Exposing Spammers For All They're Worth

llywrch points out this interesting story at Art & Farces in which a "guy fights spammers by occasionally sending an email telling the spammer to leave him alone or he'll bill for time & services. Some take him off their mailing list, some pay the bill, but most don't respond . . . except one guy who was so incensed at receiving this invoice he had his lawyers send a threatening note. Makes it easier for Fraase to collect on his invoice."

Actually do something and I'll be impressed

[evilviper]

Empty threats are nice... but until large numbers of people go to court to fight against spammers, well, you lie in the bed you've made (or have done nothing to stop).

Spammers

[WickedClean]

Speaking of spammers, I have gotten more junk mail this past month, trying to trick me into changing registrars for a couple of domains that expire in November and December. I have gotten 4 different letters from Register.com, as well as about a half dozen emails from Register.com or their affiliates. I had always thought they were a big company and above sending spam, but I guessed wrong.

One thing I would like to see is to make it illegal for these so-called 'companies' to sell mailing lists. They are selling people's personal information! I know, I know - wishful thinking....

Re:Spammers

[WickedClean]

Am I wrong in thinking it is still ok to tell telemarketers to eat the poo fresh out of my butt? I always thought that if they called you, then you have the right to tell them off. I wonder if that lawyer is a REAL lawyer...the spammer could just have whipped up a fake letterhead.

Spammer's Real Address

[istartedi]

How do you get it? I've always wanted to send them bills, but I always figured getting the real addrress would be too time consuming.

I've had things like this happen to me.

[Yottabyte84]

A while ago I got an account at neopets.com (using a disposable email address [sneakemail.com]) making sure to select the "don't send me any email" box, and after I was disgusted at thier birbery for clicking ads forgot about it. Then they spamed me. I sent them an email telling them they'd be billed for any further spam. Here's what they sent me (personal details deleted):

To Mr. [censored]:

The Legal Department is in receipt of your message regarding an
advertisement you allegedly received from NeoPets. We take all user
concerns-especially those in connection with member privacy and safety-very
seriously, and in this regard monitor the website around the clock for
inappropriate content.

To begin with, NeoPets unequivocally rejects your "purported" contract and
refuses to enter into any agreement with you. Your demands are neither
reasonable nor are they acceptable under any circumstance. As such, this
message should not be construed as an admission of liability or acquiescence
to your demands, but asv a complete rejection of your offer. Likewise, any
transmission you may receive from NeoPets is not an acceptance of your
agreement and may not be construed as an acceptance under any condition.

Moreover, by registering on the NeoPets.com website, you expressly agreed to
NeoPets' Terms and Conditions, which states that NeoPets may send
notifications and announcements to its users' e-mail addresses. Neither
NeoPets nor its sponsors send unsolicited e-mails and will only send e-mails
to users who have expressly requested, or consented to receive, such
correspondence and have provided an e-mail address destination. As such,
immediately upon the Legal Department's receipt of your message, we had
0rnrsegu001@sneakemail.com blocked from our system to ensure that you do not
receive any more unwanted e-mails. Additionally, we researched your e-mail
address in the NeoPets database and located the account "yottabyte," which
we immediately froze to prevent you from receiving any further unwanted
e-mail communications.

Unfortunately, we have no control over the sponsors our users register with,
and this is a matter that must be taken up with each sponsor that sends you
e-mails. As a practical matter, our sponsors are very responsive to
"unsubscribing" users who wish to be removed from e-mail databases. As a
courtesy, we will try to help remove your e-mail address from our sponsors'
systems, although we can make no guarantees as to the effectiveness of
preventing future unwanted e-mails. To do this, however, I will need you to
send a list of the sponsors from whom you are receiving unwanted e-mails.
Because NeoPets.com does not pass along user information to anyone, we do
not know where your e-mail address was registered and thus have no way to
automatically unsubscribe it.

Please contact us directly at legalDepartment@NeoPets.com if you have any
further questions or if this problem persists. We hope the foregoing has
addressed your concerns.

Sincerely,

The NeoPets Legal Team

Now for some commentary.

