Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Spam

Spam Bits 239

Let's mush a few things together into a nice pink rectangular solid: ipandithurts writes "The FTC Chair Timothy Muris doubts the ability of the "CAN SPAM" law to stop SPAM." ElementCDN writes "The Ottawa Citizen has a story on Bernard Balan the King of Spam. Bernard has closed up shop and moved to cottage country near Huntsville, Ontario." CactusMan writes "CTV (among others) is reporting that a Ontario trio has been named in a suit filed by Yahoo under the new CAN-SPAM legislation. Yahoo is claiming that the father and two sons were 'responsible for sending millions of unsolicited messages to users of the company's e-mail service.'" ilsa writes "According to this AP article, as much as 19% of e-mail sent by commercial entities never reaches its destination. 'Promotions and greeting cards were the types of messages most likely to disappear, the study found.' Although this study may have been intended to be alarming, forgive me for thinking this may not be a bad thing." Reader chrisbtoo responds to an earlier spam story: "In today's story about Spam solutions, monstroyer challenged people to crack the Spam Interceptor Captcha. Turns out it was pretty easy." Finally, we can't fail to mention an attempt at making the world's largest spam musubi.
This discussion has been archived. No new comments can be posted.

Spam Bits

Comments Filter:
  • by neiffer ( 698776 ) on Friday March 12, 2004 @04:07PM (#8546290) Homepage
    I run a small publishing firm that relies on email to sent updates to our materials. Every email we send to customers has at least 10% bounce (sometimes as high as 30%); many of which worked a week before or a week after. However, I think the 19% number mimics my personal mail as well: messages allll the time get lost in the shuffle!!

    • If your customers are that valuable in their purchasing habits...why not simply direct them to a web site to pull the information? Then you can stop emailing people and they will read your web site if you are truely competative. For the most part, this avoid 19% loss -> 0% loss.

      I think nobody should be using the email protocol for commercial purposes. It's just so much push technology that is waste and bog. "on demand" seems to be much more suitable for volume.

      When people sign up "to get periodic u
    • Have you automated the process of removing addresses from the list after consecutive bounces?

      This would make it easy to eliminate the false addresses, those people who signed up but later changed their minds, and those who were unfortunate enough to have been "pranked" onto the list.

      Also, an initial form email requesting confirmation of the subscription is a good policy, and it eliminates the problem of "pranked" subscriptions.

  • by Faust7 ( 314817 ) on Friday March 12, 2004 @04:07PM (#8546292) Homepage
    e-mail recipients risk losing newsletters and promotions they've requested.

    Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord? Don't answer that.
    • have you not noticed the size of the fonts and boxes you have to check off (which are checked by default, for your convenience), to prevent a subscriber website from sending you updates and promotions and whathaveyou?
    • by IO ERROR ( 128968 ) <error.ioerror@us> on Friday March 12, 2004 @04:14PM (#8546373) Homepage Journal
      The truth is, SOMEBODY is buying penis enlargers and breast kits, otherwise nobody would bother sending out such spam in the first place.
      • by schon ( 31600 ) on Friday March 12, 2004 @04:24PM (#8546496)
        SOMEBODY is buying penis enlargers and breast kits, otherwise nobody would bother sending out such spam in the first place.

        OB Simpsons quote:

        "That's specious reasoning, dad. That's like saying that this rock keeps tigers away."

        "Really? How does it work?"

        "It doesn't! It's just a rock! But you don't see any tigers around do you?"

        -----
        Even if nobody buys it, spam will still exist, because spammers think exactly like you do..
        • Even if nobody buys it, spam will still exist, because spammers think exactly like you do..

          Believe it or not, it DOES cost some small amount of money to send spam. Or promotional email. Or marketing communications. Or whatever you want to call it. The amount may be negligible, but nobody's going to spend money for zero return. The truth is, some people DO respond to spam, in sufficient numbers to make it profitable for the spammers. If they didn't, there would be no reason to send spam.

          • nobody's going to spend money for zero return.

            Which is entirely beside the point.

            The point is even with zero return, people will still spend money if they think the return will be non-zero.

