Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror
Spam

A Day In The Life Of A Spammer 313

Posted by michael
from the pay-it-forward dept.
kaip writes "Internetnews.com has a story of a spammer. The individual sends 60 million spam emails for four days worth of work and claims that one in 19 of AOL users clicks the links in his mortgage spam (this number should however be taken with a grain of salt, see rules 1 and 2). Maybe not everybody has heard of the Boulder Pledge... The article also tells how the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world. Currently, 86 percent of the total spam volume is coming from the States."
This discussion has been archived. No new comments can be posted.

A Day In The Life Of A Spammer

Comments Filter:
  • by LostCluster (625375) * on Saturday August 21, 2004 @10:56AM (#10032536)
    I thought everyone on Slashdot hated the RIAA, the MPAA, and Microsoft. Why do you keep hyping CDs, movies, and Windows games?
    Big corporations are what they are. They sell us cool stuff with one hand and tighten the screws on our freedoms with the other. We hate them every morning and love them every afternoon, and vice versa. This is part of living in the modern world: you take your yin with your yang and try to figure out how to do what's right the best you can. If you think it has to be all one way or the other, that's cool, share your opinions, but don't expect everyone else to think the same.


    In short, there are some advertiser communications that we don't welcome into our lives and call "spam", while there are other advertiser communications that we invite into our lives when we go through the Sunday Newspaper looking for the ad circular from our favorite store so we can see what's on sale without having to go there.

    Wording a rule set so that spam gets shut down but ads we want to see still get through is quite a tough task to do on a one-viewer basis. It becomes even more difficult to do that on a comminity basis. Some of us want to know what's on sale this week at Best Buy, others couldn't care less.

    I just don't see a solution that pleases everybody being possible in this area. It'll always be a game of new regulations constantly going up, but only being effective until somebody finds a way to work around them. We can hate spammers as scum, but that seems like the worst we can do to them at times.
    • by savagedome (742194) on Saturday August 21, 2004 @11:00AM (#10032556)
      we go through the Sunday Newspaper looking for the ad circular from our favorite store so we can see what's on sale without having to go there.

      That 'looking for' is the key. If I don't want to, I don't have to read the ad section.

      Plus, everybody knows how fradulent these spam schemes are. Atleast, with the newspaper, if the frauds start creeping up, the newspaper company has to step up and tighten the noose.
      • by msobkow (48369) on Saturday August 21, 2004 @04:49PM (#10034357) Homepage Journal

        Equally important, the companies advertising in the newspaper at least put in enough effort to write copy, do the graphics art, the layouts, and get the ad into the media.

        Spammers can't spell, have no business history, have no reputation, and just keep intruding on my life, my business, and my bills (increased costs to my ISPs.)

        Sorry, but "If I nag 5,000,000 people, someone will buy" is not a marketing plan or strategy, it's begging. It's disingenuous fraud, hoping that someone will be stupid enough to waste their money on a con. It's hoping users don't notice that "cheap software" is pirated, or that the "herbal viagra" is available for $10.95 at their local health food store instead of $49.95 through some spammer.

        Spammers are not legitimite businesses, no matter how they bleat and plead about their "rights". You have no right to harass people on the street pushing your wares -- you'd be arrested for being a public nuisance at best. You have no right to barge into my home to tell me about your products without invitation -- that will have you arrested on trespassing or B&E.

        Spam is not about "business", it is not about "rights", it is about a bunch of scum sucking vermin who twist the courts and ISP contracts to swindle and scam the public, hoping to make their cash and escape quickly.

        In the past 7-10 years, I have not seen one legitimite or viable product advertised by spam. Not one.

        Shut them down and arrest them as the frauds they are, and to hell with yet another US government sellout to "corporate" interests via CAN-SPAM. I don't know anyone who calls the info broadcasts from respected corps "spam" because they ask if you want it, not shove it down the throats of strangers.

        • In the past 7-10 years, I have not seen one legitimite or viable product advertised by spam. Not one.

          I have. Lots of times. Less often lately, but that's because I long since quit trying to read and report every message... but when I did I found naive or simply callous businesses advertising all kinds of real products, many of them local businesses I know.

          UBE, regardless of content, regardless of whether it's obviously commercial or religious or political, simply can't be tolerated. If you sign up, or
      • The newspaper being filled with ads helps the newspaper make money so they can sell it at current prices. So newspaper ads save me money. SPAM costs me money. If I don't buy the newspaper I don't get the ads. If I don't buy spam I still get spam.

        Well actually I don't get spam but that is because I use a very paranoid email strategy.

    • No - the simple situation is that I don't need _any_ advertising through email. When I want to find out what's cheap at PCWorld I look at their web site. When I want to find to find the cheapest offer on flights to Europe I can search on Google or a more specialised site.

      And I really don't need special offers on "Imitrex, Vioxx and Zoloft from Canada CHEAP!" - especially as I am not in the USA.

      • Opt in lists (Score:4, Informative)

        by mdfst13 (664665) on Saturday August 21, 2004 @11:37AM (#10032755)
        "the simple situation is that I don't need _any_ advertising through email"

        That's a bit draconian. I would like to be notified when Blizzard is releasing a new game or the new Glen Cook book is being released. To get this info from the web sites, I would have to poll (check regularly) the web sites. I would rather receive a notification.

        The key to this is opt in only lists. One way to do this is to make a server with your email provider that allows you to register an email as requested (bulk mail whitelist). Those can go through. Other bulk mail is prevented. There are other methods as well; that is just one example to handle both.

