Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Spam

The Economics of Spam 832

higgins writes "The Wall Street Journal has the best story I've ever seen on the economics of spam. A self-described "spam queen" (Clean link; should work for non-subscribers) talks about not just the millions of emails she spews, but what it costs per mailing ($250 for 500k emails), what the response rates are (1-2 one-thousandths percent) and what she actually makes. (40% of each sale of one product: anti-spam software)."
This discussion has been archived. No new comments can be posted.

The Economics of Spam

Comments Filter:
  • New spam... (Score:5, Interesting)

    by swordboy ( 472941 ) on Wednesday November 13, 2002 @10:02AM (#4659180) Journal
    Here's a new one for you:

    The other day, I got spam via my 'windows messaging service' - someone on my cable modem subnet is sending me pop-up spam with the 'net send' command (Windows only). Obviously this is easy to disable (for someone who knows how to) but...

    WTF?

    I took a screen shot which indicated time/date AND IP but the cableco tech morons said that they couldn't do anything about it? Right... How about revoking access? Perhaps it was the cableco themselves selling this service?
    • by Dman33 ( 110217 )
      I started getting that across my T1. Easy fix, but annoying!

      I have also heard from a friend about how he was at his university's computer lab when that WMS SPAM went to all of the computers in the lab. "University Diplomas On-Line!!!" Ironic bit of spam for a University computer lab, eh? ;)
      • Re:New spam... (Score:4, Insightful)

        by OrangeSpyderMan ( 589635 ) on Wednesday November 13, 2002 @10:30AM (#4659481)
        I started getting that across my T1.

        WTF? You have that T1 just plugged into the back of your Windows box or what? I'm sorry but anyone who has a Windows box on a T1 with nothing filtering NetBIOS is a goddam public menace. You'll get little sympathy from me.
      • by DiveX ( 322721 ) <slashdotnewcontact@oasisofficepark.com> on Wednesday November 13, 2002 @12:27PM (#4660861) Homepage
        I got the exact same thing yesterday in my school lab. It is not ironic since the act is intentional. It is called targeted advertising.

        The message is being listed as being sent from 'WEBPOPUP' since that is the name someone used for their system. Most of these diploma traces so far go to ev1.net, though after a lot of complaints they refuse to do anything. Check out a little information concerning this issue here:

        http://www.mynetwatchman.com/kb/security/article s/ popupspam/index.htm

        The program being used is called "Direct Advertiser". If you have NetBIOS bound to your interface, someone using net send will, by default, pipe the message over SMB to TCP 139. But if NetBIOS is not bound to the interface, net send will use UDP 135 instead. It takes the "net" command a bit longer to figure this out, but it does work.

        The Direct Advertiser product just skips the preliminaries, knowing that smart system administrators close TCP 139, and goes right for the undocumented back door.

        The 'Direct Advertiser' web site even tells you how to not receive these kind of things any more.

        How to set up your system not to receive netbios messages

        To deliver the message our program uses a NetBios call built into the Windows API.

        Click Start->Setings -> Control Panel->Administrative Tools->Services
        Scroll down and highlight "Messenger"
        Right-click the highlighted line and choose Properties.
        Click the STOP button.
        Select Disable or Manual in the Startup Type scroll bar
        Click OK

        Windows XP

        Click Start->Control Panel
        Click Performance and Maintenance
        Click Administrative Tools
        Double click Services
        Scroll down and highlight "Messenger"
        Right-click the highlighted line and choose Properties.
        Click the STOP button.
        Select Disable or Manual in the Startup Type scroll bar
        Click OK

        Windows 98/ME

        Remove or disable the file and printer sharing from your network configuration.

    • Re:New spam... (Score:5, Insightful)

      by meringuoid ( 568297 ) on Wednesday November 13, 2002 @10:11AM (#4659254)
      I took a screen shot which indicated time/date AND IP but the cableco tech morons said that they couldn't do anything about it? Right... How about revoking access? Perhaps it was the cableco themselves selling this service?

      Spam via SMB is quite the new thing, I gather. This has the potential to _really_ piss people off.

      But it could turn out to be a good thing. The reason we can't stop spam by blocking port 25 is that we need to accept email from people who have legitimate reasons to send it. But who has a legitimate reason to connect to SMB on a desktop machine via the Internet? Nobody. Ever.

      If this leads ISPs to block the ports involved, the world will be a better place, with no more script kiddies owning Win98 machines via smbclient.

      • Re:New spam... (Score:5, Insightful)

        by SCHecklerX ( 229973 ) <greg@gksnetworks.com> on Wednesday November 13, 2002 @10:31AM (#4659495) Homepage
        No, ISPs should NOT be blocking ANY ports. I pay them for a connection. Perhaps email, news, etc. Securing my machine is my responsibility. If there is a machine on their net causing a problem, then yes, they should kill THAT machine's connection. Filtering anything is not the right thing for them to be doing.
        • Re:New spam... (Score:3, Informative)

          Though I agree in principle, the various SMB ports are near useless on so-called "high-speed" connections. There is just way too much broadcasting and redundant back-and-forth traffic that it's too slow to actually use.

          It's also an inherently insecure protocol. I suppse one could port-forward via SSH (I have no idea, just musing out loud). Authentication will often fall-back to cleartext if the weak challenge-and-response fails.

          I actually prefer that my provider block such ports on the wire. They did this mostly because new customers would fire up their boxes and immediately be able to browse (or be browsed) on the "Network Neighbourhood". The whole world is your "WORKGROUP"!

          I have the feeling most people didn't know or care that they have such a thing available to them. At work, they may use "the network" but apparently they need no such thing at home and certainly don't want to know how to set one up (with any amount of security, anyway).

          My guess is that only a few of us run an internal network that routes to a shared connection.

          The problem, of course, is that blocking ports can be seen as the "thin edge of the wedge" in terms of providers slowly removing connectivity until we are all paying for a single port-80 connection to their proxy (complete with Carnivore) and maybe POP or IMAP. If you are lucky, and really ask nice.

