Anti-Spammers Wage E-War 456
ncstockguy writes "To its credit the Hartford Courant followed up with a second article this time from the perspective of an anti-spammer." The first story was about the life and times of a spam king.
The opposite of a correct statement is a false statement. But the opposite of a profound truth may well be another profound truth. -- Niels Bohr
Never actually noticed.... (Score:5, Interesting)
"They are every fly-by-night artist that ever wanted to place a tiny little ad in the newspaper and get away with it," Frederick said. "I have yet to see one legitimate product advertised in an e-mail that I didn't ask for."
Never thought about it before until now, but I don't recall ever having ever seen one either...
Re:Never actually noticed.... (Score:5, Insightful)
If I want their business, I will go to them. Spam me, and you will never, ever, get my money.
Re:Never actually noticed.... (Score:3, Funny)
Not even for our new business opportunity of your life, now coming with a free penis enlargement, breast implants and a PhD?
Re:Never actually noticed.... (Score:4, Funny)
Re:Never actually noticed.... (Score:2)
The logical conclusion of this is that I helped support Orbitz and others see spam as effective. For this I can only fall on my knees braveheart style and beg /.'s collective forgiveness..
Re:Never actually noticed.... (Score:2, Interesting)
Your experience could have been different - were you flying on multiple airlines?
I just can't do that (Score:5, Interesting)
However I find SPAM very different from telemarketing/bulk mailing for several reasons:
1) The telemarketers/mailers are 99.9% of the time legit bussinesses offering legit products. When Cox calls to sell my high speed internet access, they aren't playing around, they can and will make good if I want. When I get a book of coupons in the mail, I can really go and use those for the products on them. SPAM is fradulant so often it's not even funny.
2) Also, with classic methods, the sender pays. The company calling me is paying for the long distance time, the mailer pays postage. It doesn't cost me anything other than wasted time (and there is plenty of stuff that does that). SPAM costs me money, which makes me angry.
3) However BY FAR the most imporant reason in my mind is that when you ask a telemarketer/bulk mailer to quit, THEY WILL. Since they are real, legit bussinesses and DON'T want to get sued, they'll obey they laws and stop contacting you if you tell them they have to. When a telemarketer calls you, ask to be placed on their do not call list, they have to maintain one and you can sue tehm if tehy call you again (unless you buy something from you, then you have a bussiness relationship so they can contact you if they like). Also a lot of companies get your address from teh credit reporting beuarues. SO call up Equifax and ask them to stop giving it out. They'll tell you what you need to do (submit a request in writing I think) and then they will, and pass it along to the other two.
It really is the unrelenting, fradulant nature of many spammers that gets me. For the longest time I got a ton of spam from a place that wanted to allow my bussiness to acept credit cards. Well the thing is I don't HAVE a bussiness, and I already have service to accept cerdit cards anyhow. No matter, these assholes spammed me 2-6 times PER DAY. And of course they didn't say who they were or anything, just asked you to e-mail them (to a yahoo address) with a name and phone number to call.
Stuff like that really pissess me off, I eventually had to resort to a technical solution to make them stop. However when AT&T long distance was pestering me (about 1 call every 2 weeks) I just told them to put me on a DNC list and I've never heard form them since.
Re:I just can't do that (Score:2, Interesting)
Since I am in Australia, and no-one I know uses Sprint, I now have a permanent filter to blackhole any mail originating from a Sprint domain.
Re:Never actually noticed.... (Score:2, Funny)
Actually I did accept a product from a telemarketer once. Qwest called me to offer its new privacy plus service..the conversation went like this:
Me: You mean if I get this installed on my phone people like you won't be able to call me anymore?
Telemarketer: Yes sir, thats absolut..oh well yes I guess thats right.
Me: SIGN ME UP!
Needless to say, I NEVER got another call from Qwest or anyother marketer!
Re:Never actually noticed.... (Score:2)
There is a difference between:
The first point - nearly all companies advertise, how else do you educate the market about your product/service? Damn, think about your current employer - they most definitely advertise.
Second point, I try really hard not to do this, but sometimes it just happens to be a product or vendor that I was looking for anyways, and have no other really good reason to get something else. I do however go out of my way to procure it in a way so that they shouldn't even know that I saw their promotion in a spam. Go to the company's homepage and navigate to get to the deal.
One more thing to think about, popup ads aren't spam, they're annoying billboards that get in your way. Spam is junk that comes to your personal mailbox (be it electronic or postal).In the third instance, those customers should be shot. They and the spammers are defecating on the face of humanity.
Re:Never actually noticed.... (Score:5, Funny)
A major dutch newspaper (I'm dutch) once sent several tens of thousand e-mails through a known spammer advertising subscriptions. They received more than 10 thousand complaint e-mails, a few people canceled the subscription they already had and all public e-mail adresses they had were subscribed to so much e-mail/spam lists by disgruntled recipients of their spam that their internal e-mail system got overloaded several times during the following month.
