Following the Spam Trail

An anonymous reader writes "MSNBC's Bob Sullivan doggedly follows a spam trail from Alabama to Argentina to find out who actually benefits from spam. The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies."

Tea bagger

[mao che minh]

The reporter wrote this story as if he actually broke it.

MSNBC: we have known about the relationship between spam, lead generators, and legitimate businesses for years now. For example, when I filled out an add to enlarge my penis 3 years ago, I got all sorts of emails from GNC and other well known health and fitness companies.....oh wait, I mean, when I clicked on the "See Britney Nude XXX HOT Angelina J-Lo-XXX-HOT!" offer I got an ad from her record label and WareHouse Music in the mail. Yea, that's it.

FP

Get Spammed Thru An Anti-Spam Article!

[webguru4god]

If you look towards the bottom of the MSNBC page linked in the story, there is a form that allows you to submit your spam stories, which asks for your name, hometown, phone number and e-mail address. Now what does MSNBC need with that information, in relation to your experiences with spam? Seems fishy to me...

Re:Get Spammed Thru An Anti-Spam Article!

[aengblom]

Now what does MSNBC need with that information, in relation to your experiences with spam? Seems fishy to me...

Well, if they want to do a story on them, they might actually want to be able to CONTACT you. And let's hope that major news organizations require that people who report things to them are actually, REAL PEOPLE. Not just random e-mail addresses signed by Haha G. Ottcha

Re:Get Spammed Thru An Anti-Spam Article!

[dJCL]

I filled it out with a custom e-mail address, only ever entered on their site at that message. If I get any spam from that address, well we know where they stand from there... heh.

Pick up the phone.

[pontifier]

If you can nail down a domain that seems to profit, use the whois information and call them on the phone. I usually dont get spam after I have complained to a person. If the phone number is bogus you can report them at http://reports.internic.net/cgi/rpt_whois/rpt.cgi

Re:Pick up the phone.

[Yanna]

Notice how the guy that spams is in Argentina. First, I do not think that your calls will bother him more than they will cost you. Second, this guy is a real mercenary. This is his way of life.

I ran a little query and found that he actually registers his domains under the following address:

Entidad Registrante: Zonda Sistemas S.A.
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Fax: 4803-3824
Actividad Principal: Sistemas

Persona Responsable: Alberto Roberto Meyer
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Horarios Contacto: 10-18

Fecha de registracion: 20/01/2003
Entidad Administradora: Zonda Sistemas S.A.
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Fax: 4803-3824
Actividad Principal: Sistemas

Contacto Tecnico: Alberto Roberto Meyer
Direccion: Callao 1253
Ciudad: Buenos Aires
Codigo Postal: 1024
Pais: Argentina
Telefono: 4803-3824
Horario Contacto: 10-18
Fax: 4803-3824

Servidores de Nombre de Dominio
Servidor de Nombres Primario:
Nombre: ns.super-zonda.com
Direccion ip:

Servidor de Nombres Secundario:
Nombre: ns1.super-zonda.com
Direccion ip:

Tercer Servidor de Nombres:
Nombre: ns2.super-zonda.com
Direccion ip:

Cuarto Servidor de Nombres:
Nombre: ns3.super-zonda.com
Direccion ip:

Sorry that it is in Spanish, but the only way to find this guy is by running queries in nic.ar. Were you in a position where you could actually phone this criminals, you need to add +54 11 to the listed telephone numbers (54 being the country code for Argentina and 11 the city code for Buenos Aires).

Good luck!

Re:Pick up the phone.

[notfancy]

Don't bother calling. The number is disconnected. I just called (I'm in BA, so it's local) and the earnest recorded-message lady informed me of the fact.

I pity the poor soul that gets assigned that number.

Re:Pick up the phone.

[Yanna]

Do you think the address is still useful to send tokens of appreciation to these fine gentlemen?

English translation - Pick up the phone.

[MisterMoney]

Registrant Organization: Zonda Sistemas S.A..
Address: Callao 1253
City: Postal Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Fax: 4803-3824
Main Activity: Systems

Responsible Person: Alberto Meyer Robert
Address: Callao 1253
City: Postal Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824
Hour Contact: 10-18

Date of recording: 20/01/2003
Organization Administrator: Zonda Sistemas S.A..
Address: Callao 1253
City: Buenos Aires
Postal Code: 1024
Country: Argentina
Telephone: 4803-3824

Huh?

[MoeMoe]

What "well known" company offers penis pumps? Has Gates been up to more no good?

Re:Huh?

[Salgak1]

It's probably in Sweden. That's where they make the brand Austin Powers endorses. . . (g)

Re: Sort of

[justMichael]

You see, most of that stuff stuff is made in sunny Southern California... Swedish Erotica (A.K.A. Cal Exotics) is in Chino CA.

Re:Huh?

[tcopeland]

> the brand Austin Powers endorses

"I don't even know what this is! This sort of thing ain't my bag, baby!"

Re:Huh?

[AVee]

What "well known" company offers penis pumps? Has Gates been up to more no good?

Yeah, that's his other company, BigHard...

