Spammers on the Run

ericald writes "An interesting update from Blue Security, the group that introduces the Blue Frog initiative to fight spam, claims that during the past few days at least one spammer had frequently deleted domains he owned as a result of their system. In another update in their blog they report they have already recruited over 21,000 users. It's about time spammers start feeling the heat! I'm just surprised they show results so soon."

Spammers fate

[bigwavejas]

Spammers must realize by now they run an awful risk by having their true identities tracked down and then posted for punishment. It won't be long until search engines (Google, Yahoo, etc.) start compiling results for them such as, "Mr/ Mrs X Illegally spammed millions of people." Employers certainly will rethink hiring someone with such tainted credentials. It just isn't worth it nowadays to harass people with unwanted/ unwarranted emails. This is a resounding wake-up call for these cretins to rethink their ill-fated profession.

Re:Spammers fate

[SFalcon]

When the spammers can afford to pay $7m to Microsoft, I don't think they need to worry about being hired by anyone.

Re:Spammers fate

[bigwavejas]

Not every spammer is as successful as Scott Richter (who agreed to pay $7 million).

Re:Spammers fate

[crimson30]

Not every spammer is as successful as Scott Richter (who agreed to pay $7 million).

Remember, he's not a spammer... he's a high-volume e-mail deployer.

Re:Spammers fate

[mattspammail]

Let's work the term "engineer" or "specialist" in there somehow.

How do these sound?

• Port 25 marketing specialist (PMS - my favorite already)
• Annoyer via e-mail (AVE)
• Canned meat over e-mail specialist
• your ideas?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Spammers fate

[bluGill]

He can declare bankruptcy. However that won't matter much. Bankruptcy just turns your bills and assets to the courts. The court then decides how to pay your bills for you. First the lawyers get paid (of course), then all court judgments get paid, next secured loans, then unsecured loans. (I'm likely to have missed something in there) The court can sell anything (often with exceptions like your house, but this varies from state to state) to raise funds.

Bankruptcy isn't a free way to get rid of deb

Re:Spammers fate

[KiloByte]

Not really. The notoriety will give them some fame, and tell potential advertisers that those spammers know how to send spam in really large amounts.

Re:Spammers fate

[xiando]

You are so right! "tell potential advertisers that those spammers know how to send spam" not only makes it simpler to get a job in related industries, but this is probably THE biggest client generator too. Hey, this guy managed to get is spam through my filter, heh, he must be good, eh? Why not hire him to send our company message to the millions, eh? aiiya, he probably makes this spam-advertised product sell, why not ours, eh?

Realistic View?

[Saeed al-Sahaf]

I'm sure all the Chinese, Polish, and Russian spammers are shaking in their boots. For them, there will never be a solution other than IP block banning and similar measures. If you have the time and energy to waste on "dealing" with this group, more power to you, but I'm done even thinking about them.

Re:Realistic View?

[Rev.LoveJoy]

I think by and large most corporations are taking this tack in dealing with spam sent to their MTAs. If you do not do business with that country, ban their IP block. This is an inexpensive 100% solution to spam from overseas.

Public ISPs, universities and government centers do not (and can not) take this route. So these orgs must take another path towards dealing with international spam.

Filtering works. Greylisting works. These technologies help a great deal against the zombie armies everyone said would be unstoppable spam sources.

I am glad you have a solution which works for you (and to some extent, I agree with your soultion), but I would hate for the balkanization of the Internet to come about due to the misbehavior of a few rotten apples. I think there must be a better way.

Cheers,
-- RLJ

Re:Spammers fate

[quasi_steller]

But wouldn't it be better to make spam unprofitable [paulgraham.com] by creating better spam filters? This way so very few people even see the spam that no company will even invest in this sort of marketing anymore.

Re:Spammers fate

[joto]

The "better" spam filters described by Graham are already getting pretty common in decent mail user agents. And yes, bayesian filtering works well.

However, it will not make spam unprofitable. To make it unprofitable, the costs of sending spam must be higher than the money you get from it. So in some way, we need to increase the costs of sending spam, or reduce profits.

The cost of sending spam is essentially zero. Sure, you may have to switch ISP once in a while, register some new domains, invest in some CDs with email-addresses, buy some software or consultants to infect machines, etc... But it really doesn't matter. Even with todays hostility towards spammers, the cost is still essentially zero.

The profits of spam is:

• price_of_whatever_you_sell * number_of_email_addresses * some_really_low_fraction

where really_low_fraction is the number of idiots who fall for your scam.

