UUnet's Case Study, or The Trouble With Spam 189
Eggplant62 writes: "In the wake of recent reports of spam-friendliness at big ISP's like AT&T and PSInet, [this article] takes a pretty good look at the problems UU.net is having with enforcing their AUP when it comes to unsolicited email. According to the article, it can take "two to
four weeks to shut off a spammer's digital tap." The author of this article solicited news.admin.net-abuse.email for material for the article." Guess it isn't easy even for the big carriers to end the pink-meat congestion.
s0meb0dy f1re the LAWYERS (Score:1)
"PSINet confirmed the existence of the contract, which allows Cajunnet to send unsolicited e-mail messages directly from PSINet's networks, saying in a letter posted on its Web site that the contract was handled by a junior lawyer in PSINet's commercial contracts group and pledging to better educate its sales force.
"This would all seem to indicate that there are more pink contracts out there than the consumer is aware of," said Maurene Caplan Grey, a senior research analyst at high-tech market research firm Gartner. She said that while PSINet may have looked at such a contract to improve its flagging finances, the temptation for ISPs to secretly circumvent no-spam policies doesn't pay off. "My gut feeling is, assuming they get caught, it's not worth it. It's poor business form. You won't get partners. You will be blacklisted."
Yeh right. earlier in the article it mentioned that spammers don't give a shite about whether or not they are on the account for a few hours. it's all the same to them.
Furthermore, as we have the tech-world stock-drop known as Dot Bomb, more and more desperate folks will be turning to any moneymaking source possible. The number of USERS isn't gonna drop. the number of SPAMMERS isn't gonna drop. the number of successful ISPs is, and to stay successful a few will cater to the spammers' market, and many ISPs may let 'em sneak in while promising the bulk of users they are anti-spam with stern TOS's.
Re:"Broken Windows" approach to dealing with Spam (Score:1)
The problem lies especially in the fact that many other large ISPs can clamp down on a spamming user with very little interference from their sales or legal departments. 24 hours, let alone 30 minutes, is too long for a spammer to stay online. When you consider that some of these clowns set up T3's and OC1's and that they can blast 100,000 emails in about 17 minutes, there's where uu.net has it all wrong.
Rich
--
Consumer Watchdog! Yes, we're rough on bogus businesses! And today,
Consumer Watchdog reports on protecting you, the consumer,
from being consumed by dangerous products and phony packaging. -- Firesign Theatre
TINLC Unit #2309 Death to all spammer accounts.
Can Someone please explain this to me... (Score:1)
Re:uunet doesn't give a shit (Score:1)
Uhm.. UUNET is only in charge of their own network. They are an ISP, and if one of their customers is sending spam then it has to be reported to them so they can get cut off.
UUNET isnt 'in charge' of anything other than that.. They arent 'in charge' of spam - each ISP is responsible for use of its own network.
Only mail that actually originated from (or was relayed through) a UUNET IP address should be reported to abuse@uunet.com - if you are (or were) sending ALL of your spam there then all you are doing is wasting their time..
There is no central organization in charge of spam, and even if there was it would be useless.. Go read http://maps.vix.com [vix.com], http://www.mail-abuse.net [mail-abuse.net] and/or http://www.spamcop.net [spamcop.net] for real information on the topic of spam, and REAL things ISPs can do about it.
Re:Can Someone please explain this to me... (Score:1)
And did you make *absolutely* sure you actually unchecked their various "Do not list me in <some directory>" boxes? Otherwise you're address is available.
I even saw this attack once: I had an email address <somename>@usa.net. I used it in Usenet, and it got spammed massively. I have the account <samename>@hotmail.com, mail.com, usa.com, etc, etc. I've been VERY careful not to let these addresses appear ANYWHERE, and yet they've been spammed!
...It seems some spammers actually crosscheck usernames they've harvested in OTHER possible domains! These spams I received actually had a Cc line containing <samename> @ every big ISP from uu.net to earthlink.net.
I am the Raxis.
Re:The truth about shutting down accounts... (Score:1)
Port 25 filtering is evil! (Score:4)
Indeed, this seems to contradict the notion of free and unrestricted end-to-end service, as discussed recently on slashdot [slashdot.org]. Not to sound horrible here, but we all manage to live with spam pretty well, it's not like it's all that much of a hassle. I just keep a variety of email addresses to give out for different purposes. A few get a good deal of spam, and it's easy to run a script to delete first time messages from users I have never corresponded with from those accounts.
I just worry that, if we were try to really achieve a spam-free utopia, that it might well be at far too great a cost in freedom. I would rather deal with the occasional spam, then have the commercial bandwitdth providers filter my connection. And there is always the worry of false/vindictive reports leading to unfair account termination.
---
man sig
Re:If credit fraud is a problem, where's the FBI? (Score:1)
a cure for spam (that's not a filter) (Score:3)
There IS a cure for spam. A company I used to work for last year came up with some technology based on P3P technology. The idea is you set up an account and get an 'XNS Agent'. XNS is 'eXtensible Name Service'. You get your own 'XNS name' (via OneName.com or some other agency - some are free, some aren't). When you have your OneName, you can set up your XNS Agent to negotiate privacy with whatever online entity understands about XNS.
Here's the spam-killer idea my ex-boss had when we were working on the service: Build XNS into mail servers - the spec is completely open and available at xns.org. Make this like 'Caller ID for e-mail' (my phrase - I'm so proud
So, since the spammers would never take the time to confirm their privacy rules, the emails would never get back to you - and you could have the ability to configure your XNS email agent thingy to either dump those messages that didn't get authroized, or hold them for review, or whatever.
You would, of course, have to take a little more time in setting up your mail account on such an XNS-enabled mail server - set up the email address of those people and mailing lists you're on, so they don't get trashed, or bounce messages back into lists, etc. Small price to pay to actually destroy the entire spam industry, though, I'd think.
The neat thing is - all the specs are open - anyone can add it into their open source mail servers - it's encouraged! It also would mean that people wouldn't have to use special mail clients to use it - it's all server-side, hopefully with a web-based interface to configure your agent.
Pretty slick. Available, open source. Free personal 'OneNames' are available, etc. The OneName people _really_ know and understand privacy - I used to work there, I should know.
It's been frustrating receiving all the spam I have been recently, knowing there's a solution to spam out there, and noone is using it. *sigh*
=Tumbleweed (that's my OneName
Re:Spam and the road warrier (Score:1)
Re:Mail abuse, time limits, the RBL, and the DUL (Score:2)
Forcing use of a third party relay will cause lack of redundancy and create a bottleneck.