Moreover, by registering on the NeoPets.com website, you expressly agreed to
NeoPets' Terms and Conditions, which states that NeoPets may send
notifications and announcements to its users' e-mail addresses. Neither
NeoPets nor its sponsors send unsolicited e-mails and will only send e-mails
to users who have expressly requested, or consented to receive, such
correspondence and have provided an e-mail address destination.

And yet they tried to get me to buy tickets to some event (I seem to recall it being some radio station held event of some sort)

Unfortunately, we have no control over the sponsors our users register with,
and this is a matter that must be taken up with each sponsor that sends you
e-mails.

I definatly did not register for any annoying ads.

I responded to this by telling them "whatever.... all further email to this address will bounce" then going to sneakemail.com and deactivating the address.

I'm sort of amused by this, I bet it cost them at least $100 to have thier lawyers tell me off.

SpamCop, and Nagging Admins with complaint Email

[RageMachine]

I would have to say the best thing to do is to use spamcop for the 1st or 2nd time, and then after that if the ISP still does nothing about the spammer, then find every address listed on the site, and forward the spam to it. That will make the admins listen.

I repeatedly recieved spam from a site called popsite.net, run by megapop.net, and repeadidly asked them to stop sending spam, or to stop providing free dialups to spammers, and they still din't listen. I got tired of it and called them. They still did nothing. I recieved another one, and decided to just annoy the hell out of them untill they did somthing about it. I forwarded the spam to EVERY email address listed on megapop.net: abuse@ support@ noc@ billing@ etc... every one. Then I forwared the auto-replys back to them. And finally a REAL person emailed me and said they had found the spammer, and mentioned that several people were pressing charges against him, and asked If I wanted to, and gave me his email address, AND his home phone number.

Now every now and then when im near a phone and bored, ill call the spammer and hangup, or play a recording of a Telemarketer; somthing along the lines of "Congratulations! You've qualified for the platinum card!". Every site that asks for an email address to download somthing, I just put his email address in it.

I have over 1,200 lines in access file for sendmail, and STILL I get spam from overseas servers. Mostly I will just block all of .co.uk, or .com.pt, or somthing to that nature, to prevent 9/10ths of the spam that comes in.

The best way to fight spammers/advertisers/telemarketers is to fight fire with fire.

Getting back

[wormyguy1]

Spammers really go to all ends to get you to open their email. I got an email the other day that said, in all caps, "BIN LADEN HAS BEEN CAPTURED", and it came from a coherent-looking MSN email address. Realizing that I didn't know anybody lame enough to send me anything in all caps, I opened it anyway. Well, to no surprise, it was porn, in HTML format, with some 300k of blinky, flashy, seizure-inducing images.

If it's one thing I don't understand about spam (and this coming from the fact that my mother is in the advertising/graphic design business and I help them with tech support issues, I know how the corporate marketing machines work) is that you want to target a key demographic who is going to be interested in your product (in this case porn), you want to send it to the people who will be most likely to give you their money. Marketers spend millions of dollars on demographic databases to make sure that they aren't wasting money marketing to people who aren't interested. Now imagine how much it costs them to send 300k of images to the email boxes of, I'll be conservative here, a million email addresses. Imagine how much it costs when said email bounces. Witnessing the slashdot effect (especially right now, I haven't even been able to resolve the domain of the site linked above), I can't even imagine what must be going through spammers minds when they send an email with "BIN LADEN CAPTURED!" as the subject. After reading that subject, I imagine that most people would open the email, download all that porn, cost the spammers money, and then not even be interested as they weren't looking for porn to begin with. Same thing with them registering domain names... if you are looking for information on the White House (IE: whitehouse.com) and you come across porn, how interested are you going to be?

The other thing that surprises me: if it wasn't successful, they wouldn't bother.

Re:Spammers

[Pathwalker]

For a while (about 6 months) whenever I had a telemarketer call, I would explain that I was busy, and ask them for a number at which I could call them back.

Only one actually left a number - I looked it up on Google, and got a hit. It turned out that they were an artist, who I would assume was doing telemarketing as their day job. It really weirded them out when I commented on one of their paintings when I called them back :-)

Nowdays, I don't deal with telemarketers - I leave the phone off the hook most of the day, as I work nights.
Spammers I just stick in /etc/smtp.cdb and never hear from again...

