Spammers on the Run

ericald writes "An interesting update from Blue Security, the group that introduces the Blue Frog initiative to fight spam, claims that during the past few days at least one spammer had frequently deleted domains he owned as a result of their system. In another update in their blog they report they have already recruited over 21,000 users. It's about time spammers start feeling the heat! I'm just surprised they show results so soon."

Spammers fate

[bigwavejas]

Spammers must realize by now they run an awful risk by having their true identities tracked down and then posted for punishment. It won't be long until search engines (Google, Yahoo, etc.) start compiling results for them such as, "Mr/ Mrs X Illegally spammed millions of people." Employers certainly will rethink hiring someone with such tainted credentials. It just isn't worth it nowadays to harass people with unwanted/ unwarranted emails. This is a resounding wake-up call for these cretins to rethink their ill-fated profession.

Re:Spammers fate

[SFalcon]

When the spammers can afford to pay $7m to Microsoft, I don't think they need to worry about being hired by anyone.

Re:Spammers fate

[KiloByte]

Not really. The notoriety will give them some fame, and tell potential advertisers that those spammers know how to send spam in really large amounts.

Re:Spammers fate

[Dunbal]

Employers certainly will rethink hiring someone with such tainted credentials.

      I know we're living in the era where corporations and employers believe they have the right to do anything they want. But while refusing to employ someone on hearsay is within an employer's rights, there's a chance of shooting yourself in the foot and actually hiring the guy who was smart enough to cover his tracks, rather than the silly, average person whose box was "owned" and spammed without thier knowledge.

      Oh but we all know that search engines are infalliable and are the best way to screen a potential employee, right? Come on. If I can steal your identity and borrow money in your name, how hard can it be to spam in your name? Frankly this would not be an employer worth working for.

Re:Spammers fate

1. In many jurisdictions it's not illegal to send unsolicited bulk email.
2. Most employers wouldn't think twice about hiring spammers. Why would they care?
3. It _is_ definitely worth it nowadays to harass people with unwanted email messages. The return on investment is enormous!

A resounding wake-up call? I don't think so.

Re:Spammers fate

[tacocat]

I dunno.. If I was a greazy marketing type I would love to find someone who was a greasy as myself and this kind of Google information would be perfect. And you have a hard time using the word illegally on any of this since you would have to have proof. How many spammers have been convicted?

Re:Spammers fate

[m2bord]

most marketing companies don't believe that there is such a thing as ethics and any method used to deliver your message is good so long as the ends justifies the means...ie..the message gets delivered.

spammers know how to deliver messages and are thus very hireable. plus...while we know who these vermin are...and the marketing companies/employers know who they are...john q. public doesn't know.

so what preventative is there to not hiring spammers?

and don't get me wrong...i detest spammers and report/fight them as hard as i can but i'm being realistic.

if the motivation to hire a spammer exceeds the potential downsides, a company trying to market a product or message would hire them in a heartbeat.

Re:Spammers fate

[xiando]

You are so right! "tell potential advertisers that those spammers know how to send spam" not only makes it simpler to get a job in related industries, but this is probably THE biggest client generator too. Hey, this guy managed to get is spam through my filter, heh, he must be good, eh? Why not hire him to send our company message to the millions, eh? aiiya, he probably makes this spam-advertised product sell, why not ours, eh?

Re:Spammers fate

[Dunbal]

that it must actually be somewhat successful,

      Of course it's successful. Any biological system obeys a gaussian or normal distribution. This includes patterns of behaviour in a population. There is always a bunch of people on the edge of this curve who will buy anything. The gullible, the impulsive, the mentally handicapped, the bipolars in their manic phase. If you spam enough people, you will hit enough of this extreme population to make a "business" out of it. What sucks is that the entire rest of the population who are not at all interested in the "product" will also have been spammed at this point.

      But the spammers don't care, all they want is cash. I wouldn't be able to live with myself knowing I did this for a living, but the spammers obviously have no problem with it.

      If the spammers were smart they would have a list of gullible people by now and target their population more intensly, to save on effort. You might as well bleed em dry, right?

