Fighting The Spammers Down Under 274
An Anonymous Coward writes: "The Sydney Morning Herald is running an interesting article about fighting spammers. It mentions that "Most of today's email spam, however, comes from a handful of culprits, described by Barry and others as "known criminals"." Does anybody else wonder who these people are, and what are the odds of having them shut down for good?"
Final Solution (Score:3, Funny)
Re:Final Solution (Score:1)
Re:Final Solution (Score:1, Funny)
Re:Final Solution (Score:2)
Re:Final Solution (Score:2)
I'm certain that one of the individuals who are featured in the spam would be more than sufficient.... Poison them with their own "merchandise."
Easy way to block most spam. (Score:2, Insightful)
this sig is a virus, take it and use it.
Re:Easy way to block most spam. (Score:2)
You can reply to HTML mail in plain text as well: just reply, Format->Plain Text.
spam is bad (Score:1, Funny)
No odds (Score:1)
Re:No odds (Score:2)
I used a spam bouncing program for a while to generate fake 'undeliverable' messages, and that helped a little bit. I stopped a few months ago, and it's starting to build up again.
"These People" (Score:5, Interesting)
Block Lists (Score:3, Interesting)
1) they are not consolidated which means your network may end up being wrongfully isolated from one or two networks and you'll never know why your legitimate e-mail isn't reaching its destination and
2) if you get added to a list, some people aren't responsible enough to keep them updated. So if for example you had open-relaying on by accident (a common problem alleviated in the recent versions of sendmail) you may end up being "blacklisted" and if you try to contact the maintainers of those lists, you get no response and your domain is forever banished from the internet.
I heard the FCC (or one of those acronyms...maybe the FDA) is starting to create a national "blacklist" maintained by the government. I don't know if that's true, but that might actually not be a bad idea.
Just my US$0.02.. Hargun
Re:Block Lists (Score:1)
1.) They have a lot of false positives (blocking people they shouldn't),
2.) a lot of false negatives, (they don't block very many spammers),
3.) they are a lot of trouble to maintain, and
4.) they don't mesh well with the general spirit of the internet.
The bottom line is, they cause damage and don't work well.
-- If there's one thing I hate more than spam, it's the people who are willing to surrender their freedom to stop it.
Re:Block Lists (Score:2, Insightful)
1.) They have a lot of false positives (blocking people they shouldn't),
That should encourage those positives to ask their ISPs why they are conducive to spammers, and start to convince ISP's that spammers are the source of the problem
2.) a lot of false negatives, (they don't block very many spammers),
Outta sight, outta mind. A little spam is still spam.
3.) they are a lot of trouble to maintain, and
So certain people have decided that they can accept the maintenance problems in an effort to clean up the internet - kudos to them.
4.) they don't mesh well with the general spirit of the internet.
Spam block lists are merely opinions of a group of people. Other organisations may agree that their list is good, and thus adopt it as their main filter - that's the organisations right.
Adopting block-lists is nothing more than exercising the right to disassociate from a known group of people.
This freedom of choice - what the general spirit of the internet is about. The ability to say "No, I don't want your crap."
Re:Block Lists (Score:2)
Block-lists promote the idea that an external authority should decide what is and is not acceptable. That's what I meant by contrary to the spirit of the internet.
The ends do not justify the means. Since there are better means to this particular end, then we should promote those. Block-lists are better than nothing, but not better than the alternatives.
-- What I really hate is people who ask you to give up your freedom to stop spam.
Unaccountability (Score:2, Insightful)
But by their anonymity, they make themselves unaccountable to anyone else. That means that there are no real controls. What happens if one of these spam cops ends up on some kind of ego trip, or perhaps just starts making mistakes? A breakdown in relationships or other pressures could result in a block list not being updated.
Much as it may be difficult, I think all efforts to control spam must be made out in the open, with full accountability to the rest of the internet community.
Re:Unaccountability (Score:2, Insightful)
But by their anonymity, they make themselves unaccountable to anyone else.
They are accountable only to those who use the list to block. Those users may voice their displeasure by ceasing to use the list. Any other feedback avenue is above-and-beyond the responsibility of the list maintainer. Some might do it, some not. To assume they are accountable to anyone else is misguided.
Re:Unaccountability (Score:2)
Sounds like a theoretical, rather than practical, problem. At least with regard to SPEWS, which is probably the most useful list. Anyone disagreeing with a SPEWS listing can post to news.admin.net-abuse.email. On the very rare occasions where the complaint is legitimate, the listing is removed quickly. Almost always, the complainer is a spammer trying to weasel out of the consequences of his actions. Everyone on nanae is attuned to the danger of 'spite listings' and similar irresponsible behavior. (See ORBS). If SPEWS starts doing this it will be highly visible on nanae and they will lose their user base and therefore their importance.
The assumption that significant public blacklists are operating in the dark, unexamined is incorrect. The more important the list, the more scrutiny.