Another problem, reading between the lines here, is over user of dynamic IP addresses. On a cable modem or ADSL setup they make no sense at all. Since you need at least one IP per customer anyway. They can sort of make sense with dialup where you only need as many IPs as telephone lines, but can have more customers than telephone lines...
10 to 100 emails a day ought to do it. (Score:2)
Cheap SPAM filter. (Score:2)
I find this takes care of 75% of the spam get... Is sure is nice to again get more legit email then spam. I occasionally check the "filtered" folder for important messages, but rarely do I find anything of value in it.
---
Re:The truth about shutting down accounts... (Score:2)
Re:spam = pornography? (Score:1)
"Spam" denotes *any* e-mail sent blindly to people who didn't request it.
Whether it's penny stocks, pornography, or "SyberSchool" advertising - if I didn't ask for it, it's spam.
Re:Why spam is such a pain to stop. (Score:1)
Re:What is the real root of spam? (Score:1)
the problem is if you even wanted to buy the stuff you could.........bad links,false links or shutdown links
Re:What is the real root of spam? (Score:1)
damn it......i have a problem with my "nots" i leave them out tooooooooooo much. YOU CAN`T even buy the stuff
Sign of the times (Score:2)
He even admits he gets nasty phone calls and death threats but still insists this is a good way to advertise. Yep, it sure sounds like he is generating a lot of good will towards his comapny this way. What really gets me is he (and those like him) honestly do not see the problem, he just sees spam as a way to cheaply reach a whole lotta people. So we get to help foot the bill for his advertising .
Other ISPs that spend money for excess capacity to handle the spam e-mail -- up to 40 percent of traffic -- bear the financial burden, a burden eventually passed on to consumers, he said.
Nace takes exception to being called a spammer
This kind of mind set is actually worse than the blatently obvious scams and porn spam since his kind will lobby that his use of unsolicited e-mail is a legitimate and respectable way to do buisiness and should be protected.
spam = pornography? (Score:2)
What kind of life does he live that he gets only porn spam? I see mostly beggar stories and MLM schemes.
Maybe spam could be declared "indecent" by the courts, and you'd have to prove you're over 18 to look at it. Why would anyone bother?
The truth about shutting down accounts... (Score:4)
So response time is not always the main issue.
..remember kids hormel is the devil
/V\4|}
My Experiences Have Been Good (Score:1)
I sent an e-mail to Prohosting, and they promptly removed his site. I don't know if it ever went though, but I know on their web page, spammers get charged $100 per complaint that prohosting gets. The thought that some spammer got charged $100 thanks to me makes my feel warm and fuzzy inside.
Perhaps people would be less inclined to spam if there were actual repercussions, like being charged large sums of money, instead of just getting kicked off.
Spam != Pornography (Score:2)
ISP-wide spam: is there a solution? (Score:2)
I know that this messageboard is a haven for "script kids" and other hacking types, so I'm sure one of you knows the answer. I would like to integrate knowlegde of such hacker practices into our MCSE+Internet certification, but the program's technical director is stumped. Any clues?
See you in hell,
Bill Fuckin' Gates®.
What a timely article (Score:1)
Re:Spam and telemarketing... (Score:1)
ISPs should set up decoy email accounts. (Score:1)
If someone hits those addresses and is verified to be online as account holder of that ISP, that user is automatically suspended. Can be done with participating ISPs too.
If mail hits those addresses and can be confirmed with reasonable cause to be spam (hits those addresses and > 10 other people) , it is automatically removed from mailboxes of all customers subscribed to the optional spam removal service.
With millions of addresses on their lists it'll be hard for spammers to figure out which are decoys and avoid them.. And setting up decoys can be just about as cheap as sending spam
You have to be careful to ensure that legitimate customers aren't tricked into spamming the decoy email accounts. Trojans can do that
Cheerio,
Link.
A creative way to fight spammers (Score:2)
© Copyright 2000 Kristian Köhntopp [koehntopp.de]
All rights reserved.
DUL doesn't do relays, use RSS (Score:1)
Much of the UUNET spam being reported to the MAPS DUL Project happens to be relay spam. This isn't helping the DUL Maintainers because they're already listed. You want to use MAPS RSS and DUL at the same time, and report open relays to RSS as found. See The RSS Project. [mail-abuse.org]
Re:A Solution (Score:1)
Fake info was "re: why spam is so hard to stop" (Score:1)
Maybe ISP's should be a little more careful before they accounts are opened.
It should be possible to tell if the credit card number is fake (gee, maybe check with the CC company).
If false information is used then the ISP should report them to the police.
I suspect that if they did this, part of the spam problem would disappear....
TOS (Score:2)
Too bad for you, thank the spammers. (Score:1)
You've been caught in the middle of this little spam problem and I feel your pain. Unfortunately port blocking and projects like MAPS DUL won't go away any time soon because spammers won't go away any time soon.
The worst DSL related listing in DUL has to be Sympatico Ontatio [mail-abuse.org]. This is an exception to the DUL rule of not listing DSL because Sympatico HSE uses PPP(over Ethernet) and can't guarantee the same IP, and they've turned a deaf ear to MAPS and to the Internet community when we complain to them about their spammers.
If the broadband provider's mail server bites, too bad. Find another broadband provider with better service or do what I did: Stick with ISDN and pick and choose between any ISP that does 56k (any server doing v.90 very likely supports ISDN transparently).
I also suggest you read your ISP's terms of service carefully. Chances are they forbid running servers on those connections for the same reasons - too much network abuse.
You might want to read some letters [mail-abuse.org] people wrote to the DUL Project about this, and the responses.
Sneakemail (Score:1)
On a consumer level, one of the best ways to fight spam is be proactive on a marketing level. We created a service called Sneakemail [sneakemail.com] that lets the average user implement the "get your own domain and make a new address for each use". Our philosophy is to reduce the "value" of email addresses given out to ebiz while keeping the "value" of them for you the same. A disposable sneakemail address has less value for an online business, its only just a temporary and revokable contract of contact between you and them and has little value for resale. Its also in an ebiz's best interest to keep that address to themselves because spam sent to that address from elsewhere can be very easily traced back to them.
The whole spam war is sorta like the war on drugs, the harder you make it for spammers to get spam to your inbox, the more valuable the spam becomes and the more its worth it to them. But if you take the value of your email address for them away its probably not worth their time and money.