            And you know why they'll think that spam has positive return? because they see spam, and reason 'the other guys wouldn't be doing it if it wasn't making them money.'
        • Even if nobody buys it, spam will still exist, because spammers think exactly like you do..

          it's not a question of spammers thinking exactly that way, it's just reality: in a given population of of hundreds of thousands or millions of recepients, there will *always* be a couple of idiots who buy the product. Stupid people are a fact of life.
      • True, and it only takes one or two people purchasing the product to pay for a spam mailing of a million mails. Spam exists because it is cost effective. Spam will go away when it is no longer cost effective.
      • I thought they were sending those notes to harvest emails. At least thats what the guys on The Screensavers said. Leo wouldn't lie, would he??
      • Either that or some body is paying people to spam flood the net in hopes that there will be regulation and monitoring of email, and possibly an opportunity to create a newer, lucrative, replacement to the smtp protocol.

        I know that's more than a little paranoid, but the high number of "charge for every email", "pay for a certificate", and "provide a list of all of your users including realname" proposals that have been floated this year looks more than a little suspicious.

    • Comment removed (Score:5, Informative)

      by account_deleted ( 4530225 ) on Friday March 12, 2004 @04:16PM (#8546391)
      Comment removed based on user account deletion
      • The way I do it, which does not involve setting up my own email server, is to register a personal domain name with a provider that supports email aliasing/forwarding so that I can still use my isp email account with the benefit of whitelisting good guys and blocking the bad ones by looking at the to: header. The only downside of course is that it takes a bit of time (10 ~ 20mins) before a new fowarding account is created and I am only limited to 99 aliases with my current domain name provider.
        • The only downside of course is that it takes a bit of time (10 ~ 20mins) before a new forwarding account is created and I am only limited to 99 aliases with my current domain name provider.

          Get a domain host that provides a "catchall" account, that collects everything sent to your domain that isn't for an explicitly created address (account).

          Collect messages for the catchall account with your email client. (Or forward them -- my deal with my host, hostica.com, provides a catchall but only one POP account,
      • http://www.sneakemail.com

        Then there's Spam Gourmet, which lets you set up an auto-expiring disposable address to use for those "confirmation" emails.
    • by Phroggy ( 441 ) * <slashdot3NO@SPAMphroggy.com> on Friday March 12, 2004 @04:26PM (#8546519) Homepage
      Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord? Don't answer that.

      Each time I sign up for something with a particular company or organization, I create a new e-mail address at my domain, and give them that. That way, if I start receiving spam at that address, I know who sold my address.

      What I've found over the few years I've been doing this surprised me a little. The results: legitimate companies do not sell my e-mail address. Never. None of them. There have been times when an e-mail address has gotten listed on a web page in cleartext (e.g. on an eBay auction page) and those get spam because spammers harvest addresses (I believe eBay has stoopped listing e-mail addresses for this reason). The address I actually use as my return address when sending mail to friends gets spam all the time. Once an address is harvested from somewhere, I'm sure it gets sold on CD-ROM or whatever. But the addresses I create for companies and organizations to use (I've got about a hundred of them) simply do not get spam.
      • Then you've never signed up for Mileage Plus with those shitfucks at United Airlines. United Airlines apparently thinks their customers (or former customers in my case) are interested in the usual assortment of penis-enhancing/mortgage/porn garbage peddled by lowlife spammers. As a test, I kept changing the user part of the email address I am registered at United with, and sure enough, a few weeks later it starts getting spam (and subsequently forwarded to uce@ftc.gov and silently dropped from my server).

      • Same here, separate address for every untrusted recipient. For the most part all of them kept the address private, with the following exceptions:

        Philips was the worst -- I sent one email to their published tech support address concerning a problem with their sound card in Windows 2000, and within hours started getting spam. Never got any reply from Philips either. That earned them an eternal boycott from me.

      • The results: legitimate companies do not sell my e-mail address. Never. None of them.

        Should be no surprise.
        Legitimate companies do not want to annoy their customers (or anyone else they do business with).
        Legitimate companies consider their customer list to be company-confidential, a very valuable asset. They do not want this information to fall into the hands of their competition.
        Legitimate companies would be wise to be extremely cautious about outsourcing anything that uses their customer list. A secret
        • Actually they do. When they sell the whole business!
          Count on it being mentioned explicitly in the contract of sale.


          I haven't had a problem with this, so either the companies I do business with aren't getting bought out, or the companies buying them out are also respectable and also do not sell my e-mail address.
    • by pla ( 258480 ) on Friday March 12, 2004 @04:33PM (#8546592) Journal
      Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord? Don't answer that.

      I've answered you not because I disagree, but to add a bit to your point.