Statement of the obvious

[Gherald]

The beneficiaries aren't necessarily the pasty faced, high school drop out industrial spammers we have gotten to know, but well known companies.

Wow, like we hadn't figured that out already.

All commercial advertising, SPAM included, benefits companies.

Individual spammers are just pawns like their more respectable counterparts in the legitemate marketing industry.

Re:Statement of the obvious

[PhxBlue]

Well, yeah, we have already figured that out. But the article isn't for us, it's for the 85% or so of users who don't even know how to block spam or why they get any. I think Slashdotters take their computer literacy for granted sometimes. :)

but?

[chloroquine]

But what about us pasty faced social misfits? I mean, I deserve my slice of the pie as well.

This article is written for an ignorant audience. I'm an ignorant audience and its smug tone of condescension even pisses me off.

Re:but?

[LostCluster]

The fact is, "pasty faced social misfits" who send spam don't make a product. They need to either buy something from some supplier, or be feeding into some sort of lead generation program like the article lays out. So, something does ripple through the economy...

Obviously

[dragonfly_blue]

Someone must be benefitting if they can afford to make me this kind of offer.

Greetings,

We need a vendor who can offer immediate supply.

I'm offering $5,000 US dollars just for referring a vender which is (Actually RELIABLE in providing the below equipment) Contact details of vendor required, including name and phone #. If they turn out to be reliable in supplying the below equipment I'll immediately pay you $5,000. We prefer to work with vendor in the Boston/New York area.

1. The mind warper generation 4 Dimensional Warp Generator # 52 4350a series wrist watch with z80 or better memory adapter. If in stock the AMD Dimensional Warp Generator module containing the GRC79 induction motor, two I80200 warp stabilizers, 256GB of SRAM, and two Analog Devices isolinear modules, This unit also has a menu driven GUI accessible on the front panel XID display. All in 1 units would be great if reliable models are available

2. The special 23200 or Acme 5X24 series time transducing capacitor with built in temporal displacement. Needed with complete jumper/auxiliary system

3. A reliable crystal Ionizor with unlimited memory backup.

4. I will also pay for Schematics, layouts, and designs directly from the manufature which can be used to build this equipment from readily available parts.

If your vendor turns out to be reliable, I owe you $5,000.

Email his details to me at: info@federalfundingprogram.com

Please do not reply directly back to this email as it will only be bounced back to you.

Anyone else get this one? =P

Re:Obviously

[Arker]

Several times. I couldn't figure out what the scam was so I did some googling. Apparently the guy sending them out is a bit... different. He really seems to believe that some time-traveling bad-guys ruined his life and caused him health and other problems. He seems to believe there are actually many time-travellers on earth at the moment, and wants to get a machine so he can travel back in time and undo the horrid stuff they did to him as a child.

Numerous folk have corresponded with him and he's made the deal many times, but somehow the bad guys always seem to nab his seller at the last moment. Poor guy.

Re:Obviously

[gujo-odori]

I concur. I was working for an ISP at the time he started sending that stuff out. We saw hundreds of them, and at first we thought it was a troll to gather known-good addresses for future spamming.

The stuff kept showing up from time to time, and eventually, on a day when we didn't have much to do, we did some tracking ourselves. Like you, we found that the guy apparently really believes it. We even found a web site where someone had posted his communications with the guy.

I'm all for getting his Intern

Re:Obviously

[ncc74656]

Greetings,

We need a vendor who can offer immediate supply....

It's a wonder he didn't also spec an Illudium Q-36 Explosive Space Modulator while he was at it...

Re:Obviously

[Mustang Matt]

Here's mine... I was thinking it was revenge on the person at the email address listed in the parent post. I have to admit, I found it kind of humorous.

I got the one from the parent post as well.

>>>>>>>>>>
Hello,

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional warp generator stopped working. I trusted a company here by the name of LLC Lasers to repair my Generation 3 52 4350A watch unit, and they fled on me. I am going to need a new DWG unit, preferea

Re:Obviously

[terraformer]

I got one from him as well and he had posted a drop location for something and he gives a lat/long pair (see below). I geocoded it and the location is Woburn, MA on the corner of Willow and S Bedford streets. Now I live in Watertown Ma nearby and I was really tempted to go there an fuck with him. Unfortunately I did not have the time...

Subject: Dimensional Warp Generator Needed wyvid ecasoylxcu

Hello,

I'm a time traveler stuck here in 2003. Upon arriving here my dimensional warp generator stopped working

Re:Obviously

[Zeinfeld]

Someone must be benefitting if they can afford to make me this kind of offer.

There are a number of possibilities. The most likely one being that the guy is either a crank or a hacker with a wierd sense of humor.

Another possibility is that there is some form of steganographic message being broadcast. This could be a signaling mechanism used to provide deniable communications from an 'owned' computer. Alternatively it might well be a genuine request for some form of parts. If you wanted to buy parts for some form of illegal weapon you might use this type of cimmunication to tell a quartermaster what is required.

