FTC Encourages Consumers to Forward Them Spam 261
Burl Ives writes "See this CNN Article. 'The FTC encourages consumers to forward any spam they receive to the e-mail address uce@ftc.gov'. I'd say if they've posted their e-mail on the web, they are probably getting as much as the rest of us already, which isn't to say I'm not hoping to see some discussion of using the statistical spam sorters to auto forward a lot to them in encouragement..." I've been using SpamAssassin for some time now with excellent results. Perhaps now I need to have my spam folder auto-forward to the FTC as well.
What will they do? (Score:5, Interesting)
For instance, Yahoo Mail [yahoo.com] has a feature where you can forward Spam to their Yahoo! Customer Care department. Yet, you don't know what happens.
I don't know if this is a "feel good" attempt at showing that they are handling spam or they actually run some super secret program and change their spam variables.
I'd like to see what the FTC is doing with the spam sent to them. Are they going to start a black list? Will they take action against the spammers?
Re:What will they do? (Score:5, Funny)
You sent us 1385 spam messages.
We had not seen 18 of them before.
We prosecuted 58 of the spammers:
13 were shot
19 were beheaded
26 were forced to read spam in prison
They'd probably get a lot better response rate that way.
- Amit
Be Careful What You Wish For (Score:2, Interesting)
> sent me a summary monthly
I had exactly the opposite problem. Earthlink has an address where you can forward spam, and every time you do, they send you an acknowledgement message! I was diligently forwarding all of my spam to them, in the hope that it would eventually cut down on the number of unwanted messages that I receive... until I realized that I was effectively doubling the number of unwanted messages I received. One for the original spam, and one for the ack.
Then I carefully read their web page about forwarding. The only people they are going after are the ones that use Earthlink's own facilities to send spam. Like any significant spammer is going to do that in today's environment.
So I have come to the conclusion that ISPs sometimes provide a place to forward spam so they will appear to be doing something, and so that people can feel like they are doing something to eliminate spam.
The FTC may have similar motives -- it wouldn't be the first time that a U.S. government agency did something solely for the PR value -- but let's hope that's not the case.
Re:Be Careful What You Wish For (Score:4, Interesting)
I had exactly the opposite problem. Earthlink has an address where you can forward spam, and every time you do, they send you an acknowledgement message!
What address are you sending it to? Spam originating outside Earthlink's network may be sent to junkmail@earthlink.net. This mailbox does not send an auto-response. You will get an auto-response if you send mail to abuse@earthlink.net (or variations, ie, abuse@corp.earthlink.net, etc), but you should only send mail to abuse if it originated on Earthlink's network.
Then I carefully read their web page about forwarding. The only people they are going after are the ones that use Earthlink's own facilities to send spam.
This is correct if you are referring to mail sent to abuse. What can Earthlink do about spam from a MSN (for example) user?
Mail sent to the junkmail address, on the other hand, is forwarded on to Brightmail who runs Earthlink's Spaminator. They will consider it for inclusion in their incoming mail filters. So this mail is being looked at, and something is being done with it (albiet not by Earthlink directly).
Re:What will they do? (Score:2)
Re:What will they do? (Score:3, Funny)
I don't think spammers would last long enough in prison to read spam...they'd be too busy servicing their fellow inmates.
Re:What will they do? (Score:3, Insightful)
Make a quilt maybe? hehe
Seriously, they are probably trying to gather data to support some kind of action or to get a better sense of what should be done.
Unfortunately you won't see a complete ban on spam. Likely there will be 'acceptable spam' defined.
I believe that they will adopt a 'honest email' policy. That is all email is okay if there is no deception. Truthful return address, subject line and an opt-out method that isn't used to gather the email addresses of 'the live ones.'
One State (I don't remember which.) is considering requiring all spams to contain some standard indicator in the header that would allow users to easily identify the email as spam. Like 'ADV.' Of course the spammers don't want their emails to be easily identified for what they really are. That would make it too easy for ISP's to bit bucket them.
