother with minor details like making the service good from an end user perspective.

Re:Don't do it!

When I worked for a spammer, we guaranteed at least a 2% image load rate (which we probably described as a mail read rate to suck^H^H^H^Hcustomers). In other words, we got 2% as many image requests in our logs as we sent out emails. Note that simply previewing the message long enough to delete it in Outlook Express would generate the image request. Note that sometimes we came up short on even that pathetic a stat and would have to send out more emails to get the response rate (the new emails didn't get added to the denominator when calculating the rate; we'd just send an extra few million emails).

When we didn't have any customers, we'd send out our own emails. To the best of my knowledge, we had exactly *one* sale during the months that I was there. Now, we weren't sending those emails all the time, but we still must have sent at least ten million emails out (I'm thinking that it was probably in the twenty to fifty million range). One sale.

Re:Don't do it!

Oh well, great! That'll work for the millions who haven't upgraded to XP!

Re:Don't do it!

[elemental23]

Not if you disable HTML rendering entirely. This MacOSXHints.com article has instructions on how to do so. It forces Mail to show the plain text part of multipart messages by default. You can still view the HTML part via a menu option. Works like a charm.

Re:Don't do it!

[eric_brissette]

Thunderbird has this feature as well.

Re:Don't do it!

[evalencia1]

Outlook 2003 blocks images in received email, but when you forward the message, it then decides that it just *has* to download the image before you can forward it. Yet another case of good, but not good enough.

Re:Don't do it!

[Geoffreyerffoeg]

Yahoo! Mail, too.

Although I wish it would just block images below, say, 10x10, or just for messages that are almost possibly spam (but not enough to be filtered). It's really annoying to have some newsletter in graphic form display as a big gray rectangle with unsubscribe and copyright info below it.

Re:Don't do it!

[St.+Arbirix]

Gmail, by the way, has a really sharp spam filter...

Watch out for that though. Gmail has detected several false postives for me in the last week. It's especially annoying when they're from sellers on eBay. I also get an email from a word-a-day type site that occasionally gets enspammed.

Re:Don't do it!

[adpowers]

Gmail's spam filter is a lot better at filtering out spam than when I first got it (back in the middle of May). I posted my address lots of places and now I get 10+ spams per day. Almost none of them reach my account anymore. However, there are lots of false positives.

Maybe I think it is high in false positives because I get so many e-mails... hundreds per day. I subscribed to the Linux Kernel list and some other high traffic lists to try and fill up my account (54%!). Most false positives come from this or the python mailing list, but almost nothing else. I guess it is pretty good then. I'll see once I fill up my Gmail account, unsubscribe from the lists, and delete all the old messages. Actually, now that I think about it, the spam filtering is a orders of magnitudes better now. Wonder what kind of system they have. They have so much hardware they can use pretty much whatever algorithm they want :).

Andrew

Re:Don't do it!

[MilenCent]

I do check my spam folder for false positives, and occaisionally they do happen. But they've gotten very rare, for me, as of late.

Re:Don't do it!

[famebait]

This is where your little experiment went wrong. You used an address that was already on all the spammers' lists.

That's actually a good point, and it even relates to the experience I recounted. A rare thing indeed in this thread.

What matters is that you never stop getting spam. Its volumes is always increasing; and there is no solution worth trying unless it permanently reduces the spew

I didn't say it was worth it. I more or less specifically said it was not. I just wanted to point out that the much-publicised jump in spam didn't happen. But yeah, it could well be that with a fresher account the effect would be significant.

Re:Don't do it!

[JuggleGeek]

Outlooks Express is in second place only to Internet Explorer in adding security holes to your windows system. Why people use it, I have no idea.

Re:Don't do it!

[JuggleGeek]

Sorry, but that's not correct.

There are two basic ways that spam gets bounced. In one method, they try to connect to your mail server, and they can't connect at all. That could be because your mail server is down, your IP address has changed and DNS hasn't propogated out, or because you've got them in a IP block list. In those cases, the sending machine knows right away that it was not able to send the mail. A well behaived mailer will wait, and try again later, usually several times over several days, before it actually gives up.

The other way is that the receiving mail server accepts the mail, but after receiving it, find that it can't deliver the mail. It then generates a bounce message. For a spam filter to send a bounce message, the mail server has to accept that mail, and pass it on to the spam filter. Once that has happened, the spammer is gone.

Bounce messages don't necessarily go to spammers, because spammers usually forge the headers in the spam they send. I get bounced spam to my domain quite often because the spammers forge my domain.

When spam filters send bounces, they aren't affecting the spammer, they are simply sending a bunch of crap to someone like me, who had nothing to do with the spam.

Re:Don't do it!

[JuggleGeek]

Yes, but a live address that isn't likely to respond well to spam. I find it remarkable that so many people love to try to look smart by repeating that old abiout unsubscribe just getting you more spam lists, while obviously noone has actually checked if it is the case.

You, sir, are a liar.

It's been tried, it's been tested. I did it myself - but I'm far from the only one. I used a previously unused address, and plugged it into a number of unsubsribe links. It started getting spam.

I also used "spamcomplaint@example.com" (using my domain, of course) to send spam complaints for awhile. (I rarely bother any more - too many spams, not enough time to file complaints.) I now get spam to the spamcomplaint@ address, due to ISP's forwarding complaints to their spammers and spammers harvesting addresses from there.

Claiming it's untested is an outright lie. Claiming that spammers remove your address, and don't sell it to others, is an outright lie. I'm sure there are a few that do - but the bottom line is that honest people aren't in the spam business, and spammers will do anything they can to collect addresses. I'm sure they sort out "known good" addresses from the rest, that many of them try to put on a pretense of following the law by temporarily unsubscribing addresses (until they switch domains and start over), but they aren't going to stop spamming you just because you ask. They already know that people don't want spam.

Re:Don't do it!

[JuggleGeek]

On a related note, does anyone know why they keep sending these CI1IAS` emails? I mean, do people actually order pills from people who can't even spell properly?

They do it to get through spam filters. Obviously, if they spelled it correctly, spam filters would soon dump everything with cialis or viagra in the subject line.

I assume some asswipes do buy from them. I've always been amazed that spammers can lie in the header (forging other peoples domains, kludging Received From headers, and obvious to anyone, putting unrelated stuff in the subject line) and yet people still buy from them. I can't imagine sending a check or (worse) my credit card info to someone when the only thing I know about them is that they were dishonest when they first contacted me. But apparently many idiots do just that.

Re:Don't do it!

[twofidyKidd]

yeah ok whatever, you're the third fucker to come on here and tell me I'm wrong.

Re:Don't do it!

[JuggleGeek]

That's probably because you are wrong.

You are advocating something that will not work, and which will harass innocent people. And you are cussing at people for telling you that it doesn't work. You probably won't understand this, as I'm saying it nicely instead of cussing at you. So here you go - in your own language.

You fucking idiot. You're a pissant shit-for-brains asswipe. You have no fucking clue about what you are talking about, and you are pissed off because everybody but you knows it. Now get the fuck out of my face.

Fucker.

Re:Don't do it!

[twofidyKidd]

whatever.

Re:Don't do it!

[Thundersnatch]

Even Microsoft has this feature. Outlook 2003 doesn't load any external images by default, and neither does the latest version of Outlook Express (in Win XP SP2).

How many people...

[idobi]

expect the unsubscribe link to work?

Re:How many people...

[WIAKywbfatw]

Enough that spammers know that they can use them to further build their databases.

Re:How many people...

[millahtime]

expect the unsubscribe link to work?

Many people do. Most people are not tech savvy. My parents, aunts, uncles, cousins, sisters would expect them to work. Most people are none the wiser still and that is who it works on.

Re:How many people...

I didn't... then I tried it.

I went from 100-150 spam emails a day, to perhaps 5.

(identity hidden cos there's always assholes who'll be contrary turds and try adding me to spam lists just for saying that)

Re:How many people...

[krgallagher]

"expect the unsubscribe link to work?"

It really depends. If it is a legitimate company, I expect unsubscribe to work. Since I do a lot of E-commerce, I end up on a lot of email lists. Unsubscribe has always worked on them. But we are talking about spam here. I don't even read spam. I delete it unopened.

I use Yahoo for mail and most of it gets filtered before I even see is. I delete my bulk email without looking and I delete anything from an unknown user without opening. The only way a spammer will reach me is by spoofing some email address like "customerservice@sony.com" and even then I am cautious about opening it

Re:How many people...

[WIAKywbfatw]

1. You unscribe to spam from Spammer A.
2. Spammer A stops spamming you.
3. Spammer A then sells his list to Spammers B, C, D, etc.
4. Mail from Spammers B, C, D, etc start hitting your inbox.
5. Eventually, Spammer A reacquires your name from a list he's bought.

Etc, etc.

Never tell the spammers your account is genuine. Better that they think it's either non-existant or dormant. They have less of an incentive spamming accounts that they believe to be dead than they do one which they know to be actively in use.

Re:How many people...

[nomadic]

Never tell the spammers your account is genuine. Better that they think it's either non-existant or dormant. They have less of an incentive spamming accounts that they believe to be dead than they do one which they know to be actively in use.

But he explicitly said unsubscribing reduced his spam rate exponentially.

Re:How many people...

[iB1]

How do you define a "legitimate" company?

Re:How many people...

[Jussi+K.+Kojootti]

Now without unsubscribing the list would look like:
1. do not unsubscribe.
2. spammer A continues to spam.
3. Spammer A sells his list to Spammers B, C, D, etc.
4. Mail from Spammers B, C, D, etc start hitting your inbox.

How is it different?

No, I don't use the unsubscribe links either, but I don't believe the spammers really care wether you read your email or not. I mean, why not sell your address anyway, even though you haven't confirmed your existence?

Re:How many people...

[WIAKywbfatw]

For now. There's plenty of evidence that the opposite has been true in the long term.

Re:How many people...

*Shrug*. That's what I thought would happen, but ever curious me had to try it for real. Nothing like testing the real world to find out how the real world works, and 12 months now without spam at problem levels means they mustn't be selling the list with my name on it very quickly.

Or maybe some of them really do honor unsubbing requests.

Re:How many people...

[WIAKywbfatw]

Well according to their advertising blurb (ironically, via spam most of the time), spammers usually sell live email addresses. And, if nothing else, I'm sure that a list of live, verified email addresses is worth more than one of random ones. Ie, verifying an email address commands a price premium when selling lists.

Re:How many people...

[tomhudson]

How do you define a "legitimate" company?

... one whose corporate parents are married, I guess :-) Seriously - legitimate emails don't

1. ... try to enlarge my dick
2. ... ask me to enter personal info to "confirm my account
3. ... have the response going to a different domain that the rest of the email is pulled from (images from ebay.com, response sent to ebay.cc or bdficdszxd@hotmail.com)
4. ... ask for my help in laundering astronomical sums of money
5. ... offer me Microsoft software at a discount when I'm not even running Windows

As for the pr0n, I'll forward it to a more useful slashdot account here

Re:How many people...

why not sell your address anyway, even though you haven't confirmed your existence?

If spammers will pay for unconfirmed email addresses, what's to stop me from writing a script that generates 10 million random addresses and selling it?

Re:How many people...

"If spammers will pay for unconfirmed email addresses, what's to stop me from writing a script that generates 10 million random addresses and selling it?"

Absolutely nothing.

I worked for a spammer. I saw the lists. They were shit. I mean literal shit. We bought 50,000 email addresses that supposedly had opted in to receive email about some subject. We got 50,000 emails sliced out of the middle of their big list. This included addresses like

m@example.com
m_____@example.com
maaaaa@exampl e.com

and so on. It was pathetic.

Firefox?

[Folmer]

I had to fire up Internet Explorer to read the article, as the ads didnt work in firefox :( ...

Re:Firefox?

[krgallagher]

" I had to fire up Internet Explorer to read the article, as the ads didnt work in firefox"

They worked perfectly for me. Maybe you nee to update or add plugins.

Re:Firefox?

[pa3gvr]

My Firefox doesn't have any problems.......
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Re:Firefox?

[fastfinge]

I had to not read the article, as the ads required cookies. I refuse to visit websites that require cookies, slashdot is the only one that gets a cookie because it's unavoidable and if thousands of geeks everywhere are taking cookies from slashdot it must be safe. I wish people would just learn about session handling and get rid of the internet crapflood of cookies. I really, really, really, really hate those things.

Re:Firefox?

[Zwaxy]

I don't see the ad at all in Firefox because I have the 'adblock' plugin automatically hiding anything with /ads/ in the URL.

Unfortunately as a result I've been unable to read the article.

Fortunately this is slashdot where not reading the article is the norm.

Unsubscribe?

[reezle]

And this somes as a suprise to WHO?

Re:Unsubscribe?

[ClownsScareMe]

Now, I don't see what the World Health Organization has to do with spam...

Re:Unsubscribe?

[Tx]

Lots of less-clued-up people, unfortunately. I tried to explain this to a couple of secretaries at my last job, but despite the fact that their efforts to unsubscribe from spam lists had zero, if not a negative, effect on the quantity of spam they were getting, they still didn't believe me. Some people are just born suckers.

Re:Unsubscribe?

[yivi]

Now, I don't see what the World Health Organization has to do with spam...

You obviously haven't tried to eat the damn thing.

Re:Unsubscribe?

[tomhudson]

1. ... couple of secretaries ...
2. ... just born suckers.
3. PROFIT !

Quick - there must be a gazillion people out there who want their email addies.

... or did you mean they were just gullible?

Re:Unsubscribe?

That's "Comes", "suRprise", and "whoM", you fucking cock fag. You only managed to spell "and", "this", "as", "a", and "to" correctly. Way to go, asshole!

MIT Spam Conference

[JohnGrahamCumming]

And if you like what you read you can come and hear the author speak at the MIT Spam Conference on January 21.

John.

BIG NEWS!!

[evilmeow]

THIS JUST HIT THE CABLE!!! Breaking headline! Spammers are dishonest! (first post)

It's not only spammers..

[erikkemperman]

..But the big corps too. Coincidentally, I tried to remove myself from the iTunes list (which I had accidentally enlisted for when downloading QT) only the find that the unsubscribe-URL "contained no data". Hmm. Double hmm.

Re:It's not only spammers..

That sounds more like the usual WebObjects bugs...

Re:It's not only spammers..

[fimbulvetr]

Using a unreliable language on top of a P.O.S. application server is still just as negligent as not respecting an unsubscribe request.

Re:It's not only spammers..

Works fine for me. Maybe you should try some browser other than lynx? Dork.

Re:It's not only spammers..

Am I the only person smart enough to put support@microsoft.com into that field instead of my actual e-mail address?

Re:It's not only spammers..

[LoudMusic]

..But the big corps too. Coincidentally, I tried to remove myself from the iTunes list (which I had accidentally enlisted for when downloading QT) only the find that the unsubscribe-URL "contained no data". Hmm. Double hmm.

That's shitty business. But for those of you unaware, you don't have to give them any info at all to download the software just unclick the subscription boxes and download away.

Or if you insist on putting something in there, I've found that steve.jobs@apple.com works well.

Re:It's not only spammers..

Are you familiar with CAN-SPAM?

There are legal obligations. Something like iTunes will probably toe the line because they can't afford to be sued. The marketing messages from them should have their real-world address. Unsubscribe should be available for 10 days after each mailing. iTunes is a large well-known corporate entity, not some fly-by-the-night spammer in Korea is impervious to you.

Re:It's not only spammers..

[DrewCapu]

Had to be said...

Looks like you were a victim of iCANSPAM

Re:It's not only spammers..

[hackstraw]

..But the big corps too. Coincidentally, I tried to remove myself from the iTunes list (which I had accidentally enlisted for when downloading QT) only the find that the unsubscribe-URL "contained no data". Hmm. Double hmm.

I look at the whois data and if the company is in the US, I look up their real phone number and call them -- repeatedly until the emails stop, with more emotion and feeling with each call.

Sometimes these people actually try to get annoyed with me, and I remind them that they annoyed me first.

Re:It's not only spammers..

[Spoing]

1. Sometimes these people actually try to get annoyed with me, and I remind them that they annoyed me first.

I tried the same with Staples. (OK, maybe I should have gotten more angry and acted less like Mr. Reasonable Phone Voice Guy. They always said 'sure, no problem' and after 30 days the next monthly spam went out. The company handling it for them was Doubleclick's email arm, btw.

This went on for 9+ months -- always to a single obscure email account -- with me at first giving them the benifit of the doubt before actually calling them. I now blacklist them and discard any mail from a *staples.com domain or to that account. That was the last time I gave any corporation the benifit of the doubt on UCE.

Re:It's not only spammers..

[Reziac]

AFAICT "document contains no data" relies on an interaction between a browser bug and a server bug. I don't know it as "the webObjects bug", but I do know that Novell issued a patch for Netware 4, exactly because of such an issue. Solaris 9 and one particular webserver (I forget which) also triggers it.

Re:It's not only spammers..

[Phroggy]

..But the big corps too. Coincidentally, I tried to remove myself from the iTunes list (which I had accidentally enlisted for when downloading QT) only the find that the unsubscribe-URL "contained no data". Hmm. Double hmm.

I have occasionally seen this error when trying to load other pages. It's some sort of technical glitch - I'm not sure if it's a bug in the web server, the CGI they're running, my proxy server, something weird in the TCP connection between here and there, or what, but I don't think I've ever seen the error repeated when I click Reload.

I've never had a problem with a legitimate company not removing me from a mailing list upon request, signing me up for another list when I've done so, or selling my e-mail address to spammers. Try unsubscribing again; I'd be surprised if you have any trouble.

Re:It's not only spammers..

[standards]

Coincidentally, I tried to remove myself from the iTunes list (which I had accidentally enlisted for when downloading QT) only the find that the unsubscribe-URL "contained no data". Hmm. Double hmm.

That happened to my mom too. But then I noticed that her modem was inadvertantly disconnected from AOL. No carrier.

Re:It's not only spammers..

[WhatAmIDoingHere]

Do you ever feel silly for saying this?

Re:It's not only spammers..

[LoudMusic]

Do you ever feel silly for saying this?

Do you ever feel silly for digging up comments over three years old?

Actually I didn't even realize that was mine until I finished reading it. Wow. Well they made a lot of changes from three years ago. It's actually something cool now even if it took three years to get there. Also, I believe they were $400 and $500 back in the day, where you can now get one 100x better for half the price. But yeah, I guess I should feel a bit silly about it. Products do develope over time. I just thought Apple would have canned it before it got anywhere.