Re:Actually do something and I'll be impressed

[AntiNorm]

Wahington State went after spammers. The state was the first to pass anti-spamming legislation.

And many states have followed suit. Check spamlaws.com [spamlaws.com] to see if your state (or country) is on the list.

Going after TrafficMagnet

[greysoul]

Recently I got Spam from a company called Traffic Magnet, they provided me with a screensho of my webpage, and I sent them the following, feel free to copy, or comment on the points of my letter. thanks

Christine,

One thing I notice is that you are using my copyright images to sell a product and/or service.

Please email the physical address of your legal department, or the location to which I should have an attorney contact you about this issue.

If you prefer to contact me via mail please use my business address:

--Address--

As an artist I take my copyright, and privacy very seriously. While no laws yet exist in New Mexico regarding Unsolicited Commercial Email (SPAM) There are laws that protect Copyright holders. As a copyright holder it is my responsibility to protect my property. I do hope that you take this matter seriously and we can resolve this quickly. The normal process is I would have my attorney send a cease and desist letter, to which you would have a lawyer reply that the actions demanded (by me or my agent) have been followed out in accordance with applicable laws.

Thank you for your time

Signed.

Re:Spam and Hotmail

[mgv]

I used to get alot of mail addressed directly to my hotmail account - which I don't give out (its a redirect from a pop3 account).

Someone obviously got a subscriber list from the hotmail site, as you would see 20 or so names alphabetically sorted near your own name in the To or CC list.

These just stopped happening (Maybe the spammers were overwhelmed with a sense of remorse, but I doubt it). I never changed anything in my settings. They aren't in my bulk mail. I think microsoft is filtering them out. Anyone else seen this?

If it is happening, its the most effective thing I've seen so far as a spam filter.

Michael

I had a similar experience...

[Tribbles]

I really enjoy it if the spammers have a telephone number I can call, or better still a fax number.
One spammer I called I tied up his line demanding why I was being spammed for so long, he put the phone down on me.
Another I faxed with an invoice for $300. I live in the UK, and this guy was in the States. About a month later, I received by **post** a print-out of my invoice, with hand-written notes (in orange highlighter pen) effectively telling me to get stuffed, and wishing my mother would die. A few people in the office suggested I reported them for threatening behaviour, but I never got around to it - after all, there's only so many hours in the day...

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Actually do something and I'll be impressed

[Jace of Fuse!]

Your time isn't worth anything, is it?

It's worth quite a bit. I dispise spam and receive so much I've resorted to using a private e-mail address for real communication with just a few poeple and forwarding all junk to a box that I never check. Other semi-important stuff (such as site-registration etc) goes to a third... and yet still I have other mail addy's for other things.

It's annoying and I shouldn't have to do this.

But I think the more laws that we pass the more screwed we're letting ourselves get. If we are allowed to track down spammers we could fight them much easier. At the moment however everybody like you wants to just cut them off immediately with the legal system instead of using current laws to help us fight them without having to resort to piling on more and more laws every day.

And one other thing -- my anti-law feelings are definately Libertarian, not Republican. If you're going to call me names, get your shit straight. Nobody likes a twisted turd.

What about non-English spammers?

[Skevin]

I get mail all the time from spammers who not only send their message in another language whose charset my mail client doesn't accept, but whose email return addresses are invalid as well. If I give sufficient prior warning, do I attempt to bill the owners of the website advertised in these emails?

Solomon

You need to give admission to receive emails

[Gery]

Hi,

i just wanted to mention that in Austria you have to give your admission to receive email. Only then, a company may send you an email.

So even "first contact" may only be made if a prior acceptance is available (ex. with a tip-on-card where the user gave his email-adress or whatever...).

Afaik, this is the strongest law in the EC (and of course by far stronger than US-laws).

Gery

Re:How slloooowwww does this guy read?

[Anonymous Coward]

I've never understood all the indignation and self righteousness that spam generates. Delete it and move on ..it's no big deal.

My main problem with it is when you get a 'New Mail' type notification, so you interrupt what you're doing to check your mail, only to find its spam. Just like getting a telephone call from a telemarketer.