Bayesian filtering doesn't address either costs or profits. It does not make sending spam more expensive, and it does not change the some_really_low_fraction, because the idiots who respond to spam wouldn't be using bayesian filtering anyway.

So Bayesian filtering is nice for the end-users who just want to get through their mail, but it doesn't really help solve the problem of making spam unprofitable.

Re:Spammers fate

[Vlad_the_Inhaler]

In other words: the Microsoft approach is the best one. Go after the barstewards and make them pay.

Part of the problem is the legal framework, unsolicited mass mailing needs to become 'more illegal'. Paying someone else to spam needs to be targeted, if a company in the US pays someone in Uzbekistan to send spam, that company in the US has to suffer. Follow the money.

Blacklisting entire countries is a different approach, once strong anti-spam laws are in place in some of the main jurisdictions, recalcitrant areas can be *persuaded* to adopt/enforce similar measures by blacklisting. That blacklisting has to be done at the ISP level though, not by law.

Re:Spammers fate

[Dunbal]

Employers certainly will rethink hiring someone with such tainted credentials.

      I know we're living in the era where corporations and employers believe they have the right to do anything they want. But while refusing to employ someone on hearsay is within an employer's rights, there's a chance of shooting yourself in the foot and actually hiring the guy who was smart enough to cover his tracks, rather than the silly, average person whose box was "owned" and spammed without thier knowledge.

      Oh but we all know that search engines are infalliable and are the best way to screen a potential employee, right? Come on. If I can steal your identity and borrow money in your name, how hard can it be to spam in your name? Frankly this would not be an employer worth working for.

Re:Quasi-Legal and Highly Illegal

[vertinox]

Come on. If I can steal your identity and borrow money in your name, how hard can it be to spam in your name?

Well, if you could steal someone's identity, you'd be likley to be doing more than just creating spam accounts.

Spamming is quasi-legal in a sense because they don't have entire government departments devoted to hunting and prosecuting spammers (yes it's illegal in quite a few places, but usually it's ISP's that do the suing not the government).

Identity theft is highly illegal and is persued by the Po

Re:Spammers fate

[tacocat]

I dunno.. If I was a greazy marketing type I would love to find someone who was a greasy as myself and this kind of Google information would be perfect. And you have a hard time using the word illegally on any of this since you would have to have proof. How many spammers have been convicted?

Re:Spammers fate

[tbarstow]

What's really interesting about spam is that it must actually be somewhat successful, otherwise the spammers would have died out long ago.

Who wants to buy Windows XP or enlarge their penis so badly that they are clicking links in unsolicited emails? Whoever you are, please stop, for the good of all!

Re:Spammers fate

[Dunbal]

that it must actually be somewhat successful,

      Of course it's successful. Any biological system obeys a gaussian or normal distribution. This includes patterns of behaviour in a population. There is always a bunch of people on the edge of this curve who will buy anything. The gullible, the impulsive, the mentally handicapped, the bipolars in their manic phase. If you spam enough people, you will hit enough of this extreme population to make a "business" out of it. What sucks is that the entire rest of the population who are not at all interested in the "product" will also have been spammed at this point.

      But the spammers don't care, all they want is cash. I wouldn't be able to live with myself knowing I did this for a living, but the spammers obviously have no problem with it.

      If the spammers were smart they would have a list of gullible people by now and target their population more intensly, to save on effort. You might as well bleed em dry, right?

Re:Spammers fate

[robogun]

But the spammers don't care, all they want is cash.

It's more than that. Everybody wants cash. But spammers are psychopaths who see themselves as more valuable than all other humanity put together, and do not care if the $1000 they earn by spamming actually costs others $1,000,000.

The world is much better off if they were locked up permanently or dead.

Similarly, any company which hires such people is probably also better off missing.

Re:Spammers fate

[Dunbal]

I don't know where you got, "Any biological system obeys a gaussian or normal distribution.

Med school, biostatistics and epidemiology classes and years of experience dealing with biological systems like "human beings"? There may be a few exceptions, but as generalities go, it's a pretty fair statement. We are all somewhere on the Gauss curve. Most of us are in the middle.

In fact, central tendency is so strong we even look for it instinctively. Why do you think th

Re:Spammers fate

[Yocto Yotta]

LOL, yes as we all know that Windows XP is only part of the cure for a midlife crisis and/or idiocy. "I love Windows, but it makes my penis look small. Ooh look, an e-mail just for me? How'd they know what I needed? This interweb is amazing!"