Re:Spammers fate

[pete6677]

Most employers wouldn't think twice about hiring spammers. Why would they care?

Because somebody who has as little morals and ethics as spammers do will extend their beliefs into other aspects of life. A spammer wouldn't think twice about stealing from their employer if they think they wouldn't get caught. A spammer wouldn't hesitate to get the company in trouble over some shady deal if it means personal profit for them. When you hire a spammer, you can guarantee some sort of damage will be done due to this persons' complete disregard for other people. Some companies may not care about things like this, but many do.

Re:Spammers fate

[joto]

The "better" spam filters described by Graham are already getting pretty common in decent mail user agents. And yes, bayesian filtering works well.

However, it will not make spam unprofitable. To make it unprofitable, the costs of sending spam must be higher than the money you get from it. So in some way, we need to increase the costs of sending spam, or reduce profits.

The cost of sending spam is essentially zero. Sure, you may have to switch ISP once in a while, register some new domains, invest in some CDs with email-addresses, buy some software or consultants to infect machines, etc... But it really doesn't matter. Even with todays hostility towards spammers, the cost is still essentially zero.

The profits of spam is:

• price_of_whatever_you_sell * number_of_email_addresses * some_really_low_fraction

where really_low_fraction is the number of idiots who fall for your scam.

Bayesian filtering doesn't address either costs or profits. It does not make sending spam more expensive, and it does not change the some_really_low_fraction, because the idiots who respond to spam wouldn't be using bayesian filtering anyway.

So Bayesian filtering is nice for the end-users who just want to get through their mail, but it doesn't really help solve the problem of making spam unprofitable.

Re:Spammers fate

[Vlad_the_Inhaler]

In other words: the Microsoft approach is the best one. Go after the barstewards and make them pay.

Part of the problem is the legal framework, unsolicited mass mailing needs to become 'more illegal'. Paying someone else to spam needs to be targeted, if a company in the US pays someone in Uzbekistan to send spam, that company in the US has to suffer. Follow the money.

Blacklisting entire countries is a different approach, once strong anti-spam laws are in place in some of the main jurisdictions, recalcitrant areas can be *persuaded* to adopt/enforce similar measures by blacklisting. That blacklisting has to be done at the ISP level though, not by law.

Re:Spammers fate

[bluGill]

He can declare bankruptcy. However that won't matter much. Bankruptcy just turns your bills and assets to the courts. The court then decides how to pay your bills for you. First the lawyers get paid (of course), then all court judgments get paid, next secured loans, then unsecured loans. (I'm likely to have missed something in there) The court can sell anything (often with exceptions like your house, but this varies from state to state) to raise funds.

Bankruptcy isn't a free way to get rid of debts and keep everything you have. It is a way to start over from scratch. Own nothing, owe nothing, bad credit rating, but at least you are not getting phone calls/letters about bills you can't pay.

Beyond that, not all debts can be gotten out of. You cannot get rid of child support with bankruptcy. The court is unlikely to let your out of a judgment. You cannot get out of credit card bills.

If Richter can come up with 7 million he will pay, no matter what is involved in coming up with it. The question is can he then afford to pay off everyone else he owes?

Re:Spammers fate

[robogun]

But the spammers don't care, all they want is cash.

It's more than that. Everybody wants cash. But spammers are psychopaths who see themselves as more valuable than all other humanity put together, and do not care if the $1000 they earn by spamming actually costs others $1,000,000.

The world is much better off if they were locked up permanently or dead.

Similarly, any company which hires such people is probably also better off missing.

Re:Spammers fate

[Dunbal]

I don't know where you got, "Any biological system obeys a gaussian or normal distribution.

      Med school, biostatistics and epidemiology classes and years of experience dealing with biological systems like "human beings"? There may be a few exceptions, but as generalities go, it's a pretty fair statement. We are all somewhere on the Gauss curve. Most of us are in the middle.

      In fact, central tendency is so strong we even look for it instinctively. Why do you think that people gamble, or play the lottery, knowing that their lucky number just "has to come up" because it has been so long since it hasn't? Sometimes it's hard for us to recognize independent events for what they are because of this "built-in" bias we have.

