Slashdot Mirror
Spam is Back With A Vengence
Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before.
In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."
The problem with punishing the firms advertised is that it is very hard to prove. It could be that they hired an advertising firm which represented itself as legitimate. It could even be that someone spammed in their name to try and damage their reputation.
# cat
Damn, my RAM is full of llamas.
The thing that always bothered me about that skit was that the first two things that the waitress mentioned didn't have spam. Egg and bacon, and Egg Sausage and Bacon.
Maybe I think about this stuff too much.
Technoli
There's an interesting artical at Extreem tech about the wave of spam that hit us last year:7 ,00.asp
http://www.extremetech.com/article2/0,1697,206027
Most admins were able to find ways to eliminate that eventually: http://blog.fastmail.fm/?p=580
but now I notice a new trend. Some spammers are actually putting news headlines in the subject field.
On top of that the black hats are now finding ways to spam emule search results.
Every search you make in Emule will return a fake hit... something like *_using_emule_multimedia_toolbar.exe. If you exectute that program your machine will be infected with a virus.
Why not just block e-mails that contain .gif attachments?
640YB ought to be enough for anybody.
Who is even dumb enough to make their purchases based on spam mail. I mean, surely everyone must know what spam is by now? How can one be so dense as to trust a completely random, badly worded, illarticulated e-mail full of spelling mistakes from someone you don't know to make informed decisions about what stock they should buy?
It simply makes no sense to me. As long as people remain so completely clueless that they will fall for spam, there will be spam.
Are you referring to the pump in dump scams in which the company has nothing to do with the spam email, because I don't see how that's going to help them. It also sounds like a great way to limit your competition by sending spam emails on behalf of your competitors.
Just like with the war on drugs, eh? Yeah I see how raising the punishment really helps. No wait. Shit, it doesn't. I guess we're fucked now.
What I think would help is ISPs taking confirmed zombie machines offline. It's done in Sweden by some ISPs, and most people don't seem to have a problem with that.
I can go one better. 1-Charge the $0.01 (or $0.005 or whatever) per piece of email, prepaid.
2-When the email reaches the other end monies are returned to the sender. However, at the recipients discretion the postage return can be stopped.
The end result would hopefully be that spammers pay, optimally through the nose, and compliant users still get to use the system for free or next to free.
1. Satire: Perhaps the most confounding form of humor, note the subtle reference to the discussion embedded in a story about something else. This wasn't flaming slashdot, it was about how spam that appears to originate from your domain (but doesn't) can get you blacklisted by site admins as clueless as the moderators who flagged the parent as flamebait. Here is a good example of satire:
I'm sorry but your message from articles.slashdot.org was REJECTED because it has been flagged by our system as spam. You may not be the source of the spam, but our servers do not respect SPF flags and therefore accept, process and then bounce almost any old slutty slice of bits that get hucked our way. We blame you, the owner of the spoofed domain.For further reading, see the wiki.
2. Obligatory references to The Simpsons:
To get a hard copy of this message please send $1 to Happy Dude, 742 Evergreen Terrace, Springfield.Hint to poster: Next time, just go with the "overlords" joke.
3. Relevancy: Recent news stories highlight that most spam is coming from botnets under the control of Eastern European and Russian criminal organizations. Had you bothered to read anything on /. about spam prior to moderating just now, you'd probably know this. Hence the following is, in fact, funny:
Promotional consideration has been provided by the Russian Mob.Thank you for moderating today! We hope you enjoyed your crack!
Sounds to me like your pricing scheme is part of the problem.
GCHQ Quantum Insert installed. If only our tongues were made of glass, how much more careful we would be when we speak
Old fashioned 'pump and dump' scams were fairly easy to track, as they would go after the brokers who pushed the stock, and then it was a simple task to just follow the money. As we all know emails can be awfully hard to trace back to their creator.
I used to wonder why people would fall for such scams, 'how could they fall for these things time and time again?'. Well, a couple of years back I was having a conversation with a woman who was distressed that an 'old friend' of her husband had contacted him again. Apparently, this guy has sold (taken) her husband on a variety of pyramid schemes, 'mlm's, and many other 'get rich quick plans. Later, ss nicely as possible I confronted him on 'why' he let this happen. He was a little angry with me, but without any hesitation, he told me that 'one day it will pay off' That day I learned a little something about some people's nature. He knew that these were scams, but he worked them anyways. To the best of my knowledge, he wasn't a crook, and he never approached me with those affairs. So I'm guess that he had hoped that if he just participated, someone else would do the dirty work which would make him rich.