Now the lists which really do operate in the dark are those maintained privately by ISP's. You cannot ask earthlink whether or why they are blocking mail from your IP block. The maintainers of SPEWS are anonymous. Who are the maintainers of earthlink's blacklist?
We should fight them... (Score:1)
First with conventional weaponry, then with bombs and missiles.
it has to be profitable... (Score:4, Insightful)
Re:it has to be profitable... (Score:5, Interesting)
I send them off a nice fax, on a 50% grey scale, full page background which orders them to stop spamming..
Why 50% grey scale? Because it's near worst-case for fax compression (which expects mostly blocks of white then smaller blocks of black). Faxing a 1 page grey scale at 1200 baud can take 90 minutes (800 number, remember? It's on their quarter).
I'll usually do a voice callback first to make sure I'm not responding to someone who's being smurfed by an enemy.
Re:it has to be profitable... (Score:3, Funny)
Now 50 pages of greyscale might be interesting
Re:it has to be profitable... (Score:3, Interesting)
I originally came up with the idea when I got assigned a phone # that used to be some business' fax number. Well, even though it's illegal, fax spammers would try to send me faxes at, like, 4:00am, so I started replying with these 50% grey faxes from my mac.
(un)fourtunately, my fax modem and fax software had this wierd bug with some fax machines where, after sending the page, the page acknowledgement would get lost and the program would abort --- to try again. I had the software set to retry 10 times...
One day I sent off a grey-scale fax to a company before I ran off to work. It got hit by the bug, and repeatedly tried sending the fax... It succeeded on the 5th or so try, tying up their fax machine until the early evening to get that one page fax through.
hehe.
BTW. Part of the reason for using the 50% grey scale is that it minimizes paper waste while getting in maximum time. A single grey-scale page at 1200 baud takes the same amount of time as 90 pages of regular text. an 8 page fax will take almost 12 hours.
Why ? (Score:2)
My brother did the exact thing to some businesses that have fucked with him, over money.
& guess what? They stopped fucking with him. Mind you the looping faxes were only a small part of a whole military style operation.
Re:it has to be profitable... (Score:3, Interesting)
But this is tied to the question of strong authentication of the sender (at least at the ISP level), and all of the privacy concerns that raises. E.g., a good way to kill spam is to require each message provide non-trivial e-postage. Perhaps USD0.25 per 20kb block. (After getting over 15MB in less than our from a misconfigured spambot with a huge payload, I am *not* willing to accept "one price for all" scheme!)
If the recipient found the message worthwhile, they could send an ack to their ISP and release the money back to the sender. Or they could let a reaonable time elapse, say 2 weeks, and the money would be released back to the sender. This could probably even be automated for explicitly named friends and mailing lists.
But if the recipient said it was spam, they keep the postage.
At USD0.25 per message, there's no profit motive in me lying whether a message is spam. But at USD0.25 per message, it's a safe bet that few businesses will send out 10,000 messages (USD2500) to snare a single response.
Re:it has to be profitable... (Score:2)
Take linux-kernel: It currently has roughly 10000 subscribers, with roughly 100 posts a day.
In your system, the people running it would have to pay $25,000 a day - they'd eventually get it back (assuming the subscribers remember to mark the messages as ok), but losing $25,000 even temporarily isn't something we all can afford (I certainly don't have $25,000, for example).
Re:it has to be profitable... (Score:2)
>
>I can't seriously believe that anyone would sign up >to a mailing list with 100 emails per day - the >emails must arrive so fast that you wouldn't be >able to do anything else.
Um, no. You don't disadvantage the users of a legitimate service to deter an illegitimate one.
Why do you care if they read those 100 emails a day or not. If the mailing list provider doesn't care and the isps don't care, it's none of your business.
Re:it has to be profitable... (Score:2)
And if you think that email isn't a good way to "disseminate information" and that reading Web pages is a good substitute, well, all I can say is: please go away and come back when you've bought yourself a clue or twenty.
Daniel
Re:it has to be profitable... (Score:2, Interesting)
--
Benjamin Coates
Re:it has to be profitable... (Score:2)
It is profitable, but only to the people selling the SPAM tools and SPAM lists. Nobody, nobody sents their credit card to the poorly worded .ru-originating "Better tasting semen" people. (If you want better tasting semen, you should stick to domestic products!)
The reason it works is because everybody gets those messages, and some people conclude, "Wow, this must be a goldmine, I get these messages every 10 minutes. I should get in on the action." They purchase the lists and tools, send the email, and spread the meme again.
P.S. What I always wonder is: How did the "increase your ejaculation 581%" people get such an accurate measurement?
