Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Spam

A Timeline Of Spam And Antispam 161

Posted by timothy from the yes-that's-evil-vs.-good dept.
Haak writes "American Scientist has a fine article by Brian Hayes summing up the history of spam and proposed measures to deal with it." A shorter article along the same lines is running at The Economist.
This discussion has been archived. No new comments can be posted.

A Timeline Of Spam And Antispam More

A Timeline Of Spam And Antispam

Comments Filter:

  • Interesting Perspective (Score:5, Interesting)

    by ankleteeth ( 646346 ) <ankleteeth@@@toble...com> on Sunday April 27, 2003 @08:27PM (#5821938) Homepage
    The article sums it up well, but is this something that is going to ever stop? SPAM to me seems like another one of those things in life like drug dealing for instance. Whatever tactice we take to stop or outlaw it, people are always going to find a way around it. The stronger we make our SPAM filters, the more normal desired mail that is going to get blocked. DOn't get me wrong, I hate Spammers, but I dont see how any of these solutions are going to work. Thats my opinion at least, but as the article says, I suppose suing spammers might have a good effect.
    • SPAM to me seems like another one of those things in life like drug dealing

      I know it's not the main point you were trying to make, but I don't think this is a valid analogy. Drug dealing is a 'victimless' crime in which all parties concerned are consenting. Spamming is not.

      • Yes, a good point, I was'nt thinking of a very good analogy to this, but was just trying to state, that whatever you try to do to stop it, someone out there is still going to be producing/selling it, or whatever, but i agree it is a poor analogy
      • Drug dealing is a 'victimless' crime in which all parties concerned are consenting.

        So all of the people that get killed by stray bullets in drug deals gone bad consented to being shot? Drug dealing is not a victimless crime.

        • Re:Drug Dealing is NOT a victimless crime (Score:4, Insightful)

          by Dyolf Knip ( 165446 ) on Sunday April 27, 2003 @11:03PM (#5822570) Homepage
          Drug deals being conducted with guns is entirely a consequence of their being illegal. You may note that gang warfare over alcohol is rather hard to find nowadays, but it was quite intense during Prohibition and in fact is a going concern over in Saudi Arabia where (purely coincidentally, of course) it's illegal.
    • Whatever tactice we take to stop or outlaw it, people are always going to find a way around it.

      Lifetime imprisionment for spammers? (they're lucky because i'm agaisnt death penalty...)
    • The article sums it up well

      And that's all it does. The article itself doesn't have any new information, insight, or anything to help in the process of eliminating spam. But I guess it's good reading for someone who hasn't had an email account for the last 9 years and is just now becoming interested in what happened to the spam-free email of 1994.

      but is this something that is going to ever stop?

      This article won't as it doesn't provide anything new. Paul Graham's articles of last year and this year

      • Bayesian is the answer to spam. Once you try it you won't go back. :)

        I agree to an extent. I started using Bayesian classification since Mozilla 1.3a (I think) implemented it.

        After a couple weeks of "training", it was dead-on accurate. Very little slipped through.

        It's been a few months now, and it's gotten worse. Much of my spam seems to be one-liners like "Here's that URL we were looking for: ..." Others contain mis-spellings in common spam-related words, and slip by the filters.

        Marking the ones that
        • Have you been training your filter against a corpus of known "good" messages as well as the bad? I haven't tried bayesian filtering (I keep having to delete the bayesian scores that spamassassin keeps generating, because it keeps training itself on the wrong messages), but I have been keeping every single piece of spam that makes it past my current filters in order to feed them into a bayesian scoring system (as well as a bunch of good mail.)

          I'd be curious to know if you had the same problem with false p
          • I'm honestly not completely sure how Mozilla implements Bayesian classification, but I was under the assumption that it did do both. Paul Graham's method involves a corpus of good and bad, and provides for a method to move a message from one corpus to the other (eg, when marking a message as spam, it's removed from the "good" corpus and added to the "bad").

            So I assumed Mozilla's implementation was following Paul's specification, but I could be wrong. I do know that, prior to the newer types of spam message
        • Agreed. Bayesian all by itself is not perfect. But Bayesian can do 95% of the work reliably, and a little extra filtering can take care of the rest.

          I personally advocate Bayesian along with some simple keyword filters that contain mostly known spamvertised domains or spam sources. If it is kept up-to-date that helps.

          It's been a few months now, and it's gotten worse. Much of my spam seems to be one-liners like "Here's that URL we were looking for: ..." Others contain mis-spellings in common spam-relat

    • SPAM to me seems like another one of those things in life like drug dealing for instance. Whatever tactice we take to stop or outlaw it, people are always going to find a way around it.