I suspect that the reason why these latest 'pump-and-dump' scams seem to work (otherwise why would you be seeing so much of it), is not action by those easily duped, but by those who hope that they could exploit the 'opportunity'.
The force that blew the Big Bang continues to accelerate.
That's a git if you're running a mailing list... suddenly you can't browse the web.
Yes. The fact that modern spam is unreadable garbage is a huge win for us, the good guys. It means that to run an effective spam campaign you now need to to spend say 10 million spams instead of only one. The success rate is way, way lower so you have to bump up the volume to get the same hit. If it weren't for botnets, spam would probably be on the decline by now because simply delivering the quantity of mail needed would be impractical. Unfortunately we do have botnets, so all we see is the same amount of spam, but more nonsensical. Still, if one day we can solve the botnet problem, it means the spam problem will largely be solved at the same time.
Viagra, and its competitors Cialis and Levitra, are all prescription drugs. Presumably, a lot of people either want to use them but don't actually need them, or are too embarassed to go to their doctor and admit they can't get it up. Buying online is anonymous and there's no risk of anybody finding out. You can't buy them from legit sites because they are prescription, so spammers mop up the black market. We could probably halve the volume of spam tomorrow by making Viagra non-prescription.
As to why people buy penny stocks on the advice of spam, well, I guess they are just morons.
What we need is an update to the SMTP protocol to address spam. It's clearly broken.
Greylisting helps, but not much since most spam is retried multiple times.. when I tried it the volume of spam didn't drop by more than a few %, and I lost quite a bit of legitimate email (MS Exchange servers mostly as they treated the nonfatal error code as a bounce).
The biggie for me is sender verification (in postfix, probably in other MTA's too) - the MTA looks up the MX for the sending domain and basically says 'do you know who cheapviagra@foo.com is?'. This catches over 80% of spam before it even reaches the server (only a few headers are sent). Spamassassin mops up the rest.
Even that has false positives (cisco for example send out emails from bogus email addresses). There's no perfect system..
We have no way of knowing how many legitimate delivery failures are caused by greylisting. That's because, as the parent points out, messages are rejected a priori and there's no quarantine to check. If you reject and for whatever reason it is not retransmitted, your mail is lost. Maybe this "shouldn't" happen but it does, and it happens often enough that it is not entirely obvious that its false positive rate is less than that of a spam filter.
It is also trivial for a spammer to defeat greylisting. Perhaps they don't at this time, but at any moment they could flip a switch and render your approach useless. Contrary to popular belief, state-of-the-art spam filters aren't so easily defeated.
Blacklisting doesn't suffer from the immediacy problem of greylisting, but it shares the problem of an unknown false positive rate, and mediocre false negative rate.
I know of no good ISP that bans such servers. Nor would I use any that did - that's retarded... I'm paying for the bandwidth and it's mine to use.
Consumer grade DSL is much faster than the servers that used to run ISP email systems just a few years ago - there's really no need to pay for expensive hosting unless you're a company needing 99.9% uptime. I do have hosts for some stuff but only that for which the bandwidth requirements exceed what DSL can provide.
no not like the war on drugs , there we are mainly jailing low level dealers and end users #3 above, and let's face it there are a lot of people who want drugs( wheather we like it or not) . Nobody wants spam (except the spammers).Spam is attacking the very fabric of our society(the internet), do we let the few (spammers) destroy it or do we punish those who try.The war on drugs is not popular for several reasons ,no one in their right mind objects to removing murders ,rapists and child molesters from society , although some on moral grounds prefer long prison sentences to the death penality.
I know of no good ISP that bans such servers. Nor would I use any that did - that's retarded... I'm paying for the bandwidth and it's mine to use.
If ISPs had outbound port 25 blocked by deafult but allowed users who wanted it to turn it on zombie spam would be substantially reduced.
Well, one can only hope that this leads to some wider sweeping reforms, because as it stands now, the market is way too influenced by widespread fraud and insider trading. It's not anywhere close to being a legitimate market, it's more like a casino where a few favored gamblers get the nod, and even fewer just get lucky, and the rest lose, and maybe this wave of spam will spur some real change on the law enforcement side.
Or maybe mail servers will just start rejecting all binary attachments.
These are my friends, See how they glisten. See this one shine, how he smiles in the light.