      You have pointed out what I consider a major flaw in most companies' marketing strategy; namely, assuming I want to know about product updates.

      When I want a new product, I search for it on the web. I read a number of independant reviews to find the "best" product to meet my needs, then I use a few price search engines to find the best price on that product, then I buy it from the cheapest place that doesn't have half its users complaining about their service.

      So, now, marketing gurus, take note of that process. Notice where mass mailings from your company fit in? Bingo, they do not. Not even a little. In fact, if I find your mass mailings just a tad too spam-like (or if I EVER notice you've sold my address, which I can tell since I use disposeable email addresses), you can guarantee that I will never buy from you again, even if you do have the best price, and will also warn anyone that asks my advice (which for the typical geek means "almost everyone they know") to avoid you as well.

      So, my suggestions...

      1) Stop bothering us with mail, immediately. You waste your time, our time, bandwidth, and may well incur our "squirrely wrath".

      2) List yourself on every price search engine you can find. At the very least, list yourself in Pricegrabber, NexTag, and shopper.com. And If you sell PC hardware and don't list through Pricewatch, consider yourself as good as nonexistant to me. Seriously, if any marketing folks read this and only remember one point, re-read this one. List with price search sites, or vanish.

      3) Don't piss off your customers. If you list a product at a given price, you'd better actually have it, and have it for the listed price (or better, I won't fault any company for that). If you make me wait an obscenely long time to get it, I will cancel my order after the third day it doesn't ship. If you give me the runaround because I don't want your crappy accessories and extended warranties, not only will I cancel my order, I will report you for bait-and-switch; additionally, if you ship via US mail, you commit felony mail fraud (which I will also report you for) by taking longer than two weeks to ship (regardless of whether or not you try to avoid this by some cheesy "6 to 8 weeks" disclaimer). Overall though, if you run a legit operation, none of that will apply. Just list what you have, honor your prices, and don't treat your customers like sheep (even though most of them probably act like it, and will buy anything you tell them to, enough people will get pissed to provide plenty of negative feedback for me to find).
      • to add a bit.
        1) Mass mailings are stupid. Repeated mass mailings are real stupid. You're making your valuable customer list available to your competitors. Real cheap. Your former customers will be more interested in what your competitors have to say than what you have to say.
        3) Don't piss off your customers. Repeat. This is a fundamental rule of business.

        As noted elsewhere in this thread Legitimate companies do not sell my e-mail address. Never. None of them.
        An immediate correlary is that any company that
    • Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord?

      I subscribe to a few mailing lists and promotional emails that fall within my interests. From receiving online coupons by the local grocery chain, news about my local sports team (go Sens go!), TechTV newsletters, weekly recipes sent from Kraft Canada, etc...

      There are plenty of mailing lists and promotional emails that do interest me, and I have no problems receiving

    • Who with an ounce of sense would request any sort of e-mail promotion, given the tendency those things have to multiply of those accord? Don't answer that.


      I do, when they're giving me coupons for things I'm going to buy anyway, but having used the same email address for a bajillion years, I'm not especially concerned about *more* spam (if they try to sell my address, seems likely any given buyer will say "rats, already got that one...")

      I do tag each address so I'll know who violated their privacy agree
  • CAN Spam stupid (Score:4, Insightful)

    by broothal ( 186066 ) <christian@fabel.dk> on Friday March 12, 2004 @04:09PM (#8546306) Homepage Journal
    I hang out in various anti-spam communities (news.admin.net-abuse.email and some IRC channesl) and most of us (tinu) agrees that (I) Can Spam is pretty clueless. Now, I'd like to hear comments from someone who's not an anti-spam zealot. Is there anyone who thinks Can Spam is worth the paper it's written on? (Anyone not associated with Direct Marketing).
    • > Is there anyone who thinks Can Spam is worth the paper it's written on? (Anyone not associated with Direct Marketing).

      Costs a lot to print all those congressional records, run off memos and copies, etc :^)

      Seriously, yes. I don't care for how it pre-empted state law, but neither was I itching for a situation where some redneck southern state decides to label any indecent email as spam and then reach out long-arm style and put people in jail for it. There's some upsides to federal communications laws
    • CAN-SPAM isn't all bad. It's given me another filter to put into SpamAssassin.

      "CAN-SPAM compliant?" Suuure. Bit-bucket time.
  • by attaboy ( 689931 ) * on Friday March 12, 2004 @04:10PM (#8546322)

    The AP/ReturnPath story is interesting, in that the actual number of messages that never see their intended recipients is probably even higher than 19%.