Now, you may just say "turn off the New Mail notification", but then, of course, one loses that functionality. Which I happen to like. Especially for something like my Yahoo mail account where going in to check it is a somewhat involved procedure, so I don't want to waste time logging in unless there's a reason to do so.

So, that's a more significant reason that spam's annoying that can't be solved by "deleting and moving on." How much anger that's actually worth is, I suppose, for individuals to determine...

Spam from an admins view

[buss_error]

Out of 13K mail boxes, I get 10K-15K e-mails per day not including those that don't pass our Internet MX (In otherwords, internal e-mail). About 3 in 20 are spam of one sort or another. So that makes about 2250 spams per day.
Lets say it takes about 2 seconds per-person per e-mail to decide it's spam and hit delete.
OK, that's 4,500 seconds, or about 1.25 hours. Lets say the average pay per person with an e-mail box is $221.00 per day.
So, total, it costs my employer 276.25 per day just to delete spam.
Now, let's say that 1 in 100 of those e-mails deleted really wasn't spam, but real e-mail. If the user notices they deleted a legit e-mail, and goes to get it out of the trash, lets say that it takes them about 30 seconds to retreive it. That makes 22 per day, at 30 seconds each, at 221 per day, that is another 41.50 per day.
Grand total now is 317.25 per day completely pissed away because someone wants to sell some lady a penis enlarger, or some gay guy hot teen bitches.

OK, now about content filtering. I've looked at quite a few, and all choke on the amount of e-mail we have. Others, running on unstable OS'es, are a complete joke. The only thing that does seem to work for a week at a time is to block based on IP. If I could find an IP distribution map by country, I'd be a happy camper. Sure, I could zot 202/8, 203/8, 210/8, 211/8, 64/8 and a few others, but more and more these netblocks are getting re-assigned to US companies that I don't want to block.

One thing that's helped quite a bit is blocking all of DialSprit's assignments, and a few others. The RBL helps, but it's too easy to get off and too hard to get on.

For all you Missourians

[Mustang Matt]

I'm working with State Rep. Carl Bearden to get our spam laws up to par. We're currently adopting a several sections of the Washington laws, and hopefully coming up with some of our own in the near future.

I've submitted the details of my success twice to slashdot but my stories are always rejected.

I strongly encourage people in other states to contact their state reps and ask for better laws! It really IS that simple!

I was amazed at how willing my State Rep. was to learn about the problems and what possible solutions can be put in place.

For all you people complaining about Spam, if you haven't done your part and tried to make a difference, quit all the fuss.

Re:You need to give admission to receive emails

[maroberts]

Sure like thats going to work. The UK is planning similar laws, but most spam is sent from outside the long arm of the UK or even EC net police so enforcing this is going to be damn near impossible.

How about some new spam....Lawsuit Spamming

[udelslayer]

How about we grind up all the workers of those stupid little nothing companies that spaM all the time and put them in a can so we can sell it to their geriatric relatives.... No matter what laws they'll make, there will always be ways around rules and nothing will change. How about those clever applications for credit cards? Anyone know how to stop the banks from sending me 8 a week, and without going postal?

Re:Spam from an admins view

[moncyb]

Don't forget about those important emails that are mistaked for spam, deleted, and never recovered. For example, I'm sure quite a few employees get emails from potential customers and accidently delete them. How many disappear do to spam filters? What about lost productivity due to server crashes? Spam contributes to that last one too doesn't it?

How much money do you think this causes your company to lose (on average)? A hundred dollars per day? A thousand? Ten thousand? I'm not trying to argue, just trying help you get a more accurate estimate.

I once had a call at work...

[Anonymous Coward]

I work for a credit card company that does much advertising on the internet with ads which Im sure all of you must have seen many times.

One day on the phone this guy called me up asking for a billing address. At first I assumed it was just another guy asking where to send his payment to. But then he clarified that no, he wanted us to pay him.

Asked him for what.

He said a pop up ad appeared on his screen and he charges a dollar a minute for when its on his screen.

As much as I hate advertisements I really had to explain a few things to this guy.