I still think the larger ones are stupid. First of all no one needs 20GB of music to carry around. You can't listen to 5% of that before it's time to recharge the battery - during which time you could sync to a new set of music. And even though it's incredibly small and lightweight for what it does, it's not small enough or light enough to be worth the money. The Mini iPod however is freaking awesome. I could go for cooler design and maybe black (:

When is Apple going to make a new PDA? Or how about a tablet PC? The latest iMac could be engineered to a tablet so easily! And I still think Apple is the one that will make the best tablet computers - their laptops rock and their 'presentation' (for lack of better term) is pretty dang good. They just need to partner with a TFT touch screen manufacturer and develope a hellatious product.

unsubscribe confirms your address

Using the link will

a. confirm your address
b. be ignored / or removed from that 'particular' offer list
c. added to 100s of other lists

unsubscribe is a bit fuzzy

spammer may unsubscibe you from one list, company or offer while adding you to many others

Re:unsubscribe confirms your address

You just need to be smart about it. If you're getting spammed from some random email address which is obviously faked or forged, then DUH you don't use the unsubscribe.

If it's major respectable company they always remove you from unsubscribe properly, (except for ACDsystems they can fucking choke).

The company I work for sends out targeted spam on a monthly basis. We use and monitor an unsubscribe email address. Marketing used to be lax about it until I limited them to sending to more than 5 people for a month. Occasionally I get an email from spamcop.net saying we spammed then and I ask, well did you try the unsubscribe? They always say no.

I realize it can be easy to mark everything as spam but damn sometimes you do need to research because the legit companies get screwed. :)

Re:unsubscribe confirms your address

[Grand]

a. confirm your address

Wouldnt they be able to confirm an address by not getting a bounce back?

Re:unsubscribe confirms your address

[Tony+Hoyle]

Not really... my honepot gets all the random email addresses that get sent to me, and some of them are quite bizarre (and definately not likely to be valid.. things like domain registration ids).

I deliberately accept everything to piss them off... my filters are good enough that next to nothing gets past them anyway.

Re:unsubscribe confirms your address

[Orne]

I had always heard that it operated more or less like what happens when you told phone callers to take you off their contact lists. In effect, you are removed from that company's list (for future contact), but are then added to a second list of validated names. The second list is then sold to other companies for fun and profit.

another waste of money

[azmatsci]

"um....duh" was the first thing I thought. It's like doing a study on why people have sex.

Re:another waste of money

[grub]

It's like doing a study on why people have sex.

Or a study on why over 3/4 of a million /.ers don't.

Re:another waste of money

It's like doing a study on why people have sex

To procreate, right?

Re:another waste of money

[fimbulvetr]

Damn! I've been having sex all this time because I thought I could live longer.

Re:another waste of money

What does marriage have to do with sex?

Re:another waste of money

I'm not married...so what do you call what i'm having with a female most every other day?

For a couple weeks...

[lordbry]

Usually I go through periodically and unsubcribe the ones I can. The volume then goes down for a couple weeks, so it is worth it.

Often, however, the unsubscribe links don't even display a page, much less get me unsubscribed. Porn spam is actually one that I have noticed DOES work more often. I started getting porn spam at work, and being one of the network admins, told the other guys that I would be going to porn spam site to unsubscribe, and they actually worked. That was 1 1/2 months ago, no more porn spam.

Re:For a couple weeks...

Riiight, going to pron sites just to unsubscribe, honest.

Re:For a couple weeks...

[lordbry]

Hey, I only said that THAT time was to unsubscribe... :)

Unsubscribe Considered Harmful

"And, surprise, surprise, the spammers usually ignore the unsubscribe requests."
Hitting the unsubscribe just *confirms* that the mail address is valid and you actualy *viewed* the spam email. This sets you up as a more valuable target.

Surprised? No

From what I have always believed, many spammers not only disregard such removal requests, but use this link to instead verify an e-mail address. So clicking on such links only results in more spam, not less.

Plus, by clicking on the link, you probably just made the platinum edition CD of resellable e-mail addresses...an honour, I'm sure...

Anti-Spam Laws?

[FortKnox]

Doesn't that violate some states anti-spam laws? I thought one of the points is to make a way for people to remove themselves from the list in a way such as this...

Re:Anti-Spam Laws?

[TrollBridge]

Sure it might take you off of that particular list, but who's to say how many other lists it put you on? And AFAIK (and IANAL) that isn't illegal.

Re:Anti-Spam Laws?

[vagabond_gr]

I suppose that providing a non-working unsubscribe link does violate anti-spam laws, indeed.

The real problem, however, is that such laws allow someone to add you to a list without asking. So maybe unsubscribing a user when he clicks the link and then subscribing him to 10 other lists, all of them with unsubscribe links, is still legal!

Re:Anti-Spam Laws?

[Zorilla]

You must be new....uh....to spam :)

Re:Anti-Spam Laws?

[Enigma_Man]

They probably would say in court that their opt-out server just happened to be down due to misfortune. A broken link "proves" that you tried.

-Jesse

Re:Anti-Spam Laws?

[krgallagher]

" Doesn't that violate some states anti-spam laws?"

Yes, it violates Federal law. This is from the article:
"Bulk e-mailers are required to honor list-removal requests under the U.S. CAN-SPAM law. But still it's common knowledge that clicking an unsubscribe link or handing over your e-mail address on a junk e-mailer's remove page is insane. The U.S. Computer Emergency Readiness Team (US-CERT) warns that unsubscribe links are "often just a method for collecting valid addresses that are then sent other spam." The FTC has sent warning letters to at least 77 marketers for their failure to honor unsubscribe requests."

very smart

[R.D.Olivaw]

riiiiiiiiiiiiight..... and next time someone steals your wallet, send them a polite letter asking them not to use the cards and return it immediately :)

does it even matter?

[hsmith]

no, they now have the images link back to the server to confirm your email address. it is all worthless.

until they come up with a real solution, we won't have much to fight it.

Re:does it even matter?

[fuyu-no-neko]

AFAIK, all decent email clients have an option to not load images when you open an email. Once you've decided that the email is from a sender that you're happy with, you just need to click a button to load the images.
I know that this option is set by default on both my Evolution and Thunderbird installs.

Re:does it even matter?

[fimbulvetr]

Now have? Have you been paying attention? I remember using similiar methods in 1999. "Now have" is a huge understatement.

Its educational

Who'd want to unsubscribe from the spam anyway? Its like getting free literature in the mail!

We sell software as the box version without the b0x and the manual. that
By foregoing the fancy box and typically can
slim manuals you end up saving a considerable amount.

Love is the victim's response to the rapist.

You have only 100+$ bucks and want to buy goood software today - then
clcick here and you can get a lot//.. stories featuring our s,
s real you.

What doth it profit a man if he gains the who world and loses his own soul?

Great products hard and extreemely good pricing .
They by far exceeded my expectations. This is only one of 100's
commentts from satisfied customeersto

Re:Its educational

[codifus]

Yeah, and this is the best ever. . .BAS

geeks?

Seems that LOTS of geeks actually cross their fingers and click those remove links.
not geeks but stupid lamers.

Re:geeks?

[witcomb]

How different is that from LOTS of geeks crossing their fingers, popping open some new hardware to play around? I thought it was a geek's purpose in life to have curiousity in everything. Just think, next time you see a link wonder what could happen.

When you finally do click on the link though, don't come to /. because we will all laugh at you for doing it.

REALLY?!

[smacktits]

We need an article to tell us this?

Yes and No

[Doesn't_Comment_Code]

Do Unsubscribe Links Stop Spam?

While they don't exactly stop spam, they do prove useful. You can immediately sort possible-spam by whether it offers an unsubscribe option. If it doesn't have it, it's definitely spam. If it does have an unsubscribe link, it's either legit (newsletter perhaps), or spam disguised with a fake unsubscribe. While the fake unsubscribe doesn't really help the end user, it offers a way to track and prosecute those who violate CANSPAM which requires that the unsubscribe option be present in some form, and that it work.

Re:Yes and No

[R.D.Olivaw]

That would work until the absence of the unsubscribe link is used widely to tag spam, then all spam will have a 'bogus' unsubscribe link. Which is already happening.

Re:Yes and No

[Not_Wiggins]

You can immediately sort possible-spam by whether it offers an unsubscribe option. If it doesn't have it, it's definitely spam.

Strike that... reverse it.

Mail that has an unsubscribe link is more likely to be commercial solicitation than it is to be, say, a message from a bud. Most of the heuristics I've seen use "Unsubscribe link" as a positive indicator of spamness.

Re:Yes and No

[Doesn't_Comment_Code]

Right. I meant looking for clues in the mail that you don't immediately recognize. When I get email from my dad, or a friend, I recognize it without giving it any thought - like you said.

It's the emails that I don't recognize that require a little thought. They might be spam, they might be worthwhile information. That's when I look to see what properties the email has that make it look good or guilty.

Re:Yes and No

Please tell me how to prosecute under CAN-SPAM. I've been receiving unsolicited commercial email from Earthlink and have ineffectually followed their unsubscribe instructions for the past six months, to no avail. Countless telephone calls, well over fourty hours of my own time into it, and repeated assurances that they'll remove me from their mailing lists have not worked.

I contacted the FTC to file charges under CAN-SPAM, and they emailed me back that I appear to have a case, but I can't figure out what to do next...

Re:Yes and No

[EvilIdler]

I'd sort differently. If it's not from a mailing-list I voluntarily joined,
and it has an unsubscribe link, it's most definitely spam.

Re:Yes and No

You can immediately sort possible-spam by whether it offers an unsubscribe option. If it doesn't have it, it's definitely spam.

I don't include an unsubscribe option in my personal email - I've been spamming for over two decades.

Re:Yes and No

[JuggleGeek]

You can immediately sort possible-spam by whether it offers an unsubscribe option.

Bullshit. I've seen normal email (from individual people, not mailing lists) get caught in spam filters.

I run a (very small, very specialized) mailing list myself. I've met almost everyone on it personally, and I used a confirmed opt in system so nobody is on it by accident. I don't put any "unsubscribe" instructions in it. On occassion, people want to be removed, or to have it sent to a different account. They simply hit reply and tell me what they want, and I do it. Your "it's definitely spam" fails in that case, just as it did with the person-to-person mail above.

Re:Yes and No

[Doesn't_Comment_Code]

You didn't read my post carefully enough. I said you can sort possible-spam this way. If you know who sent the message, and you recognize it, it isn't possible-spam.

Re:Yes and No

[JuggleGeek]

From your post :
If it doesn't have it, it's definitely spam.

The even bigger surprise...

[Lonesome+Squash]

According to tFA, was that some spammer "affiliates" actually seemed to honor the remove requests.

So you dont have to watch the Ad....

Dec. 14, 2004 | Casper Jones is the head of BlackMarketMoney.com, a spam operation that's been pelting the Internet with junk e-mail for fake Rolex watches. I'm almost positive his name is a pseudonym. But does he know that Chris Smith is not my real name?

That's how I introduced myself last month, when I sent Casper an e-mail asking to join his spamming crew. I fibbed to him that I was a full-time bulk e-mailer looking for a new sponsor. I said that one of my business associates had recommended his program. (For authenticity, I lightly sprinkled typos and grammatical errors throughout the message.)

I wanted to be one of Casper's sales affiliates. In today's world of spam, a sales affiliate sends out junk mail on behalf of a spam-site operator or "sponsor," who assigns the affiliate a special tracking code to include in his e-mail ads. For every sale the affiliate's spams generate, he is paid a commission by the site operator. Sponsors also provide "remove" lists, spamming software, and other support to help their affiliates successfully market the site.

Since September, Casper and his associates had been clogging my various e-mail accounts with ads for a watch shop called Royal-Replicas.com (formerly onlinereplicastore.com). I filed several complaints with the Chinese Internet service provider hosting the site, to no avail.

I suppose I could have just clicked the "unsubscribe" links in the dozen or so spams they sent me every day. But I didn't trust these people one bit. I was sure that if I could get inside Casper's operation, I would find hard evidence confirming what savvy Internet users instinctively know: Trying to unsubscribe from spam is a fool's game.

Just look at the place. Royal-Replicas.com provides no physical mailing address in its junk e-mails or at the site. The domain's registration record lists someone in Spain as the owner. The site is hosted on a server in China, but the order page cites prices in Indian rupees as well as U.S. dollars. The headers of the spams reveal that many have been sent via "zombied" home computers. Even the headers of Casper's private e-mails are a fraud. (He routed all his messages to me through proxy computers in South Korea.)

The "About Us" page at Royal-Replicas.com doesn't help much, either. It contains little more than a bizarre rationale for buying its $300 knockoffs rather than the real thing: "Many people purchase watches that cost thousands of dollars and render the wearer liable to get their hand chopped off while walking home from a posh cocktail party."

Bulk e-mailers are required to honor list-removal requests under the U.S. CAN-SPAM law. But still it's common knowledge that clicking an unsubscribe link or handing over your e-mail address on a junk e-mailer's remove page is insane. The U.S. Computer Emergency Readiness Team (US-CERT) warns that unsubscribe links are "often just a method for collecting valid addresses that are then sent other spam." The FTC has sent warning letters to at least 77 marketers for their failure to honor unsubscribe requests.

Sure, a few spammers might take your name off to avoid trouble. But to most, you're merely confirming that they've found a live one. Next thing you know, they'll have sold your e-mail address to other spammers as "validated" -- or, in other words, ready for spamming.

At least, that's what I thought until Casper brought me onboard. My undercover mission into the heart of fake-Rolex spam didn't turn out exactly as I had expected.

I tried flattering Casper in my e-mails, gushing that he had astutely tapped into a timely and lucrative spamming niche. (You could probably find similar watches on the streets of Chinatown for $25, but hey, some people prefer the convenience of holiday shopping from home.) But Casper doesn't let just anyone join BlackMarketMoney.com. After I sent my introductory e-mail as "Chris Smith" from a free webmail account I had created, he asked to know the name of the person who had referred m

Re:So you dont have to watch the Ad....

[epiphani]

I told him I had learned about the program from a buddy in the #bulkers Internet relay chat (IRC) channel who uses the online handle Ep0ch.

I know ep0ch, that bastard is gonna get it now.

Re:So you dont have to watch the Ad....

[bataras]

>>Casper didn't respond. A minute later, he signed off. I haven't spotted him online since.

He should have made sure "Casper" was there by saying, oh "hello?" before asking questions.

Also, did his account get disabled?

Re:So you dont have to watch the Ad....

[Elwood+P+Dowd]

Casper replied to my message saying he'd never heard of the #bulkers IRC channel or my friend Ep0ch. (Damn, he was good. Neither exists.) Casper said I needed to provide the name of a "big mailer" who could vouch for me.

I produced a list of names and addresses, assuming he would quickly detect that they were all bogus and he would ignore me. A couple of days went by and I still hadn't heard back. I'd pretty much abandoned hope of ever becoming a BlackMarketMoney.com affiliate.

...

A few days later, an e-mail arrived from Casper. He said I'd make "a valuable addition to the team." His message included information about how to log in to my account at BlackMarketMoney.com, and he gave me his AOL Instant Messenger (AIM) screen name in case I had any questions.

A few days later because he'd been made, and "Casper" wanted to set up a journalist-friendly version of his site. (No, I don't really think so.)

Casper didn't respond. A minute later, he signed off. I haven't spotted him online since.

It's not like Casper disappeared from the net. He only has to add the journalist dude to his block list.

Have You Any Idea...

[Tackhead]

Prosser: Have you any idea how much damage that bulldozer would suffer if I just let it run straight over you?

Dent: No, how much?

Prosser: None at all.

> The article details how the spammers handle the 200,000-plus unsubscribe requests they get each month

By a strange coincidence, "none at all" describes the actions taken on 200,000 remove requests a day by a bunch of ape-descended spammers targeting a group of fellow ape-descended lifeforms so amazingly primitive that they still thought that ch33p r0l3x watches were a good idea.

Re:Have You Any Idea...

[irokitt]

"I do suggest that everyone spend some money, on a very splendid and worthwhile spam filter."

Re:Have You Any Idea...

[naoursla]

"Digital watches" would have fit more with the theme of the joke.

Re:Have You Any Idea...

[Twanfox]

You show me one that works, and by golly, I'll use it. I've tried SpamAssassin. I have it set up, but for some reason, either it or I cannot comprehend what form it wants the spam messages in so that it can do heuristics on my incoming messages and actually trap things. So, for the time being, I continue to eat it. Some worthwhile filter.

Don't click remove

[bigberk]

No, I know for sure that they don't help. For years I have been trying to get MORE spam. The main way I have done this has been unsubscribing from lists! In fact, I even "unsubscribe" an address that was never subscribed. Indeed, that new address is now getting plenty of spam.

Unsubscribing from spammer's sites will get you more spam. Unsubscribing from mailing lists will work, of course, but mailing lists != spam.

Re:Don't click remove

[Shillo]

> The main way I have done this has been unsubscribing from lists! In fact, I even "unsubscribe" an address that was never subscribed. Indeed, that new address is now getting plenty of spam.

Neat idea. 'Unsubscribe' known spammer addresses?

Come to think of it, also 'Unsubscribe' the network admins for the Chinese ISP that are mentioned in the article.

Re:Don't click remove

[bigberk]

You can test it for yourself, if you have a fresh disposable email address. Unsubscribe from the following (picked out of very fresh spam) and see if in a few months you start to get spam. here, here, here, here

Re:Don't click remove

This is such great timing. I'm actually testing a new server and have been doing this very thing this morning. Thanks for the extra places to sign up.

Re:Don't click remove

That's what I usually do on unsubscribe sites. Put root@localhost or something similar that redirects back to themselves.

And in other news...

Does the Pope shit in the woods? Are cats really superintelligent beings from the planet Arcturus?

Do Unsubscribe Links Stop Spam?

[ErichTheWebGuy]

In my experience, no. There was a time when I was naive enough to think that they would, but unfortunately, experience has proven otherwise.

In fact, I did an informal experiment of my own. I created an email address specifically for this purpose, and posted that address on a few sites. I was getting spam within 2 days (3 messages on day 2). After I got the first spam, I removed my email address from the sites. I also used the unsubscribe link on just one email. Guess what? The volume of spam jumped 400% within 24 hours (12 more messages came in).

