Slashdot Log In
The New Yorker On Spam
Posted by
kdawson
on Tue Aug 07, 2007 07:19 AM
from the they-don't-like-it-one-bit dept.
from the they-don't-like-it-one-bit dept.
aqk notes an article in the Aug. 6th New Yorker surveying the spam problem up-to-date. The New Yorker may not be exactly the MSM, but it is pretty influential. The author got only one fact wrong that I noticed: Canter and Siegel's seminal spam was propagated through Usenet and not email. Still, it's a good look at the history of spam and the scale of the problem today. The amount of spam that "spam king" Robert Alan Soloway, indicted under the CAN-SPAM Act, is accused of sending over a period of four years is now pumped out about every 30 seconds, around the clock, around the world.
Related Stories
[+]
Spammer Robert Soloway Arrested 383 comments
Mike writes "Yahoo is reporting that US prosecutors captured Robert Soloway, a prolific Internet marketer responsible so much junk e-mail they called him "Spam King." Soloway was arrested in Seattle, Washington, a week after being indicted by a federal grand jury on charges of identity theft, money laundering, and mail, wire, and e-mail fraud. Soloway is accused of using botnets to disguise where e-mail originated and of forging return addresses of real people or businesses for his mass mailings. If convicted as charged, Soloway will face a maximum sentence of more than 65 years in prison and a fine of 250,000 dollars."
[+]
Your Rights Online: Spam King Pleads Guilty in Seattle 152 comments
arbitraryaardvark writes "The Seattle Times reports that spammer Robert Soloway has pled guilty to mail fraud and tax evasion, in exchange for the state dropping multiple counts of identify theft. 'The electronic-mail fraud charge is punishable by up to five years in prison. The tax charge is a misdemeanor and carries a maximum one-year sentence. The law also allows for fines against Soloway and his business of up to $625,000 on all charges. Both sides agreed to let U.S. District Court Judge Marsha Pechman determine not just the amount of prison time Soloway, 28, might serve but also the number of his victims, the size of any fine and the amount of restitution he may be ordered to pay.' We've previously discussed his arrest and mention in the New Yorker. The wire fraud felony count is based on selling $500 packages to wannabe spammers."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Need More Exposure to Ideas and Methods (Score:4, Informative)
This article is a great short history on spam but no new information was presented to me here (and judging from the summary neither did it shed light on anything new to you).
I laugh at either of these hopes because the average person already deals with spam daily (my relatives began reaching out for me on ways to censor that from my younger cousins years ago) and we have a different mindset than businessmen & marketers.
The article mentions the epic article [paulgraham.com] by Paul Graham entitled "A Plan for Spam." It may look long and arduous but I heavily recommend you read that. I will not forget reading that article nor will Slashdot [slashdot.org]. I think it helps more for the "mainstream media" to publish things like this for their readers.
Yes, it has code in it. Yes, it requires a bit of a priori knowledge in some places (pun intended). But, you know, a lot of times the best stuff comes from outsiders and I personally think that newspapers should develop a 'tech section' where they can throw off the mittens & grade school knowledge that need to be on in order to handle your average reader. I know many newspapers have entire sections devoted to sports--sometimes even just one particular sport if it's in season! I've seen many newspapers have 'articles/ads' for new automobiles, why not new technology? I know Popular Mechanics is
Which brings me back to an important point, you're not going to change anyone's mind. Everyone knows about it and if you think that Wallstreet businessmen are going to pick up the New Yorker & their jaw will drop when they read this article, you're sadly mistaken. If you think marketers will read this and say "My God, I need to start thinking about what I'm doing to the networks of the world," you're deluding yourself.
What we need is an article that causes people to seriously ask themselves how we can keep e-mail free and uncensored while at the same time stopping spam. When I was asked by my aunt, they were concerned for their daughter using the internet and opening a spam message to see a guy with his legs split around a phallic-looking cactus in an ad for Viagra. I showed them how to use Thunderbird instead of Outlook Express and how to turn on junk mail filter. I also pointed out how vulnerable you leave yourself to spam if you print your e-mail in plain text on the internet. They never had a problem with it again.
So while this article is informational, it does nothing practical for the reader. I realize--and I think a lot of people will agree with me--that the best way to stop spam is to stop clicking on it and show others how to do the same. The 0.001% response will dry up and spammers will drop off. Articles on how to configure yourself to spot spam would probably be the best thing mainstream media could print--sure would have helped my relatives!
