Slashdot Mirror
How Image Spam Works
Esther Schindler writes "CSO Magazine has an article about "The Scourge of Image Spam," with an explanation of its effect (a year ago, fewer than five out of 100 e-mails were image spam; today, up to 40 percent are in that category, and image spam is the reason spam traffic overall doubled in 2006). You might already know about that, ho-hum. But what's even cooler is a interactive graphic page which demonstrates the various methods used by image spammers and how it works."
What is this thing you speak of?
I haven't had any spam in years.
Deleted
It works because some rat fuckers out there buy the shit that's being advertised.
Would we be able to use OCR software to pull text from the pictures? Then we could subject the image spam to standard filters. Frankly, I'd do anything to stop receiving these retarded pump-n-dump-stock spams.
Spammers are sending out Turing Tests. Beware of spam filters that are too good. They just might be intelligent.
For me the spam e-mails are minimal to my machine. I do see a couple of them come in through GMail on the account that I have posted publicly on my website for people to contact me but for the most part they are the standard stock pump and dumps or phishing schemes.
:(
What has been killing me recently were the fucking botnet "attacks" sucking my DSL's bandwidth with those douchebags hitting me with a GET and an immediate POST for tons of URLs all over my site. Their referrer was http://www.google.com/ and for a few hours I couldn't figure out how to stop that w/o stopping Google search referrals too.
Some nice guy in #apache helped me out with:
SetEnvIfNoCase Referer "^http://www.google.com/?$" BadReferrer=1
SetEnvIfNoCase Referer "^http://www.google.com/?$" BadReferrer
order deny,allow
deny from env=BadReferrer
That has been returning 403s to the botnet which apparently stop such frequent attempts when they receive the error. I was getting hit with their shit every 4 to 5 seconds all day yesterday and now they are "pinging" me with attempts every hour or so. I don't know if it's a different botnet or the same one trying to get back in but that was the most effectual way to drop the huge spam traffic I was receiving but couldn't ban due to the wide range of IPs.
Botnets fucking suck
This is easy enough to defeat. Ignore all emails that aren't plain text.
Give me Classic Slashdot or give me death!
This is a great article describing how it is formed, why it looks like that, what that is designed to trick, etc.
The key point they're missing is that it works under the assumption that a very small part of the populace doesn't recognize this as spam. These people then think that an investment firm decided to tip everyone off and they mistakenly buy the stock so that it goes up a nickel only to watch it drop shortly after the spammer drops the stock.
What's ironic is that I'll bet there's people out there with money that know this scam but buy the stock to also cash in on people who think this is a real tip. It might even be that the initial assumption is wrong and that the only people scamming each other are scammers trying to take advantage of another scammer's scam. Scam. Oh, the irony if that's the case. Either way, the article mentions the SEC removing stocks that went up that were junk stocks in spam mailings!
It's a scam. Stay away and alert your loved ones if you think they may fall into the initial category of the small part of the populace. The safest way to stop spam is to alert people and teach them how to identify it.
You don't buy stock that an angry fruit salad told you was hot just like you don't sleep with the girl who leaves dead spots of grass where she sits on the corner. Awareness is a valuable key to our solution against spam.
My work here is dung.
I'd like to believe that the submitter of an article at least read TFA, but now I'm not so sure.
John
I send "Content-Type: image/(gif|jpe?g|png)" emails to /dev/null and pass the rest to spamprobe. After the inital learning of a couple of days, it's been 100% effective on image spam.
Is there truly a way to stop this though?
I know that I have embedded images in emails before, used hyperlinks, etc. All of my traffic was legitimate but is still falls within the same avenues of data transfer that spammers use.
Beyond that, some of the funny looking "philosophy" I have received in my spam inbox (courtesy of gmail) is actually more well-spoken than some of the legitimate emails I've seen. (courtesy of the public school system)
In short, it's obviously problem, but we seem awfully short on solutions.
I get through the article and realize it's from April... I feel so out of date.
