Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Spam

FTC Encourages Consumers to Forward Them Spam 261

Burl Ives writes "See this CNN Article. 'The FTC encourages consumers to forward any spam they receive to the e-mail address uce@ftc.gov'. I'd say if they've posted their e-mail on the web, they are probably getting as much as the rest of us already, which isn't to say I'm not hoping to see some discussion of using the statistical spam sorters to auto forward a lot to them in encouragement..." I've been using SpamAssassin for some time now with excellent results. Perhaps now I need to have my spam folder auto-forward to the FTC as well.
This discussion has been archived. No new comments can be posted.

FTC Encourages Consumers to Forward Them Spam

Comments Filter:
  • What will they do? (Score:5, Interesting)

    by pgrote ( 68235 ) on Saturday September 07, 2002 @09:44AM (#4212057) Homepage
    I like the idea of forwarding the spam, but the question remains what will they do with it?

    For instance, Yahoo Mail [yahoo.com] has a feature where you can forward Spam to their Yahoo! Customer Care department. Yet, you don't know what happens.

    I don't know if this is a "feel good" attempt at showing that they are handling spam or they actually run some super secret program and change their spam variables.

    I'd like to see what the FTC is doing with the spam sent to them. Are they going to start a black list? Will they take action against the spammers?
    • by Amit J. Patel ( 14049 ) <amitp@cs.stanford.edu> on Saturday September 07, 2002 @10:05AM (#4212138) Homepage Journal
      I used to send them all my spam, but like you, I started wondering what they did with it. I think I'd start sending them spam if they sent me a summary monthly of:

      You sent us 1385 spam messages.
      We had not seen 18 of them before.
      We prosecuted 58 of the spammers:
      13 were shot
      19 were beheaded
      26 were forced to read spam in prison

      They'd probably get a lot better response rate that way.

      - Amit
      • > I think I'd start [forwarding spam to Yahoo] if they
        > sent me a summary monthly

        I had exactly the opposite problem. Earthlink has an address where you can forward spam, and every time you do, they send you an acknowledgement message! I was diligently forwarding all of my spam to them, in the hope that it would eventually cut down on the number of unwanted messages that I receive... until I realized that I was effectively doubling the number of unwanted messages I received. One for the original spam, and one for the ack.

        Then I carefully read their web page about forwarding. The only people they are going after are the ones that use Earthlink's own facilities to send spam. Like any significant spammer is going to do that in today's environment.

        So I have come to the conclusion that ISPs sometimes provide a place to forward spam so they will appear to be doing something, and so that people can feel like they are doing something to eliminate spam.

        The FTC may have similar motives -- it wouldn't be the first time that a U.S. government agency did something solely for the PR value -- but let's hope that's not the case.
        • by elemental23 ( 322479 ) on Saturday September 07, 2002 @02:15PM (#4213001) Homepage Journal

          I had exactly the opposite problem. Earthlink has an address where you can forward spam, and every time you do, they send you an acknowledgement message!

          What address are you sending it to? Spam originating outside Earthlink's network may be sent to junkmail@earthlink.net. This mailbox does not send an auto-response. You will get an auto-response if you send mail to abuse@earthlink.net (or variations, ie, abuse@corp.earthlink.net, etc), but you should only send mail to abuse if it originated on Earthlink's network.

          Then I carefully read their web page about forwarding. The only people they are going after are the ones that use Earthlink's own facilities to send spam.

          This is correct if you are referring to mail sent to abuse. What can Earthlink do about spam from a MSN (for example) user?

          Mail sent to the junkmail address, on the other hand, is forwarded on to Brightmail who runs Earthlink's Spaminator. They will consider it for inclusion in their incoming mail filters. So this mail is being looked at, and something is being done with it (albiet not by Earthlink directly).

      • out of about 7,000 active customers, about 15 to 20 will regularly forward spam to your abuse department. even if you just sat there being the abuse person, i have a doubt that you could properly address each complaint. God help you if you're just wearing the abuse hat, and are something else officially. You ALWAYS jump on your own customers spamming. But someone spamming your customer is unfortunately a much lower priority- the lunchlady doesnt have time for you telling on your friends when some other kids have a bloody nose. :-/
      • 26 were forced to read spam in prison

        I don't think spammers would last long enough in prison to read spam...they'd be too busy servicing their fellow inmates.
      • "I used to send them all my spam, but like you, I started wondering what they did with it."

        Make a quilt maybe? hehe

        Seriously, they are probably trying to gather data to support some kind of action or to get a better sense of what should be done.

        Unfortunately you won't see a complete ban on spam. Likely there will be 'acceptable spam' defined.

        I believe that they will adopt a 'honest email' policy. That is all email is okay if there is no deception. Truthful return address, subject line and an opt-out method that isn't used to gather the email addresses of 'the live ones.'

        One State (I don't remember which.) is considering requiring all spams to contain some standard indicator in the header that would allow users to easily identify the email as spam. Like 'ADV.' Of course the spammers don't want their emails to be easily identified for what they really are. That would make it too easy for ISP's to bit bucket them.