        The real key is no *unsolicited* email advertising. If I request it, I want to be able to see it. Frankly, if a newspaper (to get back to that example) drops off their product unrequested, I would like to be able to prosecute them for littering. Further, a newspaper includes other things besides advertising. Spam does not.
    • by Xugumad (39311) on Saturday August 21, 2004 @11:29AM (#10032720)
      Here's the thing. I don't like paying to receive adverts, which is the current situation. Sending cost is a fraction of the delivery cost, which is mostly handled by the receiver.

      Secondly, the scale of this is a massive problem. I get approximately 400 e-mails/day to my work account. About 250 of those are from two high-volume mailing lists, which get auto-sorted into folders, and I scan-read the subjects before deleting most of them.

      About 5-10 of those are from people who are contacting me directly, and have a valid reason to do so...

      The remaining 140 or so are spam. No, I'm not exageratting the numbers, I've got 6 more while I typed this, mostly trying to sell me Viagra, but with a couple for OEM software.

      Marking what my spam filter (Thunderbird's built in one) misses is a significant effort. Then having to go through the spam folder and make sure all of these e-mails isn't actually from work is even more effort. Especially the ones that say "Meeting at 14:00 on thursday" or something.

      Probably what gets to me most of that almost none of these apply to me. I don't want (or need) Viagra, I can't afford a house here, and the mortgage offers are for the USA only, I already have a university degree, I have reputable sources for OEM software, etc. etc. etc.

      What's even worse is what doesn't get to me. I've had to two e-mail sacrifice accounts because they were getting too much spam (at around 200/day extra, each, for rarely used accounts). Of course, spammers will keep e-mailing those accounts - it's not like the bounces will ever get to them.

      Another spam just arrived. Something about being 19 again.

      One of those accounts was only ever given out to people on a face to face basis - but it was of the form @. The only way spammers could have found it would be by pouring thousands of e-mails into my work's domain, hoping that one of them would find a matching e-mail address. While I may not receive that e-mail, it's still pouring into work's servers. clogging them up and occupying our bandwidth.

      Many other forms of advertising mean I get something for free (several TV channels here) or cheaper (magagzines/newspapers), and never cost me more, anyway (billboards, etc.).

      In comparison, spam costs me money, and time, and adds a significant risk of e-mail loss. That is why I don't like spam.
      • "The only way spammers could have found it would be by pouring thousands of e-mails into my work's domain, hoping that one of them would find a matching e-mail address."

        A lot of small email domains are set up incorrectly and will allow spammers to collect lists of valid usernames (from which email addresses can be derived). Are you sure that your work email server does not do this?
        • We've recently changed the configuration on our server to reject invalid email addresses immediately. This does allow spammers to guess our email addresses.

          But, what were they doing before? They were broadcasting messages to every name you could think of at our domain. Literally tens of thousands of them per hour. The sheer number of bounces that our server was trying to deliver was dragging our server to its knees.

          Now the server utilisation is back to something sensible; the spammers know our address
      • Well, setting your server to automatically bounce emails back to the source is problematic. Only about a dozen or so a day get past my filters of the thousand or so I actually receive. When I first set up my mail server a few years ago the volume of spam was substantially less, and bouncing the mail back to the sender wasn't a problem. Last week, however, I discovered that Comcast, as part of their new War on Spam, had disabled my SMTP access for 48 hours because I appeared to be a spammer!
      • Marking what my spam filter (Thunderbird's built in one) misses is a significant effort.

        My ISP is helping me a bit with this one. They add a custom header to mark things that have been RBLed so I now have set one of the labels (purple in my case) as "known spammer". I then added a message rule that reads essentially if "X-Warning RBL" = "Listed" then label message "known spammer", mark as read, and move to "Junk" folder.

        This way when spam comes in that Thunderbird does not detect on its own, but my

    • Oddly enough, many people on Slashdot tend to think laws and technology will never help the RIAA, MPAA, and the BSA stop online piracy. Guess what? It won't help stop spam either and while I agree with your premise, especially concerning print advertisements, I still think there is a way to fix uwanted e-mail.

      I subscribe to a few sites newsletter, Apple and Amazon.comn being just two examples. Both occasionaly send me information about specials I might be interested in. In the case of Amazon.com, they
      • "Why my private information needs to be made public just because I want to run a website with a personalized domain name is beyond me."

        To provide contact info for complaints. A domain name is governed by similar rules to a business. If you want to operate (the domain) in public, you need to make public your contact info.

        For that matter, phone numbers are the same way. By default, your number, name, and address are public info. One must pay extra to get an unlisted number.
        • [Whois information is made public in order] to provide contact info for complaints. A domain name is governed by similar rules to a business. If you want to operate (the domain) in public, you need to make public your contact info.

          That's just silly though. I would be MORE offended by someone calling me directly to complain about content on my web site than anyone could possibly be offended by what's on all of my web sites (and trust me, there is some very offensive material there, no, not porn). MAYBE a p
      • I have been running an experiment on spam reduction. I have been checking every spammers's whois and filing a report on false data at http://wdprs.internic.net/ [internic.net]. If their email bounces or their US address are not in the http://zip4.usps.com/zip4/welcome.htm/ [usps.com] I rat them out. The results are not in yet but it has so far yielded about a 25% reduction. The 15 day waiting period is still pending on my largest sources of spam.

        I at least have the pleasure of thinking that I have annoyed some spammer at least
    • by interiot (50685) on Saturday August 21, 2004 @11:29AM (#10032722) Homepage
      It's not love/hate at all.

      Most reputable businesses choose advertising channels where the advertiser bears the majority of the cost of the advertisement. These advertisements tend to have at least SOME downward pressure on the total number of advertisements a person will be forced to see. These advertisers are on the whole a little more truthful, because the money trail back to them is larger and clearer.

