Forgot your password?
typodupeerror
Spam United States

I, Spammer 808

Posted by michael
from the hoist-by-own-petard dept.
PCOL writes "The Washington Post is reporting on testimony before the Senate Committee on Commerce, Science and Transportation by Ronald Scelson, an eighth-grade dropout and self-taught computer programmer from Louisiana, who claims that he sends between 120 million and 180 million e-mails every 12 hours, that he can break sophisticated software filters 24 hours after they are deployed, and that he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet. He added that he obtained all his addresses legally and that AOL gladly sold him the company's entire customer directory which Ted Leonsis, vice chairman of AOL, did not deny." It's a tough life. Here's another story about the Senate committee meeting.
This discussion has been archived. No new comments can be posted.

I, Spammer

Comments Filter:
  • Uhhh.. (Score:5, Funny)

    by gurnb (80987) * on Thursday May 22, 2003 @10:54AM (#6015065) Homepage
    "Mr. Leonsis, are you a spammer?" McCain asked.


    Leonsis, who had testified minutes earlier about how AOL was blocking 2.4 billion pieces of spam per day, did not answer directly.

    "We let members opt out" of commercial messages sent by the company and affiliates, he said. And he accused Scelson of violating the company's "terms of use" agreement by using AOL's membership directory as a source for e-mail addresses. Scelson readily agreed.


    Hello Pot, this is the kettle, you're black!!

    AOL is a bigger part of the problem vs being a bigger part of the solution.

    With great power, comes great responsibility.

    • Re:Uhhh.. (Score:4, Insightful)

      by UCRowerG (523510) <UCRowerG@DEGASyahoo.com minus painter> on Thursday May 22, 2003 @11:03AM (#6015157) Homepage Journal
      Hello Pot, this is the kettle, you're black!!

      Yes, AOL sends commercial messages to its members, but it doesn't spam the rest of the world too -- a perhaps small but significant difference. They do offer a "check here to opt-out of commercial messages" mechanism, but it auto-resets itself after a period of time.

      Hmmmm.... AOL blocks 2.4 billion spams a day. I wonder how many the company generates itself to send to its own members.

    • I thought that AOL was supposed to be insanely annoying.

      Matrix v.1 was too good for anyone to believe.
      Matrix v.2 was so god awful annoying that everyone figured it had to be real. Makes sense that it was AOL.

      Hell if I know what the other several versions are...
    • Re:Uhhh.. (Score:4, Insightful)

      by gbjbaanb (229885) on Thursday May 22, 2003 @11:39AM (#6015436)
      hardly the same thing - at least AOL's emails have valid headers so you know they've come from AOL. And they've sent emails for something you *might* be interested in. And they honour the opt-out. And they don't send the same damn thing ten times every hour.

      50 AOL CDs in the post over the years? Big deal compared with the 50 spam emails per day I receive (not counting the account I don't use anymore due to the amount of spam in it).

      Compare a legitimate company with a spammer by all means, but keep the perspectives in place. The relatively insignificant amount of legit commercial email is not part of the spam problem.
  • *sniff!* (Score:4, Funny)

    by deadhammer (576762) on Thursday May 22, 2003 @10:54AM (#6015066)
    I feel bad for him. I really do!

    angrily deletes the 4 billion spam in his inbox

    • Re:*sniff!* (Score:4, Funny)

      by Tenebrious1 (530949) on Thursday May 22, 2003 @12:19PM (#6015801) Homepage
      I feel bad for him. I really do!

      Ah... a business opportunity!

      [start spam]
      Are you a spammer down on your luck??? Have you been disconnected from every major ISP in your area????? Getting tons of flames in your personal inbox??????

      Well, fret no longer! I used to be in your shoes, but now I'm one of the top spammers in the world! I used to receive tons of mail from angry slashdotters, but no longer!!! I've discovered the ancient secrets of the internet, previously unknown RFC commands, MAPI and IMAP loopholes, weakness in POP, PAP, SMTP, RTFM/RTFA, ID-10T commands, and so much more!!!!
      For just $19.95, I will send you the secrets of becoming a true world class spammer!

      With my tested methods, you will:
      keep your name and address hidden from vigilantes
      maintain your account with any ISP legally
      earn thousands of dollars a day from your home without lifting a finger! Ok, just one, to click the mouse! That's how easy and simple it is!!!
      and so much more!
      Just send the check for $19.95 to ...
      [end spam]

    • by gerf (532474) <edtgerf@gmail.com> on Thursday May 22, 2003 @12:46PM (#6016008) Journal

      Spam is business, right? they do what they do to make money via advertisements. Well, here is something i just thought up during lunch that might thwart spam in a way

      The difference between spam and bulk emailing is that you are forced to recognize spam, and get rid of each spam individually. Also, spam is very cheap. But, what if you got one (1) email a day with spam, advertisements, ect. This single spam would contain all the regular advertising you'd otherwise get in 50 emails. Sounds cool huh?

      Problem: we'd have to get the regular spammers to stop, first. How do we do that? Well, we'd set up a site expressedly for this program, let's call it gerfmail.com. everyone would get a new, permanant, free email there. Like hotmail, but sans spam. In order for a company to be included in the LEGIT single, daily (or weekly even) email of advertising, the parent company would be required to agree not to use spammers who spam gerfmail.com with their usual spam. With this method, spammers are forced by their INCOME SOURCE to stop spamming anyone at this site. If a product is spammed to gerfmail.com, then they lose some sort of advertising rights for a period of time, and lose a lot of money. This would put pressure on them (X10, Orbitz, whoever) to only allow legit advertising to people hosted at this site

      What about illegal spam, for illegal products? Easy, any product that is not in that single, daily email, is considered to be unwanted, and likely a fraudulent business. Any information about them will be submitted to the authorities, feds, or whatever gov't can do anything. This might create a lot of work for police at first, but when spam is knocked down to a managable level, it will be extremely easy to track down the few spams sent out.

      Call this a crackerjack idea, or add to it, i don't care. But the reality is, there must be a business plan inacted that inherently discourages spam before it can truly be combated in a effective, capitalistic way.

  • Well (Score:5, Funny)

    by Xaoswolf (524554) * <Xaoswolf@noSPAm.gmail.com> on Thursday May 22, 2003 @10:54AM (#6015069) Homepage Journal
    At least he's only sending them to the AOLers. I mean, if we keep them busy with spam, then they can't dumb down the rest of the internet right?
    • by botzi (673768) on Thursday May 22, 2003 @11:02AM (#6015142)
      Aol subscirbers poll results:

      1. What do you tend to do with all the incoming spam????

      5% - I delete it.
      20% - I read it and I find it great!!
      80% - What spam???? I just forward everything....

      Rq: The results percentage is above 100% due to database corruption;oP

      You're still sure that's a good thing????

  • by Saint Aardvark (159009) * on Thursday May 22, 2003 @10:55AM (#6015078) Homepage Journal
    "This is censorship," he said, arguing that both anti-spam vigilantes and Internet providers that filter out spam are depriving people of their right to see their mail.

