Mapping the Spam 292
demaria writes "The folks at cluelessmailers.org have made a map of spam. It shows the relationships among spammers and other entities (legitimate or not), including organizations that track spam, advertises with, shares addresses, emails through, and all sorts of other data. I can't imagine how hard it was to put this together, it looks like a giant circuit design layout, but shows just how big and interwoven the spam problem is."
Good job /.! (Score:2)
Re:Good job /.! (Score:5, Informative)
http://www.cetan.com/mirrors/spammap.html [cetan.com]
No need to mod me up, I'm not a karma whore.
What this map is missing (Score:2)
Re:Good job /.! (Score:2)
Re:Good job /.! (Score:5, Informative)
It seems to me, that you comment is really extra lame.
Re:Good job /.! (Score:2)
Google cache [google.com]
my fovorite (Score:1)
Now they know we know (Score:2, Funny)
"You are going to let them in here? They're gonna see everything! Waaaeeeh, they're gonna see the big board!"
Thanks (Score:2, Interesting)
Wish there was some way I could block out that stupid Hotmail email begging for money to increase account size.
Map of Spam (Score:5, Funny)
what no hotmail (Score:2)
He thinks the problem is spam (Score:2)
The only problem I see here is understanding that damn giant thing!
Re:He thinks the problem is spam (Score:3, Funny)
Truly spoken by someone who has never seen a sexchart.
When I first read the story title... (Score:5, Funny)
I'm driving to each and every one of em, and hurling bricks through their windows...
errr wait...
Re:When I first read the story title... (Score:2, Funny)
Step 2) Hurl bricks.
Step 3)
Step 4) Big profits.
Re:When I first read the story title... (Score:5, Funny)
:D
Spam problem (Score:2, Interesting)
Re:Spam problem (Score:2)
-----
Apple hardware still too expensive for you? How about a raffle ticket? [macraffle.com]
Re:Spam problem (Score:2, Insightful)
I'd like to thank Pacific Bell, however, for the barrages of spam I get there. I don't even bother to check the account more than once a week since I know it's just spam.
Re:Spam problem (Score:2)
I did that just last month. I modified my Sendmail server to analyze the content of incoming messages. It actually looks at the content of messages. It's amazing how predictable most spam is and how easily it can be tossed based on simple filtering.
The main difference is that when Sendmail is in the "DATA" phase and detects filterable content it hangs up right then and there.
My spam on my 8-year-old email account has dropped from like 40-50 per day down to about 5. Works great and looking at the Sendmail log to see how many times I hung up on spammers gives me a nice warm fuzzy feeling.
Re:Spam problem (Score:2)
So, don't be so fatalistic about spam. You should be actively working to convert the noise that is hard to deal with into noise that can be automatically dealt with.
Re:Spam problem (Score:5, Informative)
He did no such thing. Shannon's law demonstrates that the information bearing capacity of a communication line is limited by the signal to noise ratio.
It is quite amusing to see how such basic observations are transmorgaphied by the game of Internet chinese whispers.
Spam will be addressed as a problem as soon as the pain barrier becomes high enough. With PKI it is possible to identify an email sender by means of a digital signature. The current problem being that there is no good way to locate public keys bound to email addresses. There is a lot of good work going on in this area, in particular the W3C XKMS group recently discussed a working draft that describes a mechanism for accessing public keys via DNS SRC records [w3.org].
So under this system what would happen is that when you get email from them the email client would scan your address book to see if they were on your approved sender's list. This would probably include the individuals you know (Cmdr. Taco etc.) and also whole domains (ai.mit.edu) you might trust. if the mail is not in the list it goes into the 'low priority' pile.
There are email clients that do this at the moment but the spammers are using counter measures, such as scanning email list archives and sending out SPAM with fake sender addresses taken from the archive. With PKI and a means of determining whether the person actually has a public key or not this type of filtering becomes much more robust. Incidentally the mechanism does not require S/MIME to work, it can also be used with PGP.
To deploy the solution all we need to do is to persuade email client writers to support XKMS register and locate functions and ISPs to provide XKMS services along with their existing SMTP server. Oh yes and finish the XKMS spec I guess.