Re:Spammers fate

[m2bord]

most marketing companies don't believe that there is such a thing as ethics and any method used to deliver your message is good so long as the ends justifies the means...ie..the message gets delivered.

spammers know how to deliver messages and are thus very hireable. plus...while we know who these vermin are...and the marketing companies/employers know who they are...john q. public doesn't know.

so what preventative is there to not hiring spammers?

and don't get me wrong...i detest spammers and report/fight th

Re:Spammers fate

[pete6677]

Most employers wouldn't think twice about hiring spammers. Why would they care?

Because somebody who has as little morals and ethics as spammers do will extend their beliefs into other aspects of life. A spammer wouldn't think twice about stealing from their employer if they think they wouldn't get caught. A spammer wouldn't hesitate to get the company in trouble over some shady deal if it means personal profit for them. When you hire a spammer, you can guarantee some sort of damage will be done due to thi

Re:Spammers fate

[budgenator]

In many jurisdictions it's not illegal to send unsolicited bulk email
WRONG, it's a violation of federal law, specificaly a violation of the federal anti-junk fax law, computers are capable of sending and recieving faxes, violators are subject to a $500.00 fine per message.

47 U.S.C. Section 227. Restrictions on Use of Telephone Equipment
(a) Definitions. As used in this section -
(2) The term ''telephone facsimile machine'' means equipment which has the capacity
(A) to transcribe text or images, or both, from

Excuse me...

[JonN]

Is it just me, or does anybody else think that these attempts might show some promise, but in the long end probably won't work. Basically this is the spamming world versus an organization which, in reality, uses spam right back to get the results they wish. Yes yes, I know you will all say they are using spam in the 'name of good' and all that, however, an organization without political ties will not be able to battle all those companies responsible for the spam in the first place. Until we see more governm

Re:Excuse me...

[hackstraw]

Is it just me, or does anybody else think that these attempts might show some promise, but in the long end probably won't work.

This may not work. I don't know.

The thing here is that there are basically 3 types of SPAM.

1) Annoying mails from a legitimate company that you may or may not have explicitly told them they could spam you, or you are just being punished for being their customer. The difference here is that they _DO_ comply with opting out.

2) Annoying mails from a semi-legitimate company that will

Re:Excuse me...

[C0deM0nkey]

Bad points...

Did you take a look at the Blue Security site and see how their technology works? The spammers are not getting spammed in return...the Blue Frog program essentially sends an automated "Opt Out" to the spammers; if they fail to respond and the recipient continues to receive mail from that spammer then Blue Frog submits complaints to the MERCHANT SITE.

I would hardly call any of this vigilantism. One spam - one opt-out request. Continue to ignore those requests? Complaint to the merchant payi

Re:Excuse me...

[Anne Thwacks]

Shame the web site doent make that a bit clearer. And also how to sign up for the service. It just tells you how to become a member, and explains that that is not how you sign up for the service.

Re:Excuse me...

[Tony Hoyle]

i used to send a newsletter to roughly 500 addresses, some of which were opt-in and some of which were scavenged by other methods. As the merchant, I always took the "take

So you're a spammer. End of conversation. FOAD.

Re:Excuse me...

[Dunbal]

Bad points: many times the wrong guys end up on the end of a short rope, no real legitimacy due to lack of law-enforcement sanctioning, retaliatory escalation of hostilities.

Good points: you thought long and hard about misbehaving in a town that had a reputation for hanging people on the spot, innocent or not. When everyone is wearing a gun, everyone is really polite all of a sudden.

The price we pay for not wanting to punish one innocent person is letting a certai

That's funny. I'm still getting spam.

[bigtallmofo]

I'm amazed at Blue Security's success. They've gotten a few spammers to shut down a few domains.

The odd thing is, I'm still receiving as much spam as I've always received. No matter how many tens of thousands of users they sign up for this process, I fear this is going to be a very small drop in a very large bucket.

Re:That's funny. I'm still getting spam.

[mixmasterjake]

You would only get a decrease in spam if you you've signed up for the blue security do-not-email registry.

I'm sure it has little/no effect yet, but if the community becomes large enough, spammers might decide that it's not worth the hastle to email blue security community. In which case they will run their lists againast the do-not-email. That is the idea anyway.

I don't know how many members this would take - or if the spammers will figure out some way to filter the responses first.

Re:That's funny. I'm still getting spam.

[ameline]

Of course I'm sure you don't find it at all ironic that you include spam in your very own signatture line, do you?

feh.

Blue Security

[kevin_conaway]

For those that don't know what Blue Security does, see this thread [slashdot.org].