      There are two basic differences between spamming and drug dealing:

      1. Spamming produces relatively modest profits for its most successful perpetrators. Major drug dealers routinely make millions of dollars a year. Thus, the former are far less likely than the latter to accept a prison term as an acceptable cost of doing

    • Your drugs / spam analogy may seem to hold, but does not really. The economics of drugs is that if you ban it, but a lot of CONSUMER desperately want the product, then you'll STILL have drugs beign sold. Note I am not saying that if the drug dealer wants to sell it, they will sell it, the one that's putting the money, the consumer, will be the one rasing the offer so that he can have it.

      Spam, on the other hand, only pleases the distributor (the spam services provider) and the producer (seller of the penis

    • Re:Interesting Perspective (Score:1, Informative)

      by Anonymous Coward
      I agree with you completely.

      However, I did see one paper on this which was submitted to the IETF ASRG which was pretty neat on relatively new methodologies to eliminate spam.

      You can find it here - Eliminating Spam: Protocol and Infrastructure Changes [chaoszone.org]
      .
  • I feel that SPAM should be considered like Telemarketing. And I think we should be able to opt out without notifying someone that our email address is life and getting filled. Interesting Article..I knew about the Green Card lottery, but I didnt know about DEC sending emails to people.
    • The problem arises in that how do you get off someone's personal list? If they were pulling from a centeral repository then yes this would be fine. However most spammers use their own lists (or ones they bought). The best way to get off the list is to not be on it in the first place.

      rus

  • For you Viewing Pleasure (Score:5, Interesting)

    by Michael's a Jerk! ( 668185 ) on Sunday April 27, 2003 @08:33PM (#5821974) Homepage Journal
    We Present the world's first Make Money Fast Spam [google.com]

    • And Now... (Score:5, Informative)

      by Michael's a Jerk! ( 668185 ) on Sunday April 27, 2003 @09:22PM (#5822115) Homepage Journal
      According to This Site [templetons.com], The earliest spam was sent by DEC in 1978.

      Einar Stefferud, a longtime net hand, reports that DEC announced a new DEC-20 machine in 1978 by sending an invite to all ARPANET addresses on the west coast, using the ARPANET directory, inviting people to receptions in California. They were chastised for breaking the ARPANET appropriate use policy, and a notice was sent out reminding others of the rule.

      Interestingly, a young Richard Stallman argued [templetons.com]that spammers had every right to send spam.

      • Re:And Now... (Score:2, Informative)

        by jnana ( 519059 )
        Interestingly, a young Richard Stallman argued [templetons.com]that spammers had every right to send spam.

        But he retracted in the very next email:

        Well, Geoff forwarded me a copy of the DEC message, and I eat my words. I sure would have minded it! Nobody should be allowed to send a message with a header that long, no matter what it is about.

      • Dating Service for RMS (Score:1, Funny)

        by Anonymous Coward

        4) Would a dating service for people on the net be "frowned upon" by DCA? I hope not. But even if it is, don't let that stop you from notifying me via net mail if you start one.

    • Before responding, here is what the post office says regarding a chain letter get rich scheme.
      http://www.usps.com/websites/depart/inspe ct/chainl et.htm

      Just needed to post the counterpoint.
    • umm...as i recall this is a pyramid scheme and is also quite illegal. i think this goes beyond the realm of spam(unless people start getting spam about hitmen or drugs or something).

  • Moo (Score:1, Funny)

    by NanoGator ( 522640 )
    Beef, the anti-spam.

  • Well.... (Score:5, Funny)

    by Gefiltefish ( 125066 ) on Sunday April 27, 2003 @08:52PM (#5821993)

    I'm gonna need all that money from Nigeria to afford the necessary penis enlargement and credit rating accentuation!

    Examined from the inside, the world of spam has created its own perverse little self-sustaining ecosystem.

  • Look at the stupid spammer (Score:5, Interesting)

    by NewtonsLaw ( 409638 ) on Sunday April 27, 2003 @08:59PM (#5822015)
    Today's Aardvark Daily [aardvark.co.nz] shows exactly why spam is the problem it is -- there are too many stupid people out there who believe they can get something for nothing.

    Check out just how lame the spammer in question is and how, in his world, the word "free" has a whole different meaning to the one most people have.

    Despite his blatant misrepresentations and the fact that he's promoting his scam via spam, this guy has got people queuing up to hand over their "stupidity tax".

    What's worse though is that the spammer is so lame he's effectively exposing the credit card details of *all* those who sign up. You even get to look inside his two email accounts because he doesn't have a clue about choosing sensible passwords.

    We're quick to blame spammers for the problem but maybe the truth is that the tide of spam is driven more by the stupid and greedy people who respond to these "too good to be true" emails.

    • It reminds me of a soda tv commercial I saw couple years ago:
      Two d00des are watching tv commercial for the soda they drink. They see awesome bikini-clad girls dancing on Hawaiian beach, drinking the soda, all in LSD-inspired colors. One of the guys sips from his can and exclaims: "mine is busted".

  • Antispam (Score:5, Funny)

    by Tuxinatorium ( 463682 ) on Sunday April 27, 2003 @08:59PM (#5822017) Homepage
    *scotty voice*
    Captain, the spam/antispam reactor is gon ta blow!! I cant give ya any more porno!

