Forgot your password?
typodupeerror
Spam Communications Security

100 Email Bouncebacks - Welcome to Backscattering 316

Posted by timothy
from the annoying-as-heck-if-heck-is-like-hell dept.
distefano links to a story on Computerworld, excerpting: "E-mail users are receiving an increasing number of bounceback spam, known as backscatter, and security experts say this kind of spam is growing. The bounceback e-mail messages come in at a trickle, maybe one or two every hour. The subject lines are disquieting: 'Cyails, Vygara nad Levytar,' 'UNSOLICITED BULK EMAIL, apparently from you.' You eye your computer screen; you're nervous. What's going on ? Have you been hacked? Are you some kind of zombie botnet spammer? Nope, you're just getting a little backscatter — bounceback messages from legitimate e-mail servers that have been fooled by the spammers."
This discussion has been archived. No new comments can be posted.

100 Email Bouncebacks - Welcome to Backscattering

Comments Filter:
  • A trickle?! (Score:4, Insightful)

    by Zombie (8332) on Monday May 05, 2008 @05:59AM (#23298498) Homepage
    A few every hour? This weekend marks the second weekend in which I got several hundred bounces in a single night!
    • Re: (Score:2, Informative)

      by Anonymous Coward
      15,420 since May 1. My hosting company actually asked me to move to google apps because my shared account couldn't handle the loads from these attacks.

      Google apps ( http://www.google.com/a/help/intl/en/admins/editions_spe.html ) handles the domain mail for free, without complaint, and only about 3 messages out of the 15,420 made it through the spam filters.

      Supposedly there's a mail configuration option you can set to make it possible for servers to verify mail from your domain (must originate from this ip
      • Re:A trickle?! (Score:5, Insightful)

        by MBGMorden (803437) on Monday May 05, 2008 @09:11AM (#23299556)

        Supposedly there's a mail configuration option you can set to make it possible for servers to verify mail from your domain (must originate from this ip range) but the domain hosting company I'm with doesn't expose that particular feature.
        It's called SPF which is Sender Policy Framework. Problem is, it's not used often enough at current time, so very few mail servers will actually reject a message that fails an SPF check.

        The best thing honestly would be for these servers to just clean their act up and handle things properly. Mail rejects should be done before the connection between the two servers closes. It should always be up to the SENDING mail server to generate a bounce rather than the receiving.

        The odds of that happening are pretty slim though. There is a "bounce killer" feature in the new version of amavisd-new that I'm looking at that might work well. Apparently (I haven't installed the new version yet) it will store the message ID's of your outgoing messages and if a bounce comes back with an invalid message ID it deletes it.
        • Re:A trickle?! (Score:4, Insightful)

          by rolfc (842110) on Monday May 05, 2008 @09:21AM (#23299654) Homepage
          Moderators,
          This guy know what he is talking about.

          If everyone was publishing SPF-records and enforcing them, the problem would go away. The real problem is that most mailadministrators doesnt have a clue.
        • Re: (Score:3, Insightful)

          by raddan (519638)
          Thing is-- in order to solve these problems with SMTP, we simply need to break backward compatibility. It's the fact that SMTP continues to allow a lowest-common-denominator kind of communication that enables people to abuse email. The next standard should use mutual authentication to prevent spoofing (maybe ala MIT's PGP key repository), encryption to prevent hijacking (and evesdropping), and all of the other tricks employed by modern network protocols to keep them working properly. I don't think increm
        • Re: (Score:3, Interesting)

          by jabuzz (182671)
          Having been the victim of spam backscatter on several occasions in the last five years, it occurred to me some years ago, the solution to bounce issues was to insert random ID into each email as a header. Then track these against the domain they where sent to. Only bounces from matching domains, that contained the magic ID would ever get delivered.
    • Re:A trickle?! (Score:4, Informative)

      by CastrTroy (595695) on Monday May 05, 2008 @08:13AM (#23299076) Homepage
      I remember this being the reason I disabled my catch-all address for my domain, a couple of years ago. I was not only getting tons of bounce-backs from things that looked like they were being sent from my domain, I was also getting a lot of spam mail sent to random-non-existent-but-caught-by-the-catch-all addresses.
      • by Lumpy (12016)
        I find my catchall to be an awesome address. I use it to feed my spam filter. This way I typically never see the spam because the catch all get's all the first spam.

        works great.
        • Re: (Score:3, Interesting)

          by KillerBob (217953)
          That works great, until one of your friends makes a typo and sends a message to lupmy@yourdomain.com instead of lumpy.... they get no confirmation that the message they sent to you didn't go through... because it *did* go through. It just went straight into your spam filter.

