Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Spam Security

Spammers on the Run 297

ericald writes "An interesting update from Blue Security, the group that introduces the Blue Frog initiative to fight spam, claims that during the past few days at least one spammer had frequently deleted domains he owned as a result of their system. In another update in their blog they report they have already recruited over 21,000 users. It's about time spammers start feeling the heat! I'm just surprised they show results so soon."
This discussion has been archived. No new comments can be posted.

Spammers on the Run

Comments Filter:
  • Spammers fate (Score:5, Insightful)

    by bigwavejas ( 678602 ) * on Monday August 15, 2005 @12:24PM (#13322528) Journal
    Spammers must realize by now they run an awful risk by having their true identities tracked down and then posted for punishment. It won't be long until search engines (Google, Yahoo, etc.) start compiling results for them such as, "Mr/ Mrs X Illegally spammed millions of people." Employers certainly will rethink hiring someone with such tainted credentials. It just isn't worth it nowadays to harass people with unwanted/ unwarranted emails. This is a resounding wake-up call for these cretins to rethink their ill-fated profession.
    • Re:Spammers fate (Score:5, Insightful)

      by SFalcon ( 809084 ) on Monday August 15, 2005 @12:28PM (#13322570)
      When the spammers can afford to pay $7m to Microsoft, I don't think they need to worry about being hired by anyone.
      • Not every spammer is as successful as Scott Richter (who agreed to pay $7 million).
        • Not every spammer is as successful as Scott Richter (who agreed to pay $7 million).

          Remember, he's not a spammer... he's a high-volume e-mail deployer.
          • Let's work the term "engineer" or "specialist" in there somehow.

            How do these sound?

            • Port 25 marketing specialist (PMS - my favorite already)
            • Annoyer via e-mail (AVE)
            • Canned meat over e-mail specialist
            • your ideas?
      • Comment removed based on user account deletion
        • Re:Spammers fate (Score:3, Insightful)

          by bluGill ( 862 )

          He can declare bankruptcy. However that won't matter much. Bankruptcy just turns your bills and assets to the courts. The court then decides how to pay your bills for you. First the lawyers get paid (of course), then all court judgments get paid, next secured loans, then unsecured loans. (I'm likely to have missed something in there) The court can sell anything (often with exceptions like your house, but this varies from state to state) to raise funds.

          Bankruptcy isn't a free way to get rid of deb

    • Re:Spammers fate (Score:5, Insightful)

      by KiloByte ( 825081 ) on Monday August 15, 2005 @12:29PM (#13322582)
      Not really. The notoriety will give them some fame, and tell potential advertisers that those spammers know how to send spam in really large amounts.
      • Re:Spammers fate (Score:2, Insightful)

        by xiando ( 770382 )
        You are so right! "tell potential advertisers that those spammers know how to send spam" not only makes it simpler to get a job in related industries, but this is probably THE biggest client generator too. Hey, this guy managed to get is spam through my filter, heh, he must be good, eh? Why not hire him to send our company message to the millions, eh? aiiya, he probably makes this spam-advertised product sell, why not ours, eh?
    • I'm sure all the Chinese, Polish, and Russian spammers are shaking in their boots. For them, there will never be a solution other than IP block banning and similar measures. If you have the time and energy to waste on "dealing" with this group, more power to you, but I'm done even thinking about them.
      • Re:Realistic View? (Score:5, Insightful)

        by Rev.LoveJoy ( 136856 ) on Monday August 15, 2005 @12:49PM (#13322795) Homepage Journal
        I think by and large most corporations are taking this tack in dealing with spam sent to their MTAs. If you do not do business with that country, ban their IP block. This is an inexpensive 100% solution to spam from overseas.

        Public ISPs, universities and government centers do not (and can not) take this route. So these orgs must take another path towards dealing with international spam.

        Filtering works. Greylisting works. These technologies help a great deal against the zombie armies everyone said would be unstoppable spam sources.

        I am glad you have a solution which works for you (and to some extent, I agree with your soultion), but I would hate for the balkanization of the Internet to come about due to the misbehavior of a few rotten apples. I think there must be a better way.