  • Origin of Spam (Score:2, Funny)

    by Shazow ( 263582 )
    The beginning of spam:
    Moses brought down the ten commandments.

    Result:
    Related spam has grown exponentially into dozens of religions.
  • I don't see how to create anti-spam without some form of identification, simply because without an ID, anyone could use a mail type system to send junk messages to people and not get caught - because there's no ID, of course!
    • Just set up a procmail filter to block any mail that isn't signed or encrypted with PGP [openpgp.org].

      Of course, you'd miss out on a lot of legitimate mail.

  • The war on spam/drugs (Score:1, Informative)

    by Anonymous Coward
    Not that we should not pursue anti-spam countermeasures but spam will never clearly fully go away. Its like warez, its like mp3's, its like drugs, its like this, that and everything. You can try but you'll never really get a hold on it. Minimise it as much and as conveniently as you can, but as soon as you start spending ages trying to outlaw it you will find you've wasted more time than it would have taken to delete the spam and move on with your life.

  • We owe a lot to anti-spam fighters (Score:5, Informative)

    by bigberk ( 547360 ) <bigberk@users.pc9.org> on Sunday April 27, 2003 @09:10PM (#5822071)
    Anti-spam activists go to a lot of trouble to help locate and identify people and groups responsible for flooding the net with spam (or who provide spamware to misinformed laypeople). These same good-doers are often sought out by spammers, sued by groups of them, have their privacy invaded (release of home phone, address) in effort to scare them into shutting up.

    I am not kidding here. Take a look at some of the projects that scare the hell out of professional spammers:

    spamhaus [spamhaus.org] keeps an exhaustive list of major spam operations.

    SPEWS [spews.org] lists areas of the Internet that have frequently be used for spamming, including detailed evidence files and histories of ISPs that turn a blind eye to spam.

    Spamware vendor list [demon.co.uk] has a listing of sites that sell spamming software -- without which we would have little or no spam.

  • There's a Reasonable, Albeit Draconian Solution: (Score:5, Insightful)

    by NeuroManson ( 214835 ) on Sunday April 27, 2003 @09:19PM (#5822102) Homepage
    About 7 years back, when the WWW was still cutting its teeth, I had an epiphene; The best thing about the internet, is now everyone can use it. The worst thing about the internet, is now EVERYONE can use it.

    Simply put, we should require some form of an operators' license to own or operate a computer. Despite there being radical differences between the types of machinery, an adequate comparison would be to either automobiles or firearms licensing legislation.

    Before anyone makes the claim that this is not an adequate comparison, if could be eventually, the financial costs of such practices is matching, and quickly overtaking those of firearm and auto related damages. With time, eventually it could cross over to life threatening potential (for example, if someone decided to make a virus with a specific angle, wiping out or modifying records for grandma's prescription drugs).

    (1) The majority of abuses involving computers involve people who consider themselves "above the law", with no care in regards to potential damages that abusing the system can incur. Virus writers, spammers, script kiddies, warez distributors and DDOS operaters often fall under this category. For sake of comparison, lets file this under speeders, reckless drivers, drunk drivers, or road rage. Similarly, the comparison can be made for firearms.

    (2) The majority of problems that occur within the computer industry and most media involve people who are poorly trained (or not trained at all), or poorly advised in using their computers. People who do not patch their systems, do not operate a firewall, and open e-mail attachments to unleash every iteration of klez upon the net. This one can be filed as those who pretend a car or a gun is a toy, and treat them accordingly.

    (3) Despite the whole "for the children" trend in regards to the internet, there is no practical method to truly enforce it without trampling every detail in the constitution. Therefore, unlike most offered solutions, informing and training the young'uns in how to go about using a computer responsibly would be ideal. Similarly, do the same with new computer users. Give them a basic course, then a test, and upon passing said test, they can purchase their own computer.

    The problem is, as illustrated by current tech problems, along with the e-commerce industry's shortcomings and varied collapses, Joe Sixpack tends to think of the computer as an appliance. A new magical alternative to the TV that can make all their dreams come true. They need to be informed that the computer is a tool. And just like any tool, it can be abused, and that there could be consequences, something that most of them are for the most part either ignorant to, or even defiant of. Therefore, if they have this knowlege, then they cannot claim ignorance, and as such could finally be enforced, then charges can be pressed, and at least for the short run, problems can be avoided.

    After all, if they could lock away Mitnick (sp?) for over 5 years for downloading a few files, why can't they lock away a virus author or spammer for operating without a permit? At least that way they can set a precedent. Hell, I'm sure a good deal of spammers out there are in violation of other things, such as unpaid taxes, working without a business license, et al. And how many of them use their proceeds towards drug use, pornography, etc? Make the bill tough enough and at least the spammers in the US can be eradicated virtually overnight.