Basically, they DDOS spammers websites in hopes that they will shut them down.

Re:Blue Security

[Phil246]

heh. slightly ironic that it gets posted to slashdot then isnt it :)
the /. effect > DDOS

Re:Blue Security

[interiot]

Slashdot isn't a DDOS. Legally, a DDOS requires intent to shut down a machine.

Which of these are legally actionable?

1) CmdrTaco: Millions of geeks! There's something cool over here.

2) CmdrTaco: Millions of geeks! Click on the link to this person we all dislike, maybe their machine will crawl to a halt.

3) CmdrTaco: Mean person I don't like (who has a puny webserver)! Pay me money or I'll send millions of geeks to your website to shut it down!

The first clearly doesn't have any legal problems (

Re:Blue Security

[Entropius]

How is Option #2 any different than the sit-ins done during the 1960's civil rights movement to businesses in Alabama?

Those are lauded in all of the history books as an application of peaceful economic pressure.

Re:Blue Security

[amliebsch]

How is Option #2 any different than the sit-ins done during the 1960's civil rights movement to businesses in Alabama?

Those are lauded in all of the history books as an application of peaceful economic pressure.

Peaceful, yes; lawful, no.

Re:Blue Security

[rcamera]

so upgrade your win98 box to 2000... what's the problem?

Good old detective work for a chance?

[teutonic_leech]

If I understand this correctly these guys are exposing the identities of spammers including how many people they exposed to their unwanted messages? That's an interesting approach, but might get thrown down in U.S. courts due to privacy regulations. Hey, don't kill the messenger ;-) I just know how the legal system works over here and I'm sure these guys will not roll over and head for the hills. My bet is that they'll pay some high class lawyers to keep their identity from being released. HOWEVER, with tha

Re:Good old detective work for a chance?

[teutonic_leech]

Well, looks like I was TOTALLY offroading - LOL > the previous posting showed up after I submitted mine. Now, considering their REAL approach, I'm actually surprised people didn't try this one before. On the other hand, I would be equally surprised if that would stem the tide of spam for very long.

Re:Good old detective work for a chance?

[ocbwilg]

It's amazing, isn't it? You're connected to the Internet, the world's single largest source of information on nearly every conceivable topic, and you couldn't be bothered to take 2 minutes to actually look up the topic being discussed before commenting on it.

Running out of hiding places

[Iriel]

I liked the mention of the domain registrar taking up a zero-tolerance policy after the spammer shut down their domain. I'm starting to think that with more people around the world getting online, more people around the world are getting sick of spam. This could help us eliminate some of those off-shore servers that spammers love to hide behind.

Give everyone in the world email for a week and then see all the government action we desperately crave ;)

Anti-Blue Frog

[JonN]

An interesting article over at TechNewsWorld [technewsworld.com] about how Blue Frog is not what we need in the battle against spam. "It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal."

Re:Anti-Blue Frog

[darkmayo]

Personally I think the "worst kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them. I dont think DDOSing some spammer pricks domain is that bad if you compare what could happen to these people.

Re:Anti-Blue Frog

[Quiet_Desperation]

Personally I think the "WORST kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them.

You misspelled "best".

Re:Anti-Blue Frog

[wohlford]

Puts a new meaning to the term "Feeling Blue."

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Anti-Blue Frog

[RealAlaskan]

Personally I think the "worst kind" of vigilante approach would be getting the spammers home addresses and savagely beating them... or killing them.

Isn't that spelled ``best''?

Seriously, the grandparent post refered to this as a DDOS. If the spammer sends me an email, he's certainly got no right to complain if he gets one back. If he gets enough back to shut down his website, well, he shouldn't have sent so much spam, should he? My understanding is that Blue Frog tries to send an unsubscribe message for every spammed address (their website is slashdotted)? If so, the spammers have already announced their willingness to get that message, and it is obviously legal.

Re:Anti-Blue Frog

[mr. methane]

Problem is, the one who likely gets stuck with the bill is some poor ISP who finds out a month later that the customer cancelled his credit card five minutes after opening the account. The spammer still gets his $50 for the three or four idiots who ordered some quack remedy.

The good news is that the big guys - yahoo, aol, etc., won't really feel the pinch - just the small shops that provide individual service.

Re:Anti-Blue Frog

[darkmayo]

I dont recall saying I advocate this type of action at all but considering people have been beaten or killed for less I could see this being something that may happen.