Re:it has to be profitable... (Score:2)
Bullshit. Spam is almost certainly profitable, even for the stupid products. Even if you only got 1 response per 100,000 you'd only have to make one dollar on the sale to make money. I've seen estimates of 1-5 responses per 10,000. Email is mind boggling cheap to send, even if you actually pay for the bandwidth, and many spammers don't pay for their accounts at all. Hell, a spammer wouldn't even last 30 minutes, much less the 30 free days AOL used to offer.
-- What I really hate is people who ask you to surrender your freedom to stop spam.
Still....... (Score:2)
They're like popups - no one clicks popups & they annoy the fuck out of everyone, but corporate marketeers assume they work because they assume people wouldn't hire popup agencies unless they do work, so they jump on the bandwagon & sign on with some popup agency too. But I very much doubt that they add to the bottom line the vast majority of the companies paying for the popups. Mind you the agencies might make a bit of dosh out of it.
That's why the bottom fell out of the banner add market - the corporate world relised that on average banner adds just don't add to the bottom line (ie they generally don't increase turnover, turnover of tangable products that is), consequently what many websites get for each banner add is less than 1% of what they were getting just 18 months ago.
Re:it has to be profitable... (Score:2)
Plenty of people who sell spamming tools say that spam is profitable. What you really want is some reliable evidence. Clearly, I can't post anything to
But think about it for a minute and I think you'll agree that selling by spamming is profitable.
You get a spam.
Then, a week later you get the same damn spam again.
A month later you get a copy sent to a different email account.
That means the person sending that spam did it once, and then did it again later. You know that spammers get bitch slapped pretty hard. They certainly lose their account, and have to set up a new one. That takes time and effort. Why do it a second time if it didn't work the first? Once could be an experiment, but multiple spams over time have a real reason. Do you think spammers are doing it just to piss you off?
-- What I really hate is people who ask you to give up your freedom to stop spam.
Re:it has to be profitable... (Score:2, Interesting)
Weak market forces control spam (Score:5, Insightful)
Sure, spam is probably profitable: it transfers most of the cost of advertising to the (probably unwilling) receipiant, and nobody ever went broke underestimating the Good Taste of the American public.
The problem with spam is that the dirty details of spam disassociates it from market forces, unlike other, more conventional forms of advertising.
In just about every other form of ad (radio or Tee Vee commercial, newspaper ad, billboard, etc) the advertiser pays for the ad up front, before you make a decision to buy the advertised product or not. So, if the ad is particularly repulsive, ("Ring around the collar!") the consumer can make a decision to not buy the product. The advertiser is out the cost of the ad. Of course, the cost of any advertised product is higher than an unadvertised product, so the consumers who chose to buy an advertised product ultimately pay for a portion of the advertising.
Contrast this with a spammed ad: the consumer has paid for his or her network time to receive the ad, the disk space to store the ad and the CPU cycles it took to process the email ad before getting a chance to decide whether to buy the spamvertised product or not. No matter how repugnant, stupid, wasteful, or dumb the ad is, the consumer ends up paying for the spamertising. Only very weak market forces control spamvertising. That's the real problem with spam.
Email spamming is theft, plain and simple. Email spammers must be punished.
Re:Weak market forces control spam (Score:2)
I've reported a spammer to the police for theft of service, and got a letter back stating "this incident will not be pursued because the damage done was too low".
They sort of compared spamming to stealing $.01 from someone's pocket - it's not strictly legal, but nobody will do anything about it.
Like most non-technical people, they simply fail to understand spam is doing more than a little bit of damage.
Re:it has to be profitable... (Score:2)
What's profitable is spam that sells spamming, because there's always a sucker out there who thinks "hey, there's all this spam, it must be profitable otherwise it wouldn't happen; now if I can just get my hands on 6 million email addresses..."
--Blair
Of COURSE it's profitable (Score:2)
When things reach a certain level of profitability they become recognized as crimes and laws are passed criminalizing them. Spam is only legal because nobody's ever seen anything like it before. People easily confuse spam with a First Amendment issue, so it will take a couple years, but by the time the average email account receives 20,000 spams a day, public anger will eventually boil over, reaching a point at which one of several things will happen:
-SMTP and email in general will be supplanted by some more restrictive protocol that isn't as useful to the spammers for theft of services. (Hopefully this protocol will be open and not controlled by a ruthless monopoly.) Nobody will communicate via email anymore because all emails are assumed to be spam. As fewer people rely on it, more and more network paths will become closed to SMTP traffic until it reaches the point where most emails bounce once they leave their local network.
-Sending spam no longer means you lose your 30 days free trial and have to find another ISP serving your trailer park. Instead, your door is busted down by people with scary guns and flashlights and handcuffs, and you're held without bail in a real jail cell with real iron bars, maybe with a new roomate who's 581% happier now that you're there.
The solution will probably be technological rather than legal, just because of jurisdictional problems- even though the legal approach is obviously the one that socially makes the most sense. It's a real crime. But unless all the nations of the world sign a treaty to cooperate in investigating, catching, and prosecuting these idiots, they'll just keep finding more open relays in former Soviet republics.