Most effective weapon against spam? The delete key.

Ahhhh

[Richard_at_work]

its those bastards that are filling my mailbox up is it? I get nearly 300 Rolex spams a day alone, and like a good little boy I eat all of them, no bouncing no unsubscribing. Why isnt there a SMTP server that checks it as it comes in and refuses it there and then, telling the sending server to bugger off? That might get you taken off the list, whereas bouncing only annoys some poor sap whoes had their email address hijacked, and unsubscribing just announces that the address reaches a human.

Re:Ahhhh

[coolcold]

imagine you are one of those poor sap who now gets 300 bounce mail a day instead of spam

that is very appealing, huh?

Re:Ahhhh

[Richard_at_work]

If you bounce it back at the time of delivery, you are just telling the sending STMP server 'No, dont want this email' instead of 'Ok, all done, thankyou'. Thus the bounce should actually go back to the spammer as undeliverable rather than be fully accepted and then bounced after the sending SMTP server has disconnected. If its checked while the sending SMTP server is still connected, you can tell it there and then that its undeliverable, rather than bouncing the message to the From: address.

Huh?

[tgd]

Why are you loading the images in the spam you get?

Re:Huh?

[bradkittenbrink]

I can think of a reason why: what if someone wrote a thunderbird extension that instead of blocking the loading of images, loaded the images 100 times. for successive spams that link to images on the same domain or ip load the images 1000 times, 10000 times, etc. If enough people had this extension it could really work. (And get us all thrown in jail, but that's beside the point).

OK so that's probably not the reason that the grandparent was loading the images, I don't know what he was thinking.

Ass Backwards way of advertising...

[DroopyStonx]

See, the spammer is like any other advertiser: they want to try and sell you something.

So they send out a few billion spams, and 20% of them unsubscribe. Instead, they ignore it... and resend the same spam.

What, do they REALLY think if the person took the time to unsubscribe that upon seeing it a second time they'd think, "Oh WAIT, YES, *slaps forehead* I DO need a new pair of sunglasses!!! Silly me. I can't eat carpet"? Sorry, doesn't happen.

I don't know if it's just laziness or what, but ignoring the massive amounts of unsubscribe requests just seems like a waste of time, especially if you're trying to zoom down your list of people to those who will actually buy something.

Re:Ass Backwards way of advertising...

[gcaseye6677]

Unfortunately, many advertisers work this way. I get an offer in the mail for a Chase Visa card at least once a week. You would think that they would figure out that if I didn't sign up the first 50 times they sent something, I would still be unlikely to do so the 51st time. They could save some postage and just stop sending it. I assume the company sending out the ads is different than the one actually offering the product and they are just paid by the number they send out, regardless of effectiveness.

Re:Ass Backwards way of advertising...

Quote:
"See, the spammer is like any other advertiser: they want to try and sell you something."

FWIW, I would disagree with that statement, the spammer is merely the conduit through which those offering the goods or service operate. The spammer/middleman has most likely already been paid for the use of their botnet and are unlikely to work on a commission basis.

Just my $0.02

Either way, they're still a pain in the a$$!

Re:Ass Backwards way of advertising...

[Riddlefox]

Open up the offer, and read the small print on the back of the letter. There's a 1-800 number that you can call and ask to be removed from whatever list they use (IIRC, it keeps the credit card offer companies from looking at your credit report). They'll send you a letter; you have to fill it out and return it. I called the number and returned the letter, and I stopped getting credit card offers in the mail.

Re:Ass Backwards way of advertising...

[grub]

I get an offer in the mail for a Chase Visa card at least once a week. You would think that they would figure out that if I didn't sign up the first 50 times they sent something, I would still be unlikely to do so the 51st time.

Trying to think like a spammer here... perhaps they assume that many (most?) messages are automatically deleted so if the odd one makes it through then that's the hook.

Re:Ass Backwards way of advertising...

[DroopyStonx]

IMO, Spammers and advertisers are both parasites in society.

Sure, traditional advertisers pay, but they're the ones who spend millions of dollars in research to find out what makes people tick in order to push them to buy something. Everything from the colors, voices, and music used in commercials has been researched and is all geared toward product branding in almost every aspect of our life.

Then you have spammers who just toss out billions of ridiculous, although frequently comical, emails in an attempt to sell you viagra or some other completely useless item/service.

Re:Ass Backwards way of advertising...

[micolous]

Take the reply paid envolope from inside the mail, and put a bag of gravel inside, along with a note asking for them to stop. Bonus points for heavier and more useless materials.

Repeat with increasing amounts of gravel until they get the point. In Australia, upto 250 grams between two capital cities in a DL (220x110 mm) envolope costs about $1.50 (AUD) to send, and upto 500 grams costs about $2.50 (AUD). Sure, they get discounts for a bulk amount reply-paid letters being used, but it's fun, and annoying for them to deal with bogus applications! :)

Re:Ass Backwards way of advertising...

[iB1]

The problem is that spammers sending their warez via raped zombie machines are sending out their e-mails for free. They don't have to think about doing targeted marketing, as they can just blast out 10s of millions of e-mails 24/7. It doesn't cost them any more or less to send you an e-mail that they've sent 255 times already.

Re:Ass Backwards way of advertising...

[Tony+Hoyle]

Or maybe something that ignites on contact with air, in a nicely sealed envelope (that breaks when opened).

'This unsubscribe request will self destruct in 5 seconds...'

Re:Ass Backwards way of advertising...

[sylvandb]

See, the spammer is like any other advertiser: they want to try and sell you something.

Right.

So they send out a few billion spams, and 20% of them unsubscribe. Instead, they ignore it... and resend the same spam.

Right again.

I don't know if it's just laziness or what, but ignoring the massive amounts of unsubscribe requests just seems like a waste of time, especially if you're trying to zoom down your list of people to those who will actually buy something.

Think about it this way...

Like any other business, they want to make money. So they try and minimize their overhead expenses. Which costs more, filtering a list or having a bunch of zombies send e-mail to an unfiltered list?

I suspect it costs more to filter, in which case why would they bother?

sdb

Re:Ass Backwards way of advertising...

[flatface]

<wolf> 1. Save every Free Credit Card Offer you get, Put it in pile A
<wolf> 2. Save every Free Coupon You get, put that in pile B
<wolf> 3. Now open the credit card mail from pile A and find the Business
Reply Mail Envelope.
<wolf> 4. Take the coupons from pile B and stuff them in the envelope you hold
in your hand.
<wolf> 5. Drop the stuffed to the brim envelopes in your mail and walk away
whistling.
<wolf> I have now received two phone calls from the credit card companies
telling me that they received a stuffed envelope with coupons rather
then my application. They informed me that it they are not pleased that
they footed the bill for the crap I sent them. I reply with "It says
Business Reply Mail" I'm suggesting coupons to you to ensure that your
business is more successful. They promptly hang up on me.
<wolf> Now, I did this for about a month before it got boring, so I got an
added idea! I added exactly 33 cents worth of pennies to the envelope
so they paid EXTRA due to the weight. I got a call informing me about
the money, I said it was a mistake and I demanded my change back. After
yelling at the clerk and then to the supervisor they agreed to my
demands and cut me a check for the money. I hold in my hand at this
very moment a check from GTE Visa for exactly 33 cents.

Source: http://bash.org/?127039

One Spammer Down

[Clete2]

For about 6 months, I became victim to a spam system sending out e-mails. They thought my name was "Cxzffadds" or something of the sort. One day, I was fed up and sick of it (hey, it went to other@clete2.com anyways, so if they still sent it, I just change my spam address) coming to my inbox. I would get 3-5 messages a day or more off of it. I clicked that unsubscribe link, filled out something, and at the end, it "unsubscribed" me and sent me to a page to fill out something else, trying to trick me into subscribing to a plethora of other spam e-mails. Luckily, I took note of that before doing anything and now, I am Cxzffadds spam free. I will never click any unsubscribe links unless I get them 3+ times per day or for months on end.

Oddly enough...

[jamesgomez]

I have been using Yahoo for a couple of years and I started to get about 2-3 spam e-mails a day. I was sick of it, so I decided to use the unsubscribe list. Coincidently, I started to get more and more each day. Not only do the unsubscribe links "not work", but in my opinion, they also tend to send more links to the user knowing that they are actually the e-mails to some extent. Just my .02 cents!

Re:Oddly enough...

[scottblascocomposer]

That was only two hundredths of a cent?? :)

link to salon past the ads:

thanks /. editor morons, for posting that link to an add. Salon and their disruptive ads can go to hell. Here is the link to the actual article:

http://www.salon.com/tech/feature/2004/12/14/rem ov e_me/

Re:link to salon past the ads:

[Auraveda]

It doesn't matter if you go to that link, it'll still redirect you to the add page until you've clicked on the advertisements and either subscribed or chosen the day pass.

Re:link to salon past the ads:

[1u3hr]

You need to have the right cookie, which you get by viewing the ad. So don't block cookies they give you. (I got into an endless loop the first time I used their day pass method.

Unsubscribing adds value

[LucidBeast]

I always figured, that if you'd try to unsubscribe, your email address would be tagged as verified adding value to. This is just a thought, I've had since dawn of junk mail.

Re:Unsubscribing adds value

[norkakn]

not only verified as a real address that someone checks, but someone who actually opens spam

Different language

[gmuslera]

In spammers lingo, unsubscribe means "confirm that you email address is real". Is that us that don't understand that language.

Configure those Mail apps

[MooseByte]

"And for those with a HTML-enabled email client"

It's for this reason I have my OSX Mail app configured to not load embedded images and objects in incoming HTML.

---

Cthulhu holiday songs, for the gift that keeps on loathing.

Re:Configure those Mail apps

[jellomizer]

Yea it is nice. But unfortunatly I wish I had a feature to select all my spam. and forward it to spam@ftc.gov keeping all the headers.

Re:Configure those Mail apps

[doublem]

I'm running Windows, and use Mailwasher and enable the Spamcop integration. It will let me select the messages that get reported to SPAMCOP as well as use some of the black hole lists to mark messages for deletion. It's a fairly complex program, and an excellent first line of defense. Even lets you bounce messages as if the mail server didn't find your address and report messages to additional SPAM databases. All in all, a useful program.

One of these days I need to get around to seeing if it will run under Wine.

It even works for hotmail

Re:Configure those Mail apps

[Phroggy]

Vote for bug 112315.
https://bugzilla.mozilla.org/show_bug.cgi ?id=11231 5

Re:Configure those Mail apps

[dazed-n-confused]

The FTC's spam reporting address has changed - see this page. Forget about spam@ftc.gov -- you want to send your spam to spam@uce.gov

Here's a couple of other useful spam-reporting addresses:

• FDA (for Viagra etc. spam -- if it's a drug or medication being offered under its US brand name, the Food and Drug Administration enforcers want to know)
• SEC (for stock-pumping scams, hot insider tips, etc., shop them to the Securities and Exchange Commission).

Twilight Zone

Why is it that just prior to reading this article I found the following message in my inbox:

REPLICA WATCH MODELS

Rolex, Patek Philippe, Bvlgari Cartier, Gucci, Franck Muller

.. and 25 other most famous manufacturers.

http://www.differentwatches.info

All for only $199.00!

To change your mail preferences, go here (unsubsribe link)

I usually do not even bother unsubscribing from spammer accounts. As a general rule I do not give out the email address where I recieved this solicitation, so my only thoughts on how/where the aforementioned solicitor obtained my email address lies in the company (Pentad Systems) I work for listing it publically on thier website.

I simply deleted the spam and go about my day.

-JMHA

If there isn't already...

[TooMuchEspressoGuy]

...there should be laws against this type of flagrant disregard for the wishes of the "spamee." Perhaps something like the United States government's do-not-call list (https://www.donotcall.gov/), only a systen im which one registers his or her e-mail to not recieve spam.

At the very least, however, the same laws which apply to telemarketers should apply to spammers. If I remember correctly, here in the States, if someone recieves a telemarketing call and requests to be removed from the telemarketers' list of numbers, the telemarketing company is required by law to remove that number from their list. The same thing should apply to spammers, and be enforcable with (at the very least) heavy fines.

Re:If there isn't already...

[Auraveda]

Nice idea, but how will they enforce it on spam that comes from other countries?

Re:If there isn't already...

[Swamii]

Perhaps something like the United States government's do-not-call list (https://www.donotcall.gov/), only a systen im which one registers his or her e-mail to not recieve spam.

If you would've RTFA, you'd know that the United States goverment already considered that, but decided against it because rogue spammers would simply look at the list of Do-Not-Spam addresses, and add them to their spam lists as 'verified', thereby turning the whole thing into a Do-Spam-List.

No, Spamassassin...

[sprins]

...stops spam! I've been using it for some time now (server-side) and it has been so acurate that I have proceded to move alleged spam to /dev/null.

Mail that Spamassassin thinks is spam but isn't can't be that interesting anyway.

Re:No, Spamassassin...

[MrMickS]

I use SpamAssassin. However I do still get the odd false positive. These are usually order confirmations from online shopping sites. They have all of the signature of spam but are real information.

Oh really?

[Xenna]

I wouldn't have expected that, seeing that they don't seem to have any problems hammering my servers from spamzombied PC's with dictionary attacks sending mail to hundreds of thousands of -mostly- non existant e-mail addresses on the off chance that a few will reach a valid address that doesn't have spamassassin active.

This spam business is starting to look more and more like one giant distributed DOS attack, so pray tell, why would they be interested in unsubscribe requests?

Opt-out DDOS would be a nice idea in the ideal world...

Re:Oh really?

[wcdw]

Yeah, I noticed a huge increase in dictionary attacks on one of my domains a few months ago.

On the other hand, the 'user unknown' log messages make a handy filter for identifying zombies. I'm up to over 1k 'access denied's - and down to one or two 'user unknowns' - on an average day.

My homebrew spam reporting scripts go to great length to find an authority for the IP which sent it to me. If they can't find one, or it is known to be non-responsive, the standard response is to add the IP to the mail access list.

Unsubscribe? I don't even read the d*mn things.

Re:Oh really?

[Xenna]

Same here. IP's that generate too many 'unknown users' are automatically blacklisted for 24 hours. Every cloud has a silver lining ;-)

X.

Click only confirms your email

[theendlessnow]

By clicking the unsubscribe me link, you are confirming that a LIVE person read the email, thus raising the value of the email id (which are bought and sold regularly between spammers). Obviously, confirmed working and READ addresses are worth more money.

Best advice is to have more than email address. Even better if you can have a separate one for EVERY online form you fill out. Then you can safely identify anyone selling your information. Of course, most is harvested from website caches and newsgroups and such. You'll want to shroud your addresses used there.

That's a suprise!

[duxor]

In other news; animals continue to defecate.

Spammer Site URL

I'm surprised no one has posted the link to the spammer site from the article.

We wouldn't want http://www.blackmarketmoney.com/ to get slashdotted, now would we?

Bad monkey!

Hmm

[SnAzBaZ]

"Seems that LOTS of geeks actually cross their fingers and click those remove links"

I really don't agree. Any respectable geek shouldn't be getting spam in the first place, let alone be stupid enough to click the unsubscribe links.

Personally I haven't had more than 30-50 spams in the last 3 years or so.

I have my main address, which only 'real people' know, friends and family. It never gets any spam because it's totally secret.

Then for everything else I assign a throw away address on one of my domains, the mail on these gets checked only when I'm expecting something (like a signup confirmation/verification etc).

I also have a semi-secret address to give slightly less trustworthy people and to date that hasn't had any spam either.

Obviously I make sure none of my addresses get posted in plain text on the internet either.

It is simply a matter of keeping your address clean. The only way spammers can send me mail right now is if they brute force my email address, and that doesn't happen very often.

Re:Hmm

[Skater]

"Simply". Have you read the message you posted? It's not that simple to deal with the throwaway accounts, multiple addresses, and the other lengths you've gone to. You've just rationalized it - you're probably spending as much time dealing with spam as anyone else, just in a different way.

And, face it, it could easily be broken by someone you trust putting your e-mail address in to a website to send you a webpage or something. Then you'd have to go through even more hassle...

--RJ

Re:Hmm

[justins]

I have my main address, which only 'real people' know, friends and family. It never gets any spam because it's totally secret.

Then for everything else I assign a throw away address on one of my domains, the mail on these gets checked only when I'm expecting something (like a signup confirmation/verification etc).

You must not be involved in business or dealing with the public. That's nice. Here on planet "not living in our parents' basement," we need to let people know what our email address is and have that email address be there for a while.

Any respectable geek shouldn't be getting spam in the first place, let alone be stupid enough to click the unsubscribe links.

The second part of that might actually be true.

Re:Hmm

[slushbat]

And you can garuantee of course that none of your trusted friends will ever be hit by one of those viruses that harvests email addresses?

Re:Hmm

[gowen]

Personally I haven't had more than 30-50 spams in the last 3 years or so. I have my main address, which only 'real people' know, friends and family. It never gets any spam because it's totally secret.

I have a gmail account. Only my sisters know the address, and it shows no hits on google, web or usenet. It's received 50 spams in the last month, just from spammers using dictionary attacks (and I know thats what they're from, because the subject line gives it away.)

Re:Hmm

[Rydain]

I have a similar experience. My gmail account is the whois contact for my domain names, so I expected to get the usual spam that got sent to my old contact email, but I've received much, much more than that as well although I've only given the address to a handful of trusted sources.

Re:Hmm

[SnAzBaZ]

You must not be involved in business or dealing with the public. That's nice. Here on planet "not living in our parents' basement," we need to let people know what our email address is and have that email address be there for a while.

The company I work for has sales@, info@ addresses available to the public, you can't get employees addresses from the website. My personal work email address is only known internally and by individual clients/people in other companies who we're working with. So no, I'm not receiving spam on that either.

Re:Hmm

[tokul]

I have my main address, which only 'real people' know, friends and family. It never gets any spam because it's totally secret.

Just wait for one of your friends to be infected by trojan.

I have email address that is not listed anywhere and should be used only by some friends in order to contact me quickly, but it started getting spam after one friend got mail trojan.

Re:Hmm

[tryone]

This semi-respectable geek still has the same email address he had long before spam was an issue, and doesn't see why he should have to back down and change it.

Re:Hmm

[Blakey+Rat]

If I give up the email address I've owned since 1997, then THE SPAMMERS HAVE ALREADY WON!