Re:Spam problem (Score:3, Insightful)
That's nice if you only communicate with people you already know. Not so good if you have a public website, a company, or you participate in public forums (like slashdot) and people you do not yet know will make contact with you.
Re:Spam problem (Score:2)
That is a problem, however my first priority is to try to do what I can to take what we can definitively identify as signal.
If you get a signed email from an unknown source it could be spam or it could be signal. In my corporate email client I would configure it to automatically presume that email with source addresses in the domains sun.com, microsoft.com, cisco.com, ibm.com etc. that is signed to not be spam.
If an email came that was signed and was not from the whitelist it would be put into an 'unidentified' queue. Initially none of the spam would be signed and a signature alone would be sufficient authentication. However that is not going to last forever as a sorting mechanism.
One thing that you could do is to reply to the sender with a note saying 'your email is in the pending queue, please return this confirmation message if you are not a spammer, i don't like scum who send spam'. Although a spammer could sign their messages and respond to the return messages doing so would be much more expensive and technically problematic, especially if we make it hard to automate the replies. It is also something that we could introduce a law to prohibit false replies.
The other part of the puzzle is that commercial communications would be separately identified. So if IBM wants to send me an invoice for the web server service they provided me with their invoice is signed and marked as an invoice. If IBM want to then send me some information on some additional service they might want to offer me it would be signed and marked as SPAM but would also have a tag to indicate what sort of spam it was. So offers for HGH, penis enlargement, Breast enhancement, nigerian letters etc. can head straight for the bit bucket while I might actually read a PR newsletter that I signed up for from Microsoft or Red Hat. But those message would go into my 'low priority folder'.
There are a bunch of other hacks that can be used. For example we might use PGP style community key signing to establish the authenticity of key holders. Or we might use commercial PKI CAs to authenticate key holders. While anyone can lie to a CA and get a certificate under false pretenses, it is also possible for CAs to revoke certificates.
In the long run I think we will see people signing their email routinely to bypass spam filters. The cost of obtaining a certificate will be low enough not to notice because they will be issued in bulk through channels such as the ISPs, but people who want to use PGP will still have that option.
Re:Spam problem (Score:2)
The problem there is that people^h^h^h^h^h^hSPAMers are bypassing the address book hack by forging emails with sender lines taken from mailing lists.
What we need to do is to organize a SPAM summit and develop a comprehensive strategy for addressing the issue. Paul Vixie recently made some good proposals. However if SPAM is to be defeated we really need to have more than a single fix.
Re:Are you trolling me? (Score:2)
No it does not [w3.org].
It stands for XML Key Management Specification. And although there have been discussions on it in many fora, the latest draft uses examples from email. Unfortunately the one on the site is a little older.
Sounds to me like you are trying to whore some points--somebody mod this guy down
Sounds to me like you either don't have a clue and could not be bothered to do the simplest of research or you don't like one of my other posts for some reason but don't have any mod points.
Re:Spam problem (Score:2)
Why is spam 'noise'? Just because you don't want to see it? If that's the case, how is forwarding spam to spamcop any different than trying to apply a filter to a signal to try to cut out the noise?
As for fixing the problem of spam via email, I use ASK [sourceforge.net], which has fixed the problem for me (to the tune of 99.9%).
Re:Spam problem (Score:5, Interesting)
There certainly isn't if you're fatalistic and don't look for solutions.
Claude Shannon proved decades ago that noise is inevitable in communications
Ignoring the abundant misunderstanding of Shannon's research (hey, go read here [skypoint.com] and you'll already know more thant he poster), to call spam noise on the data network is an amazing stretch. Spam is not noise. Spam is data. If you took the spam off the network some other crap that nobody wanted wouldn't magically fill the spot.
I also deeply question your off-the-cuff nlogn value for spam. Let's just take my Hotmail account as an example. It receives roughly 200 spam emails a day. They average 8k each. So that's 1.6MB of spam per day per user. Now, there's 118 million Hotmail accounts. Assume that a mere 1% of them get this much spam. That's 1,888,000 MB of spam. Daily. To Hotmail alone. That's nearly 2 terabytes of capacity. Daily
Now lets start throwing in Yahoo! mail, AltaVista mail, juno, excite, etc. etc. etc. and start counting numbers. It's scary. Very, very scary.