      Less reputable businesses may choose advertising channels where the advertiser bears a very low percentage of the cost of their advertisement. Because they pay very little, and the overhead costs are small, it's easier to employ random and changing small-time "advertisers" and it's easier to generally obscure the money trail, allowing for less truthful advertisements. Because the cost of each ad impression is very very low, there's virtually no downward pressure on the number of ads a person may be forced to see. Because these "advertisers" are in the game for a quick buck, and their reputations won't suffer from any ill will, they don't care if they decrease the value of the targetted communications channel to nearly zero, to the point where people start considering abandoning it.

      • "The Tragedy of the Commons"

        Why do we have to allow ANY unsolicitated commercial email?

        And don't anyone go into "free speech" on this. You can say anything you want. But you can not use up my bandwidth.

        The economics of email ads means that there is NOTHING preventing spammers from flooding your ENTIRE pipeline with ads.
    • while there are other advertiser communications that we invite into our lives when we go through the Sunday Newspaper

      The advertisers in the Sunday newspape are subsidising my purchase. Spammers are costing my ISP money, and eventually I'm going to pay for that.

      Wording a rule set so that spam gets shut down but ads we want to see is quite a tough task

      Trivial. Don't send any ads unless solicited/opt-ed in. Some fine aof a few dollars a mesage to make it stick, and give enforcemt authorities an income.


    • In short, there are some advertiser communications that we don't welcome into our lives and call "spam", while there are other advertiser communications that we invite into our lives when we go through the Sunday Newspaper looking for the ad circular from our favorite store so we can see what's on sale without having to go there.

      There's a big difference between Push media and Pull media.

      Spam is (mostly) push. Google is (mostly) pull.


      Wording a rule set so that spam gets shut down but ads we want to

  • Finnaly (Score:4, Funny)

    by Krunaldo (779385) on Saturday August 21, 2004 @10:57AM (#10032541) Homepage Journal
    Finnaly, now i can track down this person and kill him as revange for all the porn mail I'm receivning. Wait, that i want... hmz pr0n&spam or no pr0n&no spam... Difficult decison
  • *sigh* (Score:5, Interesting)

    by bl1st3r (464353) on Saturday August 21, 2004 @10:58AM (#10032552) Homepage Journal
    SPAM will continue to exist until people stop making spam profitable. It's a bad side effect to greed. People will do anything for a buck.

    Legislation won't help. Technology hasn't been able to help that much yet. Basically, advertising is here to stay, and you can do one of two things, make yourself invisible so you can't be advertised to, or accept it.

    Companies want you to be a consumer, so that they can keep being producers. There's too many companies, so they are going to fight hand over foot to get their product into your mind in whatever method they can.

    -Eric
    • Re:*sigh* (Score:5, Insightful)

      by liquidpele (663430) on Saturday August 21, 2004 @11:20AM (#10032677) Journal
      Ugh, will people give that up?
      Spam will *always* be profitable as long as email is free. It's essentially free advertising, and therefore it will always be profitable to someone.
    • Re:*sigh* (Score:5, Insightful)

      by Karma Farmer (595141) on Saturday August 21, 2004 @11:23AM (#10032690)
      SPAM will continue to exist until people stop making spam profitable.

      SPAM will continue as long as spammers percieve that spam is profitable.

      I have never read an article where a spammer actually gave solid documentation of how much money he or she made. I've always read that "for a successful campaign, I get between this much and that much on a sales rate of this much or that much on a click through rate of about this on a distribution of about that."

      Sending spam is a get-rich-quick scheme, and the people participating lie about how much money they make, just like every other stooge in every other get-rich-quick scheme. Spam will continue to exist as long as shitheads who live in trailers with high-interest credit cards will agree to "spend money to make money" by buying scam email proxy servers and scam bulk email software.
    • Re:*sigh* (Score:4, Insightful)

      by gilroy (155262) on Saturday August 21, 2004 @11:25AM (#10032700) Homepage Journal
      Blockquoth the poster:

      Legislation won't help. Technology hasn't been able to help that much yet. Basically, advertising is here to stay, and you can do one of two things, make yourself invisible so you can't be advertised to, or accept it.

      That's unnecessarily defeatist. Spam will always exist as long as it's profitable, as you say. Laws and tech can both raise the cost of spam or, equivalently, decrease its effectiveness. Imagine if all email programs came with a default-on advanced spam filter, and you had to go through hoops and hurdles to turn it off. How many people would choose to receive spam, even among those who (in my opinion, assininely) click through on the spam they receive?
    • SPAM will continue to exist until people stop making spam profitable.

      That's why it is a really bad[TM] idea to order viagra, software and other spamvertised things for non-existant addresses or other spammers, using fake credit card informations. Soon after the campaign the spammer will get lots of retoured (undeliverable or rejected) packages and pay a lot of money for nothing.

      Bullet-proof hosting is expensive, too, so think about the spammer's budget if you /.^H^H"visit" a spammer's site. ;-)

    • Re:*sigh* (Score:2, Funny)

      by jefe7777 (411081)
      actually if it were easy and legal, scumbags would walk into your kitchen and plaster ads all over your fridge. they'd tattoo your children with messages of "increase your penile girth", and hook up a special radio that would play at random times during the middle of the night "buy me, buy me, (insert product plug here)"

      spam has nothing to do with profitability. and everything to do with being easy and dirt fucking cheap.

      face it. spammers are lazy fucking scum, and if it were made expensive/difficult to s
    • Re:*sigh* (Score:3, Insightful)

      by DarkEdgeX (212110)
      Technology would help the moment we replaced our antiquated mail delivery system (SMTP) with something that required trust and/or authorization from the receiver for the e-mail to even be accepted by the server. A method of tracking that was more closely tied to mail stores (with the goal being to make it impossible to forge an e-mail address) would also help a ton.