        Cheers,
        -- RLJ

    • Re:Spammers fate (Score:3, Interesting)

      But wouldn't it be better to make spam unprofitable [paulgraham.com] by creating better spam filters? This way so very few people even see the spam that no company will even invest in this sort of marketing anymore.

      • Re:Spammers fate (Score:5, Insightful)

        by joto ( 134244 ) on Monday August 15, 2005 @01:35PM (#13323228)
        The "better" spam filters described by Graham are already getting pretty common in decent mail user agents. And yes, bayesian filtering works well.

        However, it will not make spam unprofitable. To make it unprofitable, the costs of sending spam must be higher than the money you get from it. So in some way, we need to increase the costs of sending spam, or reduce profits.

        The cost of sending spam is essentially zero. Sure, you may have to switch ISP once in a while, register some new domains, invest in some CDs with email-addresses, buy some software or consultants to infect machines, etc... But it really doesn't matter. Even with todays hostility towards spammers, the cost is still essentially zero.

        The profits of spam is:

        • price_of_whatever_you_sell * number_of_email_addresses * some_really_low_fraction
        where really_low_fraction is the number of idiots who fall for your scam.

        Bayesian filtering doesn't address either costs or profits. It does not make sending spam more expensive, and it does not change the some_really_low_fraction, because the idiots who respond to spam wouldn't be using bayesian filtering anyway.

        So Bayesian filtering is nice for the end-users who just want to get through their mail, but it doesn't really help solve the problem of making spam unprofitable.

        • Re:Spammers fate (Score:4, Insightful)

          by Vlad_the_Inhaler ( 32958 ) on Monday August 15, 2005 @02:23PM (#13323735)
          In other words: the Microsoft approach is the best one. Go after the barstewards and make them pay.

          Part of the problem is the legal framework, unsolicited mass mailing needs to become 'more illegal'. Paying someone else to spam needs to be targeted, if a company in the US pays someone in Uzbekistan to send spam, that company in the US has to suffer. Follow the money.

          Blacklisting entire countries is a different approach, once strong anti-spam laws are in place in some of the main jurisdictions, recalcitrant areas can be *persuaded* to adopt/enforce similar measures by blacklisting. That blacklisting has to be done at the ISP level though, not by law.
    • Re:Spammers fate (Score:5, Insightful)

      by Dunbal ( 464142 ) on Monday August 15, 2005 @12:41PM (#13322710)
      Employers certainly will rethink hiring someone with such tainted credentials.

            I know we're living in the era where corporations and employers believe they have the right to do anything they want. But while refusing to employ someone on hearsay is within an employer's rights, there's a chance of shooting yourself in the foot and actually hiring the guy who was smart enough to cover his tracks, rather than the silly, average person whose box was "owned" and spammed without thier knowledge.

            Oh but we all know that search engines are infalliable and are the best way to screen a potential employee, right? Come on. If I can steal your identity and borrow money in your name, how hard can it be to spam in your name? Frankly this would not be an employer worth working for.
      • Come on. If I can steal your identity and borrow money in your name, how hard can it be to spam in your name?

        Well, if you could steal someone's identity, you'd be likley to be doing more than just creating spam accounts.

        Spamming is quasi-legal in a sense because they don't have entire government departments devoted to hunting and prosecuting spammers (yes it's illegal in quite a few places, but usually it's ISP's that do the suing not the government).

        Identity theft is highly illegal and is persued by the Po
    • Re:Spammers fate (Score:4, Insightful)

      by tacocat ( 527354 ) <`tallison1' `at' `twmi.rr.com'> on Monday August 15, 2005 @12:53PM (#13322824)

      I dunno.. If I was a greazy marketing type I would love to find someone who was a greasy as myself and this kind of Google information would be perfect. And you have a hard time using the word illegally on any of this since you would have to have proof. How many spammers have been convicted?

    • What's really interesting about spam is that it must actually be somewhat successful, otherwise the spammers would have died out long ago.