    The study was based on a snapshot of messages sent by 100 Return Path customers. Return Path set up test mailboxes with 18 major Internet service providers and monitored about one-fourth of the 120,000 marketing campaigns from those customers.

    This wouldn't even begin to account for the number of messages filtered by larger companies, universities, and other entities that maintain their own spam-filtering and spam-blocking systems. It also wouldn't account for the growing number of individual end-users who are installing and using commercial or free spam-blocking software on their local machines. Anti-spam software isn't just for geeks anymore. According to download.com, the top 25 results for a search on "anti-spam" have been downloaded 2,493,051 times, in aggregate.

    Well isn't that a good thing?

    If you are an end user, and missing a message doesn't matter that much to you, then no. If you are a company using E-mail to communicate with your customers, but you aren't sending anything critical, then no.

    If you miss the electronic notification from your bank, credit-card, or student loan company that your last payment is late, or the notification from your airline that your flight was cancelled, then it does matter.

    And if your one of the,"oh, it can't be more than five or ten", companies in the world that is using E-mail as part of your business processes, whether for sales, marketing, customer service, CRM, purchase or account notifications, etc... well then, hell yeah it matters.

    Things are probably going to get worse before they get better, but E-mail for business has so much potential that I can't but hope that we will solve this problem.

    • by tanguyr ( 468371 ) <tanguyr+slashdot@gmail.com> on Friday March 12, 2004 @04:21PM (#8546446) Homepage
      And if your one of the,"oh, it can't be more than five or ten", companies in the world that is using E-mail as part of your business processes, whether for sales, marketing, customer service, CRM, purchase or account notifications, etc... well then, hell yeah it matters.

      Well, if you are using e-mail as a *critical* part of your business process then you must have a back up plan: like it or not e-mails get lost, there is no guaranteed delivery (e-fedEx?) ,no standardized way of handling return receipts, not to mention the whole grey area of whether emails represent legally binding documents. Check out those disclaimers in your inbox. Any e-commerce site sends you email notifications on your order's status, but they're also available on your account page - ssl encrypted, password authenticated. And you can call customer support for the same info. /t
  • by Anonymous Coward on Friday March 12, 2004 @04:11PM (#8546334)
    No entry found for rectagonal.
    Did you mean octagonal?

  • by FattMattP ( 86246 ) on Friday March 12, 2004 @04:12PM (#8546338) Homepage
    ...has closed up shop and moved to cottage country near Huntsville, Ontario
    Come on boys! Saddle up and let's ride on to Huntsville! Don't forget the noose and yer rifle! Yeehaa!
  • by lavalyn ( 649886 ) on Friday March 12, 2004 @04:12PM (#8546347) Homepage Journal
    So we have a name, of Bernard Balan, and it looks like he's living in the Muskoka regions of Ontario, Canada. How long before he gets Ralskyed?

    And shame on the Ottawa Citizen for even trying to portray a bandwidth/storage space thief in a positive light. Neutral at most, and negative more appropriate.

    Also, the Challenge Response bit, an interesting solution but slowly you'll start making the tradeoffs between "hard for computer" and "some people can't do this, their vision is poor or they are colourblind."
    • > So we have a name, of Bernard Balan, and it looks like he's living in the Muskoka regions of Ontario, Canada. How long before he gets Ralskyed?

      And according to the article [canada.com], he's "just down the road" from a place called "Cow Shit Valley Farms".

      Heh. If that's true, I can't think of a better place for a spammer to live.

      I wonder if the Bernard Balan in the Ottawa Citizen article is the same Bernard Balan against whom some interesting allegations were raised in this 1996 Google thread from alt.a [google.com]

      • Heh. If that's true, I can't think of a better place for a spammer to live.

        How about in a box. A pine one. About 6 feet underground. I'd like it if most of them lived there... at least for as long as the oxygen lasts.
      • 905 is much of Southern Ontario with the exception of Toronto (which is an island of it's own now, 416, which used to be the area code for the whole area).

        Muskoka is in 705, but it's close enough..

  • by sboyko ( 537649 ) on Friday March 12, 2004 @04:15PM (#8546378) Homepage
    2971 lines in my Junk Senders file and growing.

    But that, and about 20 rules filtering out Viagra and various misspellings, cans about 80% of the spam I get. It's almost enough for me.