          I could make it sound worse than it is, by making this fictional friend your significant other, and creating some kind of facetious situation in which your relationship will end if you don't respond to said message... but you get the ide
    • It's been a problem over the last few months.

      I work an IT job, and we get employees bringing this up all the time with us. (I think they fear they've been hacked.)
  • by MollyB (162595) * on Monday May 05, 2008 @06:03AM (#23298506) Journal
    This story was preceded less than a month ago:
    https://tech.slashdot.org/article.pl?sid=08/04/08/2258246 [slashdot.org]

    I had a bunch of these back then, now they are happening again. Here is some information about the subject.
    http://spamlinks.net/prevent-secure-backscatter.htm [spamlinks.net]

    You should only get NDRs from your own ISP, as I undestand it. The other mail admins are being fooled by your spoofed return address, and should know better.
  • Where's the news? (Score:5, Informative)

    by dotancohen (1015143) on Monday May 05, 2008 @06:03AM (#23298508) Homepage
    Where's the news here? I've been getting these for years. It's so bad that I filter bounce messages to a separate account on the server to download and review at the end of the week. I get almost as much backscatter as spam, both over 1000 messages a week.
    • by Fweeky (41046)
      How much over 1000 a week? I get on the order of 1500 a *day*. Am I really getting ~10x as much spam as you, or do you just filter it more proactively with greylisting and stuff?

      This needs to be a poll; quantity of received/filtered spam in an average day :)
      • Re: (Score:3, Interesting)

        by dotancohen (1015143)
        Depends. I can start keeping count if you want, but anywhere from 800-5000 backscatters would not surprise me in any given week. That, plus 1200-7000 spam messages a week.

        I now have four filter mechanisms at work:
        1) All my contacts get a unique email address. Something along the lines of your-name@my-server.com
        2) Spamassasin on the server.
        3) Thunderbird's standard junk mail filter on the client.
        4) Whitelist addresses of known contacts to my "whitelist" folder.

        I see maybe 10-20 spam messages a day in my inbo
  • by pandrijeczko (588093) on Monday May 05, 2008 @06:07AM (#23298518)
    Nope, you're just getting a little backscatter

    Nope, I'm not getting anything - procmail [procmail.org] on my honeytrap spam email account sees it and stops it with a few simple filters

    So please try harder, spammers, or go and get extensions to your obviously miniscule penises so you no longer need to take you inadequacies out on the rest of the world.

  • by Richard W.M. Jones (591125) <rich@NoSpAm.annexia.org> on Monday May 05, 2008 @06:09AM (#23298538) Homepage

    There's an easy way to filter out backscatter while preserving bounce messages that you care about (ie. ones about email that you actually sent):

    1. Add your own custom header to all your outgoing emails. Doesn't matter what it is, but it should be unique, eg. 'X-Really-From-Richard-Jones: xsomesecretx'

    2. MTAs include the original headers in bounce messages, so discard bounce messages which don't contain your custom header.

    You can even be smart and sign the header based on the content of the email using a private key, which would make it unforgeable, but at the moment you don't need to do that.

    Rich.

    • by gbjbaanb (229885)
      interesting.. now, how do I do that in Thunderbird?

      It may be slightly redundant though, all those emails bounced back at me are ones that are obviously spam - otherwise the recipient's spam filter wouldn't be bouncing them to me, and so you'd expect my spam filters to detect and delete them without any intervention on my part.
      • interesting.. now, how do I do that in Thunderbird?

        I've no idea. I used Thunderbird at work for a while, but got so sick of it that I replaced it with mutt and have been much happier (and calmer) at work ever since.

        Rich.

      • by djmurdoch (306849) on Monday May 05, 2008 @06:46AM (#23298686)

        how do I do that in Thunderbird?
        Set the custom headers preference. [mozillazine.org]
      • by rjames13 (1178191) on Monday May 05, 2008 @07:06AM (#23298762)
        Go into Preferences->Advanced Tab and click Config Editor Button.

        Alter the setting
        mail.identity.default.headers
        to include the string header1
        note header1 is just a label
        then add a new string called
        mail.identity.id1.header.header1
        Set the value of that to your X-line

        From now on all mail sent from Identity 1 will have that header on it.