Re:What is the bigger outrage? (Score:2)
And lets question the idea of consent. If I tell you you have a choice between being sodomized or beat to shit, how long until you "consent"? At least if you consent, you may get a chance to smear some lotion on to prevent a trip to the infirmary.
targetted email marketing (Score:3, Insightful)
That's why i don't think spam will cease to be a problem for end-users, even if the signal-to-porn ratio improves.
Re:targetted email marketing (Score:1)
Re:targetted email marketing (Score:2)
IMO that still constitutes spamming. I get so many of these that I have the following system set up: Whenever a company legitly wants my email address, I give them a custom forwarding address at my domain. Since these addresses all forward to my real email addresses, these companies are free to contact me if they need to. But if they decide to spam me, I set their forwarding address to automatically bounce any future messages sent to it. You have a valid reason to contact me, fine. You spam me, you give up the ability to contact me.
Sue a Spammer! (Score:3, Funny)
Go to war! [lenny.com]
Sue! [techdirt.com]
And win! [wired.com]
or...
Join them! [holymac.com]
stalking the spammer (Score:1, Interesting)
http://belps.freewebsites.com/index.htm
Shut down, or just shot? (Score:1)
Does anybody know what the odds are of having them drawn and quartered?
At least tarred and feathered!?
maybe i'm alone in this world (Score:3, Insightful)
so i'll continue deleting my 10 mails per day.
Kraada
Re:maybe i'm alone in this world (Score:2, Insightful)
Re:maybe i'm alone in this world (Score:2)
I've gotten over 15 MEGABYTES of spam in about an hour from a misconfigured spammer. That's enough traffic that it would have totally wiped out any prior mail in a free email service, and if I didn't have a cable modem I would have been unable to do anything for a few hours while the mail queue cleared over a modem connection.
That's a worst case scenario, but I've missed legitimate important messages in all the crap the spammers sent. Filtering helps, but messages get misdirected and sometimes they're a bit silly. (E.g., right now I've black-listed the entire country of (South) Korea because of the volume of spam coming from their domains.)
Re:maybe i'm alone in this world (Score:2, Insightful)
Re:maybe i'm alone in this world (Score:2)
That's the situation many people around here are in.
If you look at it from this point, you'll probably agree that spam is theft.
I'm all for freedom, but requesting a "freedom to spam" is much like requesting the "freedom to commit fraud" or the "freedom to shoot people because you don't like their looks".
Re:maybe i'm alone in this world (Score:2)
Yes, and I'm sure most spammers consider themselves gleaming champions of freedom rather than slimy freeloading leeches.
Incidentally, do you consider that it's fine for companies to send unsolicited porn snail mail to anyone (including children)? With packaging saying "Porn for Joe Sixpack"? And make Joe pay (time/money/resources) to receive and deal with it? If not, explain why it's OK to do that with email.
Re:maybe i'm alone in this world (Score:2)
At some point, maybe it's 100 spams a day, maybe 1,000, or even 10,000 one takes action against spam. Spam will continue to grow until enough people take action against it. Since the only way to stop it is to take action, you might as well take action now, instead of waiting for it to be a problem big enough for you to care about.
-- What really makes me mad is people who ask you to give up your freedom to stop spam.
not worth it (Score:2, Interesting)
We need to stop and think, "Is it really worth it to give up more of our freedom just to get rid of a few emails that you can easily delete without ever having to read them?" Also, we need to ask ourselves if we think we can really eliminate this problem anyhow. How are we going to be able to determine exactly what constitutes spam? And what happens when some business receives an email from someone requesting information and sends them an email in reply about their products. It could be the case that person forgot they ever requested the info or that someone entirely different submitted the request under a fake name. How can it ever really be proved?
I just don't think it's worth pursuing...
later,
thundercatzlair
Re:not worth it (Score:2)
On my E-mail address that I use since '97 I get 5-10 of these junk mails per day!
And when I'm opening them on my Windows machine there's a fair chance they generate all kinds of nasty side effects like masses of pop-ups, plant cookies and spyware.
This is not what I have an E-mail account for.
As a matter of fact I think you are a bit of a looser to react the way you do, how would you like it when the village idiots would piss on your porch after every beer they had??
And about your remark: "lead to more and more restrictions and more and more freedoms being taken away"
This is the dumbest argument I've seen in this discussion
It's like saying the law that requires us all to drive on the same side of the road is a limitation of freedom.....
The internet is a public place and as all public places it has a few basic rules to function at it's best for most.
Spam by Proxy (3rd party payouts) (Score:2)
This is Bullshit. We need to go after the people who pay spammers.
-
Obviously crime pays, or there'd be no crime. - G. Gordon Liddy
As long as there is market... (Score:2)
Very good solution would be IAIA (Illegal advertising inhibition act - known as donkey law). Lets punish with severe penalties every company that is proven to knowingly order advertisement through illegal means (such as spam, tattooing childern and pop-under windows).