    Dear God, I hope the committee saw through this pathetic little charade. Last time I checked, I had no oblighation to pay to receive advertising; I had no right to force others to pay the cost of carrying that advertising; I had no right to force others to put up with the deluge of complaints about that advertising.

    And if he's right about AOL selling him their membership list and spamming their members (and AOL VP Leonsis' weasel words about "letting members opting out" does nothing to make me think otherwise), all that means is there are two assholes there instead of one. It doesn't give him any moral high ground.

    But at least there's the proposal for a "federal antispam SWAT team". I'd pay good money to see a live video stream of that take-down.

    • by Strange Ranger (454494) on Thursday May 22, 2003 @11:14AM (#6015235)
      >But at least there's the proposal for a "federal antispam SWAT team". I'd pay good money to see a live video stream of that take-down.

      I hate to say it, but I hope the SWAT team proposal fails. How will the Federal SWAT team know who to raid? If they can trace a spammer they can trace activists, dissidents, anybody who might be a terrorist, they can trace anybody. Sure they can do it now to a large degree, but if there's a Federal SWAT team they'll need access to some sort of system right? Something like the Terrorist Information Awareness network or Carnivore but geared specifically towards email and only email. The SWAT team has to be efficient right? Mistakes would make them look real bad.

      The worst thing spammers will do is cause even more loss of privacy, loss of open mail relays, and an increase of government monitoring of email.

      I'm not entirely sure but I think for now I'd rather wear out my delete key a bit more and wait for better technical solutions. The legal solutions are just much too likely to be worse than the problem.
    • For me, the key word is "pay for spam".

      One of the reasons why sending advertisements over the Fax is now illegal (without prior authorization, etc, etc, etc) is because it costs *me* money to recieve *your* ad.

      In the case of bulk snail mail, 100% of the costs (if you don't include me physically picking up the mail, looking at it, and tearing the latest "Want a 0% interest credit card that jumps to 30% later?" envelope as cost) is payed by the sender.

      In the case of a fax, *I* pay the paper, toner, etc. So even at $0.01 per ad, if it wasn't stopped I could wind up paying hundreds/thousands a year for the honor of recieving ads.

      In the case of spam email, I believe that the same conditions apply. While I might not pay directly $0.01 per "spam email sent", I am paying by having my web space taken up (for those with ISP's that limit their mail boxes to 5 - 10 MB). And if my business relies on emails, *your* spam interferes with my ability to do work, thereby costing me money.

      Add in that most spammers forge their address, hijack (or at least use without permission "open relays" (who should be closed anyway, yes, I'm looking at you, China, Korea, and any other country who's causing this problem)) other people's mail servers (thereby costing the mail server money they did not want to spend on bandwidth, storage, processor, etc).

      I should hope that the Senate should make a very simple anti-spam plan:

      If you send an unwanted email as an advertisement, you must have a method of truly getting someone off of the list.

      If you sell the email addresses of your clients, you should be required to state to whom they have been sold so you can opt out *before* you get spam mail.

      There should be a "national opt-out" spam list that all spam senders must check before sending a message.

      Violating these agreements, or sending another message after the user has "opted out" is punishable by a $1000 fine per email sent.
      • by why-is-it (318134) on Thursday May 22, 2003 @11:36AM (#6015411) Homepage Journal
        There should be a "national opt-out" spam list that all spam senders must check before sending a message.

        If such a list existed, you can bet your bottom dollar that every spammer will pay very close attention to it. It would be a list of 100% valid email addresses! Normally they would have to pay for lists of email addresses, and here is one that is free and guaranteed to be accurate.

        The spammer could then fire up the spambox which is conveniently located outside of the US, bounce the spam off of an open relay in the Far East, and it would be business as usual.

        If anyone out there believes that the spammers are honest and trustworthy, they deserve all the viagra, penis/breast enlargement/pr0n spam they get in their inbox...
        • by Eelis (666159) on Thursday May 22, 2003 @12:45PM (#6016001)
          This national database could store irreversible hashes of the addresses. This way it would not be possible to extract addresses from the database, while it would still be possible to check whether some address is present in it.
          • by dubious9 (580994) on Thursday May 22, 2003 @02:20PM (#6017060) Journal
            Still a problem. You can verify your list of emails, or write a brute force program that will keep track of all emails that are verified by the address. a@aol.com aa@aol.com ab@aol.com and see which ones are in the directory.

            These verified email addys would then be sold from spammer to spammer and eventually most of the database will be cracked and valid email addresses known.

            It just won't work until there is an enforcable penalty and since most get routed outside the US, a nospam list will never be a solution (unless ratified by the world, heh).

            Better to scrap the current email protocols and develop a new one that enforces accountability. Don't ask me how this'll work, but I think it the best solution out there.
        • by hymie3 (187934) on Thursday May 22, 2003 @12:47PM (#6016013)
          If such a list existed, you can bet your bottom dollar that every spammer will pay very close attention to it. It would be a list of 100% valid email addresses! Normally they would have to pay for lists of email addresses, and here is one that is free and guaranteed to be accurate.

          In order for unsolicited *commercial* email (read: spam) to be effective, there *must* be a product/service to purchase and a method to contact the seller.

          Yell at/Fine the seller. They will know which campaign did the spamming. Then fine the spammer.

          In order for the spammer (or the company the spammer is spamming for) to get my money, they have to provide a way for me to contact them. It doesn't matter if they use open relays on Mars, they still, ultimately, have to provide a method for me to contact them.

          That means that a national opt-out list, coupled with a spambounty (or some other kill-the-spammer type legislation) *would* matter, and it would *not* be business as usual.

      • I agree with most of your points, but the problem with mandating spam to include an opt out link (which I think most "legit" spam does) is that there will still be people that use the remove@ messages to harvest "live" email addresses. I tell people these days to *never* reply to spam, no matter what it says, simply because chances are better that way.

        Even if all "legit" spams did this, it only takes one person to start harvesting this way and the whole thing completely looses it's meaning. And when you'
      • I've been checking - most of the spam I get is actually from Windows boxes that don't have port 25 open (or other proxy ports). On some of them, the ones that invited me in (because they spammed me, ;) ), I've been able to look around. I've found the usual spyware - Gator, KaZaa, etc. I'm not sure if any of those allow the companies to send spam from 'doze boxes, but it sure wouldn't surprise me.
      • by KC7GR (473279) on Thursday May 22, 2003 @12:40PM (#6015970) Homepage Journal
        Opt-out is a cop-out. Why should ANYone ever be required to opt-out of any E-mail list that they never opted into in the first place?

        You, like many others (thieving parasites like Scelson included), are still overlooking one critical fact:

        The Internet is not now, nor has it ever been, a truly "public" resource. Nobody in the government pays me any subsidy to operate my servers, and I don't know of any ISPs in the U.S. that are receiving any similar subsidies.

        I pay, out of my own pocket, for the electricity and bandwidth that my servers require to work as they do, just as anyone from a mom-n'-pop ISP to a giant like Earthlink pays for the electricity and bandwidth to run theirs.