Re:Never actually noticed.... (Score:2)
I'd like to send details (names, dates, contact info) to certain people I know who are contemplating sending such 'opt in mailings'.
It may help if you compile a largish list of unconfirmed high volume lists and present them, along with the aforementioned details, saying "Here is a small sample of the lists we will be subscribed to"
Re:Never actually noticed.... (Score:3, Informative)
The spam company they used was recently in a legal battle with dutch internet provider xs4all about wether or not the spammer was allowed to send spam to xs4all members (spammer lost) But I can't remember the name of the spam company and I can't find anything english (or dutch) right now. I'll look into it and post here this evening.
right... I'm back (co workers know everything)
the paper was called NRC (www.nrc.nl, dutch)
spam company was called abfab (www.abfab.nl I guess) Turns out it happened around the 20th of october 2001.
this is the only link in English I can find right now
http://www.xs4all.nl/uk/news/overview/abfab.
a search on google.nl for nrc spam returns a few usefull links but they're all in dutch.
Legitimate products through spam (Score:2, Interesting)
I used to work in the industry, and while we'd never send mail on the 80-million-a-day scale that some of these guys do, we'd certainly send half-a-million in a given day, to broadly scattered email addresses. We always made a specific point of keeping the email small (under 1K) and it was *very* clear who the source of the message was (never luv384j6@h0tmail.com).
The mail itself invited the recipient to sign up as a mystery shopper, which would give them the opportunity to get paid to evaluate services in their local neighborhood.
Unfortunately, in a world of snake-oil salesmen, we took a lot of grief for the approach, even though it still paid for us to do it. Because the offered product (which was really a part time job offer) was legitimate, we never attempted to disguise the identity of the source. Bounced mails were automatically flushed from the database. Removal requests were honored. The advertising business was tracable. (Our address, phone number, president's name and industry association registration was on the first web page link in the message.) But because of all the charlatans out there, we were taken to be just one more instance of spam -- which in some sense we were, but with at most a tiny fraction of the rudeness which permeates the practice.
Re:Legitimate products through spam (Score:4, Funny)
It doesn't matter that your e-mails were only 1k, you f***ing jerk. I am forced to switch e-mail accounts every 4-6 months because of idiots like you. Sifting through a list of headers containing 1k e-mails and 100k e-mails makes no difference whatsoever.
How about my buddies and I (about 10,000 of them) pin you down and pummel you with punches all day long. Don't worry, though, they will be "polite" and "little" ones. What was that - you didn't ask to get punched?
This kind of practice is what will, sooner than later I suppose, drive e-mail back into the dark ages. Wake up!!!
Re:Legitimate products through spam -- HA! (Score:4, Insightful)
For what values of sense are we talking about? Take a look at GoogleGroups search of news.admin.net-abuse.sightings, and let me know how to your legitimate mystery shopper offer from all the others: URL from Hell [google.ca] Quite a lot of it, isn't there?
Re:Never actually noticed.... (Score:2)
Think of spam as products to shitty or too illegal to even make it to infomercials and suddenly it all makes sense.
Also explains why I hate to get spam, I don't watch infomercials for a reason ...
Re:Never actually noticed.... (Score:5, Informative)
Ahhh! That's the worst thing to do. All of the ones that DON'T come back undeliverable now know your email address is being checked and read. Not only are you telling them to send out more stuff to you, but they can sell your address to others for a greater amount of money. Never ever ask to unsubscribe. It's better to just right a filter that deletes it immediately.
Whoa, wrong! (Score:4, Insightful)
Re:Never actually noticed.... (Score:3, Insightful)
Most spam I get these days is HTML phone-home style. As soon as I read it, it's off requesting images from somewhere. It's pretty easy to customise each spam so it is identifiable to the image server. So, effectively, the bastards know I have read it anyway (well, I never actually read it, but...). Unless you turn off all of that HTML shit, which is sort of a good idea, but it is sort of giving in to the spammers.
The other reason I am skeptical is... Since when did spammers care if the address is valid or not? They are still going to spam it either way. As for selling it on, do you think they are that trustworthy? "All of these addresses are valid, honest! Would I lie to you?" And the idiots that buy the addresses... They don't care either, they are just sending spam to all of them, who cares if some of the addresses don't work?
If anything, the spammers should welcome remove requests, because that means one more anti-spammer off their backs. So, of course, if you are an anti-spammer, you should be attacking the cause of the problem, not the symptoms... So I agree that it's not worth clicking on unsubscribe links, but not for the reasons you (and many others) give.
Re:Never actually noticed.... (Score:3, Interesting)
-- many times, you can have some fun with unsubscribe links: They fall into one of three categories:
(1) a page which takes an email address, checks if it's on their database, and if so, tells you it's been removed.