Ask not what you can do for your country. Ask what your country did to you
"This is how quality image spam is made!" I hope we can all learn from this. Wait..
Lots of websites use the same techniques to obfuscate the little images used to differentiate real users from bot software. There have been lots of proof of concept examples of software that automatically "solve" these CAPTCHA images (http://en.wikipedia.org/wiki/Captcha#Computer_cha racter_recognition). If spammers move to increasingly complex image spam, I could see spam filters growing to include some of these algorithms, converting the images into a best-guess text representation, then subjecting that text to standard spam filtering. Even if the image to text conversion was only 50% accurate, I bet that would be enough to train up a modern spam filter like SpamBayes to recognize and reject the message.
Of course, I just read all my mail as plain text, so this is a non-issue as far as I'm concerned.
"Parsing an image, on the other hand, ain't so easy. "
.gif
p p-rule-to-catch-image-spam/
So use a manual rule to block these messages, discarding them on the basis of how they're put together.
If *all* of the following conditions are met:
Any attachment name contains
+ Content-Type contains multipart/related
+ Sender is not in my address book
Move message to "Junk".
http://www.hawkwings.net/2006/12/20/another-maila
The reasonably simple filter (no OCR or anything) built into thunderbird seems to get pretty good results with image spam. The devious techniques they use to obfuscate clearly aren't worth the time or effort.
And this assumes that once they get through any filters the recipient actually wants to read it. I'd have thought that the bulk of content based filtering happens at the email client. Anyone who'd set that up obviously isn't going to pay attention to spam and will just delete it anyway.
Geez. That website is irritating as all hell. Instead of laying out the article in text and pictures, he requires you to click on the page eight times just to see the various little subareas he's constructed. It's like punishment for reading his page.
Just a quick note on this story. One of the important lessons of image spam is it's a problem regardless of whether or not you actually receive it in your inbox. As the print version of the story points out, most image spam emails are at least twice the size of a text email (and they are getting much much bigger than that). That means spam is clogging up pipes along the way. Also, it's hogging massive amounts of storage at companies that can't filter it well and backup/archive email and junk inboxes that don't get cleaned out. Also, it still gets through to many many inboxes, as the fact that the SEC banned trading on penny stocks that were part of a pump and dump image spam campaign points out. The question is, and will increasingly be, why are we trying to filter this stuff at the email server rather than on the backbone? To date, ISPs and backbone operators have been hands off. That's good. No judgment on traffic and what's "good" or "bad." But it's also bad--all this crap clogs up the network and leads to any number of frauds and scams. Watch--there will be more of a push on these guys to start making value judgments on traffic and scrubbing "bad" traffic like spam and suspected DDoS etc. That's good--less spam in inboxes, cleaner pipes, better service and reduced chance of fraud. That's also bad--who is Joe Backbone that he gets to decide good and bad packets and what if he makes a mistake?
Despite the best efforts of spammers, my filter is still highly effective. While I have received an ever increasing amount of spam over the last couple of years, my filter has kept it out of my inbox. Almost none of it gets through and my e-mail is as useful as it was 15 years ago when there wasn't any spam. I don't think the filter I use is anything special (SpamSieve for Mac.) People who suffer from spam problems likely aren't using anything at all or are using filters that are only for show, so the "has a spam filter" box can be ticked and not designed to be effective (i.e. the ones provided by crappy web mail or Microsoft and Apple mail programs)
The biggest front on the war against spammers is simply educating non-experts on the existence of effective filters. Plus, we should be chiding companies like Apple and Microsoft for providing impotent filters. I think they purposely make crappy filters to avoid pissing off big companies (spammers.)
No matter how careful you are, it is the other people that will compromise your address.
Even if you only sent ONE message to Aunt Sally, your address is now on her machine. When she gets infected, ALL of the addresses on her machine are sent to the spammers.
Then you start getting spam.
Every 4 to 5 seconds is not bad, I was hit by a similar attack.