      SMTP is far too trusting and allows far too much to be specified by the sender.
    • SPAM will continue to exist until people stop making spam profitable. It's a bad side effect to greed. People will do anything for a buck.

      Legislation won't help.


      Why do you categorically state that it won't help? Suppose that there was legislation passed that made spamming punishable by a lengthy prison sentence? Are you going to tell us that it would have no measurable effect on the problem? Spammers may be scum, but damned few of them would want to risk being sent to a federal pound-me-in-the-ass pr
      • The bottom line is that all it takes is to increase the expected cost of spamming (the cost of being penalized times the probability of getting caught and convicted) above the cost of using a legitimate advertising channel (definition: the kind that the advertiser pays for out of his own pocket).
  • by drsmack1 (698392) * on Saturday August 21, 2004 @10:59AM (#10032554)
    He's nothin' but a low-down, double-dealin', back-stabbin', larcenous, perverted worm!! Hangin's too good for him!! Burnin's too good for him!! He should be torn into little bitsy pieces and buried alive!!!
  • Am I the only one who hates email? People send way too much of it for unimportant things and there is so much spam, you can't get anything done. It almost seems like instant messaging is better than email.
  • by LostCluster (625375) * on Saturday August 21, 2004 @11:01AM (#10032564)
    There are some things the US Government is just plain contradictory on because, well, We the People are contradictory on the topic.

    We shout out that we have the First Amendment rights anytime somebody tries to tell us not to speak, but then we strugle to find a way to make other people we don't want to hear shut up. The fact is, anywhere you create an unregulated communication medium, the smut, scum, and scam people will definitely show up to play. It's just the way things work.
    • by Lisandro (799651) on Saturday August 21, 2004 @11:19AM (#10032673)
      Not american, but still... Yes, free speech. Everyone's entitled to free speech. Everyone's also entitled to not listening if they don't want to - and for me, this is where spam crosses the line. The mere fact that you have to go through so much pain to keep your e-mail box spam free is indicator of how annoying these people can get in order to FORCE you to read their advertisements.
    • You have the freedom to speak on public property. You have no freedom of speech on my land, in my house or on my phone. Or in my computer.

      Let me repeat myself:

      Free speech does not guarantee you the right to force yourself to be heard if I do not wish to.
    • You have the right to speak. You do not have the right to be heard; nor do I have the obligation to listen to you or assist you in speaking.

      Your last sentence sounds like an argument for a completely unregulated medium being a bad thing, which is probably not what you had in mind but given the Net today is starting to make sense.
    • by Ibag (101144) on Saturday August 21, 2004 @12:41PM (#10033087)
      I think many people aren't quite clear on the first amendment. It says roughly that we have the right to say what we want. However, it does not say that we can force people to listen or that we have any right to be heardd.

      It should be noted, before I say anything else, that corperate speech does not fall under free speech. General unsolicited email might be covered under the first amendment, but spam advertizing something business related isn't.

      Additionally, sometimes what people consider free speech crosses over into things which are illegal. You can tell something, but if you follow them around and continue telling them, that could be considered harassment. You can put up a protest, but if you threaten people or indimidate others or keep people from getting to work or cause a large disturbance or many other things, you're protest has crossed the line of what is legal.

      The point is that you can say whatever you want when it doesn't affect anybody else, but we don't live in a vacum and your right to swing your fist ends where my nose begins.

      The actions of spammers are destructive and cost people time and money, even if you ignore fraudulent spam. To say that it should be legal by first amendment is to ignore much of the issue.
    • Freedom of speech does not include the "freedom" to use other people's private property without the owner's consent (or, in this case, against the owner's express prohibition -- and wilfully so, as evidenced by the use of filter-evasion tricks).
  • by Numen (244707) on Saturday August 21, 2004 @11:04AM (#10032583)
    I think MS might have been onto something with Penny Black... if sending unsolicited e-mail (sending to an address that didn't have you on their contact sheet) cost a small micro-payment, it would quickly offset any profits to be made from spamming on the scale described in the article, and wouldn't be prohibitive to those who needed to send the occasional unsolicited e-mail.

    It's either that or get into the murky waters of concrete identity, and of the two the former is the least opressive regime.
    • ... if sending unsolicited e-mail (sending to an address that didn't have you on their contact sheet) cost a small micro-payment, it would quickly offset any profits to be made from spamming on the scale described in the article ...

      This is a good idea ... sort of ...

      As long as sending SPAM is cheaper than sending junk snail mail, there will be SPAM. This is where this idea starts getting interesting ... charging more than (or the same amount as) it would cost to send out a flyer via the postal ser

      • "As long as sending SPAM is cheaper than sending junk snail mail, there will be SPAM."

        Cheaper per sale. Spam has always been less effective than junk mail, but it didn't matter since it was much cheaper (i.e. a million spams to make one sale only costs a few dollars to send, where the ten junk mails that could have been sent for the same price won't net a single sale on average). If spam gets up to even a penny per email, it will probably be more economical to only use targetted snail mail lists or other
    • While Penny Black, or something like it, would certainly help make spamming less economical there are a couple of major problems with it that need resolving. Firstly, it will penalise legitimate mailing lists like the LKML and so on. Sure, you can implement a whitelist mechanism to waive the charge, but it only takes so many users to overlook this, either through ignorance or forgetfullness, and the costs start to add up. You could possibly build this waiving into the sign-up process - "click here to con
      • It won't penalise anybody if it works on the principle of charging only for unsolicited mailing, that is mail from a source not on an approved contact list.

