CDT Releases New Report on Origins of Spam 376
Carnth writes "CDT has released a new report based on a six month project entitled "Why Am I Getting All This Spam?" The results offer Internet users insights about what online behavior results in the most unsolicited commercial email and also debunk some of the myths about spam." A very good report - read it. There's also a story about yet another sleazy spammer in Ohio.
Spamburgers for Hotmail (Score:5, Interesting)
My spam research (Score:5, Interesting)
Which means that every email to that domain goes to me.
Every time I give my Email online I give a diff name, for instance if I buy at yahoo I give "yahoo-shopping@mydomain.com".
If I get spam to this address I know who gave it to the spammers.
- only been doing this for a week, no spam so far but there is still hope
Note: I am not actively looking to be spamed, just doing my usual stuff.
Re:Spamburgers for Hotmail (Score:2, Interesting)
Oh well.
Actually I don't get that much spam. (Score:2, Interesting)
Moral of this story? Post to usenet (and mailing lists) with a junk account. Keep a private account for friends and contacts.
happy 1.3 user (Score:4, Interesting)
Surprised 'bots are that stupid (Score:5, Interesting)
The above CDT finding is mildly surprising to me. Is there a reason people haven't built 'smarter' Web scrapers that filter and convert character encodings of things like the '@' sign in email addys? Doesn't seem too difficult, but if the report is to be taken at face value, it seems a simple precaution to take (still). I had always considered it a low-tech defense easily overwhelemed. Guess I was wrong?
Re:happy 1.3 user (Score:4, Interesting)
I did get a great laugh though. One of the sales guys wants to send out a renewal notice. I read the text and realized it was worded like a stereotypical SPAM. I raised objections, but was ignored.
Then the Mozilla SPAM filter caught it during the test phase.
The registration notice is now being rewritten.
Re:My spam research (Score:5, Interesting)
It helps you track spam AND get rid of annoying companies' e-mails.
Re:FTC links on Charles Childs (Score:5, Interesting)
Rules of spam:
0) Spam is theft.
1) Spammers lie.
2) If you think a spammer's telling the truth, see Rule #1.
3) Spammers are stupid.
Corollary: Spammer lies are really stupid.
So when I read this:
I immediately thought "This asshat wants me to Just Hit Delete. Every time I've heard that excuse, the guy saying it has been either lying (Rule #1), or stupid (Rule #3). This guy sounds like both. (Corollary). So I'll lay odds that this guy's a spammer."
I was just about to Google for the proof, when you did all the leg-work by posting the FTC links. Thanks. J00 r0x0r!
Re:Surprised 'bots are that stupid (Score:2, Interesting)
Then again, I have always used that method of hiding my email address for newsgroup postings, despite the fact that I thought it wouldn't really work. Good to know that it does, I suppose.
I'm actually interested in how well spambots deal with something like the email address listed at this page [plogs.net] listing my contact info. Do they parse html info and realize that this is just a normal email address in a table, or is that confusing enough that they don't see it?
My Active Michigan Lawsuit (Score:5, Interesting)
About 2 or 3 years ago, my wife visited a store in the Lansing, Michigan area and gave them my email address. From time to time, I would receive email from them. Eventually, I asked them to stop. They stopped.
On November 21, 2002, I received an email from them asking me if I would like to begin receiving advertisements and marketing offers from them again. There was a link to click on, if I didn't want to opt-in. I clicked on that link.
Approximately 2 months later, I received an email from them. They had an option to unsubscribe by sending an email to their unsubscribe address. It said I would be removed immediately. I even received a confirmation stating that I had unsubscribed. For the next month, I continued to get 2-3 emails from them per week. Each time, I clicked unsubscribe and was told that I had indeed been unsubscribed.
After the 2nd email, I contacted customer service and reported the problem. No response. After the fourth time, I contacted them again, and threatened legal action, if they didn't stop. No response. I called customer service, talked to a live person, and was told that I would be removed from all their lists. But the email continued to come.
I filed a lawsuit in Michigan small claims alleging violations of the "junk fax" law, having heard about a Michigan man who had won by doing so. 6 violations for $500 each, resulted in $3,000, the maximum allowable under Michigan Law for small claims. As evidence, I have nearly all of the advertisement emails as well as my requests to be unsubscribed, and their acknowlegements stating that I had been unsubscribed. Additionally, I have the emails I sent to customer service, which never received replies.
About 2 weeks after filing suit, I received an email from their customer service stating that they were finally looking into the problem. I haven't received an email from them in the last 2 weeks, so I assume that I'm finally off their list, and it only cost me $36.50 ($32 small claims, $4.50 certified mail).
However, now their attorneys have demanded that the case be removed from small claims and placed into general civil court (which is their right). Unfortunately, I plan to do just that.
