Meet the Spammers

DaveAtFraud writes: "It took a little digging to find an on-line copy of this article that I first saw in my treeware daily newspaper. Thanks to the Salt Lake City Tribune for having it on-line. According to the Spamhaus project, a handful of people are responsible for 90% of the spam that clogs you in box. This is your chace to hear from them and what they have to say is quite interesting. If you don't think the filters and blacklists work, one spammer whines, "My operating costs have gone up 1,000 percent this year, just so I can figure out how to get around all these filters." Stopping spam is simply a matter of economics. When its uneconomical to send spam, people will stop sending it."

There ought to be a law...

[Zathrus]

On one matter, however, spammers and their nemeses agree: the United States needs a federal spam law

The article claims this... and yet we see big spam houses fighting anti-spam laws left and right everytime they're proposed in the legislature for a state. And I seriously doubt they comply with the current anti-spam laws in the few states that have them -- since all they have is an email address and no state of residence information.

Frankly, I'm for a reasonable anti-spam law (one similar to the junk fax law, which has worked well). Obviously it's not as clear cut as junk faxes -- with them you can find out who sent you the junk. Spammers routinely obfusacate their information as mentioned in the article. I'm tired of the amount of spam I get, and unless you run your own mail server (something not viable for the vast majority of the Internet populace, and not even viable for the majority of the geeks) there's no way to block it.

Not that blocking really helps -- the bandwidth has already been consumed. The only thing blocking does is automagically delete it for you. I'd like the bandwidth back personally.

Re:And yet...

[jmv]

This has probably been said before, but why are we getting pissed off at spammers? It's the companies we need to "educate" as to the evils of unsolicited e-mail.

Not exactly. You won't see well established companies sending spam (ever received spam from IBM?). Spam is most of the times for fraudulent/make money quick products. If 1/10000 people fall for it these companies still make a profit and they don't care if they piss off the other 99.99% since they wouldn't be buying anyway.

Spammers fight back

[MeNeXT]

It's funny that this came up today but I guess it's starting to hurt spammers and they are starting to fight back.

Yesterday I received a funny email that one of my clients was spamming. This email seemed to come from spamcop.net. What was starnge it was close to but not exeactly the warning typically sent by spamcop. So I sent them an email and here is the reply:

Spamcop spam is forged

Starting appoximately 12 noon EST 06 Aug 2002, spam purporting to be from spamcop (abuse@julianhaight.com) began being sent in an attempt to 'get spamcop in trouble'. This is a standard spammer tactic (joe job).

These messages were not sent by spamcop, and the claims made in them are false. Please disregard the email and/or block the originating IP address - 206.161.21.66 (cais.net). This IP has been blocked by SpamCop's blacklist since June. It appears cais.net is not responsive to complaints - their phone number (877-427-3368) leads to a computerized system with no attendant. It *may* be safe to block all of cais netspace: 206.161/16.

Please do not block mail from julianhaight.com or spamcop.net. If you cannot block by IP address, it is safe to block the origin email addresses, ( 'abuse@julianhaight.com', 'webmaster@julianhaight.com', 'webmaster@spamcop.net', 'abuse@spamcop.net') as no legitimate mail should be sent from these.

If you would like to contact someone at spamcop about this, you can send email to deputies@admin.spamcop.net. But please refrain from doing so. We are aware of the problem, and we are doing what we can to limit the damage. Unfortunately, since we're not responsible for sending it, there is little we can do to stop it.

More information on this career spammer is available from spamhaus.org

- SpamCop mgmt.

As you can see at least one spammer seems to be fighting back. You can also fing this on the web at http://www.julianhaight.com/forgery.shtml (I did not link directly to the site for obvious reasons. Maybe I should not even put this up?)

Mabey we should teach them a lesson and start refusing any connection from those IPs....

A bunch of dictators

[SystematicPsycho]

So because a couple of ppl want to achieve some stupid getrichquick goal the rest of the world has to suffer, sounds like a dictatorship almost. Other than world wars and epidemics has there been an event where so many ppl have been effected because of so few ppl?

It also seems that the way the spammers are making money is by selling a few cds with millions of email addresses which multiplies the problem.

Re:Economic

[SmallFurryCreature]

Wrong. The drug market and stealing exist because people buy drugs and stolen goods. Spammers would die out the moment people stopped responding to it. But as they themselve say, they only need 1 in a 1000 and we all know the percentage of idiots on the net is a lot higher.

So it should be

Die idiots die!

a web-marketing company came to me...