Re:Need More Exposure to Ideas and Methods (Score:5, Insightful)
Because such articles don't sell advertising. Popular Mechanics, Popular Science, Scientific American, etc., can sell ads because they have nothing but tech-heavy, jargon-laiden articles, and so the advertisers know exactly who they are targeting.
Newspapers are general-purpose publications, written for the widest audience possible. It's hard enough for them to sell ads these days without having to have specialized sections for the tech reader.
That being said, newspapers should be trying to innovate, because if they don't, well...it's the death knoll for newspapers.
Parent
Re:Need More Exposure to Ideas and Methods (Score:4, Informative)
Parent
It'll be hard to change minds. (Score:5, Interesting)
I'm in the middle of starting up a small business and was talking to someone about marketing. This individual (Not an in-duh-vidual - a Ph.D.) suggested that I send out mass emails. I told him that I can't do that because I'll be a spammer and my ISP will yank my account. He then mentioned that they're are ways to mask my origins. I said if I get caught doing that, I'll be in even more trouble. Besides, I DON'T want to be a spammer.
My point? Spamming has become so standard and everyday that people don't even give it a second look now and just consider it an annoyance at worst. The only people who really care are those of us in IT.
Parent
Re: (Score:3, Insightful)
I hope your friend's Ph.D isn't in a computer science related field. It seems logical that an acceptance of this would infect the rest of the world, though. Many businesses have enjoyed moderate success by sending out "mass-mail" through the USPS for years.
In regards to your other point...
Spamming has become so standard and everyday that people don't even give it a second look now and just consider it an annoyance at worst.
I have found it increasingly annoying dealing with people who run pirated software because "they couldn't afford to pay for it". This "don't give it a second thought" mentality is, IMHO, something that should be reve
Re: (Score:2)
Sherlock Holmes . Gregory House 90% of geeks reading this message all of them have areas where they excel but they would be dangerous in others
This is Old Media covering a tech problem.
Re:Need More Exposure to Ideas and Methods (Score:5, Interesting)
This is definitely a start in the right direction, but it's not the whole story. I'm convinced that a massive part of the problem is that there's a widespread belief that spammers make millions of dollars.
No doubt, a very few do. A very few have mansions and island retreats in the Bahamas. But these people are like the Michael Jordans of spammers, the people who have spent an incredible amount of time and effort into honing their spamming skills not just into an art, but a lucrative profession.
The problem is that most spammers aren't the Michael Jordans of spam. They're just people who have heard that spammers make millions of dollars, and they want in on that action. They go out and download the latest scripts and fire off a few million e-mails. No one responds. So they fire off a few million more. After enough times, someone will respond, and they've made $20 bucks. Flush with the thought of new mansions, they fire off millions more. Whoops, that $20 was charged to a stolen card, so they're back to zero.
The point is that the world has changed. Back in the day, there was a lot of money to be made from spam. Now, though, you have a very few scummy individuals who have made massive amounts of money. You have thousands of scummy individuals who think they can do they same thing, but fail miserably. It doesn't matter, though, all you need are the few who do make millions to keep the perception alive that spam = TONS of money, and you'll have people lining up to do it.
What need to happen is that they need to stop focusing so much on the spam "kings" and go after the regular guys who send it out. The people without the million-dollar houses. The people who think that it doesn't hurt anything to fire off a few million e-mails to try to sell some Vigara (yes, I misspelled it deliberately). The press need to cover those stories too. (They really need to cover them more.) People stop seeing Bill the multi-millionaire spam king and start seeing Ted the worthless loser who was so desperate that he thought he could make a million dollars by sending spam.
It's not enough to make spam unprofitable. People have to know it's unprofitable, and that when caught, they'll end up in jail for nothing.
Parent
Re:Need More Exposure to Ideas and Methods (Score:5, Insightful)
Parent
Re: (Score:3, Interesting)
This is definitely a start in the right direction, but it's not the whole story. I'm convinced that a massive part of the problem is that there's a widespread belief that spammers make millions of dollars.
No doubt, a very few do. A very few have mansions and island retreats in the Bahamas. But these people are like the Michael Jordans of spammers, the people who have spent an incredible amount of time and effort into honing their spamming skills not just into an art, but a lucrative profession.
Replace "spammers" with "drug dealers" and the statement is still true.