    There. The can of worms is open. Feel free to bait a hook.
    • Yeah, I thought of requiring a license a long time ago too. You can see at http://www.foobarsoft.com/opinions/internetproblem sandsolutions.shtml [foobarsoft.com]. Of course, the real problem with this is that you'd have to get every country to agree to do this and make sure no one cheats and such. It would have been nice long ago, but it's way too late in the game to do it today.
    • After all, if they could lock away Mitnick (sp?) for over 5 years for downloading a few files, why can't they lock away a virus author or spammer for operating without a permit?

      Simple.

      Money.

      Mitnick's foes' lawyers claimed billions of dollars (that's laywer dollars, not real dollars, of course) of damage to the people padding the politician's pockets.

      When spam gets there, we could count on the jack-booted thugs raiding a place or two in the night. Unfortunately, the spammers are getting richer, and trying

    • We license drivers. How many idiots do you see on the road every day when you drive to and from work, who do not pay a penalty for being idiots? Think licensing computer users would be any more effective?

      Then again, I think driver licensing is too lax anyway. Changing a tire should be a required piece of it unless you are physically incapable of doing it.

      • "We license drivers. How many idiots do you see on the road every day when you drive to and from work, who do not pay a penalty for being idiots? Think licensing computer users would be any more effective?"

        Ahhh, but then what would insurance companies do for a living? Get a real job? No, wait...
    • "Simply put, we should require some form of an operators' license to own or operate a computer. Despite there being radical differences between the types of machinery, an adequate comparison would be to either automobiles or firearms licensing legislation."

      That's going in exactly the wrong direction. All the anti-spam solutions that aren't succeeding against spam (but you really should make sure you define "succeed" if you don't want to err in this sort of statement) came from people you would (I presume

  • How I've Cut Down My Spam (Score:5, Informative)

    by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Sunday April 27, 2003 @09:19PM (#5822104) Homepage
    My e-mail address is plastered all over the internet, and I don't feel like changing it. I have been getting more and more spam, but I've got it pretty much under controll. For the record I get 20-30 e-mails a day, only 0-2 of which is ham. Here is my little anti-spam journey.

    First I ignored it. This worked for a while, but my paitence didn't grow nearly as fast as the spam volume (I've been on the net for years, so I remember when spam was a rare occurace). These are only the major things. I've tried others here and there.

    Next I started using MS Outlook's built in spam catcher. This is basically a blacklist that you maintain that you can easily add things too. This actually worked somewhat well, but as the use of forged addresses (and just plain random ones) grew, this became less effective.

    Next I started to use SpamNet. I used this up untill about last week. This used to be somewhat effective, and in the last month or so has been almost completely effective. This is the most wonderfull anti-spam device I've used. It was great near the end of the beta. But now it's out of beta and I'm not going to pay $5 a month to stop something I shouldn't get in the first place. Sorry Cloudmark.

    When Spamnet started, it was pretty effective, but still left a decent amount to be desired. So I searched around and found SAProxy. This program let's you run Spamassassin on Windows, and the combination of this and Spamnet worked wonders. As Spamnet got better, this became more or less useless.

    Unfortunatly, I had to get rid of Spamnet, due to the afformentioned monthly fee. So now all I have is SAProxy. It does work great, and it does get better with each new release. Now only about 3 messages a day get through, which is quite fantastic. Only 5% or so of the spam I get gets though. I could set the limit lower (to catch more spam) but right now I don't have to worry about it catching ham (it never has for me) and I don't want to have to start wading through my spam folder to check for ham. I thought I was using this stuff to not have to do that in the first place?

    So in short, I'm now using SAProxy and quite happy. If there was a free version of Spamnet, I'd use it, but there isn't. If you're on Windows and have a supported e-mail client, get SAProxy, and save yourself a huge headache.

    So what will I use next? I've been thinking of setting up a perl script to automatically find the home address of people who spam me and sending them a few ICBMs with notes attached like "HOW TO WIN AT EBAY WITH FREE CHEAP ICBMS THAT INCREASE YOUR SEXLIFE AND GROW HAIR."

  • Spammers are trying harder (Score:5, Interesting)

    by waynemcdougall ( 631415 ) <slashdot@codeworks.gen.nz> on Sunday April 27, 2003 @09:23PM (#5822116) Homepage
    I would have thought that spammers wouldn't expend much effort at trying to get around sophisticated anti-spam techniques. After all, if you go to the trouble to block spam, you're probably not going to respond.

    But of course some of the spammers get paid based on how many 'eyes' (or HTTP requests) are generated, so if they can just get through to an Outlook Express preview pane, it's worthwhile....until 'marketers' wise up.

    By virtue of having my own domain name, outside of the United States, I now receive 1200+ spams a day (and noticeably increasing). People who advocate 'just hitting the delete key' make me fume. That's a lot of delete key. And a lot of time. I've now reached the point where false positives on spam detection by automated software are less likely than me hitting delete one too many times. Thanks to DNSBL I can reduce spam from 1200+ a day to 10 a day, and Paul Graham's Bayesian filtering reduces that down to 2 or 3 a week.