      Who wants to buy Windows XP or enlarge their penis so badly that they are clicking links in unsolicited emails? Whoever you are, please stop, for the good of all!
      • Re:Spammers fate (Score:5, Insightful)

        by Dunbal ( 464142 ) on Monday August 15, 2005 @01:15PM (#13323009)
        that it must actually be somewhat successful,

              Of course it's successful. Any biological system obeys a gaussian or normal distribution. This includes patterns of behaviour in a population. There is always a bunch of people on the edge of this curve who will buy anything. The gullible, the impulsive, the mentally handicapped, the bipolars in their manic phase. If you spam enough people, you will hit enough of this extreme population to make a "business" out of it. What sucks is that the entire rest of the population who are not at all interested in the "product" will also have been spammed at this point.

              But the spammers don't care, all they want is cash. I wouldn't be able to live with myself knowing I did this for a living, but the spammers obviously have no problem with it.

              If the spammers were smart they would have a list of gullible people by now and target their population more intensly, to save on effort. You might as well bleed em dry, right?
        • Re:Spammers fate (Score:3, Insightful)

          by robogun ( 466062 )
          But the spammers don't care, all they want is cash.

          It's more than that. Everybody wants cash. But spammers are psychopaths who see themselves as more valuable than all other humanity put together, and do not care if the $1000 they earn by spamming actually costs others $1,000,000.

          The world is much better off if they were locked up permanently or dead.

          Similarly, any company which hires such people is probably also better off missing.
    • Re:Spammers fate (Score:3, Insightful)

      by m2bord ( 781676 )
      most marketing companies don't believe that there is such a thing as ethics and any method used to deliver your message is good so long as the ends justifies the means...ie..the message gets delivered.

      spammers know how to deliver messages and are thus very hireable. plus...while we know who these vermin are...and the marketing companies/employers know who they are...john q. public doesn't know.

      so what preventative is there to not hiring spammers?

      and don't get me wrong...i detest spammers and report/fight th
  • Excuse me... (Score:2, Interesting)

    by JonN ( 895435 ) *
    Is it just me, or does anybody else think that these attempts might show some promise, but in the long end probably won't work. Basically this is the spamming world versus an organization which, in reality, uses spam right back to get the results they wish. Yes yes, I know you will all say they are using spam in the 'name of good' and all that, however, an organization without political ties will not be able to battle all those companies responsible for the spam in the first place. Until we see more governm
    • Re:Excuse me... (Score:3, Interesting)

      by hackstraw ( 262471 ) *
      Is it just me, or does anybody else think that these attempts might show some promise, but in the long end probably won't work.

      This may not work. I don't know.

      The thing here is that there are basically 3 types of SPAM.

      1) Annoying mails from a legitimate company that you may or may not have explicitly told them they could spam you, or you are just being punished for being their customer. The difference here is that they _DO_ comply with opting out.

      2) Annoying mails from a semi-legitimate company that will
  • by bigtallmofo ( 695287 ) on Monday August 15, 2005 @12:28PM (#13322568)
    I'm amazed at Blue Security's success. They've gotten a few spammers to shut down a few domains.

    The odd thing is, I'm still receiving as much spam as I've always received. No matter how many tens of thousands of users they sign up for this process, I fear this is going to be a very small drop in a very large bucket.
  • Blue Security (Score:5, Informative)

    by kevin_conaway ( 585204 ) on Monday August 15, 2005 @12:30PM (#13322592) Homepage
    For those that don't know what Blue Security does, see this thread [slashdot.org].

    Basically, they DDOS spammers websites in hopes that they will shut them down.
    • heh. slightly ironic that it gets posted to slashdot then isnt it :)
      the /. effect > DDOS
      • Slashdot isn't a DDOS. Legally, a DDOS requires intent to shut down a machine.

        Which of these are legally actionable?

        1) CmdrTaco: Millions of geeks! There's something cool over here.

        2) CmdrTaco: Millions of geeks! Click on the link to this person we all dislike, maybe their machine will crawl to a halt.

        3) CmdrTaco: Mean person I don't like (who has a puny webserver)! Pay me money or I'll send millions of geeks to your website to shut it down!