        As for the micropayments, I'm not sure that it is a show stopper. Remember we already have transactions taking place as part of regular mail delivery. This is just one more....

        The provider of the mail account becomes your means of credit, and it's for them to resolve remuneration with you their client. When you send an e-mail to somebody, if it's unsol
      • "You could possibly build this waiving into the sign-up process - "click here to confirm your subscription and waive all Penny Black costs"."

        That's backwards. Build the sign-up into the waiver process instead, "Click here to waive all Penny Black costs and send a subscribe message to the new sender." Thus, the opt-in management server will manage the subscription as well. Security is much easier in that direction. Further, the server that bears the burden if security fails is the one responsible for se
    • I think MS might have been onto something with Penny Black...

      You'd be wrong. I mean, 90% of the spam I'm seeing comes from spam zombies (i.e., exploited Windows boxes turned into mass mailers). Do you think Microsoft of all companies is actually going to push for something that further dings people who buy their crap OS? Nothing would get people off MS faster than the threat of a bill for $10,000 because some asshat can take your machine over and go joy-riding over inboxes across the Internet.

    • Until M$ can fix their own fucking mail clients not to send viruses to every goddamn e-mail address in the address book (or even in any file on the entire hard drive), I'd rather people with Windoze machines NOT add my address to their address books, thankyouverymuch.

      And I refuse to pay money to send e-mail to those people. Either I pay to send them e-mail, or I pay by spending my time deleting all their viruses. No fucking way.

      Next proposal, please.

      p
  • Thank god for Instant Message applications, otherwise I'd be lost.

    Actually, one of my accounts only gets one or two spams a day, but my main business address gets 1000 - 3000 a day now (after spamassassin, however I need to enable some blacklists, sod the customers that get accidentally blocked) - earlier this year it was 100 - 300, and last year 10 - 50. So in my experience, volumes of bandwidth wasting time wasting productivity wasting SPAM has gone up ONE HUNDRED TIMES in a year or so. Where will it be
  • CAN-SPAM (Score:5, Insightful)

    by Rick Zeman (15628) on Saturday August 21, 2004 @11:07AM (#10032597)
    This is more proof of why Spamhaus called CAN-SPAM the "National Right to Spam Act."

    Blech. Shoot 'em all.
    • Blockquoth the poster:

      This is more proof of why Spamhaus called CAN-SPAM the "National Right to Spam Act."


      No, no, no. The act is surprisingly honestly named. Now, you CAN spam (in the sense of, are able to), and it's protected. :)
  • I don't get CAN-SPAM (Score:5, Interesting)

    by Hortensia Patel (101296) on Saturday August 21, 2004 @11:08AM (#10032605)
    I just don't get it. I mean, Congress bending over backwards to legitimize obnoxious behaviour by big corporations I can understand; that's pretty much what it's for, these days.

    But spammers? They're not particularly organized, as far as I know. It's not as if the Viagra-and-penis-extension lobby is a major campaign contributor. So what gives? Are Congresscritters really so consistently stupid right across the board, AND their staff, AND all the IT and telecoms industry lobbyists who must have had something to say?

    Or were they worried about the effect of (useful) legislation on political direct-email campaigns? Maybe. But I can't see how that would benefit one party more than the other, so why care?
    • by jsebrech (525647)
      But spammers? They're not particularly organized, as far as I know.

      I would guess it's mainly the direct marketing association [the-dma.org] that lobbies for weaker spam regulation. They are opposing a national do-not-spam list [washingtonpost.com], and they're the main reason why the do-not-call list has no power.

      Now, they're not that big, but there's not really anyone lobbying against them. At least, not in the ways it counts, through money and people actually in congress talking with congressmen day in day out.
      • the do-not-call list has no power

        It doesn't? It's worked darn well for me.

        The only telemarketing calls I've gotten have been for two magazines I stopped subscribing to. One call for each, and that was the end of it, and if I'd forgotten to renew my subscription the calls would actually have been useful.

        I wouldn't complain at *all* about a do-not-spam list with the same "no power."
    • Spam helps the telecom and internet industry.

      More wasted bandwidth = more bandwidth needed.
      More bandwidth needed = more profits for bandwidth providers.

      As for direct email campaigns, I believe they'd help Kerry more than Bush. Why? Because the incumbent (whether loved, hated, or somewhere in between) is well known, as are his positions. If a Democrat was in office, the Republicans would benefit more from direct email.
  • Double standards? (Score:5, Insightful)

    by IceFreak2000 (564869) <.ku.oc.yanetruocde. .ta. .de.> on Saturday August 21, 2004 @11:09AM (#10032609) Homepage

    On page one of the article:

    "Richard Cunningham" more than likely isn't his real name; he won't say one way or another

    And on page two:

    "They are nothing more than kooky Net trolls out to profit and glorify themselves off a so-called problem more so than actually attempting to fix the so-called problem," he said. "They do not scare me, and the likes of them are cowards hiding behind a computer screen."

    If he ain't scared, why hide behind a false name?

