Slashdot Mirror
Spam Replacing Postal Junk Mail?
TheOtherChimeraTwin writes "I've been getting spam from mainstream companies that I do business with, which is odd because I didn't give those companies my email address. It is doubly strange because the address they are using is a special-purpose one that I wouldn't give out to any business. Apparently knotice.com ('Direct Digital Marketing Solutions') and postalconnect.net aka emsnetwork.net (an Equifax Marketing Service Product with the ironic name 'Permission!') are somehow collecting email addresses and connecting them with postal addresses, allowing companies to send email instead of postal mail. Has anyone else encountered this slimy practice or know how they are harvesting email addresses?"
Every time I buy something on-line I have to provide my billing address so now the e-mail address I use and possibly more (can it read cookies?) is known to the vendor who can turn around and sell that information to others. How easy is it for some Javascript or something to poke around for e-mail addresses when you are at a site? Also, my e-mail providers know my address - i.e. yahoo, google, aol, apple and comcast. Could they be selling that information? I wouldn't be surprised.
Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
I have my own domain- EVERYONE except family gets a different email address
one gets caught by spammers- the address gets killed.
I understand gmail allows using a + in the address line to sort mail in a similar fashion
googleid+identifyingstring@gmail.com and you still get it-- only you know the source.
every day http://en.wikipedia.org/wiki/Special:Random
I use 2 emails, one for spam and one for private mails.
Now both my emails are full of junk, but while google spam option are working my old yahoo email is beyond saving.
Just keep clicking on "this is spam". It's not worth your time to understand why it's happening, and even if you do understand, you will find out it's impossible to avoid.
Hell, I can't even check my old SMS because it's full of spam.
Love many, trust a few, do harm to none.
first person I would suspect is the ISP or your webmail
without knowing any details of even the country your in it's kind of hard to guess...
but ISP's use deep packet inspection and even easier I am guessing you fill in your email address for their webmail and they bill you...
regards
john jones
I just handle electronic spam like normal junk mail. Hit Ctrl+P and then throw the damn thing away. Good riddance.
I use a special domain name which maps all aliases (*) to my mail box. Nearly every email I use for online purchases or registrations is custom for that site so when I receive email from an unexpected source I can trace it back to where I originally used it. I also always opt out of companies sharing info. I recently caught out SCE having passed my email to a government energy program and called them out on it. If I get spammed on one 'channel', I can reroute it to the /dev/null mailbox.
Yahoo lets you create temporary addresses that you can disable at the drop of a hat.
I use those for most of my business correspondence.
Your mail provider may offer something similar.
Although it would be best if email marketers were simply swallowed by the earth and sent directly to wherever it is the bad people go, if they are going to continue annoying us then I would prefer that it be through email and not postal mail. At least with email they are competing on our playing field where we have a decisive technical advantage in filtering. If the choice is between them stuffing my post box with paper or trying to stuff my inbox with spam (they will fail due to ThunderBayes among others. What's the word? Thunderbird) then I say bring on the spam, we are ready.
What's happening here is that there are companies that aggregate profile information, and they're able to link your email to your profile information. They then sell append services so the marketing company can add that email to your existing full name and address (FNA).
It is wrong for companies to append an email address and then market to it.
Companies do a lot with their (your?) customer data, including hygienization, appends, completion, profiling, etc. Most of this happends under the sheets, and most customers don't really want to know the details.
However, I advise clients to NEVER use an email append service for a variety of marketing and spam/technical reasons. Most clients will listen, some will choose not to. However, I'm seeing that more stupid companies will forge forward like its nothing, and companies with dwindling budgets are too suckered in by the cost savings.
Its only going to get worse.
Once again, GMail is my solution to this. Prior to GMail, I used spamgourmet to keep my inbox clean. The oldest email I have used to get 30,000 emails per month that were all SPAM. Right now, it's getting about 11,000. (I haven't really used that address in a long time.
I have had maybe 10 SPAM emails in the last year make it to that inbox. (It's hosted under Google Apps.)
So once I found out how well Google's SPAM filters work, I quit caring about giving out my main email address. I give it to everything now, and if a company SPAMs me, I just mark it as SPAM. When enough people do that, it seriously hinders their ability to contact their legit customers, and they learn a valuable lesson.
There's a little bit of fallout from people who use the SPAM button incorrectly, but I think Google does its best to account for that, too.
"If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
Everytime I got a new email adres, there is always that one clueless git that adds my address to one of those cute 'send something funny every week' sites.
Never got that funny, but the spams just starts flooding in.
Now I'm a lot more picky about who gets to see my real address. The rest goes to my temporary catch-all of the month.