        The first clearly doesn't have any legal problems (

        • How is Option #2 any different than the sit-ins done during the 1960's civil rights movement to businesses in Alabama?

          Those are lauded in all of the history books as an application of peaceful economic pressure.
  • If I understand this correctly these guys are exposing the identities of spammers including how many people they exposed to their unwanted messages? That's an interesting approach, but might get thrown down in U.S. courts due to privacy regulations. Hey, don't kill the messenger ;-) I just know how the legal system works over here and I'm sure these guys will not roll over and head for the hills. My bet is that they'll pay some high class lawyers to keep their identity from being released. HOWEVER, with tha
    • Well, looks like I was TOTALLY offroading - LOL > the previous posting showed up after I submitted mine. Now, considering their REAL approach, I'm actually surprised people didn't try this one before. On the other hand, I would be equally surprised if that would stem the tide of spam for very long.
      • It's amazing, isn't it? You're connected to the Internet, the world's single largest source of information on nearly every conceivable topic, and you couldn't be bothered to take 2 minutes to actually look up the topic being discussed before commenting on it.
  • by Iriel ( 810009 ) on Monday August 15, 2005 @12:33PM (#13322620) Homepage
    I liked the mention of the domain registrar taking up a zero-tolerance policy after the spammer shut down their domain. I'm starting to think that with more people around the world getting online, more people around the world are getting sick of spam. This could help us eliminate some of those off-shore servers that spammers love to hide behind.

    Give everyone in the world email for a week and then see all the government action we desperately crave ;)
  • Anti-Blue Frog (Score:5, Informative)

    by JonN ( 895435 ) * on Monday August 15, 2005 @12:33PM (#13322625) Homepage
    An interesting article over at TechNewsWorld [technewsworld.com] about how Blue Frog is not what we need in the battle against spam. "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal."
    • Re:Anti-Blue Frog (Score:5, Insightful)

      by darkmayo ( 251580 ) on Monday August 15, 2005 @12:38PM (#13322678)
      Personally I think the "worst kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them. I dont think DDOSing some spammer pricks domain is that bad if you compare what could happen to these people.
      • by Quiet_Desperation ( 858215 ) on Monday August 15, 2005 @12:44PM (#13322747)
        Personally I think the "WORST kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them.

        You misspelled "best".

      • Re:Anti-Blue Frog (Score:5, Insightful)

        by RealAlaskan ( 576404 ) on Monday August 15, 2005 @12:54PM (#13322843) Homepage Journal
        Personally I think the "worst kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them.

        Isn't that spelled ``best''?

        Seriously, the grandparent post refered to this as a DDOS. If the spammer sends me an email, he's certainly got no right to complain if he gets one back. If he gets enough back to shut down his website, well, he shouldn't have sent so much spam, should he? My understanding is that Blue Frog tries to send an unsubscribe message for every spammed address (their website is slashdotted)? If so, the spammers have already announced their willingness to get that message, and it is obviously legal.

      • Problem is, the one who likely gets stuck with the bill is some poor ISP who finds out a month later that the customer cancelled his credit card five minutes after opening the account. The spammer still gets his $50 for the three or four idiots who ordered some quack remedy.

        The good news is that the big guys - yahoo, aol, etc., won't really feel the pinch - just the small shops that provide individual service.
    • "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal."

      How's the quote go? "Capitalism is terrible, but beats the alternatives"?

      So we should ignore the fact that all previous solutions have failed, and users have become completely complacent with the advent of spam filtering software? (currently, antispam software is a spammer's best dream; he/she doesn't irritate

    • One reply to a recieved spam is a deliberate attack now? I think that if you send out two billion e-mails, the only person making an attack on your web server is you.
    • Re:Anti-Blue Frog (Score:4, Informative)

      by Seanasy ( 21730 ) on Monday August 15, 2005 @02:12PM (#13323591)

      TechNewsWorld? Ah, one of those ECT publications. They have such esteemed writers as Maureen O'Gara on their payroll. Their publications are barely news and frequently contain some form of troll or flamebait to get them posted on Slashdot.