Who are they? (Score:1)
I've been wondering who the "known criminals are for many years. If you know who these dastardly no-goods are, please respond to this message and put my mind at ease. Thank you.
Re:Who are they? (Score:2)
ROKSO [spamhaus.org] is your friend.
Poke around groups.google.com in news.admin.net-abuse.email.sightings or news.admin.net-abuse.email to find out who your pet spammer is. Learn.
Punch your pet spammer's name into ROKSO. Learn more.
Many of these individuals have prior convictions for fraud. Some may still be on probation. Why the FTC has ignored them for so long is utterly beyond me.
One thing you should know... (Score:1)
Terrorism laws (Score:1, Flamebait)
Then again, Microsoft hasn't been hurt enough by spamming yet, for that to happen. Only when spamming gets to a puppet master will the puppets (aka Congress) do something about it.
Re:Terrorism laws (Score:2)
It has.. Most consider e-mail as a useless novelty and refuse to use it as a total waste of time. They never see spam anymore. Don't believe me? E-mail someone and see if you get an inteligent response. Maybe, just maybe you will get some sort of generic reply from a flunkie in the office, but you won't get your congressman. I know I tried and only got bounced mail back. Box was full for several weeks. (David Woo from Oregon) I quit trying.
Legislation is, unfortunately, the only answer (Score:1)
Spam has lost its legitimacy. Now go for the kill. (Score:2)
The Direct Marketing Association has a national opt-out list [e-mps.org]. I'm on it, and that seems to turn off spam from legitimate US businesses. The remaining bozos probably won't get the message until the cops come knocking.
I think we're going to win this thing. There seem to be only a few hundred spammers left, most of whom are doing something that qualifies as fraud. Pushing for misdemeanor convictions on a few every year is probably enough to discourage them.
Comment removed (Score:5, Interesting)
Re:Beware all opt-out lists.. (Score:2)
Re:Beware all opt-out lists.. (Score:2)
Re:DMA Opt Out (Score:2)
I'm not SURE about the DMA's email opt out list, but I do know for a fact that their snail mail out out list _IS_ legit!
My wife works for one of the larger junk mail companies out there in names selection, and trust me, the watch that list, and even if you would be "perfect", they pull your name from the mailing! (Ditto if you contact them directly)
They have 4 reasons for this:
1)If you went through the effort to opt out, they KNOW you mean it
2)People who opt out don't buy (see profit motive)
3)It costs quite a bit to do those snail mail mailings, so they don't want to spend money sending mail to folks who won't buy (see #2)
4)The DMA insists on it! The DMA is NOT kidding when they say they will drop members for abusing this
The problem is, most of the fly by nights (and most email spammers are fly by nights compared to the big junk mail houses) don't belong to the DMA, or even care!
I'd bet that if you got spammed by American Family Publishers - the Ed McMahon folks - now out of the sweepstakes business - and asked to be removed, you would be! Ditto a Sears, Lillian Vernon, etc (all large catlog companies). They are used to dealing with opt out, and have procedures to deal with it. It doesn't always work (yes, database cleanups have caused problems, and fines have been issued)
The problem is the scammers and small shops that don't care
Re:Beware all opt-out lists.. (Score:2)
The DMA also operates opt-out lists for paper mail and telemarketing, which do have some effect. The paper mail list will stop all the major national promotions; I haven't heard from Publisher's Clearing House in a decade.
The DMA expires e-mail addresses after one year, though, while the paper mail addresses are good for five years.
How to solve spamming, worms, email trojans, etc.. (Score:2, Interesting)
My suggestion is quite simple: All SMTP servers should put in place policies which reject mail that is not digitally signed with a certificate trusted by a root authority. Personal email certs should be free, commercial (for marketing purposes) should cost a reasonable amount.
This would enforce accountability behind emails by guaranteeing the identity of the sender. Do this and things will clean up considerably, imho.
Re:How to solve spamming, worms, email trojans, et (Score:2)
actually, an UNreasonable amount would stop more spam.
//rdj
Re:How to solve spamming, worms, email trojans, et (Score:2)
where mail messages are stored on the sender's computer until the recipient retrieves it. This would mean that recipients don't pay for
disk space or bandwidth, senders do, and getting a spammer's account
pulled would result in all their spammed e-mail disappearing.
But good luck getting everyone to adopt a new mail protocol...
Spamcop anyone? (Score:2, Informative)
adam.
Re:Spamcop anyone? (Score:2)
I continue to use it intermittently, but I don't have any indication that it is doing any good.
I would be interested if anybody has evidence of is efficicacy
Just make them pay. (Score:2)
Suppose that every time someone wanted to send you an email, they had to "buy" a password token. Then, after you read the message, you could "return" the token if you think it's not spam. If tokens were a penny, it would stop most of the really annoying spam, but if you really hated spam, you could sell your tokens for a dollar.