What we need are killfiles that really kill. (Score:2)
I hereby pledge that if I am ever summoned for jury duty because somebody physcially LARTed a spammer to death, I will argue that it was justifiable homicide.
As has been said before by others: I'm not trying to sound like a cold-hearted bastard, but I am a cold-hearted bastard, so that's just the way it comes out sounding.
Re:spam = pornography? (Score:2)
Because Viagra is a trademark of Pfizer, and they don't wanna get nailed for infringement.
Because Viagra is a prescription drug, and they don't wanna get nailed for practicing medicine without a license.
Each of these excuses is about as good as the nonexistent "S.1618" law spammers like to cite. (Rule #1: Spammers lie.)
Feel free to forward all such spam to the FDA. The reporting address is available a few pages into http://www.fda.gov [fda.gov]
(And is it just me, or is about half the spam I get from Florida, and about half of that from dialups in Pompano Beach? Judging from the spam I get from Florida, I'm really not surprised at how many Floridans are too dumb to figure out how to punch a hole in a card...)
Spam and telemarketing... (Score:3)
One solution advertisers are using more and more as people become immune to typical methods is product placement. TV show, movies, etc., are now filled with "products" in use or on the set. Of course, the stuff spammers are selling is a little harder to use with this method...I can see it now: "Quick, get the guns, we're gonna have to...wait a minute...I don't have to do this...I've made millions...(to viewer)...you too can get rich quick with my new scheme to..."
lol. Never mind
semi-off-topic: slashdot needs to change spam icon (Score:4)
We do not object to use of [SPAM] to describe [unsolicited commercial e-mail], although we do object to the use of our product image in association with that term. Also, if the term is to be used, it should be used in all lower-case letters to distinguish it from our trademark SPAM, which should be used with all uppercase letters.
(emphasis mine)
it seems that Slashdot ought to have a new spam icon. See http://www.spam.com [spam.com] for more info.
---
Santa Claus: "Ho ho ho!"
some things dont seem to make sense: (Score:3)
Background:
1: The port 25 block. This is mentioned in the article. In a perfect world, a user should only be able to send to their local mail server. Ie: When a user sets up their new ISP, they have to enter the name of their SMTP and their POP server.
With that being said, it should be logical that UU.net should set up their router filters to only accept traffic going to port 25 on their mail servers. Traffic going to port 25 anywhere else should get blocked. If you have a local UU.net account you should use the uu.net mail server.
Now what about road-warriors? the sales people out in the field who need to send mail?
2 things:
1: They probably vpn in, so that does not even matter. otherwise:
2: If you allow any uu.net address to relay via your mail servers, you have a hosed situation.
2: The second option would be for UU.net to provide the IP ranges for its DIAL Up pool to the DUL project run by MAPS.
This project takes Dial up ranges, and blackholes them from connecting to your network. They too follow the idea that you should only connect via your dedicated mail server.
Now the bonus of step 1, is that all of the mail going out of your network goes through mail servers you control, you can do certain checking,
like anyone who is sending mail to 500 BCC'd recipients (multiple RCPT), or if they are using multiple RSET commands to send out the same message but with different subjects, should get rate limited/checked.
Or you can put additional IP information in the message envelope, so that they can be detected easier.
The win with the DUL, is it lets the rest of the net be able to only accept mail from uu.nets mail servers, and takes the cpu overhead of additional filtering off of their routers.
-- C
Re:Credit card re-use... (Score:2)
If so, that's a big 'o can of worms.
That reminds me, I have some of the new "smoked" flavored SPAM I have yet to try. Hate the real spam as muhc as you want, it tastes good sliced n fried with a touch of tobasco sauce!
Re:Spam != Pornography (Score:2)
Re:a cure for spam (that's not a filter) (Score:2)
Another thought - do you really want people that dumb on your mailing list? I sure wouldn't.
I think it's a remarkably small price to pay for getting rid of spam once and for all, without having to modify all the e-mail clients in the world.
Re:What about stamps & lots of gray areas (Score:2)
Why do people bother to trot out these tired old false analogies? I don't pay to receive any of this crap; I do pay to receive spam.
In addition to supporting the medium, there should be some rules about what kind of content is allowable in these emails.
Out of the question, and your attempt to hitch your pet cause onto the unrelated issue of spam puts you on the borderline of trolldom.
The second issue is that this mob rules mentality that most anti-spammers seem to have screws up other legitimate uses of email.
Classic blame-the-victim fallacy. The spammers, not the people resisting their parasitic attacks on the system, are to blame for the climate of suspicion which currently prevails against legitimate (i.e. subscribed) bulk e-mail (particularly given that spammers attempt to disguise their garbage as "Information You Requested").
The "Newsletters" that many sites send out seem to fall into a gray area that threatens to eliminate this otherwise useful feature.
Newsletters for which an explicit subscription request has been filed are in a white area. "Newsletters" for which no such subscription request has been are in a black area. There is no gray area.
/.
anti-spam HOWTO (Score:2)
Mail abuse, time limits, the RBL, and the DUL (Score:3)
The idea of creating a real-info blacklist has been bounced around a few times and generally rejected as legally infeasable (would generate too many lawsuits), but still, I keep wishing that as long as ISPs are using AUPs that are incredibly restrictive on users they might as well go all the way and put in a clause stating that by joining the service, you agree that if you are terminated for abuse, the reason for termination and any personal information submitted for the purpose of gaining access may be distributed to all other ISPs that are interested in making account acceptance decisions based upon that information. Maybe give it a 3 or 7 year expiration, kind of like bad credit. Access to a list like this might give even slow ISPs a chance to keep ahead of the problem by preventing it from becoming an issue.
But enough dreaming. For now, we have to make do with whatever technical solutions are available, whether they be RBL-like general blacklists or personal filters. At least those with skill tend not to be spammed much.
The second issue brought up by the article (albeit somewhat indirectly) is the gradual blockage of direct access to mail to dial-up users, either by blocking SMTP at the router level, or by using the MAPS DUL [mail-abuse.org]. Despite having great sympathies for the desire to relieve the general frustration caused by spammers with disposable accounts by simply removing one major source of those accounts from the picture, it unfairly places the communication ability of anyone not rich enough for static IPs at the mercy of the frequently abysmal performance of the mail server of their ISP (@Home, for instance, has mail servers that go down on a regular basis, and despite repeated claims to the contrary has been losing a rather disturbing amount of e-mail altogether) -- whether or not that ISP is having any more difficulty controlling its dialup/dynamic-ip users than it is its users with static addresses. Granted, a number of ISPs are filtering at the router or submitting their dialup addresses directly to the DUL themselves, but I have yet to see one of them disclose in their advertisements that they provide a crippled internet connection.