      If you thought ZDnet was crap, ECT makes them smell like roses.

  • The missing link (Score:2, Informative)

    by erykjj ( 213892 )
    Blue Security [bluesecurity.com]
  • by dotpavan ( 829804 )
    look at the domain names, makes a good read..

    asdlkjfea.com, alsfajega.com, aksdfaewl.com, hkassautdn.com, egmymaridjk.com, lhperdixnd.com, clthriftbf.com, bibiae.com, romisingfeasibility.com, betheuplift.com, fundamentalstojoy.com, dealandvaluematch.com, valueandassets.com, oursuperbiz.com, and best of them: truthfoundhere.com

    maybe spamfoundhere.com?

  • Nibbling (Score:2, Insightful)

    by dal20402 ( 895630 ) *
    This is nibbling around the edges, but nothing else is possible, so we should keep doing it.

    Sue/fine/arrest/jail spammers? They'll move abroad where we can't find them.

    Get a legal framework that will be enforced in all the countries connected to the Internet? Good fscking luck.

  • by Grimster ( 127581 ) on Monday August 15, 2005 @12:35PM (#13322648) Homepage
    I just hit the "join beta" link and didn't fill out the form, on the page you signup I see:

    System Requirement

    Windows 2000/2003/XP

    Ok so I'm out, last windows I read email on was Win95 or maybe Win98, some bullshit virus or another screwed me over, I ain't "done email" on Windows of any type since. Oddly enough, I haven't had any viruses, spyware, adware, or malware since then either.

    So while I applaud efforts to reduce spam, efforts that requre Windows seems silly at best and are efforts I can't join in on. Even my wife no longer reads email on Windows, the last time her Windows PC slowed to a crawl due to spyware instead of spending 3 or 4 hours googling for the latest cleaners and finding out what new and not at all entertaining spyware she had, I said "fuck this' gave her my new and as yet unpacked Mac Mini and she hasn't had any spyware problems since. Ripped her PC apart and installed Linux on it to replace my laptop as my main "work" pc.
    • You should maybe install an anti virus and spyware program. They work great... I've never had a virus or spyware on this win2000 box.

      Sounds like you had bad habits to get all that stuff... and when the virus writers get interested in LINUX if it ever gets popular, you'll be back in the same boat.
  • by Tackhead ( 54550 ) on Monday August 15, 2005 @12:37PM (#13322673)
    > An interesting update from Blue Security, the group that introduces the Blue Frog initiative to fight spam, claims that during the past few days at least one spammer had frequently deleted domains he owned as a result of their system. In another update in their blog they report they have already recruited over 21,000 users. It's about time spammers start feeling the heat! I'm just surprised they show results so soon."

    An interesting update from Spammers-R-Us, Inc [...] In another update in their blog, they report they have already gotten over 21,000 Slashdotters to hit the Blue Frog site. It's about time spamfighters started feeling the heat! I'm just surprised they show the results within 20 posts on the thread!

    - with apologies to the original article poster :)

  • by Quiet_Desperation ( 858215 ) on Monday August 15, 2005 @12:42PM (#13322720)
    I propose the Blue Steel program where spammers are hunted down like animals. Sponsored by Colt. Successful hunters will be allowed to mount the heads on their walls.
  • Microsoft received $7M from Richter, but what about all the other spam victims of Richter. There still is over $45M in proofs of claims against Snotty.

    If even .1% of spam spam victims sued Snotty for the spam that he sent, he would be out of money.

    One large spam suit usually does not take out a spammer, but 1000 or 10,000 smaller suits will.

    • If only .1% of people respond to spam, they can make millions.

      If only .1% of spam vicims sue a spammer, they can make millions.

      Sounds to me like there's a lot of money to be made on the margins. There's a whole bunch of collateral damage going on that's costing us a lot more than the millions on the margins, though..
  • Poor solution (Score:2, Interesting)

    by gr8_phk ( 621180 )
    This solution to spam is one that could at best reach an equilibrium with less spam but still plenty around. If people have to DDOS the spammers to make the problem go away, then it will never go away. If it did, people would stop being prepared to DDOS them and the problem will come back. This is not likely to be cyclical, but rather reach an equilibrium. It also doesn't account for zombies sending spam - unless you DDOS the sites that are advertised, and that's got another whole set of legal issues.