(2) a page which takes an email address, and displays "Your email: <WHATEVERS_IN_THE_QUERY> has been removed from our database" - you can check this by entering something which isn't an email address into the query.
(3) Same as (2), but it writes down the email you want unsubscribed, and makes it available to the spammer.
Option 3 is the most fun, because you can feed it your own set of email addresses. They probably filter all the microsoft ones, but I'm sure hollings@senate.gov is starting to see how internet marketing works...
Similarly, I'm sure they filter uce@ftc.gov out of their lists, but if you know the sales@company.com email addresses of people who advertise through bulk email, this can be a good time to mention them.
After all, you're only removing these peoples' names, right?
Re:Never actually noticed.... (Score:2)
1. If I get a reply to a spam I sent to adress x
then adress x is used and read by someone
2. If I know of an adress that is used and read by someone
Then I will add that adress to all e-mail lists I send mail to.
not unsubscribing is usually the best tactic for spam not sent by a business you know. Large well known companies usually (but not allways) do act upon unsubscribe requests.
Re:Never actually noticed.... (Score:3, Informative)
Make sure that you either (a) Don't use Outlook Express, (b) failing that, TURN OFF PREVIEW, and only look at strange emails with Properties/Details/Message Source.
Re:Never actually noticed.... (Score:2)
Re:Never actually noticed.... (Score:5, Interesting)
Ugh. This is the absolutely worst aspect of HTML e-mail. Just by sending you an unsolicited HTML e-mail, a company can get your browser model and version, whether JavaScript and Java are enabled, your IP address and hostname, the operating system, and roughly where you are located in the world (sometimes down to the city). First, they know you check your e-mail; second, in one click, you just provided a wealth of marketing information; and, third, they can tailor their future e-mail to your system's security vulnerabilities.
Does anyone know of cases, where e-mail was used to install spyware on the client?
Whoever first concieved of HTML-based e-mail should cower in shame for lack of foresight. And all those who chose to implement HTML-based e-mail clients should also cower in shame. HTML-based e-mail is simply irresponsible. I'm simply tired of people who insist in making their e-mail pretty, while unknowingly sacrificing their privacy and security.
Re:Never actually noticed.... (Score:2)
The nasties of HTML email can be nullified by using Pegasus Mail for win32 [pmail.com] freeware if you are on windows. It has its own renderer that was specifically made to render HTML without exposing you to these problems. I love it like a teddybear. What's more is that you can force their HTML to act like plaintext of you want.
Re:Never actually noticed.... (Score:2)
Saving the Internet from the Scum of the Trailer-Park [spamfighters.org] Bottom middle.
Re:Never actually noticed.... (Score:3, Insightful)
You broke one of the most rudimentary anti-spam rules. By repsonding to the 'remove-me' link you are telling them that they sent a message to a real address of someone who opens and reads spam. That increases the value of your address by an order of magnitude. Instead, try responding with SpamCop [spamcop.net] and get them shut down.
Re:Never actually noticed.... (Score:3, Interesting)
I used to hate that. Now I love it.
I modified my SMTP server to look for certain text that is a dead give away for spam.
My SMTP server now hangs up on the INCOMING CONNECTIOIN as soon as:
The cool thing is that I have my SMTP server HANG UP the connection before the mail is even completely delivered. My opinion is if they succeed at dumping their load and disconnecting, they've already won even if I filter it out later. I want to detect it when it's coming in and hang up the phone right away.
It's fun looking at the sendmail log and seeing dumb spammers trying again and again to deliver their BS, only to get hung up on again and again.
My spam has gone from about 30-50 per day down to around 5. And every time a new one makes it through, I analyze it and it gets added to the sendmail spam filters, never to get through again.
Life is good.
Re:Never actually noticed.... (Score:2)
"Let's see, if I spam a bazillion people and 0.00001% buy my penis-pills, that's a lot of quatloos!" (Some spammers make money by selling "millions" CDs to other spammers, frequently claiming that 26 million people opt'ed in to receive advertising from anyone who buys the CDs.)
There are a few big-time spammers that do make money (sadly) which only encourages the trailer-park trash types to give it a try. (My apologies to trailer-park trash for linking them with spammers.)
Another tactic? (Score:4, Interesting)
Start filing CIVIL lawsuits against the advertisers directly, and in the process subpoena'ing the spammer's themselves? This way the spammer's identity becomes known and then civil action can be brought directly at that person.
The basis would have to be "theft of services", as the receiver pays for the email, etc. After a few major lawsuits, I'm sure domestic spam will quiet down, and the major advertisers will cut back on funding of spam (1. they just got sued, 2. no one wants to spam for them anymore). Then the trick would be to get international cooperation...
Just a thought...
Even international (Score:3, Interesting)
The only issue would be collecting the money. One way to do it is to get a court to order Visa,Mastercard, American Express, and Discouver to hold any monies going to these scum bags. Without credit card processing, many of these spammers are dead.