        I do feel however that we should be given the power to reliably identify spam. Opt-out strategies do not work. Obviously if your email address is being sold and traded by hundreds or thousands of spammers, you could spend a lot of time from now until hell freezes over opting out again and again and again.... If all legal spam carried 'ADV' in the header we could opt-out ourselves by filtering the junk. Spam that didn't carry the 'ADV' flag would have to be treated seriously and offenders fined, jailed or killed. :-)
    • by Coppit ( 2441 ) on Saturday September 07, 2002 @12:12PM (#4212588) Homepage

      They prosecute [ftc.gov] when they can. And (blatant self promotion) they use grepmail [sourceforge.net] to help them. I got a bug report from a guy on the project:

      Specifically, grepmail -r reports a grand total of 3,046,173 messages, but MHonArc generated only 2,558,869 HTML files.

      And you thought your mail archive was big. ;)


    • > I like the idea of forwarding the spam, but the question remains what will they do with it?

      They're just looking for good deals on toner cartridges.

  • from the posting (Score:3, Insightful)

    by no reason to be here ( 218628 ) on Saturday September 07, 2002 @09:45AM (#4212062) Homepage
    I'd say if they've posted their e-mail on the web, they are probably getting as much as the rest of us already

    most spammers are smart enough not to spam a .gov e-mail address.
    • Re:from the posting (Score:2, Informative)

      by Anonymous Coward
      Incorrect. My .gov address (and my .mil address!) get almost as much spam as my other, more traditional and commercial, email addresses do. Have no doubt that the US government and the military get this crap too!
    • checking my inbox, I see 6 spams in the last week addressed to my "abuse@" alias..

      Don't overestimate a spammers ability to even know where the spam is going

      P. T. Barnum was right :)
    • You'd think, but I and my coworkers get tons of the really nasty stuff at .gov addys continuously. I guess they think "Hey! I'm forging anyway, might as well hit the govs."

      Or they're throwing their spam at incremental IPs that happen to have port 25 open.
    • Doubtful... (Score:2, Interesting)

      by kyletinsley ( 575229 )

      most spammers are smart enough not to spam a .gov e-mail address.

      I really doubt this. You'd think they'd be smart enough to not send spam to any 'webmaster@' addresses, since whoever gets mail to that address has the greatest chances of being someone is willing and able to block their messages from getting to ALL the other users at that domain... however I see more email addressed to webmaster@domain than any other address that is forwarded to me. Presumably, because they know it will be a valid address at almost every domain, and/or they just spider them from web pages and put no further thought into it.

      Although, I haven't seen much being sent to 'abuse@', so most of the spam software authors probably made some cursory filtering rules when they first started making their stuff, but I doubt '.gov' was in them. Only a very tiny percentage of .gov users would actually have the authority/ability to take action against spammers anyway, and there's bound to be some potential customers among the rest of them. That's the whole point of spam: not putting too much thought into the recipients. Gather hundreds of millions of addresses en mass, blast out millions of emails every day, a couple % of the recipients will buy the crap you're selling. Another couple % of the people will get downright pissed at receiving your junkmail, but they don't matter as long as you're making money. If you start getting too nitpicky about who you're sending to, then it starts to resemble real work and isn't as profitable...

    • Perhaps they should use ftc-uce@hotmail.com instead.
  • by vidnet ( 580068 ) on Saturday September 07, 2002 @09:45AM (#4212064) Homepage
    Should I forward my spam even though I'm not American?
    • by Angry White Guy ( 521337 ) <CaptainBurly[AT]goodbadmovies.com> on Saturday September 07, 2002 @09:58AM (#4212115)
      If you're that interested, I would forward anything that apparently originated from the US, or is promoting US company interest. And lobby your government to do something about spam coming to your accounts.
      Hopefully, an honest attempt will be made by the US authorities to combat spam, and it sets a precident in other countries.

      Now if only Nigeria would set one up, I could do something about those damned 419 emails I keep getting!
    • Re: Scam Canada (Score:3, Informative)

      by rakerman ( 409507 )
      In Canada, the main organization set up to deal with phone / snailmail / email fraud is PhoneBusters [phonebusters.com].

      You can forward email scams to them at the West African Fraud Letter [mailto] address. The RCMP [www.rcmp.ca] webmaster said "This is now a general account for all scam letters."

  • by tuxedo-steve ( 33545 ) on Saturday September 07, 2002 @09:45AM (#4212065)
    Heh, FTC slashdots self.
  • If... (Score:5, Funny)

    by darkov2 ( 570389 ) on Saturday September 07, 2002 @09:46AM (#4212067)
    ...we find FTC commissioners have suddenly become very thin and rich with enourmous penises, we will know they got the spam.
  • by Anonymous Coward on Saturday September 07, 2002 @09:46AM (#4212068)
    To use with spamassasin username is "cartman"

    bash-2.05$ cat .forward
    "|IFS=' ' && exec /usr/bin/procmail -f- || exit 75 #cartman"

    bash-2.05$ cat .procmailrc
    LOGFILE=/home/cartman/proc.log

    :0fw
    | /home/cartman/SpamAssassin/spamassassin -P -c /home/cartman/SpamAssassin/rules

    :0:
    * ^X-Spam-Status: Yes
    /dev/null

    Yeah and lets stay anonymous not to be a carma whore...