I do feel however that we should be given the power to reliably identify spam. Opt-out strategies do not work. Obviously if your email address is being sold and traded by hundreds or thousands of spammers, you could spend a lot of time from now until hell freezes over opting out again and again and again.... If all legal spam carried 'ADV' in the header we could opt-out ourselves by filtering the junk. Spam that didn't carry the 'ADV' flag would have to be treated seriously and offenders fined, jailed or killed.
Re:What will they do? (Score:5, Informative)
They prosecute [ftc.gov] when they can. And (blatant self promotion) they use grepmail [sourceforge.net] to help them. I got a bug report from a guy on the project:
And you thought your mail archive was big. ;)
Re: What will they do? (Score:3, Funny)
> I like the idea of forwarding the spam, but the question remains what will they do with it?
They're just looking for good deals on toner cartridges.
Hmm (Score:3, Informative)
As for what they are going to do with it--us not-so-paranoid people would expect them to use it to generate a "paper trail", a collection of evidence, for the location, apprehension, and prosecution of said spammer. We who are paranoid may worry about the government taking a sudden interest in us when they discover we exist, but I would tend to think that argument is well worn and a little unfounded anyway.
Nevertheless, it's always nice to see it happen when the public gets a startling revelation of what they really have at their disposal--lots of people simply don't know, and since they don't know, they can't very well take proper advantage of the tools afforded them as US citizens.
Now, if you go look at Spam Laws [spamlaws.com] you'll see the US has been considering a few federal bills, but haven't gotten anywhere yet. But a lot of states do have laws in effect--whether these have had stood up in court is another question...
from the posting (Score:3, Insightful)
most spammers are smart enough not to spam a
Re:from the posting (Score:2, Informative)
Re:from the posting (Score:3, Funny)
Don't overestimate a spammers ability to even know where the spam is going
P. T. Barnum was right
Re:from the posting (Score:2)
Or they're throwing their spam at incremental IPs that happen to have port 25 open.
Doubtful... (Score:2, Interesting)
most spammers are smart enough not to spam a .gov e-mail address.
I really doubt this. You'd think they'd be smart enough to not send spam to any 'webmaster@' addresses, since whoever gets mail to that address has the greatest chances of being someone is willing and able to block their messages from getting to ALL the other users at that domain... however I see more email addressed to webmaster@domain than any other address that is forwarded to me. Presumably, because they know it will be a valid address at almost every domain, and/or they just spider them from web pages and put no further thought into it.
Although, I haven't seen much being sent to 'abuse@', so most of the spam software authors probably made some cursory filtering rules when they first started making their stuff, but I doubt '.gov' was in them. Only a very tiny percentage of .gov users would actually have the authority/ability to take action against spammers anyway, and there's bound to be some potential customers among the rest of them. That's the whole point of spam: not putting too much thought into the recipients. Gather hundreds of millions of addresses en mass, blast out millions of emails every day, a couple % of the recipients will buy the crap you're selling. Another couple % of the people will get downright pissed at receiving your junkmail, but they don't matter as long as you're making money. If you start getting too nitpicky about who you're sending to, then it starts to resemble real work and isn't as profitable...
Re:from the posting (Score:2)
Re:from the posting (Score:2, Funny)
"Re: Your account"
"Re: Martha, here is that information you requested" (OH GOSH! They mismailed it to me! AWESOME!)
"Remember me?"
"Earn the respect and accolades of your peers with a University Degree!"
"Women say: SIZE DOES MATTER!"
"Enlarge your penis"
(clearly the penis enlargement industry must be pretty profitable right now as probably 35%+ of spam relates to increasing the size of one's member).
Re:from the posting (Score:2)
Yeah, it is definitely a growth industry. It's been expanding quickly.
How about international use? (Score:4, Interesting)
Re:How about international use? (Score:4, Insightful)
Hopefully, an honest attempt will be made by the US authorities to combat spam, and it sets a precident in other countries.
Now if only Nigeria would set one up, I could do something about those damned 419 emails I keep getting!
NO!!! (Score:3, Funny)
Re: Scam Canada (Score:3, Informative)
You can forward email scams to them at the West African Fraud Letter [mailto] address. The RCMP [www.rcmp.ca] webmaster said "This is now a general account for all scam letters."
