CDT Releases New Report on Origins of Spam

Carnth writes "CDT has released a new report based on a six month project entitled "Why Am I Getting All This Spam?" The results offer Internet users insights about what online behavior results in the most unsolicited commercial email and also debunk some of the myths about spam." A very good report - read it. There's also a story about yet another sleazy spammer in Ohio.

Did they use IE?

[da' WINS pimp]

I never saw anything in their methodology about how the spam was analyzed. It would have been interesting to see what effect actually opening spam e-mail in a web enabled browser had on the recurrence rate.

I bet the web bugs would have kept the recurrences high even for addresses that were removed...

Burn in Hell, Son of Spam!

[ToadSprocket]

To Internet users who complain that their e-mail inboxes are crammed with ads for products and services they would never purchase, Childs' response is, "Quit your whining. I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies."

I am sorry, smack me down if you must, but... Aaaahhhhhhhh!!!! Die Spammer, Die! Friggin White Trash sonsabitchin spammers. I feel slightly better now. Ready for Karma extraction.

Unreported Cost of Spam

[corporatemutantninja]

In the debate over how much spam really costs, one factor that almost never gets discussed is the impact on behavior and openness. How many of us refrain from using our real email addresses in public forums or in correspondence with companies because of a fear of receiving more spam? There may not be a direct economic cost, but it makes the Internet less useful to all of us. Spammers have essentially driven all of us to have unlisted phone numbers on the Internet, which reduces the usefulness of the medium. Off with their heads, I say.

Spam

[silvakow]

Let's all go register for online lotteries with our new Hotmail accounts. Then we'll give our e-mail address to the airport on that little frequent flyer card because I know they're going to send me only useful info. Oh yeah, let's not forget Kazaa registration, seedy computer retailers, and mail-in rebates.

I participate in none of these activities. I have my email address on my website, but I spell it out instead of using the at@symbol.com . I've had two e-mail addresses since Summer 2001 and the only spam I get is from Windows e-mail viruses, which aren't compatible with my operation system. Yes, it *is* possible to have a public e-mail address that doesn't get spammed.

Hotmail is good for some things

[tepp]

I'm a girl with an amgibous email address. My firstname is set to '-' my lastname is set to '-'.

At first, receiving email that said, - -, you too can have a larger penis! was funny. That wore off... oh... five years ago. Now I'm just annoyed.

I've opened hotmail accounts and left them alone, never used them for anything, never registered them with anyone, never posted or emailed from them. And two months later, there's spam in them.

Since I figure hotmail is going to get spammed anyway, I use a hotmail account as my reply-to box for anything I buy online... victoria's secret bras and nightgowns, expedia tickets, etc.

My real friends and only my real friends are given my real email address. Usually this system works pretty well, until someone mixes my addresses up and then gets all worked up about me 'ignoring' their emails... because they sent it to the hotmail account I don't read anymore.

It's very frustrating.

On a slightly related side note, if it wasn't that my fiance has family in England and our cell phones have lousy overseas rate, I'd disconnect my home phone... as it is, I'm seriously considering removing the ringer and letting people babble at my answering machine.

bah

[nomadic]

To Internet users who complain that their e-mail inboxes are crammed with ads for products and services they would never purchase, Childs' response is, "Quit your whining. I'm asking you, how stressful is it to push the delete button? We have become a nation of crybabies."

Oh god, here we go with the old "waah why isn't everyone as tough as I am" complaint.
I wonder, does he have children? If not, would he relish the idea of them constantly being hit with sex ads? How about elderly relatives?

Re:Surprised 'bots are that stupid

[stratjakt]

It's not worth doing.

The people who obfuscate their email address to avoid spams arent the ones you want to spam, since they're pretty much 100% guaranteed not to even read the email.

The spammers want the messages sent to the dopes who might actually buy the product/service.

Smart Programmers proved Lawful Good

[bill_mcgonigle]

Obscuring an e-mail address is an effective way to avoid spam from harvesters on the Web or on USENET newsgroups... ("example at domain dot com")

I thought for sure by now spammers would have figured out regular expressions and e-mail address verifying modules, and I'm glad they haven't.

But doesn't that prove that there's never been a smart programmer who's worked on an e-mail harvester?

I think that says alot about the profession.

Funniest part...

[Anonymous Coward]

... a user with a common or short name may want to modify or add to it in some way in his or her e-mail address.
For further information, please contact... ari@cdt.org.