So in summary, what we still need to control this problem ourselves is a better way of publicizing the e-mail distribution points that take a long time to deal with spammers, and a better way of identifying only those dynamic address ranges belonging to ISPs that are either incapable of dealing with their dynamic-IP userbase or have given up on it completely -- and then a centralized location to check up on ISPs with broken services ahead of time, sort of like a Better Business Bureau for the internet.
How to do it? I have no idea. Here's to hoping someone else does.
Why spam is such a pain to stop. (Score:5)
Spam isn't as easy to stop as most of the 'tech savvy'
First off is your atypical newbie moron spammer, who gladly gives you all his correct information, gets online, and fires away, gets disconnected immediately, gets blacklisted.
Next you have the more technical spammer, who has an array of fake credit card numbers, false names, false addresses, and so on. He'll setup six or seven accounts on one ISP, usually something like AOL or UUnet, and bounce around with these accounts, spamming. On and off before they can catch him in the middle of it.
Third, you have the guy with a pile of lawyers working for him, that's going to negotiate and hardball his way into a contract with an ISP that lets him spam.
The only remaining spam-friendly ISP was AGIS. Why 'was'? That policy was changed due to something like 60%+ of their customers cancelling after the announcement. Remember Spamford Wallace? He was the guy they hooked up first, and he was the guy that lost them a lot of business. Companies blocked AGIS - my employer at the time filtered all of AGIS' netblocks immediately, to prevent incoming spam. Some providers, ie; PSInet, have negotiated contracts with 'big name' (aka LOTS of spam) firms that allow them to spam to their heart's content.
Now, you've got a spammer. We'll say your typical type 2. And you want to shut him down. Not that easy. Because you do NOT have a common factor, including where they're dialing in from, they can CONTINUE to abuse your service, and there's not much at ALL you can do about it till they slip up somehow, which most sales droids are NOT going to be aware of. They'll just keep bouncing around and evading. And if the ISP gets blackholed or filtered all over, they'll just jump ISPs entirely. These are the pricks that cause the most damage to ISPs. They usually also use the ISP's SMTP server - best thing you can do is to disconnect them the second you see it, and pray they don't have more accounts. I've had to deal with a couple of these in the past, and we had one guy sign up for *SIXTY* accounts in *ONE DAY*, all with different information. When we FINALLY figured out who it was, we were ONLY able to kill the accounts because we had relatively few (around 2,000) and knew when they were added.
Now, say you have someone who bought a leased line and ordered it up deliberately for spam. You can't prove it beforehand, and some of the software out there makes it incredibly hard to find the true source. You have to catch them in the act most of the time. And the best you can HOPE to do is to do a shut on their interface. That's assuming you don't have a legal department that you MUST consult before disconnecting a customer for a contract violation (ie; spamming) and who MUST sign off on the disconnect order - I had to deal with this before. In some of the larger shops, ie; UUnet, AOL, etcetera, you have to go to your legal group and get them to sign off on a disconnect, then you have to go to your engineering department, who may or may not have to schedule it as a change management, who may or may not have to get their managers to write off on it, who may or may not have to go further up the chain. In other words, typical corporate bull will typically tie up a spam disconnect for over a week. It's the cold reality. If you disconnect a customer who WASN'T spamming, they can and likely WILL nail you for breach of contract on a leased line, and that could cost your company MILLIONS. Legal wants proof, engineering wants time and to be left alone, management just wants the mess out of their hair. Plus the overworked abuse departments do not help, as most complaints go there. Where I worked, we had a two person abuse department, who typically had a three week turnaround on initial reply.
You have to take all these kind of things into account. I'm certainly not saying UUnet is doing a great job - they aren't - but they're doing the best they can. I'm not personally aware of any contracts UUnet has negotiated permitting spam, and they usually *do* disconnect a customer for spamming. Other providers are far worse. You can whine, scream, complain, and moan all you want, but spam is not going to go away overnight, and policies at these places don't get changed overnight, if at all. UUnet has their policies, as do most other providers, and the tech that ignores them and just unplugs that spammer is going to find himself out of work almost immediately.
A lot of the posters definitely need a good dose of reality, because this is how it is. It's not just unplug the guy. Maybe the Mom & Pop ISPs have that luxury with dialups, but the other ones? Not a chance. So you're just going to have to live with it. Build your own filter lists, update them, etcetera, and quit whining about these companies being unable to stop it immediatley. You want it fixed? You go get a job in management and fix it yourself. No amount of your screaming is going to change a thing.
=RISCy Business, who doesn't give a damn what you think.
your company here. [fuckedcompany.com]
spamming direct vs relaying (Score:3)
If a major ISP wants to allow a spammer to operate, then the way they should do it is to require it be done from a dedicated circuit, and to prohibit relaying through any mail server not listed in the DNS for the destination address. Such an operation is very easy to block on the receiving end. In addition to RBL/DUL/RSS, I also have my own DNS zone to block my own set of IP addresses.
My point of view on this is that if someone actually wants to be a part of this and get spam, they should be allowed to do so. Likewise, someone who does not should not have to. I'm not opposed to an ISP that wants to allow spammers to send bulk email in a legitimate (e.g. identifiable, easy to block) way. Anything less is, IMHO, fraud (and if the ISP knows it's going on, is a party to the fraud, also IMHO).
What I want to know is if Nace and SyberSchool are sending their email direct (doing normal DNS MX lookups and sending to the designated host) or if they are doing relaying through innocent third party mail servers. If it is the latter case, then I think they should be cut off. If the former, then I have no problem with it because I can block them myself very easily (your ISP can, too, if they want to).
Re:Effectiveness of SPAM (Score:3)
I've only had a ``gut-feeling" answer to your question until I stumbled across the following about six months ago. It is the only fact I have seen about this anywhere. (Yes, the writer is from AOL. But I am still amazed at a response rate far above the typical 3-5% for junk mail.)
Until I read it, I always thought the way people made money from spam in this manner: spammers found marks, promised them alot of money if they let them advertise for them on the Interent, sent out the spam, & made off with the money while the mark took the fall. If this email is any indication, a spammer may actually get useful leads & make somem sales from engaging in this obnoxious activity!