If anyone can actually provide real numbers for how much bandwidth is consumed by spam, please do. I did a Google search a couple weeks ago and came up empty. Lots of sites referring to it consuming "great amounts of bandwidth", but no hard numbers.
Comment removed (Score:4, Insightful)
Re:Spam problem (Score:2, Funny)
Heh, I love stuff like this. Someone needs to start a collection... Heisenberg proved you can't know anything, Einstein proved that everything is relative, Godel proved you can't prove or disprove blah blah blah. Just keep twisting and perverting it all until it gets unrecognizable. And just when it becomes so utterly meaningless -- it is then a perfect tool for any argument, a perpetual motion machine made out of spinning coffins.
Re: (Score:2)
Re:Spam problem (Score:2)
I think you're just trolling, but in case you aren't, here's the difference:
I go to a fair bit of trouble and expense to maintain my networks. I get to decide what happens with it. Spam is a parasitical use of that network, something I don't want. The reporting of spam is one of the things I do want. If I feel that it's clogging my network, I can stop anytime; I can't do that with spam.
Spam is noise on a data channel.
Uh, no. It's not like spam is some weird radio interference problem or some quantum effect. Real humans write and send every spam. They do it because they think they can make money at it.
This is not an inevitable consequence of the existence of a communication channel. Spam was negligible for many years; it wasn't until around the time of September That Never Ended [tuxedo.org] or maybe the green card spam [eff.org] that I recall getting any. Since then it has grown explosively, so that for many people it outweighs regular mail [hiwaay.net]. Ignoring it in hopes that it will go away or level out is about as smart as ignoring a suppurating wound.
Where's the Asian spammers? (Score:5, Interesting)
But where are all the Asian spammers? I'd guesstimate that I get 30 or 40 foreign-language spams apparently from Taiwan, Malaysia, and India every day. It's more than half of all the spam I get now.
Re:Where's the Asian spammers? (Score:3, Informative)
What's sad about this is that I've figured out the korean characters for "advertisement," by trial and error, and automatically filtered all that junk out of my mail.
Re:Where's the Asian spammers? (Score:3, Informative)
Re:Where's the Asian spammers? (Score:4, Funny)
WIth a big enough research grant, I might be able to uncover more details.
Re:Where's the Asian spammers? (Score:5, Insightful)
Like the Map says, it's by no means a complete picture. I just started with one email, then another, and began finding connections.
Asian stuff generally gets nuked immediately; I rarely even bother reporting it anymore.
*sigh*
...Bob
Bob West
Clueless Mailers Webmaster
Re:Where's the Asian spammers? (Score:2)
Re:Where's the Asian spammers? (Score:2)
attention script kiddies, hackers, crackers, etc (Score:5, Funny)
you have the map,
weve located the enemy,
now take them out!
do it for the good of the net, and may the Force be with you.
Brilliant! Hacktivism! (Score:5, Insightful)
Quit Moderating My Posts!!! Please! (Score:2, Troll)
Moderating the parent post of mine was just a plain waste of moderation points that could have been used on truely Insightful, Informative and Interesting posts. It wasn't funny or insightful. It was three seconds of brain power.
Hopefully, Meta-Moderators will correct this waste of moderation points.
Re:Quit Moderating My Posts!!! Please! (Score:2)
For some reason, I hear the voice of Rachel Dratch screaming: "You're Funny! *chuckle* Funny, Funny, Funny!"
I just got moderated overrated, underrated and funny in one go. In my book, that qualifies as spam.
Re:Quit Moderating My Posts!!! Please! (Score:4, Funny)
You think that is bad. I just "Trolled" myself according to a moderator on the parent post.
Re:Brilliant! Hacktivism! (Score:2, Funny)
Re:attention script kiddies, hackers, crackers, et (Score:2)
I know how to hook up wires. Big wires, lots of amperage. With high voltage.
Just to be festive, let's charge the circuit on July 4th!
Damn, that's some map! (Score:3, Funny)
Re:Damn, that's some map! (Score:2)
Mirrior (Score:2, Informative)
Hard to follow (Score:2)
I personally use spamassasin to filter my mail. It works great for me, so my problem is solved. I suppose the ultimate way to treat spam is by getting the end consumer to ignore it. Oh well, just a thought.