    I'd like to share some recent observations I've made - I haven't seen this referenced elsewhere but maybe I don't know where to look (so feel free to point me where this is mentioned elsewhere).

    First a minor observation that spam increases markedly on the weekends - because peop,e aren't around to close down open relays or spamming accounts?

    Secondly, spammers have started adding non-spammy words (eg capacitor) and constrcuted nonsense words (capacitorsggg) inside their messages. I can only see this as a direct response to Paul Graham's approach. I don't see it as working - the rest of the message is just TOO spammy - but it sugegst to me that spammers see such an apprroach as a threat. I've seen these words sprinkled at the start of plain text emssages and after the /body> /html> of HTML messages.

    Thirdly, what I've recently noticed is that a spammer will connect to my mail server, say HELO, do a MAIL FROM: and then QUIT. Then they connect to my system again and use a HELO command that is my OWN IP address. They also include a fake Received header that makes it look as though the message originated from my own machine. Nice try you scummy spammers. SpamCop is smart enough to see through that ploy. I wonder how other system's will respond.

    Fourthly, I've noticed that often when I complain to SpamCop I become the victim of a JoeJob [cotse.com]. Currently I'm getting all the delivery failures coming back to random alphanumeric usernames at my domain. Sigh. Time to strip off my domain when I lodge SpamCop submissions eh?

    • Re:HELO forging and detecting (Score:4, Informative)

      by dmeranda ( 120061 ) on Monday April 28, 2003 @04:53AM (#5823463) Homepage

      I too have noticed that the vast majority of spammers now seem to forge the HELO/EHLO greeting. And as most non-spammers don't, this is actually a wonderful way to catch them. I've even seen them send the IP address of my secondary mail gateway in hopes that my primary mail server would fully trust it (obtained probably by looking up my MX records). I run a mail gateway for a corporate domain an get on average 30 to 40 thousand spams per day. Using sendmail [sendmail.org] with it's milter [milter.org] programming interface I put the HELO greeting though a very strict check. For those contemplating doing the same...

      • Per RFC 2821 [ietf.org], the HELO greeting string should be either the FQDN of the sending hostname, or the IP address of the sending system in SMTP syntax (e.g., [1.2.3.4] or [IPV6:abcd::1234]
      • Most spammers don't even bother with a domain name, using a random greeting like "sqss7e". If it doesn't have a domain, throw it away. Same if you see an IP address without the [] brackets; it's another dumb spammer that can't read the RFC's.
      • Sometimes spammers don't even hide their spammy-sounding names in the HELO greeting even though they go to a lot of trouble to make up legitimate From headers. A good regular expression check for common words like "offers" or "optin" in the HELO greeting can work wonders (but use caution).
      • When checking if a spammer if forging your own address, be sure to check for ALL hostnames under your domain (say you have acme.com, then check for both "acme.com" and "*.acme.com", and use a case-insensitive comparison). Also check for ALL your possible IP address even if you don't use them all. A remote site using your own IP or hostname is never legitimate.
      • If you are running a gateway, you need to treat outbound versus inbound messages differently. This can usually be done by checking the connecting IP address to see if it is one of yours. Also be sure to check for 127.*.*.* and ::1 (IPv6).
      • Be aware that some mail clients are broken and don't send conforming HELO greeting; this includes Mozilla (see Bug 68877 [mozilla.org]). So don't be too agressive with your HELO checks for mail originating from the inside of your organization.

      One last note about Forged AOL Spam after talking to one of their postmasters...all their legitimate mail by corporate policy is always sent from within the *.aol.com or *.aol.net domains. This will be in both the HELO as well as a reverse DNS lookup of the connecting IP address. If you don't see this in the HELO and DNS but you see a MAIL FROM for aol.com, it's probably spam.

      I wish more big ISPs would provide public information about how to better detect forged mail claiming to come from their sites. For instance if I see a MAIL FROM *@yahoo.com, then should the connecting IP address always be from a *.yahoo.com host? Some ISP's like hotmail seemingly always add in a known predictable header whose absence indicates spam. But I can't reliably make these calls unless the ISPs provide that information. Also, beware that some semi-legitimate sites, like Monster.com [moster.com] forge the sending address on purpose; so if you want to receive resumes you may need to whitelist them.

  • From the article... (Score:5, Funny)

    by ktakki ( 64573 ) on Sunday April 27, 2003 @09:26PM (#5822128) Homepage Journal
    A few consulting firms and foundations have also surveyed the volume of spam. Jupiter Research estimates that the average e-mail user gets about 2,200 spams a year, and the Gartner Group says that corporate e-mail is 25 to 35 percent spam.