Geoff
[from http://www.zdnet.com/tlkbck/comment/82/0,9586,821
Name: Patti Illingworth
Email: plifrog@aol.com
Location: Reno, NV
Occupation: Secretary
I am a small business and use the computer on an individual level. We are not
network but we have the same problems. I also use the internet for personal
things, such as just enjoying it. I get quite a few commercial spams and LOADS
of the porn crap, which I am not interested in. I am with AOL and they have an
email address that I just forward the junk to. I have never gone so far as to
CLICK on one of their hyperlinks and don't intend to. The biggest bother is just
spending the time forwarding and deleting it. Someone did get into my computer
once with a Trojan Horse program and somehow got my password and sent a lot
of this trash out in my name. I was temporarily kicked off of AOL and had to
spend a lot of time just getting rid of the stuff. Overnite, I had 450 messages from
people responding to whatever it said (I never did see the original letter) about
80% were very angry and called me every name imaginable. The other 20%
were responding positively and wanted more information. What a mess that was.
I am aware that it is going to be a difficult thing to stop. We just all need to not let
it bother us and keep on living. I have gotten over being frustrated by it and just
know that some of my time each day will be spent getting these jerks off of my
machine.
Thanks for letting me vent.
Re:Effectiveness of SPAM (Score:2)
> wasn't likely to for very long (if at all).
And your response brought out another: there is far more rumor & myth in circulation concerning spam than there is fact. (Sorta like the other other boogie men of modern life -- the drug trade & child pornography -- your cite, including the other links on the Salon web page -- effectively tripled the literature I could quote about the effectiveness of spam advertising.)
I guess I have to revrt to my original assumption about spamming: the only people making money from this are the folks selling the mailing lists or software to other folks who then send their solicitations to millions of email addresses, & lose their Internet access in exchange for a handful of responses -- if they are lucky enough to receive them.
Like P.T.Barnum once said, ``There's a fool born every minute, & two to take him."
Geoff
Blocking further up the line... (Score:2)
Get a provider with a clue. (Score:2)
---
Re:Port 25 filtering is evil! (Score:2)
I agree with what you say, but places that filter port 25 simply provide an SMTP smarthost that you can send your email through instead. It's one line in the sendmail configuration, and often their smarthost is allowed to send email to more servers than your home machine would be anyway (e.g. if you claim to be in some domain they don't know about). I think it's a good compromise myself.
Re:Buying a Domain for Email (Score:2)
If you run your own mail server or an ISP, just block most of the spam via RBL [mail-abuse.org]/DUL [mail-abuse.org]/RSS [mail-abuse.org] from MAPS [mail-abuse.org]. If you don't run a mail server, choose an ISP that does these things for you on theirs. That will block most of your bandwidth waste.
Re:The truth about shutting down accounts... (Score:2)
Re:Truth to $500 fine? (Score:2)
(B) an action to recover for actual monetary loss from such a violation, or to receive $500 in damages for each such violation, whichever is greater, or
(C) both such actions.
This is about Fax spamming...Or misuse of telephone equipment... If you look at it loosely enough, email could apply... In the real world, I doubt it would hold up...But heck, there are some good lawyers out there... (Good being figurative =])
All I have is the Section # and title:
Sec. 227. Restrictions on use of telephone equipment
You could do a search on that, and find it though, I'm sure..
Most of my spam comes via Slashdot (Score:2)
There really aren't that many different spammers. There are probably less than 100 people behind all the spam. If spamming was illegal, and some lawyer made a business of going after the top offender on Spamcop every month, spam would be gone in a year or two.
Re:The truth about shutting down accounts... (Score:2)
Your problem is you (the major ISP you worked for) were not pro-active about preventing spam. Obviously you intended to do nothing but clean up after the mess was made, and so you did.
Dynamically addressed dialup accounts (which is what most spammers have used and still use) should not have direct port 25 access. Those accounts are limited accounts, anyway, and should send all mail only through the designated mail servers run by that ISP.
After having 2 cases of "spam and run" done on dialup accounts at the ISP I used to work for (and continue to consult for) I put in place a block on port 25 outgoing for all dynamic dialups. That was over 2 years ago and there hasn't been an origination spam incident since then (relaying was also blocked separately). I personally use another major ISP [mindspring.com] for nationwide roaming dialup purposes, and they do this (I tested it). UUnet should start doing this. Although it wouldn't stop SyberSchool, it would stop most of the spamming which comes from their dialups.
What is the real root of spam? (Score:2)
Kind of like that Simpsons' Halloween episode where the commercial mascots went nuts until everyone ignored them.
solution (Score:2)
UUNet isn't hte only problems, a lot of spam comes from
It's Getting Better. Really. (Score:3)
Last week, I had a problem with a PSI customer with a stuck browser who was (accidentally) hammering our shopping cart script. I called up the number listed in the WHOIS record for PSI.net. A few simple keypresses and maybe 20 seconds later, I was connected with the abuse department. I was speaking to a real, live person! The representative was friendly and understanding and willing to take immediate action against the abuse. She requested that I send logs to abuse@psi.net and while I still had her on the phone, I was to wait for a trouble ticket number. A few seconds later, I gave her my trouble ticket number and she took action while I was still on the phone with her. Amazing.
I used to work for a large cable modem ISP and our "Abuse" department at the time was one lady and an always-full voicemail system and mail queue. Keep up the good work, UCE crusaders. It's finally paying off.
Re:Spam on LinuxBase.org (Score:2)
More BS from the same people who bring you all the chain letters about the FCC banning "Touched by an Angel".
Bill s.1618 was proposed, and quickly shot down..
Steven V.
Re:some things dont seem to make sense: (Score:2)
With that being said, it should be logical that UU.net should set up their router filters to only accept traffic going to port 25 on their mail servers. Traffic going to port 25 anywhere else should get blocked. If you have a local UU.net account you should use the uu.net mail server.
Unfortunately, most of the problems are not with UUNet accountholders, but with people that UUNet resells dialup POPs to.
For example. ABC-Dialup (say) uses UUNet to provide dialup access, charging their customer for the use of mail.abcdialup.com. They use radius attributes so that when the customer dials in, they can only connect to port 25 if the machine they are connecting to is mail.abcdialup.com... otherwise, the connection is blocked.