Re:How about international use? (Score:2)
A lot of people use myname.NOSPAM@isp.com to avoid spam. I often use myname.anti-spam@mydomain.biz to avoid spam myself. But it might be interesteing to actually set up an e-mail alias for myname.anti-spam@mydomain.biz and have everything sent to it automatically bounced to uce@ftc.gov and to myself to see if it's working. It might be an interesting experiment.
Self-inflicted DDOS (Score:3, Funny)
Re:Self-inflicted DDOS (Score:5, Funny)
If... (Score:5, Funny)
Sample .procmailrc and .forward file (Score:5, Informative)
bash-2.05$ cat
"|IFS=' ' && exec
bash-2.05$ cat
LOGFILE=/home/cartman/proc.log
|
* ^X-Spam-Status: Yes
Yeah and lets stay anonymous not to be a carma whore...
Postfix spam filter (Score:2, Informative)
http://cs.stadia.fi/~pkoistin/postfix-spam-filter
NO WARRANTY!
Re:Sample .procmailrc and .forward file (Score:3, Informative)
# forward to ftc
* ^X-Spam-Status: Yes
! uce@ftc.gov
filtering (Score:3, Informative)
I'm using spampal for Windows with Outlook. i have the filters set up to forward it to the ftc and delete the email. Spampal is avalable here. [spampal.org.uk]
Re:filtering (Score:2)
But I'll try this out for a few days and see how accurate it is.
this is *old* news... (Score:2)
human spam filters? (Score:3, Interesting)
The question is, how much would you pay to have somebody delete a spam message? If it's 1 cent, and if the person could kill one every 5 seconds (which seems pretty reasonable ... I don't even read the whole subjectline before deleting most spam), then we are at about 7 dollars an hour. Given that this is not a high-skill task that could be done from the home (possibly in the third world, where $7/hour is a very high wage), we may have a new industry here.
For less than the price of a coffee per day, a user gets spam-free email, and somebody else gets to pay the rent.
Of course, there is a downside: somebody might pay the anti-spam folks money to look the other way on some messages. And there is a privacy concern.
So, am I nuts?
Comment removed (Score:5, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:human spam filters? (Score:3, Interesting)
In two words : damn skippy!
It sounds like an ideal setup(aside from privacy concerns), but in a third world country, people probably wouldn't be able to read english, let alone the hundreds of other languages which exist.
We are never going to stop spam completely. We just have to take measures to reduce the amount of spam that we do get to tolerable levels. RBL's, sane filter rules, and products like SpamAssasin (gratuitous plug) help. And don't be afraid to blackhole countries. I know absolutely nobody from China, Korea, the Netherlands, or a host of other countries, so I shut them down. I don't want emails describing hot asian teens, hardcore lesbians, or hot rear action (Thanks to Drew and Mike on 101 WRIF [wrif.com] in Detroit for that term, listen to the webcast 6-10am EST), so I filter that. I make gratuitous use of aliases for published e-mail accounts, so when one starts filling up, I shut it down.
Spam is a consequence of the internet. Think of it as a badge of honor. The longer you're on, the higher your spam potential. Just don't let it reach critical mass.
Re:human spam filters? (Score:2)
Lets consider the original idea (I'm not for it, BTW, but its satursday and I've nothing better to do). $7/hour works out to about Rupees 350/hour in India (we'll take India as an example). This works out to, assuming a 6-hour day(hey, long lunch breaks are necessary after reading all that crap!), about Rupees 2000/day. Assuming a 5-day work week, thats about Rupees 40000/month. This will put the earner smack in the middle of the 'middle class' in India. Heck, even college teachers don't make that much money in India!
So, $0.01 per spam read is pretty good money in some parts of the world, even where people can read/write excellent English.
Re:human spam filters? (Score:2)
The better solution is to kill the spammers. No more spam.
Some costs of spam. (Score:2)
Now your company does not have a free pipeline to the internet. Lets assume for the sake of argument that they have to pay by the meg. Lets (wildly) assume that your company has to pay 15 cents per megabyte of traffic through their ISP.