    IMHO

    • So how about picking a real solution then?

      Sender pays won't work, if there are any loop holes allowing some users to send free of cost the spammers will find a way to use the loop hole. (to say nothing of the exemption that would be applied to goverment offices and congress critters, charities etc.) Imposing such fees would end the Internet as a relatively efficient means to exchange ideas and information.

      DDOSing the web sites that sell the crap pushed in spam while some what satisfying is as you po
  • by xiando ( 770382 ) on Monday August 15, 2005 @12:59PM (#13322874) Homepage Journal
    smtpd_sender_restrictions = reject_unknown_address
    smtpd_recipient_restrictions =
    permit_sasl_authenticated,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    permit_mynetworks,
    reject_unauth_destination,
    reject_rbl_client ombie.dnsbl.sorbs.net,
    reject_rbl_client relays.ordb.org,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client sbl.spamhaus.org,
    permit

    We are also using SpamAssassinn / razor / clamav using amavisd-new. The main mail account used for everything from clients webmaster@ mail to contact@ are getting numerous spam daily, yet only three or perhaps four a month get delivered... and those are added to our body_checks.txt which is publicly available for download [linuxreviews.org] by anyone, including spammers who I have a feeling makes spammers think twice and clean us off their list when they find themselves listed there using search engines etc.
  • by Locke2005 ( 849178 ) on Monday August 15, 2005 @01:15PM (#13323010)
    Just as a proof of concept, would somebody please start sending out millions of "fake" spam messages, all with links to every one of SCO's web pages? Thanks!
  • by G4from128k ( 686170 ) on Monday August 15, 2005 @01:29PM (#13323165)
    Blue Frog is effective because it consumes spammer's resources -- it raises the costs of being a spammer. Spam filtering does not reduce spammer's profits in that the same people that filter spam were never likely to visit the spam site and purchase. Filtering doesn't change spammer's revenues or costs.

    In contrast, a bot that visits a spammer's site consumes the spammer's valuable resources in far greater amounts that is consumed by the original spam e-mail (spam emails often being under 10kB and sent via low-cost zombies vs. 50kB or 100kB for most web pages begin hosted on the spammer's e-commerce site).
    • I think so, too.
      And, as far as I can see, the most important resource consumed is the spammer's time to sort the replies to his/her which MAY BE LEGITIMATE.

      Doesn't sound that familiar?

      Maybe spammers will use some modified version of spamassassin to filter for replies to their spam :-)
  • See my sig!

    Actually, since I started using my sig, I've called these particular junk faxers back to see if they're feeling the heat, and one exasperated woman told me that they were! Keep up the good work Slashdotters! If we do the same thing to spammers (using something like SpamVampire), we will eventually have the same effect of hitting them where it hurts: their wallets.
  • Have a program recreate an image using hotlinked images downloaded from spammer sites, reduced to 1x1 images.

    Sure, it will take 20 miuntes for an image to show, but think of the fun! Mosaic time!

    Wait, was that already done?
  • by Caveman Og ( 653107 ) on Monday August 15, 2005 @03:13PM (#13324334) Homepage Journal
    Spammers change domains the way normal people change underware. The fact that within a few days of Blue Security sending their malcious complaints to a spammer's website (which is set up on a throw-away account at a Chinese ISP, registered through a reseller for one of the minor registrars, who will, in three days, cancel the domain registration ANYWAY), is not evidence of ANYTHING.

    Correlation is not causation!

    Spammers have been rotating through domain names for years now. You can watch it on a week-by-week basis, as a whole series of domains with the same nameservers takes responses for the same spam months on end. Even when the spammers change nameservice, they tend to do it in predictable ways.

    In one week's time Blue Security has manages to slightly ruffle the feathers of a total of THREE distinct spam operations. Big whoop.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...