    /cartman
  • filtering (Score:3, Informative)

    by Datasage ( 214357 ) <.moc.yergsidlroweht. .ta. .egasataD.> on Saturday September 07, 2002 @09:49AM (#4212077) Homepage Journal
    I've been using SpamAssassin for some time now with excellent results. Perhaps now I need to have my spam folder auto-forward to the FTC as well.


    I'm using spampal for Windows with Outlook. i have the filters set up to forward it to the ftc and delete the email. Spampal is avalable here. [spampal.org.uk]
    • I've now installed this, it looks great. I just wish it used a more complex ruleset for determining spam. Spam Detective is great for that.

      But I'll try this out for a few days and see how accurate it is.
  • i've been doing this for about a year now. can even remember where i read about it for the first time...
  • human spam filters? (Score:3, Interesting)

    by dankelley ( 573611 ) on Saturday September 07, 2002 @09:52AM (#4212091)
    Since automatic spam filters seem to be somewhat problematic (e.g. the one used at my university has way too many false positives to be useful), I wonder if there might be a new industry for human spam filters?

    The question is, how much would you pay to have somebody delete a spam message? If it's 1 cent, and if the person could kill one every 5 seconds (which seems pretty reasonable ... I don't even read the whole subjectline before deleting most spam), then we are at about 7 dollars an hour. Given that this is not a high-skill task that could be done from the home (possibly in the third world, where $7/hour is a very high wage), we may have a new industry here.

    For less than the price of a coffee per day, a user gets spam-free email, and somebody else gets to pay the rent.

    Of course, there is a downside: somebody might pay the anti-spam folks money to look the other way on some messages. And there is a privacy concern.

    So, am I nuts?

    • by account_deleted ( 4530225 ) on Saturday September 07, 2002 @10:12AM (#4212175)
      Comment removed based on user account deletion
    • In a word: yes
      In two words : damn skippy!

      It sounds like an ideal setup(aside from privacy concerns), but in a third world country, people probably wouldn't be able to read english, let alone the hundreds of other languages which exist.
      We are never going to stop spam completely. We just have to take measures to reduce the amount of spam that we do get to tolerable levels. RBL's, sane filter rules, and products like SpamAssasin (gratuitous plug) help. And don't be afraid to blackhole countries. I know absolutely nobody from China, Korea, the Netherlands, or a host of other countries, so I shut them down. I don't want emails describing hot asian teens, hardcore lesbians, or hot rear action (Thanks to Drew and Mike on 101 WRIF [wrif.com] in Detroit for that term, listen to the webcast 6-10am EST), so I filter that. I make gratuitous use of aliases for published e-mail accounts, so when one starts filling up, I shut it down.
      Spam is a consequence of the internet. Think of it as a badge of honor. The longer you're on, the higher your spam potential. Just don't let it reach critical mass.
      • Please define "third world". Do India, Thailand, Malaysia, etc. count as "Third World"? If so, then your assumption on their inability to read english is incorrect.

        Lets consider the original idea (I'm not for it, BTW, but its satursday and I've nothing better to do). $7/hour works out to about Rupees 350/hour in India (we'll take India as an example). This works out to, assuming a 6-hour day(hey, long lunch breaks are necessary after reading all that crap!), about Rupees 2000/day. Assuming a 5-day work week, thats about Rupees 40000/month. This will put the earner smack in the middle of the 'middle class' in India. Heck, even college teachers don't make that much money in India!

        So, $0.01 per spam read is pretty good money in some parts of the world, even where people can read/write excellent English.

    • Why should a user have to *pay* to avoid receiving unwanted messages? Why should a user have to do anything to avoid receiving unwanted e-mail that takes up resources to send and store?

      The better solution is to kill the spammers. No more spam.
  • Lets say you work for a large company, with say 10,000 people. 10,000 people * 10 spams a day (low number, but lets go with that for now) = 100,000 spam emails a day. Thats a lot of spam. Now, lets say that each spam is about 10kb. 10kb * 100,000 spams = 1000000kb, or (1000000/1024) 976 megabytes of spam. Almost a gig of spam a day.

    Now your company does not have a free pipeline to the internet. Lets assume for the sake of argument that they have to pay by the meg. Lets (wildly) assume that your company has to pay 15 cents per megabyte of traffic through their ISP. .15 * 976 = $146.40. That may not sound that much, but over the course of a year that makes out to be about $53,436.

    Of course, thats just in internet feed charges. Assume that it takes the average person one second to read and delete a spam. With an average of 10 spams a day, thats ((10,000 * 10)/60) 1666.67 minutes per day, or 27.78 hours per day wasted on spam. Say the average person makes $20 dollars an hour, or about $40,000 a year. 27.78 * 20=$555.56 a day in lost time. Over a year, thats $202,777.78 in time lost to spam. Ouch.