Of course, thats just in internet feed charges. Assume that it takes the average person one second to read and delete a spam. With an average of 10 spams a day, thats ((10,000 * 10)/60) 1666.67 minutes per day, or 27.78 hours per day wasted on spam. Say the average person makes $20 dollars an hour, or about $40,000 a year. 27.78 * 20=$555.56 a day in lost time. Over a year, thats $202,777.78 in time lost to spam. Ouch.
So all those penis enlarger and diet spams are costing your company $256,000 a year. Multiply that by all the companies in the world that get spam, and you have a major financial burden
NOT the government! (Score:2)
I'm not interested in perfect -- just cut down the bulk by 75% to 80% or so. False positives are bad, so avoid those.
This is NOT an issue where the government -- any government -- need to get involved.
Come ON people! You really want the same organizational paragon of efficiency that runs Amtrak and the U.S. Postal Service regulating e-mail? Are you, as a Slashdot reader, that inept that you can't properly configure a Junkbuster/Spamassassin Proxy?
If this costs so damn much money, then it is an opportunity for you to provide consulting services
With all the "let the government regulate it" talk, you'd think this was France and not the U.S.A.
Re:NOT the government! (Score:2)
ISP's are just that, internet service providers, and if their customers want mail from their friends, technically they have to let them have it.
Re:NOT the government! (Score:2)
Second step would be to charge people for excessing SENDING on a non-commercial account. If they run an open relay, and refuse to believe it, bill them by the megabit. When they bitch, give them the option of waving the first instances of the charges if they fix the problem. Offer instructions on how to fix the problem.
Re:NOT the government! (Score:2)
Even after talking to the admins and relaying mail to him from him, they simply believed that there was no chance and that we were lying. Our customers never even listened to us, they just wanted their mail. The people sending the mail didn't even read the error messages which we sent back (which we wrote in plain english, no techno-babble), and just call their friends and say "I can't send you e-mail"
People complain, and the less they know about something, the louder it gets. I personally changed several hundred e-mail addresses because they recieved too much spam, and even after explaining to the customer not to post their e-mail address on every single joke-list, free offer, and gimmick webpage, they'd call back in two months to have it changed again. Obviously nobody told them the "Free Lunch" cliche.
Re:Some costs of spam. (Score:5, Informative)
The fallacy here is in assuming that every employee exists in a continual "on-and-working" state from the moment she sits down at her desk. Under such an assumption, 10 seconds spent doing something else equals 10 seconds of quantifiable production loss. Problem is, most white-color jobs are task based: I need to get X done today, where X equals a presentation, a subroutine, a sales call to Duluth -- whatever. Ten seconds spent doing something else don't result in 10 seconds less of X.
The only place where these efficiencies would truly come into play is repetitive (and, might I add, borderline inhumane) assembly line work like meatpacking. And I'm assuming most meatpackers are less concerned about getting spam than making it.
Heck, given the original argument, we could calculate astronomical amounts of monetary loss for just about everything. Employee time spent blinking could bankrupt a third world country. The time spent typing smiley faces? There goes Luxemburg. =)
No Fallacy Whatsoever (Score:2)
That slightly modifies the argument, but makes no essential difference. Each employee spends a certain percentage of the time doing actual work and the rest in "down time" (resting, chatting, going to the can, etc). Spam does not magically increase an employee's percentage of "up time"; hence, if an employee spends (for example) 60% of the time up-and-working, the cost of spam in arkham6's argument can be multiplied by 60%.
Actually, it's worse than that, because spam selectively comes from "up time" -- that's when you check your mailbox.
The time spent typing smiley faces? There goes Luxemburg. =)
Bad analogy. Unless it is customary at your place of employment to include smiley faces in business communications, those come out of "down time", and hence cost nothing.
Re:No Fallacy Whatsoever (Score:2)
You make an interesting point here but, no surprise, I'm going to respectfully disagree.
My argument remains that applying time-based calculations to a project-based workplace just doesn't stick. (And doing so fractionally won't make it fractionally less of an error.) Unless "lost time" reaches such critical mass that it prevents a day's tasks from being completed or irreparably pollutes the quality of an employee's downtime, the monetary loss can be considered negligible.
Or to approach the matter from another direction, spam is downtime. I've never known anyone to say: "Man, those junk mails cost me so much time this morning. I'd better cancel my afternoon project meeting so I have enough time left to read Slashdot." These seconds aren't additive (to uptime) but subtractive (from downtime).