        To create a filter based on that. Obtain an email with that header. Find a clickable link in the header and right click and select create filter from message.

        At first from the drop down box you can't select that X-line so you need to go to the bottom and click customise. You can put that header in there. Now you can create a filter from it.
    • Nice, thanks! Mods!
    • Unless you like playing around with your user's machines a lot, you should better implement that at the MTA level and configure your mail server(s) so that they include the header.

      Or you could just use SPF, which basically does the same thing, only more elegantly.
      • Re: (Score:3, Informative)

        Unless you like playing around with your user's machines a lot, you should better implement that at the MTA level and configure your mail server(s) so that they include the header.

        Sure ...

        Or you could just use SPF, which basically does the same thing, only more elegantly.

        SPF doesn't do the same thing at all. It relies on the receiver MTA to do something about the non-matching SPF records, which evidently many don't (or at least, I've got proper SPF records, but still get huge amounts of backscatt

    • by guruevi (827432) <evi@@@smokingcube...be> on Monday May 05, 2008 @08:59AM (#23299454) Homepage
      You know, I have a digital certificate that does that for me. It automatically signs my e-mail and 'smart' filters and e-mail clients know that non-signed e-mail from me is not to be trusted as much.

      Get your free personal certificate and if 2 people have certificates, e-mail gets encrypted between you! There are a number of providers that give them.
    • Re: (Score:3, Informative)

      by MaufTarkie (6625)

      MTAs include the original headers in bounce messages, so discard bounce messages which don't contain your custom header.
      Not all MTAs. Exchange doesn't, for example. Maybe it's been fixed in Exchange 2007, but I haven't upgraded to that yet.
      • Re: (Score:3, Informative)

        by nuzak (959558)
        Exchange 2007 does include headers when using the SMTP transport. It's been pretty well-behaved in that area since 2005 or so.
  • by gsslay (807818) on Monday May 05, 2008 @06:12AM (#23298550)
    I must have read at least 3 news stories about backscatter in the last week. Why is this only getting attention now when it's been a problem for years? Is it just because someone has coined a word for it?

    I can remember years back when some spammer decided to use my domain name in their spam run. Hundreds of bounced emails every day and I cursed everyone of the dumb mail servers that mailed them; complete with original html email, images and any other crappy attachment. ("Hundreds" may be small potatoes these days, but they were a big deal at the time.) Just the very idea that spammers would supply a genuine reply address seemed so incredibly stupid, yet there they were; dozens of carefully worded variants of the same "naughty spammer, don't email me" reply. I could just see some smug sysadmin configuring their system with this badly thought-out garbage, thinking "ha! that'll show them!"

    None of my mail servers since then have ever bounced spam or mis-addressed emails.
    • I must have read at least 3 news stories about backscatter in the last week.

      At least they're writing stories about it now. I'm glad they're finally publicizing this. I've published SPF records almost since SPF started, and it amazes me that people still don't set up their servers to check this before accepting a message -- which is the initial problem. The more publicity, the better.

      • by Tony Hoyle (11698)
        I rarely ever see it. Spammers normally use made up email addresses.. they're just using your domain name, so as long as your MTA is not allowing emails to arrive to nonexistant users you'll filter 95% of it as a part of normal operation.
        • Re: (Score:3, Informative)

          by statemachine (840641)
          While it is rare considering the volume of e-mail I receive, I've noticed backscatter is gradually increasing. More and more admins are just installing anti-spam/anti-virus devices without learning which options to enable or disable.

          so as long as your MTA is not allowing emails to arrive to nonexistant users
          I wholeheartedly agree, but SPF won't even allow it to get this far. Why should clueless admins expect me to pick up their slack?
          • Re: (Score:3, Informative)

            by Tony Hoyle (11698)
            Unfortunately so few ISPs support SPF it's not reliable. I've published SPF records for years on all my domains.. OTOH for incoming it merely gets a spam score - when SPF is used it is alas sometimes misconfigured so bouncing on it has too many false positives.
    • by mgh02114 (655185)

      Just the very idea that spammers would supply a genuine reply address seemed so incredibly stupid
      I'm not saying that this is smart, but they DO have a reason for configuring their mail servers this way: for the false positives. Those do have valid reply addreses. Ignoring the backscatter problem, I do appreciate it when Verizon tells me that it has blocked a message I sent to my mom.
  • Hasn't this crap been going on long enough? Aren't people tired of spam - tired, as in totally pissed! I know I am.