    So all those penis enlarger and diet spams are costing your company $256,000 a year. Multiply that by all the companies in the world that get spam, and you have a major financial burden
    • And a major financial incentive -- for your ISP. I'd happily pay a premium for an ISP that provides spam-filtering.

      I'm not interested in perfect -- just cut down the bulk by 75% to 80% or so. False positives are bad, so avoid those.

      This is NOT an issue where the government -- any government -- need to get involved.

      Come ON people! You really want the same organizational paragon of efficiency that runs Amtrak and the U.S. Postal Service regulating e-mail? Are you, as a Slashdot reader, that inept that you can't properly configure a Junkbuster/Spamassassin Proxy?

      If this costs so damn much money, then it is an opportunity for you to provide consulting services .

      With all the "let the government regulate it" talk, you'd think this was France and not the U.S.A.
      • You would be in the minority. I used to work for a local ISP. The TCO made it his personal mandate to stop spam to our customers. So of course, we sign up for the RBL. Big mistake. For the next two weeks we were fielding phone calls from angry customers stating that their friends could not send them e-mail, and even after we explained what was going on and why we were blocking them (their friend's admin didn't know how to do his job), not only did the customers threaten to change ISP's, we also had to field calls from the admins stating that we didn't know what we were talking about. It was a travesty from the very first day.
        ISP's are just that, internet service providers, and if their customers want mail from their friends, technically they have to let them have it.
        • Which is why I said it should be a PREMIUM service, where the customer explicitly ASKS for the blocking.

          Second step would be to charge people for excessing SENDING on a non-commercial account. If they run an open relay, and refuse to believe it, bill them by the megabit. When they bitch, give them the option of waving the first instances of the charges if they fix the problem. Offer instructions on how to fix the problem.
    • by realgone ( 147744 ) on Saturday September 07, 2002 @10:28AM (#4212236)
      Ah, the "lost time" argument -- rhetoric at its most manipulative and least accurate. (Nothing personal against you, arkham. Your post was actually an entertaining read.)

      The fallacy here is in assuming that every employee exists in a continual "on-and-working" state from the moment she sits down at her desk. Under such an assumption, 10 seconds spent doing something else equals 10 seconds of quantifiable production loss. Problem is, most white-color jobs are task based: I need to get X done today, where X equals a presentation, a subroutine, a sales call to Duluth -- whatever. Ten seconds spent doing something else don't result in 10 seconds less of X.

      The only place where these efficiencies would truly come into play is repetitive (and, might I add, borderline inhumane) assembly line work like meatpacking. And I'm assuming most meatpackers are less concerned about getting spam than making it.

      Heck, given the original argument, we could calculate astronomical amounts of monetary loss for just about everything. Employee time spent blinking could bankrupt a third world country. The time spent typing smiley faces? There goes Luxemburg. =)

      • The fallacy here is in assuming that every employee exists in a continual "on-and-working" state from the moment she sits down at her desk. Under such an assumption, 10 seconds spent doing something else equals 10 seconds of quantifiable production loss. Problem is, most white-color jobs are task based: I need to get X done today, where X equals a presentation, a subroutine, a sales call to Duluth -- whatever. Ten seconds spent doing something else don't result in 10 seconds less of X.

        That slightly modifies the argument, but makes no essential difference. Each employee spends a certain percentage of the time doing actual work and the rest in "down time" (resting, chatting, going to the can, etc). Spam does not magically increase an employee's percentage of "up time"; hence, if an employee spends (for example) 60% of the time up-and-working, the cost of spam in arkham6's argument can be multiplied by 60%.

        Actually, it's worse than that, because spam selectively comes from "up time" -- that's when you check your mailbox.

        The time spent typing smiley faces? There goes Luxemburg. =)

        Bad analogy. Unless it is customary at your place of employment to include smiley faces in business communications, those come out of "down time", and hence cost nothing.

        • Spam does not magically increase an employee's percentage of "up time"; hence, if an employee spends (for example) 60% of the time up-and-working, the cost of spam in arkham6's argument can be multiplied by 60%.

          You make an interesting point here but, no surprise, I'm going to respectfully disagree.

          My argument remains that applying time-based calculations to a project-based workplace just doesn't stick. (And doing so fractionally won't make it fractionally less of an error.) Unless "lost time" reaches such critical mass that it prevents a day's tasks from being completed or irreparably pollutes the quality of an employee's downtime, the monetary loss can be considered negligible.

          Or to approach the matter from another direction, spam is downtime. I've never known anyone to say: "Man, those junk mails cost me so much time this morning. I'd better cancel my afternoon project meeting so I have enough time left to read Slashdot." These seconds aren't additive (to uptime) but subtractive (from downtime).

          Now one could make a strong case for the loss of employee downtime affecting the quality of work, but that's a different argument from the one at hand.

          [re: Luxemburg:] Bad analogy.

          More like my feeble attempt at humor. (Sorry 'bout that.) Replace with yawning, stretching, sneezing, or your favorite G-rated bodily function.

          • You've still missed the point.

            Imagine, say, the outcry if you regularly got sales calls at work from telemarketers. Even if you were able to hang these calls up in a second or two, they would still be a completely unwarranted disturbance to your working routine, and heads would undoubtedly roll.