    In 2002 I received over 18,000 pieces of spam, for a total of 163 megabytes. Compare this with the year 2000 (6 MB) and 1996 (183 KB). Based on the spam I've gotten so far this year, 2003 should see a bumper crop of 25 to 30 thousand pieces. This is just my POP3 account, and not my venerable Hotmail account that's now a smoking hole in the ground.

    If I'm ever lucky enough to meet a spammer in person, I will kick him in the nuts repeatedly, until he sings soprano. Of course, I'll be chanting "Just hit Delete...just hit Delete" the whole time.

    k.
    • In my POP3 acct Spam received so far: none I've had the account for over a year. I managed to acheive this simple feat by only giving my address to people i kow aren't stupid or assholes. I get about one spam a day that ets past yahoo's filters in the address my slashdot account is attached to.
      • I can't say that I haven't given my address to people who "aren't stupid or assholes", but I doubt that this is the vector for most of the spam I receive.

        You say you've had your POP3 account for over a year; I've had mine for nine years. In that time, I've posted it to Usenet, used it as a mailto: on web pages, signed up for things with it, and used this address to register domains, always unmunged, sans "NOSPAM" or "remove this" or "@@@".

        Even if I'd done none of these, or did munge my address, I'd still
    • "over 18,000 pieces of spam"

      Maybe its time to stop posting your email everywhere on the net.
    • How about holding spammers to their promises?
      I mean considering commercial emails to be
      contracts, so if they promised "free $$$",
      they have to give them to you. All those penis
      enlargement promises could become very exciting
      for those eligible if fulfilled sequentially :-)

    • Re:From the article... (Score:3, Insightful)

      by sholden ( 12227 )

      In 2002 I received over 18,000 pieces of spam, for a total of 163 megabytes.

      You get much smaller spams than me...

      In 2002 my spam filter (which didn't come close to catching everything) caught 4546 spams for a total of 78 megabytes.

      My spam has noticably increased this year with more of it getting past my filter (which I think I've fixed now). My spam folder for March has 854 spams in it, for 18 megabytes. Multiplying those number by 12 is too scary to even contemplate.

      I use a seperate email address for

  • the anti-spam measures (Score:4, Funny)

    by jnana ( 519059 ) on Sunday April 27, 2003 @09:37PM (#5822167) Journal
    should be as effective as slashdot's anti-troll measures... **ducks**

  • Just like anti-virus... (Score:3, Interesting)

    by SpyderFan ( 654349 ) on Sunday April 27, 2003 @09:39PM (#5822184)
    Spam is not going to stop. It will continue despite laws and regulations which do not apply world-wide and are difficult or impossible to enforce.

    There will not be a "new" SMTP because the existing one is too well established.

    There have been many wonderful suggestions posted as previous stories and also as responses to previous stories. Many, perhaps most, of the great solutions require a critcal mass of people to adopt a technical solution at the server. None of those will happen.

    The best solution will be individuals or companies adopting products like Spam Sleuth [bluesquirrel.com] or Spam Sleuth Enterprise [bluesquirrel.com] which have a variety of detection methods including Bayesian (statistical analysis), EMail Stamps (shift cost to sender), Bouncing (trick the spammers), as well as the usual Whitelists, IP Blacklists, e-mail address Blacklists, etc.

    Just like computer viruses, those people who use the technical solutions will be immune, and those that don't will continue to suffer. The tools exist. Slogging through spam each day is a choice.

    • Spam is not going to stop. It will continue despite laws and regulations which do not apply world-wide and are difficult or impossible to enforce.

      Oh, I dunno. Fax SPAM was effectively stopped by law; is there any reason to believe that an effective Federal law won't work to at least reduce the volume?

      Larry Lessig's proposal for a law, which is actually being introduce by my own Representative, Zoe Lofgren, may very well reduce the flow

      I would like to see that law include provisions for going after comp

      • Don't get me wrong, I'm all for the laws. I just don't believe they will be effective at stopping the spammers.

        Let's pass the laws. If, or rather, when they don't stop the spam, let's turn to technological solutions.

        I hope I'm wrong. If the laws are sufficient, and enforcement is effective, e-mail will be better for it.

      • Oh, I dunno. Fax SPAM was effectively stopped by law;

        That's possible because it's easy to trace the sender of a fax message, and they were almost always sent from within the same country as you.

        Sadly with spam these two things are not true; spam is sent via forged addresses almost all the time, and even if you track down the true sending machine/user it's somebody in America or the far east - which wouldn't be covered by any law created over here in the UK.

        I'd be happy with spam if it was possible to

  • the money trail (Score:2, Interesting)

    by deus_X_machina ( 413485 )
    What makes no sense about spam is that it seems like the only people really making money off of it are the spammers themselves. It's a shame I don't have it on hand, but more than 75% of the services being offered according to one account, aren't even legit, the main exception being pornography websites. (I'm sure many of you will remember the article, and someone will respond to this with it).