        • ISPs have rights too (Score:4, Interesting)

          by why-is-it ( 318134 ) on Wednesday November 13, 2002 @11:29AM (#4660180) Homepage Journal
          No, ISPs should NOT be blocking ANY ports. I pay them for a connection. Perhaps email, news, etc. Securing my machine is my responsibility. If there is a machine on their net causing a problem, then yes, they should kill THAT machine's connection. Filtering anything is not the right thing for them to be doing.

          You pay for a connection, but the ISP owns the infrastructure, and it's their network you are connecting to. While it would be nice if they did not block any ports, they have every right to do so on their own network. If you don't like that, you are always free to take your business elsewhere.
          • by MacAndrew ( 463832 ) on Wednesday November 13, 2002 @02:49PM (#4662271) Homepage
            I'm getting criticism like this from folks who don't read closely enough.

            The poster said should not and not can not. In other words, this is the way the poster wants things to be, or thinks they ought to be, or hopes they will be, for the reasons given, but not the way they must be. That filtering is "not the right thing" is a policy assertion, and it is implicit the poster will switch ISP's if the current one downgrades its service. However, the supply of ISP's, esp. broadband, is not infinite, and if ISP's react in a kneejerk fashion the availability of alternative service could dry up quickly -- and unnecessarily.
        • Re:New spam... (Score:5, Interesting)

          by Anonvmous Coward ( 589068 ) on Wednesday November 13, 2002 @12:24PM (#4660817)
          "No, ISPs should NOT be blocking ANY ports."

          Why not have the ISP block the ports by default and give you an option to enable them via web interface?

          Let the ISP be the firewall...
    • Re:New spam... (Score:5, Insightful)

      by reaper20 ( 23396 ) on Wednesday November 13, 2002 @10:13AM (#4659272) Homepage
      Argh, I get people at work complaining about this. "I called Comcast, and they're not doing anything about it, those jerks!"

      Your ISPs job is to provide you an internet connection that you pay for - it is NOT their job to secure your computer for you.

      If you're getting Messenger spam, then you probably don't know how to protect your computer, which means if I were you, I'd be worrying about what else on your box is 0wned.
      • Re:New spam... (Score:3, Insightful)

        by Kombat ( 93720 )
        I suppose you believe that people who can't repair their own vehicles shouldn't be driving, too?
        • Re:New spam... (Score:4, Insightful)

          by miltimj ( 605927 ) on Wednesday November 13, 2002 @10:18AM (#4659340)
          It's not a matter of repairing the vehicle.. it's a matter of putting on your seatbelt.
        • Re:New spam... (Score:4, Insightful)

          by reaper20 ( 23396 ) on Wednesday November 13, 2002 @10:20AM (#4659359) Homepage
          No, but I would expect someone who doesn't lock their car door, leaves the keys in with the engine running everytime they park somewhere should complain when the car gets stolen.
          • Re:New spam... (Score:4, Insightful)

            by Fastolfe ( 1470 ) on Wednesday November 13, 2002 @11:57AM (#4660511)
            A more apt analogy would be you, parking your car, locking it like you think you should, going inside, coming out the next day and finding it stolen. The thief broke in, hotwired it, and drove it away.

            Would you tell the victim, "You should have secured the ignition wiring better!"?

            While those savvy in cars might recognize the vulnerability and do something about it to make the thief's job harder (maybe even be l33t enough to install a hidden kill switch), your average user is going to go simply by what the vendor recommends, and what globally recognized best practices are (locking your car).

            I do not recall any Microsoft announcements involving the default state of the Messenger service and its ability to receive unsolicited traffic from the Internet.

            Let's think about this in a little more realistic light, yah?
            • Re:New spam... (Score:4, Insightful)

              by (trb001) ( 224998 ) on Wednesday November 13, 2002 @03:50PM (#4662954) Homepage
              Nothing is being stolen in the case of spam (processing power aside, yada yada, we're not all being paid by SETI@home).

              It's analogous to locking you car, going inside, coming back out and finding a flyer on your windshield. Some places allow this, others don't, but we've ALL gotten these flyers before.

              In my case, I don't figure it's a big deal, I'll throw it in the backseat with the rest of my trash.

              --trb
        • Re:New spam... (Score:3, Insightful)

          by SCHecklerX ( 229973 )
          Bad analogy. When a mechanic fixes somebody else's car, it doesn't typically break mine (filtering ports 80/25/22, for example).

          Likewise, most people have locks on their doors and windows. They don't leave their door open with a sign that says 'free stuff inside!' like people are doing by connecting their computers to the Internet without properly securing them.

          • oh, bullshit. There is no 'free stuff inside' sign on an unsecured computer, any more than there is one on an unlocked car or an unlocked house. You have to look INSIDE the car or house to see if there's anything worth stealing in it, and that in itself is illegal. (looking through the windows of a car isn't illegal, but that's beside the point)

            All of you elitist bastards keep jumping on the less computer literate for not doing something they don't know they have to do... well, those of you who work for ISPs and in IT wouldn't have JOBS if it wasn't for the less computer literate, so stop your fucking childish whining.
            • Re:New spam... (Score:4, Insightful)

              by arkanes ( 521690 ) <arkanes.gmail@com> on Wednesday November 13, 2002 @11:43AM (#4660351) Homepage
              Actually, with netBIOS, there IS such a sign - an unsercured windows machine actively advertises itself on the network. Blame Microsoft for a stupid default configuration, blame Compaq and Gateway and all the other OEMs for shipping Windows in that configuration, or blame users who don't know and don't want to know (that last is important) anything about computer security or the need for it, but the fact is: If your unsecured (default) windows machine is hooked directly to the internet without a firewall of some kind (hardware or software) you not only of leaving the doors unlocked, you are literally opening them and inviting everyone in. There's alot of blame to be partioned out for the sad state of home computer security, but users have to take thier share. A computer is NOT an appliance, and you ARE responsible for a minimum level of knowlege and precaution.

              Incidently, my job is totally independent of fuckwit users.