That's funny. I'm still getting spam.

[bigtallmofo]

I'm amazed at Blue Security's success. They've gotten a few spammers to shut down a few domains.

The odd thing is, I'm still receiving as much spam as I've always received. No matter how many tens of thousands of users they sign up for this process, I fear this is going to be a very small drop in a very large bucket.

Re:what do they do?

[shawnmchorse]

I actually sat through a Flash animation because I was wondering what the heck they did. And... I still don't know.

Running out of hiding places

[Iriel]

I liked the mention of the domain registrar taking up a zero-tolerance policy after the spammer shut down their domain. I'm starting to think that with more people around the world getting online, more people around the world are getting sick of spam. This could help us eliminate some of those off-shore servers that spammers love to hide behind.

Give everyone in the world email for a week and then see all the government action we desperately crave ;)

Nibbling

[dal20402]

This is nibbling around the edges, but nothing else is possible, so we should keep doing it.

Sue/fine/arrest/jail spammers? They'll move abroad where we can't find them.

Get a legal framework that will be enforced in all the countries connected to the Internet? Good fscking luck.

System Requirements?

[Grimster]

I just hit the "join beta" link and didn't fill out the form, on the page you signup I see:

System Requirement

Windows 2000/2003/XP

Ok so I'm out, last windows I read email on was Win95 or maybe Win98, some bullshit virus or another screwed me over, I ain't "done email" on Windows of any type since. Oddly enough, I haven't had any viruses, spyware, adware, or malware since then either.

So while I applaud efforts to reduce spam, efforts that requre Windows seems silly at best and are efforts I can't join in on. Even my wife no longer reads email on Windows, the last time her Windows PC slowed to a crawl due to spyware instead of spending 3 or 4 hours googling for the latest cleaners and finding out what new and not at all entertaining spyware she had, I said "fuck this' gave her my new and as yet unpacked Mac Mini and she hasn't had any spyware problems since. Ripped her PC apart and installed Linux on it to replace my laptop as my main "work" pc.

Re:Anti-Blue Frog

[darkmayo]

Personally I think the "worst kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them. I dont think DDOSing some spammer pricks domain is that bad if you compare what could happen to these people.

Realistic View?

[Saeed+al-Sahaf]

I'm sure all the Chinese, Polish, and Russian spammers are shaking in their boots. For them, there will never be a solution other than IP block banning and similar measures. If you have the time and energy to waste on "dealing" with this group, more power to you, but I'm done even thinking about them.

Re:Realistic View?

[Rev.LoveJoy]

I think by and large most corporations are taking this tack in dealing with spam sent to their MTAs. If you do not do business with that country, ban their IP block. This is an inexpensive 100% solution to spam from overseas.

Public ISPs, universities and government centers do not (and can not) take this route. So these orgs must take another path towards dealing with international spam.

Filtering works. Greylisting works. These technologies help a great deal against the zombie armies everyone said would be unstoppable spam sources.

I am glad you have a solution which works for you (and to some extent, I agree with your soultion), but I would hate for the balkanization of the Internet to come about due to the misbehavior of a few rotten apples. I think there must be a better way.

Cheers,
-- RLJ

Re:what do they do?

Third:

floods the internet backbones with even more traffic. Good or bad

Re:Anti-Blue Frog

[RealAlaskan]

Personally I think the "worst kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them.

Isn't that spelled ``best''?

Seriously, the grandparent post refered to this as a DDOS. If the spammer sends me an email, he's certainly got no right to complain if he gets one back. If he gets enough back to shut down his website, well, he shouldn't have sent so much spam, should he? My understanding is that Blue Frog tries to send an unsubscribe message for every spammed address (their website is slashdotted)? If so, the spammers have already announced their willingness to get that message, and it is obviously legal.

Re:Anti-Blue Frog

[darkmayo]

I dont recall saying I advocate this type of action at all but considering people have been beaten or killed for less I could see this being something that may happen.