Seriously, though, I finally did trash the address that was posted all over Usenet and the web long before the spam problem was a problem and moved to a webmail address. Alas, a 'friend' doing one of those free iPod scams got me on some spammer's list, but at least the volume has been low so far.

Re:Hmm

[prshaw]

Wrong. You are getting spam, you just use multiple email addresses to filter it.

I also have email addresses that have never received spam, but that doesn't mean spam isn't being sent to me.

Re:Hmm

[micron54]

My Gmail account has also been hit by these dictionary attacks in the last month. However, if you look at the "original" with headers and all, you'll find most, if not all, are being sent to addresses other than your own. It seems to me if Gmail recieves a bogus email, it just finds the address closest to it, and sends the email to them. I might be wrong of course, but from what I can see, that's what is happening to me.

Re:Hmm

[ChuckleBug]

I really don't agree. Any respectable geek shouldn't be getting spam in the first place, let alone be stupid enough to click the unsubscribe links.

Personally I haven't had more than 30-50 spams in the last 3 years or so

You give good advice, but this holier than thou stuff is really hard to take. I get tons of spam, simply because I was active on USENET and had a website with an unobfuscated mailto link 12 frickin' years ago, before spam was an issue. I'm ancient by slashdot standards, and remember seeing the birth of spam on USENET (GREEN CARD LOTTERY!) while reading the newsgroup with Timex Sinclair. OK, the Timex Sinclair is an exaggeration. Anyway, I have my own domain, and use email addresses from that domain forwarded to my main address. I get almost no spam to those addresses, but for various reasons I don't want to eliminate my old address, which is a spam trap. So I use a byzantine combination of SpamAssassin and shell scripts to deal with most of it. It does OK.

It takes only one slip these days to get on a list from which you can never escape. Congratulations on your spam-free life, but don't get too cocky about it, please. Especially with us old farts. :-)

(And no, I've never clicked any link in spam.)

Re:Hmm

[Elwood+P+Dowd]

I have my main address, which only 'real people' know, friends and family. It never gets any spam because it's totally secret.

Totally secret? Totally secret how? Do any of those friends and family ever send non-BCCed forwards to you and untrustworthy accounts? Do any of them use free email services likely to harvest addresses from outgoing mail?

The reason you don't get spam right now is because you aren't on their lists yet. Just wait, dude.

Re:Hmm

[deinol]

I really don't agree. Any respectable geek shouldn't be getting spam in the first place

Ok, so I admit most geeks should be smart about who they hand out their e-mail address to. However, eventually someone will get you on a list.

I've suspected that some spammers would use those machines they zombie to become relays to also harvest the e-mail addresses in the host's address book. Does anyone here have any information that would comfirm or deny this?

Also, there's all those myriad places where people can 'send this to your friend' which is a great way for all the clueless people you know to get you signed up for spam.

Ok, I guess you are right, a true geek doesn't have friends.

Re:Hmm

Sorry, but some of us really HAVE to give out our business addresses out left and right; it's the nature of the transaction. Just because you're stuck in a corner with a rare outside contact because you're in a job at the bottom of the ladder doesn't mean you're the average.

Re:Hmm

[JavaRob]

You must not be involved in business or dealing with the public. That's nice. Here on planet "not living in our parents' basement," we need to let people know what our email address is and have that email address be there for a while.

I use forms on my websites to let people contact me for support or feedback. That has the added bonus of letting me collect their OS and browser versions, which helps when providing support.

That protects me from a lot of spam. For other people, contacts and companies, I usually give each one an email address based on who *they* are. These all funnel into my main account, but I have the option of blocking one of them if it gets released into the wild... hasn't happened yet, though. Lots of people have my email addresses, but I only get 2-3 spams a day (which are easily filtered out), and those are totally from dictionary attacks on my domains, or the email I used to register the domains.

I think the single largest factor is to make sure you don't have your email in plain text anywhere online. If it *is*, find out where and remove it, and your spam level will drop after a few weeks.

Re:Hmm

[Kynde]

I agree completely. Not getting spam with inactive accounts is like hollering that event a default install of win95 can be virus free by simply not connecting it to the great-wide-open.

Being openly active implies spam. Dealing with it is another issue, and frankly from a geek perspective that is the issue. Effective filters have reduced my spam down all the way to less than ten false negatives a week, which is quite good compared to zero false positives and neglibible effort put into it and the 50ish spams that I would receive every day.

Re:Hmm

[v1]

My battle strategy is about the same... my email address IS on my web site, but it's a jpg, and isn't clickable. That, and I now run my own mailserver, which uses authenticated relaying and is subscribed to the three major RBL's, so they tank the incoming connnections before they even get a chance to send the body of the msg. I see hits in the log files all the time - I hear you knockin but you can't come in!

I've been giving out free email addresses to my friends and family, and they're all quite pleased with the zero-spam system.

Re:Hmm

You must not have any normal friends...

I have my primary address which I've only distributed to my close friends and relatives. I've lectured all of them on why they should always use bcc instead of cc when sending out email to a large number of people. Yet with startling regularity, I see forwarded emails comming into my mailbox with some joke or virus scare. I cringe when I look at the header and see my email address mixed in with 40 or so other addresses. I know that if only a couple of those people are foolish enough to forward it to all their friends, my email address will be propagated every time it gets sent.

So now I get about 30 or so SPAM messages a day to that account. It used to be a PITA, but ever since I switched to Thunderbird, I just have to occasionally scan my Junk folder for false positives. I've found 1 in 4 months. At this point, 1 SPAM messages gets through every couple of days. I find that this is simpler than constantly creating throw-away addresses.

So I'd ammend your statement to say that any respecable geek shouldn't spend time dealing with spam.

Re:Hmm

[adpowers]

Exactly. Geeks don't have multiple addresses for different people (excluding domain name catch-alls that go to the same mailbox and also excluding Gmail accounts to brag to friends (back when they were new) and stress testing Gmail). Real geeks filter spam and have wonderful filters.

Re:Hmm

[gowen]

Hey, good spot. I hadn't looked closely enough at the headers.

Re:Hmm

[Phroggy]

My Gmail account has also been hit by these dictionary attacks in the last month. However, if you look at the "original" with headers and all, you'll find most, if not all, are being sent to addresses other than your own. It seems to me if Gmail recieves a bogus email, it just finds the address closest to it, and sends the email to them. I might be wrong of course, but from what I can see, that's what is happening to me.

Yep, you're wrong - my guess is, spammers make it look like the recipient's address is similar to yours but not quite, so you'll think you received the message by mistake, and maybe you'll even try to contact the sender to inform them of the problem. That's just a guess, but I've seen exactly what you describe before, nothing to do with Google.

Re:Hmm

[gfreeman]

Then all your friends and family must be geeks too. I now get spam at my "secret" address because I was stupid enough to give a non-geek "friend" my personal email address. (I usually give out a unique address for each institution/site that I sign up to, but a single one for friends and family).

Alas, at least one friend has sent out a mass email to everyone in her address book and not used BCC. Since then, I have started to get spam and I've been unable to reduce the traffic to zero.

Kids, always use BCC if you're sending emails to a number of people who do not know each other.

Re:Hmm

[JuggleGeek]

Any respectable geek shouldn't be getting spam in the first place (snip) It is simply a matter of keeping your address clean.

In other words, hiding works very well for you. However, it doesn't work well for everyone. Register a domain? Must provide an address. Want people to be able to write you about the stuff on your website? Do you do business online? These kinds of things require making addresses public. Hiding isn't a solution, no matter how much you head-in-the-sand types like to claim "Spam isn't a problem, just don't let anyone know your address". Staying offline would also solve the spam problem, but that isn't an acceptable solution, any more than yours is.

I get 500 spams a day. The vast majority to addresses harvested from my website. Very few get to my inbox, of course, but if John Doe visits the site and wants to contact me, he will normally have no trouble doing so. (If he's never talked to me before, and his mail comes from known spam-sending IP space, then he may have trouble.)

Legitimate mass mailings vs. spam

[Junior+J.+Junior+III]

Unsubscribe generally does work for legitimate mass mailings, ie the ones you had to sign up for in the first place. It doesn't work for true SPAM, and indeed as others have pointed out, tends to actually make the problem worse.

It's amazing that this is considered "news", but I guess you have to repeat experiments every so often to prove that the theories they provide support for still hold water.

I was under the impression..

That clicking unsubscribe simply lets them know your email is valid. Lots of spammers simply email all words in a dictionary in a hybrid-like motion, i.e.
[word][number]@[hotmail, etc] and so by clicking unsubscribe, your email is added to a database of 'valid_targets', best to simply block the address/domain.

My experience is different

[netsavior]

I created an account just for spam, and about 300 messages per day got past my filters.

one day I got bored and "unsubscribed" to about 100 messages. The effect was not immediate, but within a week it was down to about 50 messages/day, so I started unsubscribing again. Today it gets about 15-25 per day, and I have stopped hitting unsubscribe (and stopped using that address as spam account thanks to gmail's spam address feature).

Evolution++

[Doc+Ruby]

Evolution lets you skip loading external/embedded images, by default, if that option is selected. I'd like to have an extra filter in there: white/blacklists (in my contact list) for message senders and image SRC URL patterns - all default to "NO". That way, senders/servers I trust - they already have my email/IP#/existence confirmed from other messages - send mesages that aren't broken. The rest can go to hell. A good filter would find messages that point at untrusted servers, and add their senders to the blacklist. That kind of Evolution plugin, with spamfilter against the blacklist, would go a long way towards suffocating the spammers drowning us in privacy invasions. And also make Evolution a much more attractive draw than, say, Outlook, for people who use their computer to communicate with other people, not with machines or reptillian spammers.

Re:Evolution++

[Manwe's+Herald]

If I remember correctly there is already an option in Evolution to automatically load images when the message is from someone in your contact list.

Not perfect, but a step in the right direction.

Re:Evolution++

[Anonymous+Custard]

A good filter would find messages that point at untrusted servers, and add their senders to the blacklist.

You could try using Mike's Ad-Blicking Hosts File. That would at least prevent your computer from accessing those 1px tracking images.

Re:Evolution++

What's wrong with embedded images?

When will people learn?

[dmuth]

This has been going on since before the days of the (long since defunct) IEMMC with their bogus remove list, which was back in 1997 or so.

Here's one article that was written about the IEMMC.

just DO IT! (was: Re:That's easy...)

[beh]

I'm actually (at the cost of some traffic) using this to help me fight spam...

It's not just that spammers are ignoring these requests, they will actually just merge their lists with the responses (on the off chance that you might try to also unsubscribe some of your other email addresses / or a friend's email address).

In fact, if you enter just a random address in there, you can be pretty sure that this address will get spammed in the future, too.

If you use bayesian filter software, like bogofilter or spamprobe, you can turn this into an advantage. I've actually "unregistered" some previously non-existent email address on my internet domain that I'm not going use anywhere else. Now I know that any email coming in for that address is definitely spam - and can hence use it to automatically improve bogofilter/spamprobe by passing that email from procmail into them with the spam "learn" flags set.

Re:just DO IT! (was: Re:That's easy...)

In fact, if you enter just a random address in there, you can be pretty sure that this address will get spammed in the future, too.

As the recipient of postmaster/hostmaster emails for multiple domains, I frequently get the bounces for undeliverable, unreturnable mail. It proves to be a valuable spam fighting tool. Usually the first thing I do is examine the unsubscribe link. Depending on whether the mail was sent to a "dictionary" harvested user name or a formerly valid user, and the content of the email, I can usually tell if the spammer will fall for my spam trap. I "unsubscribe" using a system - that the spammers reading here would just love for me to disclose - that lets me track who sent the email.

The spammers have taken anywhere from a day to six months to fall for the spam trap. I have a growing list of spam traps that are used only once for an unsubscribe request and about 90% of them have caught spammers. They are quite valuable in blocking future spam.

Re:just DO IT! (was: Re:That's easy...)

[opos]

Well you would think so. For 3 months I have been trying to unsubscribe to PC Magazines almost daily emails. I have clicked on unsubscribe until my fingernails fell off. I wrote to abuse@enews.pcmag.com, I wrote to security@enews.pcmag.com - no replies, no nothing except continue endless stream of announcements. Sometimes life is simply harder than it is supposed to be :)

Re:just DO IT! (was: Re:That's easy...)

[Ozwald]

I'm wondering, you can kill a goldfish by giving it too much food. It just keeps eating and eating until it runs out of food or dies.

Running Spammers out of money just isn't happening, not sure why. But what if we did the opposite? We run the "unsubscribe" link with a script that creates millions of invalid email addresses (on an non existant domain please, not mine). Their system will automatically add it to their database. If enough people do this, what if anything will break? I'm thinking that the signal to noise ratio on their distribution CD's will give them a nightmare of a maintenance issue or make it take to long to transmit overwhelming their SMTP service, but I dunno.

Oz

Re:just DO IT! (was: Re:That's easy...)

[Evil+Butters]

Gee, I just enter the e-mail addresses of people I don't like on various unsubscribe forms.

I would imagine they probably receive upwards of 200 SPAM message a day now...

Re:just DO IT! (was: Re:That's easy...)

[mi]

If you use bayesian filter software, like bogofilter or spamprobe, you can turn this into an advantage.

Why limit yourself to bayesian? <plug>With my state-keeping milter, for example</plug>, you can automatically blacklist the relay, that handed this spam to your server. So that you would not waste any CPU nor bandwidth talking to the abusive machine again.

Re:just DO IT! (was: Re:That's easy...)

[Eric+Damron]

"It's not just that spammers are ignoring these requests, they will actually just merge their lists with the responses (on the off chance that you might try to also unsubscribe some of your other email addresses / or a friend's email address)."

Or your obnoxious bosses email address... :-)

Re:just DO IT! (was: Re:That's easy...)

It would be nice if there was a way to do a reverse DNS lookup to see what other domains that company has registered, then perform this kind of a script on every single domain registered by the "person" who spammed you. Hopefully they'd forget to add their latest domain acquisition after registering it and putting it in their system. These guys are, by and large, slackjawed yokels, after the money starts coming in they're too drunk to follow stupid rules and checklists.

That's similar to what killed Spamford Wallace. Someone managed to feed a domain used by his servers into his own servers, which caused the servers to run out of disk space and go bye-bye.

It was quite funny because I sent him a very terse, threatening notice a short time before things got completely out of control and he, of course, blamed me. Going to sue, I hacked his servers, blah, blah, blah - before his threats arrived all I'd done is get in touch with corporate legal to see how big of a foot this Fortune10 company could bring down on that bug.

Ah Spamford... must be out of money and hustling his ass to gay men by now...

Re:just DO IT! (was: Re:That's easy...)

What if you had a script that would use all of the valid reporting agencies that go after spammers? Don't just use federal agency email addresses, use state/province prosecutors, & police units on cyber crime. Check to see if it is legal to "report the criminals to multiple enforcement agencies" or if it is "unfair self-incrimination". I won't want to get slammed by multiple spammers, so if you do write such software you might want to be an anonymous coward about it.

NOOOOOOO

[SQLz]

Of course they don't. If anything,unsubsribing will triple the spam you do get.

Besides filtering spam I started creating a seperate email alias for every website I need an email address on. When that alias starts to get spam I delete it, and I know where its coming from.

The most surprising place I ever get spam from is sears. I think they have someone on the inside selling their customer list because I will start getting spam about 2 weeks after ordering something.

I worked for a bulk emailer

[jcoxatonce]

And it was an interesting experience. @Once has big-name clients who don't want to be thought of as spammers, so the company puts amazing resources into reply handling and unsubscribe systems that actually work. I know, I worked my ass off keeping them running. It was a stark contrast to what a real "spammer" is, at least in my imagination.

Still, I was never proud to tell people where I worked because people think of bulk email as spam unless they're educated about the difference. In my interviews since I left the firm, I've always had to be very careful to describe the white hat nature of what I used to do.

Re:I worked for a bulk emailer

[jmason]

'@Once has big-name clients who don't want to be thought of as spammers, so the company puts amazing resources into reply handling and unsubscribe systems that actually work. I know, I worked my ass off keeping them running.

Of course, if those addresses initially came from bad sources, such as list vendors selling web- or whois-scraped address lists, then it doesn't matter how clean the opt-out process is -- it's still unsolicited bulk email, or spam.

It was a stark contrast to what a real "spammer" is, at least in my imagination.'

maybe a stark contrast to the kind of slime sending Rolex-watch spam. But still well into the spammy range of the spectrum; even Scott Richter claims not to use badly-sourced addresses these days...

Forced to read an ad to RTFA? No way!

[TFGeditor]

Salon.com forces you to read an ad before you can RTFA. They can go to hell.

Re:Forced to read an ad to RTFA? No way!

[slicenglide]

www.salon.com/news/cookie.html

make it the first page before you visit the main salon.com site and it will bypass them forcing you to watch an ad.

I use it religiously.
-Meow.

Re:Forced to read an ad to RTFA? No way!

[Scutter]

I just don't read salon.com. Problem solved.

I did and it works

[oneeyedelf1]

Before I was getting around 30 spams a day, now about 2 to 4. One problem with unsubscribing to spam, I noticed if you do it every day you continue to get the spam. On their opt out links they say something like please allow 7 days for their servers to delete you. Guess what after 6 days and you unsubscribe again, they wait to those new 7 days are up. It really works, though not all spams have unsubscribing, and usually it takes a while to hunt and find the link. The worst is medical sites I can never find them, http://lcv.pharmnnfh.com/ help me find the link. What really needs to happen is the people who work in the spam division at gmail, hotmail, and yahoo need to get their acts together and put together pages where you can mass unsubscribe to these things.

Red box spam

[Tablizer]

with spam for fake Rolex watches.

I once saw an actual brand called "Relox". By changing the spelling they could legally get away with it, at least in the short-term until Rolex sues them for confusing consumers, which takes longer in the courts than direct rip-offs.

Anyhow, another annoying repeating spam is the one with the red box in the upper left selling penis pills. It comes in as an embedded image from different sources. The only constant is that it is always the same image. My filter can only filter by whole words rather than parts of the (ASCII encoded) image.

I was in the process of building my own email filtering system with all kinds of "indicators" such as marks saying the email had HTML or image references and suspicious key words, but I didn't trust my own message parsing algorithm as far as isolating and altering messages and attachments as units. I am thus looking for libraries that do the basic parsing for me. I can then add the logic to screen and rank the content. I've been dabbling a bit in TCL of late, so TCL libraries may be the way to go.