  • My spamproofing (Score:5, Informative)

    by Clueless Moron (548336) on Saturday August 21, 2004 @11:12AM (#10032631)
    I use postfix, but sendmail can do the same:
    1. reject_unknown_client is on. This means that a connecting client MUST have a reverse-dns lookup for its IP, and the resulting name MUST resolve back into that IP. This alone blocks most spammers before their client can even begin to send a message.
    2. I use xbl.spamhaus.org. This is a wonderful thing. This blocks not only any box known to spam, but also any box found to be infested by some virus, ie zombies. Once again, this stops them dead before the message even starts.
    3. In the unlikely event that they get past those hurdles, I have a homebrewed filter that watches for bogus HTML tags, since they like to intersperse bogus empty tags in the middle of words in order to foil content-based filters. This simple filter actually blocks 90% of anything that made it that far.
    4. Spamassassin. The few brave soldiers of spam that got this far rarely pass this. I leave this filter near the end because it's rather CPU intensive...
    5. Finally, a simple procmail rule: If my name isn't in the "To:" or "Cc:" line, file it as spam.
    I haven't seen a spam message in, uh, maybe a year or two?
    • Re:My spamproofing (Score:5, Insightful)

      by the pickle (261584) on Saturday August 21, 2004 @11:46AM (#10032795) Homepage
      That's all well and good, but do you have any idea how many false positives that system has generated over the last year or two? I'm curious, because it sounds like it would reject a lot of list mail and "cold" contacts from people asking for help with stuff (which is something I'm happy to answer when I have the time).

      p
      • Once mail gets past the ipcheck/spamhaus, it gets filed to a spam folder which I check occasionally, so there's no problem there.

        Most false positives have come from weird mail clients that don't put me on to "To:" line. It's typically some friend doing a "mass mailing" to all his buddies. I don't recommend the ^To:" filter if you're worried about false positives.

        The ipcheck/spamhaus stuff, however, blocks delivery completely which is indeed a different problem. But here it gets interesting.

        Spammers

    • by DragonHawk (21256) on Saturday August 21, 2004 @11:52AM (#10032825) Homepage Journal
      While your techniques will all stop spam, they will also stop a great deal of legitimate mail (ham). Stopping spam is not the hard problem Stopping spam while letting ham through is the hard problem.

      If businesses did what you did, most of them would go out-of-business.
      • I'm tired of the argument you make honestly. A little "collateral damage" does not cause a business to go "out-of-business".

        I host a mail server for 2 (small) businesses, both rely on their web site to win customers. Both sell products which require communication with the customer (usually through email).

        The mail server gets about 6000+ emails per day. As of now:
        - Spamhaus SBL blocked 1084 (16%)
        - Spamhaus XBL blocked 2014 (30%)
        - Spamassassin caught 2067 (31%)
        - The virus scanner caught 105 (2%)
        only 1337 (h
    • Great, so people who's servers have broken rdns cannot send email to you. (My smtp server has broken rdns, I do not have delegation of the zone from the ISP).
    • Don't worry, the spammers are reading this and will find a way around that soon enough.

      The same reason why Al-Qaida watches CNN and Fox News.

  • by MadAnthony02 (626886) on Saturday August 21, 2004 @11:14AM (#10032641) Homepage

    The article also tells how the CAN-SPAM Act, which legalises spamming, is turning the US into the spam haven of the world.

    I think CANSPAM is an awful law. It overrides much better and stricter state laws, and it doesn't really do anything to reduce SPAM.

    However, it seems like a stretch to say that CANSPAM is turing the U.S. into a SPAM haven. I think most spam recieved in the U.S. is tied to U.S. businesses, even if it's sent or bounced through servers abroad. Just because spam from US servers have increased doesn't mean CANSPAM is the cause - you can use logic like that to "prove" that pr0n is good for kids [techcentralstation.com].

    I wouldn't be surprised if part of the reason for the increase is that there are more virus-laden compromised computers in the U.S. to relay spam off of.

    • I agree that it is a big stretch to say that CAN-SPAM turns the US into a spamhaven. Unfortunately, Spamhaus showed that the US was the world's biggest spam haven before the CAN-SPAM, and I haven't seen any big changes.

      CAN-SPAM seems, quite simply, to have been ineffective. It was a bad idea, just like everyone who had been involved in the spam problem for some time said.

      Come to think of it, I haven't seen a spam that looked to be CAN-SPAM compliant. I suppose they are easy to filter and that I reject t

    • Please use spam in lowercase when talking about UCE. SPAM in uppercase refers to the meat and is a trademark of Hormel.
  • by GGardner (97375) on Saturday August 21, 2004 @11:15AM (#10032653)
    It is amazing to me that the ultimate benefactors of mortgage spams are generally banks, one of the stodgy, conversative types of organizations around. (And rightfully so). Now, they need several layers of spam-laundering in order to hide themselves with plausible deniabilty from the spammers. But, it seems to me that an organized campaign to lobby and educate banks and other financial institutions ought to be able to eliminate mortgage spam.
    • The only way to educate them is to stop replying to the mortgage spam. As long as they can buy leads, they will because it is profitable for them to do so.

      Which is the case with ALL spam. As long as the price of sending the spam is lower than the profit of selling the "product", we will have spam.
      • The only way to educate them is to stop replying to the mortgage spam. As long as they can buy leads, they will because it is profitable for them to do so.

        That is a sensitive response, but as far as I am concerned it would just take too much money, time and effort to educate every looser out there.

        I'd rather the they-sent-me-unsolicited-information, i'll-send-them-unsolicited-information approach. This basically consists on poisoning their data base, with bogus realistic looking data! Try feeling in the

  • 1.2.3. Profit (Score:3, Insightful)

    by Pidder (736678) on Saturday August 21, 2004 @11:28AM (#10032712)
    From the article

    "As long as it makes me money, I'll continue to do it."