Spammers arent unreachable targets either ,they are surrounded at all times by security or bodyguards (well maybe a paranoid few are) they are average joes for the most part how hard would it be to stalk one of these people beat them down and get away with it.

Re:Anti-Blue Frog

[Dunbal]

LOL!

Stands to reason that you got modded Troll. I mean, what kind of person stands in front of an angry lynch mob and says "now now, don't you think a few hours of community service would be more appropriate?".

I understand your reasonable view. Killing someone for spam is not an alternative. But this is not the time or place.

(Grabs pitchfork and torch again and resumes up and down motion).

"Yeah, burn the spammers, burn e

Vigilante is preferrable to Ostrich

[SuperBanana]

"It's the worst kind of vigilante approach," said John Levine, a board member with the Coalition Against Unsolicited Commercial E-mail. "Deliberate attacks against people's Web sites are illegal."

How's the quote go? "Capitalism is terrible, but beats the alternatives"?

So we should ignore the fact that all previous solutions have failed, and users have become completely complacent with the advent of spam filtering software? (currently, antispam software is a spammer's best dream; he/she doesn't irritate

Re:Anti-Blue Frog

[Jim_Callahan]

One reply to a recieved spam is a deliberate attack now? I think that if you send out two billion e-mails, the only person making an attack on your web server is you.

Re:Anti-Blue Frog

[Seanasy]

TechNewsWorld? Ah, one of those ECT publications. They have such esteemed writers as Maureen O'Gara on their payroll. Their publications are barely news and frequently contain some form of troll or flamebait to get them posted on Slashdot.

If you thought ZDnet was crap, ECT makes them smell like roses.

The missing link

[erykjj]

Blue Security [bluesecurity.com]

domain names

[dotpavan]

look at the domain names, makes a good read..

asdlkjfea.com, alsfajega.com, aksdfaewl.com, hkassautdn.com, egmymaridjk.com, lhperdixnd.com, clthriftbf.com, bibiae.com, romisingfeasibility.com, betheuplift.com, fundamentalstojoy.com, dealandvaluematch.com, valueandassets.com, oursuperbiz.com, and best of them: truthfoundhere.com

maybe spamfoundhere.com?

Nibbling

[dal20402]

This is nibbling around the edges, but nothing else is possible, so we should keep doing it.

Sue/fine/arrest/jail spammers? They'll move abroad where we can't find them.

Get a legal framework that will be enforced in all the countries connected to the Internet? Good fscking luck.

System Requirements?

[Grimster]

I just hit the "join beta" link and didn't fill out the form, on the page you signup I see:

System Requirement

Windows 2000/2003/XP

Ok so I'm out, last windows I read email on was Win95 or maybe Win98, some bullshit virus or another screwed me over, I ain't "done email" on Windows of any type since. Oddly enough, I haven't had any viruses, spyware, adware, or malware since then either.

So while I applaud efforts to reduce spam, efforts that requre Windows seems silly at best and are efforts I can't join in on. Even my wife no longer reads email on Windows, the last time her Windows PC slowed to a crawl due to spyware instead of spending 3 or 4 hours googling for the latest cleaners and finding out what new and not at all entertaining spyware she had, I said "fuck this' gave her my new and as yet unpacked Mac Mini and she hasn't had any spyware problems since. Ripped her PC apart and installed Linux on it to replace my laptop as my main "work" pc.

Re:System Requirements?

[deft]

You should maybe install an anti virus and spyware program. They work great... I've never had a virus or spyware on this win2000 box.

Sounds like you had bad habits to get all that stuff... and when the virus writers get interested in LINUX if it ever gets popular, you'll be back in the same boat.

Re:System Requirements?

[Idealius]

You can't criticize a "consumer"-level person for something millions of users "can't help", either.

An analogy: One who criticizes people for not maintaining their car beyond the most simple fixes such as changing your oil, even though it's commonly accepted by most of society that an individual should get a significantly important car part professionally replaced or fixed by a friend/relative who does it as a main job/hobby.

Computers are just so abstract a large population that requires them for some purpo

Re:System Requirements?

[Grimster]

Yes getting infected because you just got sent the latest virus that isn't even IN the datafiles yet, and infects your PC simply by having the "preview pane" enabled is being such an incompetant operator, you are SO right. Please excuse my utter incompetance.

When I can get infected simply by RECIEVING an email and not even reading the damned thing or opening an attachment or anything, is the day I quit using Linux too. I don't really think that day is coming.

