Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam is Back With A Vengence

Posted by CmdrTaco on from the bring-me-my-bazooka dept.

Ant writes "The Red Tape Chronicles reports that just last December (2006), the FTC published an optimistic state-of-spam report. It cites research indicating spam had leveled off or even dropped during the previous year. It now appears spammers had simply gone back to the drawing board. There's more spam now than ever before. In fact, there's twice as much spam now as opposed to this time last year. And the messages themselves are causing more trouble. About half of all spam sent now is "image spam," containing server-clogging pictures that are up to 10 times the size of traditional text spam. And most image spam is stock-related, pump-and-dump scams which can harm investors who don't even use e-mail. About one-third of all spam is stock spam now."

5 of 510 comments (clear)

  1. Re:The solution by eMbry00s · · Score: 5, Interesting
    1 - death ( yes, death, not jail ) for conviced spammers ( oh, and make it painful and long too )
    Please try to size the punishment to the size of the crime. Most civilized countries don't even have death sentence for serial murder. Also, your American laws don't carry much power over other jurisdictions, and convincing others to share death penalty for something like this would be hard.

    2 - any company caught knowingly using spam as a way to advertise is forced to shut down and they lose all thier assets ( including personal )
    Well then I know what to do about my pesky competitors, just have some spammers send spam in their name! Problem solved!

    3 - anyone caught buying from a spam ad should be humiliated in public.
    So who do you want to monitor everybody's commerical actions? Actually, to know that the person bought a product because of spam, we'd need to monitor them whenever they check their email. Big Brother go! :DDDDDDD

    In the name of Karl Popper, though, I appreciate your proposals.
  2. Re:Moo by HairyCanary · · Score: 5, Interesting
    and i'l bet they will be *happy* to know they're a problem, and how to get better.


    I can see you've never worked at an ISP. A customer who is cut off could not care less about why, all they want is to be reconnected immediately and with no work on their part. They will threaten leaving your service, lawsuits, and practically death threats if you do not reconnect them.

    Seriously, why won't this work?

    Primarily it becomes an issue of volume. One call to a customer with an abusive machine will eat up the profit from that customer for months. You can't just call them and say "fix it", you have to handhold them through the process or you will almost certainly lose their revenue altogether.

  3. Re:Stock Spam by beakerMeep · · Score: 5, Interesting
    While it's nice to think regulators would fix it I found there were a few reasons why this wouldnt happen. I did a little research on those stock spams. since there had been so many, it got me curious as to what was going on to stop them.

    1) many of the companies that are promoted in the pump and dump schemes are not involved and often dont know for months that they are also victims of the spam. basically its hard to know who really is (spam coming from open relays etc)

    2) most of these stocks are what they call pink slip or OTC (over the counter) stocks not traded on exchages like the NYSE or CME, thus not falling under the SEC (i think, please correct me here im no stock expert)

    3) it appears that these spams are more of a scam to drive people to brokerages, or stock advisors. if you google one of the symbols in the spams, you will find very shady looking, hastily constructed sites who's sole purpose is to grab the #1 google ranking for the word "spam" and the symbol in the email.

    I could be wrong about the purpose but I think there is more to this scam than pump and dump. ymmv.

    --
    meep
  4. Re:The solution by clark0r · · Score: 5, Interesting

    My ISP (www.ntlworld.com) doesn't allow you to use www if your connection has a high amount of outgoing port 25 action. I know this because a PC here got infected with a mass-mailer trojan once. Instead of seeing the webpage you're trying to see, you are shown a page telling you that you've been infected, along with access to several tools for removing these kind of infections. If ALL ISPs did this, I would think that spam traffic would be heavily reduced.

  5. Re:The solution by fredklein · · Score: 5, Interesting

    I HATE these stupid 'form letter' responses. They make the poster look like they know-it-all, and they preclude any REAL thought or discussion about the idea. That said, I have a simple, foolproof idea to help eliminate spam.

    Email certification.

    If you want to be able to send Certified Email (CE), you apply for Certification from the company that gives you internet connectivity. They check you out, and 'Certify' you as being a legitimate emailer (ie: not a spammer). Then, you generate a private/public key pair and give them the public one. In the headers of all your email, is their certification, and an encrypted header line that's createdusing your private key.

    When email arrives at the recipients server (or this could be done at the client level, as well), the server sees the certification, and connects to the certifying server to get your public key. It attempts to decrypt the header line. If it does it marks the email as 'certified', if it cannot, it marks the email as 'uncertified', and the email client can be programmed to filter messages based on that.

    Due to the public/private key cryptography, there can be no certified email spoofing. (Assuming the private keys are secure, the keys are of decent length, etc.) All emails are traceable back to the originating server. CORRECTION- all CERTIFIED emails are traceable. Anonymous email is still possible. People can still set up email servers for mailing lists without "having" to get them certified. And people can still receive non-certified mail.

    If an email server sends out spam, the complaints go to it's certifier. They can drop the certification, deleting the public key from their server. When this happens, ALL the email from the spamming server is now 'uncertified', and gets handled accordingly by email clients. If nothing is done, complaints go to THEIR upstream, etc. Individuals and groups can keep their own blacklists, if they wish, and anyone can choose to filter emails according to those lists.

    Now, I've looked over that 'form email' that people like to post to shoot down anti-spam ideas. And nothing applies to this idea. (If something seems to apply, it's because I either left out details, or explained something wrong.) This idea does NOT need to be universally adopted, nor does it need to be adopted by everyone all at once. It's primarily a way of reliably tracing (certified) emails back to their originating server. The anti-spam part comes later: if you receive certified spam, complain and get the server un-certified. If you receive un-certified spam... well, just have your email client dump all uncertified emails in the trash. (Not nessisarilly, you could just use it's un-certifedness as a factor in filtering your email.)

    This idea does not require anything be changed with SMTP. It simply requires a second connection be made to the certifying server. Now, before you bitch about the extra bandwidth, I'd like to remind you that, once this idea catches on, spam will be greatly reduced. This reduction will MORE than make up for the slight increase in bandwidth created in querying the certifying servers. Also, the certifying servers can set time limits on when the certifications expire, and need to be re-downloaded (kind of like DHCP leases). A 'new' company that just applied for certification might have it's certificate set to expire almost instantly. This way, every email they send requires a download of the certificate. This allows the certificate to be pulled rapidly if they start spamming. After a month or two, it could be set to expire weekly or monthly.

    To sum up: Email Certification is reliable way of tracing the certified emails back to their originating server. This allows spammers to be identified unequivocally, and have their certification pulled. Email servers are NOT required to be certified, and anonymous email is still possible. Email recipients can, if they choose, set up their client to send uncertified emails to the trash, or to handle them however they wish. White lists and black lists