Your post advocates a
( ) technical ( ) legislative (X) market-based ( ) vigilante
approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
( ) Mailing lists and other legitimate email uses would be affected
(X) No one will be able to find the guy or collect the money
( ) It is defenseless against brute force attacks
( ) It will stop spam for two weeks and then we'll be stuck with it
(X) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(X) Requires too much cooperation from spammers
(X) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
( ) Spammers don't care about invalid addresses in their lists
( ) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
( ) Laws expressly prohibiting it
(X) Lack of centrally controlling authority for email
( ) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
( ) Asshats
(X) Jurisdictional problems
(X) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
( ) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(X) Armies of worm riddled broadband-connected Windows boxes
( ) Eternal arms race involved in all filtering approaches
( ) Extreme profitability of spam
( ) Joe jobs and/or identity theft
( ) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(X) Dishonesty on the part of spammers themselves
( ) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(X) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
( ) Blacklists suck
( ) Whitelists suck
( ) We should be able to talk about Viagra without being censored
( ) Countermeasures should not involve wire fraud or credit card fraud
( ) Countermeasures should not involve sabotage of public networks
( ) Countermeasures must work if phased in gradually
(X) Sending email should be free
( ) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
( ) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
( ) This is a stupid idea, and you're a stupid person for suggesting it.
(X) Nice try, assh0le! I'm going to find out where you live and burn your
house down!
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
It's a service called an "email append", offered by the major credit reporting companies. The purchaser gives them a list of names and addresses, and the credit reporting company finds matches with email addresses. They send an opt-out mailing, and the email addresses of everyone who doesn't opt-out are returned to the purchaser.
In the UK, junk mail does subsidize the postal service, so although you can opt out, they plead with you not to, as it would increase the cost of normal post by quite a margin. How much of this is real and how much is just them desperate to hold onto an income from companies paying them to shovel shit through our letterboxes is open to question. I do accept it in principle though.
If that switched en-masse to email, those contracts would expire, meaning snail mail prices would increase. The Royal Mail don't have any way to transfer delivery from paper to email, so they couldn't recoup those loses. Since email is free, nobody would make any money from these mass email contracts.
On the other hand it would cut down on a LOT of wasted paper, which 99.99999999999999% people take from door to bin, bypassing the eyeballs, some people do recycle but not enough.
While email is great for most communications, snail mail is sometimes required so it can't be allowed to die. I doubt it would die if they lost the junk mail contracts.
For me, the worst offenders are the magazines and newspapers you have to pinch at the spine and shake over a bin before opening, to release all the leaflets stuffed inside. Is it not enough that for every 5 pages of a publication, 3 pages worth are adverts? If that's the state of the magazine industry, maybe it deserves to die too. The internet has already steamrolled over many business models, what's another one to add to the list?
Perhaps a solution would be a commercial / personal email distinction at an ISP level with a legal backing. Personal email is always free, commercial email costs say 1p per email. Charities / schools etc would be exempt from charge too. Make it something you have to declare with your ISP and legally stand by. Spammers using botnets wouldn't be affected since they operate illegally anyway, but it'd regulate the "normal" "legal" marketing companies. Make it a legally enforceable requirement to ONLY email people who have opted in, and fine them for ALL breaches.
There is a trash can right next to my mailbox, which enables me to deal with paper spam about as easily as the electronic kind.
I do keep the little response cards with "return postage guaranteed" stamps, though. Those are great for gluing to bricks or other heavy objects you want to dispose of. Drop them in a mail box, and they not only get wind up in a mailbox at the company that spammed you, but that company gets billed for the postage, by weight. The heavier the object, the better!
Email filtering company MessageLabs reports that Egham, Surrey, on the suburban outskirts of London, is the town that receives the most spam in Britain.
"It's not like there's much else to do," said Boris Busybody, 77 (IQ), of Egham Hythe, idly whirling his four-foot penis around his head in a desultory fashion. "Expanding your manhood, growing your breasts, increasing your sperm ... the Lib Dem phone calls get a bit much. That's Doctor Busybody, by the way. My Ph.D arrived last week."
Spam has revitalised the local economy. Mr Busybody has given up cab driving and is now working a lucrative job processing payments from home after he sent them his bank details in response to an urgent security message. "I had that King Otumfuo Opoku Ware II in the back of my cab once. Very generous and helpful fellow."
The Egham Tourist Board has seized the day, with plans for a 50 foot tall penis sculpture at Junction 13 of the M25 on the exit ramp to the town. The sculpture will be encircled by a genuine imitation Rolex and spray a fountain of Spermamax, obtained at a very reasonable rate from a Canadian pharmacy. "You will search an hour for your underwear in the ocean of our spam!" is to become the new town motto.
"I did get a good one the other day," says Busybody. "Barrister Matthew Sergeant Busybody of MessageLabs said we could promote our town to millions of people just by sending them an advance fee to process our incoming email. The stuff they try! 'Scuse me, V!k@grk@ kicking in, got to go have sex again. Sorry."
http://rocknerd.co.uk
Yes, I think you've hit the nail on the head. Experian eMail Append overlays deliverable email addresses onto your active customer file and contacts customers via email on your behalf to obtain permission to communicate with them online.