The advantage of using a message that appears to bee from a kook is that people tend not to take kooks seriously (unless they get elected to office but that is another matter). On the other hand if you are serious about anti-terrorism you listen to so many kooks that it becomes a warning sign. The type of people who stick a bomb in a litter bin outside a McDonalds tend to be whacko jobs.

Re:Obviously

[gmack]

Or you reply wondering what the guy is on and now all further communication has a "prior buisness relationship" .. I couldn't help but notice the address for more info was one of those financial sites on the email I got.

Re:Obviously

[kaltkalt]

I think the point is to get people who think they are clever to email him and act like they delivered the stuff and are now asking for payment (as he says to do). "Hope you got the unit okay, I'd now like my payment..." ... now he has your email address and will spam the fuck out of you. If that's not it, then I'd have to vote for some sort of steganographic message (note there are different versions of this email w/ different numbers/specs).

I know this guy

[flux4]

Oh yeah, I know him. A real wing nut. He was odd when I met him in 2007, and I must say he's even stranger now, er, then. Who would use an Acme 5X24 anyway? Those things are so unstable... kind of like he is, really.

what I want to know is....

[inode_buddha]

how many "middle men" are in the typical spam food chain, playing the percentages. Extra bonuses for network names, IP addys, hosting providers, etc. And also, why don't these large companies have the balls to just do it directly, themselves? /me thinks they are much like the Wizard of Oz, in this regard.

Re:what I want to know is....

[dJCL]

If the big business did it directly, you would have an easy target and could hit them pretty hard and fast to stop it. This way they have a large number of layers of seperation(deniability) available. As the one company in the article said, they canned the account of the person who spammed to get the lead, but that person was probably already signed up under 15 other names and loses accounts once or twice a week. But that company has deniability, and can claim they took action, knowing that it was worthless...

Re:what I want to know is....

[hackstraw]

If the big business did it directly, you would have an easy target and could hit them pretty hard and fast to stop it. This way they have a large number of layers of seperation(deniability) available. As the one company in the article said, they canned the account of the person who spammed to get the lead, but that person was probably already signed up under 15 other names and loses accounts once or twice a week. But that company has deniability, and can claim they took action, knowing that it was worthless...

Read that a couple times and think mafia, not spam.

A while back their was a poll on /. about who was the most powerful with multination corps being one of the choices. Hmm........

Who benefits from spam?

[Linux-based-robots]

The mystery is revealed. It is the The Hormel Food Company! [spam.com]

Re:Who benefits from spam?

[Gherald]

And their SPAM museum! [hormel.com]

Who benefits from spam?

[Omkar]

Hormel, or course. Free advertising.

But seriously, does anyone here actually think people will care enough to boycott these companies?

IC Marketing - InfoClear Marketing ?

[Thinko]

After IC Marketing received our data, it sold our information to a firm named Infoclear Marketing in Dallas, which then sold it to Mleads, which in turn sold it to Quicken, according to Newman.
Infoclear immediately terminated its contract with IC Marketing when it heard about the spam offense, said Patrick Thurmond, who identified himself as a founder of Infoclear.

Doesn't it sound a lot like InfoClear and IC (coincidence?) are actually the same company, but can appear to 'sever ties' whenever anyone anti-spam starts nosing around.. sounds like a nice setup to me, and the investigators won't implicate poor infoclear when tracing this back.
Just my $0.02.

Thinko

"I have challenged the entire quality assurance team to a bat'leth contest. They will not concern us again."

Re:IC Marketing - InfoClear Marketing ?

[Newtonian_p]

Good observation but why would they want to make it so obvious?

I mean, they could instead set up a front company named 'Starglass Inc.' and then set up IC Marketing as an affiliate.

That makes sense.

[Population]

Particularly when there is nothing stopping them from setting up another fake company and "selling" the leads to themselves again.

Infoclear terminates its relationship with IC and immediately starts another relationship with C Marketing.

When it is found out that C Marketing uses spam, C Marketing is dumped.

And a new relationship is formed with I Marketing.

lather
rinse
repeat

As long as companies like Quicken are willing to PAY for "leads", there will be a market.

Simply put, spam pays. It's easy money for

Backbones like spam? Whoa!

[SuperBanana]

What's that you say? Backbones don't police spam across their networks, spam that sucks up huge amounts of bandwidth, which they can charge people for? Whoa!

Next at 11, employees who are responsible for self-policing timecard policies are ripping off employers!

(seriously though- it's time we started taking major networks to task, like refusing to route packets coming from them, or refusing to send traffic to them. Watch how fast UUnet takes care of spammers, when customers find they suddenly can't get to sites. Pretty much the ONLY thing these days that separates backbones is how reliable they are- even a slight decrease in reliability, even just perceived or threatened, could have an astounding effect. Think of all the fuss SCO is causing to see the possibilities.)

From a related link.

[spumoni_fettuccini]

The spam dam [msnbc.com]Spam isn't that big a problem. A noisy, wired minority, the report said, has overexaggerated the spam jam-up. In fact, only 15 percent of workers surveyed say they have to deal with more than 50 e-mails a day. And nearly three-quarters said "only a little" of their work e-mail is spam.

How many Sysadmins are running spam filters to catch that crap so the end user never sees it?