Now one could make a strong case for the loss of employee downtime affecting the quality of work, but that's a different argument from the one at hand.
More like my feeble attempt at humor. (Sorry 'bout that.) Replace with yawning, stretching, sneezing, or your favorite G-rated bodily function.
Re:No Fallacy Whatsoever (Score:3, Interesting)
Imagine, say, the outcry if you regularly got sales calls at work from telemarketers. Even if you were able to hang these calls up in a second or two, they would still be a completely unwarranted disturbance to your working routine, and heads would undoubtedly roll.
Why is spam any different? Your argument about yawning, etc, is totally spurious as this time is already factored in. In effect, the company PAYS you to be comfortable at work (ie. breathe in and out, shift in your chair, etc.) so you can be maximally productive. They DO NOT pay you to read advertisements for penile enlargement products, throw the paper version of such advertisements in the wastepaper basket, hang up the phone on such telemarketed advertisements, or delete the same email advertisements from your inbox.
I've never heard anybody who wanted to keep their job say they were going to miss any project meeting, by the way, but I have certainly heard people wish they had, say, another 10 productive minutes at a crucial time of the day, so they could go to that meeting more prepared.
Spam costs individuals time. Time they do not chose to spend - and that's the key. After all, time is money as we all know.
Re:No Fallacy Whatsoever (Score:3, Interesting)
Nope -- a given person works about the same percentage of the time on average. Being put under the gun will push the percentage up for a while; getting ahead of schedule and having the boss on vacation will let the percentage down for a while -- but in the long run it stays more or less constant.
Someone deprived of his usual downtime one day will make it up later, one way or another, to blow off the stress. (If anything, the annoyance of being spammed is likely to raise the overall percentage of "down time" by adding just a bit more grind to each day.)
wrongo (Score:2, Interesting)
The fallacy here is in assuming that every employee exists in a continual "on-and-working" state from the moment she sits down at her desk. Under such an assumption, 10 seconds spent doing something else equals 10 seconds of quantifiable production loss.
...
Ten seconds spent doing something else don't result in 10 seconds less of X.
No, not generically, but in the case of spam it does.
I spend a certain amount of time at work going through email. I have to. We use it for a lot of critical communications, and spam or no, it is more efficient for those purposes than phone, memo, or face to face.
So yeah, I will still blink, zone out, go to the bathroom, smoke 'n joke (or in my case, coca-cola and joke), whatever. But I will also waste time with spam. It is additive; it replaces time that I would be productively communicating.
Oh well, I bill all my time and it is a cost of doing business. My employer will save money if they can stop it.
Ah, Cloudmark..... how easy you make this....... (Score:2)
Old news (Score:3, Informative)
This is old news [ftc.gov] (26th April 2001).
Older still (since 1998) (Score:2)
uce@ftc has been around for years (Score:2)
Now that I use Sneakemail, I worry a lot less. So far, all those sites where I was worried they'd sell my address haven't done so. Occasionally one will crawl through Mozilla's Bugzilla, but not a lot so far. Just because the FTC is collecting Unsolicited Commercial Email doesn't mean they're going to do a lot about it. They're mostly going after the big cases of fraud and pyramid schemes. Its the people that are willing to pay $60 for a bottle of water that will cure all that ails them that are the problem.
I caught Ticketmaster this way (Score:2)
I ordered tickets on a Wednesday or Thursday for a concert on the Saturday. I received spam from a third party at the email address I'd provided on the following Monday or Tuesday. I Spamcop.net'ed them and deleted the email alias.
In future, I'm going to wander down to the actual venue box office if I can... it's just too bad that on the occasions that I can't, that the only alternative choice is Ticketmaster.
I know what I need to do. (Score:2)
Re:I know what I need to do. (Score:2)
Can't, apparently most of my SPAM isn't SPAM (Score:2, Funny)
LOL
Re:Can't, apparently most of my SPAM isn't SPAM (Score:2)
In this case, however, it's because a spammer (Clark Mankin, a crook who runs speedstar.net) has been list-mail bombing me by signing up my e-mail address to hundreds of FFA links pages (and he didn't even try to hide his identity, as he used his own webpages in the signups and his IP address shows up everywhere) He has also claimed to be stalking me online.