On a personal note, I have a new journal entry today [slashdot.org]. Take a look, it is about duplicity in a certain American law.
mirror, mirror, on the wall (Score:4, Informative)
So I've mirrored it [perljam.net].
-ted
It's a palindrome (Score:5, Funny)
This map is incomplete (Score:4, Funny)
The map is incomplete - I don't see Bernard Shifman on there anywhere
So, when will Thinkgeek sell it as a poster? (Score:2)
I'd buy one.
It'd look great behind my desk at work...
Take Note - Overbroad, Yet Incomplete (Score:5, Interesting)
Taken from their own criteria wording (emphasis mine):
Give me a break. With criteria as fast and loose as indicated on their site [cluelessmailers.org], we could all end up on the "map" through association. The project, as currently described may well be near useless with such lack of focus. There's an upfront message about not jumping to conclusions should you find yourself (or your firm) "mapped" ... but the whole map lends itself to
misinterpretation.
Surprisingly, the map isn't even close to being thorough given the collection of companies that are already represented. There's Doubleclick and Yesmail, but no Cheetahmail, Bigfoot Interactive, Whitespeed, etc. Broad criteria have somehow lent themselves to a terribly incomplete "map". Funny, that. Maybe I can't locate brethren firms in the tangle of presentation.
Re:Take Note - Overbroad, Yet Incomplete (Score:2)
Pre-Paid Legal Services is an MLM that specifically forbids their associates from using spam to sell the product. If an associate does so and it's reported to PPL, they can and have put a stop on associate checks until the behavior is corrected.
I know because I wrote the policy. (I don't work for them any more.)
So calling them spammers is a bit like calling Microsoft spammers because of those guys who send out the "Microsoft Office - $29.95" spams.
Re:Take Note - Overbroad, Yet Incomplete (Score:2)
I'm still getting three or four of those a week, so I think they need to work on their enforcement just a teensy bit. They need to change "can and have" to "always do instantly". The should also fine the spammer's uplines, so that their is some disincentive to recruiting members so slimy that they leave tracks across your linoleum.
Maybe Pre-Paid Legal is an exception, but most MLMs couldn't give two shits about what their recruits do. Until they start passing responsibility and enforcement down the chain as enthusiastically as they pull money up it, most will continue to think of MLMs as scams.
Spam the spam domains (Score:5, Funny)
Re:Spam the spam domains (Score:2)
Re:Spam the spam domains (Score:5, Interesting)
It also occurs to me that you could easily set up a DNS domain with a huge number of virtual hosts as spam magnets and play some mean trickery with MX records. Oops, I hope the DDoS script kiddies don't realize what I just said.
Which leads me to conclude... (Score:2)
Thanks! (Score:5, Funny)
Re:Thanks! (Score:2, Funny)
Oy. (Score:2)
I mapped SPAM once... (Score:3, Funny)
--Huck
Connectivty and hackers (Score:2, Interesting)
Generally in these types of partially connected maps, a few nodes exist without which the whole systems shuts down.
Sort of makes one feel like the rebels when they got a map of the deathstar
Map your own spam :D (Score:2)
http://www.visualware.com/emailtrackerpro/index
I want this poster on my wall! (Score:2, Interesting)
They need to add... (Score:2)
how to avoid getting on The Map (Score:4, Interesting)
OK, /., here's a question for you:
I'm not a real network geek (just a regular joe programmer), but recently my email address has been co-opted by a spammer. That is, I've received spam from my own email address. (I of course did NOT send it.)
The question is, how can a regular joe like me prevent this from happening in the future so my domain does not appear on some future version of The Map? I know about the guy who hacked into the spammer's laptop and got all their personal information, but I don't have the skills or access for that.
Re:how to avoid getting on The Map (Score:3, Informative)
Many spammers now seem to put the recipient as the From address. Presumably this helps the mail to avoid certain filters. So in all probability, you're the only one being spammed from your address.
Re:how to avoid getting on The Map (Score:2)
The slimeball spammers will probably read this and steal my idea, oh well...
I have implemented a filter check that will automatically pass things from my domain, but only if the Message-ID header contains my domain as well. I also automatically get anything with an In-Reply-To header which contains my domain.