        In each case, whether you're a single individual or a multinational conglomerate, or anywhere in between, your servers are YOUR PRIVATE PROPERTY, along with the mailboxes on them. You might rent them to others, as ISPs do, but the only guarantee that ANYone has in terms of sending and receiving mail is whatever guarantees are in the contract that gets signed between an Internet provider and their customers.

        When spammers spam, they're violating private property rights. Period. When someone spams me, or one of my other users, they're STEALING from me. When someone spams AOL, they're stealing from AOL and its users. When someone spams ANYone with a 'net-connected system, it is theft of resources. Period.

        I will do whatever it takes to protect my systems from such intrusions. If that means risking the loss or delay of some legitimate E-mail, so be it.

        Apparently, AOL is taking a similar path. That's fine. They have absolute and final authority over their own equipment. Scelson can scream "censorship!" all he wants, but he still has no right to mail to someone else's network if they don't want to receive his (or any other spammer's) crap.

      • I work for a company that prints mass quantities of "direct mail." The cost factor is one of the things that keeps my conscience relatively clean: our customers pay for everything. Research, package layout, list maintenance, materials, printing, postage. And the return rate makes it all worthwhile to them. But the DM News magazines still claim "innovative" email solutions, and my company was considering getting into mass email. I doubt they will now, it's just not possible for a spammer to be REALLY successful unless they are mobile, anonymous, and willing to sidestep a few laws.

        I have an interesting question though: if receiving spam cost you money because you pay for bandwidth, what about other advertising? How much do you pay for the time commercials are shown on cable channels? How much money per month is spent on electricity, during the times when the TV is being used to display advertisements in your home? How much is your time worth?
  • Are we just as bad? (Score:5, Interesting)

    by agentZ (210674) on Thursday May 22, 2003 @10:55AM (#6015083)
    From the ContraCostaTimes article:

    After his three children were asleep late one Saturday night last November, Jones sat down at his PC for a bit of spammer-flaming. First, he says, he visited a Web site, slashdot.org, that's a favorite among techies; he pulled down a list of about 10 alleged spammers. He programmed his personal computer to send a letter to each supposed spammer in the same way many spammers do: through so-called open relays and mail servers that forward e-mail in ways that make it hard to track down the sender. As his finishing stroke, he had his PC send the message to each spammer 10,000 times.

    "We use the same methods the spammers use," says Jones, chuckling. "It's a bombardment."


    Has Slashdot become a haven for anti-spammers? While I hate spam, I'm not sure that vigilante action is the right way to handle the problem. Although the article doesn't say that we endorse anti-spam vigilante actions, it makes it look like we're a hub for this sort of thing.
    • by Sylver Dragon (445237) on Thursday May 22, 2003 @11:44AM (#6015479) Journal
      Has Slashdot become a haven for anti-spammers? While I hate spam, I'm not sure that vigilante action is the right way to handle the problem. Although the article doesn't say that we endorse anti-spam vigilante actions, it makes it look like we're a hub for this sort of thing.

      I think, to a certain extent, it has. Consider for a moment, whenever we have a story about a specific spammer, how far down the discussion do you really need to scroll to find all of that spammer's personal information? I haven't seen it in this discussion yet, but I am sure that this Ronald Scelson guy's info is somewhere in this discussion. Add to that the number of people that will be saying things like, "this guy should be taken out and shot", and you have a hotbed for vigilante type attacks on spammers.
      Though, mind you, while I would never do anything like that myself (actually, I might, but I am not a programmer and so don't have the skills necessary), I can't help but get a warm fuzzy feeling everytime one of these useless wastes of carbon get hacked and screwed. So, yes, its probably not legal, and it may be morally dubious, but to all the people that make this guys life hell, good work.

  • by Paddyish (612430) on Thursday May 22, 2003 @10:56AM (#6015090)
    while ($AOL)
    { $AOL=shoot_self_in_foot(with_gun);}
  • FYI incaseof /. fx (Score:3, Informative)

    by Anonymous Coward on Thursday May 22, 2003 @10:56AM (#6015091)
    By Jonathan Krim
    Washington Post Staff Writer
    Thursday, May 22, 2003; Page A01

    As a Senate committee sought answers yesterday on how to curb the overwhelming surge of junk e-mail, one of the nation's most notorious spammers told members just how hard their job would be.

    Ronald Scelson, an eighth-grade dropout and self-taught computer programmer from Louisiana, riveted the Commerce Committee hearing room as he explained that he sends between 120 million and 180 million e-mails every 12 hours.

    He boasted that in 24 hours he could crack sophisticated software filters designed to block spam.

    And he accused Internet providers of hypocrisy in claiming to want to protect their customers from unsolicited messages.

    Large Internet companies spam their own members, he said, while other network access providers have signed contracts allowing known spammers to send out mass e-mail.

    "I'm probably the most hated person in this room," said an unapologetic Scelson, responding to a parade of technology, government and marketing officials who decried the purveyors of junk e-mail.

    Scelson and eight other witnesses testified as Congress grapples with what Sen. Conrad Burns (R-Mont.) called a tide of "digital dreck" that threatens e-mail communication, one of the most powerful tools of the Internet age.

    With spam now costing U.S. businesses upwards of $10 billion a year, Sen. Ron Wyden (D-Ore.), who is co-sponsoring an anti-spam bill with Burns, said it was time for Congress to stop dawdling and pass federal legislation.

    All of the witnesses agreed that spam is a complex problem that defies an easy fix. But as executives from leading software companies and online providers fidgeted uncomfortably, the man known to anti-spam tracking groups as the "Cajun Spammer" described how he easily acquires millions of e-mail addresses from publicly available member directories at America Online and other providers.

    Moreover, he said, "the same people complaining about spam send e-mail" with solicitations for their own products and services. "AOL spams its members," he said.

    This prompted the committee chairman, Sen. John McCain (R-Ariz.), to turn to Ted Leonsis, vice president of AOL.

    "Mr. Leonsis, are you a spammer?" McCain asked.

    Leonsis, who had testified minutes earlier about how AOL was blocking 2.4 billion pieces of spam per day, did not answer directly.

    "We let members opt out" of commercial messages sent by the company and affiliates, he said. And he accused Scelson of violating the company's "terms of use" agreement by using AOL's membership directory as a source for e-mail addresses. Scelson readily agreed.

    Scelson also testified about how some Internet access providers signed little-known agreements, called "pink contracts," with known spammers to allow them to send mail in bulk, at prices higher than other commercial clients were charged.

    Although the contracts mandated that bulk e-mailers abide by all state laws, Scelson said it did not matter if the e-mailers followed the rules. Most of the providers rip up the contracts and kick spammers off their systems after being threatened by anti-spam organizations that track mass e-mailers and put them on blacklists.

    As a result, Scelson said, he has had no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet.

    "This is censorship," he said, arguing that both anti-spam vigilantes and Internet providers that filter out spam are depriving people of their right to see their mail.

    "People still buy this stuff," he said, claiming that his clients get a response rate to his e-mail of 1 to 2 percent.