Re:From a related link.

[realdpk]

Let's officially proclaim Monday No Spam Filter day, so people can better see the problem when they're most bitter - having to show up after a fun weekend to sit around in the office and delete spam!

fighting back

[gclef]

I'm becoming more and more convinced that the only effective way to fight back is to spam the spammers. Not via email, but via their customer databases. Take the example of from this article: the spammers get paid for every lead they generate. But, if just 1% of the people who got the spam went to the site and *lied* about their identity, and their interest, the value of the list containing their info would go down so much as to make it worthless. Even if .1% of the people did this, it would dramatically reduce the value of such customer lists. That's the only way to stop spam, from what I can see: make it no longer economically viable.

Re:fighting back

[rediguana]

Ah that will pale into insignificance when compared to the aging of the customer data already in the db. I did a Certificate in Direct Marketing (never used it in the end) 4-5 years ago, it was quite interesting. One of the points we were taught by our national DMA was that in a given year, approximately 25% of the customer records in a database will become outdated - I'm sure it is even higher in Internet time. The relevance to spammers is that they must continually be creating new databases to guard against obselete customer data.

Re:fighting back

[kramer2718]

Great post. Actually that was the first thing that I thought of when I read the article.

We could go one step further, though. We could write a mail filter that would statistically classify spam and then reply to it using fake information. Everyone has three or four addresses on Yahoo!, right?

I'm not exactly the best programmer, but I imagine starting with the source to spam-assassin or similar would be the way to go.

This could be huge. Of course, to really make a dent, we'd have to write a filt

Re:fighting back

[Sylver Dragon]

This is something I have been advocating for a while. Create a distributed app of some sort (think SETI@Home) which goes out and slowly fills these databases with real looking fake data. Its has to look real but be semi random, a couple of huge name lists which are used to randomly pick first, last, middle names etc. It would have to be updated occasionally to include new web locations for the forms, and to delete dead ones (possible have a central server which houses the lists). And expand the name list

Re:fighting back

[Monkelectric]

I had a similiar idea about the SCO problem. I was wondering if (the royal) we could all mail 1 letter a week to SCO.

The letters would be totally legit, requests for pricing information, comments on the situation, etc. It would be sort of a distributed DOS attack using the post office (I'm sure someone has done this before).

Use of FormFucker to spam spammers' web sites

[Huusker]

The only effective way to fight back is to spam the spammers. Not via email, but via their customer databases.

There is a utility called FormFucker [google.com] which spams web forms.

It analyzes the web form and then makes 1000s of submissions using realistic-looking but fake names, addresses, zip codes, telephone numbers, credit card numbers, etc.

Note that use of FF is very controversial, as many consider it fighting-abuse-with-abuse.

Re:Use of FormFucker to spam spammers' web sites

[gclef]

Very interesting. Thanks. I had thought about writing something like that for a while, but never got around to it.

I think one of the big problems with FormFucker, which I'm trying to avoid, is that it's really a vigilante justice system. For some reason, which I can't totally put my finger on, having lots of people fill out one order form each (but with all of them lying) just seems less abusive than one person flooding the site with orders...even if the total number of fake orders comes out the same.

I

Re:fighting back

[gclef]

You're right, but I'm not hoping for a 1% phony rate...I'm aiming much higher.

Basically, I'm counting on the real reply rate for spam being very low to begin with, so any measureable response by an annoyed populace will almost by default be at or near the real response rate. From what I've read so far, the real response rate for spam is on the order of 0.05% or so. They make money from volume, obviously. So, if 1% of the people who recive the spam respond falsely, that's a 200:1 ratio of bad:good data.

Re:fighting back

[robogun]

True... but if the guy has to sort for eight hours thru false data, that $20 doesn't look so good any more.

Plus, the mortgage company is going to get pissed off at all the false data the spammer is passing along, and probably fire the spammer for trying to get paid for faked leads.

The key is to generate really good fake data (i.e. area code matches state, zip matches city, and the numbers add up). Scripts exist for that. Simply stuffing the form with random characters, after turning off javascript won't d

1 percent phone reply rate would drown them

[GGardner]

If you could somehow get a 1 percent phone reply rate, the spammers would drown -- the current reply rates are something like 1 in 10,000. With a one percent bogus reply rate, there would be 100 bogus responses for every good one.

That could be effective, if the spamvertised product or service requires some human time or money to process. Mortgages, for example. If each mortage application that looks remotely serious takes 30 minutes of some human's time to process, a relatively low bogus reply rate co

MSNBC Got lots of people canned

[Cade144]

According to the story, it seems like MSNBC was responsible for the termination of at least three business relations between "Legitimate" companies and spammers.
If only more news outlets traced their spam the same way, it could put a dent in the demand for spam.

Who am I kidding? Those spammers, er "lead generators" will go right back to work, selling to anyone who will buy, no questions asked. As long as businesses will pay for personal information, there will be plenty of weasels to sell it to them.

I would be willing to donate money

[Mustang Matt]

I would put money into a cause that went after spammers that attack me in hopes of enforcing state laws and potentially winning a lawsuit against them.