Now, an evil isp, msn.com (say...) does the same thing, but they don't implement said radius attributes, because there is no Visual C++ interface to Cisco equipment (actually, they're not Cisco radius equipment. Starts with an A, but I'll be damned if I remember what they're called). Thus, msn customers can connect to open-mail-relay.com and spam to their heart's content. When complaints return to UUNet (owner of the originating IP), UUNet has to turn around and go through msn's abuse department to try to get the spammer shut down.
2: The second option would be for UU.net to provide the IP ranges for its DIAL Up pool to the DUL project run by MAPS.
IIRC, they do. 63.0/11 appears to be the bulk (heh) of it.
By their very definition, open relays usually don't follow the DUL very closely...
Now the bonus of step 1, is that all of the mail going out of your network goes through mail servers you control, you can do certain checking, like anyone who is sending mail to 500 BCC'd recipients (multiple RCPT), or if they are using multiple RSET commands to send out the same message but with different subjects, should get rate limited/checked.
Until you get raped by some administrative escalation because some church newsletter can't be sent because you limited the maximum recipients to X people and this person happens to be the golfing buddy of the President of the Company...
Re:Mail abuse, time limits, the RBL, and the DUL (Score:2)
Is it really that difficult to write a database which does just that...
It also makes it harder for the customer to run a server, which most broadband companies don't want you doing anyway.
In practice they do little to stop running of "servers" especially the like of web servers which tend to involve short TCP transactions.
Re:A Solution (Score:2)
Pick an account. Aol, yahoo, whatever. Start replying to spams. Act interested. Act like some idiot fool with cash to burn. Sure, you'll get added to even more lists, but odds are that the original spammer will REPLY TO YOU to get more information.
And what do we now have? THE SPAMMER'S ADDRESS.
Maybe it's not his personal account. But it sure as heck is one he cares about. He checks it for his business. It is very critical for him to have a business account to contact his clients (cough-easymarks-cough).
This sounds very promising, except that spammers are normally either reachable by phone, or they have a website they are promoting. From what I've heard about reading up about spam in various forums, they don't tend to use a real email address to do business - well, they'd get spammed if they did that, wouldn't they!
It's the fraud that's the problem (Score:2)
You might possibly be able to convince me to see your viewpoint if 90% of my spam wasn't out-and-out fraud/get rich quick/pyramid schemes. A lot of these things that the spammers are pushing are flat out illegal (under U.S. law), and some people are uninformed enough to buy into them. So maybe port filtering is not the answer, but I don't think spam is okay to live with, at least not the type I'm accustomed to receiving. This is people abusing the system. And unless we continue to fight back in force, it will get worse. There is no doubt in my mind about that.
- Scott
------
Scott Stevenson
Re:Why spam is such a pain to stop. (Score:2)
The problem is in the response to SPAM. It wouldn't matter so much that it takes 3 weeks to disconnect a spam account if there was a contractural penelty of $10,000 per message for spamming. Most spammers are in the business because spam is cheap. Their whole operation is based on a 1% or less positive response to spam. They see it as profitable because the spam costs practically nothing to send.
At $10,000 per message, the potential contractural debt is ruinous for spammers. In addition to a clause about unsolicited commercial e-mail, the contract would need to spell out specific things that are spam. For example, sending out any advertisement whose headers don't point back to the advertiser's account. Sure, out of a million, you'll only have definitive proof of a few dozen, but at $10,000 each, that batch of spam just became unprofitable.
To avoid accidentally bothering legitimate users, set things so the spam clauses don't kick in for the average user. For example, the fines and penelties don't come into consideration unless you connect to sombody elses port 25 OR you send more than 1000 emails through your assigned mail server. Surely, at least 99% of your legitimate users will be immediatly exempted by that while no spammer will be. If you want to be more sure, stipulate that connecting to someone elses port 25 is still exempt if you send less than X KB to other people's port 25.
Given that plus the fact that you have had complaints against that account (tracked down based on IP address and time) the vast majority of cases that must be reviewed based on the other spam criteria are actually spammers. Don't disconnect the line and risk being sued, just call them up and notify them of the substantial charges to their account.
As far from perfect as those measures might be, it's at least something. Perhaps ISP's should fund their abuse departments based on a principle similar to spamming. You'l only collect that $10,000 fine less than 1% of the time, but that small percentage is enough to pay for equipment and personel. If that doesn't cover it, up the fine.
Re:The truth about shutting down accounts... (Score:2)
A spammer will use stolen credit cards and do online signups with these, set up a mailserver on their computer and spam away the first time they log on and continue until we get the the NMC to kill their connection.
Turn all information over to law enforcement. Credit card theft is a serious crime and involves real jail time. Use caller ID to assist police in tracking down the thief. Solve two problems at once.
Re:The truth about shutting down accounts... (Score:2)
The trouble with this approach is the small but vocal minority of people who absolutely insist on running their own mail server.
I used to do that, but it's not worth it anymore. Many servers (well within their rights) refuse email directly from a dial-up netblock in order to reduce spam.
Re:Why spam is such a pain to stop. (Score:2)
I think simply connecting to someone else's port 25 is ridiculously wrong as a criterion.
It is probably better to use that in conjunction w/ a KB limit. Either way, meeting that criterion shouldn't in itself incur the fine, it should just be one criterion. There would also have to be multiple complaints and reason to believe that it was actually unsolicited and commercial. I say multiple complaints to eliminate most cases where someone (possably a spammer you help to nail) wants to be an @$$hole by signing up for a mailing list and then complaining.
Re:The truth about shutting down accounts... (Score:2)
The whole point is that the system be hard to abuse, by default. Stop spammers from being able to make ten fake accounts per day without leaving home.
Re:Mail abuse, time limits, the RBL, and the DUL (Score:2)
If you ISP provides bad mailer services, then choose another ISP. If you're stuck with a single ISP because it's a cable system, consider switching to DSL if that is available. If not, then be sure to voice your concern by making sure you call up their technical support department EVERY SINGLE TIME anything wrong happens. Demand to open each as a separate incident. There is no excuse for having shitty mail servers, since there are plenty of people around that know how to run mail servers right. And tell them I said so. And be sure to tell the tech support people that they wouldn't have to put up with all this if they would just wake up the sysadmin and let you talk to him directly. And find out the names of other people in your area having the same problems and make sure they are doing the same. And plan some "tech support phoning parties" at certain times, where you all call tech support at the same time.