    Scelson, who said he does not distribute mail containing pornography, said one of his biggest clients sells a package of anti-virus computer software called Norton SystemWorks at cut-rate prices.

    Officials at Symantec Inc., which makes the Norton software
  • Just a few (Score:5, Insightful)

    by DreamerFi (78710) <(john) (at) (sinteur.com)> on Thursday May 22, 2003 @10:57AM (#6015101) Homepage
    This sort of confirms that most spam is sent by a small group. Take this sucker out, and a massive amount of spam drops off the planet. Do it with enough prejudice, just to make sure nobody takes over the vacancy.

  • by blumpy (84889) on Thursday May 22, 2003 @10:58AM (#6015103)
    Why do people bother with doing crap like this? Just because they can? This guy has the mentality of a script kiddy. Someone find his info and organize a snailmail spam-a-thon.
    • by AndroidCat (229562) on Thursday May 22, 2003 @11:13AM (#6015225) Homepage
      Are you going to snailmail him on your dime? Otherwise, you're stealing from magazines, companies with catalogs, etc. Oh sure, it's just pennies here and there, but that's the same logic the spammer uses.

      But okay, the reports of Al Ral getting buried in mail did make me smile. :^)

    • by Anonymous Coward on Thursday May 22, 2003 @12:10PM (#6015730)
      The Registry of Known Spammers [spamhaus.org] has his contact information, including emails, snail address, toll free phone numbers, etc. Lameness filter prevents posting the whole thing, but here's a peak at it.

      ABUSERS: Ronald R. Scelson
      [Birthdate: 12-11-71 or 72, New Orleans, LA, married]
      avsrscelson@aol.com / cajunspam@aol.com / avsrscelson2000@yahoo.com / dff@yahoo.com
      Amy Hoolahan [wife/sister?]
      43 CYPRESS MEADOWS LOOP
      SLIDELL, LA 70460 US
      Home: (504) 646-2225
      Work: 504-649-6248

      PHONE NUMBERS: 888-365-0000 ext. 1648 / 800-242-0363 EXT. 2427
      888-724-3108 x5413752
      504 781 8117 / 504-957-1037 / 504-847-1232 / 504-649-7751
      504-781-6615 / 504-649-6248 / 504-781-6655 / 504-831-1595
      504-646-2225 / 504-641-0876
      FAX: 504 641 0810 / 504-456-0995 / 504-781-6615

      MORE INFO: Connelly sues to keep spamming:
      http://www.frc.org/legal/lf99j05.html
      http://www.freedomforum.org/speech/1999/10/20laspa m.asp
      http://www.mediainst.org/digest/fall1999/pa ge8.htm l
      Wife Florence Fox sued for Nu-Skin Pyramid Scheme:
      http://www.attorneygeneral.gov/press2/mon ths/Feb98 /feb23pr1.htm

      AKA: RONALD SCELSON (NETBLK-FON-106771046442576)
      43 CYPRESS MEADOWS LOOP
      SLIDELL, LA 70460 US
      SCELSON, RONALD (RS928-ARIN) RSCELSON@AOL.COM
      5049571037
  • Slam his customers (Score:5, Interesting)

    by st0rmshad0w (412661) on Thursday May 22, 2003 @10:58AM (#6015107)
    Ok, another spammer, joy, so when are we going to start getting lists of those who HIRE these urchins? I frankly would love to start re-routing all the spam that comes to me BACK to the idiots who hire spammers. Oh, and how about some postal addresses on these spam-buying scumbags too, eh?
    • by lysium (644252)
      From what I've seen, the products offered through spam come from the finest snake-oil salesmen that the world has to offer. Pretty much all an outrageous rip-off, if not an outright con. These businesses could probably be persecuted for other violations without even legislating spam, if some law enforcement types went over them with a fine-tooth comb.....

      Now -that- would be slamming the customers. p.------------

  • by decesare (167184) on Thursday May 22, 2003 @10:58AM (#6015113)

    I wonder if anyone inside of AOL has run the numbers to figure out

    • how much money AOL has spent on anti-spam measures, or
    • how many customers AOL has lost due to the overwhelming amount of spam in their inboxes,

    and compared that to the amount of revenue that they get from selling out their customers.

    • by enjo13 (444114) on Thursday May 22, 2003 @11:41AM (#6015460) Homepage
      I bet they've profited from this, greatly.

      AOL has the luxury of being both part of the problem (huge customer list) and part of the solution (spam fighting tools). They sell both.

      To the user they offer 'advanced' spam fighting tools. The users see the problem as external to AOL (EVERYONE gets spam after all), and continue to use AOL because they offer at least some kind of protection. This creates, in the users mind, value.

      It is not in AOL's best interest for Spam to simply go away. Much like telemarketing is in the best interests of the phone companies (they CREATE the problem by selling phone numbers, and also sell the tools to fight the callers). AOL merely wants to propogate the perception that they are on 'our' side of the spam battle.
  • by afidel (530433) on Thursday May 22, 2003 @10:59AM (#6015120)
    My false negative rate using Mozilla Bayesian filtering is way less than 1%, and the false positive rate since training is non-existant. Of course I do go back about once a month and re-train it with both positive and negative datasets but if you don't do good training how can you expect good results, it's almost like training a pet.
  • by Anonymous Coward on Thursday May 22, 2003 @10:59AM (#6015121)
    Scelson tries to make the argument that what he does is no different than other advertisers who send their adverisements through the US mail.

    Unfortunately he, like all other spammers, completely misses the point that the two are not related. When LL Bean sends its catalog to you it costs the company X cents to do so per each catalog.

    When Scelson sends out his 180 emails a day it costs him X cents in total. However, it costs all the ISPs whose bandwidth he and others chew up X dollars per email. Thus, he is offloading the cost of doing business to the people who are receiving the email.

    This reminds me of the old postal system in the UK. In days gone by it was the receiver who had to pay to accept the piece of mail. If they didn't pay the mail was returned. It is only in recent history that the mail system is such that sender pays.

    I wonder if Mr Scelson would be happy if all the advertisers who send him their mailings would tell him he has to pay to get those things whether he wants them or not.
    • by misterpies (632880) on Thursday May 22, 2003 @11:37AM (#6015419)
      To go wildly offtopic...

      Postage stamps were first introduced in Britain, in 1840. As you say, before then it was the recipient who paid for the mail, not the sender.

      Now in those days that was sensible, since there was no mail system as such anyway. Cash on delivery was the only way you could be fairly sure that the messenger would actually deliver your letter -- since if he didn't, he wouldn't get paid.

      Problem was, people cheated the system. Early hackers, shall we call them, figured out that they didn't need to have their letters actually delivered & paid for to communicate. For instance, if someone wanted the answer to a simple yes-no question (remember, all long-distance communication was by letter then, so this happened a lot), they could set up a code for the response to be communicated by the colour of the envelope. So: messenger arrives with a letter -- but the recipient, having seen the colour of the envelope, says he doesn't want it and refuses to pay.

      Solution: set up a national postal system that people trust, so they're willing to prepay for delivery.