    Case in point, what I'm wondering is, who are the companies funding spammers? Judging by the relativly low succ

  • Skimpy article. (Score:5, Interesting)

    by mrsam ( 12205 ) on Sunday April 27, 2003 @09:42PM (#5822207) Homepage
    This article does not really gives much of an overview on the history of spam wars. The article leaves out more stuff that it mentions. I couldn't find any references to:

    * Evolutionary progress from your garden-variety, run-of-the mill carpetbombing from the sender's ISP to hijacking of external mail relays, leading to most mail relays now being closed; to repeated gang-banging of every mail relay on the Internet, in the late '90s, that was running the completely fucked up Sun sendmail 8.6, which fails to record the sender's identity, turning it into a somewhat efficient anonymous spam forwarding service; to direct-from-dialup spamware that doesn't need mail relays and delivers directly to the recipients' mail servers; to spamware that scans and hijacks open proxies, and spam-forwarding trojan zombies that take over and infest Windows-based clients.

    * The rise, fall, and bankruptcy of Apex Global Information Systems, the first commercial attempt to make a business model out of providing dedicated spam connectivity; with Cyberpromo, Nancynet, Marynet, and Sallynet spam factories as their charter "customers".

    * The rise and fall of MAPS. The article makes out MAPS as the leading champions, but those in the know sadly know that MAPS is now a shadow of its former self.

    * The rise and fall of ORBS, and a gaggle of similar open relay blacklists that sprouted up to supplement and replace.

    * The rise, and hopefully the fall, of the trend where large backbones quietly agree to accept premium connectivity and hosting fees, in exchange for ignoring complaints about their spamming parasites, all the while flouting their supposed "anti-spam" Acceptable Usage Policies/Terms Of Service (documentation and proof available per request).

    * The rise of the trend where spam farms are set up in third world countries, whose hosts completely ignore spam complaints and are generally better resistent to spam blacklists, since they don't send much mail to the US.

    * The rise of SPEWS, as a partial response for a need for a successor to MAPS, and a surprising accept of SPEWS, which has an aggressive blacklisting policies, which flew in the face of conventional thinking that network providers will tremble with fear, run to hide in the nearest closet, and become completely paralized at a mere prospect of rejecting a single non-junk message.

    There's plenty more subject matter for anyone who really wants to provide an overview of spam wars. This article seems a bit skimpy on the facts...

    • This article does not really gives much of an overview on the history of spam wars. The article leaves out more stuff that it mentions.

      Yes, I thougt so, too.

      In the newsgroup news.admin.net-abuse.email [google.com] there's a good boilerplate respose that explains some of the history and the current status of blocklisting. The response is posted every now and then to answer someone new in the group who is blacklisted and does not grasp the methodology of blocklisting systems.

      Here's a Google Groups [google.com] link to it.

  • Several problems (Score:3, Informative)

    by ajs ( 35943 ) <{moc.sja} {ta} {sja}> on Sunday April 27, 2003 @09:47PM (#5822235) Homepage Journal
    First off, the article is WAY behind the times on anti-spam techniques. SpamAssassin's statistical techniques far outstrip the simplistic features discussed. For example, it mentions obfuscation techniques, and yet SA is known to detect almost all of them one way or another, and even when it doesn't it catches the mail because it's in Razor2, comes from a BLed site, has obviously forged bits, doesn't look like valid mail to Bayes, etc, etc, etc.

    Second, the article is also a bit naive on several points regarding blacklists. Many blacklists are good and useful, many are not. But taken as a whole, they present a spectrum of data that can be interpreted through a number of classical techniques that are applied to noisy data sources. Trusting any one BL or a small list is almost always a mistake, you need to build a sample set and determine who you trust and how much. SA does this, but it would be easy enough to build a BL-only SA-like tool for high-speed analysis on high volume ISPs and pipe-providers.

    I'm getting worried that the problem of spam erradication is starting to look like the most divisive problem the net has faced to date. There are an awful lot of angry people, and those pitchforks and torches are starting to point in some very "infrastructurish" directions. Articles like this one, really don't help much....

    • ...which is problematic for many users, as they don't have effective ways of regularly updating their systems.

      Of course, Debian GNU/Linux shines in this regard, and several of the RPM-based distros are starting to address the need, though IMO poorly.

      Windows users are SOL until someone decides to offer a service specifically of providing SpamAssassin updates. This tends to make the proxy solution more appealing, however it's the crucial last bit of fine-tuning of SA rules which is the golden touch, and

  • Random ideas (Score:1, Interesting)

    by Anonymous Coward
    This is an idea that ran through my head. There are likely flaws with it (I can think of a few) but, you know, the more ideas that get out there, the better.

    E-mail addresses are largely collected from web pages. It would be trivially easy for one person to set up a plain text web page that contains 10 MB of plain text bogus e-mail addresses, changed daily. But what if everyone did it? What if there were thousands of such pages (hundreds of thousands) on the web? Would it be possible to clog up spammer
    • Great idea! Sort of like this one from 1997? [wired.com] :^)
    • There are tools that do that already. Google for "webpoison" or "wpoison" and you'll find lots of them.