WTF?

[doppleganger871]

Wait a minute, I distinctly saw a line in that article that read "You don't negotiate with terrorists...". What the f are they thinking? Of course you do. That's how you get terrorism and spam, to stop. Don't fight them, someone might get *hurt*. You might hurt someone's *feelings*. They might get *offended*.

And... that damn ad... I'll be sure never to buy that product, or visit salon again.

Re:WTF?

[Tony+Hoyle]

Actually you do negotiate with terrorists, you just tell everyone you aren't. If they're talking to you they're not usually shooting you at the same time.

If you're in a hostage situation the first thing you do is send in a negotiator. Sure, you get the SWAT teams in too, but you sure dont tell the terrorist...

For years the UK government was negotiating with the IRA... they didn't concede much, but it did slow the conflict down enough until events took over and they were forced to go the political route (specifically, gullible americans realised that funding terrorism was not 'cool', and they lost most of their ability to fight).

That's really naive of them...

[Assmasher]

I mean, there's nothing more valuable to a spammer than a list of functional e-mail addresses. How best to trick people into letting a spammer know an e-mail addy is good? The unsubscribe link, LOL.

NEVER use the 'remove me' or 'unsubscribe' link when the spam is from a company you do not trust.

It would be a shame

if shadowy figures enlisted armies of anon remailers to flood these assholes with threats of bodily harm.

Of course I do NOT endorse any such thing but I bet that if it ever did happen a good number of them would drop out of the spamming biz..

Soon or later, someone IS going to get a belly full and go track one of these jerk-offs down and do them serious harm..

Spammers do not write their own messages

[TFGeditor]

Analyze a few spam messages. Multiple versions of the *same* message come from multiple sources. Whoever hires the spammers supplies a pre-written message containing all that sneaky code, probably written by a disgruntled or greedy geek.

Re:Spammers do not write their own messages

[Xiaran]

Disruntled geek and greedy geek ? You make us sounds like smurfs :) I wanna be handsome geek.

Re:Spammers do not write their own messages

[TFGeditor]

" I wanna be handsome geek." That's an oxymoron of which I am reminded every day when I look in the mirror.

Er... No.

[pla]

Do Unsubscribe Links Stop Spam?

If by "Unsubscribe" you mean "trade one source of crap for a hundred others"...

By "Links" you mean "deliberately mangled URLs often either hidden in the page source or only appearing in white text on a white background"...

And by "stop spam" you mean "accomplish nothing more than waste time and speed your journey to a RSI"...

Then yes. Absolutely. Click away, Merrill, click away!"

Junk addrs in remove list a problem?

[OddHackGEA]

Why should junk addresses (president@whitehouse.gov, for example) in the remove list be a problem?

When the remove list is used properly, it should just be a case of "this address isn't on my list, I can ignore it". Granted, if the fake addresses were swamping out the real ones it would increase their processing time -- but still shouldn't be a major problem.

Of course, if the remove list is used as a source of e-mail addresses, then the fake addresses will be a problem. But in that case, annoying the spammer is a plus not a minus.

Creative Labs and RollingStone....

...also ignore requests to unsubscribe.

All or Nothing

[CcntMnky]

I religiously unsubscribe from everything, and I get very little spam. That said, I don't sign up for shady web sites or mailing lists, and my email isn't very public. However, I do believe it's an all-or-none scenerio, you have to get off of everybody's list or they will just propogate you before you can remove. If you're going to try and remove, hit those unsubscribe links/emails as soon as you get the message!

Company ID

[Tablizer]

One thing really missing is a national or perhaps even a global unique "company ID". Law makers are so eager to tag and trace individuals, but ignore company tracking. It is time for a national company-ID number.

Any company that wants to do business in the US would be required to have such a number and include it in any email they send across our borders, perhaps as a new email header attribute. Ideally it would be globally enforced and the US could pressure problem countries such as China to crack down on businesses that abuse email and/or the company number.

There are too many fly-by-night companies running around.

Re:Company ID

[coolcold]

I would like to see the day when US could pressure China to do something. And if that's the case, the first thing would be on IP rather than spam since that is the thing which directly hurt economy...

Re:Company ID

[Tablizer]

I would like to see the day when US could pressure China to do something. And if that's the case, the first thing would be on IP rather than spam since that is the thing which directly hurt economy...

The Bush administration has been way too lax on China. They keep their currency rates artificially low, don't enforce IP laws, harass Taiwan, are not a democracy, and have a lousy human-rights record. And, China is killing US manufacturing jobs. China may be a significant military rival in a decade or so. They are a trade headache, an IP headache, a diplomatic headache, and a military headache. Why does W love them so much? Don't let them dump cheap products into the US without some concessions.

Re:Company ID

[multipartmixed]

> US could pressure problem countries such as China
> to crack down on businesses that abuse email
> and/or the company number.

Let me get this straight. You expect a government which can't stop China's human rights abuses to stop e-mail abuse?

What are you smoking, and can I have some??!

Re:Company ID

[Tablizer]

Let me get this straight. You expect a government which can't stop China's human rights abuses to stop e-mail abuse?

Yes, because it hurts US corporate profits. If we communicate problems in terms of capitalism and profit, then the politicians may pay attention. I am just the messenger; I did not make our politicians this way.

Re:Company ID

[pnuema]

One thing really missing is a national or perhaps even a global unique "company ID". Law makers are so eager to tag and trace individuals, but ignore company tracking. It is time for a national company-ID number. Every company that pays US taxes is assigned a Tax ID. Been around forever. I used to be able to rattle off Tax IDs for about half of the Fortune 500 due to my job. What possible good would it do to identify companies by a number rather than a name? The problem is fraudulent companies, not an inability to identify them by number.

Re:Company ID

[patricksevenlee]

One thing really missing is a national or perhaps even a global unique "company ID". Law makers are so eager to tag and trace individuals, but ignore company tracking. It is time for a national company-ID number. Any company that wants to do business in the US would be required to have such a number and include it in any email they send across our borders, perhaps as a new email header attribute. Ideally it would be globally enforced and the US could pressure problem countries such as China to crack down on businesses that abuse email and/or the company number.

Would the number happen to begin with "666"? :)

Re:Company ID

[Tablizer]

Every company that pays US taxes is assigned a Tax ID. Been around forever. I used to be able to rattle off Tax IDs for about half of the Fortune 500 due to my job. What possible good would it do to identify companies by a number rather than a name? The problem is fraudulent companies, not an inability to identify them by number.

They might have a unique (tax) ID, but they are not required to put it in ads. That is what should change. (Also, I don't think small private companies always need a tax ID, hafta check.)

Regarding names, anyone who has worked with large databases knows that names make horrible unique identifiers due to various aspects of human nature related to the way that humans munge up such to hell and back. For one, names change.

Re:Company ID

[Tablizer]

Would the number happen to begin with "666"?

Hmmmm. I am really stumped about whether to assign that ID to Microsoft, SCO, or the ITAA.

Re:Company ID

Interestingly enough Florida is the worlds largest collection of spammers. Thanks to a somewhat wellknown tropical storm over said place global spamming got knocked down by 20%...

IMAP does this automatically

[RealProgrammer]

Well, sort of: IMAP mail readers only download the headers of messages until you select them. If you just click the Junk or Spam icon for those, away they go. Same thing with autodetected spam, of course.

Or you could just turn off HTML in email. I don't see the point of rich text in an email. At least, I've never gotten an HTML email I thought was improved by its prettied-up format or the convenience of a clickable link. /. posts, OTOH, are often improved by HTML. I'm not sure why.

Configuring OSX Mail's Rules

[MooseByte]

"I wish I had a feature to select all my spam. and forward it to spam@ftc.gov"

In OSX's Mail app it's easy to set up a rule to do that. I haven't tested it with a live message yet (just created the rule to see if I could), but I think it would keep the headers intact.

The risk then becomes the false positives of your spam filter. Forwarding non-spam to the FTC is probably not a good idea. ;-)

---

Cthulhu holiday songs, for the gift that keeps on loathing.

Re:Configuring OSX Mail's Rules

[fimbulvetr]

If you need a mail client that behaves correctly during a Daylight Savings Time change, check:

http://www.mozilla.org/products/thunderbird/

Yeah Right

[damicatz]

I never click on unsubscribe links. It just serves to verify to the spammers that your e-mail address is valid.

Geek Reality Check

Seems that LOTS of geeks actually cross their fingers and click those remove links.

Sigh Assuming by "geeks," you're referring-to computer geeks: Real geeks don't click remove links.

Real (computer) geeks don't use MS Windows. Real computer geeks don't program in some variation of BASIC. And very few real geeks bother with /. anymore, cuz /. is mostly inhabited by geek wannabe's.

Much of McWilliams' spammer expose' book is only marginally based on reality, btw. (Real geeks already knew this.)

Re:Geek Reality Check

[silverbax]

Do real geeks reply on /. with anonymous usernames?

Re:Geek Reality Check

Yes, they do, because they don't have /. accounts.

Infiltrate the spammers

[Bruzer]

What a great article. I think more of us nerds should infiltrate the spammers and see if there is any way to shut them down. I realize that is a lot more work, but how much work do you spend filtering, or deleting spam each day?

On a related topic, I used to get 25-30 emails per day to the email address that is on my whois registration. Recently I had to renew my domain name and I noticed that my registrar offered an email address encryption. By selecting this option my spam emails went from 25 per day to 2 or 3 per day! I was astounded at the scum who are using the whois information to spam people.

So if you own a domain name, check to see if your registrar is offering a similar service.

- Bruzer

Why would they work?

[LordEd]

You didn't ask for the spam in the first place, so why would they listen when you ASK for something?

Never Hit Cancel

[Kidder1974]

I always just assumed that, if you ever clicked "remove", they may remove you from their list (or not) but then they've got confirmation that yours is a valid email address, so they can turn around and sell it to others so you can get even more unwanted email.

It's not only unsubscribe links.

[eMartin]

Much of spam that I get doesn't contain ANY usable information or links at all. And sometimes there are links, but they aren't even valid URLs.

What the hell is the point of spamming people with ads when they won't be able to get back to you to buy your product?

Re:It's not only unsubscribe links.

[BrianGa]

Perhaps the service providers / hosting companies removed them before you got a chance to check out their products.

Re:It's not only unsubscribe links.

[ender-]

I think they do this to mess up people's bayesian filters and such. Or to just be total dicks.

ender-

Re:It's not only unsubscribe links.

[Technonotice_Dom]

A lot of them now contain just a large image containing text and the URL as text in the image. SpamAssassin picks up on it though (image/text ratio).

My favorate was Microsoft spam

[dloyer]

I clicked on the link unsubscribe to some Microsoft spam and it tried to force me to signup for passport, including a long... questionare asking lots of questions about me

I sent a email to customer service to complain. I got a response back from a customer service drone (human) that offered to unsubscribe me if I just gave him all the information needed to create a passport account for me... so he could opt me out of future spam.

I had some time to kill, so I replyed with a reference to the new spam law with a reminder that his reply acknolged my request to not send spam, so if I did get any more then Microsoft would be in violation of the law, passport account not withstanding.

So, four opt out attempts and three emails, but I did finally opt out... from one sender that is well known and has deep pockets and very sueable. Small spam outfits... forget it.

Post hoc ergo propter hoc...

[WIAKywbfatw]

Sorry for the latin, but I've always wanted to use that bit seriously just once...

Just because your spam dropped at that point that doesn't mean it was due to your unsubscribing session. There are many reasons why your spam levels fell. Perhaps your ISP/mail provider installed better spam filtering, perhaps the spammers responsible for a large proportion of your junk mail were shut down one way or another, etc.

There are many possible causes for the effect, so don't assume that you using the unsubscribe links was the catalyst for the change. That could have been it, but that's not necessarily it.

When I was an email admin....

[Degrees]

Had one user that went on FLMA, when she came back, her mailbox wouldn't open. Turns out she was the number one spam recipient in my system - upwards of 200 messages per day. I had to manually remove 20 K spam from her inbox - and then we renamed her account.

She did not understand why she was getting so much spam, because she always clicked on the unsubscribe link!

I had to explain the 'harvesting' concept to her, so that the new account wouldn't suffer the same fate as the old one. She was good after that.

Re:Never Hit Remove

[Kidder1974]

Whoops! That should read "Never Hit Remove". Not enough coffee yet this morning.....

Oh dear...

[tirenours]

> spammers usually ignore the unsubscribe requests.

What kind of world are we living in??
We can't even trust those venerable merchants that built the society as we know it.

Not just "spammers"

[jridley]

Heck, legitimate businesses often either ignore or don't test their unsubscribe systems.

I signed up for emails from History Channel a year or so ago. A couple of months ago I decided I didn't really want them any more. I clicked on every unsubscribe link they sent me, probably a total of 6 or 8 of them over 2+ months. Finally I sent them an email telling them they'd better honor it or have a lawyer familiar with CAN-SPAM.

To their credit, I got a hand-written email back within 12 hours and I haven't gotten any more promotional emails from them. But it's pretty obvious that their unsubscribe system wasn't working when I tried to use it.

Re:Not just "spammers"

[Tony+Hoyle]

I had something similar from 'Mobile fun'. I bought a product years ago from them, and they automatically subscribed me to their list (I didn't ask, or click any links, but I guess they thought I was an easy target).

After clicking around 10 of their unsubscribe links I lost my temper and reported them to spamcop, with details (didn't ask for list, unsubscribe doesn't work... SPAM).

I got a hand written email within 24 hours saying that they were Microsoft partners (not sure why they needed to tell me that) and of course they didn't spam... and if I'd tell them my email address they'd unsubcribe me (DUH!!! You just SENT AN EMAIL TO IT!!!). I politely replied with the same email adresss... and they stopped.

4 weeks layer they started again. This time I send them to spamcop, razor *and* blocked their entire subnet at the router. That stopped them.

where do we physically find this scum?

[cliffski]

all well and good but does anyone have this guys home address? I have a number of issues I want to take up with him, maybe involving a can of petrol and some matches.

Re:where do we physically find this scum?

Bah, that would be too clean.

Barbed wire and thumb screws are more of what I was thinking. :)

Unsubscribe Link *is* the purpose of some spam

[Rashkae]

I've received several pieces of spam lately where the URL of the website being advertised (the subject varies, free porn, free downloads, etc) is invalid... In fact, the only valid domain in these e-mails was in the unsubscribe link. I can only conclude that the purpose of this e-mail is to harvest the e-mail address of people who 'unsubscribe.'

Re:Unsubscribe Link *is* the purpose of some spam

[ValuJet]

Were you disappointed that the free porn wasn't there? I know I would be.

I had good luck

I had a junk hotmail address that I used as a spamtrap, but the amount of spam I was getting was really overwheliming. Figuring I had nothing to lose, I started unsubcribing from every piece of spam I got. Contary to conventional wisdom, it really did cut the amount of spam I got in half. For a while. Then I must've hit 'one of those', because the gates of spam-hell were opened, and I ended up creating a new account. But I think there are at least some spammers who try to play it legit.

I love it when slashdot headlines are like this.

[91degrees]

Slashdot headlines are often phrased as a simple question.

The answer to this one is: No!

So what are the rest of you commenting for?

200% Effective?

[MooseByte]

"almost 200% effective against porn spam"

So... it reduced your incoming porn spam by 200%. Which means you somehow processed negative numbers of porn spam. Which, to balance the books, must mean you became a net exporter of porn spam? :-)

---

Cthulhu holiday songs, for the gift that keeps on loathing.

Re:200% Effective?

[Eraser_]

Easy enough, he opted in to be a zombie spam relay. Somewhere in the Windows EULA it says that you must accept anything windows does, accepting viruses from wide open cable/dsl networks is just one of them.

Heck I get like 50 peices of spam a day (likely much more, but a lot of it is blackholed via junk email addresses so who knows?). I imagine at like 5-50k/email, my cheapy aDSL could upload a lot more than 100 peices of porn spam a day. This guy is slacking off, I bet I could get 500-1000% cutback on my porn spam!

I wonder if they make a FreeBSD daemon to send out porn spam?

Re:Do Unsubscribe Links Stop Spam?

An uncontrolled experiment. You don't know that the 400% jump was due to the unsubscribe link. You should have created two addresses simultaneously, one where you clicked a link and one where you didn't, and compared.

Re:Do Unsubscribe Links Stop Spam?

Most effective weapon against spam? The delete key.

In my experience, the most effective weapon against spam is source-IP-based email blocking.

Duh!

[rf600r]

This point is so obvious, I'm puzzled as to why it warranted an article, much less a posting on /.

Next week, we find that the penis-growing-rolex may not be real! The horror!

They don't ignore them!

[macdaddy]

When will people get this through their heads. Spammers do not ignore unsubscribe requests!! Now that doesn't mean the unsubscribe you from the mailing lists you never subscribed to. Oh no. While they don't ignore your unsub requests they certainly use them to their advantage.

They take the unsub requests and diff them against their mailing lists. That allows them to quickly and easily compile a list of active suckers, I mean mailboxes. They in turn sell their new list of active mailboxes to other spammers. Thus causing the sucker to get more spam.

Spammers also take the list of unsub requests and flat out spam them, no questions ask, too. Anyone that gets themselves on that list is guaranteed to get the living hell spammed out of them because the list is in the hands of active spammers, not website scrappers trying to sell the list.

I have about a dozen domains I set up for the sole purpose of hosting spamtraps. I took a list of proper pronouns and compiled a list of just over 525,000 spamtrap addresses per domain. I used pronouns so that the spamtraps would have a legitimate appearance (some spammers got wise to the way of random characters). So I had this enormous list of spamtraps and I had Razor and Pyzor set up to submit spam to the DB. I also hadm y good buddy Procmail set up to munge the spamtrap address and forward a copy to NANAS and the FTC. So how did I go about getting the spammers to spam me you ask? Hell that was the easiest part of all. I automated the stuffing of their unsubscribe boxes with my spamtraps addresses. I used NANAS to find current (and active) unsubribe forms. I then either used wget or curl and some shell scripting to stuff the boxes, depending on whether they were POST or GET forms. Simple. Within minutes I was getting spam. Within a few days I was getting over 30,000 pieces of spam per day. That was after stuffing perhaps a dozen unique unsub forms. I stopped stuffing them after that because the flow of spam was saturating my cable connection. I have a co-lo that doesn't charge me by bandwidth. I should fire up the spamtraps again. This time I'll add DCC.