I guess I'll be updating this filter soon enough, as the spammers bypass it. I'm currently running a very restrictive 'whitelist' of people I want to hear of while I go on holiday, but the In-Reply-To header rule seems sane enough, and I hate 'Vacation' messages.
Re:how to avoid getting on The Map (Score:2, Funny)
And then call your cousin in the mafia. The spam will stop real quick.
Re:how to avoid getting on The Map (Score:2, Informative)
See the linux.org's site for a description of their similar problem (people using *@linux.org as a From address, and people complaining to linux)
If people really do think emails are from you, get into a habit of PGP-signing emails. Let people know that if it's not signed, it's not from you.
Perhaps you might also find a way to autoreply to the people who vent off at you about how evil spammers are. If you get an email with "Re: (your standard spam regexp filter here)", delete it and reply with an explanation. Kmail is good at this, and The Bat on windows (30-day trial) is even better.
So, sign emails. Pity there's not more that you can do.
Joe-job (Score:3, Interesting)
Re:how to avoid getting on The Map (Score:2)
Maybe they should get together with the orbz crew. (Score:2)
Orbz seems to be over here [dsbl.org] now.
PMG (Score:2)
Given just this information, I think one can logically come the conclusion that PMG is nothing more than a Spamhaus, and doesn't care about stopping spam at all.
My question is, if we know for a fact that they allow spam, and probably even encourage it so long as they get paid nicely, isn't there anything we can do about it?! Can we not bring a class-action against them, or something? Surely there must be some recourse against a company/it's users that cost ISPs and end-users money.
Re:PMG (Score:2)
PostmasterGeneral/Mindshare supposedly has two prominent ex-MAPS [mail-abuse.org] people working in their "abuse department" to "clean up" their spam problem. The only problem is that these people of previously sterling reputation in the anti-spam community have been there since last summer or fall (at least) and PMG is still spamming. Last I read the only thing these ex-MAPS people have authority to do is listwash -- they couldn't even manage to remove addresses that were bouncing with 5xx errors!
Try doing a news.admin.net-abuse.email search on PostmasterGeneral, PMG and/or Mindshare "Subject:" headers. There you'll find all the sordid facts and all the high drama (including people breathlessly proclaiming undying loyalty to these obvious anti-spam turncoats).
If you run a mail server you can blackhole PMG with this list of their IP blocks and domains:
Kevin Bacon (Score:4, Funny)
did you know... (Score:2, Funny)
Graph Layout? (Score:2)
I'm trying to create a project to automagically do some basic graph layout (and ideally export to PS/PDF or PNG) from a PHP script.
I'm sure that was hand-tweaked, but has anyone found any graph layout tools for Linux? Free ones, or at least free-for-educational use, that is.
--grendel drago
This is interesting: (Score:2, Interesting)
Under "Upstreams", for Freeze.com (listed as a backturner, listpooler, stonewaller):
Rackspace.com > swbell.net
"Rackspace auto-replies to abuse reports, then forwards the complaints to the mailer without taking action. Freeze is a long-time network marketing mailer. Tried to educate them, but they failed to get a clue, even after many emails exchanged, even with top management. So, they go straight to the Bit Bucket. Partner in spam: optinglobal.com (see their listing on this site).."
Rackspace.. Rackspace..
Where have I heard that name before?
OH! I know!
They advertise right here on /.
Gee. I thought they were really cool-geek kinda people.
Now it turns out they're whoring for spammers.
Kinda makes ya wonder, don't it...
t_t_b
Re:This is interesting: (Score:3, Interesting)
chip designs? (Score:2)
What spam? (Score:2)
http://pyzor.sourceforge.net/
wide (Score:2)
Travis
PNG beats GIF (again) (Score:2, Interesting)
Re:PNG beats GIF (again) (Score:2)
method 119 for my possibly old version.
my favorites (Score:2, Funny)
Family
Friends
Pets
Someone will get em' (Score:2)
Bam! The crack of lightning and the following thunderclap is sudden and fierce. A chill goes through your spine. Oh! Shit, You forgot to check you mail from your "anonymous" Yahoo web account. Damn. The last time you checked your Email was last night. In the past 24 hours enough spam would have passed through those filters you spent tedious hours creating.
