Receive Spam, Make Money!

Bud Dwyer writes "Wired is running the heartening story of Bennett Haselton, who was awarded $2000 from spammers under Washington state's anti-spam law. From the article: 'Spam fighters hope that if enough individuals take spammers to court, it could eventually drive the industry out of business. And, some savvy individuals could make some easy money along the way, and with a clear conscience, too.'"

The most interesting part of the article...

[Lostman]

was where the guy gave a link to someone that shows others how to do this exact same thing. Try http://www.wa-state-resident.com/tugpayup.htm (unlinked for the goat weary).

He gave a form letter, even step by step directions on how to do this. Only thing was that you would have to be living in oregon unless your own state has fun laws like this. That does definately sound like fun.

Spamcop

[soundlord]

I realize that most of you probably already know about this, but I am going to mention it anyways: if you're having problems with spam, you should go to SpamCop [spamcop.net]. They have a free service that you can use to report spam to the necessary network administrators via parsing the headers of the spam mail. Simply save a bookmark that they give you, and when you receive spam mail, go to that book mark, paste in the whole text of the spam mail (including headers) and click a button.

I know that it's hard to keep spammers from doing what they're doing due to their using different email addresses and hosts each time they send out some spam mail. But I have found that by using SpamCop regularly, the spam mails eventually stop coming to my inbox. And whether this means that they've been taken out of business or they're removed me from their spam list due to my being a thorn in their side - well, either is good enough for me.

Spambouncer / Bennett's Birthday

[waldoj]

I just installed Spambouncer [spambouncer.com], a procmail-based set of filters, on all of my servers over the past few days. I love it. It takes a little tweaking, but that's easy enough. It was not a problem to set up, and I've gone from a dozen or so UCEs per day to one or two. After a few more days of tweaking, I should be down to zero.

ObCompliment: Go Bennett, it's your birthday, go Bennett, it's your birthday! [1]

-Waldo Jaquith

[1] I am so white.

Re:Procmail regex for Chinese encoding?

[polymath69]

Actually yes. If you look for the fractional character (3/4), in my experience you'll catch most of these chinese-or-whatever-they-are spams.

(This is character 0xbe; it displays as 3/4 in my Solaris xterms. It may appear differently in other fonts or locales.)

more info

[klip04]

there's quite a bit of info about this stuff at wa-state-resident.com [wa-state-resident.com]

Re:Spamcop

[soundlord]

You can forward spam messages [spamcop.net] to SpamCop, but in order to do that, you need to register [spamcop.net] for their service. However, I like to look at the statistics page [spamcop.net] of spam I am about to report, to make sure that I'm not sending spam report mail to anyone who doesn't deserve to get it (such as legitimate people who were unlucky enough to be involved in the headers somehow). That way, only the people who need to know about the spam get the SpamCop mail.

Re:hmmm

[Guppy06]

"Probably won't be that easy to collect, especially if they didn't even show up in court."

If they fail to show up, they're found guilty by default. If they fail to pay, not only can you pass that info on to credit-reporting and background-check agencies but (if it's anything like a traffic ticket) a bench warrant is issued for their arrest (results of that vary depending on the state).

As an example I have a friend that was arrested in Florida for defaulting on debts in Virginia. The creditors filed suit in Virginia, he never showed, the court found him guilty, he got pulled over in Florida for some reason, and ended up spending the night in jail.

Re:Spamcop

[brassman]

If you're running procmail, a kind soul posted a couple of Perl scripts here in Slashdot just a week or two ago that automate the process of Spamcop reporting.

That process is in two steps -- submitting, then reading the summary of what what Spamcop found and "pulling the trigger," and I wouldn't recommend automating both parts. Quite often Spamcop will respond that the offending ISP "doesn't care," or has already closed the offending account -- in those cases there's no point in tying up Spamcop's resources any further.

I try real hard to ignore spammers, but when one wiggles past my filters you'd better believe I invest the time to ruin his day.

Re:Spamcop

[Erik Hensema]

Yes, go to this page [xs4all.nl]. Here you find two perl scripts: one script forwards the spam and another script parses the spamcop reply and automatically reports the spam.

See, here's what I don't get..

[jabber01]

If the spam doesn't have a valid email address, and doesn't provide any reliable contact information by which to track down the offenders, how can the spammers expect to hook anyone on their crap schemes?

After all, if it is just as difficult to chase down the spammer, as it is to try and take advantage of whatever they are offering..

I can see how this might work for some types of spam.. The 'hot stock tip' bit for example simply counts on someone out there buying a stock to drive up the price..

But when there's a product or service involved? Whom do you pay? And if you know whom to pay, you know whom to sue..

I get as much as a few dozen bits of spam each day at my 'public' address.. And these are the ones that I can't 'umbrella' filter by country, domain, etc.. Most of these are not even in English, or from the US.. Spam laws don't work in the areas most responsible for pumping out spam..

Sad waste of bandwith, tis all. And the spammers are counting on the fact that it is much easier to simply delete their crap than compile, research and file suit.

Re:Spammers in the US, sure

[Binestar]

I must say if you are having alot of problems with Spam and have procmail on your mail system you can use Spambouncer [spambouncer.org]. It filters out Chinese, Korean, blacklists, and various other spamhosts easilly. Since November 29 when I rotated my procmail-log It has filtered:

10:49am (chrisf@borg) /home/chrisf (38) cat antispam/procmail-log | grep procmail-filtered |wc -l
346

messages. In that time I've received 2 spam's to my inbox. I don't know what I would do without it.