My wife I believe mostly got infected with spyw

Foot, meet bullet

[Tackhead]

> An interesting update from Blue Security, the group that introduces the Blue Frog initiative to fight spam, claims that during the past few days at least one spammer had frequently deleted domains he owned as a result of their system. In another update in their blog they report they have already recruited over 21,000 users. It's about time spammers start feeling the heat! I'm just surprised they show results so soon."

An interesting update from Spammers-R-Us, Inc [...] In another update in their blog, they report they have already gotten over 21,000 Slashdotters to hit the Blue Frog site. It's about time spamfighters started feeling the heat! I'm just surprised they show the results within 20 posts on the thread!

- with apologies to the original article poster :)

A better idea

[Quiet_Desperation]

I propose the Blue Steel program where spammers are hunted down like animals. Sponsored by Colt. Successful hunters will be allowed to mount the heads on their walls.

Re:A better idea

[The-Bus]

Blue Steel? That will probably be just like Le Tigre, Ferrari, and Magnum. It's all one program! Doesn't anyone else see this? I feel like I'm taking crazy pills.

Re:A better idea

[IsoRashi]

Haha, wish I had mod points for you :) I was thinking of the same thing

Litigate against all the spammers.

[www.sorehands.com]

Microsoft received $7M from Richter, but what about all the other spam victims of Richter. There still is over $45M in proofs of claims against Snotty.

If even .1% of spam spam victims sued Snotty for the spam that he sent, he would be out of money.

One large spam suit usually does not take out a spammer, but 1000 or 10,000 smaller suits will.

Re:Litigate against all the spammers.

[Zarquil]

If only .1% of people respond to spam, they can make millions.

If only .1% of spam vicims sue a spammer, they can make millions.

Sounds to me like there's a lot of money to be made on the margins. There's a whole bunch of collateral damage going on that's costing us a lot more than the millions on the margins, though..

Poor solution

[gr8_phk]

This solution to spam is one that could at best reach an equilibrium with less spam but still plenty around. If people have to DDOS the spammers to make the problem go away, then it will never go away. If it did, people would stop being prepared to DDOS them and the problem will come back. This is not likely to be cyclical, but rather reach an equilibrium. It also doesn't account for zombies sending spam - unless you DDOS the sites that are advertised, and that's got another whole set of legal issues.

IMHO

How about a real solution? was(Re:Poor solution)

[slashname3]

So how about picking a real solution then?

Sender pays won't work, if there are any loop holes allowing some users to send free of cost the spammers will find a way to use the loop hole. (to say nothing of the exemption that would be applied to goverment offices and congress critters, charities etc.) Imposing such fees would end the Internet as a relatively efficient means to exchange ideas and information.

DDOSing the web sites that sell the crap pushed in spam while some what satisfying is as you po

Make them run using Postfix?

[xiando]

smtpd_sender_restrictions = reject_unknown_address
smtpd_recipient_restrictions =
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_non_fqdn_recipient,
reject_unknown_sender_domain,
reject_unknown_recipient_domain,
reject_unauth_pipelining,
permit_mynetworks,
reject_unauth_destination,
reject_rbl_client ombie.dnsbl.sorbs.net,
reject_rbl_client relays.ordb.org,
reject_rbl_client opm.blitzed.org,
reject_rbl_client list.dsbl.org,
reject_rbl_client sbl.spamhaus.org,
permit

We are also using SpamAssassinn / razor / clamav using amavisd-new. The main mail account used for everything from clients webmaster@ mail to contact@ are getting numerous spam daily, yet only three or perhaps four a month get delivered... and those are added to our body_checks.txt which is publicly available for download [linuxreviews.org] by anyone, including spammers who I have a feeling makes spammers think twice and clean us off their list when they find themselves listed there using search engines etc.

This gives me an idea...

[Locke2005]

Just as a proof of concept, would somebody please start sending out millions of "fake" spam messages, all with links to every one of SCO's web pages? Thanks!

Kill profits by consuming resources

[G4from128k]

Blue Frog is effective because it consumes spammer's resources -- it raises the costs of being a spammer. Spam filtering does not reduce spammer's profits in that the same people that filter spam were never likely to visit the spam site and purchase. Filtering doesn't change spammer's revenues or costs.

In contrast, a bot that visits a spammer's site consumes the spammer's valuable resources in far greater amounts that is consumed by the original spam e-mail (spam emails often being under 10kB and sent via low-cost zombies vs. 50kB or 100kB for most web pages begin hosted on the spammer's e-commerce site).

Re:Kill profits by consuming resources

[sploxx]

I think so, too.
And, as far as I can see, the most important resource consumed is the spammer's time to sort the replies to his/her which MAY BE LEGITIMATE.