Not taking their own advice?

Re:The Game Is Afoot!

[Anonymous Coward]

http://www.ftc.gov/os/2002/04/universaldircmp.pdf

Gentlemen, we have an address. Sic 'em. :)

Charles F. Childs
4132 Pompton Court
Dayton, OH 45405

--Posted by myself

Re:Can we close the holes?

[RatBastard]

Agreed. SMTP is simply not up to the task any more. A new protocol needs to be implemented. The problem, of course, is getting it out into teh field. You'd need to force everyone to upgrade. This would mean upgrading the software on every server and in every client. I don't even know if this is possible. SMTP is too deeply entrenched in too many systems.

It's possible that some government fiat could ram this new standard down everyone's throats, but I don't think anyone would be happy with that.

So what??

[EvilStein]

That doesn't change the fact that you're still getting spammed!!! So what if you know who did it? Great, you won't do business with them again because they sold your address.

Your still getting spammed because in most places, it's perfectly legal for them to do so. Your bandwidth is still absorbing spam. Your mail server still deals with the spam/bounces.

Just making a cute address doesn't solve the problem.

Re:My spam research

[Dimensio]

Here's an idea along that theme...
If you are just giving the address because they demanded one, and you have no reason to expect them to contact you for any reason, set up a filtering/procmail config so that any mail sent to that customized address is automatically forwarded to EVERY corporate address for the site to whom you originally gave it. That way, if someone spams that address, the corporate addresses of the sleazebags who gave it out are the ones who get it returned.

Re:Surprised 'bots are that stupid

[chumpieboy]

That's not necesarily true;

If spammers were only concerned with "clean" lists of probable dupes, they could very easily filter out the following probable complainers from their lists:
- role accounts (postmaster@, abuse@ )
- well-known complainers (whitelisting)
- entire spam-unfriendly domains (@spamcop.net)

Yet they don't. Rule #1, folks.

Re:My spam research

[The Turd Report]

Yahoo will just discard your email, if you splatter cast complaints to them. Your complaint won't get magicly escalated, it will just get ignored. You are not helping, you are just making it worse.

Re:Other amazing discoveries...

[Spudley]

Some of the CDT's conclusions do seem obvious, but others really contradict prevailing beliefs. For one thing, they found that opting out of future mailings generally didn't result in the email address being sold or shared, thus attracting even greater quantities of spam.

Yes, it is suprising, but I think there is an important distinction between opting out via the same web site form that you opted in through, as opposed to opting out via the dodgy "Reply to remove" message at the end of most spam.

They seem to have used the former of those methods, but not the latter, and I suspect that it's that one that would have really brought the junk mail flooding in. :-/

Re:Burn in Hell, Son of Spam!

[rutledjw]

LOL, I agree. Too bad his info isn't on spanhaus, I was planning on adding it here...

That aside, this guy is a total scumbag. Any cop who is fired for selling drugs and then becomes a spammer gives a perfect image of the integrity level of spammers. His assertion that spammers level the marketing playing field is total garbage. Any company who has to disguise their address and use deception is not one working in the ethical realm.

At some point, these slimy jerks are going to get what they deserve. I just hope I'm there to see it...

Re:FTC links on Charles Childs

[markwusinich]

Then who is this?

Charles Childs
8002 Bellcreek Ln
Dayton, OH
(937) 837-6997

phone.people.yahoo.com [yahoo.com]

Re:My Active Michigan Lawsuit

[Anonymous Coward]

An activist! Bless you.

For anyone out there who cannot convince FirstUSA bank to stop telemarketting to your house, call the assistant to the CEO at 888-622-7547 x6839.

Tell her that you will call her back each time you get one of their calls. If she tells you that it could take several months to get off their lists, then tell here that it will also take several months for her to get off *your* list.

I went thru this about 7 years ago and finally put a stop to it with this method after my "properly channeled" requests were ignored. They started up again recently; so I went straight to plan B. It works! Just call the CEO, or as close as you can get.

Opting Out Worked!

[terrent]

Ok. I may not have beleived this myself...
BUT! Just before resorting to a filter, I went ahead and tried the 'opt out' link at the bottom of a spam message that was part of a 4-5 message a day flood from a service calling itself "Opt-In" email service. After a couple of days, I never heard from them again.
Funny thing is, tho: the very next day, a new flood began from a company calling itself "YourMailServer"...
CONSPIRACY?!