        • Re:New spam... (Score:3, Interesting)

          by Zocalo ( 252965 )
          Bad analogy. Just as there are people who you can pay to repair cars, there are people who you can pay to secure computers as well. Of course, in both cases, not all of them know what they are doing or do a proper job, but you pays your money...

          Frankly, given all of the recent mainstream press hype about PC security, exploits, worms and all the rest, even if it is rather thick with FUD, there really isn't much excuse for claiming ignorance anymore. Lot's of people don't know how to service their car, but pretty much everyone knows to get it serviced regularly don't they? My only hope is that the inevitable flood of NetBIOS spam raises the awareness level above the threshold necessary for J.Q. User to get of their butts and do something about it.

      • Re:New spam... (Score:5, Insightful)

        by Planesdragon ( 210349 ) <slashdot&castlesteelstone,us> on Wednesday November 13, 2002 @10:17AM (#4659320) Homepage Journal
        Your ISPs job is to provide you an internet connection that you pay for - it is NOT their job to secure your computer for you.

        It is their job to enforce their TOS--which most likely perclude spamming.

        And if the IP is off-network, simply contacting whomever owns it would work.
      • Re:New spam... (Score:5, Interesting)

        by diverman ( 55324 ) on Wednesday November 13, 2002 @10:29AM (#4659471)
        Actually, you're wrong. It's also their job to enforce their policies. Something like SPAM'ing other users (decreasing customer satisfaction) is covered under most ISP abuse policies.

        It's also their responsibility to enforce abuse policies that they agree to with THEIR network provider (not necessarily being violated in this situation tho).

        So, what I recommend is that people go read the abuse policy of their ISP, and see if it has anything that covers this kind of abuse. If the person sending you this SPAM over SMB (first turn off SMB messaging and get a Firewall), confirm that they are breaking their agreement, and then bitch to all high heaven. If the idiot on the phone says there's nothing they can do, ask for their manager. If they refuse, get their employee number and report them (then report the company to the appropriate agency [ie. BBB]). If that manager doesn't help, ask for his/her manager. It may not immediately solve the problem, but it will leave a big fat record of this being a problem.

        If fewer people just sit on their ass, and say "It's my problem", nothing will get done on a more global level. And THAT is the only way crap like this really gets addressed. Be loud, be clear, be heard! Don't let a stupid company bully you.

        And finally, even if they help you... if you feel they are a good company to you as the customer drop them. You pay them. If you are under contract, and they don't help you, accuse them of being in breach of their policies (if they are).

        Not everyone knows how to protect their computer. And they shouldn't have to know how to. That's the point of computers, to make your lived easier not more of a headache.

        So... in summary... I couldn't disagree more with reaper20. Don't just take it and get walked all over. Stand up, and fight for your right as a consumer and customer!

        Just my $0.02!

        -Alex
        • Re:New spam... (Score:4, Insightful)

          by pogen ( 303331 ) on Wednesday November 13, 2002 @11:26AM (#4660158) Homepage
          Actually, you're wrong. It's also their job to enforce their policies. [....] If you are under contract, and they don't help you, accuse them of being in breach of their policies.

          Refusing to terminate someone else's account on your say-so is not a "breach of their policies." An abuse policy places limits on how the customer is allowed to use the service. It does not in any way imply that the ISP is somehow obligated to punish every infraction. They are well within their rights to terminate the offender's access, or suspend it, or give a warning -- or do absolutely nothing.

    • Comment removed (Score:5, Informative)

      by account_deleted ( 4530225 ) on Wednesday November 13, 2002 @10:21AM (#4659363)
      Comment removed based on user account deletion
    • Re:New spam... (Score:3, Insightful)

      by redtail1 ( 603986 )
      myNetWatchman alert [mynetwatchman.com] about Microsoft RPC spam...

      Long story short, running a personal firewall is now mandatory. Close ports 135, 137 and 139. Even that might not be sufficient one day.
      • Re:New spam... (Score:4, Informative)

        by Tassach ( 137772 ) on Wednesday November 13, 2002 @10:37AM (#4659574)
        A large number of ISPs are already filtering those ports. Comcast has been filtering those ports (incoming and outgoing) in the Baltimore area for at least 4 years. Even a lot of dialup ISPs filter NetBIOS traffic now.

        While I'm opposed to backbone-level filtering on a philosophical level, my practical side says there's no valid reason to run SMB over a public network. If you legitimately need to connect to a remote SMB network, you should be doing it over a VPN or some other encrypted tunnel.

  • by echucker ( 570962 ) on Wednesday November 13, 2002 @10:03AM (#4659184) Homepage
    "I'm just trying to make a living like everyone else," says Ms. Betterly. Her e-mail marketing operation, she says, allows her to raise her children, Chris, 10, and Craig, 11, and to spend quality time with them. "You can call me spam queen, I don't really care. As long as I'm not breaking any laws, you don't have to love me or like what I do for a living."

    Not breaking any laws. Riiiiiiiight. Nice values to instill in those kids, too.
    • by GGardner ( 97375 ) on Wednesday November 13, 2002 @10:33AM (#4659518)
      And in the "breaking a law you didn't expect her to be breaking" category, I'll bet that the 6 bedroom house she operates her business from is not zoned for this kind of commercial activity.


      We all knew that spammers weren't the brightest bulbs on the planet, but giving an interview with your real name and location to a national newspaper does seem a bit foolish, doesn't it?

    • by foistboinder ( 99286 ) on Wednesday November 13, 2002 @10:51AM (#4659764) Homepage Journal

      "I'm just trying to make a living like everyone else," says Tony Soprano. His waste manangement operation, he says, allows hime to raise his children, and to spend quality time with them. "You can call a mob boss, I don't really care. As long as I don't get caught, you don't have to love me or like what I do for a living."

  • by sfled ( 231432 ) <sfled.yahoo@com> on Wednesday November 13, 2002 @10:04AM (#4659192) Journal
    For a more entertaining read, just change the word "spam" to "crack" in the story.
  • Hrmm (Score:3, Interesting)

    by acehole ( 174372 ) on Wednesday November 13, 2002 @10:05AM (#4659204) Homepage
    Perhaps we should punish the people who are feeding these spam monsters. Do you think that the spammers would even bother if they didnt get a sale?