    Something drastic should be done about it, yesterday. Doesn't matter if it fails at first, I just want to see some political will. As it is, it seems like noone who has the power, gives a sh*t.
    • Re: (Score:3, Insightful)

      by Mattsson (105422)
      Start spreading the word:
      "Anyone who sends spam is a terrorist!"
      Add random bogus reason, like "spam finances terrorism" and tag a "think of the children" on at the end.

      Sooner or later, someone in power is bound to fall for it.
      • by Zorque (894011)
        You have a point, spam helps finance the Russian mafia, and who knows who they're involved with.
  • by Anonymous Coward

    1280px wide layout but the column with the actual content in is only 200px the other 1080px are dedicated to adverts and sponsors

    i think that computerworld site is a classic example of a site that cares nothing for its readers (like spam) and is only a means to an end, when a site has more space dedicated to advertising than content you know you've hit a spam site

    funny how they are telling us about spam while promoting more adverts on a single page than a spam message has

  • by Anonymous Coward
    I lost my "email for life" account (randeg at alum.rpi.edu) nearly five years ago because of backscatter. I got a lot of it because that address appeared in-the-clear in libpng and zlib documentation. The people at RPI did not understand the backscatter phenomenon, and I assume they are still getting plenty of it.
    • Re: (Score:3, Interesting)

      by statemachine (840641)
      Eternal September.

      Sure, I once got angry at people who sent me spam and bounced it back to the sender with a nastygram. But that was 1995. There wasn't SPF, and there weren't content filters. And most installations were open relays on Sendmail. Administering e-mail was simply giving someone a home directory and pine.

      Nowadays, the e-mail administrators are the biggest enablers. If they just checked SPF records and stopped automated bounces after a content filter determines it's spam.... It's also up to the
  • "legitimate?" (Score:5, Informative)

    by Michael Hunt (585391) on Monday May 05, 2008 @06:42AM (#23298672) Homepage
    As a 9-year veteran of the anti-spam industry (with experience within the regulator, although I've left that behind me now and work in telecoms,) it's a REAL stretch for anybody inside the IT industry to take these kinds of comments seriously.

    Anybody who says that 'legitimate' mailservers are sending backscatter instead of 5xx-ing the message in transit is wrong. Mailservers which send backscatter are NOT legitimate, EOL.

    - A pissed off mail admin.
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Airport Announcer: "Mike Hunt? White Courtesy Telephone, please. Mike Hunt..."

      Parents had a sense of humor?

    • by Tony Hoyle (11698)
      For spam even a 5xx is wasted... spammers don't care. File it in a spam folder or simply drop it on the floor. I agree replying to it with a new message (which is what these misconfigured servers do) is utterly moronic. Personally I just report such servers as spammers. Automated ones, but spammers nontheless.
      • Re:"legitimate?" (Score:4, Informative)

        by Michael Hunt (585391) on Monday May 05, 2008 @07:53AM (#23298948) Homepage
        If Aunt Tillie sends me a message (forwarded from Betty, her next door neighbour, which was in turn forwarded from her nephew Boris, who goes to school in another city) which just happens to look like spam (who knows, maybe Boris is telling an amusing anecdote about how one of his friends stumbled across some h3rb4|_ v!agr4 or something,) I'm going to look like a fair dick if the message gets dropped on the floor and Aunt Tillie doesn't at least get notified that the message got eaten.

        The 5xx range of status codes exists for this (and other) reasons, there's no reason NOT to use them (by performing content verification inline and either 2xx-ing or 5xx-ing the message between "." and "QUIT".)
        • Re: (Score:2, Interesting)

          by Palinchron (924876)
          So what is the proper response if Aunt Tillie forwarded the mail to both me and my brother (both of who have a mailbox on the same server) in the situation that I want my spam dropped whereas my brother wants his spam delivered for manual checking?

          There will be a single mail with two recipients, one who doesn't want the mail and one who does. Should I 5xx the mail (even though my brother wants to receive it) or should I 2xx it and drop my copy silently? AFAIK, there's nothing in between.
    • Re: (Score:3, Informative)

      by mlts (1038732) *
      Agreed. Microsoft Exchange 2007, out of the box, does not bounce messages it gets. It either gives an error code and refuses to process the message, or it accepts it. An Exchange admin can configure rules for messages to bounce (say someone is trying to carbon copy multiple internal company distribution lists), but its nowhere near the default settings.