    That's the key issue here. As long as spam is profitable people will continue doing it no matter how illegal it is. When 1 in 19 AOL users stop clicking on spam, Mr Cunningham and his friends will go away for good. Personally I haven't received any spam whatsoever since I moved away from Hotmail a few years ago. My university email is as clean as a baby's but and my yahoo.se is very clean (1-2 a week). Most likely because my univeristy has a very competent IT staff.

    The further development of filters and smarter users are, imo, the things that will make spam go away... in a few hundred years or so...

  • by inkswamp (233692) on Saturday August 21, 2004 @11:35AM (#10032745)
    8:30 AM: Wake up.

    8:35 AM: Morning stretches and exercise.

    8:55 AM: Pray for forgiveness for being a subhuman piece of filth, hoping to save already-rotten soul from the deepest pits of Hell.

    9:00 AM: Shower.

    ...etc.

    • 8.30AM: Wake up as Ozzie the mechanic starts work at the garage.

      9.00AM: Get pulled out and made to remove some nuts from a 1950's Chevvy.

      10.00AM: Get pulled out again and made to tighten same nuts.

      10.30AM: Get put back in the toolbox along with all my cousins, as Ozzie has his coffee-break.

      11.00AM: Get pullled out and made to remove the differential from an off-roader which went off-terrain.

      12.00PM: Made to put differential back on off-roader, and used as a paper-weight as Ozzie goes for his lunch
  • Holy crap... (Score:4, Informative)

    by Saint Aardvark (159009) * on Saturday August 21, 2004 @11:37AM (#10032756) Homepage Journal
    Take a look at http://www.specialham.com/ [specialham.com]. I had no idea spammers were being this open. For example, check this message [specialham.com]:

    Anyone interested in an undetected socks 4 bot for computers that you have access to? Completely undetected and self-spreads via unique methods.

    -Executable for sale only (no source)
    -Updates
    -CGI/PHP notification
    -Random Ports or user defined port.
    -EXE only

    aim: ofno
    "self-spreads via unique methods": Hello, I am selling MSDoom.VQY. Jesus Christ.

    And they're sponsored by [specialham.com] our old friends, The Bulk Club [slashdot.org]. Can't we spread a rumour that Osama is actively funding spammers or something?

  • by Xugumad (39311) on Saturday August 21, 2004 @11:42AM (#10032771)
    ... about spam, is it just doesn't apply to me. You see, I have a degree in computer science. This means:

    1. I don't want a degree from a prestigious non-accredited university.
    2. My sex life is well beyond being helped by Viagra, or anything else in pill form.
    3. Outsourcing means I can't afford a mortgage (okay, actually I'm employed, but work with my joke).
  • by Dzimas (547818) on Saturday August 21, 2004 @11:44AM (#10032782)
    No, seriously. If 80+% of spam originates in the USA, and the US congress is daft enough to pass laws like CAN-SPAM global ISPs should hold a "cut the link" week and block email traffic from the USA. Just imagine the chaos and media attention that would cause. And it would be media attention is something that makes politicians squirm. A question, though. Can anyone explain to me what would make US lawmakers vote in favour of this bill? It seems like the kind of thing that any semi-sentient 14 year-old would be able to critically dissect as narf idea in about 12 seconds.
  • by The Ultimate Fartkno (756456) on Saturday August 21, 2004 @11:50AM (#10032815)
    ...allow me to pimp two of my favorite projects. First up is the Unsolicited Commando [astrobastards.net] project. It's a little java app that spends its day quietly and merrily filling out forms on spamvertised websites with completely bogus - and yet totally real looking - data. It's especially effective against - surprise! - mortgage/refinance spammers, which seems to be the specialty of the dirtbag mentioned in the article. Go check it out, and the source code is available just in case you think something fishy is going on.
    The second page I'd like to point you to is here [hillscapital.com]. It's a 'Lad Vampire' antispam page that also targets spamvertised websites, but in a different way. The page links to individual images on the sites and constantly reloads them without caching, thereby burning up the spammers' bandwidth and driving them out of business (or at least costing them some money and forcing them to sell their children on the black market). Be forewarned that the page has no help, no documentation, and *only* works in IE, so don't yell at me about that. The source code is available for that as well, so here's hoping someone can make it more usable in Moz, Opera, ThunderFireBunnyChicken, or whatever browser is your fave.
  • According to the article
    "Richard Cunningham" more than likely isn't his real name; he won't say one way or another. But that's the name that appears on the WHOIS record for Spamsoft.biz, a domain he owns.

    Here is the WHOIS record [whois.net]
    Email: ProMan@animail.net
    Web: www.spamsoft.biz

    Quickly! Slashdot his website! Send all your viagra, big tit/dick and Nigerian money to his email account!
  • by dtio (134278) on Saturday August 21, 2004 @11:55AM (#10032844)
    Because spammers go where the bandwith is.

    From an interesting article with some insights about the reason why most spam is US based:

    http://www.compliancepipeline.com/28700163

    "The United States is the origin of choice for spammers, said Alperovitch, because of the plentiful supply of cheap high-speed bandwidth. "Spammers need big pipes, and they don't want to pay much for it," he said.

    That explains the low percentage of spam messages originating from overseas' IP addresses. The lack of cheap bandwidth outside the United States is stymieing spammers' attempts to scale up the volume of their mailings to U.S. sizes."

  • by Greyfox (87712) on Saturday August 21, 2004 @12:02PM (#10032878) Homepage Journal
    I've been getting a deluge of spam since I rebuilt my main server and lost my TMDA filtering. Looking at the volume, I realized that I was spending a significant amount of space storing spam and a significant amount of bandwidth sending bounce messages.