I run a webserver on my home connection, all it hosts is MythWeb, and it is password protected. I am the only person who should have to access it, and am on a dynamic IP address (not a problem I thought when setting it up, and have been very successfully using DynDNS.) About a year ago my IP address was changed to a new one, as it happens. My internet was going as slow as molasses about 10 minutes later, although I just thought it was a temporary thing with my connection. The next day it is even slower, and so I begin to investigate - I perform a speedtest and get very good results for download (but not perfect), but almost no upload. I thought this was odd and checked with my ISP to make sure there were no known issues with the connections in my area - there were not. So I then plugged my modem directly into my computer and it was still happening (which made me think it was something with my ISP, as it affected my router and my computer), and so I then clicked on my bandwidth monitor to see what speeds I could get, and before doing anything there was a constant stream of about 100kb-150kb of downstream traffic. And so I plugged the internet back through the router (I was running a software firewall by the way, so I considered bypassing the router safe).
I then looked at my webserver logs, and it took forever to load. So instead I did a "tail -f" on the error log. I must have been receiving hundreds of requests per second for websites that were nothing to do with me. It was scrolling so quickly I could not read entries as they went past. Examining it more closely I realized what happened: the owner of the IP address before me had been running an open proxy on port 80, and when the IP address changed all their requests were redirected to me, killing my much slower connection (from all the 404 responses apache was sending). So I closed port 80 for a week, and my connection returned to a somewhat normal state. However, I was still receiving about 20 requests a second, despite being offline (seemed mainly to be people trying to do dos attacks through a proxy). After a month this was down to only 1 or 2 a second, and it has remained like that till today.
Because of your post I checked my webserver logs, and at 1:27:18am I received my last request for a website, and looking into it my IP address changed to a new one (only took a year), and so some other unfortunate person is now receiving a few requests a second to be a proxy server.
I don't think so. Sounds like image spam to me.
an excellent and short lesson. i've sometimes wondered about the particulars of image spam. i've never looked at one, having not enabled attachment viewing in my mail client (i got religion about best practice in email when i first learned about webbugs). clever gremlins, these spammers - never underestimate the intelligence of your enemies!
If opportunity came disguised as temptation, one knock would be enough.
3^2 * 67^1 * 977^1
... the easier it becomes for a human to pick it out. Anything that has a garbled or gobblygook subject is going to be spam these days. Anything in plain english, but forming nonsensical sentences is going to be spam. Anything that looks like someone copy'n'pasted from a book on english poetry is going to be spam. Those three rules alone should cut out most of anyone's spam. Then you can delete anything advertising fake rolexes, pump and dump stock schemes and OEM software. And offers of naked pictures and singles websites. That should about do it...
Julie Moult is an idiot.
Since it appears that Web 2.0 is all but synonomous with cross-site scripting as a feature, my default browser settings have all scripting and components off. A site gets into my trusted site list only if I trust it with my credit card or equivalently, allow it to install software on my system (such as Windows Update).
I think that internet2 is a step in the right direction. It almost feels like internetting licenses should be passed out. If you are caught sending spam, or botnetting, your license gets revoked. I know that this is totally against almost everything that the internet is all about, but why the hell should i have to deal with:
Wed Apr 25 19:31:56 2007 [pid 31219] [Administrator] FAIL LOGIN: Client "00.00.000.000"
20,000 times in my log files?
I know that botnets are composed almost completely of winboxes with oblivious users, but that actually is their fault. If i get into a car that i don't know how to drive, and my inexperience results in me smashing into your living room, shouldn't i be held accountable?
NewslilySocial News. No lolcats allowed.
Pine doesn't display those messages. What a pity. ;-)
- Martin
What sort of a brain-dead moron would actually fall for spam?
I wish that somebody would do a TV show like "To Catch a Predator" except that they would go after the people who buy spam. Embaras them a little.
"Hi, I'm Chris Hansen from NBC. Why don't you have a seat there. Why are you here sir?"
"uh well I, I'm here to see a friend."
"You're here to have your penis enlarged aren't you?"
"no, no, I'm just here to hang out."