Oh shit!

[Tablizer]

What?! My Rolex penis pills are fakes? Damn! Now I'm gonna hafta sell my Mercedes Tercel to pay for real ones.

Spam for a FAKE Rolex?!

[RandoX]

Dammit. Where's that "Get your refund here" link?

This is a surprise? Look they've read the spam!

[Mage99]

This has been true for years, click on the link and the spammer knows they have a good address and you've actually read their spam...Update that address and send em more!

FYI nikkinova.com sells email addresses

Yes, it's a nudie-pic site.

I checked it out a while back and subscribed briefly using an address specifically created for that site and never used or posted anywhere else-- and yesterday I got spam sent to that address.

Spam THIS!

[AnotherScratchMonkey]

Thanks for posting that. And in case you missed it the first time:

Black Market Money

Click now!

(You'll also find an email address there: webmaster@blackmarketmoney.com.)

In other news...

[Dacmot]

[sarcasm]

Lycos has released an anti-spam program that really works! Check your inbox for more details...

[/sarcasm]

Surprise, surprise..

[TheHawke]

They're commiting FRAUD!

They got a oh-so nice link that says unsubscribe, but when you click on it, they ignore it? Spammy then turns around and increases the sendto rate by 200%, resell the address, and oh, by the way, we'll joejob your account once we're tired of filling it up.

In the eyes of the Law, this constiutes Willfull Fraud, and more than a few other items in the United States Legal Code. Spelled out, means JAILTIME!

Re:Surprise, surprise..

[fishbowl]

"In the eyes of the Law, this constiutes Willfull Fraud, and more than a few other items in the United States Legal Code. Spelled out, means JAILTIME!"

If you can identify the perpetrator, if you can persuade a prosecutor to pursue, and if the perpetrator sets foot within the not-so-long arm of the US law... those are a lot of "if's".

my filter

[chigun]

i've never ever gotten a personal email asking me if i want to opt out, so i set up a filter to block anything that has the word "unsuscribe" in it. worked out well.

Re:my filter

[djmurdoch]

i set up a filter to block anything that has the word "unsuscribe" in it.

The misspelling is brilliant. How did you think of that?

Re:my filter

[chigun]

haha my bad, i meant unsubscribe. i thought we were above such corrections here on /.?

Re:my filter

[Dionysus]

Guess you are not subscribed to mailinglists then.

Re:my filter

[chigun]

I have a separate email address that I use solely for mailing lists.

Re:my filter

Unfortunately you just gave spammers a good idea.

Mod Parent Down -- Just watch the ad

Seriously, just watch the ad. Salon isn't attempting to gather information from you like NYTimes or San Jose Mercury News does with their lockout schemes.

You watch a short ad. Big deal. Delete the cookie afterward if you're paranoid. I wish the other online newspapers would see the merits of this model.

Posting the content on slashdot like this just hurts the chance you'll see other registration-only papers switch to this relatively benign method of getting revenue.

Re:Mod Parent Down -- Just watch the ad

[TedTschopp]

I wanted to read the article, not figure out how to watch the ad and then read the article, so I came back here, becuase I knew someone had copied the article over here.

Re:Mod Parent Down -- Just watch the ad

I wanted to read the article, not figure out how to watch the ad and then read the article

This just proves you didn't even COTFL (Click On the Fine Link) to try to RTFA. There is no "figuring out" anything.

Re:Mod Parent Down -- Just watch the ad

Actually it took me (someone else) a while to figure out how to get into the article. And given that I and probably most others just switched to a different tab while the ad was playing (I don't even remember what it was for), it's not like anyone was really missing out...

Re:Mod Parent Down -- Just watch the ad

I just checked the link, just to be sure of how difficult it is to get to the article.

You decide:

Step 1. Click on article link.

Step 2a. Click on giant advertising image to start the ad. (Proceed to step 4) Or
Step 2b. Click on "Skip to Salon" text-link at top of page. (Proceed to step 3)

Step 3. Click "Free Day Pass" at the end of the article teaser, and short explanation of how to view the article.

Step 4. Click on Salon link displayed when ad finishes.

Very very easy. It couldn't have been more clearly marked.

Re:Mod Parent Down -- Just watch the ad

Last time I tried to read a Salon article I couldn't get to it at all, even after watching the ad several times. Nothing I tried worked, and I'm generally pretty good at solving these problems. At that point I decided nothing they had to offer was worth the hassle, and I've never been back.

Re:Mod Parent Down -- Just watch the ad

[gcaseye6677]

Salon is a perfect example of a "media" company that just does not understand the internet and is trying to turn it into cable TV. Nobody wants full-screen audio/video ads, like you would see on TV. All it does is annoy the user and fail to generate interest in the product being advertised. When you see one of these, do you click through to the advertiser's site, or tap your foot until it is over? I would guess the overall success rate (ad views vs. sales) is dismal, or at the very least no more effective than relevant text ads. The so-called creative types in marketing departments need to find an advertising medium for the internet that actually works instead of just pissing off the user which is all that popups, flash ads and screen covering ads manage to do. As another example of a truly annoying web experience, try visiting chicagotribune.com without a pop-up blocker.

Re:Mod Parent Down -- Just watch the ad

[SiliconEntity]

I'm using Safari and there is no link to the ad. There's an orange box on the left, saying Subscribe Now, One year for just 10 cents a day. And on the right there is a light gray box saying SPONSORED BY, with no sponsor listed, and under that, Get Free Day pass access to read this article after viewing a brief commercial with audio. But there's no link! Mousing over the right hand rectangle never produces anything for me to click on.

Do other Safari users see the same thing?

Re:Mod Parent Down -- Just watch the ad

The overall success rate is far above any other advertising type, as is the cost for such an ad, which is why companies are going to this model.

That's like saying the imfamous X10 popups didn't work. They worked so well the company had trouble producing X10 cameras fast enough at one point.

Re:Mod Parent Down -- Just watch the ad

You have an old version of Safari (the betas before 1.0), or you don't have Javascript turned on.

Re:Mod Parent Down -- Just watch the ad

[catenos]

The overall success rate is far above any other advertising type, as is the cost for such an ad, which is why companies are going to this model.

In general, this is nonsense (there may be exceptions, but I am talking about the average). While the click-through rate is increasing with such advertising, the conversion rate (people actually ordering/filling out forms => orders/clicks) is decreasing.

According to our stats, even the absolute conversion rate (that is, orders/impressions) is usually lower than for reasonable banners. Considering several tests with placement of banners, I consider increased click-rates with obstusive banners simply a side-effect of people wanting to get rid of that thing.

Remember those banners which look like they contain some OS widget like a button? They work(ed) great when you wanted to increase click-rate (in times when pay-per-click was most popular), but people tricked this way to visit a site most likely were only confused and not in the mood of ordering anymore.

To conclude, those banners aren't popular, because they work well, but because some marketing types can make their bosses/clients to believe they work well, by showing that the campaign has increased the number of visitors to the homepage.

Those are the same people who ask for their traditional demographic profiles at a time, when you could easily run campaigns completely to their wanted profile (like, only womans at age 20-25). The US market may differ, but the German market is this way. (The solution, of course, is to turn to creating several virtual profiles for a site, which they can choose from.)

That's like saying the imfamous X10 popups didn't work. They worked so well the company had trouble producing X10 cameras fast enough at one point.

I don't see that as an argument for or against popups. It's an argument for X10 cameras. Unless you have data that shows, that those cameras sold better when advertised as popups vs. banners.

We once had a banner campaign that had 75% click-through rate (when on a not-specialized site 3-4% is considered high). But that wasn't saying anything about banners, but only about the advertized content. At first, we thought we had made an error (like placing the click-tag at the place of the impression-tag). But it was due to it being an ad for snow condition report on the last weekend of skiing season (with the 3 weeks before being with little snow and snowfall expected for this WE).

Being naive.

That address list "affiliates were instructed to scrub their mailing lists" with is part of the getting started package intended to hook new affiliates with... ie: use these addresses and you'll see how good our product will sell for you.

My favourite... where the ink should be:

[SuprChickN]

This is 1 -time mailing. N0-re m0val are re'qui-red

How you define a "legitimate" company?

[billstewart]

Well, duh, a "legitimate" company is one that doesn't spam people, but actually got your name on their list by mistake.

The real question is how you recognize a "lazy" company, which doesn't bother selling your unsubscribed name to other spammers. Unfortunately, the main method I know for doing that is to use their unsubscribe link and see if you get spam. You can get fancy and unsubscribe your dummy spambait address, but many of the unsubscribe links I've seen have your email information encoded in them rather than listed transparently, e.g. "http://spammer.biz/unsubscribe/3485093285489035" as opposed to "http://spammer.biz/unsubscribe/addr=yourname@exam ple.net" so they're really just using the URL and not the address you unsubscribed from.

I got one of those fake watch spams..

[necro2607]

Yeah I actually got one of 'em a night or two ago, advertising replica watches of common expensive brands. Small world it seems. Or maybe just broad reach of spammers. It's just that the address that got spammed only gets one or two spam emails a day, despite the fact that it's "info [at] mydomain"...

McWilliams disproves his hypothesis

McWilliams sets out in his article to prove that spammers ignore unsubscribe requests. He then signs up as an affiliate for a spam site so he can get his proof. As a check, he unsubscribes a little known e-mail address which has been getting spam from this spam site.

Lo and Behold, the spam site he's on actually HONORS remove requests and sends out lists to spam affiliates explicitly telling them to remove those e-mail addresses from the spam runs. Not only that, his little known e-mail address stops receiving spam from that particular spam site.

This wasn't really a very good article: no smoking gun, no body, no evidence of any wrong-doing. In fact, McWilliams effectively disproves his original assertion because he actually does get unsubscribed.

So why does the slashdot summary say that this article proves unsubscribing doesn't work?

Re:Do Unsubscribe Links Stop Spam?

[kesuki]

I find the 'report this message as spam' was more useful...
I bitched to yahoo about the spam problem at my yahoo account.. I had been using spamcop to report spam and that had been semi-effective at stopping spam... but when I got enemy listed spam was flowing in at much higher rates than before.... But then yahoo decided junk mail didn't count towards quota, and was filtering most of the junk mail properly, and then quota went up to compete with g-mail...
So I get maybe 100 spams a day, but it's rare for more than 2 to slip past the yahoo!s spam blocking. So my yahoo account is usable again... for now... even though my hotmail account went up in quota, their spam filters suck. Yahoo!s spam filters can get over zealous at times blocking valid mailing lists etc, but I haven't had any important e-mail end up in the bulk folder...

This is news?!?

[amuro98]

There's tons of ancedotal evidence on usenet that shows that not only don't the remove lists work - using them often resulted in the account getting *MORE* spam.

Apes?

[Saeed+al-Sahaf]

a bunch of ape-descended spammers...

Aren't we all decedents of apes? I suspect this does not have much to do with it, unless you are trying to say that spammers are human like the rest of us? I bet that's not what you mean, right?

Re:Apes?

[cobbaut]

He references HHGG from Douglas Adams.

Re:Apes?

Shouldn't that be Golgafrinchans? After all, they're our true ancestors. The ape-men died off...

An interesting paradox indeed. I do believe humanity is first described as ape-descended.

A better way to stop spam

[Megane]

Of course clicking on the remove links isn't likely to be useful.

The best way is to run your own mail server and simply prevent the spammers from connecting. One way is to add blackhole lists to your MTA (Sendmail, or whatever). That really did cut my spam quite a bit. But recently I noticed I was still getting quite a bit of spam directly from China and Korea decided to get tough and start blocking net ranges completely. I had tried blocking SMTP from a few /8 address ranges before, but this time I didn't want to unnecessarily block Australia or Japan, so I took the time to look at the /16 level to find sub-ranges to block.

It's already working, too. Here are the ranges I've added so far. (The second column is the number of connection attempts that were rejected.) At this point, I only plan to add new blocks as I encounter them in actual spam.

00100 44 2164 deny ip from 63.148.99.224/27 to any
00100 0 0 deny ip from 65.118.41.192/27 to any
00110 36 1920 deny tcp from 211.32.0.0/11 to me 25
00110 2 96 deny tcp from 211.144.0.0/12 to me 25
00110 6 288 deny tcp from 211.160.0.0/11 to me 25
00110 6 288 deny tcp from 211.192.0.0/10 to me 25
00110 0 0 deny tcp from 222.16.0.0/12 to me 25
00110 6 288 deny tcp from 222.32.0.0/11 to me 25
00110 13 624 deny tcp from 222.64.0.0/10 to me 25
00110 0 0 deny tcp from 222.128.0.0/12 to me 25
00110 0 0 deny tcp from 222.160.0.0/11 to me 25
00110 4 240 deny tcp from 206.81.80.0/20 to me 25
00110 0 0 deny tcp from 216.224.0.0/13 to me 25
00110 0 0 deny tcp from 216.240.0.0/13 to me 25
00110 0 0 deny tcp from 61.32.0.0/13 to me 25
00110 0 0 deny tcp from 61.40.0.0/14 to me 25

Oh, and those first two lines? Google for Cyvelliance and you'll understand why they're there.

Re:A better way to stop spam

[chongo]

Beyond the first two lines, how did you select those IP address ranges? Did you examine your logs or obtain these ranges from a list somewhere?

Re:A better way to stop spam

[Megane]

whois is your friend.

whois -h whois.arin.net (North America)
whois -h whois.apnic.net (Asia-Pac)
whois -h whois.ripe.net (Europe)
whois -h whois.lacnic.net (Latin America)

Re:Don't do it!-ButYourFilterCan...

[coachvince]

you could do a filter for the words subscribe or unsubscribe, then exclude any mailing lists you're on

Who else did they sell your name to?

[billstewart]

I did, in fact, read the end of the article :-) The risk with unsubscribing isn't whether they'll ignore your efforts to unsubscribe - it's that some fraction of them will sell the lists to other spammers and the other spammers will spam you more. In my case, there's probably not much downside risk - I've had my main email address for a decade, and it's splattered all over mailing list archives where harvesters regularly find it.

I have had spammers remove my names from lists - Scotty Richter's OptInRealBig gang were particularly diligent about it, since they were trying to promote an image of legitimacy and responsibility. (yeah, right...) I didn't directly request that they unsubscribe, but I sent spam complaints to some of their ISPs from one of my addresses, and that address showed a noticable drop in spam while the other addresses they were spamming didn't. I didn't bother complaining to their direct ISP, which was an obvious front, but I complained to their upstream, who should have known better than to "send complaints to them for resolution", but eventually got the hint that they really needed to get rid of the problem spammer, not just get the problem spammer to remove addresses.

Re:Who else did they sell your name to?

[gcaseye6677]

The only way to really get rid of spammers, and this includes "legitimate" spammers like our friend Scotty, is for the feds to get serious about prosecuting them. And I don't mean filing charges based on some kooky new anti-spam law that is full of loopholes. Take them down like they did Al Capone. Start investigating known spammers for all different kinds of law violations, like tax law, interstate commerce law, licensing regulations (do those online pharmacies that have operations in the US have proper licenses?) and other general business regulations. I'll be willing to bet that almost all spammers are breaking a law in some way. Find that, shut them down, and others will get the hint. Sure, some people will continue to do it, but the volume of spam will decrease as the overall cost of sending spam increases.

litlle experience

[C0vardeAn0nim0]

i received a spam in my gmail spam box about a product that makes women "instantly horny"... yeah, right...

it did have an "unsubscribe" link, so i clicked through and entered a brand new, created just for this address there. the link, for those willing to try is http://protesilaos.info/3ea2a2675e2fe363b4ffa9b7c/ DJEum9tXL.html

lessee now if spam starts flowing or not...

"the" spammers, or "this" spammer?

[Tumbleweed]

Two years ago, it had gotten to the point that I was getting over 200 pieces of spam a day, and not the yummy kind that comes in a tin. Before initiating an email address change, I decided to try an experiment: see if clicking those unsubscribe links actually did anything. So, for one week, I followed the unsubscribe instructions on every piece of spam I got. The result: a 2/3 reduction in spam. That's pretty significant, but hardly worth the effort in my case, as I was still getting dozens of piece of spam a day, and unless you keep up with the unsubscribing, it just goes back up to the previous level within a few weeks, anyway.

So, yeah, you CAN reduce the amount of spam, but it becomes a regular maintenance task every day, and really isn't worth it in the end.

My advice: get your own domain and handle your own email accounts. Create special ones that simply forward to your main email address, to use on sites that require an email address for full functionality, and when you start getting spam, you know where it came from, and can shut that particular email forwarder down. It's a bit of a pain, but a LOT LESS pain than trying to unsubscribe from spam.

Obviously, anti spam tools like bayesian filters and what-not are always a good idea, but can let spam get through, and can block some wanted emails.

YMMV (but probably won't).

Re:"the" spammers, or "this" spammer?

[Eythian]

My advice: get your own domain and handle your own email accounts. Create special ones that simply forward to your main email address, to use on sites that require an email address for full functionality, and when you start getting spam, you know where it came from, and can shut that particular email forwarder down. It's a bit of a pain, but a LOT LESS pain than trying to unsubscribe from spam.

You know, I do this. But it doesn't make a difference. There are only two times when the email I created got spammed. One was one I used for posting to Google groups, the other was one that was an experiment for a very spammy-looking site. All real companies I give my address to have been very good about not spamming me at it. (I'm excluding commercial newsletters that I explicitly signed up for)

Pandasoft

[Ticklemonster]

I've tried several times to unsubscribe from pandasoft's newsletter after having installed their bloatware and quickly deciding that I wanted my computer back. After my third attempt in 3 weeks, I am waiting to see if it worked.

BGSOUND does it too

Not loading images in not enough protection. The same unique ID trick can be accomplished with a BGSOUND tag, and yes, I have received spam messages using this trick. My personal preference is to always view the message body as plain text.

Blackhole anonymous remailers

[Corellon+Larethian]

For a start. But it would take every ISP in the country, doing this overnight, to shut that route down.

After that, you need "undercover" agents buying the compromised lists that spammers use, and start blackholing those entire subnets. After you buy about ONE MILLION compromised machines, you're likely to see some kind of pattern.

The problem just isn't great enough yet.

So does pine!