Re:It's about time

[Anonymous Coward]

Only works once per day, so that's 49 wasted clicks.

Re:How did he figure out who to sue?

[Rogerborg]

• When spam arrives with no usable return address [...] who do you take to court?

The upstream provider? Really, it hacks me off that so many places run open relays, are RFC ignorant, and basically don't give a damn about the use of their networks (regardless of what their AUP's say). Sure, there are good providers that don't dick around when you send them abuse reports, but the amount of crap I'm seeing coming from .ac.somewhere-in-asia (that's international .edu) is staggering.

They're outside your country? Contact them anyway. If they don't respond, and the spam keeps coming, keep moving upstream. Sooner or later you'll hit your own ISP or ASP. Let them know that they're handling packets from RFC ignorant peers, and dump it on them. If that drives costs up, good, I'm sick of hearing that ISPs don't have the resources to deal with spam.

Instead of giving money to lawyers (directly) and courts (through taxes), let's get it to the ISPs instead.

DON'T spam back

[bero-rh]

While it's tempting to mailbomb spammers, it just increases the problem.
It doesn't just boggle down your computer, it also affects your ISP's (innocent) mail server, and all the hosts that happen to be on the route between you and the spammer.

Re:hmmm

[Masem]

It's outside spam (from only US companies, it appears) to WA state residents (and inside spam from WA to WA, of course). The examples list one guy suing a FL spammer, and the case that challenged the law was from a company in either Colorado or Montana, but I can't remember which.

Spam works

[stabbs]

Spammers wouldn't spam if it didn't work! If no one replied to spam, there wouldn't be any money in spamming, therefore no more spam. Let the marketplace take care of spam instead of trying to pass nebulous laws with great potential for abuse.

Re:No Inconsistency

[BadDoggie]

I'm on a load of mailing lists, and if I don't want to receive email from certain people, it's my job to block them out

Correct, because YOU SIGNED UP FOR A LIST! You can also unsubscribe. I subscribed to NO list and it is impossible for me to unsubscribe to the spam. Furthermore, legitimate lists are rather easy to block, since they use legit headers, standard formats and usually, standard subject lines. This ain't the case with spam.

then the act of listening and processing what they say requires energy, which ultimately costs me money

Wrong again. If you want to listen, that is your choice. It does not cost you money to *hear* someone, and you are able to walk away. If you are NOT able to walk away, there are a number of harassment and assault laws which cover the subject. As you stated yourself, you can get a restraining order. Not so for spam.

Spam costs ME money. Someone else is advertising and expecting ME to pay for it. This has been made illegal in every other form (and there have been some very interesting postal fraud cases as a result). The New York State junk fax law is most likable to this situation, where costs to the advertiser are negligible and costs to the recipient are not.

You cannot legitimately and logically defend spam based on its own definition. It isn't spam if I ask for the mail, and I've never, ever asked someone to send me any sort of advertisement. Not even when they've been willing to pay me to read it. How can you logically expect me to bear the costs of advertising your scam?

A couple good links (I'm already karma-capped):
New York Law Journal (Sep. 1997!) [law.com]
How to use 47 U.S.C. Section 227(b) [Telephone Consumer Protection Act] against junk faxes [imc.org]

woof.

This is not a sig.

For IMAP Users

[mcowger]

FOr those of us that use IMAP on a server we dont control (many college students, company users) but that have access to a Unix machine, we can use a beautiful app called, strangelely enoughm imapfilter [sourceforge.net]

I have set up some spam filters for it, and they generally work very well. Here is my script for removing SPAM - it hasb't caught a bogus one yet:

filter spam or
subject "Cat"
to "unlisted"
to "undisclosed"
from "WeatherBug"
subject "Animals"
body "Nigeria"
body "Virtumundo"
subject "Casino"
subject "Payout"
subject "win"
subject "won"
subject "free"
subject "back"
subject "SaveBig"
subject "Breast"
subject "Natural"
subject "Rates"
subject "teen"
subject "lesbian"
subject "sex"
body "teen"
body "sex"
body "lesbian"
body "Merchant"
subject "Money"
subject "mortgage"
subject "loan"
subject "irs"
from "Cyberworld"
subject "$"
from "Dialpad"
subject "DVD"
subject "Debt"
subject "Judgement"
subject "Dollar"
from "email.ro"
subject "%"
to "Valued"
to ".ru"
from ".ru"
to "$"
from ".ar"
to ".ar"
action move SPAM

Anyways, have fun all.

Re:It's about time

[inerte]

Better yet, setup a script to do this for you. Something like (PHP code):

$filename = 'http://www.overture.com/d/search/?type=topbar&Key words=bulk+email&Search=Search';

$fd = fopen ($filename, 'r');

$read = fread($fd, 20000);

fclose($fd);

// preg_match_all ('/f="(.*)"+/', $read, $links);

foreach ($links[1] as $value)
$fd = fopen ($value, 'r');
$read = fread($fd, 20000);
fclose($fd);
}

This code isn't complete of course, it's not working. I hope you don't get into trouble if you modify it enough to do so :-) But you get the idea. Part of a happy breakfast!

Re:It's about time

[4444444]

Somewhere there's a perl script that will automatically click all those links

you can find several scripts here [lenny.com]