I told him charging by the minute is useless since its up to him how long its on his screen, all he has to do is close the window. I also advised him that its the website he was visiting that decided to have ads on the site and suggested he complain to them.

I then just had to ask him if hes ever ACTUALLY gotten any money doing this. He of course said no, but he just started.

After that call I really felt sad for the guy. He obviously hadnt thought this little plan of his through. Not to mention what a pathetic creature he is that he had nothing better to do in his free time than to find our customer service number and explain his scheme to me.

I figure anonymous email may be different of course because theres no matter of controlling it. For pop up ads, you can not see the ads simply by visiting websites that dont decide to make money by having them. But I still doubt in the long run this "charging" for precious valuable time is going to work.

Do these people really make money?

[FunkyRat]

The general concensus seems to be that spammers do their thing because there is at least a small percentage of recipients who actually send these people money.

Can this really be true that there are enough people out there who are so gullible as to make this profitable...!? or is it that the ones who are really making money in this game are those selling lists of e-mail addresses to spammers? I know that in the online porn industry, the real money to be made is not in the porn sites themselves, but in selling services to the people setting up porn sites. I would expect something similar is going on here, especially since I've gotten a great deal of spam lately telling me how lucrative a business 'mass e-mail marketing' is, and how I should act now to 'get in on the ground floor' by buying their CD-ROM's full of e-mail addresses 'for the low, reduced rate of $99.95.' It looks to me like spam mailing is just another get rich quick scheme.

I'm asking this as a legitimate question. Do people really make money by spamming or are the only ones making money those who are supporting this "industry?" I mean, if .025% of the population is stupid enough to send you money for something like fake Viagara work-alike pills at $25 a pop and you send e-mail to 1,000,000 addresses, that's $6,250 -- well, with those kinds of numbers I'm tempted to start spamming too. After all, if the idiots are willing to pay...

Disclaimer: Before you flame me for admitting to the same thing you've likely thought of yourself, rest assured. I am not about to start spamming anytime soon. However, I think the question is relevant. Is there anybody actually making money at this game?

Re:Spam from an admins view

[slashBastard]

Yep, it takes up a load of time sorting out, but spam can also seriously hog system resources. I'm not just talking about routers and switches all over the net....this morning when I checked my Hotmail I had 1741 mails in my junk mail folder. They were all from the same address. If they had spammed my work address instead of my Hotmail I'm sure our poor little mail server would have fallen on it's ass, thus causing our business untold headaches and costing us money.

To anyone who says spammers have the right to do what they do, I would say they should also be held responsible for their actions.

Re:Actually do something and I'll be impressed

[cburley]

No, but when they say the following, it is "anti-government hate mongering":

If they make more crap illegal then it'll be turned around and used against otherwise normal activity and pretty soon we'll have tons of law telling us what we can and can not do with the internet.

Read it. Any Internet-related law "will be...used against" non-spammers and "we'll have tons of law[sic] telling us what we can and can not do with the internet." The original poster stated it as fact.

Yet he's right. Nearly every law of substance has, at some time or another, been used against someone who wasn't the intended target of the legislation. He's warning against a slippery slope, and against human nature, not "hate-mongering", unless you find warnings against tyranny to be "hate-mongering" -- which I guess is the case here. (Consider such events as RICO laws being used to attack Operation Rescue, and the ADA being used by the Supreme Court as an excuse to rewrite the rules of golf, the right to free assembly notwithstanding. I can assure you, the authors of those pieces of legislation never intended such targeting.)

His premise was that the government, if it outlawed spam, would run amuck, destroying our civil liberties and passing an uncontrollable barrage of laws related to the Internet.

Perhaps you can get inside his head, but that's not quite what he wrote. What he wrote was correct -- that we should be aware of how laws designed to achieve a thing can have, in other words, unintended consequences, such as the possible (perhaps occasional) abuse of those laws, and that if we persist in not considering this possibility, continually asking government to protect us from even trivial impositions, the inevitable result will be a vast sea of incoherent, easily-abused legislation.

All of which has been proven true by the history of the USA, one of the most freedom-loving nations in history, yet also one that has a proven record of accumulating a vast sea of legislation and regulation, almost all of which was well-intentioned.