Re:Effectiveness of SPAM (Score:2)
This is a general problem. Salon did an article reporting their miserable experiences in trying to respond to spam [salon.com]. Basically, they couldn't get through to anyone!
So aside from the common sense of the recipient, there is a real question how would-be suckers can actually learn where send their hard-earned money when spammers are so elusive. Web pages are one answer, but In the weeks after that Salon article, I tried a few times, and found that the spammer Web sites were usually either dead or empty.
Much (but by no means all) apparent spam is actually meant to harrass the unwitting "sender", either as a vendetta or a blind script-kiddie prank. In managing several domains, I have seen a lot of spam that would never be commercially viable because the sender could never, even in theory, get a reply.
Of course, if there are only a million idiots out there, and each of them periodically decided to 'give it one more try' with that software they wasted $35 on... that adds up to many billions of spam a year, and that's still just a drop in the bucket.
Re:UUnet: Utterly Useless (Score:3)
This is the list of top sources of spam as reported through their service - #1 is UU.net with 43811 reports. #2, a distant second, is sympatico.ca with 3168. Draw your own conclusions.
Re:The truth about shutting down accounts... (Score:2)
When you (as an ISP) decide to block outbound port 25 from dialups, you have to be aware that you will alienate these people. That may be a tradeoff you're willing to make - but you shouldn't just assume they don't exist.
Re:Most of my spam comes via Slashdot (Score:2)
Spam reminds me of someone breaking into my house to write commercial messaages on my sticky-notes and paste them to the middle of my monitor, and then yelling at me because my pen's running out of ink. "How dare you let your pen run out of ink? I need to use that pen to save trees and exercise my right of free speech!" :P
"Broken Windows" approach to dealing with Spam (Score:5)
This seems like an area where a faster, tougher response to spam would greatly reduce their problems with it. If UUnet were to have a working group that spanned the legal, sales and abuse departments that pretty much responded to spam within 12 hours (or some similar short time) and expedited dealing with it, sure, that would cost them a lot more money.
On the other hand, they'd ultimately have less work to do; how many spammers would use the service if they knew that they'd get about 24 hours of use.
A further twist would be placing some sort of brake on large amounts of outgoing mail - perhaps every 10 complaints received reduces the # of messages per hour by 10% that UUnet will handle from these people (or further, artificially choking off the bandwidth of outgoing packets that are directed at port 25 - although that might be infeasible technically). If it turns out the complaints are not well-founded, then the brake could be removed.
Of course, if the ISPs are colluding with the spammers, there's not a whole lot one can do.
1/2 of it (Score:2)
On the other side of the coin, if we get a phone #, who is to say that they don't get several dozen random phone calls from a DialPad bot?
Re:The truth about shutting down accounts... (Score:2)
If my cable modem company started blocking port 25 I'd only be able to send mail about 75% of the time. Their mailserver (mail.rdc1.il.home.com) is so unreliable as to render it pretty much worthless. So far I haven't had too much trouble with sending mail from my 24.0.0.0 IP address, If it starts getting blocked a lot I'll have to find a different solution, but using the ISP's server is a pretty bad one.
_____________
Re:Spam and telemarketing... (Score:2)
Re:a cure for spam (that's not a filter) (Score:2)
Anyway, the more I think about it, the better XNS-enabling the mailing list software sounds - that way things can be automated, along with privacy rules - people could be assured their e-mail address won't be used for various other purposes, etc. Also, with XNS, if their email address changes, the mailing list could be notified automatically, all without any intervention from the user or mailing list manager. There's a LOT of benefits to XNS besides anti-spam (that was really just an afterthought.)
what a moron! (Score:2)
Nace takes exception to being called a spammer , a term he associates with pornographers. UUNet's reaction, he said, was unwarranted. "This is a clear-cut case of the big corporations telling the small operator, 'screw you.' " LOL!
Buying a Domain for Email (Score:5)
However the BEST way to go spam-free is to buy oneself a domain that has never been bought before. I have unlimited POP3 (within the space limits that my hoster provides) for myself a few of my friends. I have been spam free on my domain email for just over 2 years now. Not one single one. It's worth the price of email hosting. Just make sure no one has ever had the domain before and let it go back up for sale. Another of my domains have spam associated with certain email addresses. Careless past owners and users! It was funny though seeing the "kmoore" that previously had an email account has subscribed to various porn sites.
---
Re:spam = pornography? (Score:2)
BTW, why do they usually put V----- in the email instead of the word? Do some mail servers filter email like browser censorware filters web pages?
Re:Spam and telemarketing... (Score:5)
The actual out-of-pocket costs is minimal to the spammer.
What will stop spam?
When the cost of spamming exceeds the benefit.
With the present US legal system, how can the cost of spamming be increased? Lawsuits.
How to do this?
1) everyone who wants to feed the local ambulance chasers/people who like small claims actions/ppl who hate spammers have to be willing to buy create and sell debt so the others can buy that debt and then can take spammers to court.
2) Software to act as auto-billing and clearing house for the mail analysis debt. (to make it easy for the spammed to help the local ppl to spammer to have to potential to make money)
3) people willing to change their mailers to note that this system accepts mis-configured mail messages and bills for it.
Spammer sends the mail to the host for analysis. Said target machine gets mail and sends 3 billing notices for $250. Then the $250 charge is placed into the 'database'. A local hater of spam/ambulance chaser buys the bad debt (unpaid $250) for a %age, or for $1-5. Local person drags spammer to small claims.
As more people sign up, and more spammers get dragged to court, the economic benifit to spam swings. It becomes a case where spam can cost $250+ court costs per message, + time in small claims court. And, if the local plaintiffs know the schedualed court dates of others, they can arrange court dates one a day.
A spammer getting hit $250+ a day, for 30+ days. Does this make spamming sound profitable?
End effect? Spam moves to sites outside the legal reach of suing countries for products outside the reach of suing countries. And, well, if I had to block all mail from russia or china to stop spam, I don't think I'd loose sleep
Dealing with uu.net's spam. (Score:2)
Get rich quick! (Score:2)
Enter a high-paying career in anti-spam technology with high-paying technology companies!
Earn money hawking anti-spam products!
Qualify for that second mortgage!
Yes, you only need to send $12.99 to the following addr
Click here to read something completely unrelated to the rest of this comment [localhost.localdomain]
--
A Solution (Score:3)
A) Change your account frequently.
Yes, you could NEVER give it out, but then you might never know what silly shmuck friend of yours will forward an email you sent to a guy who sends out joke lists that are read by another guy who posts the list, email and all, on his website.