    I'm just amazed at people's stupidity. Oh well I guess there's always going to be a market for penis enlargers and those PhD's from non-accredited universities.
    • Re:Hrmm (Score:5, Interesting)

      by arivanov ( 12034 ) on Wednesday November 13, 2002 @10:13AM (#4659278) Homepage

      Finally someone on the point. If someone spams me they no longer get any business from my household. Ever.

      Just a few names off the list:

      AmEx: Anytime you write to their security and privacy people you are automatically included into a SPAM mailing list and not removed ever after. I tried to get them to stop and ended cancelling the account. As a result they wrote me back telling me that they authorise themselves to use my phone to call me with new offers. If you have an AmEx card and use it you are supporting a spammer outfit.

      Play.com: Similar story. Canceled the account and blacklisted them on every server I maintain a blacklist for. Does not help. They are still trying to send.

      To ve continued ad naseum...

  • by meringuoid ( 568297 ) on Wednesday November 13, 2002 @10:06AM (#4659218)
    But the other message was a complaint from WorldCom. A WorldCom customer had reported an "alleged violation" of the company's policy that prohibits spamming. "We request you take whatever measures you deem appropriate which will ensure no further violation will occur," the e-mail from WorldCom said.

    WorldCom lets spammers get away with 'first offence'.

    Mr. Connell typed a response: "Problem solved. This guy won't receive anything from us again." He flagged the name of the offended e-mail recipient on Ms. Betterly's list so that person wouldn't be contacted again.

    WorldCom helps spammers listwash.

    WorldCom says that if problems with a spammer persist, the company will send increasingly stern notices and eventually cut off service.

    WorldCom will let spammers get away with spamming several times before actually doing anything about it.

    Paging SPEWS. SPEWS to the white courtesy phone, please...

    • Mod that shit down (Score:4, Insightful)

      by Havokmon ( 89874 ) <rick&havokmon,com> on Wednesday November 13, 2002 @11:00AM (#4659885) Homepage Journal
      • WorldCom lets spammers get away with 'first offence'.
      • WorldCom helps spammers listwash.
      • WorldCom will let spammers get away with spamming several times before actually doing anything about it.
      Are you people never satisifed? Do you want the FBI raiding at the FIRST sign of trouble, or do you want to follow proper channels?

      Such an informative post. Where did that customers email address come from? How is Mr. Connell to REALLY know if that person merely clicked-through an agreement (Without reading it) that their email would be shared? Did that person then attempt to use anything posted within the email to remove his/herself from that list?

      "And she only sends bulk e-mails to people who have indicated at some time that they want to hear more about certain products or offers. People do that, some unwittingly, when they sign up for free e-mail accounts or create chat-room identities or buy products online. Many Web sites ask users whether they are interested in receiving marketing offers and ask them to check -- or, more likely, uncheck -- an obscure little box if they don't want to receive that kind of e-mail."

      So people, in this case, are not paying attention. Strangely, that's also why there's such hubub about cars and cell-phone use.

      "He flagged the name of the offended e-mail recipient on Ms. Betterly's list so that person wouldn't be contacted again."

      So wait a second, because some places don't abide by their privacy agreements, or don't remove people when requested, then EVEYRONE is bad?

      I suppose, then, I should be in prison, because I've circumvented copy protection using a No-CD crack so my kids don't have to touch CD's.

      Obviously, you belive that if SOMEONE is doing something illegal in a certain area (hacking government systems), then EVERYONE must be doing that. I guess we shouldn't have access to source code either. Who KNOWS what we could do with that!

      Please. Tell us. Some of us want to know which side of the double standard you really stand at.

      • by Ashurbanipal ( 578639 ) on Wednesday November 13, 2002 @11:21AM (#4660107)
        As for your illegal use of CDs, that's your lookout - you have chosen to put your family at legal risk just to save a couple of bucks on CDs. Or maybe you are taking a moral stand, but you are still choosing to take a risk. Mayhap that's an OK risk for you, but it's still there, don't pretend you aren't breaking a law for your own convenience.

        As for the spammers, I have NEVER EVER EVER given "opt-in" permission on my tech contact Email to any business. It was stolen from the Internic "whois" database over ten years ago, and now receives thousands of spams (ironically, I maintain that address as a spam trap now to help me keep a strong access.db) from hundreds of spammers, all of whom make exactly the same claims as Betterly.

        It should be obvious that with individuals rapidly and constantly trading lists of as many as 60 million addresses, it is effectively impossible to get "opted out" permanently once one is on such a list. It is equally obvious that there is tremendous financial incentive to create lists without any regard for the wishes of those on the lists, and to represent those lists as "opt-in" when trading with other spammers.

        At least you are consistent; you, an admitted scofflaw, are defending other scofflaws. Kudos to you for that, I respect a consistent code of ethics.
  • still too many (Score:3, Informative)

    by cyborch ( 524661 ) on Wednesday November 13, 2002 @10:07AM (#4659222) Homepage Journal

    With 605.6 millions of internet users, worldwide (according to kadius [www.nua.ie]) 1-2 one-thousandths of a percent that's still 6056 replies to spam. With that many replies and close to zero cost one could make a decent business... sadly

  • by andyring ( 100627 ) on Wednesday November 13, 2002 @10:09AM (#4659244) Homepage
    Since the early days of my experiences on the 'net, spam has been a problem (1994 is when I first hopped on). Why is this? Obviously, as indicated in the article, spam does indeed make money. Sure, you may get one percent response, but if it only costs a couple hundred $ to send half a million e-mails, at one percent that's 5,000 people replying! Of course we know they're all real net newbies or suckers, but as with anything else, it's 'buyer beware'. In short, people spam because it does indeed work.
  • by reaper20 ( 23396 ) on Wednesday November 13, 2002 @10:10AM (#4659249) Homepage
    Ms. Betterly says she refuses to send e-mails about adult fare, because it "disgraces society."