Anyways, I suspect some of these scum bags use fake international addresses to try to hide.
Re:Another tactic? (Score:3)
I think we should go much further than that.
I think we should start using $cientology-style tactics on these bastards -- repeatedly filing lawsuits against anyone who does any kind of business with them, using ex-parte searches to confiscate all of their computer equipment, defaming them in every possible forum, etc.
Proving damages enough to really go after them could be hard. Alleging identity theft, fraud, child pornography, terrorism (wouldn't spam be a great corpus for stego?), etc. could do the trick. Of course, if a major ISP/backbone wanted to get in on it, they could claim significant damages in bandwidth costs alone.
-Esme
This is why not (Score:2)
Because two reasons: First, most people don't know what their state laws say regarding civil lawsuits, and don't know how to file a civil lawsuit. Second, nobody has the time.
Re:Another tactic? (Score:2, Informative)
http://www.peacefire.org/
http://www.mids.org/mn/803/spamset.html etc etc
for a sampling of people who do just that. Some spammers pay up, and if enough people did this it *might* be a big enough deterent, however, so far it seems that the vast majority don't pay.
From the research I've done, it appears that more people in the US sue over junk faxes than emails, because it is illegal to send them in a number of states, but even then apparently the business is lucrative enough to be able to either pay the fines or ignore them altogether.
In fact, apparently quite a number of major spammers (whether sending junk faxes, email etc) create corporate shells to protect themselves - it's the "throwaway company" concept, expanding on the throwaway email address...
Really I think the most effective deterrent would be if sending out the emails didn't bring back the revenue. While anti-spam measures etc are important (and necessary), and while educating spammers is also important - getting the masses to quit buying stuff as a result of unsolicited correspondance would have the single biggest impact.
Setup a company to do it (Score:2)
Keep 98% percent of the money collected to keep the company running, and give the rest back to the complainants as a commision.
I'd sure foward my spam on to said company on the slight chance of getting something out of it.
And a few court victories would go a long way towards making potential spammers think.
Mailwasher (Score:3, Informative)
I feel so used... (Score:4, Interesting)
Sign me up for the war, want revenge for this, feel free to advise.
Re:I feel so used... (Score:2)
How to Stop Spam (Score:4, Interesting)
Some of us go to great lengths (Score:4, Interesting)
I have an account I purchased from spamcop.net [spamcop.net]. I never used the email address onything (i've never even checked it) and it's bounsing spam every day.
Spammers hack systems to get accounts, they harvest them, they buy them (illegally) from state agencies. These people are scum and I consider it my right, duty and priviledge to take them out whenever and wherever I can find them.
I am in the process of building a snort utility specifically designed to track down the home IPs of spammers (in the US at first).
I won't go into details on what I plan to do when I get some, but rest assured it will be neither pretty nor legal.
Re:Some of us go to great lengths (Score:2)
Ah. The Jay and Silent Bob method. Up close and personal...!
Re:Some of us go to great lengths (Score:2)
(I'm seriously considering upgrading from the free reporting service to a paid account with a SpamCop address, so I'm very interested in users' experiences.)
Re:Some of us go to great lengths (Score:2)
Re:Some of us go to great lengths (Score:2)
I have three words for you.... (Score:3, Informative)
Okay, so that's more like 6 words, but still it's great. A guy I work with turned me onto it and I love it. And adding a `spamassassin -r` in my procmailrc for known_spam gives me the feeling that I'm actually doing my part in preventing SPAM.
Re:I have three words for you.... (Score:2, Funny)
I don't know how well people will take your assessment given you think the word 'Spamassasin' is either three or six words. It's bad enough to be schizophrenic, but when both of you are wrong.....
Spam Assassin (Score:5, Informative)
Re:Spam Assassin (Score:4, Insightful)
No. You still get 100+ per day. You just don't see them in your mailbox. But the bandwidth and storage space have already been eaten, and that's really what's evil about spam.
I'm all for programs like Spamassassin, blackballing systems (run right), etc. But they put a thin veneer over the real problem - that boatloads of bandwidth and storage space is being sucked up by noise -- the vast majority of people don't want this stuff, and the cost of transporting it is being passed directly on to the consumer.
What, you think you don't pay for it? Has your internet service increased in price recently? Has the level of service on it remained the same for the past 3 years? Still able to download/upload stuff at the same rates you could 3 years ago?
I really, really hate to say it, but I'm increasingly convinced that the only way to stop spam is to do so through the legal system. The vast majority of spammers are within the US - either they source the mail from the US or they are US citizens using foreign resources. In either case prosecution under either current anti-fraud laws or (ick) new anti-spam laws could seriously reduce the flood of spam.
Yes, it would probably take some international cooperation on the legal front. But there's a helluva lot more of that then there is on the technical front. Sure, technical solutions (refusal of service, leaf node filtering, etc.) work in theory. In reality they've failed. Miserably.