Quite frankly, I'd like laws that would put people like him in jail.
Increasing the waste of resources (Score:4, Insightful)
Having said that, spam is grotesquely out of control: My hotmail inbox now gets about 90 spams a day, and while Hotmail's spam filter catches most of them, I still have a noise floor as a dozen or so make it into my inbox every day (and conversely I have to go through the Junk Mail folder every week or so as real emails get stuck in there, particularly when associates or friends use subject lines like "BTW").
Re:Increasing the waste of resources (Score:2)
Yes, the FTC could go a long way with a couple of intern type "consumer users", at minimum wage to surf the net, and open a hotmail account or two, and register a domain or two.
Once the addresses are on a few CDROMs full of addys sold to spammers, they will be up to their hips in spam.
Re:Increasing the waste of resources (Score:2)
I have four different primary email accounts between work accounts, and personal and general 'net use. All four get a lot of spam, but there's very little overlap in the spam they get.
If there are thousands of spammers with thousands of different lists, it would take more than what you mention in order to get a sample of every spam.
Re:fraud (Score:2)
Whoops, forgot where I was....
This is news? (Score:4, Interesting)
not even close to new (Score:2)
and gave up because I saw absolutely NO results.
this address seemed to be just a black hole. maybe with the additional press it will start working again.
Ironic (Score:3, Interesting)
I own a domain but do not operate it. (I will not disclose the domain because that just makes me a target so you will forgive my lack of being specific on this.) My email server will recieve email for this domain, but there is no active use for it. My server has no open relays.
They sent me an email saying there has been or are complaints. This is the smaller part of the email. The rest of it is advertising services to me... SELLING ME THINGS and delivering propaganda.
When a bulk of the email contains advertisment of services and only a small portion of it delivers vague and unsupported information, I have to believe it's SPAM.
Is this a standard practice for SPAMCOP.NET?
Re:Ironic (Score:2)
I just recieved from SPAMCOP.NET what I suspect might be 'SHAKEDOWN Email.'
No, what you got was essentially a test of your sysadmin skills, and you failed. A quick check of the headers will show that it did not, in fact, come from SpamCop. This was covered long ago, but see this page [julianhaight.com] to get up to speed.
Re:Ironic (Score:2)
Which is rather irrelevant since he isn't an admin, as he stated.
Read again; neither his post nor my reply indicate he's the admin himself. He was responsible for the domain, and if you're getting contact email, you need to be clueful enough to handle it or have someone working for you who does. This person clearly isn't on top of things, and by falsely accusing SpamCop of wrongdoing he is adding to the problem of spam.
Re:Ironic (Score:2, Informative)
It's a forgery. http://news.spamcop.net/pipermail/spamcop-list/20
I received 3 this morning, at first I thought they were real although
the usual reports have an URL where you can comment on the report, etc.
Then I looked at the headers and noticed they all came from 64.70.191.50
which is nowhere close to the spamcop.net or julianheight.com IPs.
By the time the second and third messages came in, the IP was already
in bl.spamcop.net, which I thought was pretty funny.
Just treat them as spam and do your normal bit on them.
I won't do it (Score:2, Insightful)
If you think the Net should be as autonomous as possible -- and that the government should not be allowed to restrict the free flow of information -- then you can't have it both ways and go running to the government when that flow of information is to your annoyance rather than to your benefit.
Re:I won't do it (Score:4, Insightful)
Please allow me to gratuitously quote myself [iwancio2002.org]:Spam isn't about the "free flow of information." It is the equivalent of graffiti. You are free to say whatever the hell you want, just don't use my e-mail account space.
Re:I won't do it (Score:2)
Re:I won't do it (Score:2)
Regardless of whether you want a "truly anonymous net" whetever that is supposed to be, and assuming you actually believe such a thing actually exists at the present time, doesn't change the fact that spam is incredibly out of control and that short of government intervention there isn't much any of us can do about it.