-- What I really hate is people who ask you to surrender your freedom to stop spam.
Why not (Score:2, Insightful)
Anyone can spam: from "a 6 year old guy", to "dr.evil" to "mr. good guy that is trying to solve world hunger". So you want different penalties: kill evil guy, warn good guy, educate kid.
Some of them, unknowing how bad spam is
People complain about spam. Yet, if they find it usefull, they use the service (contradiction)
Spam doesn't kill people or ruins lifes or fortunes
Spam is relative: what defines spam? a) everything unsolicited? (leads to: nobody can even contact you to ask you if they can contact you.). b) something that is sent to more than me and that is unsolicited? (leads to: how do you enforce/know that? Spammer could just program variations of the smap message).
There IS usefull spam and useless spam as well (99% useless ratio today). If we enforce "good smapping practices..." (ie: receive unsolicited email from good employers offering good salaries)
Spam is global (different legislations) and can move fast (from server to server).
Detecting spammer (physically) is: a) expensive, b) they usually don't have much money (what will you do to him? arrest him like Mitnik?).
Thouthan other reasons
So the bottom line is (my opinion):
Spam doesn't know black and white. There're shades of gray only, and difficult/expensive to block. At some point we should draw a line, beyond that line, prosecute spammers (law). Everything else would be client-side (ie: tools to block spam, blacklists, filters, etc.).
Yes, fight them down under! (Score:5, Funny)
Finally, someone has come to recognized my preferred solution to fight spammers: kick them in the genitals.
Or did you mean something else by "Fighting The Spammers Down Under"?
Support the FTC (Score:5, Interesting)
If the FTC is really serious about going after spam, then we need to give them our support. More than that, we need to make them do their job with this. If most spam is fraudulent, and if most spam is sent by a relatively small group of people, then it stands to reason that getting rid of these hard-core spammers will go a long way toward reducing the spam problem.
Now don't get me wrong here. I'm not naive enough to believe that this is going to be easy. Spammers are slippery little worms, and stopping them for good won't be easy. However, there's nothing like a court order to give someone an attitude adjustment.
So here's the deal. The FTC wants to receive spam at uce@ftc.gov, so send it. My guess is that they like getting all spam, but bear in mind that they don't have jurisdiction over spam per se, just spam selling fraudulent goods and services. This is something they can latch onto and run with because they are empowered to stop fraud. If you send, be sure to include full headers so messages can be tracked back to the source. That way, if a spammer hops from ISP to ISP, it may be possible to construct a pattern that can be used to find and nail him.
As I said, I don't count on this to work, but if the FTC really is serious, then let's give them the evidence they need to bust some balls.
99/1 rule on spammers (Score:5, Informative)
In addition to the usual anti-spam methods:
one can block IP addresses that attempt to spam on a regular basis. Tools such
- ipchains [samba.org]
- netfilter/iptables [samba.org]
- ipFilter [obfuscation.org]
can be configured to block frequent spammer IP addresses from your SMTP ports.The following is a list of IP addresses that we have observed spamming on a regular basis. Blocking these sites won't solve your spam problem. On the other hand blocking common spam locations as part of an overall anti-spam system will help.
Sorry if your IP address is in the above list. If you are not a spammer then it could be that you happen to be using an ISP that tolerates spammers (or is unable/unwilling to block them), or you work for a company that spam, or you are near a poorly configured and poorly maintained site that is abused as an open relay.
Re:99/1 rule on spammers (Score:5, Funny)
Re:99/1 rule on spammers (Score:3, Interesting)
Consider, for example, the position of PaeTec Communications [paetec.net]. They've been unable to kick a spammer off (Monsterhut), as said spammer was able to obtain a temporary injunction. When the case is resolved, PaeTec will presumably win. Until then, however, the address range they lease to Monsterhut is getting added to numerous blacklists. I see no reason to why that address range shouldn't be removed after PaeTec succeeds in ridding themself of this spammer -- at some point in the future, that address will get reassigned to a new customer. But if the people blacklisting that address are using an uncommented, static, ad hoc list that the snarfed from Slashdot, there's a decent chance that that listing'll be around indefinitely.
In summary, I strong encourage sysadmins to stick to well-maintained lists when it comes to spam blacklisting. They should carefully evaluate both the criteria that gets a site listed and the criteria that gets a site unlisted.
The other evil of Spam (Score:5, Informative)
The result was that, for a period of about two and a half weeks in January, David was receiving over 1000 bounced emails a day, effectively mailbombing his account. With a pay-per-minute 56K modem as his only internet access, it wasn't a pretty sight.