      Of course, 150 years later and US phone companies make the same mistake with cellphones. Charge people to receive calls + caller id -> don't answer, just call back on a land line.
  • by nemski (587833) <davidATnemskiDOTcom> on Thursday May 22, 2003 @11:01AM (#6015128) Homepage
    Why do I have this knot in my stomach as Congress prepares legislation to stop spam? Remember when they 'deregulated' the cable industry and all our rates went up? I know it is possible to go from bad to worse, but what is after that?
  • by sulli (195030) * on Thursday May 22, 2003 @11:02AM (#6015137) Journal
    Watch for the lawsuit, Mr. Scelson:

    Scelson, who said he does not distribute mail containing pornography, said one of his biggest clients sells a package of anti-virus computer software called Norton SystemWorks at cut-rate prices. Officials at Symantec Inc., which makes the Norton software, said in an interview that although they have not seen the package Scelson's client is selling, other similar offers that they have tracked down have proved to be counterfeit.

    I get 1-2 Norton SystemWorks spams a day. If they're from this fucker, let's hope the Symantec people are able to find out where he lives, and sue him into oblivion.

  • by gorbachev (512743) on Thursday May 22, 2003 @11:03AM (#6015150) Homepage
    There is NO way he bought the AOL address information from AOL.

    One thing to keep in mind when talking with spammers is that they always lie. They lie to themselves ("everything I do is legal", "I am forced to hijack open proxies") and they lie to everyone else ("Here's the information you requested").

    The career spammers are, indeed, bold enough to even lie to the US Government, face-to-face. Too bad the US Government is usually totally cluefree when it comes to the spam problem, so these conmen get away with lieing to senators.

    Proletariat of the world, unite to kill spammers. Remember to shoot knees first, so that they can't run away while you slowly torture them to death
    • by LordKane (582228) <kane69666@NoSpam.hotmail.com> on Thursday May 22, 2003 @01:00PM (#6016121)
      Now I KNOW the /. crowd is a haven for anti-spam vigilantes. You spout total anti-spam crap and get modded up for it like mad. Your making statements as if they are defined fact and there are no two ways about it. You show you know very little about spam, or even AOL for that matter.

      Let's start with AOL. You say there is no way AOL sells their info. Well, I know 3 local businesses here who bought AOL member addresses from AOL, buying only the sections of our local town even. AOL will not only sell you their members, they will offer targeted selections.
      Now, I doubt AOL puts this on their site next to their member sign-up, but from what I have seen, they sure do sell your addresses. In fact, I'll bet you did not know AOL tracks where their users go on the web for marketing purposes. Yup, if you visit a mortgage site, they immediately sell your info to their list of mortgage lead buyers. By morning, you will have several offers for mortgages in your inbox. And this happens for all kinds of businesses. I mean, they control your email and your net connection, why not market accordingly. I'm sure a few of you AOL users have experienced this before, or perhaps could try it?

      Now, as far as all spammers being liars, I see you are just one of the anti-spam flock, spouting propaganda. It's disappointing no one on /. actually reads the articles, or can remembers ones from a few weeks ago. You might remember a bit on Spamhaus showing the top 200 spammers causing 90% of the spam. Well, I know 2 of those people. I know one because they live 3 towns over from me, running a small PC shop in Halifax, MA. If you email me, I'll send you their business address, directions, even their home info. :) The other one I met because of them. I can tell you they are unscrupulous, a bit dumb, and have no troubles telling lies. The ones I know are total dicks. The issue is the remaining 90% of small time spammers, some of whom who are actually ok guys.
      Granted, they should be paying for their use of email, yata-yata. Case in point, the 3 shop owners I know locally who bought those bits of AOL's lists. They offer honest products, they try and target locally, so they don't send people who can't possibly use their service an ad, and they honor remove requests. They even offer their shop info in the email so they can be contacted directly. The system could be better, but at least they try. They do not fit your bill of the evil spammer. Some really are pretty bad. Some are not. Your sweeping statements of ignorance and promises of murder at the end are totally unwarranted.

      I will be sure to remember to offer to murder you next time I disagree with the way you do business. How you got modded +5 for this steaming pile of flaimbait is beyond me, but I'll certainly burn some karma to put out an opposing statement. I guess that is what public forums are all about. ::drinks a little more distilled Usenet post evil:: Cheers.

  • Return to sender! (Score:5, Interesting)

    by st0rmshad0w (412661) on Thursday May 22, 2003 @11:07AM (#6015181)
    I think I have it. If we get the spammer's postal address, and the postal address of those who hired him, maybe we should just print out all the spam we get and sent it to the one who hired him postage due. :)

    As an added bonus use the spammer's postal address as the return address.

  • Install TMDA now! (Score:3, Informative)

    by TheSync (5291) on Thursday May 22, 2003 @11:09AM (#6015191) Journal
    In the few days I have been using TMDA [tmda.net], I have been exceedingly satisfied. It is a much better solution than SpamAssasin. You should try to whitelist most of the people you expect to receive email from ahead of time, but I haven't had any complaints from people having to respond to a message bounced back to them for authentication.

    That, in combination with qmail's revokable dash-addresses (howard-amazon@cow.com, howard-slashdot@cow.com, etc.) make it an excellent solution not just for avoiding spam, but for tracking its sources as well.
  • 1-2 percent? (Score:3, Insightful)

    by BenjyD (316700) on Thursday May 22, 2003 @11:10AM (#6015204)
    If he's sending 240 million emails a day and getting 1-2 percent return, even if he only make a few dollars off each sale that's a profit in the order of billions a year. Do you get the feeling he's lying to the senate?
    • Re:1-2 percent? (Score:3, Insightful)

      by clonebarkins (470547)
      If he's sending 240 million emails a day and getting 1-2 percent return, even if he only make a few dollars off each sale that's a profit in the order of billions a year. Do you get the feeling he's lying to the senate?

      No. "Response" and "sale" are clearly two different things. Of the 1-2% responses, probably less than 1% of those (i.e.,

  • by johannesg (664142) on Thursday May 22, 2003 @11:11AM (#6015206)
    "People still buy this stuff," he said, claiming that his clients get a response rate to his e-mail of 1 to 2 percent.

    Let's say 10 million emails per hour (lowest), 1% response rate (lowest), that's 100,000 responses per hour! That means that over the course of a year, we are talking about 876 million responses. Divide that by the 165.75 million internet users in the US, and we learn that each and every one of you respond to him 5 times per year!

    Well, maybe he spams the entire world. I have no idea how many internet users there are in the world, but let's say it is something like one billion. That means everyone responds to him almost yearly! Amazing! Now I only have one question: those responses, are they sales or deaththreats?

    • one less spammer (Score:3, Interesting)

      by mikeee (137160)
      Isn't it a felony to lie in congressional testimony?
    • I think Scelson greatly overstated his response rate. I've seen web pages offering spamming-for-hire services, and the response rates they claimed were generally in the range of 50 to 100 responses per 100,000 sent.