[pjt33]

Immensely useful, I agree.

alternatively

To manage spam:

Create a Yahoo (or MSN or Gmail etc) account specifically for the purpose of spam reception. Don't put the word "spam" in the name of the account. Whenever you purchase anything online, or otherwise fill out ANY online form that requires an email address, use that one.

Create another (brand spanking new) account on one of the above providers or your ISP or wherever you want. Tell your friends to email you there, and also tell your friends never to put your email addy on a web form (like those "send this article to a friend" forms). Whenever they do anyway, bug them about it.

If you use yahoo chat, or IRC, or what have you, be sure that none of the information you provide (such as your screen name, the account with which you log in, etc.) can be traced back to your friends-only email account.

Also, make yet a third email account for professional contacts...job searching and so on.

I found this works quite well, and doesn't require you to use an anti-spam tool on your own network if you don't want to.

Re:alternatively

[beh]

Get your own internet domain (and ideally a provider that allows you free use of subdomains) and that problem is solved permanently, as you can assign new addresses for every single contact and purpose. e.g. my (visiting) card has one specific email address I don't give out anywhere else, and since that address only exists in print, it's fairly safe from spam harvesters... ...similarly, every company I order something from gets an address in the form of companyname.com@biz.mydomain.tld
That way, I can easily filter out all business related emails (*@biz.) to one mailbox, and in case one of those starts spamming, I will send every future email to that recipient address to bogofilter without even looking at it any more...

(If you're not allowed sub-domains, it's not too much of a problem either; in that case instead of companyname.com@biz... use something like companyname.com-biz@...
That still allows you to procmail .*-biz@... to a business mailbox and somespammingidiot-biz@... straight into bogofilter / the trash...

Benedikt

Re:alternatively

SpamGourmet offers the same type of service without requiring you to register a domain. You can even control how many messages a company sends and see which company sold your name up the river by the email account that was used.

They even have protections in place to keep people from just randomly adding to your accounts. The nice thing is, all the spam just goes away, never delivering to your email box (think of it as /dev/null for spam)

Re:alternatively

[eugene+ts+wong]

spamgourmet.org basically does just that. It might be inconvenient for sending out mail, but it definitely works well for receiving mail. There is also another service that offers this and is easier to use, but I can't remember it offhand. It starts with a "Z" if I recall correctly.

And how long did you observe?

[Arker]

Back in the mid 90s, I did that. Hit a great many remove-me links. Spam did drop for a short period of time, but within a few months it was back with a vengeance. That address is now completely unusable, I get about 5 spams an hour on it, and have long since given up on actually being able to use it.

What happened, I think, is that the spammers in many cases did remove me from their own mailing list - while simultaneously adding me to the 'confirmed good' list they sold to other spammers.

How to Set Up Your Own Probe Network

[severoon]

Actually...I hate to tell you guys this, but most spammers use those unsubscribe requests all right. They use them to verify that the email address is active, and it goes into a higher priority hit list. Even if they're in the US where the law says they must honor your unsub request, there's nothing that says they can't sell the information to other spammers that this is an actively used email address with a real live person on the other end of it.

About 18 months ago I did a little experiment. I set up my own junk inboxes at different email services and started handing them out. Three of them I unsub'd every spam email I got, and the other three I didn't. Guess which one eventually ended up getting buried in 10 times more spam...

I have a friend that is quite intelligent. He did a spin on the same idea, and I recommend it to anyone that wants to cut their spam to one or two mails per week (or you could just get a gmail account--I only get a few spam messages per week over there). Here's how it works...

Go out to every free email service you can get your hands on that supports POP3 download. Hand those addresses out to every spam list you can get your hands on. Periodically (every hour or so) download those messages into your Bayesian spam filter, marking them as spam (salearn that comes with spam assassin, for instance). I know of no better way to train your filter system and keep your spam stats up-to-date.

Of course, this isn't totally free of manual intervention. There's the initial setup of all this, which is more or less a one-time thing, but for it to truly work well, you have to make sure you also pipe all your regular mail (ham, as spam assassin calls it) into your Bayesian filter as non-spam mail, and if any spam does show up at your regular address, make sure you sort it into a separate folder and deal with it as spam. The spammers are getting more and more clever every day, and the line between spam and ham gets ever fainter, requiring that much more learning by the filtering system to keep straight what's what. But it's really not more work than you go through anyway, and you'll collect far more stats to use against the spammers than you otherwise would.

And let's not forget the best part, either. Signing up for and collecting all that spam costs spammers a little change (though, you could argue it also costs the hosts of your spam accounts, though you can delete the downloaded messages off the server every hour as part of the d/l to try and minimize impact on them).

Re:How to Set Up Your Own Probe Network

[operagost]

That would be, umm, ZERO!

Re:How to Set Up Your Own Probe Network

[rockwood]

Actually I used to agree with you on the 'Spammers use this link to validate your email is active.'

My wife (non-technical) prefers to go through her spam one by one (She actually loves porn, so it's a treat when she get the spam and a treat for me when she done looking at all of it :) ... anyway... One day I noticed that she was hardly getting any mail at all. I asked her what happened to her spam... she said she was getting SO much of it nearly 1000 a day that she started to click on the unsubscribe links (even though I had previously warned her about do this).. and what do you know? 3 months later.. and to this day, she still lucky if she get 2 or 3 a day.

That's a huge difference for simply clicking on 'Unsubscribe'!!!

I hadn't tried this method myself in fear of it not wokring for me...

Re:How to Set Up Your Own Probe Network

Spammer alert!

Re:How to Set Up Your Own Probe Network

[severoon]

It doesn't work. You probably have seen a marked decrease in spam because your ISP got some anti-spam solution at their end and they're not forwarding along email anymore from known spammers. Trust me--there's no way your wife's actions had anything to do with it. I used to work for Brightmail (anti-spam company) right before they were bought by Symantec, I know this is definitely a trick spammers use.

Re:How to Set Up Your Own Probe Network

[ssimontis]

I'm willing to bet those unsuscribe links will get worse in the future. I believe I've heard about spammers loading spyware when you click the unsuscribe link. If this practice becomes widespread, it could be a nightmare. If they loaded a piece of spyware or virus that could give them control of your computer, they have just found another way to get more zombies.

Re:How to Set Up Your Own Probe Network

[JuggleGeek]

Actually...I hate to tell you guys this, but most spammers use those unsubscribe requests all right. They use them to verify that the email address is active, and it goes into a higher priority hit list. Even if they're in the US where the law says they must honor your unsub request, there's nothing that says they can't sell the information to other spammers that this is an actively used email address with a real live person on the other end of it.

Did you read the post that you replied to? He's *counting* on them doing this. It gives him a steady supply of known spam, which he can then use to help his filters catch spam sent to his "real" address.

It doesn't help with the bandwidth problem, but I can see it helping a Bayesian Filter quite a bit.

So, after you go "You guys are wrong", you then explain how you have an "Intelligent Friend" who uses spam the exact same way - excpept apparently it's "Intelligent" if you do it by using hotmail and similar free services instead of just handling it on your own domain, on your own box.

Re:How to Set Up Your Own Probe Network

[severoon]

Well, it is more intelligent to use other inboxes that exclusively get spam. The one drawback to Bayesian filtering schemes is that you have to diligently sort the ham from the spam, and the more mail you sort by hand, the more accurate it is. This is a huge problem for most users because the spam is getting so good at getting around these filters nowadays, you need to hand sort in the tens of thousands of messages for the Bayesian filter to be effective.

On the other hand, if you have several addresses you don't give out to your personal contacts, you know for a fact that any mail you receive there is unrequested, i.e., spam. So it can immediately be piped to your filter as such.

(By the way, you misread my message...I wasn't setting myself up in opposition to the parent, I was jumping on the parent's bandwagon. The "you guys" doesn't refer to the parent poster, it refers to the parent poster's audience. Like when you happen upon a conversation between person A and person B, and A says, "B, you're an idiot!" And then you say (to B), "You know, I hate to tell you this, but you are an idiot." That's why I used "you guys," a plural...I did not, in fact, believe the parent poster to be a group of people collaboratively typing.)

Re:How to Set Up Your Own Probe Network

[rockwood]

I understand that and I have always told everyone I know that. She has two accounts, one at peoplepc and another with comcast. She always gloating about how it worked when I said it wouldn't. You do have a good point, and while I believe comcast may have something installed to deter spam, I don't see poeplepc having this - I'll check it out. I'd love to be able to justify my opinion on this to her.. but this will be it :)

just "unusbscribe" through spamcop

[gessel]

No really, report spam to the RBLs. They'll work better the more they're used and the more timely. And they really piss off spammers, which is a Good Thing.

I've cleaned ...

... a hotmail account of mine that I had stopped using because of intense spam. I never thought it would work, but I wanted to experiment with it anyways. I replied to every spam letter I could in there for maybe 10 minutes a day. It took about 2-3 weeks, but it's spic and spam free. I haven't gotten spam on the account for a year now and I'm a lot more careful about where I type my e-mail. It may seem at first that they ignore the requests, but if you're persistant enough you can have success.

You're obviously a spammer!

[nortcele]

And you're trying to lure the unsuspecting to the dark side... Someone get the tar and feathers.

The giveaway was the "200% effective" comment and the "abiout" spelling glitch.

Nope. The headers are usually forged.

[khasim]

That would work if the spam correctly reported its origin.

But that's not in the spammer's best interest. It's better for them to use zombies and open relays.

You'll bounce their message to a server that didn't send it and they'll bounce a message to you saying that such-and-such person isn't there...

It's better to just delete them (after sending the headers to spamcop).

Old News from 1998

[AnalogDiehard]

We knew this tactic way back from 1998, nothing new to see here.

Spammers are unscrupulous law-defying scum.

Unsubscribing is like asking convicted felon to...

[Lead+Butthead]

Dear Mr. Convicted Felon,

My name is Joe Blow living at 1234 Any Street, Any Town USA. I am writing you to opt-out of your crime spree target list. Please do not rob me or bugularize my home, even though I regularly carry a large sum of cash on my person and keep most of my valuable assets in my home...

And a counter anecdote.

[khasim]

I'm running SpamAssassin at work. I flag all the spam and forward it to the end user (so they can find any false positives).

One woman set up a rule to delete the flagged spam AND to send a reply asking that they not send any more. It was very polite.

Yes, she was getting TONS of spam. I noticed it when she was on vacation and her mailbox usage stats shot up because she wasn't in the office to delete the hundreds of emails arriving every day.

Personally, I find it hard to believe that any spammer will remove any address from their list when I see "dictionary spam" every day (email sent to every last name in the phone book in the hopes that it might get through to a real person).

I have also set up a few fake names to use with SpamAssassin. I just use them to register at some sites and reply to them and they keep getting more spam. They keep getting spam.

Rule #1. Spammers lie. Remember that.

"do not spam list" fix

[Xavic]

instead of having the list have email addresses stored, why not just long hashes of those email addresses. then, the spammers just hash the email address, submit to the list to see if its there, and do whatever based on if it is or not. anyway, not perfect, because people still wont follow the rules, but it provides at least a little wall of protection because SOME people would use it.

Re:"do not spam list" fix

[Shamashmuddamiq]

No, screw that. As long as you're being idealistic, they should forget the "DO NOT SPAM" list altogether. They should have a "DO SPAM" list, so people opt-in instead of opt-out. Then you can publish the list of addresses without even hashing them.

Re:"do not spam list" fix

I like your thinking but there may be a bug. If a list of hashed e-mail addresses is provided the spammer can harvest the plaintext from his own list when he flags an address for removal. This would provide great protection if you are not on any spamming lists but would be defeatable if your address were somehow comprimized.

Uh.

[g0at]

The spammers can reasonably assume that you don't want their message to begin with, yet they send it anyway. So what basis is there to speculate that they might even consider heeding an unsubscribe request? None, to me.

-b

Solution that works for me: sneakemail

Has everyone heard about Sneakemail.com? I've been using it for a while, and I think it's great. You create temporary throw away email addresses that you tie to your real accounts. For someone like me without their own mail server, it's great.

A wise man once said...

[_anomaly_]

Brilliant!

(I need to do this... create a bogus email, spam@mydomain.com and try it...)

RTFA -- he said his spam did go down!

Or at least read the end of the article. His volume of fake Rolex spam went down. It didn't stop, but it was reduced.

The wanna-be-sorta-legit spammers will respect the unsubscribe.

The don't-give-a-darn spammers don't care enough to differentiate between a "live address" and bogus/dead ones. They'd spam the power set of e-mail addresses if they could.

Re:RTFA -- he said his spam did go down!

[night_flyer]

I assist with SPAM filtering at my job... Rolex SPAM in general has gone down.

Re:This is a surprise? Look they've read the spam!

[prshaw]

>> Update that address and send em more!

I really don't think this happens.

IF they look at the clicks on an unsubscribe link they will probably take you off the list.

BUT I suspect that most of them just ignore the clicks. They DO NOT care if the email address is valid or not. It costs nothing to send to a bad address, and someday it might belong to someone.

Bingo!

[khasim]

And, face it, it could easily be broken by someone you trust putting your e-mail address in to a website to send you a webpage or something. Then you'd have to go through even more hassle...

Particularly those "free" sites sending "eCards" with cute holiday messages (or birthdays or whatever).

Some idiot uses one of those and they collect TWO addresses (the idiot's and the idiot's friend's).

Security through obscurity does not work.

Your address gets out one time and you're on the spam lists forever.

Lawsuits?

[abertoll]

So is this actionable now? I mean is this enough proof to hit them where it hurts?

alternative email apps...

[bigwavejas]

I use TheBat http://www.ritlabs.com/en/products/thebat/ for my email app at work. It won't load any html pages or images without permission. Gmail http://gmail.com/ does the same.

Surely ...

[cj_goth]

I can't believe what Google did to Google Groups

I can't believe what Google did to Deja. When I needed web-news access (was without a machine at home), Deja and that old my-deja.com address did me fine for many a month.

Re:Surely ...

[macdaddy]

I never used Deja so I don't know what it was like before. It redirects to Google Groups now though. The first page looks normal but the following pages are completely useless. I don't know if you noticed the two ACs' comments or not but they pointed to Google Groups Beta and Google Groups UK as possible workarounds. There's a link at the bottom for Browse all of Usenet.... So the link to NANAS would be this. That also has set the option of "Viewing titles only." Boy, they really screwed the pooch on their newsgroup archive. I don't know what the hell they were thinking.

I still think I want a better newsgroup archiving site. I never have liked Google Group's searching abilities, or lackthereof. You can search for a string with a period it in, no matter how you quote or escape it. That's a real pain when searching for IPs or domains with common words in them.

Re:MIT Spam Conference OR IS IT?

[Bruzer]

From the link you referenced:

The conference is free, but please register if you want to attend.

We will send you a message containing a link that you can use to confirm your registration.

(Don't use an address with over-aggressive spam filtering set up on it, because if our message bounces you won't be able to confirm it.)


So we are supposted to register for a free conference, on a web forum where they will send us an email? Oh yeah and by the way use a real email address, we promise not to spam you.

What crazyness.

- Bruzer

my own spam test

[joel2600]

Using one of my domains, I use a different e-mail address for every form i fill out like xyzcompany.com@mydomain.com or xyzcheeseoffer@mydomain.com ...

using this method it becomes easy to determine where exactly each piece of e-mail originated allowing me to determine where spam was coming from. what really suprised me is that i never get any spam.

the only things i get spam from are the following

-domain registrations
-offers from companies that send you e-mails because you signed up for their support forums, etc. or are an existing customer of them
-guess e-mails (ie. sales@ support@ webmaster@, etc.)

the worst spam comes from the free ipod offers and things like that online, even if you opt out of everything they will still send unsolicited e-mail directly from 3rd parties so you really have no idea where it originated, and the only way to opt out of the e-mails is to find the website of the place that originated the offer and find an unsubscribe page (not listed in the e-mail) and enter in the e-mail address you used to sign up for the ipod or whatever in order to stop all the other unsolicited crap.

i use different e-mails in newsgroups and all sorts of public forums all over the internet and have never had any of them phished.

in conclusion, if anyone wants to try this, you'll see that spam is a lot easier to stop than you think, if you know where it's coming from, you can stop it, and i've never not been able to unsubscribe from anything.

maybe some other geeks will get some ideas off this as well. and if the people running this spam test wern't doing this sort of thing, then i hope they had some way of differentiating where the mail came from (i haven't read the whole article yet)

hope this helps someone

Oh come on, We are geeks. This is simple:

[5n3ak3rp1mp]

1) Use a long email address that is difficult to brute-force
2) Only give it to real people
3) Use a mailinator address for online registrations and whatnot where you have to read a reply.
4) For those sites that force you to reply from a real email address to complete registration, use a spam webmail address.

This has stopped almost all spam from bugging me.

Anecdote: My first email address ever was from Cornell in 1990. Cornell has a policy that lets you keep your email address for life by setting up an auto-forward after you graduate. The irony is that Cornell, back in the days before spam, unfortunately picked an address format (initials+number@cornell.edu) that turned out to be easy to brute-force, and that I've since had to turn the auto-forward feature off due to too much spam, defeating the purpose of the "lifetime email address". oh well...

Re:Oh come on, We are geeks. This is simple:

[kencurry]

Okay, I admit I'm not a legit geek; here's what I don't get:

1) you are johnjones@mydomain.com
2) you want to order from amazon, and want the email confirmation.
3) if you give dummy@mydomain.com, which you filter at the hosted server, you won't get your comfirmation unless you are checking out the "dummy" filtered box.
4) how is this better than having a good filter on johnjones@mydomain.com, and just giving that to amazon in the first place?

or I am completely unclear on the concept of what you mean by "mailinator address"

Re:Oh come on, We are geeks. This is simple:

[5n3ak3rp1mp]

Go to mailinator.com. You'll see what I'm talking about. Scenario:

You tell Amazon that your address is kencurry@mailinator.com (no need to register at mailinator.com, just do it)

Amazon sends you email, like a confirmation email.

You head on down to www.mailinator.com, enter "kencurry" as the email name to check, and voila! there's your email. Check it and forget it. Inbox stays clean. Mailinator holds emails for a few days but eventually deletes them.

U.S. Bank

[AmberBlackCat]

Check out U.S. Bank's Unsubscribe page. Basically what you do is click no on everything, put a checkmark in the checkbox and click the submit button.

The interesting thing is it asks if you're 13 years old or more. If you choose "No" then it won't let you unsubscribe. So if you're under 13 and truthful then there's no way to stop getting mail from them. And one could argue that no 13 year old has a bank account but then, why would they ask the age?