Doesn't sound that familiar?

Maybe spammers will use some modified version of spamassassin to filter for replies to their spam :-)

Junk faxers, too!

[NineNine]

See my sig!

Actually, since I started using my sig, I've called these particular junk faxers back to see if they're feeling the heat, and one exasperated woman told me that they were! Keep up the good work Slashdotters! If we do the same thing to spammers (using something like SpamVampire), we will eventually have the same effect of hitting them where it hurts: their wallets.

Here's my idea

[British]

Have a program recreate an image using hotlinked images downloaded from spammer sites, reduced to 1x1 images.

Sure, it will take 20 miuntes for an image to show, but think of the fun! Mosaic time!

Wait, was that already done?

False "Results"

[Caveman Og]

Spammers change domains the way normal people change underware. The fact that within a few days of Blue Security sending their malcious complaints to a spammer's website (which is set up on a throw-away account at a Chinese ISP, registered through a reseller for one of the minor registrars, who will, in three days, cancel the domain registration ANYWAY), is not evidence of ANYTHING.

Correlation is not causation!

Spammers have been rotating through domain names for years now. You can watch it on a week-by-week basis, as a whole series of domains with the same nameservers takes responses for the same spam months on end. Even when the spammers change nameservice, they tend to do it in predictable ways.

In one week's time Blue Security has manages to slightly ruffle the feathers of a total of THREE distinct spam operations. Big whoop.

Re:what do they do?

[sumdumass]

They flood the spammer with spam. Spam ikn this case complaints from people supposedly recieving the spam.

The hope is to riase thier b andwidth bill so it isn't as profitable as well as flood thier operations with stuff they know have to filter thur to be productive. It is basicaly giving them a dose of thier own medicine

Re:what do they do?

[BlogPope]

The hope is to riase thier bandwidth bill so it isn't as profitable as well as flood thier operations with stuff they know have to filter thur to be productive. It is basicaly giving them a dose of thier own medicine

Except that the "reply-to" address could easily be bogus, route responses to /dev/null, etc. route to someone they don't like. I really hope this is not what they are doing.

Re:what do they do?

[ResQuad]

I hope not also. I once (several times) had spammers send email from my domain (faked obviously). I didnt recive any complaints, but I did recive hundreds of bounced message notifications - and let me tell you thats REALLY FREAKIN ANNOYING.

Re:what do they do?

[CDarklock]

Blue Frog essentially responds to spam with complaints. So spammer X sends fifty thousand spam mail messages to Blue Frog users, and he gets fifty thousand complaints back. It's an eye-for-an-eye technique done properly: one spam, one complaint.

I see this as having two major effects. First, it keeps the spam away from you. Second, it informs the spammer that nobody read his spam. Spammers *depend* on human beings reading their spam. As long as nobody reads it, nobody buys.

Spammers could care less...

[Marnhinn]

Spammers could care less about the responses they get to their emails that are junk.

If 1 in a million buys something - it is worth it for them. Even if you do succeed in DDOSing one spammer out of action - it is only temporary. The spammer will simply buy a new domain.

If people really wanted to stop spam, they would complain about / to the companies that advertise in such a way. No company wants to be associated with spam. Sending thousands of emails to the company would be much more effective, especial

Re:

[account_deleted]

Comment removed based on user account deletion

Re:what do they do?

[Tim C]

There is a finite amount of bandwidth available. Spam is increasing year on year; if all spam received a reply under a scheme such as this, you are doubling the amount of bandwidth lost to spam.

It's a waste; it's debatable that schemes such as this have any effect whatsoever beyond increasing the amount of bandwidth lost to junk.

Sure, take action, fight back, whatever - but do it in a way that doesn't harm the Internet for all users.

Re:what do they do?

[L. VeGas]

What does this blue frog inituative do thats so magical to get rid of spammers.

You really don't know? Geneticists have engineered a breed of frogs that subsist entirely on Spam. An interesting side effect is their attractive blue coloration.

Re:what do they do?

[shawnmchorse]

I actually sat through a Flash animation because I was wondering what the heck they did. And... I still don't know.

Re:what do they do?

[Fordiman]

Almost. The process works as such:

For each e-mail address you regiester with Blue Frog, they create a honey pot account and seed the internet with it.

Each spam that honey pot gets is entered into a database, based on links contained, ip address sourced from, etc.

Humans look over the databased data, using it to find out who the source of common spams are (not the spammer, but the company who hired them).