      Also, I never saw any statements about the kinds of responses. I'm inclined to think the spammers-for-hire count all kinds of responses (including the death threats) to make their numbers look better.
    • by vidarh (309115) <vidar@hokstad.com> on Thursday May 22, 2003 @11:52AM (#6015546) Homepage Journal
      1% response rate is extremely unlikely. Normal direct (snail) mail tend to get response rates of 1-2%. Double opt in (where a verification message have been sent, and the user have responded to it to confirm they want to sign up) e-mail campaigns can easily get as low as 1 in 10.000 or 1 in 100.000 if the list is unqualified and not in the right target group. Spam would likely be much worse than that. So he's probably lying through his teeth.

      Of course, as you suggest, he could be counting death threats as responses as well :-)

      Still, with todays bandwidth prices, and an estimate of 10kb per e-mail, if he's sending 10 million messages an hour, he'd be sending around 100GB an hour at around $50 an hour (likely less, given the volumes and since it's mail traffic where he doesn't need to pay a premium for low latency connectivity). A product with a reasonable markup and he might be able to recoup the cost of those 10 million messages with a single sale, possibly even making a nice profit.

      And that's why asking people not to buy from spammers won't be enough to get them out of business.

      • by Fweeky (41046) on Thursday May 22, 2003 @12:18PM (#6015797) Homepage
        He doesn't need to recoup anything; he can just get his client to pay up front, regardless of the actual response rate.

        I personally think it's not only the spammers which need hefty fines; it's the people hiring them. I don't think jail time for fraud and many counts of unauthorised computer use (and paying someone to do these things for you) is a bad idea either.

        Never mind crap like "spammer gets $100,000 fine, sells one of his ferrari's to pay for it"; I want to see "spammer gets $100,000 fine, 3 year jail term, and all assets potentially paid by or related to spamming confiscated. Companies responsible get $1,000,000 + 1 year profit fine each".

        Then I want to see Bush announce a War on Spam; out of the country? No fines for you, we'll just blow you up with a Predator Drone.

        Sadly I doubt much less than this would have a significant impact on the problem. And blowing people up might be taking things a little far ;)
  • by JSkills (69686) <jskills.goofball@com> on Thursday May 22, 2003 @11:11AM (#6015214) Homepage Journal
    Yes - many people use analogies to make their point on Slashdot - so here's mine.

    People need to guard their email addresses in the same way they practice safe sex. Don't go sticking your email address just any old place ...

    Ok, that was bad. The exceptions are cases where your ISP screws you and sells your name (like those sorry AOL customers had happen to them) or people who use brute force address guessing algorithms.

    Although I think the legislation being considered is a good first step --

    The Burns-Wyden bill would make it illegal for bulk mailers to forge their sending location, have deceptive subject lines or prevent users from removing their names from e-mail lists. Owners of networks would retain the ability to block mail, and the legislation gives Internet providers legal standing to hunt down and sue spammers.

    The committee also heard from Sen. Charles E. Schumer (D-N.Y.), who advocates a nationwide do-not-spam registry similar to a newly created do-not-call telemarketing list, plus an international treaty on spam.

    Nothing really beats good filtering. I put together a server side filtering process using a Mail::Audit. I support several end users who can administrate their mail rules (e.g. block if subject has "viagra" or if sender is spamboy@jizzmop.com, etc.) using a web based interface and MySQL back-end. People can share rules as well. It's working pretty well for everyone. Additionally, Mail::Audit allows you to tap into the RBL which essentially will give you an "unlisted number" - only those you have expilicity granted permission to recieve from can reach you. Sounds extreme, but I get ZERO spam.

    • by Exedore (223159) on Thursday May 22, 2003 @11:55AM (#6015580)

      People need to guard their email addresses in the same way they practice safe sex. Don't go sticking your email address just any old place ...

      Special offer for JSkillsWui$d3g6Yert! Email address too small/not performing to expectations? Now you can enlarge your email address the natural way! 100% safe and effective! Get the email address performance you've always dreamed of having!

  • by tbmaddux (145207) * on Thursday May 22, 2003 @11:12AM (#6015215) Homepage Journal
    ... is here. [spamhaus.org] He must not be doing all that well if he can't scrape together the dough to get his fat ass out of Slidell, Louisiana, a town I had the misfortune of driving through a year ago and whose only redeeming feature is the Lake Ponchartrain bridge/causeway leading out of it and to New Orleans.
  • by grub (11606) <slashdot@grub.net> on Thursday May 22, 2003 @11:13AM (#6015229) Homepage Journal

    "..and that he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet."

    In other words: "I have to lie, cheat and steal to use resources on mail servers illicitly."

    Asshole.
  • by Ravensign (134410) on Thursday May 22, 2003 @11:16AM (#6015253)
    Lol.

    This article is 20 minutes old, I am suprised his home address, phone number, ssn, shoe size and EQ account info aren't already posted.
    • by jenkin sear (28765) * on Thursday May 22, 2003 @11:33AM (#6015381) Homepage Journal
      According to Spamhaus:

      (http://www.spamhaus.org/rokso/search.lasso?evid en cefile=1070 [spamhaus.org]:

      ABUSERS: Ronald R. Scelson
      [Birthdate: 12-11-71 or 72, New Orleans, LA, married]
      avsrscelson@aol.com / cajunspam@aol.com / avsrscelson2000@yahoo.com / dff@yahoo.com
      Amy Hoolahan [wife/sister?]
      43 CYPRESS MEADOWS LOOP
      SLIDELL, LA 70460 US
      Home: (504) 646-2225
      Work: 504-649-6248

      PHONE NUMBERS: 888-365-0000 ext. 1648 / 800-242-0363 EXT. 2427
      888-724-3108 x5413752
      504 781 8117 / 504-957-1037 / 504-847-1232 / 504-649-7751
      504-781-6615 / 504-649-6248 / 504-781-6655 / 504-831-1595
      504-646-2225 / 504-641-0876
      FAX: 504 641 0810 / 504-456-0995 / 504-781-6615

      MORE INFO: Connelly sues to keep spamming:
      http://www.frc.org/legal/lf99j05.html
      http://www.freedomforum.org/speech/1999/10/20laspa m.asp
      http://www.mediainst.org/digest/fall1999/pa ge8.htm l
      Wife Florence Fox sued for Nu-Skin Pyramid Scheme:
      http://www.attorneygeneral.gov/press2/mon ths/Feb98 /feb23pr1.htm

      Me, I'm thinking some letters of marque and reprisal are the answer...
  • Here's an idea. (Score:5, Interesting)

    by Greg@RageNet (39860) on Thursday May 22, 2003 @11:20AM (#6015281) Homepage
    Here's a proposal, as it seems like the world is moving closer to 'whitelist' (reject by default) method of spam combatantcy. Perhaps there should be a global whitelist set up, where a user signs up, and must verify their mail address, then the mail address is MD5 hashed and stored in a database. Recipients recieve an email from this sender they simply hash the from address and check to see if the hash exists in the database. If it's present the mail is accepted, if not, rejected. Solves the problem of invalid from addresses always used in spam, as well as solving the problem of preventing data-mining of such a 'whitelist' database by spammers (as it contains only checksums).. And it solves the problem of being able to recieve messages from people you haven't personally explicitly whitelisted; ie. old friends from highschool, aquantances with new email addresses, etc..