In fact, I think many, if not most, illegal activities are driven by the same motivation. It's a lottery; people rationally know that their chances of 'winning big' (being the multi-millionaire spammer sitting in the Bahamas, or the drug dealer who becomes a rap star, or whatever) are ridiculously small. But they do it anyway, because they think they can be that one in ten million.
I strongly suspect that if you look at the pay-per-hour
Re: (Score:3)
Umm, what pun?
Incidentally, the New Yorker is one of the most prestigious magazines in the world (albeit prestige derived much more from its past authorial and editorial quality than from anything it has now). I'm not sure why you and the submitter seem to think it's some sort of printed-out blog.
The *original* source has a great history of spam (Score:3, Informative)
The author's source material is a great short history of spam, too: I didn't read anything new on the early history of spam in the New Yorker because I'd already read it elsewhere. Yet the New Yorker author only obliquely referenced his source materials when he mentions Brad Templeton (EFF chairman, etc.) via a quote. If I was the editor for that article I'd have pushed for more research credit to be given.
Brad Templeton's collection of essays on spam [templetons.com] includes:
Proper verification of senders (Score:5, Insightful)
Re: (Score:2, Interesting)
I have friends that automatically bounce emails back for whitelist verification. This annoys me, but helps them. It also keeps them from getting a lot of needed email, like site automated site registration stuff. And the spammers would eventually beat that technology too.
Get a gmail account. It works. Our university spam filtering quality goes up and down, but I get maybe one spam a week in my inbox in gmail.
I used to periodically get some crazy communist manifesto spam, all in spanish. I miss that on
Re: (Score:3, Insightful)
Re:Proper verification of senders (Score:5, Insightful)
1) What exactly is spam? -- Some people would say that spam is any e-mail they don't want. Others will say any e-mail they didn't ask for. yet others point to the dictionary and say "unsolicited usually commercial e-mail sent to a large number of addresses"
This brings up the first problem... if we go with the last (and most technical) of those definitions, all a spammer has to do is start to "properly" personalize the messages (for some value of personalize)
If we go with the first, how can you check on the sending end if the recipient wants it?
if we go with the second, what about when I want to send e-mail to a friend I've lost touch with? he didn't ask for the e-mail, therefore my message is "spam"
Even if we, as the GP suggested, impose a technical restriction on e-mail such that it has to be authenticated as to who it's from, all that does is make the filtering easier. What is going to prevent the dedicated spammer from "registering" a new identity? where would everybody's identities be registered? would you trust a centralized registry of "registered senders"? for some reason i think not.
I've heard suggestions of using a "web-of-trust" method of "registering identities", but even with that idea, you're going to end up with many separate webs. and bog help you if you want to send e-mail between the webs, you'd be effectively unknown, and thus declared "SPAM".
All to often the way it seems with technology is that we put band-aids on everything. Endless patch-Tuesdays, etc. and that when a new system is proposed and agreed upon it (a) takes forever to get off the ground
Maybe I'll have to think of an algorithm to dynamically and auto-magically create a positive, and negative web-of-trust, both for senders and for servers... but that's more for another time
Parent
"Web of trust" won't work. (Score:4, Insightful)
Yet about half the spam that gets through my system comes from HotMail and GMail.
And let's not forget the cute ads that Microsoft appends to outgoing Hotmail messages. So, someone sends spam through Hotmail, which ends up with the ad attached
That's great. The spam gets through and the legitimate messages are blocked. Maybe Microsoft could have put a bit more thought into their process? No? Getting the ads out is too important?
Here's a thought. How about Microsoft and Google throttle the outbound connections on their servers? One message every 5 seconds? And take an account off-line AND ALL ITS PENDING MESSAGES if they get a complaint? Google has smart people. I'm sure they could work out an automatic arrangement with the larger anti-spam sites.
The only "web of trust" you can really trust is your own white list.
I'd rather focus on the opposite. Identifying ranges that are 99.9%+ likely to be spammers. Like most of the home accounts on Comcast and Verizon and such.
Parent
Re: (Score:2)
The only "web of trust" you can really trust is your own white list.
This falls under the problem of the "If I didn't ask for it, it's spam"
Just recently, I got back in touch with a friend from college, I contacted her at work, and she asked me to e-mail her private e-mail address... of course, her private e-mail address didn't know who I was, so filed me under spam.