The FTC has publicly stated that not honoring removal requests is illegal. However, I'm not sure I have a private right of action in this situation. Using the Junk Fax law in general civil court is probably a bad idea, and I think I would likely have to claim actual damages in order to pursue it in general civil court.
I don't really want to get in over my head. I'm sure they realize this, which then makes me WANT to get in over my head. However, I'm still not sure that I have a legal basis for my case. Even in a state like Washington, where anti-spam laws exist, half of the cases get dismissed by the judge.
I called a local attorney and was told that I should dismiss, or risk being counter-sued for a frivolous lawsuit. Essentially, what they did is illegal, but there really isn't much I can do about it other than contact the FTC and the state attorney general, and if I pursue my case against them, I could wind up paying them.
--
Slashdolt
Fix for problem number two (Score:3, Interesting)
Does anyone know of any other services like this?
My plan for spam.. (Score:4, Interesting)
We need the ISPs to work WITH the spammers ( or vice cersa). Make it trvial to filter, and only send it once. Give everybody a shared "Spam box", as place to go and see if they really need to acclerate their dialup to new levels, or a vacation, or whatever (I'm assuming 18" Penis and XXX TEEN LESBIANS will not be considered legit). We need stiff penalties to those who violate the law. We can't enforce the law in other spammer friendly countries, but we can enforce the law in our own. The company marketing should also be held responsible for violations, preventing American companies from just outsourcing their spam. Any spammer friendly ISP's either deal with their spammers or risk the entire range being blocked (voluntarily) by American ISPs. I know 99% of service providers would have no problem blocking out spammers voluntarily, especially if they are being good Americans while they are doing so. Let's not forget that as rapidly as it's changing, a majority of popular sites are American based. I know all you Norwiglians out there would probably drop your ISP if you couldn't get to slashdot just because your ISP supported spam.
The DMA has too much money to let spam die, and apart from the slashdot crowd a majority of people don't find spam to be a big problem in their daily lives (albeit mostly thhanks to us busting ass). Some people actually enjoy getting spam. I don't understand it either, but to each his own. As an option in a recent poll said, grey areas definately exist.
I think spam is a fact of life. Sometimes I get emails from business friends who include a small ad as their sig. We can't kill spam but we can change the face of it to be ever os less intrusive. We're going to have to compromise our "FUCK YOU AND YOUR GOD DAMN SPAM" attitudes if we plan on giving our credibility to our cause.
We want complete restriciton, and they want no restriciton. Somewhere in the middle there's a feasible solution for both of us.
Use javascript (Score:3, Interesting)
<script>
document.write("me");
document.write("@");
document.write("wherever");
document.write(".tld");
</script>
It works pretty well, I've found.
Re:the two things I've seen increase spam for me.. (Score:3, Interesting)
Yes, I've posted to usenet, and with only a couple of instances excepted, I've munged my address both in the from header and in the sig.
Yes, I've used the address when shopping online, registering shareware, signing up for other services, etc. Some of these actions have been followed by noticeable increases in spam.
One of the things that really bugs me is web services who solicit email addresses for their service (such as a greeting card or "e*kiss"), and then sell those addresses to spammers.
My ex-girlfriend once sent me an e-greeting using some unknown service, and addressed it to my earthlink account. I strictly use the ".net" tld when I give out that address, but for some reason, my ex used the .com tld for this greeting card. Before I even viewed the card, my inbox was flooded with spam addressed to me "@earthlink.com"
Needless to say, I was pissed. I sure wish I could remember which e-card website she used. Bastards.
Re:bah (Score:4, Interesting)
And let us all hope that he doesn't pollute this world with offspring.
Lots of filters, just a few spam (Score:3, Interesting)
Google Groups (Score:3, Interesting)
I imagine that harvesting software would crawl Google groups regularly. Is there anything I can do about this? This study makes it clear that after an email address is removed from the web, the amount of spam it receives drops off dramatically. It makes sense that removing my email address from google groups (the last remaining place it exists on the web) could help substantially.
So the question is, will Google remove my email address from their site if I ask them? Has anybody else tried this?
- j
Spam is an end in itself. (Score:3, Interesting)
But, many spammers exist solely to sell other spammers email addresses. So, an obscured email address is just as valuable to such a spammer as any other email address.
Of course, they won't tell their spammer clients that the email address is for a spam-averse user, they'll collect their
Re:My spam research (Score:5, Interesting)
Once I get spam sent to one of the addresses, I change the forward so it no longer goes to me, but forwards to a number of addresses at their domain.
For example, if i signed up at yahoo.com and they spammed me, I would change my yahoo@mydomain.com forward to send to:
abuse@yahoo.com,staff@yahoo.com,support@yaho
etc
As they are all at the same domain, my mail server only sends one copy to the yahoo.com mailserver. Their server breaks it up then so I only really send one email out.
Using procmail to do this, i usually turn on logging until it hits a certain size.
If no real/ligit emails come to me before the log of spam reaches a couple megs, i turn off logging and leave it.