    Yeah whatever - spammers claiming moral superiority over pornographers. What's next, the RIAA claiming it supports artists?

    Thankfullly, Spamassassin [spamassassin.org] means I don't have to deal with her garbage. Unfortunately it just hides the problem, but at least I get the satisfaction of a "fuck you" when it redirects to /dev/null.

    If you've got an unfortunate friend stuck in Outlook, Cloudmark [cloudmark.com] does a decent job of cleaning up the mess, and Mozilla's soon-to-be turned on anti-spam features are looking nice.
    • by Lussarn ( 105276 ) on Wednesday November 13, 2002 @10:32AM (#4659512)

      but at least I get the satisfaction of a "fuck you" when it redirects to /dev/null


      How about a forward instead.

      info@dataresourceconsulting.com

    • If you've got an unfortunate friend stuck in Outlook, Cloudmark [cloudmark.com] does a decent job of cleaning up the mess, and Mozilla's soon-to-be turned on anti-spam features are looking nice.

      It should be noted that Cloudmark is the newly commercialized version of Vipuls Razor [sf.net], open source and originally developed for Linux/UNIX systems. It works by having a P2P network of reporting servers and a large number of people reporting spam. It then matches your incoming messages against that incoming spam. I think soon they're going to roll out more advanced "fuzzy" algorithms that can detect spam even when it's been subtly altered. It's not 100% effective but it's not too bad, and it's more satisfying to drop spam into the "SPAM Pending" folder, and watch it get reported than simply deleting it. I'd guess it's cut down my spam by about 60-70%. The best thing about the Razor is that a) it can be setup server side, so you don't even see the spam as it's filtered by your mail client and b) it's not easily defeated.

      I've heard reports that some spammers are fine tuning their emails to just miss the SpamAssasin regexs, and stuff like the Mozilla bayesian mail filters only react to what you get, the Razor reacts to what 180,000+ people get.

  • by Anonymous Coward on Wednesday November 13, 2002 @10:12AM (#4659262)
    Here is her website:
    http://www.dataresourceconsulting.com [dataresour...ulting.com]

    And her email:
    laura@dataresourceconsulting.com [mailto]

    You may fire when ready.
    • by Draoi ( 99421 ) <draiocht&mac,com> on Wednesday November 13, 2002 @10:24AM (#4659411)
      That's terrible!! Now her email address is going to get harvested by some spambot. Don't you know she needs that for her WORK ???

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      laura@dataresourceconsulting.com

      Just as well you didn't post her her phone number [wordsinarow.com]

      • Better idea (Score:5, Interesting)

        by IamTheRealMike ( 537420 ) on Wednesday November 13, 2002 @10:52AM (#4659777)
        Set up a mail filter to bounce all spam you get to her address! Genius. Make sure you remember to check her website every so often though so she can't change her address.

        If you're using the Razor you can change your mail filters file to do this. Make sure you bounce the messages as opposed to forwarding them, that way she can't block the addresses, bouncing also doesn't leave a record of where it came from afaik.

        I dunno, if only 20 of us did this, that's 20x the normal amount of spam she's receiving. It'd be hard to find the genuine mail amongst all that. I think she'd get the message.

        • Re:Better idea (Score:3, Insightful)

          by br0ck ( 237309 )
          Set up a mail filter to bounce all spam you get to her address! Genius.

          Beware! My bet is the AC is Laura herself with an evil plan to get everyone to email her account so that she can harvest all those fresh plump addresses. ;)
    • LEGITIMATE protest (Score:5, Insightful)

      by MacAndrew ( 463832 ) on Wednesday November 13, 2002 @03:25PM (#4662697) Homepage
      Before everyone launches a game of Internet doorbell-ditch: it is legitimate to send a real email or make a phone call criticizing what she does (politely -- remember, you're with the good guys). Collectively /. should be able to produce a lot of feedback, at one per person. If she just gets snowed by abuse, so you really think she'll going to think, golly, my ways are in error and I better change jobs? Or just, there are a lot of jerks out there and I better never give another interview?

      Harassment is no better than spam. It's using illegitimate needs to get what you want. She is doing something wrong (ethically if not legally; and in many states, legally too) but that entitles us to complain, not retaliate. Two wrongs don't make a right, something like that.

      She honestly appears not to get it, or is in serious denial. (By contrast, some spammers do appear to have struck a deal with the Dark Prince.) Explain to her, and everyone else, that spam is a serious problem and not just another form of junk mail.

      And most important of all, support laws to regulate spam at the national level, as was done for junk faxes. Make it unquestionable that this hijacking of our tiem and resources is illegal.

      (I do detest spam. When email arrives, half the time I switch apps over it's for junk. Currently 2/3 of my unfiltered inbox is spam, and the number keeps growing. I don't even want to think of the theoretical maximum to daily spam.)
  • Wotta Rip! (Score:5, Informative)

    by cyranoVR ( 518628 ) <cyranoVR@gmail.cTEAom minus caffeine> on Wednesday November 13, 2002 @10:12AM (#4659266) Homepage Journal
    $250 for 500k emails? This morning I was reading about a guy who is selling a million for 20 bucks [computerworld.com].

    Fun quote:

    "I hate spam," he [the spammer, "Steve"] says. "I've gotten death threats. People have threatened to kill my dog. . . . But when you make a thousand bucks in one day, you could care less."

    <sarcasm>Hard to argue with that!</sarcasm>
  • actually.. (Score:4, Interesting)

    by corian ( 34925 ) on Wednesday November 13, 2002 @10:14AM (#4659284)
    With only 65 people filling out a survey to enter a contest, that's not a unreasonably bad chance of winning. Of course, that's assuming the prizes are bone fide...
  • Oh no (Score:5, Informative)

    by nogoodmonkey ( 614350 ) on Wednesday November 13, 2002 @10:14AM (#4659285)
    A quick search on Switchboard shows that she is listed, please everybody call her with your beliefs on spam:

    Laura Betterly
    717 Weathersfield Dr
    Dunedin, FL 34698-7437
    (727)733-5335
  • by Knunov ( 158076 ) <eat@my.ass> on Wednesday November 13, 2002 @10:15AM (#4659291) Homepage
    Good gawd...