      I wonder if backscatter has been used as a threat for extortion sometimes. A few years back, I was seeing spammers E-mail people who owned domains threat
  • SPF + !SRS! (Score:4, Interesting)

    by spottedkangaroo (451692) * on Monday May 05, 2008 @06:55AM (#23298716) Homepage

    It seems like the solution to "backscatter" has been around for quite a few years (SRS [openspf.org]). I'm surprised how few of the commercially available anti-spam solutions use or interpret it.

    At my company, we just looked at Barracuda (PoS), Pineapp, St. Bernards ePrism, MX Force, Postini, and some other things. None of them understand SRS and only a few of the tech contacts had even heard of it. Sad Sad. But they all seem to have hand-rolled "backscatter" protection that partially works.

    It seems like everyone has an SPF record these days. But it feels like relatively few actually check them and almost nobody goes the full distance and uses SRS.

    • Re:SPF + !SRS! (Score:4, Insightful)

      by spydir31 (312329) * <`moc.nukrutsah' `ta' `rutsah'> on Monday May 05, 2008 @07:23AM (#23298816) Homepage

      Here's the solution to backscatter:

      1. only relay authorized messages
      2. reject as soon as possible. no bounces.
      3. do not send out virus warnings, spam warnings, challenge-response requests
    • by Fjan11 (649654)

      Dropping incorrect addresses is technical "solution", but not a user friendly way to deal with the problem. It's bad engineering.

      Just enforcing SPF by itself would already go a long way to fixing this, and cure a lot of other spam in the process.

      • SRS isn't about dropping incorrect addresses. It's about droping fake bounce messages (DSN) that aren't signed/generated by the server that's supposed to accept them.
    • by Tony Hoyle (11698)
      There's a reason - such a scheme breaks many anti-spam measures and is a particularly poor way to do it.

      I've seen such crap in my logs and didn't realize what it was.. it fails sender verification and gets dropped as spam anyway. Lying about who you are to a mailserver is not the way to solve spam.
      • I don't think it lies about who you are. It certainly shouldn't break any anti-spam measures.

        It makes the return path verifiable to the sender and if you decode it the original return path is there (with exactly the same reliability as before: 0).

        So I guess I don't understand your argument at all.

  • Every so often, I'll get backscattered for a few days with the catch-all e-mail account I've setup for my domain. Since I'm lazy, I usually just log-in to my ISP and set up an alias to redirect to another mailbox I have set up for this crap. If it gets any worse, then I'll have to look at a real solution, or even drop my catch-all account, which would be a real pain.
  • by AftanGustur (7715) on Monday May 05, 2008 @08:02AM (#23298996) Homepage
    See here http://www.postfix.org/BACKSCATTER_README.html [postfix.org]

    The trick is to use the "header_checks" and "body_checks" to look for signs of the email having being sent out from your email server in the first place.

  • by Panaqqa (927615) * on Monday May 05, 2008 @08:18AM (#23299100) Homepage
    It used to really bug me, that someone was sending out spam and using my legitimate email address in the From, Return-path and Envelope-from headers. I began filtering out the "Spam received from YOU" type headers years ago. But what still bugs me about this is those people who set their systems up to add me to some domain based rather than IP address based block list based on these faked headers. For more than a year I have been unable to successfully send email to my insurance company due directly to this issue.

    Then again, I have never regarded email as a reliable method of communication. Everything truly important goes with a read receipt request and if I don't receive one then I phone or send snail mail. I continue to be amazed by the number of screwups I continue to hear about where someone says "I never got [such and such] email."
    • Re: (Score:3, Interesting)

      by jimicus (737525)

      Then again, I have never regarded email as a reliable method of communication. Everything truly important goes with a read receipt request and if I don't receive one then I phone or send snail mail. I continue to be amazed by the number of screwups I continue to hear about where someone says "I never got [such and such] email."

      As an admin, let me assure you that no (competent) email administrator has email randomly disappearing into the Magical Land of the Email Fairies.