This generates surprisingly little traffic on my mail server, and one would hope they get the point
This way yahoo (only using as example of course) may remove me from their mailing lists, but they have to deal with the spam from all of their 'business partners' they signed me up for, and at that point i dont care if the address is removed or not
Re:So what?? (Score:1, Interesting)
Re:Surprised 'bots are that stupid (Score:2, Interesting)
I'd attribute the spammers not having more intelligent scrapers simply to laziness and stupidity: Most spammers, you will notice, are hucksters and fraudsters who happened to switch their game to the PC. These aren't technical wizards who decided that spamming was a great career choice.
New Tactic (Score:4, Interesting)
Re:bah (Score:3, Interesting)
Clearly he doesn't care. We're talking about a guy who violated his public oath as a peace officer to make money by selling drugs on the street. In my opinion, breaking that oath is a far worse crime than selling drugs because it illustrates a perfect lack of integrity that the simple act of selling illegal drugs does not. Someone who would sell out the citizens he has sworn to protect certainly would not care about how spam affects other people - just so long as he makes money off of it.
rant <<EOR;
I am amazed that officers are not imprisoned more often for this sort of behaviour. While breaking a public oath of office may not be a crime, selling illegal drugs certainly is. Ordinary citizens get serious jail time for that. Peace officers - apparently - just get fired, as though all that they had done was break their oath, for which they should be fired. What I want to know is: how did his superiors find enough evidence of wrongdoing that they can terminate him, yet not bring him up on criminal charges for the activities that led to his dismissal?
The system is backward. His crime, apparently, was willfully and maliciously engaging in conduct that materially breaches his oath as a police officer. That should be a very serious, jailable offense, not simply grounds for termination. We depend upon these people for our very lives - those who would take advantage of that for their own enrichment endanger all of us as surely as do those whom they are sworn to protect us from.
EOR
Re:Surprised 'bots are that stupid (Score:2, Interesting)
How often do you get plain text spam with any sort of contact details or a description of the product?
HTML e-mail with images, frames or tables is a starting point for spam filtering.
Re:Surprised 'bots are that stupid (Score:2, Interesting)
j,o,e,@,a,o,l,.,c,o,m
<table><tr>
<td>j</td><td>o</td> <td>e</td><td>@</td> <td>a</td><td>o</td> <td>l</td><td>.</td> <td>c</td><td>o</td> <td>m</td>
</tr></table>
jo<!-- jabiuaiwoiuvklakj -->e@<!-- j89euB -->ao<!-- 88ba0s9 -->l.co<!-- a9aBVU9d0 -->m
Need more ideas? You'll get a lot more ideas from the spam emails in you get every day.
Can you believe this? (Score:2, Interesting)
--- BEGIN QUOTE ---
A friend and I had an idea one night that the best way to seek revenge on someone is to post their personal information on the internet, for everyone in the world to see, and let everyone seek revenge on that person for us. Thus, The Dox Depot was created. If you want to get revenge on someone and ruin their life, post their personal information on our page. Put their phone number so they get thousands of calls. Click here to get revenge
http://www.doxdepot.com/
To be removed from our mailing list please send an email to us admin@doxdepot.com
--- END QUOTE ---
Great article but one fundamental oops (Score:3, Interesting)
1. E-mail addresses harvested from the public Web are frequently used by spammers. By an overwhelming margin, the greatest amount of spam we received was to addresses posted on the public Web.
They have forgotten to mention the very mailto: tag in their research. IMHO this might have been a crucial factor to their research.
Although on the majority of web pages you have the mailto: link to be the same as your email address (duh), for research purpose it would have been interesting to separate the visible email address and the one in the mailto: tag. I am confident that whatever is in the mailto: link is what attracts spiders, and the email address displayed on the page gets less.
Can someone with knowlege of harvesting get back to us and tell me if this assumption is correct ? Better yet, does someone has any data ?
Make spam work against itself (Score:2, Interesting)
Re:Surprised 'bots are that stupid (Score:2, Interesting)
bob<!--NOSPAM-->bobson<!--NOSPAN-->@
<!--NOSPA
tech.<!--NOSPAN-->com
The address is encased in an <A> tag that whose target is JavaScript code:
<a href="javascript:doMail('bobbobson');">...
Where the doMail() method appends @bobsontech.com onto the email and redirects to "mailto:bobbobson@bobsontech.com".
When I was building the web site I figured it was worth a shot, although I didn't think it would work. There are about six email addresses on a single page, and I've yet to see a single spam show up in all of them together. Some of the addresses have never received a single spam.
Re:Burn in Hell, Son of Spam! (Score:5, Interesting)
8002 Bellcreek Ln
Dayton, OH 45426
(937) 837 - 6997
I also tried to find a satellite image, but no luck.
If someone can verify this info, that'd be great. This was the only one I could find.