    Now if I could figure out how to get Outlook to hide the mail envelope in the taskbar for messages automatically deleted, I'd be laughing.
    • 2971 lines in my Junk Senders file and growing

      I sure hope you have a lot of disk space. But it sounds to me like you are wasting your time. That's because every junk mail these days contains a forged 'From:' header, and spammers are smart enough to generate different From headers for each batch of spam they send out. Since the From header cannot be trusted, any rules that make spam/no-spam decisions based on it cannot be trusted either.

  • by AndroidCat ( 229562 ) on Friday March 12, 2004 @04:17PM (#8546407) Homepage
    So Bernard Balan claims to be the (ex) king of spam and "one of the best programmers around"? Oh wait, spammer rule #1.
  • by MathFox ( 686808 ) on Friday March 12, 2004 @04:18PM (#8546425)
    The Dutch supreme court (Hoge Raad) ruled today (March 12) that an ISP can forbid a spammer to make use of their machines. (press release in Dutch) [xs4all.nl]. "XS4ALL has exclusive rights on its computer capacity" and "Freedom of expression doesn't allow infringement on the rights of others".

    Summary of the verdict: An ISP can demand that a spammer stops (ab)using the computer systems of the ISP for sending unsollicited email to its customers. If he continues after that, the spammer is infringing the ISP's rights.

    • Summary of the verdict: An ISP can demand that a spammer stops (ab)using the computer systems of the ISP for sending unsollicited email to its customers. If he continues after that, the spammer is infringing the ISP's rights.

      Holy sensible-court-opinions, Batman!!!

      Go figure, somewhere on planet earth there's a legal system that puts the rights of individuals and legitimate businesses ahead of those of penis-pill-hawking, bandwidth-thieving, filter-evading, virus-sending, windoze-mass-trojaning criminals?
  • The yesterday, I recieved what had to be the greatest piece of spam mail I've ever seen.

    It had to have been 20 pages long from someone calling himself "Lawrence Jesus Christ", and went on about how they were coming back, and specifically mentioned that the document wasn't spam until the Can-Spam act, how keeping this email from people would allow the sender to sue the company for $7000, a bounce-back would invite a lawsuit for denial of service attack, on and on.

    Funniest damned thing I've seen in some time. And I've been wondering if that's the deal with the other spam I've been seeing like how "I had a 36 hour erection with v-i.g.r.@ - click here" or "Bob crossed the room to find the school girls getting rich quick".

    No, I'm not making that up. Well, a little - but it seems like spammers are now trying to use humor to get their messages through.

    As for Lawrence Jesus Christ or whatever, I deleted it anyway. I'm still waiting for my lawsuit.
  • by superpulpsicle ( 533373 ) on Friday March 12, 2004 @04:21PM (#8546449)
    1.) SPAM

    2.) P2P

    3.) Pop ups

    4.) Virus

    Just when US companies think they have it figured out, some kid in a bedroom will figure out a new way to distribute smarter ones.

    • 1.) SPAM
      From our perspective as receivers, they are not unstoppable. SpamAssassin does a pretty good job (as do other filters), better yet if integrated into your MTA so filtering happens at SMTP connection time.
      2.) P2P
      Why would you want to stop that? (I have never used a P2P app, but I cannot figure out why it is something that should be "stopped" in the first place).
      3.) Pop ups
      Use ABBMSIE (Any browser but Microsoft Internet Explorer). For instance, Mozilla based browsers (Mozilla, Firefox, Camin
  • by chrisbtoo ( 41029 ) on Friday March 12, 2004 @04:22PM (#8546454) Journal
    Sorry monstroyer [slashdot.org], didn't realise it was your system that you were challenging people on. Guess you'll have some work to do tonight, eh?!

    I'd recommend throwing some extra noise in there, and possibly varying the relative darknesses of the background and foreground. If you can distort the characters too it might make it harder to beat.
  • Musubi. Breakfast of champions [everything2.com]. =^_^=
  • spam wars (Score:2, Insightful)

    I am beginning to think we can't ever get rid of spam through legal measures. I am not an expert on the subject... an I admit that I haven't paid that much attention to it. IT just feels like this is gonna be another case where the US or any other country can't control the global internet. We make it illegal and it isn't going to go away... it might go overseas...