Re:I would be willing to donate money

[Rob Riggs]

I would put money into a cause that went after spammers

You like pay taxes to fund the FTC and Justice department?!?

I benifitted from spam!

[andy666]

paying attention to the spam i got, i managed to get a great morgage on a house, marry a beautiful russian bride, and i pleasure her every night with my enlarged, viagra powered penis.

now, if only i could get some printer toner...

SPAM will end when...

[ansak]

The really telling remarks came in the final paragraph:

"The only thing that's going to make spam go away is if people do not respond," he said. "When e-mail first started, you could send out 50,000 e-mails a day and make money. Now you have to invest a lot of money and time, you get a return rate of less than one-tenth of one percent. One day it will become so you can't send enough to make any money. And that's the only thing that will stop spam."

0.1% and it's still profitable... sheesh! Won't it be nice when it becomes 1 part in a trillion and the race comes of age in e-mail usage.

and it's always about the money...ank

Re:SPAM will end when...

[Mike Van Pelt]

Spam will go away when no one responds...

... Or, when everyone responds, with bogus contact information, so that the spammer or whoever hopes to make money off of spam must follow up on thousands or millions of false leads in order to find the one bite from a real pigeon.

Downside, a few people spamming on behalf of "legitmate" companies will reap a windfall when they get to sell a whole lot of leads. But that will dry up quick when the companies paying for these leads find that the leads are all bogus.

The obvious solution to that downside...

[kevinatilusa]

Start your own "spam" company as part of the slashdot program to end spam. Solicit e-mail addresses from willing slashdotters who provide the desired false leads. You get both the benefit of bogus leads and the windfall from all the extra false leads

Re:SPAM will end when...

[gujo-odori]

Would you like to make spam drop off tremendously overnight?

The technology is there right now. All ISPs have to do is is block outbound port 25 TCP and the problem will almost vanish.

What makes it that easy is the economics of spam. Spammers are generally not paying for the resources they use, which is how they can make a profit even at their incredibly small success rates.

Consider the case of a spammer who uses a DSL or cable line to send spam. Assume a relatively expensive plan offering high bandwid

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:See, I told y'all

[PhxBlue]

. . .all that, and a chemical weapon disposal facility, too. That's the part that really makes me piss my grits.

Re:See, I told y'all

[barzok]

Yeah but most residents get confused and try to combine them. And leaving a "core dump" on a running computer isn't good.

The way out is through?

[rmarll]

Interesting, if what the article says about the 20 dollar fee is true. Perhaps we can end spam by answering it.

Facinating.

Re:The way out is through?

[Omega Hacker]

In selected cases, yes. Answering the loan spams would cause all the loan vendors to start looking a lot more closely at the lead rates they get, and probably start investigating why the rates suck for certain suppliers. That assumes of course that a given lead company is predominantly spam-generated or not.

Re:The way out is through?

[danila]

Even if they are not predominantly spam-generated, there is some layer, which gets most leads from spammers (but doesn't spam itself). Hopefully, this layer would stop paying spammers for the leads and quit the business... Doesn't sound likely, though...

ISP connections

[abhisarda]

"ISPS MAKE MONEY, TOO
An entirely separate set of companies also benefits from the spam economy -- Internet service providers who carry their traffic... In exchange, the ISP agrees to suffer more than normal complaint rates. In PSINet's contract, revealed on News.com, the firm received an upfront payment of $27,000 from Cajunnet, a marketing firm based in Slidell, La. In exchange, PSINet agreed to permit Cajunnet to send unsolicited email "in mass quantity" through PSINet's lines."

Maybe this might drum some sense into somethingawful.com's heads.

I made a comment 2 days earlier [slashdot.org] about this. If you do business with ISP's that work hand in glove with spammers, don't go around whining that SPEWS is the one to blame.

Mortage quota

[rf0]

Read the article about mortgage rates. Guess what a popup advertised? Yup mortgage rates

Fantastic

Rus

In the end it's the Consumers fault.

[Tailhook]

The story ends with the conclusion that the existence of spam is the consumers fault. The assertion is that if spam didn't generate responses and, in turn, revenue, these business interests wouldn't bother causing it to be created, however indirectly.

That logic is hard to argue with, but I have an additional way to fault the consumer. Why does the consumer continue to tolerate the open sewer that is contemporary email? It's not just spam. Millions of these sheeple have been infected with viruses sent via email. Spam and viruses, and a seaming endless ability to tolerate large quantities of both...

One would think that after enough of this crap occurred, consumers would eventually consider dealing with it. RTFA to discover that you can't count on ISPs to deal with it. They value spammers and the extra money they're willing to pay. RTFA to discover that respectable companies participate via a web of indirection and plausible deniability. The only thing we have is the end user. If the end user isn't willing to deal with the problem, no one will.

If the end user was willing to deal with the problem, then it becomes a simple matter. All that would be needed is a requirement that senders provide a verifiable signature in all messages, and easy to use white lists to remember the 'ok' parties. If the end user were willing to a.) obtain a cert that allows them to sign and b.) tolerate the need to not blindly open mail that hadn't been placed on their white-list previously, spam would not exist.