Seeing the NY AG sue Monsterhut for fraud and violations of consumer rights statutes makes me happy. And I sincerely hope that it's just the tip of the iceberg on that kind of case.
Re:Spam Assassin (Score:3, Insightful)
Excellent point.
I really, really hate to say it, but I'm increasingly convinced that the only way to stop spam is to do so through the legal system.
Ironically, though, anti-spam measures only serve to hide the problem from the general public! Anti-spam measures keep your average internet user from getting so pissed off that they'll vote for politicians who promote legislation that would alleviate the problem.
I hate to say it, but the biggest problem with getting enough critical mass to force legislation through is the anti-spam community that is hiding the true magnitude of the problem from your average voter.
Re:Spam Assassin (Score:2)
Still able to download/upload stuff at the same rates you could 3 years ago?
Much, much faster today. You see, now I'm on DSL wheras I was on 56K. More bandwidth makes spam a smaller percentage of that bandwidth.
The technical solutions are better than the legal solutions.
Re:Spam Assassin (Score:2, Informative)
Don't expect software to work 100% as you want "out of the box" (or "off of the net" in this case.
Re:Spam Assassin (Score:2)
Re:Spam Assassin (Score:2)
It's the whitelist_from option; it takes a fileglob-style argument to specify a sender whose e-mail will not be checked. E.g., "whitelist_from *@slashdot.org" would whitelist e-mail from Slashdot. The default configuration includes a number of whitelisted addresses by default. The corresponding blacklist_from option is there too, along with whitelist_to, more_spam_to, and all_spam_to.
Re:Spam Assassin (Score:2)
You can do several things to fix this. One is to up the threshhold in Spam Assassin from 5 to a higher number. Another is to change the scoring system for your triggers. But, the best is to have procmail deal with those messages before passing the message to spamc/spamd.
Valuable Products? (Score:3, Insightful)
Re:Valuable Products? (Score:4, Insightful)
Unfortunately a lot of people actually do fall for it - that is, enough of them to make spamming 15 million people worthwhile.
Until those sort of people stop replying and purchasing these "products" from spammers, then we will continue to see spam in one form or another.
Re:Valuable Products? (Score:2)
Re:Valuable Products? (Score:2)
You mean I won't have a BIGGER PENIS in 3 days, so that the HORNY TEENS won't want me and I won't need that HERBAL VIAGRA? I guess I'll have to fall back on my PHD FROM AN UNACCREDITED UNIVERITY to pick up women, after I get OUT OF DEBT by REFINANCING MY MORTGAGE!
Re:Valuable Products? (Score:2, Interesting)
Scott Adams in the Dilbert Future actually hit the nail on the head on this topic.
Suppose you spam 1,000,000 e-mail addresses, and 1/2% are stupid enough to fall for it. That's 5,000 responses, from people willing to fork over money for your bogus or not-bogus product.
Given the cost of spam, it's no surprise it's so prevalent.
Re:Valuable Products? (Score:2)
Yes. Probably nobody on slashdot or in similar communities would fall for it, but often we forget how stupid the average user tends to be.
Would your dear mother, bless her soul, who just got AOL last week respond to a free vacation scam?
Would your pointy-haired-boss fall for a 'learn everything about your employees' scam?
Would your neighbour fall for a penis enlargement scam?
Would the annoying sot who forwarded you the latest chainmail saying that little Suzie who has cancer will receive $0.05 for every time you forward the mail?
Now multiply this by the entire population of internet users. Yes, spammers have a large market of suckers and it is practically impossible to educate them all. I'm sure there are slashdotters out there who have met suckers who read every spam from start to finish.
Re:Valuable Products? (Score:2)
Don't rule out Neil Schwartzman (Score:4, Funny)
Shifman Is A Moron Spammer [petemoss.com]
Schwartzman's anti-spam page [petemoss.com]
A thought ... (Score:5, Funny)
This article made me think of a slightly modified version of the question asked in the article yesterday about The True Story of Website Results [slashdot.org]: If you could press a button and kill a spammer on the other side of the world, would you do it? And would you even need to be paid the million dollars?
Re:A thought ... (Score:2)
no, I want to see him suffer, and I want him to know it was me..
//rdj
A more pertinant thought... (Score:2)
How much would you pay to be able to instantly kill a spammer, anywhere in the world?
How much if you could subject them to torture first?
How much if you could force the other spammers to watch?
A colleague and I agreed that if we were to take money out of our 401(k)'s to hire a contract killer for sapmmers, that the withdrawal should be tax-deductable. Possibly even listed as a charitable donation.
Internet bylaws (Score:2, Insightful)
I think a set of bylaws should have been set forth quite some time ago. Bylaws to ban things such as spamming, massive pop-ups, etc. These bylawas could be set forth by a governing body(IETF maybe). If someone/something violated these bylaws then appropriate action could be taken.(account termination, blacklist, etc)
The Internet should be self regulating in itself and laws should be left for crimes in general regardless of the methods used to commit them.
just my 2 cents
Re:Internet bylaws (Score:2)
Unlike spam, you can simply avoid such sites, and your pop-up problem is solved.