    I am convinced that the answer lies in spam filtration. If we stay one technological step ahead of the spammers, they will have to find some o
    • Comment removed based on user account deletion
    • Personally I think we can ONLY win the spam war though legal action. I believe in following the money, every spam has something to identify someone selling something (they may not be the spammer, but they know who the spammer is!). The first target is the people who are buying the spammers time, they are then bound over to stop spam and testify against who was spamming on there behalf. If no one wants by time from spammers, they will have no reason to spam. The spammers make their money from dumb people who
  • by monstroyer ( 748389 ) * <devnull@slashdot.org> on Friday March 12, 2004 @04:27PM (#8546528) Homepage Journal
    Wow, my challenge has been answered. Seeing is believing. For the record, someone else beat it using JAVA. Here's the email i got:
    Hi Simon, I just accepted the challenge that (presumably) you laid on a recent Slashdot
    thread to create an automatic registration agent for (again, presumably) your Spam
    Interceptor software.

    This is the result. If you can see the log of registered email addresses you will note
    that some few hundreds of addresses have been added for of the form
    "AutoGenerated_@i.am.spamming.you.com".

    You are welcome to review the code that I used, although there really isn't
    much to it... some 300 lines of java. The approach that I used should be adequate
    simple variations of your defence, but would be readily defeated by simply
    improving the algorithm that you use to generate the random background noise
    in your image.

    Feel free to email me at: [removed]@recalldesign.com
    As a user, here's hoping a fix to make the image more complex is on the way. Thanks for the insight.

    • by interiot ( 50685 ) on Friday March 12, 2004 @04:37PM (#8546626) Homepage
      There are some simple steps they can take:
      • warp the letters so programs have to actually use OCR techniques instead of simple byte-matching (currently all "A"s have the exact same shape which is trivial to detect due to the small number of hard-edged pixels)
      • alpha-blend the background... currently you can easily remove the background because it's the same color all the way across and all the way down (roughly speaking; you have to skip pixels on the horizontal, but it's still trivial)
      • don't make the letters be the same color all the way across, contiguous pixel areas are too easy to recognize (better yet, apply randomness to the whole image)
      • don't use a clearly different set of colors for the background vs. the text
      Was this actually a challenge by the authors? It was trivial to break, and just about every other site on the internet that uses munged letters uses the above methods.
      • And some more steps that will make this just about impossible to OCR:
        1] Break up the letters like you often see on logos.
        2] Smear or overlay one or more letters together.
        3] Use different colors in a single letter, identical colors across unrelated letters.
        4] Orient or mirror reverse one of the letters.
        5] Put a random pattern of thin lines of the same color over the letters.

        Human pattern matching will read this just fine. You'll drive a typical OCR algorithm nuts. Spammers are by no means going to be crea
    • by Wee ( 17189 ) on Friday March 12, 2004 @05:08PM (#8547038)
      You are welcome to review the code that I used, although there really isn't much to it... some 300 lines of java.

      So that's like, what? 25 lines of Perl?

      I kid because I love.

      -B

    • I don't correspond with people who inflict C/R on me. C/R messages get dropped in the bitbucket. If you think you can solve your spam problem by wasting my time making me jump through your hoops, you got another thing coming.

      Have a nice day.

  • Captcha! (Score:3, Interesting)

    by doublebackslash ( 702979 ) <doublebackslash@gmail.com> on Friday March 12, 2004 @04:34PM (#8546597)
    We have been depending on the difficulty computers have recognzing the shapes of obfustacated letters.
    Why not make the try to identify things, objects.
    There are a substantial number of warping effects that can be applied to a picture, and so long as the users language is known, and they are reasonably congnent, they cold recognize a barn, a duck, etc even if it was warped, twisted, or miscolored to some extent.
    (example: there is a picture of a barn in the forground, the question is what is the color of the object in the picture, or what is the object, many questions based on one picture=)
    I feel that this is the next generation of captchas. Personaly I like a picture scheme better, it could be easier to decipher than some of theose HORRIBLY degraded captchas I've seen. Plus it relies on a deeper ability to recognize shapes and patterns and colors and resolve them into a recognizeable image in our minds, and computers now cannot hope to recognize a warped human face from a barn.
    I feel that this sort of authentication could also be the key to blocking spam all together.
    A user could add E-mails to their trused list, and certain sites (ebay, hotmail, etc) could be on there by default, all others will have their message bounced with a captcha included, and an explination of what is happening. When they prove themselves human, they can get added automagically. Put the work on the senders end. If you send an email to someone, add them to the trused list, etc, for ease of use on users.
    I feel that computers and spammers will have a hard time with any scheme that does not involve standardized things, like letters.
  • What about the spam-printing of links in a article? Jeez...16 in one!
  • Holy Shit! (Score:4, Funny)

    by Mullen ( 14656 ) on Friday March 12, 2004 @04:47PM (#8546721)
    Bernard Balan, branded as one of the world's worst hard line spammers, has retired to a quiet Muskoka retreat far removed from his bulk e-mail empire that, at its peak, had him sending 30 million unsolicited messages a day, raking in up to $140,000 U.S. a week.