            Why is spam any different? Your argument about yawning, etc, is totally spurious as this time is already factored in. In effect, the company PAYS you to be comfortable at work (ie. breathe in and out, shift in your chair, etc.) so you can be maximally productive. They DO NOT pay you to read advertisements for penile enlargement products, throw the paper version of such advertisements in the wastepaper basket, hang up the phone on such telemarketed advertisements, or delete the same email advertisements from your inbox.

            I've never heard anybody who wanted to keep their job say they were going to miss any project meeting, by the way, but I have certainly heard people wish they had, say, another 10 productive minutes at a crucial time of the day, so they could go to that meeting more prepared.

            Spam costs individuals time. Time they do not chose to spend - and that's the key. After all, time is money as we all know.

          • These seconds aren't additive (to uptime) but subtractive (from downtime).

            Nope -- a given person works about the same percentage of the time on average. Being put under the gun will push the percentage up for a while; getting ahead of schedule and having the boss on vacation will let the percentage down for a while -- but in the long run it stays more or less constant.

            Someone deprived of his usual downtime one day will make it up later, one way or another, to blow off the stress. (If anything, the annoyance of being spammed is likely to raise the overall percentage of "down time" by adding just a bit more grind to each day.)

      • wrongo (Score:2, Interesting)

        The fallacy here is in assuming that every employee exists in a continual "on-and-working" state from the moment she sits down at her desk. Under such an assumption, 10 seconds spent doing something else equals 10 seconds of quantifiable production loss.
        ...
        Ten seconds spent doing something else don't result in 10 seconds less of X.

        No, not generically, but in the case of spam it does.

        I spend a certain amount of time at work going through email. I have to. We use it for a lot of critical communications, and spam or no, it is more efficient for those purposes than phone, memo, or face to face.

        So yeah, I will still blink, zone out, go to the bathroom, smoke 'n joke (or in my case, coca-cola and joke), whatever. But I will also waste time with spam. It is additive; it replaces time that I would be productively communicating.

        Oh well, I bill all my time and it is a cost of doing business. My employer will save money if they can stop it.

  • If that's what they want, that's what they'll get -- a daily helping of the contents of my Spam folder, courtesy of Cloudmark's SpamNet.
  • Old news (Score:3, Informative)

    by mutende ( 13564 ) <klaus@seistrup.dk> on Saturday September 07, 2002 @09:55AM (#4212103) Homepage Journal
    The FTC encourages consumers to forward any spam they receive to the e-mail address uce@ftc.gov

    This is old news [ftc.gov] (26th April 2001).

  • I've been forwarding stuff to uce@ftc.gov for several years. When one of my email addresses became overspammed, I just set it to auto-forward to uce@ftc.gov. You have to turn on full headers and all that so depending on your mail program, it might be more trouble than it is worth.

    Now that I use Sneakemail, I worry a lot less. So far, all those sites where I was worried they'd sell my address haven't done so. Occasionally one will crawl through Mozilla's Bugzilla, but not a lot so far. Just because the FTC is collecting Unsolicited Commercial Email doesn't mean they're going to do a lot about it. They're mostly going after the big cases of fraud and pyramid schemes. Its the people that are willing to pay $60 for a bottle of water that will cure all that ails them that are the problem.

    • I do the same thing that Sneakmail does, just on my own domain. I caught somebody recently: Ticketmaster.

      I ordered tickets on a Wednesday or Thursday for a concert on the Saturday. I received spam from a third party at the email address I'd provided on the following Monday or Tuesday. I Spamcop.net'ed them and deleted the email alias.

      In future, I'm going to wander down to the actual venue box office if I can... it's just too bad that on the occasions that I can't, that the only alternative choice is Ticketmaster.
  • echo "uce@ftc.gov" > ~/.forward

  • "Note - This is NOT Spam - you posted to one of our FFA sites or added yourself to the list. This is a one-time email transmission...no removal is necessary. Click Remove button to be removed: Remove"

    LOL

    • I've been getting a lot of those lately.

      In this case, however, it's because a spammer (Clark Mankin, a crook who runs speedstar.net) has been list-mail bombing me by signing up my e-mail address to hundreds of FFA links pages (and he didn't even try to hide his identity, as he used his own webpages in the signups and his IP address shows up everywhere) He has also claimed to be stalking me online.

      Quite frankly, I'd like laws that would put people like him in jail.
  • by ergo98 ( 9391 ) on Saturday September 07, 2002 @10:00AM (#4212123) Homepage Journal
    Is this really necessary? Personally I'd think a much better approach would be to simply set up test accounts (not with .gov, but I mean on AOL, local ISPs, etc) and reference the email on a couple of webpages, and perhaps in a usenet posting. They will, without any doubt, very quickly get every spam that everyone else gets, without getting hundreds of thousands of duplicates of each and every spam. This idea of forwarding all spams, either a request or some people who have mentioned that they do this by default, is just a grotesque waste of internet resources, doubling or tripling the damage a spam does.