If you don't see that as an anti-government sentiment, you probably think of Timothy McVeigh as a patriot.

I'd say if you don't see what he and I worry about as being pro-individual-freedom as well as sensitive to all of recorded history and embodying common sense, and persist in seeing it as "anti-government hate-mongering", you probably think of Singapore as a paragon of governance.

I don't get these people

[Yuioup]

What I don't understand about spammers is that they expect you to buy their products after you've been annoyed by them. I never buy any products from advertisers who:

1) spam my mailbox
2) use popups
3) annoy me with flash animations that take up 80% of the webpage I'm trying to read
4) have floating flash animations which seek out your mouse pointer
5) etc..

Yuioup

terms of service and email harvesting

[Multics]

I have on my website two mailto: addresses that are in html comments. Sitting next to both are comments that these shall not be used for SPAM. They are do_not_spam1@ and do_not_spam2@. According to my terms of use, anyone who uses them is up for (us)$10,000 per use + cost of collection.

An email address harvester apparently from:
bidmain.com
came through took them then used them.

I sent them a bill with a 30-day deadline to pay. Bidmain's information, BTW is:
iBIZCAST (BIDMAIN-DOM)
302, 1008-2, Daechi-dong,
Kangnam-gu, Seoul 135-280
KR

But more interestingly, their phone numbers are:
822-564-3404 fax: 822-539-0925

So far, for my complaint, my spam per day has trippled. They don't use the above addresses, but they sure do use the address I used to send them the bill. The 30 days is up in about a week.

My take on all of this is SPAMMERs are criminals. They are taking huge amounts of money from us (us == owners of systems).

If anyone wants to join in class action against the criminal above, I'd like to hear from you. Reply below.

Thanks!

-- Multics

actually, he won

[jonbrewer]

The guy who called likely cost your company a dollar. Unless you were very poorly paid, in a conversation lasting long enough for you to "lay down the law" he actually achieved his objective.

I personally value my time too much to fuck around with spammers or telemarketers (aside from adding myself to DMA do not mail and do not call lists).

Re:Going after TrafficMagnet

[shakah]

Assuming their practice is to include a screenshot of each owner's website in an e-mail to that particular website owner (e.g. they'd grab a screenshot of yahoo.com when sending their spam to Jerry Wang, a screenshot of dell.com when spamming Michael Dell, etc.), wouldn't that be fair use? Copyright (at least pre-DMCA) doesn't give the content creator absolute power to dictate use of that content.

spam hunter

[Alien54]

The real problem is that spammers actually make money off of spamming us.

Actually we need a way to make money of the spammers. If there is a legal system to make money off spammmers, they will go away.

Solutions I've advocated in the past included spamm licenses, complete with cute orange ear tags for the spammer, and a culling program. This may even make a good kids games; "Spam Hunter! Can YOU catch the spammer?"

if you wanna do something make them pay with $$$$$

[4444444]

Got http://www.goto.com do a search for bulk email click on each link because spammers pay several dollars for each click slashdoting thier links can cost them a fortune!!!

Re:Actually do something and I'll be impressed

[Anonymous Coward]

Well, I live in Washington, and the level of incoming spam I get has not decreased. The only difference is that sometimes it comes with a variation of the following disclaimer:

"This email is not intended for residents of Washington State. If you live in washington, we're sorry, ignore this email."

Step #3 in Jam the Spammers Game

[scoove]

I neglected to mention Step #3 that is particularly helpful inducing noise into the email spam channels:

Step 3. Develop noise email identities, particularly focusing on notably abusive spam domains. My favorite here is someuser@chinanet.cn.net (make up your own value for someuser - common names like admin, hostmaster, root, etc. are good to try) - per my experience with Spamcop assessments, Chinanet is about the most frequent spam abuser (and they almost always lie about their email origin identity). These guys literally provide safe harbor to spam terrorists.

Sure, it's fun to route chinanet IP's to a null interface (and probably wise too - countless rogue script-laden emails that fire up a browser and open you up to numerous issues come from chinanet solicitions).

Obviously, chinanet likes spam - so be sure to put them down to receive some!

*scoove*