Or you can simply block all outbound port 25 except to very specific mail servers. Cox does this. At first I was a little miffed but then I realized it makes sense. You can still send mail to anywhere you just need to go through their mail server. So if you are running your own SMTP you simply set (for example) smtp.east.cox.net as your smart host and be done with it.
This way you stop most of the mass mailing trojans because they'd have to be smart enough to use the right smart host. Then, even if they do get smart enough to do that cox still has their mail server's log so they can easily show what went out.
The only wrinkle in this is a road warrior who wants to authenticate to his company's mail server so the mail appears to be coming from there. That is simple actually. Simply run a mail submission agent (MSA) on port 587 and reconfigure the clients to use port 587. An MSA only accepts authenticated connections.
ok the problem is that people/people worrying about spam are not publishing callerid and DKIM in DNS
before we blame ISP's for not doing it by default we must (those people who read slashdot) ask out hosts to do it
make sure we have done it for our domains
ANTISPAM NEEDS YOU
simple
if you send mail from a domain make sure it has a callerid and if possible use DKIM
ISP's who sell domains and put a MX record in by default Without at least a callerid record are wrong... lets correct ours and then ask them to correct theirs
spamassassin can check SPF and DKIM so enable it NOW !
regards
John Jones
p.s. setup yous now
Microsoft callerID and exchange/outlook resources
Kerio CallerID check to help chek your setup
yahoo resources on Domain Keys and setup for various MTA's
Yes. The key point is that there aren't that many spammers left. The number of different spams, and especially the number of different stock spams, is quite small.
What's needed is to push on the SEC to find out who's behind the stock spams. They can do it. The number of people buying those penny stocks before the spam started is tiny, and following the money will eventually lead to the spammer. Yes, they may be working through intermediaries, but that's what FinCen and the money-laundering people trace all the time.
For the SEC, this is a low priority. They have scams in the billion dollar range, like Enron, WorldCom, etc. to deal with. The typical stock spam makes the spammer a few thousand dollars. The problem is the collateral damage from the spams, not the investment fraud.
A big problem with most spam filters, especially the open source ones, is that they're single user. They're trying to work out from the content what's spam. Systems like gmail (and Spamcop before IronPort bought it) look at spam addressed to a large number of addresses. When roughly similar material starts showing up at a few hundred different addresses, the probability that it's spam is very high.
Here's a thought. Mail servers should, on receiving an SMTP connection from an IP address, probe that IP address to see if it's a Microsoft consumer-grade operating system. If so, reject the connection. That would put a dent in the zombie problem.
I have yet to think of a way for spammers to defeat this scheme and the cost to legitimate mail is a 10 minute delay the first time someone sends me mail.
But you are practicing "security thru obscurity". As soon as such goes mainstream, spammers will experiment and adjust. They can work all day on the problem because it is their "job", you cannot.
In fact, they probably hire armies of engineers who work for peanuts in Timbuktoo. The same forces that are offshoring techie jobs is making spam practical.
Table-ized A.I.
Wow. Commercial standards in the software industry are real crap if that's how you think about this. Fact is, the guy bought something that was advertised as doing X but when he tried to use it, it was totally broken. He does have a right to be mad. It's just like buying something and finding out it's shoddy garbage that breaks the moment it's pulled from the box. There's even a whole industry of consumer quality research grown up around the idea that you should expect things to work like advertised. There's classic law on the subject, i.e., a product will do what the manufacturer says it will it do and if it doesn't, there are consequences. But in the software industry, you can sell something that is broken before the box is opened and expect the customer to suck it up. That's BS. In the GP's example, the reason the software failed was because the company chose a broken activation scheme. He had a right to be pissed from the start.
What changed under Obama? Nothing Good
Ok numbnuts, that's exactly the kind of attitude that spammers have. That they can do anything because they pay for it.
Last I checked, spammers didn't pay to rent the bandwidth and processor time on each zombie machine they use.
You have to have limits. There have to be rules.
However, those limits shouldn't put a stop on legitimate activity. Just because _you_ do not have a legitimate reason to be running a mail server doesn't mean no one else does.
I'm all for ISPs cracking down on spammers, but not in a way that prevents people legitimately using the service.
(For the record, the great-great-great grandparent cited NTL as an example, who unfortunately have a history of _not_ dealing with abuse of their service, even when the recipient of the attack reports the abuse and supplies logging proving the source of the attack.)
http://blog.nexusuk.org
An underlying assumption is that these stock schemes are pump'n'dumps fostered by someone who has actually risked money on buying the stock. I don't think that's generally the case.