The spammers that sends this stuff out, who identify themselves as 'Global Advertising Systems' and 'Universal Advertising Systems' claim to be based in Billings, MT. You may have seen some of their handiwork in your own mailbox with subjects like 'Increase energy levels', 'Become a Judgement Processing Professional', 'Child Support-Investigator'. They're very effective at covering their tracks - the only contact information is PO Box, telephone and fax numbers in the US, plus disposable eMail address and a snail-mail PO box in Aruba if you want to be 'removed'. All the mail originates in the Phillippines (with the obligatory faked additional headers added) then gets punted out through open relays around the world. Complaints to the ISPs in the Phillipines get no reply or bounced.
Fortunately, I'm lucky enough to have DSL, so I was able to filter the stuff out and forward it on to another account - OK if you've got the bandwidth, but not a proper solution.
The scary bit is that it seems like there's no other defence against this kind of activity. The ISP hosting the domain's POP box sympathised, but said they couldn't do anything to delete this incoming junk before it was delivered. UK & Billings, MT police and the FBI said no crime had been committed and taking private legal action across the Atlantic is a bit out of the reach of a one-man recording studio. My friend's frustrated reaction to another attack this week has been to dump the domain and move elsewhere with a new
If anyone else has any more information on these b*st*rds or ideas for wreaking revenge I'd be interested to hear.
feed them to SPEWS (Score:2, Informative)
Experience shows that blocking SPAM at source is impossible today. The fight should be directed at beneficiaries of spam (clients of spammers). And the only effective remedy is blocklists like SPEWS [spews.org].
Your friend could fight the spam indirectly if he persuaded his ISP (demon.co.uk) to adopt SPEWS filter. That would block mosf of ISPs that host spam beneficiary sites from demon.co.uk. When ALL their clients lose access to this large European provider (demon) - then ISPs would definetely notice and take action against the spammers. If not too late for themselves... (check out this tearfull public apology from a spammer at news.admin.net-abuse.email [google.com]).
Re:The other evil of Spam (Score:2)
Twoflower
Use a UNIX Mail System for Self-defense (Score:2)
Spam spam spam etc (Score:3, Interesting)
Declare a national moratorium on e-mail while a congressional steering committee holds a conference to determine the nature and extent of the problem.
Industry and Community Leaders who have never actually sent or recieved an e-mail will be called in to consult, as well as a couple of Hollywood Celebrities.
A proposal will be made to Nationalize e-mail under the State Department.
Objections from Civil Liberties Profiteers Inc. will lead to a "compromise" proposal to place control of e-mail services with that well-known private organization, The Post Office.
New "Spam Free" e-mail will cost $0.34 each, and take 3-5 days to deliver, but you can pay $3.00 and have a guarantee of delivery... in 3-5 days.
A new congressional committee will congratulate the Post Office and themselves for eliminating SPAM!!! And hold hearings to examine the new problem of "unsolicited e-mail."
Okay, that's a _slight_ exaggeration.
But seriously, the obvious ways to help are:
1. Very Public Boycotts of companies that use Spam tactics.
2. Encourage use of Digitally Signed E-mail.
3. Encourage efforts by ISPs to block e-mail from "repeat offender" sites.
4. Encourage the "securing" of open relays.
None of these methods involve letting politicians write laws which include new taxes, new power, or new public swimming pools named after them.
And by the way, given the nature of Enya's music and Eminem's "anti-music," I imagine that if they were to actually meet, the resulting music-anti-music reaction could deafen an entire medium-sized city.
Re:Spam spam spam etc (Score:4, Insightful)
I have yet to receive SPAM from a company I could even Boycott. Since I don't regular buy goods or services from Jerry's Triangle Scheme, or Joe-Bob's Porn site, a boycott isn't going to do much. Maybe if Subway started spamming me I'd stop going there, but I don't get any SPAM from any companies I've ever even heard of before.
Actually, I think all the SPAM I get can be put into a few categories:
There's your get-rich-quick SPAM, covering a myriad of pryamid schemes and others. Then there's your 'insider information' SPAM telling you what stock to buy. 'Porno SPAM' speaks for itself. 'Weight loss and Sexual medicine' group has to be one of my favorites. You can lump the rest into 'actual seems like they're trying to sell me something' group or the 'wtf is this?' group.
Re:Spam spam spam etc (Score:2)
So what? Spamboy gets a cetificate from some third world country with lax laws. There is already a booming market for tax havens, ship registration (Liberia an Panama!), so why not certs?
Because even if the cert itself is invalid, it's going to cost much more time to send spam. Where it is easy to send 1M identical or near identical messages, how much horsepower does it take to send 1M individually signed messages?
Effective fighting against spam... (Score:5, Informative)
Re:Effective fighting against spam... (Score:2)
I've been trying spamassassin now, and it seems to work very well -- aside from its tendency to forkbomb the system if I download more than about 40 emails at once. ("fork: resource temporarily unavailable"...fun)
Daniel
Wait till you get the latest mobile phones (Score:4, Insightful)
You see, mobile phones ring or vibrate when they get spammed. It's worse than ordinary spam because email addresses are usually the same as your phone number, giving an easy target to spam programs.