"Sir this is an email that we sent to you advertising penis enlargement. You clicked on this email."
"omg, is this on TV??"
A few days ago there was an article on /. about botnets engaging in "gang wars".
I've got a crazy idea. Let's make "policemen" botnets, that would;
1. Infect a "victim" machine;
2. Remove all known trojans and viruses;
3. Secure the machine;
4. Spread itself;
5. Keep an eye on the neighbours;
6. In case of some botnet "gang war", try to compromise fighting systems and stop the madness.
I think it might work... Strike them with their own weapons...
Sadly you missed a great opportunity for some payback. This could have been your perfect chance to install Squid and have it redirect all traffic to Tub Girl!
I can only imagine all these 31337 w1nd0z3 h4x0rs getting owned by Tub Girl, Goatse, or Lemon Party.
Hell, I may open up a proxy server in hopes of luring people for a mass tubbing.
For most people (yes, I know some people are exceptions), isn't the mere presence of an image attachment, a good indicator that it is likely spam?
You don't need to "parse" or OCR the image. The existence of the image is what you need to know. If an email contains an image attachment and it's not from someone with whom you've already conversed, then it's spam. That sounds like an incredibly easy filter. 0% false negatives, 0.000001% false positives.
describes the multitude of summer camp romances in my youth...
I have something in common with Stephen Hawking...
portions:
Eggs, sausage, bacon, spam, spam, toast, spam, chips, coffee and spam.
We've been working pretty hard on implementing a useable OCR system at the ISP I work for. Not only using FuzzyOCR, but rolling some of our own algorithms to determine the likelihood of something being image spam.
One thing we didn't expect -- and are still coping on working around -- was something very simple:
Screenshots
The more stringent you are on image/text spam, the greater the likelihood that you're going to create a false positive when someone emails an image with a lot of text in it... e.g., a screenshot of a word document or Explorer window.
Hire a Linux system administrator, systems engineer,
I find the "problem" of image spam quite easy to avoid. I just don't accept any emails with attachments/images unless they're on my whitelist, because really... who's going to be emailing pictures to me other than my friends and family ? It's just plain retarded.
-Billco, Fnarg.com
This is, no doubt, Web 2.0 at its finest. I think I'd rather have spam.
What's next? Articles written as directed acyclic graphs?
I can explanate how to administrate your network. You must configurate and segmentate it, so it can computate.
This article is fascinating because it shows how the smallest things will utterly confound computers even as they are barely noticeable by humans. Computers are quite "dumb" in this regard. Maybe antispam will be the next frontier of artificial intelligence research. Which is kind of sad, but perhaps necessary.
Penny - plain text accounting
Why not make Apache run on a nonstandard port, like 8080 or 8081 or whatever. That should help.
I cannot get out from school to anything other than 80. Not even 443 works (I know this is stupid and broken, you tell the IT department this).
I find it disappointing that I haven't received all of the image types exhibited. All my spammers are boring and go with the random noise method.
All of the spam I get is embedded-image spam.
I don't get any legitimate emails that have embedded images in them.
I would like to make Outlook move emails with embedded images directly into a junk folder.
How do I do this?
Thanks,
A work that expires before its copyright never enters the public domain and thus enjoys eternal copyright protection.
It's funny how much people take things for granted. Do you sincerely believe that spam (and image spam) is about selling stuff? Come on! Spam is the covert channel used by terrorists to control their extensive network of sleeper cells. Why?
Now let's send this to the Government, and see how fast CAN SPAM ACT will get revoked, and the spammers sent to Gitmo for "questioning"!
cpghost at Cordula's Web.
It seems that a lot of image spammers have tried to circumvent newer spam-blocking technology by using animated GIFs: the first frame of which is blank, and the second of which contains the ad.
For months, we had consistent problems with clients e-mails (using a major ISP I won't mention here) not reaching our server. Curiously, it would happen most often with replies to our original e-mails.
After months of anguish and highly accusatory phonecalls to the ISP's tech support, we discovered the problem. Our company e-mail signature contains GIF images. When a client replied to us, quoting the original e-mail, the ISP would scan the e-mail, detect the inline GIF, and block the e-mail.