    Whaddya think?

    -- Greg
  • by MORTAR_COMBAT! (589963) on Thursday May 22, 2003 @11:23AM (#6015303)
    Why isn't this the same crime as handing someone an ID card which says you are someone you are not?

    He claims that he "has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous".

    Isn't that a bit like saying that when I was 19, I had no choice but to resort to forging my driver's license so I could buy beer?
    • Why isn't this the same crime as handing someone an ID card which says you are someone you are not?

      While I hate spam as much as the next guy, this is not the same thing. Spam with modified headers is like somebody calling you up and saying their in Oregon when they're really in Nevada. That's not illegal, nor should it be.

      Your analog is more like forging (or stealing) secret PGP keys.

      BTW, I've always thought it funny that /. folks are so against spam, yet they're all for anonymity on the net. We

  • Anonymous my ass (Score:5, Insightful)

    by YrWrstNtmr (564987) on Thursday May 22, 2003 @11:23AM (#6015309)
    he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet.

    Is that like bank robbers being forced to don a mask so they can remain anonymous and maintain their 'business operations'?

    I've had one of my email addresses used as a reply to: for quite a few spams. A real PITA. Not only did that address get the standard spam, it get bounces from nonexistent recipients. Sometimes in the hundreds per day, as the result of dictionary attacks on various ISP's. On top of that, you get the indignant replies from pissed off people.

    Blatant forgeries in commercial email headers should be made illegal.
  • by Anonymous Coward on Thursday May 22, 2003 @11:26AM (#6015334)
    He has two addresses, (assuming these are both him).
    These were the only Ronald Scelson's in Louisiana and considering they are both in the same city I would say it's fairly certain.

    Ronald Scelson
    211 Martin Lane
    Slidell, LA 70458

    Ronald R Scelson
    1711 W Hall Ave
    Slidell, LA 70460

    Would the /. community like to show this guy what we consider spam?
  • A modest proposal (Score:4, Interesting)

    by John Harrison (223649) <(moc.liamg) (ta) (nosirrahnhoj)> on Thursday May 22, 2003 @11:35AM (#6015397) Homepage Journal
    We should designate some day in the near future as "Everybody is a Spammer" day. On that day, everyone will send as much spam as possible to every email address they have. Since 8th graders are capable of spamming effectively I would guess that a significant percentage of the population is as well.

    What would the result of this be? Email would be totally unusable that day and perhaps for many days afterwards. Not only would it get government officials to take notice, it would cause even the spammers to see the evil of spam. Those that are capable of seeing it anyhow, most of them are probably blind to it.

    Also, everyone that became a spammer for a day would Profit!

  • Scelson is right (Score:5, Insightful)

    by abde (136025) <apoonawa-blog@GA ... m minus math_god> on Thursday May 22, 2003 @11:40AM (#6015447) Homepage
    Scelson said he supports anti-spam legislation. But while committee members were clearly intrigued by his story, they gave little weight to his proposed solution: Pass a tough spam law, but then prevent any Internet provider from blocking e-mail from bulk marketers that abide by the law.


    The Burns-Wyden bill would make it illegal for bulk mailers to forge their sending location, have deceptive subject lines or prevent users from removing their names from e-mail lists. Owners of networks would retain the ability to block mail, and the legislation gives Internet providers legal standing to hunt down and sue spammers.


    (emphasis mine) I think it's a brilliant suggestion. If the Burns-Wyden bill is passed, then I can easily filter my mail to stop spam I don't want to see. I don't think that my ISPs should be blocking email that may be spam but follows these rules. The filters in Eudora and Outlook Express are powerful enough to stop all spam I am not interested in receiving if I know for a fact that the forged header problem vanishes. I think it's a great compromise.
  • by The AtomicPunk (450829) on Thursday May 22, 2003 @11:58AM (#6015611)
    I guess that explains statements like the following, that display his keen insight into our system of government:

    "But carriers should be held accountable when they submit to anti-spam groups. Terminating services to companies' such as my own without any legal reason to do so is not the democracy that we should all be living."

    Jackass, if you're reading:

    1) This is not a democracy. We're a democratic republic. There's a big difference.

    2) Forcing someone else to provide you a service is neither freedom, nor related to a democracy. In fact, that would be contrary to freedom.

    3) Claiming you're FORCED to forge email addresses because of "bullying tactics" is akin to claiming you were forced to break into my house and dump junk mail on my desk because I refused delivery.

    Apparently you think America is all about you, and that you somehow have a level of freedom that compels others to act according to your wishes.

    Rot in hell, dickhead.

  • by cmpalmer (234347) on Thursday May 22, 2003 @12:01PM (#6015636) Homepage
    I've grown used to logging on in the morning, deleting 20-50 spams that made it through my ISP's filter, then reading the 1-10 valid messages.

    Until a few days ago...

    Then I started getting bounced messages showing up in the inbox. First a dozen or so, and now 300+ per day. Some unscrupulous bastard put my e-mail address as the return address on those damned "Penis enlargement" spams and sent out a coupla hundred thousand. All have a different name ("Buffy", "Steve", "Frank", etc.), but all with my e-mail address.

    I've had that address for nearly 10 years, which is the reason I put up with spam on it, but now I'm going to have to kill it all because some moron (the messages originated in China according the to headers) picked my name at random to hide behind.
  • by androse (59759) on Thursday May 22, 2003 @12:04PM (#6015669) Homepage
    Or more accuratly, DDoS the spammers clients.

    I have been looking at the source of my spam lately, and, although the email addresses are always forged, the body of the messages nearly always point to some website.

    What we should do is have a way to automatize the slashdotting of these sites. The resource cost for every recepient is very small, but is very high for the target web site. If the site is run directly by the spammer, then that's great (he get's to pay the bandwidth bill). If it is run by the spammer's client, then that's even better. If it is hosted on a free non-commercial facility, it will wake them up and will make them find a way to make their users accountable.

    So how to do this in a very user-friendly and convenient way ?
    Make a distributed-computing application, very light-weight, that runs on every platform. You should be able to set the maximum bandwidth you want to use (the default could be very low, like 5kbps), when it should start and stop, etc.The app will go and fetch a list of URLs of images or HTML pages on the target servers, and start downloading them to /dev/null. The app should have a funny user interface, that let's you know when a target host becomes unavailable (victory ! another one bites the dust !), etc. The downloadable list of target hosts should be maintained by a trusted source (it could be GPG signed for example), maybe mailed to you though a MixMaster remailer to avoid spammer suing the originator.

    This could make all the Spam issue a lot more fun !

  • DMCA (Score:5, Interesting)

    by Zed2K (313037) on Thursday May 22, 2003 @12:04PM (#6015676)
    "He boasted that in 24 hours he could crack sophisticated software filters designed to block spam."