The key here is the end user. Until they come around spam is inevitable.

Re:In the end it's the Consumers fault.

[CycleMan]

When I can convince my grandmother to establish a challenge-response system on her AOL account, I'll consider blaming stubborn end-users.

Fortunately, she hasn't purchased any penis pumps or Russian brides yet. It can't just be the consumer solving this problem any more than we can ask every human to go certify organic farms or kosher sausage factories. It's a question of time, a question of costs to benefits, and with verifiable signatures, a question of creating a binding international law that would ha

Re:In the end it's the Consumers fault.

[Tailhook]

When I can convince my grandmother to establish a challenge-response system on her AOL account

Do you suppose AOL wouldn't be happy to establish it for her for a small fee? All that's left now is for your grandmother to ask for it. That's where you come in...

It can't just be the consumer solving this problem

Actually, it has to be. All other interests involved would very much like to either a.) send you spam, or b.) sell the means for spam to be sent to you. This includes your ISP, and your bought-

No spam no spam

[Brian Kendig]

I don't see what the problem is. I don't get spam any more.

Now, granted, I run my own mail server: Exim, attached to SpamAssassin via SA-Exim. And this combination is highly effective. I have it set up to be more aggressive than most people would want their spam filter to be; if an incoming message even *smells* like spam, my server refuses to accept it and instead gives a failure message with an alternate non-filtered address to use if the email wasn't actually spam. In a year of running it, it's rejected 100 spams per day on average, with only one known false positive in the entire year (it was someone forwarding a spam to me). And if a spam is sent to one of the addresses which I haven't used for years, then I perform the added courtesy of tarpitting the spammer.

But there are a lot of tactics that an ISP's mail server can use to cut down on a huge amount of spam without risking false positives. Check the mail against Razor and the other services which keep track of mass-mailings which have been reported as spam, for example. Refuse mail from a server which pipelines its SMTP commands then drops its connection without waiting for a response. Verify that the sending mail server's address actually can be resolved.

ISP's could go a long way towards making spam much less of an annoyance if they'd just use software to filter out the obvious spams. Hook the mail server up to SpamAssassin, set the threshold high enough to avoid false positives.

Re:No spam no spam

[realdpk]

I do not want my ISP deciding what is and what isn't spam for me. Others may be comfortable with that however. At most, ISPs could offer it as an option.

Re:No spam no spam

[big-magic]

Most service providers that have anti-spam software will allow you to turn it off.

But I think the real advance will come when service providers give individualized Bayesian filter to each customer. That way, each customer can decide what is spam to them. Of course, that's a lot of data to keep track of when you have a lot of customers. But I think it is doable. The downside is that during the training process, the customer would need to use a web based client rather than your IMAP/POP client in order t

Re:No spam no spam

[realdpk]

I think it's possible, too. And ya know, I think if there's a way to offload some of that processing to the user's PC somehow, I think they'd be willing to do it. I know the ideal is to have spam cost the end-user zero (in terms of cost and resources), but if they have to do some text processing to see no spam, I think they'll be fine with it.

Microsoft & others want to spam too - legally

[leoaugust]

as this was a a mortage related spam - aka respectable spam - as opposed to the unrespectable spam like "enlarge ..." spam, it is not too off track to show how the big corporations are lobbying for the ability to send spam directly rather than thru these layers ...

It is also very interesting that the big companies like Microsoft are paying lobbyists for laws that shall allow them to send spam, on the pretext that if only their spam is identified as spam it is no longer spam. I might give my email id to a Microsoft division, and then without my permission it is available to all the divisions of microsoft - even if I have no interest in all their products save one for which I gave my email - so isn't all the unrelated email they send me now spam ???

What the big companies want to do is to send spam themselves, but prevent others from sending it. All knowing that spam is dirt cheap tool for sales, but there is only so much spam a consumer can take before the backlash hurts all spammers ...

it is pure and simple application of game theory - when it becomes lucrative enough for the politicians, they will step into it too ...

The only real solution

[mabu]

People still don't get it....

No new spam laws are needed to stop spam.

99.9% of the spam on the Internet already is illegal and many cases criminal, involving the theft of computer resources and bandwidth, mail relay hijacking, forged headers, etc.

The problem is the Feds won't enforce the existing laws on the books. Unless there is X amount of damage involved to a specific politically-connected corporation, they turn the other cheek.

People need to ask their local District Attorney to start prosecuting t

Fight spam by replying to it?

[owlmon]

The article describes how "affiliates" get paid for supplying information gleaned from people who respond to spam e-mails.

This suggests that the economics of spamming could be disrupted rather easily if large numbers of folks would helpfully supply the information that the spammers seek.

Think about it. What would happen if every time a slashdotter got a spam, he responded with all the personal information (randomized, of course) that the spammer requested? The article used the example of a web form that the spamee was invited to fill in with his mortgage information.

A perl script could generate a lot of fills to the web form in a short period of time.

In the short term, affiliates would make extra money by selling truckloads of (phony) personal information. But within a few monthes, the large companies that pay for that information would wise up. That's when the spam economy would start to suffer.