Those rules. Yeah The rules that you created were cool and you felt the power of God. You felt good. Until you found that some spam still crept though. Then more and then more.
But now it's worse.
24 hours have passed. Your web account has a Email limit of 6 MB. And your know that when your Email store is full - your Yahoo admin dude will just delete incoming emails. Just deletes them without a by-your-leave. And then - yes you know it, The one Email that you wanted is going to come in and get butchered, get shredded and you won't even read it, won't even see it, won't even know. Oh! The heart aches and the brain wants to sleep. Oh! The pain
Shit. With trepidation you take baby steps to your computer. Your computer - that cool computer you bought 18 months ago. You were on the top of your game baby then. Whoa! A 933 Mhz/512 MB/40 GB HDD monster - a bad ass machine with 32 MB NVidia GeForce GTS and a kick ass Turtle Beach Sound Card. DVD and CD-RW and all. For a then justifiable 2 Large.
Now 18 months hence with the latest update on Windows and Outlook, your bad ass monster might as well be a ugly P100 of the last ice age. You Email starts to pour in from the Yahoo account to Outlook. From Yahoo to Outlook. A minute goes by, another goes by. The bile rises within you...
SHIT
You see the last message downloaded. It is from the Yahoo admin. You don't even have to read it. The subject header says it all. Life sucks. Your computer sucks. You suck. The admin has warned you that all further messages will be deleted unless you free some of your precious mailbox space.
Sweat beads form on your forehead. You healthy handsome complexion turn pink. PINK! Yeah pink. They say a man comes of age in adversity. When the tough get going, the going gets tough - or some such shit.
You have a mission in life. Bring these miserable spammers to the public view.
You shall not sleep. You shall get em. With your resolve steady and your mind whatever - you know. You make the switch.
You get linux in - you get it in, takes 30 minutes. Hurrah! You connect to the web. Mutt shall save you. You surf.
Slashdot shows up a site.
A MAP OF SPAM.
You knew what need to be done. Oh! Yes you did. Right about the time when those sweaty beads somehow got on your forehead and you became a pink chimp. Now you know how to do it. You are going to get all those miserable spam bast@#ds.
The cat meows. Oh sorry. No cats. The dog barks - more like woofs. Yawn. It 1:30. Need sleep. Got a gawd awful meeting with that sales VP guy. Same old proposal.
Some techie I am. Dirty old man, dirty old sales VP keeps getting personal with all and any chick, and hey even with the cute DBA gal. She sometimes looks at you - boss man. No wonder the company is going down the drain. Clients run away from this sales guy. Revenue is down. Your best buddies are thinking of leaving. DBA gal sometimes looks at you. Only sometimes. Life sucks.
Need sleep. Got a gawd awful meeting with that sales VP guy.
I will let some one else deal with that spam thing. Yeah. Someone else.
Need sleep now. Meeting with bad sales guy. Someone will get those spam guys. Me sleep. Bad VP guy tomorrow.
zoom through this letter (Score:2)
privacy policies (Score:3, Informative)
I wonder why they even bother having them, but it's a nice way to inform us of everything being done.
For example: eScriptions.net [escriptions.net]: virtumundo.com [virtumundo.com]: I particularly like the way they go through excruciating trouble to explain "webbugs" though: *pats his Mozilla that displays html mails as plain text and will not load remote images in mail and news (two seperate functions)*
My question is... (Score:2)
More detailed info on spammers (Score:2)
If you're serious about learning everything there is to know about the worst spamgangs be sure to check out Spamhaus [spamhaus.org]'s excellent Register of Known Spam Operations (ROKSO) [spamhaus.org].
Although the site comes complete with mug-shots for one spammer, nothing I've seen there compares (humor-wise anyway) to the hilarious Tommy Brock--Spammer, thug, exhibitionist [ste-marie.net] page.
Re:Spam will be gone, in 100 years. (Score:3, Funny)
Sorry dude, but nuking spammers doesn't work [userfriendly.org].
Re:Too complicated (Score:3, Funny)
Greedy Idiots --> Internet --> You
Re:The ubiquitous google cache (Score:2)
Re:Who needs a map? (Score:2)
Re:When can I buy the Thinkgeek Poster? (Score:2)
Use italics freely and enjoy them.