Then, for each spam from that company found in a honey pot, a complaint is programmatically sent from the BlueFrog software that sits on the honey pot owner's client computer.

Essentially, it's a set of software that allows you to complain about spam in an organized way without actually having to do the investigation, etc yourself. Further, since it keeps all information to just the honey pots' data, if the spamming company decided that your complaint is evidence that you want more spam, they get complained against further. The more users that are members of the Blue Community, the more damaging this is to the offending company.

Spamming is cheap, and virtually without risk. Essentially, this is a legal way to shift reality so that it's more risky to pay a spammer for your advertising.

Yes it's legal. No, it's not spamming the spammers. They only get one complaint per spam recieved. You'd do it yourself, given the time to do so. Meanwhile, you've explicitly installed a piece of software to do it for you. If that breaks their server, well they probably shouldn't be sending so much goddamn spam.

Re:So what is spam?

[Drooling Iguana]

It's lubricated!

Re:Russian spammers fate

[Concerned Onlooker]

He wasn't killed because he was a spammer. He was killed because he was doing business with sociopaths. The spamming thing was just a side note.

Re:Russian spammers fate

[Ilikeions]

Whot about the bloke in Russia who got 'blown away' with a gun for excess spamming?

Vardan Kushnir was beaten to death as the result of a botched robbery. That he was a prolific spammer was incidental.

From InformationWeek:

According to the Kommersant, a Moscow newspaper, police said Kushnir met three women in a club, and invited them to his apartment. The women then spiked his drink, but when Kushnir woke up to find the women's accomplices taking credit cards, a laptop, money, and other items, he w

Re:Russian spammers fate

[Dunbal]

Only in Russia do they beat you to death with a gun...

Re:Russian spammers fate

[Andrewkov]

Bullets cost money, ya know!

And I won't even attempt a lame "In Soviet Russia" joke. :-)

Re:You Only Think You're Winning

[Dunbal]

If the truth be told, there are far more people who are responsive to spam than there are people who dislike it.

Say what? Which planet is this information from?

The sales figures for the businesses we serve prove this.

How do you get this information, exactly? By comparing the number of sales to the number of times people click on the useless, "sign me up for more spam" unsubscribe link?

important commerce

Yes I understand that "h3R|34L v1aGr4",

Re:You Only Think You're Winning

[Dunbal]

I believe trolls just dislike the sun,

      I dunno, the trolls in "The Hobbit" seemed to die with sunlight... :)

Re:You Only Think You're Winning

[Jeremiah Cornelius]

From: Pamela Manning [kgbjenx@fsf.com.au]
Sent: Tue 2/8/2005 3:49 PM
To: T4$
Cc:
Subject: Does your son suffer from your chronic Impotence
Attachments:

Your heartbeat are like mine

V.I'o'X.X 25 m,g 3o PILlS 72.50

V.1,A.G.R'A 1oo m'g 32 PiL|S 149.o0

C.1.A'L*1.S 2O m*g 10 P1lLS 79.00

0.r.d.e.r quickly :
http://pont.newyorkmedz.com/?wid=209015 [newyorkmedz.com] ! Same Day Sh1pp1ng !

We Also have in St0ck:

X*A'N.A,X 1 m*g 3O P!|LS 79.Oo

P.R*0.Z.A.C 2O

Re:First Prime Factorization Post

[eno2001]

Obligatory CUBE [cubethemovie.com] Reference: "Ass-tro-nomical" ;P

Re:Simple solution....

[BrK]

Great, so then we can all DDoS coke.com because we like Pepsi better, right?

Or do you think someone should take the time to read/validate/investigate these complaints? If so, by the time some human slogs through all the complaints the spammer would probably have moved on.

Interesting idea, but rather unfeasible (IMO).

Re:Don't give it out...

[SCHecklerX]

well, you must not have many online safe-computing-challenged friends then. Most of my spam is the result of my address being in a friend's address book when they get hit by a worm/virus/trojan.

I also run mail lists, which adds to this problem

But running my own server with mimedefang + spamassassin makes life somewhat like it was pre-1994.

Re:Don't give it out...

[HermanAB]

Yeah well, you are only considering your personal problem. If you own a domain, then that domain is subject to dictionery attacks. I receive hundreds of thousands of crap messages each day addressed to my domains. Only a handful of those have valid addresses. Also, if you run a business, then you have to have easily accessible addresses such as sales@, info@, hr@ and so on. Keeping crap out of those addresses is a huge problem. My mail server rejects up to 64000 crap messages per hour - probably becau