This strategy is only interesting to those of us that have good spam filters in place. I'm getting very good results with bogofilter now. I believe that I could "survive" the major spam wave that would result if I employed this strategy. But this strategy would be a lot more effective if I had some company.

Suprise... err ... no

[BelugaParty]

In advertising there are divisions much like the white red black hats of hackers. Often times a company will submit a block of money to an advertising group, which will then employ dozens of different strategies. Often times, these techniques are not follow known or endorsed by the sponsoring company.
Take for instance when IBM launched a "edgy" campaign where peace signs were spray painted on the sidewalks of SanFran. Or some TV show that quietly advertised by sending a non-existant football team to v

MSNBC Spam article asks for email address

[Anonymous Coward]

Anyone find it funny that the article asks: "How does unsolicited commercial e-mail affect you?" and then prompts for your email address?

Incredible Market Efficiency

[tabdelgawad]

"Four days later, four companies sent us an e-mail indicating they knew we were looking for a new mortgage". Four days!! With the myriad layers of 'affiliates', 'lead generators', and 'spammers' operating in legally grey areas and distributed all over the world, it's amazing that it takes only this long to get a response. I mean, sometimes it takes longer to get a response from legitimate online tech support!

The article opens by saying "There wouldn't be spam if there wasn't money in spam". Truer words were never uttered. And there wouldn't be money in spam if consumer demand didn't exist. All 'solutions' to the spam problem that fail to take this 'demand' problem into account are, IMO, doomed to failure.

Re:Incredible Market Efficiency

[Rob Riggs]

All 'solutions' to the spam problem that fail to take this 'demand' problem into account are, IMO, doomed to failure.

Court mandated rehab!

1. Patent SPAM Rehab business model
2. Convince administration to declare "War on SPAM"
3. Convince Congress to require SPAM Rehab(tm) (patent pending) for repeat users
4. Open SPAM Rehab Centers (including a few exclusive celebrity resorts)
5. Profit!

Amusing ad in the article

[swordgeek]

Don't know if the ads are static or dynamic, but the one I got, in the middle of an article about sleazy tactics and spammers, was a "CLICK HERE TO ENTER THE GREEN CARD LOTTERY!!!!!"

Heh.

Sneakemail.com

[KevinMS]

This is why Sneakemail [sneakemail.com] was created over 3 years ago. You can easily bust whoever benefits from your stolen/sold email address no matter how far down the chain it goes. For those who don't know Sneakemail was the first disposable email address service which was designed both for keeping your address clean and tracking those selling your address. Sneakemail got a mention in this months MIT Technology review magazine.

The Other Solution

[renard]

The article ends with the following conclusion (courtesy of an anonymous "small time" Spammer):

The only thing that's going to make spam go away is if people do not respond.

But that's not actually the case. As the article demonstrates, the companies making money off of spam are big, legitimate companies - companies that can be sued, or subpoenaed, or fined for their support of the Spam economy.

What should happen is that the companies that are ultimately hiring the spammers - Ameriquest, Quicken Loan

Money for everybody!

[Barryo_Stereo]

The article points out how ISPs will ignore their rules when the spammers slip them a little extra cash. And then, at the head of the Slashdot list of comments, the most violently anti-Microsoft site I know has: a Microsoft ad!

Filters and blocks will never work

[swordgeek]

Every time I read an article about spam, I see a bunch of people promoting the spam filters on their system, or their ISP, or some other way of dealing with spam at the destination.

The only way to deal with spam is at the source. The only way to stop spammers is to keep them from sending their shite in the first place. As soon as it leaves their computer, it becomes an arms race--we get better filters, they figure out a new way around them, we tweak our filters again. Eventually the entire email system worldwide becomes one big armed camp, and that's BAD! Worse yet, I see people proposing we go straight to that end right now, as a solution.

We have to stop spammers from being able to spam, not stop the spam from reaching us.

MSNBC ignores Microsoft spamming

[sfjoe]

Noticeably absent is any mention of Microsoft's support of spam, including their spammer-for-hire subsidiary, bCentral.com .
Listbuilder is one of the worst at harvesting email addresses from any source they can get their hands on.

Spam, the Mob, and RICO

[gbulmash]

A number of years ago, back when Sanford Wallace was still the self-proclaimed spam king, I did a little detective work... locating his mother's phone number.

I'd started building an anti-spam site (I was going to call it "Spamintology") and I was planning to launch it with the number up front, suggesting that people call her to tell her what a bad boy her son was.

But I didn't. Because after the visions of glory, I had visions of my own mother's phone ringing off the hook as spammers called her to complain about me. And that's when I cancelled my plans for the site.

These spammers are often criminals, and always scumbags. If you really start to hurt them, hit them where they live, you risk them trying to hurt you back. That's why I decided to abandon my crusade, because I wasn't so altruistic as to put myself and my family in the line of virtual fire for the sake of zinging Spamford.