I disagree. Government intervention isn't going to help at all. What needs to happen is ISPs need to start suing spammers for breach of contract. Upstream providers need to start suing downstream ISPs for breaching their contracts and allowing spam, if those downstream ISPs don't create financial penalties to spammers.
99.9999% of spam is already illegal, as it is a breach of contract somewhere along the chain. The problem isn't lack of government intervention, it's that the ISPs don't want to stop spam.
though i'm generally opposed to the death penalty, (Score:2)
Come back to me when... (Score:2)
All the Federal Trade Commission can do is try to treat one of the symptoms, not the problem.
Re:Come back to me when... (Score:2)
What is the FTC's juristictions (Score:2, Interesting)
What if your in America and the spam comes from China?
Where's the government bunco sqad? (Score:3, Interesting)
Most people are pissed about spam because its unwanted email and the popular focus has been on limiting or controlling unwanted email. I think this is misguided, because the spammers (both the freelance mail senders and those who do their own sending for their own products) tend to join forces with the more legitimate direct marketing community and bring the debate about stopping spam to a standstill.
I think a better tactic would be to go after the products and services being sold via spam. IMHO nearly all (95%?) of them are fraudulent or illegal. If you eliminate the fraud businesses behind the spam, I think the spam itself will dramatically lighten up.
Going after the people that send the mail is also very difficult since you don't know where they are and many spams are impossible to track the origin. But in order to sell something you have to at least be reachable enough to be paid, and that should make it much easier and less resource intensive to find the fraudsters and put the screws to them.
While I like the idea that getting rid of the unsolicited email in and of itself, I think its also the least effective way to get rid of spam.
It's only fraud if... (Score:2)
Re:It's only fraud if... (Score:3, Insightful)
This is not the firts time ... (Score:3, Informative)
So many people did the forwards that the mailbox was Full almost everyday. They thought One person could deal with all the mails : they were wrong so they updated the mailbox and said they'll carry along with thos forwarded mails.
The results from these mails will permit to create a law to ban spamming in France, thus starting something in the EU, that would force a EU law for Spam.
SpamAssassin (Score:5, Informative)
So I set up my Linux server, which up to that point didn't do much except NAT, to fetchmail my messages from various accounts, run them through procmail and Spamassassin, and then publish the messages via IMAP. Now my email is accessible from anywhere, through an IMAP client or over the web (running IMP) or through ssh/pine. It's filtered for spam and sorted into folders, and I can back it up easily.
I wish Mozilla mail supported addressbooks stored in IMAP folders, but instead I have to run an LDAP server (way overkill) to manage contacts. IMP's address book component, Turba, is just about the only LDAP client which acts like a sensible contact manager and allows adding / editing entries.
I'm serious when I say this is a killer app for me. Before, I could have replaced my Linux server with a NAT router and not really missed it. Now it's essential to the way I work and communicate.
Re:SpamAssassin (Score:2, Interesting)
Re:SpamAssassin (Score:2)
Re:SpamAssassin (Score:4, Informative)
You need a Linux machine with a static IP address. If you can't have a static IP I suppose you can play games with dynamic IP addresses to access the server. Get a DNS entry to make it easier to access.
Set up fetchmail [tuxedo.org] . Fetchmail is a simple program (written by ESR) which downloads mail via POP or IMAP. You configure it with your mail server, username, and password, and it downloads mail to the local machine. Actually, it re-delivers your mail locally. Your remote email might be chris2912@earthlink.net, and your username on your Linux server might be ces; fetchmail delivers the mail it downloads to ces@localhost.
At this point, you can use pine or mutt to read your mail. By default, they read mail from your local spool. Note that your "inbox" is
Install procmail [procmail.org]. Procmail allows you to set up filters for handling mail. It will let you move mail to a folder based on sender (something like various mail client's rules) and more importantly, it will let you run SpamAssassin (or junkfilter, but I recommend SpamAssassin). Set up procmail to run SpamAssassin on each email, and then either delete the spam or move it to a certain folder. The SpamAssassin documentation is pretty clear on how to do this. Make sure procmail is configured to use the folders in ~/mail.
Install an IMAP server. I use the standard UW server [washington.edu]; there are others. The UW server runs via [x]inetd. I recommend setting up the SSL support (imaps).