    No wonder she chose an 'occupation' that doesn't require interaction with others. She looks [wsj.com] like a smacked ass!

    Blah. It's even a Photoshop filtered black & white picture, which is usually done to make someone look good. They had to do it to her just to upgrade her face to hideous.

    I always figured spammers were ugly.

    Knunov
  • People r dumb (Score:5, Insightful)

    by phritz ( 623753 ) on Wednesday November 13, 2002 @10:15AM (#4659306)
    Ms. Betterly says she refuses to send e-mails about adult fare, because it "disgraces society."
    Pornography is bad.

    But sending people emails about a free Lexus, and then quietly signing them up on additional mailing lists (i.e. deception). . . And abusing ISP bandwidth under a trivial 'opt-in' technicality . . . this is OK?

  • Costs? (Score:5, Insightful)

    by e8johan ( 605347 ) on Wednesday November 13, 2002 @10:18AM (#4659330) Homepage Journal

    What are the costs of this. Let's ignore the cost of infrastructure, wase of bandwidth etc and just assume that each computer user gets 2 spams aday (a low figure, I know).

    We have a group of 1k users, each user makes $25 an hour (or atleast that's the cost the employer sees). If each user spends one minute to remove spam a day, 20 days a month, 12 months per year => 240 minutes = 4 hours = $100 per user and year.

    For this small group (1k users) the cost is $100k per year. Sue her and let her pay!

  • by GGardner ( 97375 ) on Wednesday November 13, 2002 @10:18AM (#4659331)
    This article shows that some spammers are profitable, and the key to shutting down spam is to make it unprofitable. The response rate is so miniscule, it seems like it wouldn't take much of an effort to tilt the economics of spam back to where it wasn't profitable.
    • No. The key isn't to reduce the response rate; the spammers will just increase message volume even more.

      The key is to increase their expenses. Bounce more of their messages back to them; keep their connections (to mail servers) open longer; increase the number of complaints they get via their ISPs; hit them with fines from recipients where that's appropriate.

      This needs to be done morally and ethically, not via hacking or harassment. The spammers claim their time, money, and Internet access is important, and ours isn't; if we make a similar counter-claim, we're no better than they are.
      • This needs to be done morally and ethically, not via hacking or harassment. The spammers claim their time, money, and Internet access is important, and ours isn't; if we make a similar counter-claim, we're no better than they are.

        Morally and ethically, there is a basic difference between starting a fight (what the spammers did) and finishing it (what we are attempting to do). The only constraint upon the latter is that it must be in reasonable proportion to what it takes to curtail and punish the original offense.

        While outright harassment, etc, is uncalled for, the bottom line is that the spammers' time, money, and Internet access are indeed not important -- they forfeited those claims for themselves by undertaking a campaign to steal these things from their victims.

  • How to stop SPAMMERS (Score:5, Interesting)

    by NutMan ( 614868 ) on Wednesday November 13, 2002 @10:19AM (#4659343)
    1. Get some blank checks without an account number on them
    2. Write the spammer a check for the amount they are asking
    3. Use a fake name/address
    4. Mail it to them
    5. They cash it
    6. It bounces
    7. They are charged a bank fee
    8. Repeat Forever
  • by Arcturax ( 454188 ) on Wednesday November 13, 2002 @10:21AM (#4659364)
    With her name and a complaint that she sent us spam, whether she did or not. Let's see how quickly she finds herself permanently without an ISP. :)
  • by Kombat ( 93720 ) <kevin@swanweddingphotography.com> on Wednesday November 13, 2002 @10:22AM (#4659378)
    I have an easy solution, although some might find it a tough pill to swallow. What if ISPs started charging subscribers and affiliates a small fee to send emails? Say, 1 cent per email? For people like you and I, who send maybe 5 - 10 emails a day, that's nothing. But to a spammer, suddenly their cost to send 1,000,000 emails has gone from virtually nothing (I think the number mentioned in the article was $250) to $10,000.

    They'd have to get an awful lot of buys to make back their costs.

    I'd wholeheartedly support a 1 cent/email fee to be imposed across the board, by law, everywhere. Would you?

  • by phsolide ( 584661 ) on Wednesday November 13, 2002 @10:22AM (#4659379)

    Spam is theft, plain and simple. Spammers need to be punished.

    You know who else needs to be punished? Mainline companies like Symantec who hire obvious fly-by-night spammers to slosh crap ads for Noron SystemWorks all over email, and then deny that Norton has anything to do with it.

    About twice a week for the last 6 or 8 months I get the same ad from some theiving yellowbellies. I used to send the ads to piracy@symantec.com. After 10 increasingly strident emails, the neanderthal Symantec hired to insult people who write to piracy@symantec.com finally wrote me back, using both fingers, only to deny the obvious connections between Symantec and the spammers. Hey, unibrow! Do you think I was born yesterday?

    I have sworn NEVER to buy a Symantec product because of this spamming.

    Well, I also use Linux and NetBSD so it's very unlikely I will ever need Symantec's to fix up a crap Windows installation, but still, I've taken the oath.

    • Heh. I send every one of those Symantec ads (with all the headers) to piracy@spa.org and piracy@symantec.com. Since they didn't have anything to do with them, the spammers must be illegally diverted or other infringing copies for those low prices they offer! And of course, Symantec would want to do something about that . . . :)
    • by Lumpy ( 12016 ) on Wednesday November 13, 2002 @12:12PM (#4660680) Homepage
      I have a solution for you.... make a mailer filter that forewards every symantic email to sales@symantic.com abuse.symantic.com piracy@symantic.com etc....

      they will eventually stop.... it worked for me.... No more microsoft spam.... I just have an autoforeward to about 7 of their email addresses whenever a microsoft spam hits.... they stopped sending to me over a month ago...

      dont bug the spammer, bug the company listed in the spam... make their spam bite them in the arse.
  • by Alexius ( 148791 ) <alexius&nauticom,net> on Wednesday November 13, 2002 @10:23AM (#4659388) Homepage
    We know:

    Her name: Laura Betterly
    Her kids names: Chris, 10, and Craig, 11
    The city she lives in: DUNEDIN, Fla
    What her house is like: 5,000-square-foot home, with a pool
    And it even had a picture of her.