Since we changed the format of our signature to use JPEGs instead of GIFs, we've had no problems with the ISP blocking client replies.
So once again I assert: the biggest problem with spam isn't even the spammers, it's the n00b sysadmins who implement agressing spam-blocking rules before thinking about the consequences. I'd rather get more spam that have legitimate e-mails blocked by false positives.
"The first thing we'll do is kill all the spammers..."
The vast majority of such traffic will be due to automated scripts spamming blogs and so forth. The script isn't going to be offended by shock images. At best, not getting the expected page might get you removed from the proxy list eventually if the programmer bothered to include that feature.
Image spam works? Really?
Do not mark in this space. For official office use only.
I've almost deliberately exposed my email address all over the place, without the ridiculous antispam obfuscations (no "ninja AT slaphack DOT com" here), because I prefer not to use CAPTCHAS where I can help it, and that's just a poor-man's CAPTCHA.
The reason? Simple:
Statistical spamfiltering of any kind -- bogofilter, in this case -- is creepily accurate.
Recently, I lost my bogofilter database (due to my own stupidity). It took one day for it to get back to 95% accuracy, and another day to get up to 99%, with one false positive -- the first I had seen in about six months.
Don't thank God, thank a doctor!
Find free books.
I receive about ten to twenty spamm a day mostly in image format this ones are a few from viagra vioxx and that stuff..
But the interesting part is that the rest of it are
spamm related to stock exchange and future results of stocks
i never had the time to check if they are real stock bonds or fake.. but in case they are real bonds, i think that it is used to make you speculate on how will the prices go. someone knows about this or i am the only one who receive images with future prices of stocks shares
?
You mean those hot tips about emerging stocks were not secret messages? Dammit. I should have known.
Sometimes the simplest solutions work best. OCR detection and Bayesian filtering will always be a cat and mouse game. I used to bounce spam, but stopped that when botnets became the main conduits.
This may be a bit redundant for the type of people who read Slashdot, but I thought I'd share my views anyway. These are some of the techniques (suggestions) I use to avoid spam:
-receive email from white lists only (where applicable of course, like personal accounts intended for friends only)
-turn off HTML features in email clients (Web browser features in email clients are bloatware IMHO)
-use the IMAP protocol to receive emails and set the your client to download headers only
-never use your _main_ ISP email account (it's generally hard/impossible to change without dropping your ISP)
-treat email accounts like passwords (think of them as being disposable and easily changed)
-if you need a publicly displayed email address, use the same techniques that spammers use to avoid OCR detection, robots, etc (learn from the pro's, know thy enemy, etc)
And of course the more obvious solutions:
-use spam filtering programs
-virus check incoming emails
-never open attachments, reply, "unsubscribe", or click on anything, or go to any URL/link in a spam message
If I wracked my brain I could probably think of a lot of other methods to avoid spam (like using email clients in sandboxes/virtual machines to try and avoid zero-day exploits). Of course if you use a "free" email account like Hotmail much of the filtering is already done at the server level, and generally you get what you pay for.
I feel your pain. I *can* get out from the office through 443 and 80, so I'm a bit better off than you. Some ideas:
- Can you do anything at all as long as it's through Port 80? If so, try SSH'ing into Port 80 so you don't have an Apache webserver responding, but instead SSHd dropping connections. Then you can always tunnel through the SSH connection (ie. connect from you school computer to school_computer_itself:8080, but actually it's going via the SSH tunnel to home_server:8080 where your Apache server is waiting).
- Otherwise, doing SSL through Port 80 (ie. making it act like a Port 443) might give you more security, but I guess it wouldn't stop script kiddies from connecting to it.
But are you not able to change your IP address? For me, with my DSL modem, I can tell the router/modem to drop the connection, and when I reconnect a few seconds later, I've been assigned a different IP address. Not an option for you?
