Study on the Effects of Spam on End Users

An anonymous reader writes "'About a third of people responded to a spam, seeking more information. And 7 percent actually bought a product or service.' Who are these people? Is this really what non-techies do with Spam? They can have my Spam if they want it :-)"

perhaps the anti-spam bill will pass

[pbranes]

The Senate just approved an anti-spam bill 97-0 and the House is working on a similar bill (story here) [com.com]. Hopefully this will keep normal people from getting duped into buying the crap that floods our inboxes.

I work as tech support at a university. It is my experience that most people actually read spam messages and then actively consider the promotion. I guess they are still naive to the ways of the internet and believe they are actually seeing a good deal sent to them. People always ask me about the "send your bank account info to nigeria" scam because they don't ever think that *they* could be the target of a scam. I'm afraid to think of what kinds of scams these people fall for in the real world if they believe everything they read on their computer screen.

Re:with a sample size that small

[surstrmming]

2,200 users and 30% isn't that small. Anyway, the sample size was increased with some herbal viagra.

I think the poster may have confused the 30% response rate to the study itself with the response rate to spam. Unless s/he was clever and considered the survey to be spam.

Re:Effect on me?

[bigberk]

I'm setting up my own Email server (yes, paid the extra bucks to get a business broadband account), complete with filters, attachment blocking, etc. Even purchased and read a couple of books on the subject... it's proven to be quite an educational endeavor.

Congrats! My Internet experience also 'opened up' when I took control of my own communications, instead of letting my ISP provide their own brand of crappy, buggy email service.

I have some recommendations for you. First, look into using postfix [postfix.org] as your MTA. It has a much better security track record than sendmail, and is easier to configure (and IMHO is more flexible). Then activate DNSBLs, DNS blocklist, that will stop a huge amount of spam before it even wastes your bandwidth. I use the following option in postfix's main.cf to do filtering:

smtpd_client_restrictions =
reject_rbl_client sbl.spamhaus.org
reject_rbl_client blackholes.easynet.nl
reject_rbl_client relays.ordb.org
reject_rbl_client list.dsbl.org
reject_rbl_client ipwhois.rfc-ignorant.org

nailing the bastards

[tarzan353]

It's not that hard to take down a spammer who causes you problems beyond just sending you unwanted email... I had one friend who had a spammer run a couple hundred thousand emails thru his system (a bug had made it into an open relay). It took one stern call to the ISP hosting the advertised websites to get his hosting and DNS cut off at the knees.

This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions.
(Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.

If more people would do this, life would get a lot harder for spammers.

Re:how to trace spam?

[Anonymous Coward]

The receiving server adds the IP-address of the sender, so there is always at least one received-line which can't be forged: the one which your server added. Many times there are more received headers from trustworthy servers, but forging additional received lines isn't uncommon in spam.

Re:It's math

[Anonymous Coward]

For the normal distribution --- which IQ follows --- the mean equals the median.

Re:Unenforcable, Political

[jdreed1024]

Exactly how would such a law be enforced? It's not as if these companies sending all this SPAM readily identify themselves. And what about SPAM originating from outside of the U.S.?

The point is right now, the only way the government can go after spammers is if they are commiting fraud. And while a fair number of them are, others are not. The e-mail you get flaunting a new screensaver, cell phone, or home loan might be annoying, but it's not fraud if they deliver the product. Suppose you manage to catch a spammer who was, say, selling those Micro-RC cars. What can you do to him under federal law? Right now - nothing. With the new law, possibly something.

I agree the new law is unlikely to cut spam just be being enacted. I also agree that it's useless for overseas spammers. But a fair number of spammers are out there in plain view, because what they do is not (yet) illegal. So once this law passes, I'd say it's only a matter of time before notorious spammers like Alan Ralsky and Eddie Marin get a visit from some guys in black suits who say "Come with us, sir." Yes, international spam will still remain, but there are a not-insignificant number of spammers in the US, and these people might just get caught under the new law.

Not currently experiencing your concern.

[Shivetya]

I have received over 100 messages in the last 24 hours. Less than a dozen made it through to me.

I had one request for passage of mail, which I accepted as I knew what it was about.

In the whole time I have used Earthlink's challenge system only two businesses have requested permission to be added to my link.

None of the big delivery or sales sites have asked, but I did add them as my daily summary of blocked "suspicious" mail was large.

Earthlink has two categories. know and suspected. it is from suspected that permissions can be asked about. their known spam category does not send out notifications of blocked mail

Getting my permission requires the user/company to follow a link and ask for it. It uses the standard picture challenge technique that some advanced systems can defeat.

In the end I love it, I no longer have to filter at my end. I also have cut down my spam to zero.

I have yet to experience a case of repeated requests. I know I can block them permanently, so unless they roll addresses all the time all they could be at most is a request hassle.

PS: This system is great for those who have grand parents who don't need to see that seedy side of the net. You can setup their address books for them and even review their spam online if they give you the passwords.

Re:Have a gambling problem? We can help...

[carlos_benj]

That seven percent number does sound incredibly high given that responses from direct mail campaigns generating less than half that are considered very successful. No wonder spammers are reluctant to withdraw, especially since the price of spamming is negligible when compared to the price of a direct mail ad.