OR, you could be really creative and only make your listed reply-to addresses contain those witty NOSPAM.blah.com lines, which sooner or later (if not already) will simply be encoded by a spam collection bot to bypass in search of more legitimate addresses to collect and sell.
Q)What's the solution then?
A) Pick an account. Aol, yahoo, whatever. Start replying to spams. Act interested. Act like some idiot fool with cash to burn. Sure, you'll get added to even more lists, but odds are that the original spammer will REPLY TO YOU to get more information.
And what do we now have? THE SPAMMER'S ADDRESS.
Maybe it's not his personal account. But it sure as heck is one he cares about. He checks it for his business. It is very critical for him to have a business account to contact his clients (cough-easymarks-cough).
So now what do we do? Submit it to some grassroots organization that stores the address. They'll register a few hundred random accounts at legitmate locations (we don't want to spam him back with false addresses like he did, now do we?) and send him oh, 400 emails with varying lengths and varying titles and varying names EVERY DAY. He won't be able to sort out who is who and will waste a bulk of his time trying to find 1 or 2 legitmate buyers.
Thus the loop is complete. They waste our time, we waste theirs. Sooner or later, 95% of them will deem the practice to be more trouble than it is worth. It's not perfect, and sure there are a few holes in the idea, but how does it sound as a start?
S.1618 is Great for Filtering - only spam uses it (Score:2)
Re:a cure for spam (that's not a filter) (Score:2)
To the average nontechnical user, it is wizardry. High wizardry, completely arcane. We're talking about people who don't like to subscribe to more than one mailing list because the messages get all confused in their Inbox. About people who sign up, and then respond to the first mailing list message with "Who are you, and why are you saying that to me?"
This is, of course, exactly why web forums (you know, like here...) are more popular these days. It's clunky, it's slow, but there are big friendly buttons to click on, and if you don't understand it, you can stop going there and it doesn't keep piling up in your mailbox and scaring you.
My very recent expirience with UUNet (Score:2)
I mailed UUNet, got a trouble ticket and it looked like they closed his account, but he just signs up a new one and it starts all over again.
I mailed the admins in the
Looks like I couldn't do much about it...Perhaps I should launch some DOS attacks to bring those M$ servers down, wouldn't be very friendly, I known, but it looks like, it could be the only thing I could try to prevent those spam...sad...
Michael
Exactly... (Score:2)
You get your terminal server to send the DNIS to the Radius accounting server, and the Radius server to log it in the accounting records.
If someone is using a forged/stolen CC number, you give this information to the police, and send the bastard to jail.
Credit card fraud is taken _very_ seriously by the police.
Spoofing (Score:2)
Nace also said that when pressed by one of Nace's co-workers, the UUNet staffer told the co-worker that he was "stupid for not using cloaking software," to hide the IP address of his outgoing mail.
Well, nace was stupid for not constructing fake packets, but any URL has to point to his website in any case, and the URL kinda identifies the account.
Some send a reply, with the subject "remove" in the header, looking to escape from future mailings. Some add death threats, Nace said... Nace takes exception to being called a spammer, a term he associates with pornographers. UUNet's reaction, he said, was unwarranted. "This is a clear-cut case of the big corporations telling the small operator, 'screw you.' "
As oppoosed to, say, a clear-cut case of the big corporations enforcing thier terms of service, whilst people who have been sent spam say 'screw you', or maybe 'I will personally hunt you down and gouge out your eyes with my Leatherman [leatherman.com]'.
On a more seroius note, why don't UUNet say 'After ten complaints from demonstratably different parties, your connection will be suspended whilst we investigate'? That would allow near-instant shutdown with big UCE incidents.
Michael
...another comment from Michael Tandy.
Re:The truth about shutting down accounts... (Score:2)
There really isn't much that can be done about this, other than having a different business model.
Re:The truth about shutting down accounts... (Score:2)
Maybe they run standard software which needs additional fiddling around to use a third party relay. (With additional complications if they have multiple links.) Which then looses redundancy, monitoring ability and independance between different emails. i.e. following rfc 974 means that a problem delivering to foo is unlikely to affect delivering to bar. Indeed using a 3rd party relay means that one's email is all mixed up with other people's email. If one or more of those people are spammers (where an ISP provided instant access they are little better than open relay operators) then you have problems.
The reason why. (Score:2)
Re:The truth about shutting down accounts... (Score:2)
Which has a number of potential problems, the first once is removal of the redundancy RFC974 provides. The second is that when these machines are used for relaying spam (remember spammers like relays, because they protect their machines and enable them to have disconnected before people start getting their junk as well as their ability to work as an "expander"). Isses such as how accurate is the clock on these machines, what header information do they put in are relevent in tracking spam sent from that ISP.
Re:some things dont seem to make sense: (Score:2)
i.e. forced third party relaying isn't in any RFC, indeed it's hard to find any mention of third party mail relaying let alone a positive mention.
Most of the problem IMHO is poor software which requires a third party relay in order to even work at all
An RFC complient solution would be traffic shaping of the form of dropping packets on the floor when a certain IP starts sending a lot of traffic to port 25. (Indeed it's not that hard for a router to monitor a TCP connection work out if it's to a third party relay then redirect the connection to
Re:Spam and telemarketing... (Score:2)
Three rules apply here:
1. Spammers lie.
2. When in doubt about spammer lies, see rule 1.
3. Spammers are stupid.
Obviously there's nothing targeted about the usual dictionary attack spam that I get from uu.net dialups all the time. I keep wondering how I got targeted for viagra.
Rich
--
Consumer Watchdog! Yes, we're rough on bogus businesses!
And today, Consumer Watchdog reports on protecting you, the consumer,
from being consumed by dangerous products and phony packaging. -- Firesign Theatre
TINLC Unit #2309 Death to all spammer accounts.
Should the ISP be responsible? (Score:2)
One way to stop spam would be via compulsary encryption. Then only people who take the time to obtain your key will be able to mail you, and you will always be able to verify the identity of the sender via their key.
Hmmm.... (Score:4)
Maybe it's me but this paragraph sums it up nicely. UUNet spends (approx) half a billion dollars a year on network upgrades (5*52*2mil) and passes on these costs to ISPs that need the bandwidth to handle the onslaught of spam email coming down the pipe from companies that UUNet negotiates "pink contracts" with - all the while spending 10 million a year on spam cops to screw over the rest.
Nice.