Slashdot Mirror
The New Yorker On Spam
aqk notes an article in the Aug. 6th New Yorker surveying the spam problem up-to-date. The New Yorker may not be exactly the MSM, but it is pretty influential. The author got only one fact wrong that I noticed: Canter and Siegel's seminal spam was propagated through Usenet and not email. Still, it's a good look at the history of spam and the scale of the problem today. The amount of spam that "spam king" Robert Alan Soloway, indicted under the CAN-SPAM Act, is accused of sending over a period of four years is now pumped out about every 30 seconds, around the clock, around the world.
How is the New Yorker *NOT* MSM? it's practically on every newsstand from here to Moscow (and yes, I have traveled that far, and seen it there) It's lasted for over 80 years so far and has won more than just a handful of nationally and internationally recognized awards for journalism.
If anything the New Yorker is a good way to reach people that might not be quite as technically proficient or knowledgeable.
I will not give in to the terrorists. I will not become fearful.
It's not just that this idea is unpopular, in my mind it is untenable. The nature of a decentralized system such as the internet is such that it, by its nature, resists control. So you want to require every internet user to have an ID for verification purposes? How would that be enforced internationally? It only takes one China or Nigeria to fail to comply, and the solution becomes worthless. Even if 100% compliance was possible, how long would it take for the system to be hacked? Imagine waking up one morning and finding yourself without internet access because someone else had been spamming using your credentials. I would contend that, if spam is a crime, there would need to be a larger burden of proof than simply seeing someone's credentials attached to an email. The lack of centralized control of the internet simply forces us to face the reality of human nature - when not controlled, some of us will choose to do good of our own devices, and some of us will choose to do bad. I rather enjoy this kind of environment - it allows the true nature of individuals to sally forth, it shows who is to be trusted and respected and who is to be avoided, and it grants free expression without forcing us into a cookie-cutter mold that some centralized authority would impose upon us. With all due respect, if you seek the kind of solution you state, move to China. I hear their network is very secure. Good luck logging into slashdot, though.
I'm in the middle of starting up a small business and was talking to someone about marketing. This individual (Not an in-duh-vidual - a Ph.D.) suggested that I send out mass emails. I told him that I can't do that because I'll be a spammer and my ISP will yank my account. He then mentioned that they're are ways to mask my origins. I said if I get caught doing that, I'll be in even more trouble. Besides, I DON'T want to be a spammer.
My point? Spamming has become so standard and everyday that people don't even give it a second look now and just consider it an annoyance at worst. The only people who really care are those of us in IT.
I prefer Flambe as apposed flamebait.
Well, they're trying to send a lot, but with a proper setup at and around your mail server, you will not be seeing much of it anyway.
Simple greylisting helps a lot, supplemented with greytrapping-generated blacklists (with 24 hour expiry) it's even fun to watch. The last 2-3 percent that actually makes it through to be seen by content filtering gets converted back to free electrons.
I've had a series of blog entries over at bsdly.blogspot.com about this and the conclusion is clear - with a competent system administrator, Spam is a solved problem (Links to other refs inside, follow links).
-- That grumpy BSD guy - http://bsdly.blogspot.com/
This is definitely a start in the right direction, but it's not the whole story. I'm convinced that a massive part of the problem is that there's a widespread belief that spammers make millions of dollars.
No doubt, a very few do. A very few have mansions and island retreats in the Bahamas. But these people are like the Michael Jordans of spammers, the people who have spent an incredible amount of time and effort into honing their spamming skills not just into an art, but a lucrative profession.
The problem is that most spammers aren't the Michael Jordans of spam. They're just people who have heard that spammers make millions of dollars, and they want in on that action. They go out and download the latest scripts and fire off a few million e-mails. No one responds. So they fire off a few million more. After enough times, someone will respond, and they've made $20 bucks. Flush with the thought of new mansions, they fire off millions more. Whoops, that $20 was charged to a stolen card, so they're back to zero.
The point is that the world has changed. Back in the day, there was a lot of money to be made from spam. Now, though, you have a very few scummy individuals who have made massive amounts of money. You have thousands of scummy individuals who think they can do they same thing, but fail miserably. It doesn't matter, though, all you need are the few who do make millions to keep the perception alive that spam = TONS of money, and you'll have people lining up to do it.
What need to happen is that they need to stop focusing so much on the spam "kings" and go after the regular guys who send it out. The people without the million-dollar houses. The people who think that it doesn't hurt anything to fire off a few million e-mails to try to sell some Vigara (yes, I misspelled it deliberately). The press need to cover those stories too. (They really need to cover them more.) People stop seeing Bill the multi-millionaire spam king and start seeing Ted the worthless loser who was so desperate that he thought he could make a million dollars by sending spam.
It's not enough to make spam unprofitable. People have to know it's unprofitable, and that when caught, they'll end up in jail for nothing.
Nope. They can't fake the IP address if you don't have pipelining turned on. It's coming from their IP's.
That's the problem. You cannot "trust" Hotmail or GMail because they ARE used by spammers.
And there is no technological reason why they could not address that issue. They know that spammers will open accounts with them. Yet they take no steps to mitigate that. Even limiting the outbound emails from each account would help. And having an automated process for reporting and blocking spam from them would pretty much solve the rest of the problem with them.