I just thought that was interesting.

Fighting spam with more spam

I think in this case attack can be the best form of defense. We know that certain IP's are legitimate in the address headers.

Correct me if i'm wrong but the email headers correctly display the orriginating IP address for the spam. What if we had a program that would, once it had determined that the email was spam, would periodically spam/ping/??? the originating IP. If everyone used such a program, as the amount of outgoing spam was increased, the amount of incoming activity would exponentially increase at some point either bringing the compromised machine to the attention of someone or simply just bring it down.

Even if some of the IP headers were spoofed, the last legitimate IP in the chain of IP's would be the 'closest' compromised machine and this in turn could be targeted.

Actually...

[Adam+Heine]

...I know the web address for a secret no-spam list that the spammers don't want you to know about. If you enter your e-mail address onto this list it will automatically unsubscribe you from spammers' lists around the world. You may never receive spam again!

To receive this URL, just send $5 to aheine@hotmial.com using Paypal, and within 24 hours you too can be spam-free!

AT&T

[wk633]

I have gone through AT&T's unsubscribe process many times, to no avail. Even though they tell me they'll stop sending me 'promotional' email, they still do. I have reported it to the FTC, and am planning to take my service elsewhere.

The FTC did reply to say that not unsubscribing someone, even if they are your customer, is in violation of CANSPAM. They were less than clear as to whether or not they'd actually do anything about it.

Re:AT&T

[Mage99]

What service are you trying to "unsubscribe" from just out of curiosity?

Re:AT&T

[wk633]

I should have clarified, I am an AT&T wireless customer (now Cingular, we'll see how that affects things).

AT&T Wireless gives the option of not receiving offers and promotions. I was 'in the system' as don't contact my any way shape or form. But, at least prior to the merger, every month or so I'd get an email from AT&T wireless hawking new ringtones or other 'offers'.

In any case I'm planning to switch to Verizon because AT&T's coverage in this area (Santa Barbara CA) sucks. The fact that for close to two years they have not honored a simple "don't send me offers and promotions" request doesn't help.

Re:AT&T

[Mage99]

I'm sorry to hear you had this experience. It may be that the former AT&T wireless used some third party e-marketing companies to send those emails and frequently these types of companies, although they claim legitimacy through selling their services to bigger "name" companies also use the same "modus aparendi" of spammers i.e. not honoring removal requests. Often the larger company doesn't closely monitor the "service" they've purchased and the e-mailer operates with impunity. Also make sure when you sign up for any service you buy to carefully read the "terms and conditions" that are part of your agreement. Most big cellular and ISP type services include a caveat that says in effect "if you establish a business relationship with us you agree to our right to send you messages about further offers etc". This is essentially their license to send you this email i.e. "you agreed to it"...lol They often will still have a way to request out of these emails but honoring those requests is a different matter as you are well aware by now.
This has happened to me as well so I feel your pain, hopefully you won't have this problem with your new provider :)

Re:This is a surprise? Look they've read the spam!

[Mage99]

Well, if you read the article on Salon they say:
"The U.S. Computer Emergency Readiness Team (US-CERT) warns that unsubscribe links are "often just a method for collecting valid addresses that are then sent other spam." The FTC has sent warning letters to at least 77 marketers for their failure to honor unsubscribe requests.

Sure, a few spammers might take your name off to avoid trouble. But to most, you're merely confirming that they've found a live one. Next thing you know, they'll have sold your e-mail address to other spammers as "validated" -- or, in other words, ready for spamming."

Why would a spammer ignore a "good" address?
An ethical business would remove you when you click on these links but then spammers aren't ethical.

Hey thanks for the SPAM

Like those full page banner ads. ... Sorry, I didn't RTFA...

opt-out options are often here for the appearance

It's funny how one of the two major providers here in France (Wanadoo, to name it), which is supposed to be a serious source, though commercial, won't let you unsuscribe from their news/offers mailing list even though you follow their opt-out prodedure.

Here and there I've encountered similar issues with various websites that are in no way related to spam. They would just keep sending you their mailing list / special offers even though you clearly asked them not to bug you anymore.

Based on that experience, opt-out options seem to me to be here for nothing but the kick in a whole lot of cases. Hopefully I learned how to make a good use of hotmail adresses and mailinator.

More Spam

[EGaming]

Clicking the unsubscribe links is actually worse. Not only do they ignore your request to be removed from the list, but they now know you check that account.

And any geek who has

a mail client that displays external images isn't a geek.

Alternatively

[theonetruekeebler]

Maybe being on too many unsubscribe lists flagged his address as a spamtrap. This supposes better coordination between spammers than may exists, or course, but I sure wish it would happen to some of my accounts...

Once an address, ALWAYS an address

[zrk]

I have an account at my university that I used when Usenet was the thing, aka 15 YEARS AGO. I never played with it outside of there, and I used to have a few thousand emails waiting for me every few months. Only recently did I forward everything to /dev/null.

More recently, I returned to a consulting job I had left 6 years prior, around the start of the WWW days, when Usenet was pretty much the big thing. I re-opened my closed account, and received 50 spams within 30 minutes. Eesh.

My addresses were obviously harvested from Usenet archives (or maybe groups.google.com, but I digress). I pity the people who buy these 'guaranteed' lists of email addresses, expecting all addresses to work.

Re:Once an address, ALWAYS an address

[Joel+from+Sydney]

I pity the people who buy these 'guaranteed' lists of email addresses, expecting all addresses to work.

Sorry, but I have to ask. Why do you pity them? They're just going to spam you.

Take advantage of an open system

[t_allardyce]

Set up your mail to automatically look for 'opt-out' links and access them - and even fill in the form automatically - now for the bonus, if you get any mail from that place after 24 hours your program should hit the opt-out 10 times with 9 non-existant email accounts, if they still dont stop mailing you you keep doubling that 20, 40, 80 etc. If they are infact using the opt-out form to check if your account is real/read then they will start trying to spam all the other accounts (that don't exist) too. By even having an opt-out link that takes you to a web-page they are giving you an open door to hit them with, take advantage of it and kick them in the balls.

I *almost* don't get WHY they won't remove me...

[runamok1]

If I am irritated enough to want to be removed from their list, then that pretty much indicates I hate them, their pets, their extended family, etc. and I am not going to buy:

• Bolexes
• "Penis Extenders" (from the article and I *DON'T* want to know what that is!)
• Soft-Tab whateverthehells
• V!@G4rA
• etc.

I mean it costs them nothing (essentially) to spam me but it seems that it would still benefit them to say:

"hey we have a strict unsubscribe policy, so if someone's address is on our list, they LOOOOOOVE to get ads in their inbox".

Reading the article, it seems to imply that the "affiliate" gets a cut when a product is sold. Not just because an email was sent. So once again, why persist in sending me email that will NOT get them a sale. Just because they hate me?

It's funny, because I have two email addresses that I've had since about '94' and I get SCADS of spam. It got to the point that I started clicking "unsubscribe" as well... More or less out of desperation even though *I* should know better as well.

Free e-mail services that support POP?

[sean.peters]

This sounds like a great plan, but where do I find a free service that lets you do POP? Yahoo, Hotmail, and Gmail don't. Sean

Re:Free e-mail services that support POP?

[La0tsu]

Softhome.net does.

Re:Free e-mail services that support POP?

[Kusuriya]

umm take another look gmail does for free you just have to wait till the feature gets rolled out for your account age Hotmail does if your willing enough to make a sacrifice and use outlook express yahoo does if you pay for it softhome is a free email account that lets you use pop hotpop used to im not sure if they do any more heh but thats a sapleing

Re:Free e-mail services that support POP?

[amw]

As has already been pointed out, GMail does. For those without access ... firstly, my sympathies; secondly, MyRealBox, run by Novell as a testbed for their mail systems, at least used to and probably still does offer POP3 access.

Re:Free e-mail services that support POP?

[ostermei]

Actually, Gmail DOES allow POP access now. I'm not certain if it's available to everyone with a Gmail account or if they're randomly allowing accounts access to it for testing purposes, but a couple weeks ago I logged in and there was a link on the page about POP access. If you've got an account, you should be able to check it out under Settings -> Forwarding and POP

Re:Free e-mail services that support POP?

[TCM]

Make yourself independant from other's skills and services:

1) Get a line with a static IP address
2) Use a domain reseller that offers to setup a hidden primary DNS setup, e.g. 2 of his name servers are officially registered for your domain but your DNS master on your static address feeds them the zone.
3) Setup your own mail server with unlimited local parts, unlimited subdomains etc.

Two words

[sean.peters]

"Dictionary attack".

It is simply a matter of keeping your address clean. The only way spammers can send me mail right now is if they brute force my email address, and that doesn't happen very often.

It only needs to happen once. Then that email address is screwed forever. It's happened to me, even though I've practiced good e-mail hygiene all along - and I can't easily change the address.

Sean

I'd watch the damned ad, if it had let me!

[Reziac]

I dunno, but I had a similar issue in my preferred older Netscape (javascript disabled) -- no way to just view the damned ad and go on by to the content. It was subscribe or nothing. I chose nothing, in the hope that some kind soul would post the content here. I wouldn't have had a problem with viewing a plain old text ad on an interstitial page, but this must have wanted to load something I don't use. Telling me my browser isn't good enough to view their ads is adding insult to injury.

Re:This is a surprise? Look they've read the spam!

[prshaw]

>> Why would a spammer ignore a "good" address?

My point is more the other side of this.

Why would a spammer care about a "good" address?

It costs them nothing to send a single piece of spam to an address. (or a 1000 to the same address)

So they can do more work and "verify" good address, or do nothing and use them all.

The "good" addresses are worth nothing more then the bad ones, so why seperate them out?

Joke?

[dingd0ng]

Is this a joke? I expect this question from my mother who knows basically nothing, not from slashdot editors who know...uh, never mind.

Qmail extension Addresses

[PhYrE2k2]

Always use extension addresses in qmail when publishing your e-mail. username-SD@domain.com goes to username if there's not a user by that domain. Then you can easily block that domain. Anyone with questionable policies should indeed have an extension address. -M

Re:This is a surprise? Look they've read the spam!

Look at it from a business perspective. Spammers sell address lists, right? Now don't you think that a list with 100% verified valid addresses would command a higher price? Your address is worth more money if you validate it with the unsubscribe links.

Do Colour Contrast Links Stop Blindness?

http://shit.slashdot.org/article.pl?sid=04/12/15/1 519257

Unsubscribe confirms your email-id

Some spammers use "Unsubscribe Link" as a mechanism to verify the validity of the email addresses.

Also the URLs for images in HTML emails are tailored to confirm that you have actually opened the email and your email-id is valid.

--
Anand Babu

I used to click unsubscribe...

When you think about the motive behind SPAM the action of unsubscribing shows that the SPAM has worked - you had to read the SPAM to find the unclick button.

-- The Pumped Penis

Incorrect. Gmail does POP.

[EvilAlien]

What's new on Gmail?

Free POP access
Download your messages. Read them offline. Use your Blackberry or Outlook or just the good ol' web.

Doubly paranoid

If you're really interested in not pulling 1x1 tracking images and the likes, you could just set a firewall on your machine to block your mail app from talking to anything but the mail server...

Do that, and spam emails can then request all the crap they want - they'll just get dropped without them going anywhere.

Maybe it is your browser

I watched the ad twice using Opera, when I got back to the article it still told me I had to register or view an ad to see the whole article. Then I decided to try with Firefox and it worked. You might need to use a different browser.

Getting Better

[cyberformer]

I love GMail's filter. It gets the occasional false positive, but only from mailing lists (mostly at yahoogroups) that I actually did subscribe to. Actual personal mail always gets through.

And the filter is improving. I have another email account that's set to forward all messages to GMail, which means a lot of spam gets forwarded too. I've never actually marked any of it as spam in GMail, because it all appears to come from me (my other address) and I don't want to report myself as a spammer. But about a week ago, GMail starting accurately filtering that mail too, even though the spam and the real email all has the same "From" address.

It also has a link to a warning page about phishing whenever an address looks spoofed, which is nice.

They Don't Know That

[cyberformer]

I often read Salon, but always look at another tab (or work in a different app window) during the ad. The advertiser doesn't know, so Salon still gets revenue.

The thing to watch out for is sound: Some of the ads have audio, so you need to mute your speakers before visiting Salon.

no, no, no you have it all wrong..

[adeyadey]

When you recieve spam, do not click to remove..

What you are *supposed* to do is click on the "yes I want to buy it" button. Then go to the web page and fill in a credit card (any numbers will do), or dig out an old cheque book from your attic.. :-)

easy solution

any emails identified as spam get sent back to the sender. If spammer doesnt exist then thats ok because joeUser who is too ignorant to keep virus's off his computer will be shut down, as will ignorant sys ops who cant control their mail servers. Take out the zombies!

Re:So you dont have to watc [for Moderators]

[DaoudaW]

Please mod parent -1 redundant & -1 illegal

Why not take a more simple approach?

[Ash-Fox]

The best filter: Filter the word "Unsubscribe", it filters out most of the spam I get.

Dictionary Attacks

[0111+1110]

I use that method too. If I get so much as one spam per month, I switch the address. But I have gotten nailed by dictionary attacks. You cannot use a common name or any word that would appear in a dictionary.

Download list?

[Jesus+IS+the+Devil]

So, basically by joining that blackmarketmoney site, you get to download a whole list of active email addresses?

"Oh please don't rob that guy, even though he's got money. Here's his address so please, don't go by there ok? *wink* *wink*"

Alternative approach

[bhmit1]

Submit a request for their mortgage (or buy the rolex)...
51992019 times (at last check)...
with a made up name...
and the phone number and street address of the FBI office in NYC (or maybe CIA or NSA)...
and the email address of their hosting provider's abuse department...
I'm sure they filter it out, but if enough geeks "validate the quality of the company we wish to transact business with" using, say, apache benchmark (ab), then the bandwidth costs and CPU time they have to spend on the constant flood will re-balance the cost effectiveness of spam.

Yes, it's basically a linux version of the Lycos screen saver that doesn't care if the spammers site is DoS'd.

Then again, constantly having ab running could be the cause of the sizzling sound that was made by my cheap switch right before it died.

It's right there in their slogan!

We're Microsoft: Your potential (to receive spam) inspires us to create software that helps you achieve it.

TID, D&B,

[KMSelf]

There are several, of which Taxpayer ID and Dun & Bradstreet (DUNS) numbers are the two best known, and cover either all registered corporations or the bulk of major US businesses (2.7 million per research). As business incorporation is handled at the state level (in the US), there are probably state corporation numbers as well. There's also the UNSPC, through the United Nations.

As you point out in a followup, there's no requirement that such identifiers be used in advertising, product packaging, or other communications. Sure, that would be somewhat useful, but....

...there are huge numbers of organizations not covered by such regimes (think sole proprietorships (my TID is my SSN)), overseas companies, and/or illegal operations. Believe me, as someone who's worked extensively in data tracking, the task of identifying and assigning IDs is decidedly nontrivial.

The other problem is this: IDs are cheap. It's trivial to generate various forms of identifiers, and even incorporating is a relatively minor expense against the possible benefits of such actions. Look at the huge number of corporate shell companies, particularly operating out of offshore "safe haven" states such as Hong Kong, the Bahamas, etc.

The problem of tracing corporate relationships and holdings is decidedly nontrivial, and is a major field of law practice. D&B do claim that D-U-N-S tracks families of companies, no idea how successful they are.

Re:Do Unsubscribe Links Stop Spam?

in my experience, youre a fucktard

Special look-up tool?

Does anyone have an idea what was the "special look-up tool" he used to find the other domains hosted on the spammer's server, that eventually led him to blackmarketmoney.com?

Polluting Phishers' databases

I'd wondered about doing this to Phishers, only their software has got a little more intelligent recently and now does things like checksum checking on credit card numbers. I'd have to be able to create random credit card numbers with valid checksums to get past that.

Would a Phisher's database be so much less valuable if badly polluted? Would a software package to allow many people to automate the process be of use?

Unsub the level 1 ISP

[herbierobinson]

The only thing I ever put in an unsubcribe link are the ARIN e-mail contacts for the level 1 provider for the unsub link.

I get no spam *ever* thanks to multiple aliases

[xaotica]

My wonderful webhost (like many others) lets me have as many email aliases as I want. So every time I sign up for something online, I just use a form of whatever I'm signing up for (kim4abcwebsite@mydomain.com).

That way, as soon as I get my first spam, I can:
1) Kill the alias
2) Reliably report the offender, since I know that there's only 1 website I ever gave that particular alias to.

It's beautiful AND educational.. for example, I never would've guessed that the NY Times would be sellin' me.

(I know that a lot of you are already well aware of this tactic, but judging from previous responses, there are still a few who are not.)

Unsubscribing disposable addresses

[hadaso]

I would expect an address that receives lots of "spam" due to agreeing to get ads many years ago to drop in spam level due to massive unsubscribing. I would say that most of the commercial email received on such an account may be considered solicited as probably the recipient has agreed many years ago that the adress be shared for this purpose (I still remember myself thinking many years ago: "cool, if I check this box I would get even more info on this from sources I don't know about!" - spam was not a problem back then).

So it might be that an address was shared with many senders of commercial email that are "legit" and would honor an unsubscribe request.

On the other hand, the behaviour of a single email account at a specific short time cannot serve as evidence for anything. I've seen great fuctuation in spam rates received at some of my accounts, with no technical changes on my side (including my provider). It seems more like the particular spammers that have my address. One week they have "good business" and send lots of spam. Another week they have "bad business" and send little spam. Spammers don't sell spam for free. They only send it if someone pays them to send something. If they don't have a customer that wants something to be sent, you don't get their spam!
About unsubscribe links: I tried "unsubscribing" disposable addresses (usually of the form spammer19dec04.erase.hadaso@spamgourmet.com) and I never got any spam to any of these addresses. I only once got spam on an address I used to forward "funny stuff". I got many spam messages to addresses I posted on online forums or other online places. (and if you want to receive spam, the best way is to post it on slashdot. Much faster response than posting on "whois" for your domain, or any other online forum I tried. Don't do it to train your filters. every email address receives quite a different blend of spam, depending on the ways it was exposed, so to train your filter you better use only the spam and ham you receive on the account you want to protect, and if you can do it separately for email you receive at different addresses you should get better results).