    I'm currently working on a new filtering solution. The first step is SPF record checking. If the sender forged the address of a site that publishes an SPF record, I reject the mail. The second step is all mail now goes through postgrey. Postgrey is a greylist that tells the sender to try again in a while. That actually seems to work pretty well, though it does delay my mail by about an hour. The third step, which I'm still working on, performs two checks. It checks to see if the sender's on a whitelist and if he is, it lets him through. If he's not, it checks to see if the mail's encrypted to my personal GPG key. If it's not, the mail gets rejected (At the MTA, so I don't have to send a bounce message.) I can always eliminate the second step if the spammers ever figure out how to deal with that. I'll be changing the GPG key on a regular basis to keep the target moving.

    It's a pretty extreme solution, but all of about 3 people in the world send me legitimate E-Mail and I was getting 200K+ of spam a day. With that S/N ratio, I may as well just turn my E-Mail server off. This is the next best thing.

  • I find the most effective spam blocker is DEA's. You either use something like spamex with it's bookmarklet(well worth the 9.95 a year to me) or get an ISP that provides the service(more and more do), or do it with your own Domain/E-mail server.

    Then, DON'T ever use your real e-mail address. Make a new DEA for every e-mail address you have to give out, and turn it off if it starts getting spam, or when you're done with it.

    Also, use some common sense about where you place an e-mail address.I have to use a
  • A cute technical solution to some email woes:

    http://www.tla.org/papers/spa-ndss03.pdf [tla.org]

  • by segmond (34052) on Saturday August 21, 2004 @12:31PM (#10033042)
    but I was on hotmail then, on yahoo, my bulk folder does a good job, so I rarely see their junk and I am not annoyed as much. A good spam filter is like Tivo...

    After having been a victim of the jacked up job market, How is a man to survive? I can see why some of em do what they gotta do.

    The original idea of cable TV was to be commerical free. We pay for cable TV just like we do for our internet connection. I consider TV commericals SPAM. I did not ask for it, but likewise they advertisers always go, "We have to make profit." Why is it that people put with cable commericals but not spam? Then there is the movie theaters. It use to be that if you went there, the previews start a few minutes before the movie time, and the movie starts on time. But today? commericals come first at the time the movie is suppose to start, then the previews, then the movie.

    Spam is here to stay. It is NEVER going away. The day SPAM can be completed eliminated from the net, well, I certainly wouldn't be on it, cuz it must not be a free net. One of the pain of freedom is that those you do not like are also free to do the things you do not like for them to do.

    We should battle SPAM the right way, not by banning it or attempting to. Suing the company for wrong advertisment (if they did.) Ordering from the company then returning the product. Credit card charge backs are in the average range of $20 per charge back for internet companies. Imagine if 1,000 people ordered then cancelled their orders. $20,000 in extra fees for the company selling the junk.

    • commericals come first at the time the movie is suppose to start, then the previews, then the movie.

      And it doesn't stop there. The movies have product placements as well. When I saw "I, Robot" a while back, in the first 3 minutes of the movie, there were 3 product placements, FedEx and Nike being two I remember. And they were worked into the dialog, not just some part of the background.

      I'd be interested to know how far back this practice goes, because I remember "Back to the Future" had a pretty blata

  • by azav (469988) on Saturday August 21, 2004 @12:31PM (#10033045) Homepage Journal
    Let's get a collection have this man removed from the planet in a very slow and painful way.

    It amazes me just how ineffective our government can really be at times.
  • by slashname3 (739398) on Saturday August 21, 2004 @12:34PM (#10033054)
    The most effective tool I have seen so far is greylisting. greylisting reduced the amount of spam from 3000 to 6000 a day to 5 to 10 spam a day. Include spamassassin and the spam that does get through greylisting gets nailed. spam problem solved.

    Now if everyone greylisted the spammers would be out of business. But people here, which should be technologically knowledgable, seem to just complain about spam. Implement greylisting on your servers along with spamassassin! You will not regret it.

    Since doing this I have actually been able to get back to real work instead of worrying about spam.
    • Network traffic!! (Score:2, Informative)

      by Skiron (735617)
      The solution isn't to stop it on it's way! You got to stop it being sent. This shit eats up the Internet by fact of being sent.

      Take snailmail junk mail - even though you throw it away anyway, the post office still charges for the postman to deliver it (and pay him) - if he didn't, then he, you and the post office would be a lot better off!
  • by cr@ckwhore (165454) on Saturday August 21, 2004 @12:56PM (#10033195) Homepage
    A mortgage is a serious transaction ... so why in the hell would anyone in their right mind trust somebody who can't even spell mortgage in an honest way? It baffles my mind!

    No thanks, I'll pass on that m0Rt~ga'gE offer, you shithead.
  • "Currently, 86 percent of the total spam volume is coming from the States."

    maybe I should change my settings on my mailservers and block US address-space and open it up for china ? :)

    maybe not .... I am in Costa Rica now .. spam sux here too bigtime ... my "sherd" external cable ip cannot send mail to anywhere anymore since some moron spammed the hell outta that IP :(
  • Nevertheless, his work has made him enemies. The bane of his existence, of course, is the anti-spam community, which is often quite zealous in its efforts to put spammers, legitimate bulk mailers and scammers alike out of business

    What anti-spammers are trying to put legitimate bulk mailers out of business? Maybe some small time antis are doing that. The major anti-spam groups and lists are not. But some do try to put spammer harboring ISPs out of business, which can affect their other customers, so ma

Excessive login or logout messages are a sure sign of senility.

Working...