    So isn't that in violation of the DMCA? Or am I stretching it? If he said he could get around them then its different but he specifically said he could crack them.
  • by hendridm (302246) * on Thursday May 22, 2003 @12:11PM (#6015744) Homepage

    It shows [google.com]

    And all this time I thought the bad english in the spam I get originated from Asia.

  • by Medievalist (16032) on Thursday May 22, 2003 @12:14PM (#6015766)
    After dozens of attempts to get AOL to implement the most rudimentary outgoing filters on their Email system, and getting ZERO response, I have regretfully informed our user base that we will no longer accept any Email emanating from any machine with an AOL.COM IP address.

    They are breaking the rules of the Internet (see: SMTP RFC [isi.edu]s) by improperly implementing postmaster@aol.com (see rfc-ignorant .org [rfc-ignorant.org]for details) and their mail relays have sent hundreds of viruses into my domain.

    I have asked all AOL users at my site who wish to continue emailing their home addresses from work to get a new service provider and given them two months to do so. I have recommended several small local ISPs to them that I know provide good service and never allow easily detected virii like Yaha, Klez and SoBig to transit their mail hubs.

    We, fellow slashdotters, can use our enormous power as administrators of email hubs to get AOL's attention - since it seems more civilized methods are useless. The social contract of the Internet is simple; play by the rules (i.e. implement the required RFCs) or you are not part of the community.
  • Proposal (Score:4, Interesting)

    by chrisbolt (11273) on Thursday May 22, 2003 @12:52PM (#6016050) Homepage
    ...and that he has no choice but to resort to forging the sender information in his bulk e-mail so he can be anonymous and maintain his connection to the Internet.

    Software like TMDA [tmda.net] prevents spam by sending a response and requiring it to be replied to, kind of like this [slashdot.org], mentioned earlier this week. How about implementing something similar to this, except at an earlier stage in accepting mail?

    Just like we have MX records, we could add another type of DNS record (or use a TXT record) that lists the IPs of every SMTP server that is allowed to send mail for a domain. When your mail server receives

    MAIL FROM:<imaskankyspammer@hotmail.com>
    it does a DNS query for that TXT record for hotmail.com, and compares the IP that is sending the mail to the list of IPs received from hotmail's DNS server. If it's on the list or if there is no list (the domain hasn't added the TXT records), the message can continue to be sent. If it's not on the list, or if the domain doesn't exist, the message bounces instantly. There could also be a list of whitelisted IPs that can send mail from any domain (for your secondary MX).

    Comments? It's trivial to add the TXT records, and the modifications to the SMTP server are fairly simple. The only drawback I can think of is that it wouldn't block much spam until a big provider like hotmail or yahoo adopts it, however they have the most motivation for doing this since it would prevent spammers from using their email addresses as envelope senders, and it would force users to use their web interfaces to send mail.

  • Snailmail DoS (Score:4, Interesting)

    by awptic (211411) <infinite@@@complex...com> on Thursday May 22, 2003 @12:53PM (#6016060)
    I've already signed him up for every catalog in the first 6 pages of google search results for "free catalog" .. anyone wanna pick it up from here ?
  • by maxpublic (450413) on Thursday May 22, 2003 @01:18PM (#6016329) Homepage
    Do you honestly think Congress gives a good goddamn about spam? Congressman don't have to deal with this shit; their lackeys do.

    This issue isn't about killing spam - it's about using spam as an 'issue' to kill anonymity online. It's yet another attempt by the government to throttle what remains of our privacy, and spam is a very convenient complaint to base this sort of legislation on.

    Thanks but no thanks. I'll take the spam in exchange for privacy. My privacy is far more important than any government attempt to curb unwanted email, especially when it's just a ruse to eliminate what few rights I have left.

    Max
  • Super-DMCA (Score:4, Interesting)

    by Elequin (137149) on Thursday May 22, 2003 @02:37PM (#6017200)
    Holy *%&@.

    I just realized something. (Yes, I'm probably a bit behind, and just mod me redundant if this has been discussed before.)

    The Super-DMCA that's been going around basically makes it a crime to attempt to hide the destination or originating point of any communication with the intent to defraud a communications provider.

    This Super-DMCA has been passed a lot of places. Doesn't it pretty much already make forging headers for sending spam illegal?
  • by jefu (53450) on Thursday May 22, 2003 @04:58PM (#6018582) Homepage Journal
    I tend to try to turn problems around and see if there's not a fun backwards approach. (Like instead of trying to stop a bulldozer you find a way to lure it into a swamp.) It doesn't always work and often ends up with people pointing at me and laughing. So be it.

    In the case of spamming I've started to wonder about open relay blocking. Most sites that offer information about open relays to facilitate blocking (such as ordb.org) do not make the contents of their open relay lists public. And that made perfect sense to me until yesterday when (while looking into several spam filtering methods) I got curious and started looking for a list of open relays. I found at least one such - but it was clearly aimed at the spammers as it had incomplete information and a way to purchase a subscription.

    So, by making open relay lists private and secret, we're actually supporting the spam industry (not necessarily the spammers directly, but the folks who sell them stuff).

    Maybe its time to think about releasing the lists. This could have several interesting effects (positive :) , neutral :| and negative :( ) :

    1. :| The organizations who collect open relay lists would continue to function as they do now, but sites that would like to use the lists heavily could download their own copies.
    2. :) The folks who sell open relay lists would find it harder to do that if the information were freely available. With a bit of luck they'd go out of business.
    3. :) it would become much harder for site admins to ignore open relays they control if everyone used them and the traffic went way up. This would be an incentive to close them. (Of course, it would be unethical to suggest that anyone else route their mail through the relays - that would amount to a denial of service.)
    4. :) As the relays got closed, the traffic on those left open would increase dramatically - thus increasing the pressure on those site admins.
    5. :) Knowing that a site has open relays might prompt users, friends of the site admins and so on to bug them into closing them. Currently it would require rather more work on the part of such buggers to determine that the buggee needing bugging.
    6. :) Eventually, with a bit of luck, the great majority of the open relays would be closed and spammers would end up using very slow machines. Indeed, it might become profitable for major sites to run a couple of open relays on (for example) an old 80286 on a 1200 baud serial line).
    7. :) Eventually, faced with a small pool of (slow?!) open relays, spammers would turn to spam support sites that could send the mail for them. And I'd be willing to bet that such sites would charge nicely for the service. And there's still nothing to prevent a user from blocking those sites.
    8. :( There would be a serious (but I suspect temporary) increase in spam. Current spam filters would not stop working.
    9. :( There would be problems with people forging open relay lists with machines of people they might want to annoy. (This could be handled by digitally signing such lists from trusted sites.)
    10. :) It would keep the congresscritters from meddling in things they dont understand - with what is almost certain to be disasterous effect.

    Maybe it wouldn't work, but the stuff written about the spam proposal before congress is seriously scary - it would essentially legitimize whole classes of spam and make it much harder to turn off such "legitimate" spam.

"Consequences, Schmonsequences, as long as I'm rich." -- "Ali Baba Bunny" [1957, Chuck Jones]

Working...