My friend has two phones registered with slightly different names, and they ring within 10 seconds of each other, about once an hour or so. His FOMA (3G, streaming video) phone is real special. It does a pirouette on his desk because it is vibrating so strongly.
Imagine it. Everyone who has these phones (millions) gets this ringing all the time, even in the middle of the night. DoCoMo recently offered custom mail addresses to combat it but still..
Re:Wait till you get the latest mobile phones (Score:2)
This seems dumb and limiting the development of a new market, but then again who knows how much the phone company is making off the literally billions of spams going out.. I'm hoping this may change as the client-side opens up more.
Shutting Them Down (Score:2, Insightful)
Actually, many of the folk in news.admin.net-abuse.email know just whom they are.
Not very good at this time. They are not breaking any laws in most places. (Making the falsifying of "From:" addresses a felony would fix that. Making use of open mail relays w/o permission a misdemeanor at least would help.) And they frequently move from dialup ISP to dialup ISP as needed. The bigger spammers get "pink" contracts (read: "we'll allow you to spam as long as the heat doesn't get too bad and nobody finds out about this contract") with big-name ISPs that many admins are unwilling to block (Qwest and Sprint are frequently at the top of The Spamhaus Project's "Top 10" list. Verio has received a lot of unfavourable mention in news.admin.net-abuse.email of late).
The best things you can do, in my opinion, are:
- Complain about every spam you receive. But make sure you're
complaining to the right places. Make the complaints civil, but
firm.
- Block spam as best you can. Yes, no blocking mechanism is
perfect. There will be some false hits. Learn to live with it.
I have. My bosses and cow-orkers have. The alternative is
unthinkable. Block it even if it means black-holing entire
/16
blocks of IPs. Even if it means black-holing entire ISPs. Or even
countries.
- Refuse to do business with spam-friendly ISPs. Check with the
good folk in news.admin.net-abuse.email and consult the "Top 10"
list at The Spamhaus Project. (We recently switched ISPs at one
site because our old ISP was becoming unbearably spam-friendly.)
No, there's not much that can be done to "shut them down for good," but you can make the effect of their spamming as ineffective as possible and make the ISPs that support spammers as unprofitable as possible.SPEWS, by the way (mentioned in the article), is having a tremendous effect on spam-friendly ISPs :-).
And the 12 most common types of spam scams are... (Score:2)
"FTC Names Its Dirty Dozen: 12 Scams Most Likely to Arrive Via Bulk E-mail" [ftc.gov]
Business Opportunity Scams
Making Money By Sending Bulk E-Mailings
Chain Letters
Work-At-Home Schemes
Health And Diet Scams
Easy Money
Get Something Free
Investment Opportunities
Cable Descrambler Kits
Guaranteed Loans or Credit, On Easy Terms
Credit Repair Scams
Vacation Prize Promotions
anti-spam resource for qmail users (Score:2)
Er - on what planet is this again? (Score:2, Insightful)
Well I can't speak for anyone else, but the SPAM that lands in my email box every day is largely from large corporations, chain letters (you know the ones that want you to send money to people on a list), and the rest I have no clue about as I can't read Kanji.
I honestly don't mind a bit of SPAM, but what really gets my goat is when they either claim that I asked for it "here are the results of your feedback form" or such like, or they cite some law from some country I don't live in and claim that this gives them the right to send me mail about whatever rubbish they are peddling. And lets face it - if they're intentions are so honourable, why is the return address always a non-existent hotmail/yahoo account? Then there's the "removeal"options - yeah sure I'm gonna go to some web page and type in my email address - so the spammers can know it's a real email address. Some of them even have the cheek to ask for a receipt!
The 3rd most prevalent type of SPAM in my mailbox is the laughable fraud attempts - you know the ones typed in CAPITALS usually puporting to be from some dude (usually in Nigeria) in some country's government who has some scam going whereby he needs your bank details to dump several million dollars US into it. I love those ones - they've been around on paper for donkey's years.
The Herald's reporter must have been out in the sun too long - the world's spam sent by a handful of chavvies - my arse.
Re:editors, hello (Score:2)
Re:scam the spammers (Score:2)
Re:Other types of spam (Score:3, Informative)
This is where I gloat a wee bit about living in the UK. We have a lovely service called the Telephone Preference Service [tpsonline.org.uk]. Anyone making unsolicited commercial calls must cleanse their lists against the TPS list, or be guilty of a criminal offence.
Since registering a year ago, we've maybe had five calls, all of whom hang up really quickly once you start asking them for their details to report them to the TPS.
Re:I have an idea.... (Score:4, Insightful)
See Brad's page Fighting Relay Spam [axisline.net] for more information on running your own SMTP relay honeypot.
See posts like this one [google.com] to see that these honeypots are working.
You don't understand. (Score:2)