Spammers arent unreachable targets either ,they are surrounded at all times by security or bodyguards (well maybe a paranoid few are) they are average joes for the most part how hard would it be to stalk one of these people beat them down and get away with it.

Re:Anti-Blue Frog

[Axess+Denyd]

So wait.

Every single person who responds to spam replies to it, and it is considered a DDOS?

Hmmm, if every time I got an advertisement in the mail I drove down to the store to complain there wouldn't be anything wrong with it.

Same with the Lycos thing. I don't consider it a DDOS. I consider it responding to an advertisement.

Re:Anti-Blue Frog

[Dunbal]

LOL!

      Stands to reason that you got modded Troll. I mean, what kind of person stands in front of an angry lynch mob and says "now now, don't you think a few hours of community service would be more appropriate?".

      I understand your reasonable view. Killing someone for spam is not an alternative. But this is not the time or place.

      (Grabs pitchfork and torch again and resumes up and down motion).

      "Yeah, burn the spammers, burn em slowly!"

Kill profits by consuming resources

[G4from128k]

Blue Frog is effective because it consumes spammer's resources -- it raises the costs of being a spammer. Spam filtering does not reduce spammer's profits in that the same people that filter spam were never likely to visit the spam site and purchase. Filtering doesn't change spammer's revenues or costs.

In contrast, a bot that visits a spammer's site consumes the spammer's valuable resources in far greater amounts that is consumed by the original spam e-mail (spam emails often being under 10kB and sent via low-cost zombies vs. 50kB or 100kB for most web pages begin hosted on the spammer's e-commerce site).

Re:Anti-Blue Frog

[Jim_Callahan]

One reply to a recieved spam is a deliberate attack now? I think that if you send out two billion e-mails, the only person making an attack on your web server is you.

Re:Excuse me...

[C0deM0nkey]

Bad points...

Did you take a look at the Blue Security site and see how their technology works? The spammers are not getting spammed in return...the Blue Frog program essentially sends an automated "Opt Out" to the spammers; if they fail to respond and the recipient continues to receive mail from that spammer then Blue Frog submits complaints to the MERCHANT SITE.

I would hardly call any of this vigilantism. One spam - one opt-out request. Continue to ignore those requests? Complaint to the merchant paying the spammer to spam.

Sounds like a great solution. I wish they made a linux client.

...then the government involvement will probably have a negative effect on all of us.

Some people would say that the "government involvement" has already had a negative effect.

Don't give it out...

[adnausium]

I kneow SPAM is a huge problem world wide. However i dont get why people dont learn from thier mistakes. In the late 90's I used to have tons of SPAM arriving in my inbox. Since then i now keep three email addresses; one for personal contact, one for doing online transactions and one for filling out online forms (like contests & website registration). Since then i have had no SPAM in my 2 main accounts and very little (cause im very picky about the places i register) in the account i do give out the address to. Im glad that there are businesses and government efforts to combat SPAM but some of the responsibilty can still be layed on the shoulders of the fools who continue to give out their address to every ipod give-a-way website they see. Come on people, wise up. Help these do-gooders help you!

Re:Don't give it out...

[SCHecklerX]

well, you must not have many online safe-computing-challenged friends then. Most of my spam is the result of my address being in a friend's address book when they get hit by a worm/virus/trojan.

I also run mail lists, which adds to this problem

But running my own server with mimedefang + spamassassin makes life somewhat like it was pre-1994.

Re:Don't give it out...

[HermanAB]

Yeah well, you are only considering your personal problem. If you own a domain, then that domain is subject to dictionery attacks. I receive hundreds of thousands of crap messages each day addressed to my domains. Only a handful of those have valid addresses. Also, if you run a business, then you have to have easily accessible addresses such as sales@, info@, hr@ and so on. Keeping crap out of those addresses is a huge problem. My mail server rejects up to 64000 crap messages per hour - probably because that is the limit - the max that the machine can handle...

Re:Excuse me...

[Tony+Hoyle]

i used to send a newsletter to roughly 500 addresses, some of which were opt-in and some of which were scavenged by other methods. As the merchant, I always took the "take

So you're a spammer. End of conversation. FOAD.