Whether a pump'n'dump succeeds or not, the broker handling the transactions will take his commission. Anyhting that increases a broker's transaction volume will increase his earnings, including shorts; he always takes his cut. A "shrewd" broker, like the ones known for calling nursing home residents to encourage them to day trade their life savings, don't need to do an actual pump'n'dump scheme; all they need to do is make it look like one is happening and wait for the suckers who want to take a ride on it. It doesn't matter whether the stocks go up or down, either way they collect when these are bought, and collect again when they are sold.
I think most of these stock scams are coming from sleazy brokers rather than stock speculators. Paying a few bucks a month to a spammer who is getting the same amount from a bunch of other brokers would be more than worthwhile when it increases the monthly transaction volume for all of them. Tracking the transactions he sees for the stocks the spammer decides to use is a simple way of checking whether the subscription to the spammer's service has been worthwhile.
Doing it this way, no one would actually have to work at researching pump'n'dump possibilities or risk any of their own money in a speculative buy. Also, there would be no way to trace back from the stock to the crooks, since the crooks never touched the stock itself. For con artists, this is a perfect deal. The marks suckered into it aren't going to talk about it: who is going to admit that they lost money trying to beat a pump'n'dump scheme?
Of course no one who reads slashdot would be dumb enough to fall for this scheme, right?
Mostly the grandparent post is guilty of something missing from the standard spam solution rebuttal checklist: insufficient details.
Yeah, a spam solution is almost certainly going to involve a modification to the SMTP protocol. The devil is in the details.
For my tastes, I'd be content to start with rejecting emails immediately rather than sending out "your email was rejected" messages. The number of valid "rejected" messages has got to be infinitesimal compared to the amount of address-guessing spam in the universe. About 1/3 of the spam I get comes from somebody's server rejecting somebody else's spam and telling me about it to no useful effect.
Really? are you sure? First of all, the MCSE tests have virtually NOTHING to do with email servers, SMTP, or POP (unless it's changed significantly over the last 10 years). Secondly, if you have ever set up an mail server you would know how easy it is to mis configure one as an open relay (it used to be the default). Third, if you have read Slashdot for more than a week you would know about the zombie networks and their tendencies to be used for spam.
In any case, stock scams are particularly easy to trace, since the perp has to have a financial connection with someone already holding the stock or involved in trading it.Why? No the 'perp' doesn't have to have a financial connection. Sure, old fashioned 'pump-and-dumps' like the Boiler Room involved dozens if not hundred of people, large capitol outlays, and for it to be worthwhile they needed to control a relatively large chunk of a small company's stock. Thanks to the internet that has changed, now all you need to do is to contact a zombie network operator (I hear it's fairly easy on some IRC servers), pay them some money. Hopefully a few hours later that under performing stock which you've held for too long is picking up steam. Some might even stage the email so that a couple of marks hit the stock first, just so that they look like a fool who got lucky and sold early.
I bet real money that the number of [perps] is in single figures, and that at least one of the decision makers is US resident, even if the typist was off-shoreYes, I'm sure that you have bet real money on it. As any examination of my postings will tell one, I am not a 'fan' of the current administration, but there really isn't much they can do about this problem. I am sorry if you've lost money to them, but anyone who trades in stock based on obvious spam is really getting what they deserve.
The force that blew the Big Bang continues to accelerate.
> I didn't know that they'd ever step into this realm, but I occasionally get spam on my FAX at work.
... good luck collecting it though.
Junk faxing actually predates email spam, and we got laws prohibiting it quite a while ago. You're entitled to something like $200 per fax
Done with slashdot, done with nerds, getting a life.
You're assuming that the mail is being filtered at the client-end. I did state quite clearly that these spams are so easy to detect (ie the false positive rate is so low) that it can all be filtered upstream. Decent server-level spam detection should be able to identity the first message as spam, and then blacklist the sending ip address for a few hours.
I'd rather get one 200k message that I can identity with near 100% certainty as spam - than 200 1k messages with a 98% detection rate.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
In that case, the spammers have won. A lot of captchas have become so distorted these days, it takes me 2 or 3 attempts before I pass. Especially when they're case sensitive or use zeroes and ohs (0 and O). If the best OCR system known to man (the human brain) can't process it, god help technology.
The problem of stock spam can be fixed by the stock market. Zero tolerance. Automatically delist any stock advertised by spam.
How could that possibly help? Or were you just planning to pump-n-dump Microsoft from a Panera Bread the day after this law hit the books?
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)