    Having said that, spam is grotesquely out of control: My hotmail inbox now gets about 90 spams a day, and while Hotmail's spam filter catches most of them, I still have a noise floor as a dozen or so make it into my inbox every day (and conversely I have to go through the Junk Mail folder every week or so as real emails get stuck in there, particularly when associates or friends use subject lines like "BTW").
    • I get a copy of the same nigerian 409 scam for each domain I own, so it is pretty clear that they are culling the domain registrars.

      Yes, the FTC could go a long way with a couple of intern type "consumer users", at minimum wage to surf the net, and open a hotmail account or two, and register a domain or two.

      Once the addresses are on a few CDROMs full of addys sold to spammers, they will be up to their hips in spam.
    • Is this really necessary? Personally I'd think a much better approach would be to simply set up test accounts (not with .gov, but I mean on AOL, local ISPs, etc) and reference the email on a couple of webpages, and perhaps in a usenet posting. They will, without any doubt, very quickly get every spam that everyone else gets

      I have four different primary email accounts between work accounts, and personal and general 'net use. All four get a lot of spam, but there's very little overlap in the spam they get.

      If there are thousands of spammers with thousands of different lists, it would take more than what you mention in order to get a sample of every spam.

  • This is news? (Score:4, Interesting)

    by uhmmmm ( 512629 ) <uhmmmm@g[ ]l.com ['mai' in gap]> on Saturday September 07, 2002 @10:01AM (#4212125) Homepage
    Heck, it even made it into a slashdot poll [slashdot.org]
    • i was doing this over four years ago
      and gave up because I saw absolutely NO results.
      this address seemed to be just a black hole. maybe with the additional press it will start working again.
  • Ironic (Score:3, Interesting)

    by erroneus ( 253617 ) on Saturday September 07, 2002 @10:03AM (#4212131) Homepage
    I just recieved from SPAMCOP.NET what I suspect might be 'SHAKEDOWN Email.'

    I own a domain but do not operate it. (I will not disclose the domain because that just makes me a target so you will forgive my lack of being specific on this.) My email server will recieve email for this domain, but there is no active use for it. My server has no open relays.

    They sent me an email saying there has been or are complaints. This is the smaller part of the email. The rest of it is advertising services to me... SELLING ME THINGS and delivering propaganda.

    When a bulk of the email contains advertisment of services and only a small portion of it delivers vague and unsupported information, I have to believe it's SPAM.

    Is this a standard practice for SPAMCOP.NET?
    • I just recieved from SPAMCOP.NET what I suspect might be 'SHAKEDOWN Email.'

      No, what you got was essentially a test of your sysadmin skills, and you failed. A quick check of the headers will show that it did not, in fact, come from SpamCop. This was covered long ago, but see this page [julianhaight.com] to get up to speed.

    • Re:Ironic (Score:2, Informative)

      by DraKKon ( 7117 )
      it's fake... from the spamassassin mailling list:

      It's a forgery. http://news.spamcop.net/pipermail/spamcop-list/200 2-September/015678.html

      I received 3 this morning, at first I thought they were real although
      the usual reports have an URL where you can comment on the report, etc.
      Then I looked at the headers and noticed they all came from 64.70.191.50
      which is nowhere close to the spamcop.net or julianheight.com IPs.

      By the time the second and third messages came in, the IP was already
      in bl.spamcop.net, which I thought was pretty funny.

      Just treat them as spam and do your normal bit on them. :)
  • I won't do it (Score:2, Insightful)

    As much as I hate spam, I won't turn to the FTC or any other government agency to resolve the problem.

    If you think the Net should be as autonomous as possible -- and that the government should not be allowed to restrict the free flow of information -- then you can't have it both ways and go running to the government when that flow of information is to your annoyance rather than to your benefit.
    • Re:I won't do it (Score:4, Insightful)

      by Guppy06 ( 410832 ) on Saturday September 07, 2002 @10:31AM (#4212246)
      "and that the government should not be allowed to restrict the free flow of information"

      Please allow me to gratuitously quote myself [iwancio2002.org]:
      I have seen some ineffective bills drift through both houses of Congress that are written to allow unsolicited messages so long as they have an "opt-out" mechanism. Ignoring the fact that such legal loopholes would essentially negate the law entirely (can you prove that you tried to opt out?), it quite literally sickens me the way some of your fellow members of Congress feel that spam is somehow an issue dealing with the freedom of speech. The mere existence of the internet and the supposed changes it has on how business and the legal system work (even though such "changes" have been shown to be a lie) have helped to convince these poor fools that people should somehow have a right to use and abuse the property of others. Does my neighbor have the constitutional right to break my kneecap so long as they provide me with the ability to "opt out" of future kneecappings?

      The United States Constitution guarantees that all citizens are free to say what they want. It does not guarantee a soapbox upon which they can say it. Just as I am not guaranteed the right to have a billboard on Interstate 10, spammers should not have the "right" to use the resources of others simply because they're there.
      Spam isn't about the "free flow of information." It is the equivalent of graffiti. You are free to say whatever the hell you want, just don't use my e-mail account space.
  • though i'm generally opposed to the death penalty, i wouldn't mind if it were only applied to spammers and virus-releasers.
  • ... the FCC starts looking into spam. The main problem isn't the shady business practices that spam often advertises, the problem is that spam happens. Period.