How to stop spam? (Score:2, Interesting)
Unfortunately, this doesn't address the torrent of spam from China, nor the Nigerean Millions waiting for a bank acount spam, But at least it would be a start.
Re:How to stop spam? (Score:2)
If you get those, you are supposed to report them to the police, and your local law enforcement or embassy may be able to help. In London, the Metropolitan police have a web page [police.uk] about it, so we sent the mail and original headers to them.
Apparently, six people were recently arrested [com.com] for this very crime! So things that are obviously major frauds are worth looking up in case you can shop them to the law!
Re:How to stop spam? (Score:2)
Why bother fighting? Here's why (Score:4, Interesting)
People will say that spam is the same as junk snail mail, but it's not. "Legitimate" junk snail mailers will happily bear the cost of sending their messages, knowing that they are advertising a legitimate product or service. Spammers push that expense off on the people receiving their message.
To further the theft of services concept, an overwhelming majority of spam is sent through open or unsecured mail relays. This means that people who have no legal right to use those services are using them, much like someone who splices into an apartments building's cable tv system to get free cable. And as I always point out in my spam complaints, there's always this little gem:
-----
Darwin is an evolutionary OS [cafepress.com]...
--
Apple hardware still too expensive for you? How about a raffle ticket? [macraffle.com]
ban junk mail as well (Score:2, Interesting)
don't think it's a problem? just try joining your local chamber of commerce and see how much junk mail you'll receive every day! Even if you quit, it keeps coming in. My house is a mess.
Willful ignorance on the part of ISPs (Score:3, Informative)
First, I suggest EVERYBODY use Spamcop or a similar reporting service when the get SPAM (disclaimer - I am in no way associated with SC other than using their free reporting service).
Second, if you get a spam from a server hosted by one of these ISPs, you use www.bitch-list.net to turn the crapflood back on the ISP - make it cost them more in support calls than the spammer is paying them.
Third, if any of you HAVE servers hosted by these ISPs and you ever get shut down for TOS violations, you sue the ISP, claiming discrimination - "They didn't TOS these spammers, why are the TOSing me?"
Make it cost the ISPs more to host the spammers than the spammers pay, and they will drop the spammers. Remember, both Verio and Worldcom/UUNET are hurting for money right now - pink contracts must look pretty good to them ("See, the spammers will pay DOUBLE for bandwidth!"). Turn the pink contracts into red ink, and they will cease.
Differences in Junk Mail (Score:2, Insightful)
It's because they never, ever have sold a product that doesn't look like a scam, or porn to me. Every single spam I have gotten in my 7+ years on the internet has been for penis enlargers, aphrodisiacs, etc. It's like the snake-oil dealers of old have found a new home on the internet.
If I got coupons to the stores I frequent (or are in my area), or just adverts for legitimate, registered, good companies about products I might consider. It wouldn't bother me as much. But it's the fact that the spam I receive is pure, unadulterated, useless crap which explains why I hate spam so much, and don't feel too bad about junk mail I receive by post.
Just my thoughts on the issue.
Spam-fighting hiatus to raise awareness (Score:3, Interesting)
> tracking it back down to the source,"
> Mozena said. "Without that constant
> fight, things would be a lot, lot,
> lot worse."
Does anti-spamming really work? The administrators and users of SpamCop, SpamAssassin, etc. should back off for one 24-hour period. Let the spam roll in. If it truly would be a "lot, lot, lot worse" without spam-fighters, the happy fallout will be that thousands of indifferent users who respond to spam with "JHD" (Just Hit Delete) will see how bad it's become. Maybe they'll join the spam-fighting ranks, or at least demand a solution.
Anti spam does work (Score:2)
Use SpamAssassin (Score:2)
It can even look at the Received headers so you can distinguish between email that is genuinely from yahoo.com etc, vs email that is using a forged From header saying @yahoo.com. I use this to add extra spam points to email received from an old email box that gets almost nothing but spam.
The answer (Score:4, Interesting)
As inconvienient as that is, it fixes most of the problems of the e-mail system. Mostly it will not accept any bulk mail from anybody.
Not the answer (Score:2)
There is also software out that makes it trivial to "spam" a web form, that is, to constantly call the CGI with random input, flooding the message store with bogus data.
My answer to spam?
Use GPG, and only email encrypted with your public key. If someday you start getting encrypted spam (never happened yet, encryption takes CPU resources), there is a more draconing step-
Only accept mail that is crytographically 'signed' by people in your personal keyring, or from somebody who has had their public key signed by somebody in your keyring.
This restricts incoming email to 'friends', and 'friends of friends'. It is spam-proof.