    A quick Google turns up:

    Betterly, Laura
    717 Weathersfield Dr.
    Dunedin, FL 34698-7437
    United States
    (1) 727-447-2037
    (1) 727-468-2037

    -----------
    How about someone in Florida drive over there and tell her that the other 99.999% of her email recipients are wishing her bodily harm, and also that they know where she lives.

    Hell, why don't we all call her?
  • by UID30 ( 176734 ) on Wednesday November 13, 2002 @10:23AM (#4659397)
    This is the same scam that phone companies run.
    1. Sell telemarketers lists of names & numbers
    2. Sell consumers anti-telemarketer services
    3. Sell telemarketers ways to bypass anti-telemarketer services
    4. Sell consumers NEW Improved anti-telemarketer services
  • by bigmouth_strikes ( 224629 ) on Wednesday November 13, 2002 @10:23AM (#4659398) Journal
    ...who actually reads the emails ? Even if I was so oblivious that I didn't filter my emails, I would never dream of supporting the spammer. Even if I accidently read a spam and then amazingly found the product/service interesting, I would not respond to anything in the spam.

    > He also hunts for new ways to get around
    > software that tries to filter out spam and to
    > get people to open his e-mails.

    With a response rate as low as 0.002%, do they expect that the people that install and run spam filters are the most likely to respond to spam ?

    It's depressing to see how irresponsible the ISPs are, letting them off the hook so easily. They owe it to their customers to shut down the spammers, not just warn them if they get many complaints.

    Like the "spam queen" said, It's a numbers game. If people bothered complaining, they'd really feel what people think about them.
    • by Mr_Silver ( 213637 ) on Wednesday November 13, 2002 @10:47AM (#4659688)
      ...who actually reads the emails ? Even if I was so oblivious that I didn't filter my emails, I would never dream of supporting the spammer. Even if I accidently read a spam and then amazingly found the product/service interesting, I would not respond to anything in the spam.

      Last time I commented on this, I got accused by some idiot of being a troll. Interestingly enough it was still modded to 5 and considered "Insightful".

      The biggest problem with spam is ... the response rates. That is users who actually are dumb enough to open up the email and then reply to it.

      If everyone in the whole world suddenly got a clue (and it won't happen) then the response rate for junk emails would be nothing, nada, zip, 0 people and 0%.

      Exactly how long would a spamming organisation be able to stay in business if they couldn't even guarantee that in a 6 million mailout, they could not get one sale?

      With a response rate as low as 0.002%, do they expect that the people that install and run spam filters are the most likely to respond to spam ?

      No, because if you've installed it yourself you're too tech savvy and very very unlikely to buy anything from them. They're gunning for the uneducated masses. Those that do reply.

      A 0.002% response rate for 3 million emails is 6 thousand responses. Despite the low percentage, that bold figure is enough for many unscrupulus companies to go "hell yeah!".

      Email spamming is quick, cheap and it's easy. So quick, so cheap and so easy that it's seen as worthwhile even if you only get 50 responses. Until that number drops to 1 or 2 then we'll all have to look at other ways of stopping the menace.

  • by swb ( 14022 ) on Wednesday November 13, 2002 @10:24AM (#4659410)
    The article showed a pie chart detailing the things spam was selling, and it only indicated "scams" as being 4%.

    I'd have to say that only 4% of the spam I get (when I review my spamassassin mailbox for false positives..) to be anything approaching legitimate products and services.

    Almost all of it is for penis enhancers (surely fraudulent), fake viagra (ditto), stock schemes (pump 'n' dumps), "financial offers" which are surely either pump-n-dumps or deals so loaded with fees they stretch the definition of legitimate, bogus health products (HGH and the like), and porn, which is far higher than the 12% indicated.

    Since this is the WSJ we're talking about, I wonder if this isn't some editorial attempt to de-marginalize spammers and the borderline legal crap they push, with the goal of ultimately softening the opposition so that the big-name direct marketers can start in on this too. Claiming only 4% fraudulent content is stretching the imagination pretty thin.
  • by Lumpish Scholar ( 17107 ) on Wednesday November 13, 2002 @10:25AM (#4659428) Homepage Journal
    Ms. Betterly ... only sends bulk e-mails to people who have indicated at some time that they want to hear more about certain products or offers. People do that, some unwittingly, when they sign up for free e-mail accounts or create chat-room identities or buy products online. Many Web sites ask users whether they are interested in receiving marketing offers and ask them to check -- or, more likely, uncheck -- an obscure little box if they don't want to receive that kind of e-mail.... Because Ms. Betterly's e-mails aren't, in the strictest sense, unsolicited, she doesn't consider them spam. So she isn't breaking any rules when she sends hundreds of thousands of messages ...
    In her mind, anyone who agreed to accept any e-mail about anything, ever, has "opted in" to every list he or she hasn't explicitly opted out of.

    In her mind, her time with her children is important, your time, and my time, weeding through UCE is not important.

    In her mind, she's a moral and ethical person.

    She's not out of her mind; she's just buried too deeply in it.

    P.S.:
    Ms. Betterly says she ... doesn't forge or falsify the message header.
    And I am Marie of Roumania.
  • by Andy Dodd ( 701 ) <atd7@@@cornell...edu> on Wednesday November 13, 2002 @10:43AM (#4659627) Homepage
    While Betterly is one of the "lesser" spammers, the problem is that in this day in age, people are AFRAID to use opt-out/unsubscribe instructions.

    Why?