White-listing is a great concept, but it isn't complete enough to work all-of-the-time. What we need is an "all-of-the-time" non-broken system.
No. It comes from their servers. (Score:4, Interesting)
Nope. They can't fake the IP address if you don't have pipelining turned on. It's coming from their IP's.
That's the problem. You cannot "trust" Hotmail or GMail because they ARE used by spammers.
And there is no technological reason why they could not address that issue. They know that spammers will open accounts with them. Yet they take no steps to mitigate that. Even limiting the outbound emails from each account would help. And having an automated process for reporting and blocking spam from them would pretty much solve the rest of the problem with them.
Parent
Re: (Score:2, Interesting)
Re: (Score:2)
Re:Proper verification of senders (Score:4, Funny)
Ask your friends to stop using subjects like:
"You will be able to penetrate deeper"
"15% discount automatically on BOTH watches!"
At least in gmail they are still around, and gmail will let you search for them easily. I am more worried about my university bouncing legit email as spam and I never see it... No way to find those.
Parent
Re: (Score:2)
Ask your friends to stop using subjects like:
"You will be able to penetrate deeper"
"15% discount automatically on BOTH watches!"
I once had to email a copy of Arnold's poem "Dover Beach" (http://www.victorianweb.org/authors/arnold/writin gs/doverbeach.html [victorianweb.org]) to somebody, and a Bayesian spam filter bounced it. Go figure.
The ones I have most trouble with are mailing list digests that do contain spam, but mixed in with legitimate content. Until the filters learn how to take apart the digest this looks set to remain an issue.
Re: (Score:2)
I get maybe one spam a week in my inbox in gmail.
That's my experience too. Unfortunately, I get three or four legitimate emails a day in my spam box. And even though those legitimate emails are from mailing lists I have subscribed to, and I have set up filters to label them, and I keep clicking the "not spam" button, gmail spam filtering overides my filter, doesn't learn to recognise the origin as legitimate, and doesn't seem to have the facility to whitelist them :-(
Address book doesn't help? (Score:3, Interesting)
I'm not sure it's an automatic 100% non-spam rating, but it does seem to be worth some points at some point in Google's filtering process.
Re: (Score:2)
Re: (Score:3, Interesting)
Mod parent up! (Score:2)
It is simply impossible to have a system that will identify EVERYONE in the world
Re: (Score:2)
It is simply impossible to have a system that will identify EVERYONE in the world ... that will not also allow the spammers to grab fake addresses whenever they want to.
You don't know what "impossible" means, do you? Impossible means "if you had unlimited funding, you still couldn't do it."
A total identification system is fairly easy. The hard part would be picking the right one, and handling bad authorizers. It may be "impractical", but it sure as heck isn't "impossible."
(Absolutely easy method: one e-mail address per real person, always based on their nation of residence. Anonymnity goes out the window, but you get real authorization.)
Re: (Score:2)
When you send a message with XMPP, your server is responsible for validating and re-writing the from field. It then connects to the recipient's server. The recipient's server, before the message is received, performs a DNS lookup of the sender's server, and checks that it matches the sending server's IP. If it does, then it relays the message.
When you receive a message from foo@bar.com, then your server guarantees that it comes from bar.com, and the bar.com server guarantees that it comes from the 'foo'
Re: (Score:2)
There's a reason why it's extremely unpopular. We need anonymity on the Internet.
Do you really want everything you do on the Internet to be trackable back to you? If they set up some sort of central ID authority, I can't help but think it will be expanded beyond spam service, and frankly, I don't want everything I do to be tracked.
I think that part of the problem is that people do stupid things without any thought of consequence. For example, several years ago, my sister called and asked my e-mail ad
It's worse than you think. (Score:2)
Re: (Score:3, Insightful)
Reason? Simple. Who would immediately lose their "internet rights"? Clueless people with spam sending trojans. The same people that pretty much everyone who earns money through the internet loves. ISPs love them, because they use little bandwidth and don't care if their connection speed and reliability is far below anything advertised. Internet shops love them, because they rather buy crap online than trying to find it for free. Governments love them for as long as they're occu
Re: (Score:2)
A modest proposal... (Score:2)
Sure, and while we're at it, if everyone was required under penalty of death to have their name tattooed in large block letters on their
Not MSM? (Score:5, Interesting)
If anything the New Yorker is a good way to reach people that might not be quite as technically proficient or knowledgeable.