    Is this a joke? You can make that much money being a spammer?
    No offense people, I but I'm seriously looking at switching careers! I make half that in a year!
    I could work less than a single single year and retire. Amazing!

    • Re: (Score:3, Funny)

      Comment removed based on user account deletion
    • Re:Holy Shit! (Score:3, Insightful)

      by bigberk ( 547360 )

      You can make that much money being a spammer?

      I know you're joking, but others look at the figures and think to themselves that they could be rich spammers too. Here's my advice:

      Don't try making a career out of sending spam. You're not going to be a big-shot spammer; you're going to be employeed as a big spammer's bitch to do the dirty work that would otherwise get the big-shot spammer thrown in jail or hunted down and harassed by an angry anti-spam activist.

      For 99.999% of wanna-be-spammers, there

    • ...it's really $140,000 Canadian, which is like, $372 U.S.
  • I think the SPAM Captcha interceptor could be made better by including with a text message that says something like. Change the letter that is third (random position) to the letter "F" Random letter, or make the letter that is higher (on the page) in lower case. This would pretty much fool most character recognition programs as they would also have to decipher some message that is associated with it. Of course additional text DIRECTIONS would also fool some humans that would think they know better.
    • I think the SPAM Captcha interceptor could be made better by including with a text message that says something like. Change the letter that is third (random position) to the letter "F"

      Once you go the route of text semantics, you can get rid of the relatively large and cumbersome image altogether. The main reason a CAPTCHA can be cracked is because they are simple "syntax" problems (you type what you see) that AI research has been able to tackle pretty easy. OCR software doesn't really have to improv

      • Someone could just spend five minutes figuring out all the answers to your fixed set of 20-30 questions . Answering your questions is probably easier than making up in the first place.
  • by kbahey ( 102895 )

    Hey.

    I submitted the story about the Canadian spammer trio yesterday and it got rejected.

    I also submitted an article [canada.com] from The Ottawa Citizen. Interesting bits in it. He claims to be retired, and used to make 140,000$ a week. He sent 30 million messages a day.

    Notice how he calls anti SPAM activists "terrorists". Nice moniker there, just like Commie was in the 1950s/1960s.

    Perhaps my joking remark about US invading Canada because of all that put off the editors? ;-). I knew that CAN-SPAM had a Canadia

  • by Animats ( 122034 ) on Friday March 12, 2004 @04:57PM (#8546868) Homepage
    It can be done. Just follow the money. Make banks that issue merchant accounts financially responsible for the spam of their merchants. After all, they're profiting from it. Visa and MasterCard together have the power to stop spam dead.

    Going offshore won't help, if the banking system is forced to cooperate. The credit card system can collect chargebacks from faraway merchants without much trouble.

  • I posted this yesterday, but i was way too late for it to get read. I know it's poor form to repeat yourself, but i just wanted some feedback.

    So what about this:

    You start with a central certificate authority. I know, I know, bottlenecks. But you only need them to issue keys to (or sign the keys of) about 100 (or 1000?) servers. The signing authority has to be central, but the *revocation* authority does not. That's the key here.

    So those servers can sign the keys of 1000 servers of their own and so on.

    S
    • As attractive as the idea appears, there's one fatal flaw. If you allow anyone to revoke a certificate, (or in this case, a significant number of anyones) sooner or later somebody (probably a spammer, or maybe somebody who just wants to create chaos for the heck of it) is going to start a campaign to mass revoke certificates. It could be an organized group of people that get together, or maybe instead of writing viruses that spam, people will write viruses that send out spam complaints and certificate rev
      • well, the idea is that spammers would never be able to get spam onto the trusted network. and people would not be able to forge fake spams for reporting - they would all be cryptographically signed.

        so i couldn't make some random spam and send it to the revocation site - it would have to be sent first through a trusted server which should not allow people to spam in the first place.

        does that explain it better? the point being that if your server accepts a mail from a user to send, they sign the email wi
  • by Skapare ( 16644 ) on Friday March 12, 2004 @05:42PM (#8547426) Homepage

    Submitting an email address to the "do-not-spam list" risks that address leaking to foreign spammers (or domestic spammers operating in a foreign country). They would know the address is "for real" so they would be happy to add it to the lists they sell.