      But that doesn't really help. Spammers don't care if they have 500,000 garbage addresses in their list of 2 million, because they plan to use someone elses bandwidth when they send the mail, and they are giving false "From:" info so the bounces go to someone else. The undeliverables don't bother them at all.

  • Offtopic, but --

    My domain name is being forged in headers by a spammer or spammers. I'm now receiving literally hundreds of bounces a day, for a mix of streaming gay porn, something in Russian and "Teenage Sluts Blow Chunks!".

    What's the best response? Do I have any legal resource? Will this at least blow over eventually? Some research suggests the answers are deal with it, no and probably, but I'm curious to hear what anyone here has to suggest.

    • Yes, forging headers is fraud. You can sue based on damage to reputation and cost of processing the bounce messages. However, you will first need to determine who is sending the spam. To try to do that, you will have to do some research. If possible, obtain full headers for each type of email, so that you can see who is sending them. The other way you can determine identity is to follow the money. How is the spammer going to make a profit? Selling porn sites? Referrals? Just getting paid to send th
    • I do have the same problem, but these bounces are not reaching me as they are sent to all kinds of different mail addresses at my domain.
      I do note that most bounces come from Russian mailservers.

      I cut 95% of all spam by some simple rules. Things like refusing all mail from yahoo, looking up sender and relay IP addresses in China/Korea blocklists, and verifying that the sender address is mailable before accepting mail.
      The remainder is caught by Mozilla's Junk mail filter.
    • I recommend you visit this page [spamcon.org] where you can join the SueSpammers mailing list.

  • The idea of charging for spam has merit, but the fact that money is involved makes me quesy. Money is expensive to secure and there is no current model on the Net for microtransactions of a penny.

    My solution involves requiring the sender to perform one minute's worth of SETI@Home, protein folding, etc., from one of the distributed processing sites (DPS).

    With some thought, it probably wouldn't be too hard to implement in an initial small group and then start scaling it up. For example, a listserv could r
  • I'm surprised TMDA hasn't been mentioned yet. The Economist does note "challenge and response" systems, this seems the right answer to me.

    http://www.tmda.net/ seems quite good, check it out.
  • I've been trying to figure out how to set up evolution to work with spam assasin. I'm running debian unstable, so I can get pretty much whatever packages I need, but I'm not really sure where to start.

    Is anyone aware of any good guides or howtos, so I can RTFM (read the fine manual) and get this set up. I've been toying with just using Mozilla 1.3 w/ the built in baysean filtering, but I really kind of like the pim aspects of evolution. Thanks.
  • But a discordant note comes from the Pew Internet & American Life Project, which surveyed 2,500 Internet users, asking only about e-mail they receive at work. Half said they get no spam at all in their workplace accounts, and 71 percent reported no more than "a little."


    so that's 121%? cool.
  • The following article in The New York Times recently cought my attention: http://www.nytimes.com/2003/04/27/national/27JOBS . html?th=&pagewanted=print&position= Specifically, the last 2 paragraphs. To spare you the trouble of registering and scrolling down: it's a 56 years old woman laid off from Bayer in 2001, unable to find a job in 2 years. Guess what is she poised to do now... Try to plot those "spam volume surged from 10% to 40%" and Dow Jones charts together, - I don't think it's a coinciden
  • What about Junk mail I receive on a daily basis? I would say that 75% of my mail is junk mail. I don't see SPAM ever going to go away.
  • Years ago I got a offer from Madera International (symbol WOOD) and they said their stock was going to hit $1.20 per share at any time. This was very early in the spaming game and I wanted to find out how much people would fall for this. I called up my broker and asked how much to buy this fine stock. She said it would be $25 in fees and the smallest lot I could buy was something like 400 shares since their value was so low. Due to some miscommunication, she took this as a request to buy 400 shares. Si
  • The article mentions a few examples of different ways to try to shield against spam, but that doesn't help the ISP's who still have to deal with the mails coming in (and from angry customers who had legitimate email filtered out when the ISP did its own filtering). Plus all the time investment one must do to try to find a good filter, and keep updating it.

    Trying to attack the spammers themselves is futile. They'll just change ISP's, accounts, use foreign relays, etc. Also there is a growing trend of inn

  • By using CPU or monetary postage for unidentified users. Or the are "you human"? Bitmap techniques, you can essentially stop spam in it's tracks.

    The problem is implementing a new e-mail protocol that supports this.

    I personally realized this a while back when I started recieving porn spam on my yahoo messenger. By only accepting messages from my friends list, I was able to stop it. If someone I didn't know wanted to IM me they had to request that I add them (standard challenge and response). Since them

Slashdot Top Deals

"Your stupidity, Allen, is simply not up to par." -- Dave Mack (mack@inco.UUCP) "Yours is." -- Allen Gwinn (allen@sulaco.sigma.com), in alt.flame

Close