Re: (Score:3, Funny)
Maastricht School of Management, in Maastricht, the Netherlands
Metal-semiconductor-metal junction.
Miami Sound Machine
Men who have sex with men
Million Skirted Men, a movement advocating men's right to wear skirts.
Re: (Score:2)
Suck (Score:3, Informative)
Just because your inbox doesn't have a lot of spam doesn't mean someone out there isn't making sure you see it that way.
How much does spam cost? (Score:5, Informative)
3 load balanced e-mail filtering appliances, at the Internet facing edge. (Basically, BSD boxes running postfix, spamassasin, clamav, policyd, DCC checks, RBL and a few other checkers and daemons I'm forgetting.) They get about 90% of our spam.
2 load balanced postfix boxes, running policyd on our outgoing mail, they will greylist any naughty customers with a zombie that have sent to much. Also, they do inbound user verification with LDAP, if spam has BCCed an invalid recipient or two, reject. Add another layer of anti-virus on the way to the customers. This catches another 8-9%. I'm guessing around 1% gets through.
1 DCC server, because we exceeded the threshold for being able to use free DCC long ago. (I'll admit it's a bit under used.)
1 MTA running exim for the hosted domains. This has spamassain, and a few other services, supplementary to everything in front of it. I'd say it gets most of the rest for those with hosted domains.
1 big bad 8x processor pop server that runs webmail and pop for the customers. It does no spam checking, because it could never handle the load, just stores what we think is not spam for the customers, around 25,000 accounts.
By comparison, we need one (1) production, not counting backups, provisioning server. It handles minor things like DHCP for 15,000 customers.
Now you have an idea on what your ISP spends its money and resources on. There is no small industry selling you solutions to fight the SPAM.
Parent
King Robert Alan Soloway? (Score:2, Funny)
Re: (Score:2)
They try to send, but don't really succeed (Score:3, Interesting)
Well, they're trying to send a lot, but with a proper setup at and around your mail server, you will not be seeing much of it anyway.
Simple greylisting helps a lot, supplemented with greytrapping-generated blacklists (with 24 hour expiry) it's even fun to watch. The last 2-3 percent that actually makes it through to be seen by content filtering gets converted back to free electrons.
I've had a series of blog entries over at bsdly.blogspot.com [blogspot.com] about this and the conclusion is clear - with a competent system administrator, Spam is a solved problem [blogspot.com] (Links to other refs inside, follow links).
Re: (Score:3, Interesting)
How much time should I spend on becoming the hypothetical "competent" sysadmin? How much should I have to pay someone else to do it for me?
Tell you what. You provide the salary for me to hire someone reasonably competent to keep filters up to date, and send me a couple of fairly powerful servers, and pay for a second dedicated T1 to do nothing but process email, and I'll back you
Re: (Score:2, Informative)
Content filtering costs a lot of cpu, greylisting and stuttering (replying 1 byte at the time) costs our end very little.
The cited techniqes are likely to save you significant costs by discarding the obvious cases at the gateway and letting your computation heavy content filtering deal with five percent or less of the load it is handling at the moment.
All I can say is read the articles. You really do
Re: (Score:3, Informative)
They all add up, and they really do require a lot of extra hardware.
Do you have any clue what percentage of the bandwidth I pay for is going to the initial TCP packets from hosts I drop immediately? I'll give you a hint: It's a lot.
I guess... I've heard serious discussion from people at large sites of what goes into their spam filtering. I'd guess they're not morons; in many cases, I know that they are quite intelligent, and hav
How times have changed (Score:2)
Just the other day I ran across an old thread on the linux security audit mailing list where a few of us were bitching about the second spam in a month! In the end, they elected to leave it an open, unmoderated list so that non-subscribing developers could continue to post responses to things they may have been cc'd on.
Seven short years later and our current spam catch rate (at a regional CLEC) is over 98% and far from perfect...
Please... (Score:2)
RMS wants spam! (Score:2)
Spamfilters by Default (Score:2)
Re: (Score:2, Insightful)
1) You assume that all nations want to cooperate and, as you so eloquently put it, "nail their collective goolies to a wall". That is very far from the truth. If we can't get a universal agreement about terrorists, how can we get a universal agreement about spammers/scammers? The only way one is going to be able to do this consisently is by doing vigilante justice - and then avoiding any law enforcement that wants to take you out for taking matters into your own hands. Good luck w