    If the email addresses were distributed in MD5 [wikipedia.org] encrypted format, it would be a little harder for spammers to do much else with it. Of course, as they scan their list to see who is on the "do-not-spam list", they can still sell those addresses to others (outside the US) as "for real". They won't get to know about new addresses from the list, but they will get to know whether or not new addresses gained from other places is real or maybe not.

    Perhaps better would be to limit the list to domain names only. The domain name owner would have to authorize being on the list, but then it would specify any email address with any username part would be effectively listed. And even still, it would be MD5 encrypted so spammers aren't handed a list of domain names.

    Ultimately, it will have very little effect (big time spammers will move operations to outside the US), and have some problems (spammers will be detecting many "for real" addresses in this). The real solution is to send spammers to the gallows [wikipedia.org].

  • by The I Shing ( 700142 ) * on Friday March 12, 2004 @05:48PM (#8547500) Journal
    BEGIN RANT:::

    If I hear one more spammer refer to himself as a victim I'm going to lose my lunch. Yeah, spammer, you're a victim, just like Charles Manson and Kenneth Bianchi were victims.

    And hearing spammers justify what they do based on how much money they bring in likewise makes my stomach start to heave.

    Another favorite is when they claim an inherent right to spam people. "Hey, don't use email if you don't want to get advertisements," is their repugnant, pathetic little battle cry, like a serial killer who justifies committing murder by claiming that people who don't want to be murdered shouldn't be born.

    I remember this humorous tagline in a Car Wars supplement that read, "If you don't like the way we drive, stay off the streets (and the sidewalks and the lawns)." Spammers have the same kind of tagline going in real life, "If you don't like getting spammed, stay off the internet." But that's quite a bit less humorous, especially when people are having to weed hundreds of stupid spam messages out of their inboxes every day, after waiting fifteen minutes to download them all. :::END RANT

    Time for popcorn.
    • If I hear one more spammer refer to himself as a victim

      Hmmmm, my reaction is that the more victimized the spammer is the better.
      What we need is the modern equivalent of tar and feathers and riding out of town on a rail. By person or persons unknown.
  • I mentioned this earlier (my other comment [slashdot.org]), but it seems like something that hasn't got much attention on Slashdot. There's a group (?) of people boycotting the Microsoft email caller ID solution and hoping to get authors and MTA's and email clients to sign on:

    The page is at http://boycott-email-caller-id.org/ [boycott-em...ler-id.org] if you're interested.

  • better CAPTCHA (Score:2, Interesting)

    by bandicot ( 532886 )
    Spamarrest seems like it has a better CAPTCHA mechanism: sample image [spamarrest.com]. The loops are pretty ugly; certainly more difficult to subvert than dark characters on a light background (with no dark obfuscators). For myself, I use bogofilter. After piping a bunch of known good ("ham") and bad ("spam") through the engine. I get almost no spam that isn't caught and quarantined for later inspection.
  • by uqbar ( 102695 ) on Friday March 12, 2004 @07:27PM (#8548371)
    I belong to a club that does mass emails to our members and to folks that members have invited to our club functions. Everyone on our email list gave us their email in writing and every email we send allows opt out. But still this is thousands of people and some of them, rather than click the the unsub button, identify us as spam to block the emails. The result is that many of our dues paying members cannot get mass or even individual emails from the club they belong to (and pay money to belong to).

    With the CAN SPAM laws now we're running around wondering if we now have to worry about being hassled for simply emailing someone who is too lazy to click the unsub link. My take to our board was that we are fine, but some are still worried about having to deal with court costs because someone decided to abuse this law and doesn't understand the difference between SPAM and emails that you asked for and then changed your mind.

    So the potential result of this law is hassling small legitimate groups that want to cut postage costs - while the real spammers, who you don't have any prior relationship with you and who you didn't give out your email to, continue to fill your email box with crap.

    Ugh...

"Engineering meets art in the parking lot and things explode." -- Garry Peterson, about Survival Research Labs

Working...