By "permission" they mean they send you email until you complain. If they happen to pick an email address that is normally not read by a person, they don't get any complaints. (Not that I opt-out of spam; I block it.)
Further on, they state Retain your customers by keeping your brand top-of-mind through consistent, relevant and interactive email communications. Yeah, good luck with that. I know four companies that have just lost my repeat business.
Thanks to all for an excellent discussion.
To understand why this won't work you have to understand how e-mail works. We start from when you hit 'send' in outlook.
Your message first goes to your ISP's or company's outgoing mail server. Let's ignore that for a moment.
That outgoing mail server looks at the recipient- user@domain.com. So it uses DNS (the thing that converts a name like www.google.com into an IP like 74.125.93.147) and asks what the MX (mail exchanger) servers are for domain.com. Domain.com has those listed in its DNS.
The outgoing mail server then connects to the domain.com MX server. It says "i have a message from person@company.com for user@domain.com". If the MX agrees to take it, your outgoing mail server transmits the message, and the MX sends a confirmation that it is accepted. They then disconnect.
If you're running your own mail server, or are using a company mail server, or a different email system, your ISP has nothing to do with this other than moving your packets around.
The point is that email is not a single system that can be changed like raising the fare on the subway. If you're the city and you want higher subway fares, you just reprogram a few thousand turnstiles (all of which you own) and you're done. Email/SMTP isn't like that, SMTP is an agreement, a protocol which millions of networks and servers have chosen to implement. Email is just another internet protocol, no different than AIM, skype, HTTP/wwww, FTP, etc. It's just one of the most widely used protocols.
There is no central authority to enforce anything like e-stamps. For this to be enforced, the domain.com MX would have to say 'please give me a tenth of a cent before I deliver your mail'. The only useful way to handle that would probably be with a 3rd-party clearinghouse for exchanging the 'stamps', so your mail server would say 'i give you stamp ID (long stamp id number)', the destination MX looks that up with the clearinghouse, approves it, then accepts the message for delivery.
For that to happen, both your SMTP server and the recipient's MX would have to be modified to deal with these payments, and optionally require them for mail delivery. There are many different mail server programs out there, this would require all of them to be updated to support payments, and then (heres the hard part) all the people who run them would have to install those updates. Then anybody who runs a mail server would have to do some financial setup to let them accept payments and send payments for email. IE, every random geek and company and IT department and ISP that runs a mail server now has to jump through a financial hoop. If I run my own mail server, does that mean i get 2/3 of the payment (the recipient fee and the ISP fee)? Does my ISP get it even though I'm not using their servers? There will be great resistance to this.
The main issue is, it would *NOT* be transparent, not to anybody. This would be a large, time-consuming and very expensive implementation.
Now let's say best case scenario, lets say you get all the major isps and webmail providers on board (msn, aol, yahoo, google, comcast, timewarner, verizon, cablevision/optimum, charter, adelphia, etc).
Let's say they immediately set up their system to start dealing with these micropayments.
What happens to the (literally) millions of companies in the US and abroad who run thier own mail servers, but whos systems are NOT updated? Can they no longer send mail to all of the above networks, or is there a break in period? If the payments are optional, what incentive does anybody have to adopt them?
Also you say approved senders can send for free. Who is an approved sender? What is the qualification? If it's difficult and expensive, some of the large bulk-mailing companies will try it anyway, and the smaller legit companies are shut out. If it's easy to get one even for a small biz, then the spammers will get them too. If extensive investigation is performed on the applicants, that money has to come from somewhere, so it'll be expensive.
--IronHelix
I'm assuming you didn't see the humor in Matt Perry's post. I hate to sound like such a pessimist, but your solution and response is naively optimistic. Let's examine why.
ISPs already have a lot on their plate insofar as legislation and (potential) filtration goes. Forcing them to operate as a collection agency simply won't work. I also doubt anyone would advocate or appreciate giving credit card companies (i.e. banks) even more control. They've already demonstrated a certain incompetency in recent years that has most certainly been making news!
If you have to ask this question, you don't understand the problem.
E-mail has been effectively "free" since the inception of the Internet (more on this in a moment). As it stands, spam is killing e-mail, and fees intended to kill spam will only succeed in killing both.
We should also consider those ISPs which charge their customers on a per megabyte basis. In effect, users of such services are already paying a tax on e-mails they send; it's just that e-mail is often times such a small chunk of data that it would hardly go noticed, unless of course you were about 2KiB from a threshold that would require paying a little extra and happened to send an e-mail that bumped you over. In either case, charging on a per e-mail basis simply won't be accepted by users. They'll feel they're already paying for e-mail as part of their service plan.
