Spam Research Six Month Report 193
Zoomer writes "Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as 'spam.' Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address? In the summer of 2002, CDT embarked on a project to attempt to determine the source of spam. To do so, we set up hundreds of different e-mail addresses, used them for a single purpose, and then waited six months to see what kind of mail those addresses were receiving. The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam." Update: 04/12 15:47 GMT by CN : About a minute after this went live, I found that michael posted this earlier. Mea culpa.
spam is a killer (Score:4, Insightful)
you can't add your email address to your usenet posts
even if you email someone and they get an email virus, then you're on every spam list this side of Mars faster than you can say kazaa
spam is harrasment, spam is bad, spam is undermining the internet. What would my mother think if she suddenly received "cum see horny l0litas" just because someone she emailed got a virus
Legally treat spammers like vandals I say.
Think of the blind (Score:2, Insightful)
What I would like to see is a standard practice of generating your posted e-mail address into an image.
This would shut out people with less acute vision and would shut you out from contracting for the U.S. government [section508.gov].
Re:Hotmail (Score:5, Insightful)
I believe that big providers like Hotmail and Yahoo try reasonably hard to prevent people from sending spam from their accounts, as it uses up bandwidth and creates ill will, so they do things like limit number of recipients per message, or recipients per day, that sort of thing. (Can anyone confirm that?)
But a spammer can make their e-mails appear to come from whatever address they want, and if there's a URL in the message they don't need to worry about whether people can reply.
Re:Think of the blind (Score:3, Insightful)
Typically when you are posting it for some type of a government contract or any type of business page, the actual membership consists of a fairly closed set of individuals. If you have that set, you could easily make the e-mail address display in text for blind users, and display as an image for everyone else. Although you would have to implement a strict policy before allowing someone to register as a blind user.
I know it imposes hardships on some people, but the current system imposes hardships on everyone, including blind people.
Re:Fight SPAM. (Score:1, Insightful)
I'll give you a little tip: it doesn't work.
Despite what you may want to believe about spammers, they have some pretty darn good scumbag software behind them. You don't think they go to every web page and write down addresses they see on a piece of paper, do you?
The spammer himself may not be that bright, but he most certainly has a geek who knows his perl and how to hack up sendmail configs to spooge tons of spam.
I will attest that by the time about the 5th person started putting "NOSPAM" as part of the email addresses, some smart person started regexp'ing that out.
Re:Think of the blind (Score:1, Insightful)
Re:personal statistics... (Score:3, Insightful)
Well, that's entirely the point. The spammers don't have to pay for it, the recipients' ISPs do. That's why so many people regard spamming as a criminal activity, and not merely annoying antisocial behavior. They are literally stealing bandwidth.
Re:Maybe... (Score:2, Insightful)
The articles should stay for as long as there's a problem. If you have an issue with this, save the bandwidth by not reading them. the subject was clearly marked after all.
Re:Odd coincidence and report summary. (Score:4, Insightful)
The way I look at it, if someone is too lazy to type in my e-mail address into a "To" field, they must not have something very important to tell me. And having to weed through a lot of spam inconveniences me a lot more than an inability to just click on a mailto on my site inconveniences them.
The alternative - things like formail.pl and php e-mail scripts have zero-day exploits that can be abused by spammers too.
The servers for my domain run on Mac OS 9.1. The best way I've come up with for easily-accessible feedback to an e-mail address is via a form that sends the message to an undisclosed (to the submitter) account on my mailserver. (The mailserver is also set up to not accept any mail to that account except messages originating from the webserver's IP.)
I have a helper app [sentman.com] on my server that allows me to embed AppleScript into my web pages which is executed when the page is accessed, so the e-mail is sent via AppleScript commands from a scripting addition. [24usoftware.com] In testing, I'm seeing some oddities with messages sent from my scripting addition which I'm currently trying to work out with the developer-- but once that happens I'll have a pretty secure and spamproof means of convenient feedback.
~Philly
Re:Worth saying again. (Score:3, Insightful)
Mailwasher is effective at filtering spam, especially if you feed it with a good DNS-based blocklist to filter the Received lines against. However, the "bounce" feature is at best ineffective and at worst it turns you into a spammer yourself. It's ineffective because spammers don't and never did care about bounces (I still get relentlessly increasing spam attempts at addresses that haven't existed for years now). It's potentially abusive because spammers nowadays often forge innocent third party addresses as the sender address, and this is where the bounces go. Undoubtedly you have already helped fill a few innocent inboxes with tons of spam bounces. Spamming people with forged bounces is undoubtedly against your ISP's AUP, but even if it isn't, you need to turn off that horrible bounce "feature" for ethical reasons if nothing else.
Don't bounce it! (Score:3, Insightful)
For the love of God, don't do that! All of a sudden you stop being part of the solution and become part of the problem.
Repeat after me, spammers lie. The return path to the sender is intentionally set wrong, and because they go through open HTTP proxies, you cannot believe that the IP addresses in the Recieved headers.
Bouncing back e-mail to a non-existant sender just generates needless traffic and load on your victim's server. Yes, you become the bad guy. But, hey, if it makes you feel good, then go ahead and do it.
you're able to delete it, blacklist it ...
See comment above about spammers lying. Blacklisting non-existant addresses does not make any sense. What are the chances that the spammer is ever going to fake their future mails with the same faked identity as in the past?