Some spam will be stopped by current anti-spam laws under proposal, but the only way to truly stop spam is going to be to take it out of the hands of the FTC and put it into the hands of the FBI. Spam will slow when we see spammers on the evening news, walking into federal courthouses to defend themselves against RICO charges like John Gotti.

If we put together an FBI Anti-Spam unit on par with the FBI's Organized Crime unit at its height, we'd see spam decrease and the nightly news would be entertaining again... for a while.

- Greg

Re:Pot... meet Kettle...

[ncc74656]

Great, we get a bunch of moralizing from a bunch of jackasses who allow FUI banner ads on their site.

Banner ads? I didn't see any banner ads [taz.net.au]...

Re:

[Arker]

- Is there no legal way to stop ISP's from doing that ?

No, and it would be dangerous if there were.

The inhibiting factor for most is simply the risk of being blackholed by the rest of us if they do.

Sadly there are a few that have such a huge chunk of the net under their thumb they are basically immune to this threat. I think that's the number two contributor to the spam problem (number one being fools that buy from spamvertisers.)

Well, kind of...

[Dimensio]

SPEWS can be used to pressure spam-friendly ISPs into dropping their spamming customers. It's perfectly legal, but then you'll get a bunch of whiners who think that they shouldn't be blocked just for giving money to an outfit that they know is run by criminals.

Re:Well, kind of...

[canajin56]

SPEWS is the crap. There is no oversight, and there are a lot of compalints of the admins, who are completely anonymous, adding entire ISPs to the blacklist just because they don't like somebody who uses that ISP.

Spamhaus SBL is a better list, IMHO, because there is oversight, and they confirm that the ISP is aware, and has chosen not to do anything about it.

Re:Well, kind of...

[Dimensio]

and there are a lot of compalints of the admins, who are completely anonymous, adding entire ISPs to the blacklist just because they don't like somebody who uses that ISP.

Given that the admins are anonymous, how could you know who they like and who they do not like? Also, do you have any evidence of such abuses?

If such abuses occured within SPEWS, ISPs would cease to use SPEWS. That is the "oversight" within the system -- if it becomes unreliable, becomes a means of 'punishing' people over petty vindic

Re:Well, kind of...

[CustomDesigned]

I know of companies where the *only* available ISP (other than dialup) is spam-friendly. To run a business, you have to have broadband (such is the new millenium), and they have you over a barrel. For one company in Tulsa with this situation, we tried getting two 56K dialup accounts and trying to distribute the traffic. It wasn't very satisfactory. The dialup accounts disconnect every 6 hours or so regardless of traffic.

These ISPs are rightly listed by SPEWS - but have a monopoly. (No, satellite is n

Re:Well, kind of...

[Dimensio]

That is an unfortunate situation. Perhaps you should bring this up to your ISP and ask if there is anything that they can do about it -- such as killing the spammer sites.

Re:SPEWS and SomethingAwful

[LordKaT]

Hasn't this been played TO DEATH on fark?

Oh well, I'll bite.

1. SPEWS doesn't block anyone. The ISP's do.
2. SPEWS only adds one IP. When the spam-friendly ISP/Host changes the spammers IP, the block of IPs gets larger.
3. SomethingAwefuls visitors are not exactly the ... brightest ... people on the planet. You're not going to get into a debate so much as an argument.
4. SA and it's members often encourage one another to flood the mentioned websites with crap, pages of text, and a general amount of spamming.
5. While I

Re:SPEWS and SomethingAwful

[AndroidCat]

Add this one: 9. news.admin.net-abuse.* is not SPEWS.

Re:SPEWS and SomethingAwful

[XSforMe]

I think this is a problem more to be blamed on clueless sys-admins than organizations like SPEWs. Remember, it is the sys admin, not the the black hole who is choosing to accept the message.

People who filter based on spews and others alike basically don't care about getting a 1%-10% of false positives. To an individual that might be cool, but try setting up that policy in your workplace server.

I have my filters based on spamhaus, blitzed and dsbl. The analysis [slashdot.org], done by sgifford [slashdot.org] was a real eye opener. I r

Re:Spam solution

[(void*)]

Your solution, while admirable, will not work because of FAKE SPAM. For example, some random luser might FAKE a post from M$, getting M$ into trouble. You aren't stopping spam, you're changing the nature of it.

Thinking further for you, you could amend your proposed law so that only verifiable spam that can be traced back to these companies will be fined. Then I would say that these companies who desire to advertise spam, will find an open SMTP server somewhere to send spam anonymously, even in the face of

Re:Spam solution

[1u3hr]

Your solution, while admirable, will not work because of FAKE SPAM. For example, some random luser might FAKE a post from M$, getting M$ into trouble.

MS could undoubtedly defend itself, most likely by finding the real source, and he would be in very deep shit -- aside from spam penalties, stuff like forgery, and civil suits from MS. In any case, as no one could make money from spam, or supplying spam services, it would disappear in those regions where the law was enforced. You'd still get some random stu

Re:Face it, its here for good..

[rt swank]

I forgot to mention.. Everyone thinks spam is so aweful yet they have no idea how horrid anti spammers can be as well. Antis will resort to even illegal ways to attack spammers adn even legit optin mailers.