      I have had more people than I care to remember come to me complaining that "X says they sent me an email and I never received it, can you look into it?". Every single time I have been able to tell them exactly what happened. 8 times out of 10 the email's sat in their Inbox and they just have such a cluttered inbox that they can never find anything. (The other

      • by Panaqqa (927615) * on Monday May 05, 2008 @09:00AM (#23299466) Homepage
        I did not mean to suggest that a competent admin would ever lose legitimate email. The problem comes in many forms, but the biggest culprit is anti-spam filters. These days it seems that everybody and their cousin wants to spam filter your email. ISPs arbitrarily apply such filters to their users accounts, often without any notification. Hosting providers and domain registrars often do the same. System admins, under pressure from management, put in place imperfect solutions and compound the issue by misconfiguration. I employ some network admins myself to help clients with server problems. The number of times I have seen a program such as "Spam Assassin" set to an incredibly aggressive setting AND to delete flagged mail without it ever hitting an inbox is surprising. I have one client right now that has not been able to email their parent company for over 6 weeks. Their messages blackhole. And it is not as if the parent is unsophisticated: they are in the financial sector and employ 17,000 people. And of course nobody in their IT department will admit that any email is being blackholed.

        I personally am one of those who would like to see a new email protocol built from scratch with the spam problem as foremost consideration in the design process. I have a dislike for anything in IT that only "works most of the time", and that's where email has been for quite a while now.

        My 2 cents. Another 2 cents that is.
    • by mr100percent (57156) on Monday May 05, 2008 @09:15AM (#23299596) Homepage Journal
      I wonder if you can sue them for infringing on your copywritten email address...
  • Bounce messages should go to the postmaster of the domain that sent the message (the last Received: line before your MTA), rather than the "sender" in the From: header. That way, the actual forwarding server will be notified that it is being used to send spam and should be able to prevent further misuse. That also means the true sender gets the problem, not innocent bystanders.
  • by geminidomino (614729) * on Monday May 05, 2008 @08:59AM (#23299452) Journal
    If an MTA is sending backscatter, it is not legitimate, it is broken. The MTA should NOT be looking at the FROM header to determine where the error goes. Report 5xx during the transaction, sending MTA is responsible for routing it to the associated address.

    Any MTA I get backscatter from goes right into my local incompetent.dnsbl zone.
  • Last year we had an issue with spammers targeting our postfix server to do this. They would insert an extra Delivered-To line, which postfix would happily bounce back to wherever the spammer wished. I wound up writing a header_check for this. Last I heard there were no plans to change postfix's default behavior.
  • Computer World trying to get street cred by re-hashing old and moldy.

    Nothing new here, move along.
  • In the mean time, here's some music...
  • by Cedric Tsui (890887) on Monday May 05, 2008 @11:55AM (#23301486)
    I've asked this question in Slashdot before, but I've never gotten a satisfactory answer.

    There are 7633 messages in my gmail spam folder. Now let's suppose I'm new to the internet, and I read spam message #1. Do I want Viagra? No thanks. Message #2, still don't want Viagra. #3 no thanks, I'm fine.

    Well, I didn't buy that stuff the first 7633 times you asked me THIS MONTH, but maybe if you ask me REALLY nicely with a few misspellings just once more, then I'll cave into my male inadequacies and buy prescription medicine from a sketchy online source.

    Now I'm going to pretend I'm a spammer. I want lots of money. What benefit is there to me to send a single address more than say... 5 messages? (not per month. EVER) If it didn't make it through the filters the first time, it won't the 800th time, and the more messages I send, the more likely my recipients will learn to evade them. More importantly, a jaded audience won't be receptive to buy.

    I can imagine that the newer scams could be useful. Like the ones pretending to be your bank. I've only received a few of those, and it took some thinking to realize that the facts didn't add up. But the normal viagra spam should only be useful in the very limited cases where a brand new user (8 years old?) who hasn't been exposed to it ever before reads one of the first messages and decided that it's a worthwhile endeavour.

    My hypothesis are:
    1) Spam is not used in the effort of making money, but as a way of crippling the internet for sport.
    OR
    2) The majority of spam is sent by poor, hungry and stupid script kiddies who are as of now still poor, hungry and stupid.
    • by WGR (32993) on Monday May 05, 2008 @12:24PM (#23301840) Journal

      Now I'm going to pretend I'm a spammer. I want lots of money. What benefit is there to me to send a single address more than say... 5 messages? (not per month. EVER) If it didn't make it through the filters the first time, it won't the 800th time, and the more messages I send, the more likely my recipients will learn to evade them. More importantly, a jaded audience won't be receptive to buy.
      Because spammers get paid by number of messages sent, not return on messages.

Wherever you go...There you are. - Buckaroo Banzai

Working...