    Because using such instructions is the #1 way to get your email address propagated to more spammers. Anyone who knows anything about dealing with spam is that the #1 rule is not to do ANYTHING that could be used to validate your address. The only response to a spam that won't do more harm than good is a "User unavailable" or other similar delivery failure bounce message. Maybe Betterly actually removes people who wish to opt-out, but most spammers don't, and that's why all of this opt-in and opt-out bullshit will never work.
  • Forging Headers... (Score:5, Insightful)

    by radtea ( 464814 ) on Wednesday November 13, 2002 @10:50AM (#4659738)
    This asshole says she doesn't do anything dishonest. In particular:

    She doesn't forge or falsify the message headers;

    But at the far end of the article we read about her computer guy:

    ...he's found people are more likely to open e-mail if it appears to be from a real person, so he types his friends' names on "from" lines. "The trick is to make it look personal," he said as he tapped out commands on his computer. "You want to make it look like it comes from the guy in the cubicle down the hall."

    Ok, so isn't the "from" line in in some narrow, literal, technical sense, part of the message header? --Tom

  • Spam sucks (Score:3, Interesting)

    by Dexter's Laboratory ( 608003 ) on Wednesday November 13, 2002 @10:52AM (#4659770)
    [...] 15.8 million messages he sent out. They promoted antispam software [...] someone read the spam about the antispam software and bought the product for $57.

    It's sad enough that they have to promote antispam software by the means of spam, but for someone to actually buy it? I mean, who would take the time to read spam in order to stop spam?

    Ms. Betterly says she refuses to send e-mails about adult fare, because it "disgraces society."

    Well, at least Ms. Betterly is a "better" person. I am glad to hear that.

    In the first week of the Triumvirate Technologies campaign, 81 orders came through from 3.5 million messages, a 0.0023% response rate.

    Much ado about nothing, anyone? Seems like a lot of damage just to gain $1,555 (ok, I'm a student and $1,555 is a lot of money, but STILL!)

  • by limekiller4 ( 451497 ) on Wednesday November 13, 2002 @10:54AM (#4659803) Homepage
    From the article:
    "WorldCom says that if problems with a spammer persist, the company will send increasingly stern notices and eventually cut off service."

    Stop! ... Or we'll say 'stop' again!
  • by asv108 ( 141455 ) <asv AT ivoss DOT com> on Wednesday November 13, 2002 @10:59AM (#4659881) Homepage Journal
    Why she thinks pornography is bad with a face like that [wsj.com]. She doesn't even need to dress up for Halloween. When I saw her face the first thing that popped in my head was "Monty Python and The Holy Grail:"

    She's a Witch! She's a Witch! Burn Her! Burn Her!

  • by Sarin ( 112173 ) on Wednesday November 13, 2002 @11:00AM (#4659890) Homepage Journal
    "He labors over a message's subject line; he's found people are more likely to open e-mail if it appears to be from a real person, so he types his friends' names on "from" lines. "The trick is to make it look personal," he said as he tapped out commands on his computer. "You want to make it look like it comes from the guy in the cubicle down the hall."

    They must be very lucky to be friends with this nice guy. I bet they get all kinds of exotic offers like "sleeping with the fishes" and stuff.
  • Anti-spam system (Score:5, Interesting)

    by DeadSea ( 69598 ) on Wednesday November 13, 2002 @11:14AM (#4660036) Homepage Journal
    Being fed up with the amount of spam that I receive, I took preventative measures. I was up to about 150 spam each day. I tried filters, the best I could do was get rid of about half of it. Too many false positives. I lost email from friends. I thought about switching to the new bayesian filters I'd read about on Slashdot, but they don't seem that mature yet and anyway, I thought of a better solution.

    First I bought my own domain name. This allows me to enable new email addresses at any point. I have an unlimited supply. I can create a new email address for anything that I want. Anytime I buy something, I enable an email address with some number and the name of the company in it. Anytime I post to usenet or ask somebody for help from somebody I create a new email address for that purpose. I give all my friends a private email address and ask them to be careful with it.

    This means that I can also disable email addresses. I send an autoreponse to any disabled email address saying, "You attempted to send deadsea email, but you used an address that gets too much spam". I then can give them a URL for a contact form if they really need to contact me.

    The contact form is the best part though. If you go to my website, the contact form lets you send me email but never reveals my address. It uses an alias system. That means that my addresses won't be harvested to begin with. I made the contact form available under the GPL [ostermiller.org] so you can use it too.

    So people can email me, but if I start getting spammed, I can disable an address and people can still contact me. Sure its a pain to have to use the contact form, but it doesn't happen that often. When it does happen, I reply with an email address that can actually be used to contact me.

  • 275 messages read... (Score:4, Interesting)

    by coyote-san ( 38515 ) on Wednesday November 13, 2002 @11:18AM (#4660077)
    One of the most damning comments in the article seems to have been overlooked.

    "Two days later, 275 messages were opened (out of a half million, remember) and 65 surveys completed...." (paraphrased). Gee, how the hell did she know how many messages had been read?

    Maybe she's just counting the number of hits on a specific image on her server... but it seems much more likely that she's using a mailbug. If only 275 people, out of 500,000, even opened the message then these are the morons you want to include in all future mailings.
  • by inkfox ( 580440 ) on Wednesday November 13, 2002 @11:39AM (#4660296) Homepage
    Absolutely the best way to handle these people is to consume their resources. The most easily diminished is time.

    Visit a spammer's website and gather some contact information, then fire off an email. Don't be shy about including your phone number, suggesting you might be interested in mass mailing.

    A couple minutes with pen and paper and you can probably come up with enough questions to keep them busy for an hour, asking about the effectiveness of their marketing technique, options, haggling on payment, so on and so on. If this type thinks there's any chance of completing the transaction, they will stay on the line for a long time. Never tell them off, leave them constantly wondering if you're another perspective client.

    It's not dull. You learn quite a few things about the type of person who will do something like this. It's an insight into a pretty twisted world, and it's several million spams they won't get out.

  • by Alan ( 347 ) <arcterexNO@SPAMufies.org> on Wednesday November 13, 2002 @12:36PM (#4660965) Homepage
    Well, I could "make a living" selling small boys to pedophiles, or gassing kittens or beating up people on the street for gangsters, but that doesn't make it right.

"The only way for a reporter to look at a politician is down." -- H.L. Mencken

Working...