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
My email address is oooold (12 years to be exact), visible in usenet archives and inevitably gets tons of spam. Before image spam this used to be problematic. But now spam is pretty much self-labelling (email not in whitelist + image => spam), so life is good once more. And the minority of messages that get through are usually obvious from the weird characters / html in the title (I use pine).
Installing squid to do that is just overkill. He's using Apache, it can be done with about 4 lines in a config file.
..."avaricious" means greedy and Nigeria is located in Africa.
The main culprit are your work-at-home-and-make-big-bucks programs you find advertised on TV late at night and such. This is increasingly so since computers, always on internet, and lazy people with spare time are often correlated.
... subcontracting out.
These programs are designed by people who work at so called "network marketing firms". You pay them half of your third mortgage, and they set you up with a turn-key virtual server somewhere (which you still need to pay for over time) and give you campaigns to run and leads to follow up on (or lists of people from which to procure leads). It's up to you to make that campaign make money for you, and most people get desperate when they find its not so easy to "be a viral marketing company" so they turn to private forums that trade email lists and get you in contact with spammers.
Meanwhile the network marketing firm has your money, takes no risk, and is not responsible for the spam it's "independant contractors" are sending out, nor the bespoke Russian viruses and network of zombies the more successful of these employees are cooking in their own home businesses.
Finally, it's the people looking to sell products who are also harmed. The network marketing company promises them the world, takes a check, and then forwards the campaign scatter-shot to their contractors. And that's all they do, besides interact with the customer on the contractor's behalf. Little firewall there...
I doubt they give them any useful metrics, nor would they sign a performance-based contractor. They're looking for desperate small-time campaigns.
Which sometimes are are the same independant contractors that work for the firms in the first place
It's a big clusterfuck.
It is trivial to overcome color variation issues: you use a perceptual transformation of the image data. For example, discard the hue, normalize the saturation and use it to weight the value. Or calculate the difference-from-background color metric. Or use a luminence-based edge detection algorithm (basically a convolution kernel). yadda yadda yadda.
Yeah, that stuff's childs play. The real hard stuff is finding letter shapes that are difficult for OCR algorithms to handle, yet are "legible enough" for humans without disgusting them like some illegible CAPTCHAs out there.
One technique I like is to use a 3d extruded wireframe version of each letter, but projected isometrically. Then you take the endpoints of your lines and arcs and jitter them, allowing line edges to cross or to become disconnected.
The human eye is really good at picking out the letter outlines in 3d (especially since you have reinforcement of the front-face pattern with back faces) That extra information helps overcome the jitter.
But OCRs of this generation focus on line corners and points of interest (features that are mostly scale/rotate and font-invariant) so lines that cross or end prematurely are particularly problematic for these algorithms.
THIS THING CAN TURN ON A DIME, MACROSSZERO STYLE ALSO FUCK BETA, ~NYORON
You get email from people you know and who know you. If you don't know them, it is spam. Period.
This is pretty much how email is coming to be viewed these days. A company wants to send you an acknowledgement of an order and they can't get it through. Someone wants to ask a question about something, someone that you've never heard of - it must be spam.
The problem is, it mostly is all spam these days. I get about 400 items a day. Our sales@ email address gets more like 1,000 and there are one or two real emails in there.
When we can't send mail to customers (things like receipts) that are plain text because they are agressively filtering and we can't sort out the good from the bad on our end either email has pretty much reached the end of usefulness. While a whitelist essentially ends the utility of email completely, it does solve the spam problem 100%.
or use http://bogofilter.com/ in corespondence with strangers or while filling in the registration forms.