And let's not even mention the technical aspect of it being "mostly automatic." There is no such thing. If you forcible turn off non-payment e-mail services, you kill e-mail as we know it. Without a great deal of unprecedented international cooperation (and good luck getting those governments who are probably influenced by people making money from nefarious deeds), this sort of thing simply will not happen. In fact, I predict two things will happen before any significant change is made to e-mail: IPv6 rollout or Duke Nukem Forever's debut.
No, the semi-humorous post in reply to yours is correct. It doesn't require the cooperation of a "few big [companies]" or a "[government] project." It requires cooperation from hundreds of individual businesses, ISPs, organizations, and governmental cooperation on an international scale. You can't just simply rewrite SMTP and say "here, everyone download this. This will fix the problem with spam." For one, you're assume the new system would be impregnable to spammers and two that it is a wide-sweeping, multi-platform solution that can just be fitted in place.
Here's a hint: It won't happen.
Not if, say, several dozen European countries (rightfully) decline to participate. Then what do you do? Shut off e-mail to all of Europe?
Remember, just because someone doesn't find it fair to tax their people more doesn't mean they're a "'shady' foreign" operator. They could be mindful of the rights of their people to freely exchange information. (See my comments earlier on "free.")
He who has no
My standard email address for sites I dont wish to give my real details to is bill@microsoft.com
I like to use nospam@foo.com or abuse@foo.com, where "foo.com" is the actual domain of the site I am entering my info to. (For example, microsoft gets nospam@microsoft.com).
Knowledge != Intelligence
Every time someone asks a question on how to stop spam, there's always some smartass expert that say's, "This is the year 200X, you should be able to filter it." Yet the reality is not everyone can lock down their exim, sendmail, etc. It is complex, and spam is still a vector for hell of problems.
A sysad could have all the orbs, dnsbl, spamhouse, etc filters in their system, and still the spam will make it through.
There's a lot of reasons the "volunteer" experts in irc on #debian, #ubuntu, #suse advice is bunk.
A user who has an exploitable web form mail script.
Outdated server software on unmanaged server. (ex: Fedora Core Version 4 running)
cPanel exploits.
Rootkits.
Broken SMTP server.
No Iptables firewall. (Don't laugh I've seen servers like this, with no firewall at all!)
Financially impossible.
Multiple binaries. killall -9 exim exposing extra binaries running.
Unless your willing to sit down 24/7 and monitor your /var/log looking for patterns, and flushing the /var/cache/mail to see what came in, searching through all your users directories for exploits, the chances are these experts advice will not work. Many hosting companies, individuals, have no idea how to deal with email servers, in fact they should just shut the port off and remove the server. Having hundreds of spam connections to your email server every second, doesn't make grepping the logs any easier. CIDR blocking networks of the top 100 spam connections, can ease it some. Blocking entire countries can help also.
I have watched spam destroy a hosting company financially. From trying to get off blacklists to forced outsourcing.
Frankly, the free advice and elitist attitudes for help isn't working.
At the same time, people should be able to send anonymous mail --IMO
And furthermore, the same volunteer experts are helpful with nearly everything else linux.
Anyway what works for you in your setup may not work for others.
CAN-SPAM has not worked. (if you ask me it's a place for a spammer to build a list)
In my final opinion here, I am not going to leave you without a potential solution.
My solution is, put your fucking unmanaged server behind a firewall. For example ipcop.
Somebody from germany hitting your FTP server every morning at cron time? iptables their ass and never see a packet again.
This goes contrary to the popular APF, BFD scripts. You could get a user complain they can't get mail from some server in china or .br but ...... You can always OPEN that back up for them, as opposed to the hundreds of hits every second, taking your entire server (with low ram) into PEGGED HIGH CPU, with the fucking exim/processing/var/mail snafu.
truth be told, I have not personally ever found a way to stop spam from a server, except by CIDR'ing their entire network's ass up until they behave. Not a fucking packet from them after that. Yeah hundreds of thousands of other piddly ass fucking servers IP from countries on the entire planet still come in. Get rid of the TOP ones though...
The other thing is, even if you do catch, or ping some fucking server in the USA, you can't stop them. Or get paid. I was told I could get paid for each spammer I caught. Problem is there's no way to legally stop them and prove you caught them. (That's a LAW problem) Or I would be doing this every day, as my primary source of income!!!
On one server, I blocked, .Cn, .Ru, .BR, .FR Some germans..um, the bogans, and using log statistics to sort the top spam sources . I managed to get the CUSTOMERS HAPPY, and the CPU from 99% to 2% idle. Not one complaint about an email not reaching the Falun Gong.
A user who fucks up and hits an email list accidentally is not spam. (though assholes out there try to make it like it is, with solicitors and lawyers) But at the same time ANONYMOUS should pass though, and at the same time the real spammers need LIFE in prison.