    All the Federal Trade Commission can do is try to treat one of the symptoms, not the problem.
  • Does this only apply to Americans, or does the FTC cover elsewhere/entire Internet/world?

    What if your in America and the spam comes from China?
  • by swb ( 14022 ) on Saturday September 07, 2002 @10:46AM (#4212299)
    I thought one of the police jobs for the federal governemnt was investigating and arresting people for committing fraud. Why aren't they doing it to spam businesses?

    Most people are pissed about spam because its unwanted email and the popular focus has been on limiting or controlling unwanted email. I think this is misguided, because the spammers (both the freelance mail senders and those who do their own sending for their own products) tend to join forces with the more legitimate direct marketing community and bring the debate about stopping spam to a standstill.

    I think a better tactic would be to go after the products and services being sold via spam. IMHO nearly all (95%?) of them are fraudulent or illegal. If you eliminate the fraud businesses behind the spam, I think the spam itself will dramatically lighten up.

    Going after the people that send the mail is also very difficult since you don't know where they are and many spams are impossible to track the origin. But in order to sell something you have to at least be reachable enough to be paid, and that should make it much easier and less resource intensive to find the fraudsters and put the screws to them.

    While I like the idea that getting rid of the unsolicited email in and of itself, I think its also the least effective way to get rid of spam.
    • it's only fraud if they people selling the product KNOW they're lying. If they believe some pill or gadget really will make your dick 6 feet long, then no fraud. And how can you prove they DON'T believe that?
      • by swb ( 14022 )
        I don't think the simpleminded "But I didn't know it wouldn't work" excuse really carries any legal water. It might get a 5 year old out of a spanking for taking cookies from the cookie jar, but I don't think it allows someone to feign ignorance to sell magic pixie dust.
  • by Tsk ( 2863 ) on Saturday September 07, 2002 @10:59AM (#4212343) Homepage Journal
    This has already been done in France the email adress is spam@cnil.fr.
    So many people did the forwards that the mailbox was Full almost everyday. They thought One person could deal with all the mails : they were wrong so they updated the mailbox and said they'll carry along with thos forwarded mails.
    The results from these mails will permit to create a law to ban spamming in France, thus starting something in the EU, that would force a EU law for Spam.
  • SpamAssassin (Score:5, Informative)

    by ceswiedler ( 165311 ) <chris@swiedler.org> on Saturday September 07, 2002 @11:12AM (#4212384)
    For me, the killer app for using Linux at home was fetchmail / IMAP / procmail / SpamAssassin. I was using POP3 to download email from several accounts, into mail clients at home and at work. I was tired of re-downloading the same messages, and of sorting the messages into folders in one place and having those changes not reflected other places.

    So I set up my Linux server, which up to that point didn't do much except NAT, to fetchmail my messages from various accounts, run them through procmail and Spamassassin, and then publish the messages via IMAP. Now my email is accessible from anywhere, through an IMAP client or over the web (running IMP) or through ssh/pine. It's filtered for spam and sorted into folders, and I can back it up easily.

    I wish Mozilla mail supported addressbooks stored in IMAP folders, but instead I have to run an LDAP server (way overkill) to manage contacts. IMP's address book component, Turba, is just about the only LDAP client which acts like a sensible contact manager and allows adding / editing entries.

    I'm serious when I say this is a killer app for me. Before, I could have replaced my Linux server with a NAT router and not really missed it. Now it's essential to the way I work and communicate.
    • Re:SpamAssassin (Score:2, Interesting)

      by frx ( 23115 )
      Would you be kind enough to write a small HOWTO or recipe on how to do this ? I've been meaning to try something similar, but I'm too lazy too read all the docs.
    • I second the above request for a FAQ. I've been doing something similar on a Win32 platform without the spam-filtering portion since spam-filtering software for Windows servers is very weak.
      • Re:SpamAssassin (Score:4, Informative)

        by ceswiedler ( 165311 ) <chris@swiedler.org> on Saturday September 07, 2002 @01:38PM (#4212893)
        If I have time I'll write a formal HOWTO and maybe submit it to /. In the meantime, here's a synopsis:

        You need a Linux machine with a static IP address. If you can't have a static IP I suppose you can play games with dynamic IP addresses to access the server. Get a DNS entry to make it easier to access.

        Set up fetchmail [tuxedo.org] . Fetchmail is a simple program (written by ESR) which downloads mail via POP or IMAP. You configure it with your mail server, username, and password, and it downloads mail to the local machine. Actually, it re-delivers your mail locally. Your remote email might be chris2912@earthlink.net, and your username on your Linux server might be ces; fetchmail delivers the mail it downloads to ces@localhost.

        At this point, you can use pine or mutt to read your mail. By default, they read mail from your local spool. Note that your "inbox" is /var/spool/mail/username, but other mail folders are usually under your home directory. Configure pine or mutt to put your mail folders in ~/mail.