I collect spam to test my AI programs on. I have a bunch of filters that process images into different rpresentations - basically flagging matches to different patterns and building new patterns from combinations of existing patterns. I've experimented with bayesian filters on the output of some of my toys and it seems to work rather well. The filters might output a text string like:
md5:16613765e1f9a23fe6244b90d9483e1f found:9 w:450 h:600 color:ddc3b2 color:decec3 color:d3bdaf color:debfab color:e5c2ac altcolor:d1ac95 black:21 text:"ASIANGIRLS . JP"
This is pretty simplified compared to what the filters actually output but overall it provides a pretty good bit of text that most bayesian filters can do something with. The filters gather simple information such as the file md5, width, height, times file has been matched, average color, average grey value, color and grey value averages of common blocks, the same color and grey values for everything after the most common color is removed, text recognition, shape reconition, and keys for learned patterns of these different values that are recognized in the image. Other than the md5, width, and height these values change little when scaling, clipping, watermarking, changing fonts, tinting the image, etc. I've trained my filters on millions of images over the past decade and they really work pretty well although I'm always finding new improvements to make.
My goal is to build an intelligent program that can classify and respond to visual input so spotting spam doesn't seem to far a stretch. I have trouble believing that spammers could generate a random enough image to fool the filters while still being usable to humans. Of course, the price is CPU time for the user but most of my filters don't use a lot of CPU time and bayseian filtering dosn't use a lot either so it's really not to bad.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
I think that everyone should respond to spam. I think we should all use our credit cards to buy loads of whatever they are selling.
Then call our credit card companies and cancel/charge back.
Some small percentage of the spammers will actually ship their junk before they realize they shouldn't. Most of the time it will just be an annoyance to the spammers. But it will always cost the spammers a discount fee, and the more charge backs, the higher the discount fee. It will ruin their credit.
When spammers can count on 4 out of 5 orders falling through, it sure will make their jobs unfun.
Pretty soon the spammers will have to start using captchas and such to make sure you are a real order and not an automated attack.
There's the saying that a picture is worth a thousand words (bandwidth-wise, it may be accurate!). Non-spam marketdroids have been using evocative pictures to get their points across for countless years. Yet in every image spam I've ever received, the image contains only text--distored text, psychedelic colored text, garbaged text, text over confetti, text over random noise... I have yet to see a big colorful graphic of a Little Blue Pill cross my inbox.
Caveat Emptor is not a business model.
We have been using Spam Arrest For Years and it's stopped millions of emails from reaching our SMTP server which in our case means a lot since it's a Satellite Connection.
Thank You Spam Arrest
Before you go off on the idiocy of people who respond to these mortgage spams, take into consideration their victims. Many of these mortgage spams say things like "Thank you for your refinance request ..." etc. Victims include otherwise intelligent people who may not be internet savvy who are in the midst of a refinance. Imagine a grandmother or a person for whom English is not first language who has recently started the refinance process. Then they get one of these emails that pretend to be from someone with whom the recipient is already dealing, and respond to the link. Sure, they may think it a bit odd, but whatever. Within hours they are deluged with calls from dozens of different lenders and brokers who have purchased the spam leads.
Now, I have no great respect for the intelligence of the average internet user, but I would just like to point out that someone can be intelligent and honestly duped by mortgage spam, but more to the point the spam recipient paid no money but the spam is successful. It is the middleman purchaser of the lead generated by that spam who is funding the spam.
Of course I have no sympathy and little respect for that scummy level (usually multiple levels) between the actual spammer and the recipient of the spam lead, but I will also point out that the contracts between the broker making the call and the lead generating company that sold him the lead usually state that the lead was not generated illegally, is being sold exclusively to that broker, etc.
I guess my point is that the economics of spam vary from product/service to product/service being spammed. Penny stock pump-and-dump schemes have very different economic mechanics...
CC
No Inflation Taxation without Representation
Don't forget the pixel salad (from TFA).
"Beware of he who would deny you access to information, for in his heart he dreams himself your master."
Still there must be some gain from those leads obtained via spam, or the middlemen would not bother to pay a spammer to get them leads that lead to nowhere.
There is a "purchase" by the recipient after all, or else there is no profit.
You are right, if you use greylisting alone.
If you combine greylisting with a few realtime spamtrap-driven blacklists then the greylisting period will allow the spam to be caught by the blacklists and when they retry they get through the greylist, but get caught by the blacklist.