It also ensures that your Aunt Millie in Oklahoma who only uses WebTV will never be able to send you another email. This could be a good thing, depending on how annoying Millie is.
Re:The answer (Score:2)
Sorry, when I want to let some friends know about something then I'm not going to go to their individual web boards and write a message. I'm going to email them once using cc's or bcc's. Oh, sure, I guess you can then start talking about community webboards (my wife uses one to keep up with her college friends), but just how many different boards do I get to go read for this kind of thing? No thanks.
And lets not even talk about the umpteen million different interfaces you'd have to deal with. Plus all the different "feature sets" -- any bets on how many people won't think to allow attachments? Or other things that will become standard for a large part of the net? Essentially you roll the email system back 30 years. There's a reason that it's a freaking 7-bit protocol with really, really wacky rules.
Email isn't going away. We need to work on technical and legal solutions to the issue - not ignore that it's there.
Blocking spam is one thing... (Score:3, Interesting)
I'm in the middle of dredging through the headers trying to figure out what the company ultimately responsible is, but even if I manage to find out, I'm not sure what to do with the information. I want blood.
Any suggestions?
Approach = failure, motive = weak. (Score:4, Insightful)
Martin Roth aka lumbercartel@hotmail.com
Martin Roth aims to solve the spam problem by educating spammers about proper e-mail marketing practices. But to educate them, he first has to find them.
Well, that sounds like a plan.
With practiced ease, Roth launches software tools with names such as "SpamCop," "SpamKiller" and "Sam Spade." These, along with multiple online accounts, help Roth comb through the junk e-mail pile for clues to the spammers' identity.
It's embarassing to use these tools because of the raw number of false positives they generate. Of course, for click and drool "d00dz, d3l3t3 yur spammer NOW!" people like Roth, that's a-ok. Of course, let's note that he belongs to a group that calls itself "Spam Wranglers Action Team," which by naming itself something stupid has demonstrated idocy.
But others, such as spam messages that appear to have been sent by an Internet newcomer, may present a better opportunity. A rookie spammer may fail to disguise headers and return addresses, create an amateurish sales pitch or promote a common multilevel marketing scheme.
So, go after new spammers because it's easy? Well, I guess they are easier to convince to change their ways, but if he really wanted to stop spam he'd be going after the mega-houses.
"Here's a guy maybe you can educate," Roth said, pointing to one such message among the scores before him.
What kind of education do you think this guy is going to get?
With that information in hand, Roth then reports the abuse and asks that the spammer be cut off. Many Internet providers will comply, since the sending of spam is usually prohibited by their own user policies. Providers that don't comply could face the prospect of being added to the blacklist of companies that support spamming.
Oh, that's some quality education there, sir.
As he speaks, Roth's computer erupts with the sound of gunfire once more. Roth
smiles broadly.
"Got another one," he said.
And that, my friends, is why these people do it. Because they enjoy the feeling of power that cutting people off the net gives them. They are like petty IRC dictators, typing "/kill
Martin Roth is doing nothing to help the spam problem, and he is a poor choice of people to profile. Martin Roth is yet anoter Maryanne [google.com] Kehoe [viper.net.au]
Re: (Score:2)
Re:Approach = failure, motive = weak. (Score:3, Informative)
... ineffectively. If you want to actually have an effect and contribute to the Internet community, then do something effective.
Shutting down spammers is a small part of being effective. You want to make a tiny effort to shut them down, because it will help a bit. It won't help much against the big spammers who use Chinese or Korean servers to send their spam, but it'll help a bit. But don't waste your time at it. Find some automated tool to send off the reports. I use Spamcop, because it's dead easy; I imagine lots of Spamcop complaints get ignored, but you need to put so little effort into them, that it's no big loss.
The big advantage of using Spamcop to complain is that it improves the Spamcop blacklist. Sites that originate spam are blacklisted when sufficient traffic from them over the last week is reported as spam. Other sites can use the Spamcop blacklist as an indicator that an email is coming from a recent spam source, and block it (or use this information in a scoring scheme to help decide whether to block).
You can also sign up with Spamcop for email filtering. I'd estimate that it catches about 95% of incoming spam, with a very low (0.01%, maybe) false positive rate. For me, this is sufficient: I get just 2 or 3 spams per week. Others may want more powerful filters.
There are other community efforts to build spam filters, such as Vipul's Razor [sf.net] and SpamAssassin [spamassassin.org].
Contribute to any of these, and you'll have a big effect on your own spam load. Publicize them, and you'll get more systems to incorporate them into their mail servers, making spam less of a problem on every system.
Irony (Score:2, Informative)
Sneakemail! (Score:2)
Didn't slashdot have a story a while back about a study on how to get on SPAM mailing lists? I believe they found that posting on usenet was the worst.
Sneakemail is still free, but they are now asking for donations.