        Install procmail [procmail.org]. Procmail allows you to set up filters for handling mail. It will let you move mail to a folder based on sender (something like various mail client's rules) and more importantly, it will let you run SpamAssassin (or junkfilter, but I recommend SpamAssassin). Set up procmail to run SpamAssassin on each email, and then either delete the spam or move it to a certain folder. The SpamAssassin documentation is pretty clear on how to do this. Make sure procmail is configured to use the folders in ~/mail.

        Install an IMAP server. I use the standard UW server [washington.edu]; there are others. The UW server runs via [x]inetd. I recommend setting up the SSL support (imaps).

        What IMAP does is allow you to access your email remotely, without downloading it like POP. Mail is kept on the server, in folders. Through an IMAP client, you "subscribe" to a certain set of folders; these are the only folders IMAP clients will see. You want to configure your IMAP clients to use ~/mail as your root folder; otherwise you will see any other folders in your home directory (IMAP isn't limited to email).

        When you set up an IMAP client (Outlook will work, though Outlook 2000 has an annoying bug, always reporting "server dropped connection", I use Mozilla mail) you provide the IP address of your server, and your username and password on that server.

        IMAP is strange about deleting. Many IMAP clients by default want to move deleted messages into a folder. That's okay if you want to do that, I prefer to actually delete them. Even if you actually delete a message, it is only marked as deleted; it's still there until you purge it. Pine asks if you want to purge messages when you leave a folder; other clients do similar things.

        Finally, install a web email package. IMP [horde.org] is the best, but it can be very hard to set up. I resorted to another package called squirrelmail [squirrelmail.org] before I finally got IMP set up. Squirrelmail is perfectly fine. Configure the package to use IMAP, using localhost as the server.

        That's the basic points. Email me at ceswiedler@mindspring.com if you want any further help.
  • I've found spamassassin to be mediocre with detecting spam. I get about 95% spam identification rate, but with about 10% false positives.
  • by DocSnyder ( 10755 ) on Saturday September 07, 2002 @11:23AM (#4212423)
    If you're running your own DNS and email server, use email addresses with subdomains which will become invalid after some time.

    For example, I'm a quite active Usenet poster, using "[something]@expires-[year][month].[mydomain]" as my email address. "expires-200209" means the entire subdomain will be kicked after Sep 30. After that time, the spammer won't find a MX record for that subdomain and has no possibility to annoy me with his junk.

    For legitimate correspondents, I'm telling them email adresses with a subdomain which will never expire or only very far in the future.

    Running the risk of having my cute web server /.'d until it blows the whistle, here is a more detailed draft [docsnyder.de].

    /.
    DocSnyder.

    • The flaw in this design is spammers will eventually figure it out. Three years ago I set up an email box on my own server with my own domain (so it would not be subject to an ISP or webmail provider giving it out). I never put the exact address online. Instead, I put a munged form of it online with things like "nospam" added. Guess what. It got spammed. Spammers figured out how to remove "nospam" from the address. That's now built in to spamware (some doesn't remove the "-" if I use name-nospam). It won't be long (maybe a year at most) after your method becomes popular for spammers to figure out how to detect and modify it to get through. And soon after that, the spamware will know how.

      The only way to do this is with a scheme that makes it next to impossible to guess the base form, or an alternate form. For example, take the MD5 checksum of the date, along with a secret string you don't tell anyone, and use the first few characters as that email address. You can use it in the subdomain or the left-hand-side.

      What will be needed will be a set of these pre-generated so the mail server already accepts them, and you store them in your PDA or other places where you can readily access them, and record who got which address.

      The key is to provide no means for predicting what address can be used to bypass the filters.

  • by Skapare ( 16644 ) on Saturday September 07, 2002 @12:12PM (#4212587) Homepage

    How many times do I have to opt out if a million businesses decide to take up spamming over the course of the next year or so. Sometimes I get over a dozen different copies of exactly the same spam from exactly the same sender, sent to a dozen different email addresses. These are legitimately different addresses because they have different roles. Of course a spammer won't know they go to the same person. But sending spam to them is essentially OFF TOPIC because their role isn't to respond to advertising.

    Until the FTC (and this may require Congress to do this) adopts the principle that opting *IN* is required first, and that I should not have to go to the trouble to opt out if I never opted in in the first place, then as far as I'm concerned, any actions by the FTC is misguided and useless.

  • WTF? (Score:3, Informative)

    by CaptainSuperBoy ( 17170 ) on Saturday September 07, 2002 @02:10PM (#4212985) Homepage Journal
    They have been doing this for years now.. It could be as long as 5 years uce@ftc.gov has been accepting spam. Talk about your old news. And all the slashdot drones eat it up like it's some kind of spam revolution.. "Wow, Uncle Sam will help us fight spam! Gee whiz!"
  • I don't think we really need to be forwarding all of our spam to the FTC. They will just use it as statistical evidence further regulate things. I would prefer to keep governmental agencies out of my life and my e-mail whenever possible. If that means deleting some spam everyday then I am willing to do that. The best thing you can do is just not support businesses that spam and eventually they will decide it is not a good form of advertising.

This is now. Later is later.

Working...