What IMAP does is allow you to access your email remotely, without downloading it like POP. Mail is kept on the server, in folders. Through an IMAP client, you "subscribe" to a certain set of folders; these are the only folders IMAP clients will see. You want to configure your IMAP clients to use ~/mail as your root folder; otherwise you will see any other folders in your home directory (IMAP isn't limited to email).
When you set up an IMAP client (Outlook will work, though Outlook 2000 has an annoying bug, always reporting "server dropped connection", I use Mozilla mail) you provide the IP address of your server, and your username and password on that server.
IMAP is strange about deleting. Many IMAP clients by default want to move deleted messages into a folder. That's okay if you want to do that, I prefer to actually delete them. Even if you actually delete a message, it is only marked as deleted; it's still there until you purge it. Pine asks if you want to purge messages when you leave a folder; other clients do similar things.
Finally, install a web email package. IMP [horde.org] is the best, but it can be very hard to set up. I resorted to another package called squirrelmail [squirrelmail.org] before I finally got IMP set up. Squirrelmail is perfectly fine. Configure the package to use IMAP, using localhost as the server.
That's the basic points. Email me at ceswiedler@mindspring.com if you want any further help.
Spamassassin (Score:2)
Expiring subdomains are very helpful against spam (Score:4, Interesting)
For example, I'm a quite active Usenet poster, using "[something]@expires-[year][month].[mydomain]" as my email address. "expires-200209" means the entire subdomain will be kicked after Sep 30. After that time, the spammer won't find a MX record for that subdomain and has no possibility to annoy me with his junk.
For legitimate correspondents, I'm telling them email adresses with a subdomain which will never expire or only very far in the future.
Running the risk of having my cute web server /.'d until it blows the whistle, here is a more detailed draft [docsnyder.de].
DocSnyder.
The flaw in this design is... (Score:2)
The flaw in this design is spammers will eventually figure it out. Three years ago I set up an email box on my own server with my own domain (so it would not be subject to an ISP or webmail provider giving it out). I never put the exact address online. Instead, I put a munged form of it online with things like "nospam" added. Guess what. It got spammed. Spammers figured out how to remove "nospam" from the address. That's now built in to spamware (some doesn't remove the "-" if I use name-nospam). It won't be long (maybe a year at most) after your method becomes popular for spammers to figure out how to detect and modify it to get through. And soon after that, the spamware will know how.
The only way to do this is with a scheme that makes it next to impossible to guess the base form, or an alternate form. For example, take the MD5 checksum of the date, along with a secret string you don't tell anyone, and use the first few characters as that email address. You can use it in the subdomain or the left-hand-side.
What will be needed will be a set of these pre-generated so the mail server already accepts them, and you store them in your PDA or other places where you can readily access them, and record who got which address.
The key is to provide no means for predicting what address can be used to bypass the filters.
Opting out is NOT the right way (Score:3, Interesting)
How many times do I have to opt out if a million businesses decide to take up spamming over the course of the next year or so. Sometimes I get over a dozen different copies of exactly the same spam from exactly the same sender, sent to a dozen different email addresses. These are legitimately different addresses because they have different roles. Of course a spammer won't know they go to the same person. But sending spam to them is essentially OFF TOPIC because their role isn't to respond to advertising.
Until the FTC (and this may require Congress to do this) adopts the principle that opting *IN* is required first, and that I should not have to go to the trouble to opt out if I never opted in in the first place, then as far as I'm concerned, any actions by the FTC is misguided and useless.
WTF? (Score:3, Informative)
don't involve the FTC (Score:2)
Re:So... (Score:2)
Re:So... (Score:2)
On false positives... (Score:2, Interesting)
Yep, Deersoft's done well (Score:2)
I use it at home and even bought licenses fr the office as well.
The software [deersoft.com] is well worth the money.
Re:Forward any spam? (Score:2)
Print these out and send a copy to Postmaster, their city/zip. Make sure they know why you're sending it to them, i.e. make sure they can see the address of the person in their town. Depending on the postmaster, they can get in quite a bit of trouble for doing this.
Re:Already doing it. (Score:2)
abuse@(upstream provider of domain making me register)