-- To dream a dream is grand, but to live it is divine. -- Leto ][
Frist psot with my new account =8^), tho I've lurked and occasionally posted AC for years.
/years/.
Your ISP is likely associating your assigned IP with your MAC address, as is quite common with DHCP, giving users that want a stable address at least a bit of stability. This seems to be particularly common with cable modem systems. Change that, and you get a new IP address. It's likely that easy. =8^)
MAC addresses are normally hard-burned into the hardware (Ethernet and the like), and are supposed to function as a GUID (globally unique ID), so changing your NIC is one way to change your MAC address. However, there's often a way to set them to something other than the hardware MAC address manually. The idea is that a network may have configured a specific association (like IP address, or even permission to connect, some ISPs register MAC addresses and won't allow unregistered addresses a connection or give them an IP address, MAC address filtering is also very common on wireless networks, for security reasons) that may be inconvenient to change when you switch NICs or the like, and the ability to manually set a MAC address allows one to set the same one they previously used.
How you change your MAC address, however, will obviously depend on what OS and/or Ethernet/other-connectivity drivers you use. Here on Gentoo, there's a network services module that combined with an app called macchanger, allows me to set my MAC at will, every time I bring up the connection on that interface. I have it set to entirely random, so if my ISP is tracking it, I might appear to be connecting with a multigigabit Internet backbone router one day, and an old 2 Mbit thinnet card or whatever the next, but that could cause problems if the ISP was relying on that for something, in which case I could just set it to randomize within my hardware type or just the specific NIC manufacturer. Anyway, with my randomized MAC address, I get a different IP address every time I reconnect (tho the computer keeps the same MAC and gets the same IP when I simply hibernate, aka suspend to disk). Otherwise, as yours, my ISP continues to hand people the same MAC associated IP for sometimes
On MSWormOS, I believe implementation is left to the Ethernet driver. If your NIC driver implements manually setting your MAC, it should have such a setting in the appropriate properties tab. Else you may be able to set it in the registry, if you know what you are doing. I stick to freedomware (see the sig) these days, so can't give you much more on that.
Routers often have an option to clone the MAC of a connected computer on the LAN to the WAN side, again, in case the ISP specifically authenticates in part by registered MAC address and won't allow changing it without calling them. Others let you set it specifically. Some, particularly those running OpenWRT or similar firmware, may allow fully randomized MAC addresses, much as I described I do with my Gentoo system above. You mentioned that switching between direct connect and using your router didn't change your assigned IP address, but it's possible that's because the router was already cloning your computer's MAC address to the WAN side, so the ISP saw no change.
So anyway, try changing your MAC address. You'll likely get a different IP address that way. If you don't, the worst that should happen is they won't let you connect, and you change it back. Of course, if they associate the assigned address with the login info (PPPoE or the like) or MAC address of the modem, you'll still connect, but changing the MAC address on your computer or router won't cause the IP address they assign you to change.
HTH,
Duncan
Duncan
"Every nonfree program has a lord, a master,
and if you use the program, he is your master."
R Stallman
all the spammers need to do is convince naive bussiness men that sending thousands of unsoliced messages will get them profit.
I'm still a little surprised that people are stupid enough to buy things from spam. If it wasn't profitable, it would disappear.
I think we're approaching this problem the wrong way. We should execute anyone who buys anything from spam. This would remove these "customers" from the email pool, and also increase the average intelligence of the planet.
- chrish
No. The recipient of the spam never gives money. They give information. The spammer captures this information and turns into money by selling that information in the form of a lead. The person who buys that lead sells it again, and this process is often repeated another two or three times. But the spam recipient never parted with any money.
No Inflation Taxation without Representation
An image of 300 on 200 with a big blue pill; left and right of the pill are the brands which can be ordered online; It's still as annoying as the distorted texts; only more eye candy.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
TinyURL's are generally not known to where they go; I would rather like to see where I go to or atleast use my own judgement before I click a link; my PC's have not been infected with anything over the last 6 years *knocking wood*.
Combine the two, how safe would this TinyURL system be?
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..