Spam Interceptor vs. Spam Wrangler (Score:2, Interesting)
What needs to happen is the Email protocol needs to be re-written. It was originally developed in RFC822 to be an open standard that could take on many forms and purposes.
Today, we know how Email is used intricately, and the protocol can easily be re-written to *ENSURE* Spammers do not have the ability to automate spamming.
My company is re-writing the protocol over the next year or so ; and our changes will made available to the world.
Non-existant users being spammed. (Score:2)
Nearly 200 different non-existant usernames in my various domains are being spammed, many on a continuing basis. These are usernames that have never existed, and never accepted delivery of mail, so they are definitely not confirmed opt-in's for anything. It just shows how far spammers will go, and how they never clean up their lists (as if that would help real people).
Re:Who cares? (Score:2, Insightful)
The amount of time people spend filtering through their inbox to try and find the truly legitimate email is only getting worse and worse. This is even worse on a corporate level where people should only have to worry about work emails.
The cost of storage of those emails in the corporate environment is also high. Imagine a location with 3000-4000 user accounts. a spam of 500k would take up some valuable server storage space. Multiply that times the typical 4-5 spams a day and you've got a problem on your hands in no time(especially for those folk that don't check their email that often)
Re:Auto respond with "remove and unsubscribe" (Score:2)
And just putting a "remove and unsubscribe" to your email reply doesnt "swamp" his inbox. If you really wanted to do that, send the biggest dll in your system folder, or that little virus you came upon.
But then again, since these scum hijack valid email accounts, all you might end up doing is spamming some poor yahoo/hotmail account holder.
It doesn't help, and may make things worse... (Score:2)
Re:Auto respond with "remove and unsubscribe" (Score:4, Insightful)
Because they fool around with the headers, that "remove and unsubscribe" email you sent goes nowhere. Unless of course your script is digging down into the body for the "real" email - but then in the spam I get it's mostly phone numbers "A Degree in 1 Day!" etc.
I'm surprised you haven't noticed the bounces in your inbox "User Doesn't Exist" etc.
Nice try, wish it worked for more than a small percentage of spam, but it won't. It may even _increase_ the amount of spam you get, as it verifies your address is "live".
Just auto-ack with (Score:2)
This comment is OT - XSS Vuln in slashcode (Score:3, Informative)
There is a nasty Cross Site Scripting(XSS) vuln in Slashcode. This was used a day or so go on slashdot.org and resulted in most of the site being taken down for an hour or so. The maintainers of slashcode have patched the problem in CVS but have not even mentioned it anywhere that I can find. This leaves all sites using slash vulnerable to this exploit.
An example exploit (incomplete) is as follows:
<p > onMouseOver..insert javascript here...>
I am dissapointed that the slachcode maintainers have silently fixed this on slashdot.org yet made no mention of the problem elsewhere so that other sites can patch themselves. No wonder there are so many "trolls" on slashdot.org...ah well.
If you run a site using slashcode, get the latest CVS.
That is all. Move along.
My apologies to the original author for reposting without permission.
Re:Spamming them on their fax isn't a good idea... (Score:2)
Still probably illegal; but I doubt you'd suffer any real consequences even if they prosecuted.
Re:Spamming them on their fax isn't a good idea... (Score:2)
Copy their original spam message into WordPerfect (I said this was many years ago), set the page length to 1/8 inch, and hold down the "Page break" (Ctrl-Enter?) to ensure that each line of the message was on a seperate tiny page.
Save and send via faxmodem...
Buzz, Click! CHOP!
Buzz, Click! CHOP!
(repeat x 200 lines of spam).
Voila, pre-shredded fax. Also handy when you need some confetti in a hurry.
Re:problem with opt-in (Score:4, Interesting)
Get your own domain 'sugrshack.org', and set up an MX record for 'lists.sugrshack.org' pointing to some static-IP Unix-like machine where you can set up a virtual SMTP domain (e.g. Qmail).
When you visit ZDNet and subscribe to their mailing list, you subscribe as 'zdnet@lists.sugrshack.org'. When a mailing list starts selling your address and refusing to honor unsubscribe requests, you simply stop accepting email for the one address 'zdnet@lists.sugrshack.org', and the problem is solved.
There are a few complications to this approach. The biggest hassle I have is that I do need to post to several lists that restrict posting to 'members only', which means I need to adjust the 'From' address on outgoing messages to reflect the address with which I subscribed.
I don't have to worry about forgetting what address I used when subscribing, as Qmail will included a 'Delivered-To:' header for each message received to a virtualhost/alias.
Another drawback is that I get even more spam than before (identical spam runs addressed to each of many aliases). However, spam sent to 'expired' aliases is easily filtered out and discarded.
Re:Spam and Hotmail (Score:2)
I guess that the coders didn't quite understand the concept of:
if (!find(address_book_list,address) && !find(safe_list,address))
message_is_spam();
Re:Follow the money (Score:2)