[kipple]

...and, among other (really) interesting services (plus a detailed analysis of a proposal website), slightly proposed me to start a 'marketing campaign'.

what they 'said' (they make me understand the concept, but they never explicitly said it) was something like:

"We could send information about your company to users that could potentially be interested in your product, using some lists of e-mail addresses..."

And they asked for a price. Which wasn't that big.

So here is how spammers get paid: by convincing marketers that spam "might" be poiting customer attention to a website/product. And marketers go trying to convince CEOs and those who buy their services.

After all, spammers gets a little amount of money: why not try that, if it will cost you only few hundred bucks? from a company point of view, that's nothing.

And here the spammers get more and more money.

What I think would be needed is an article on some business-oriented magazine (say, the Economist, the Harvard Business Review, the Wall Street Journal) that explicitly *tells* CEOs and other managers WHY AVOIDING SPAM MAKES YOU SAVE MONEY (sound like a spam mail, doesn't it? :) ) or something like that.

Like talking to them with their own language. No need to talk about bandwidth, e-mail, filtering, regexp. Just concepts.

Is anyone willing to help me write such an article? maybe someone with connections in such business-oriented newspapers...

Re:I feel so sorry for this guy

[Bonker]

Another telling quote:

Relentless anti-spam vigilantes have hounded the 35-year-old head of Empire Towers Inc., plastering Cowles' home address and phone number all over the Web. Spam recipients call to tell Cowles how they feel.

"These people will go to the lowest depths," said Cowles, of Bowling Green, Ohio. "I have some phone clips that would make you sick."

Ahem...

You want to talk about going to the 'lowest depths'?

Tom Cowles - a personal encounter

[1015]

This poor "ethikul buznizman" Tom Cowles send out several thousands of spam mails with forged senders - generated names from our domain. We are a small company of 6 people - he generated several hundred bogus names for "sender". (No, the mails were not sent using our domain - they were sent from some open proxy in asia).

On some of the worst days, we got well over 1.000 (one thousand) bounces!!! (that is: spam that *did not* go through to the recipient). So, his frickin spam did cost *us* money, plus reputation - because all the hatemail that bastard complains about went to *us* not to his sorry ass (like a 1mb hires jpeg with a "fuck you spammer" message - great, we didn't send that out, thank you very much).

And, being in europe there is hardly much I can do against a US spammer.

Luckily, after three weeks he stopped (he is probably misusing some other small companys name right now). I really hope this guy gets shut down for good. (There is hope - he is on criminal trial says' his "stalkers" website:

http://www.toledocybercafe.com/ivtg/

The next step?

[Pig Hogger]

What could be the next step?

Worm spamming. An outlook worm, which spams: it would connect to a website, get it's "instruction" (spam messages), then send itself along with the spam messages, to your outlook address list.

Now, which filter will be able to trap that, as it will always go to and come from legit addresses???

Scary.

UUNet/WorldCom Still At It After 5 Years

[Dr.Hair]

Gee... It's been almost 5 years to the day since the UDP of UUNet [sputum.com] was cancelled. They are spamhaus' top hosting site for the spam gangs now. They have a history of writing pink sheet contracts with spammers because they can leverage their peering contracts to make outgoing spam profitable for them. Of course they will ignore the community's complaints, like most 800 pound gorilla's do. And they are known to employ their legal team to harrass [sputum.com] those who wish to shame them in public.

Re:Excellent news!

[Jeppe Salvesen]

Hmm. This brings another very evil thing you can do with email addresses. Poison the spammers' databases with illegit someone@whitehouse.gov addresses. Watch the white house mail server crumble - and the spammers being attacked by the white house for conducting a terrorist attack!

Not true

[oniony]

> When its uneconomical to send spam, people will
> stop sending it

This is not true. As the rate of spam drops, the response rate to the spam that does get through rises, as does its value. So basically, adding filters makes it economical to send spam to the few market survivors who will be able cover their costs and make a profit on the amount they charge their clients.

Next Level

[ratboy666]

The next level in anti-spam measures is to actually IGNORE them. Use "active" countermeasures... I am working on a front-end for email that requires an active response to any unknown email. And, while the email is coming in, the server waits 9 minutes between lines. If the new email is longer than a cut-off, and the sender isn't known, it accepts the rest. The idea is to tie up a port on the spammer (or forwarder) for as long as feasible. Email return addresses are checked, and if not valid, immediately deleted. And, as a last precaution, if there are any http: tags in the email, the address is checked, and if its numeric, the email is discarded. End of story. From then on out I ignore the spammers. I just don't see any, AND (as another benefit), I automatically hurt the spammers (having the port tied up). Also, I have a little GUI gizmo that shows me when UCE is coming in, and records the SMTP IP address. Since my server is running very slowly, I can actually catch them "in the act", and, if desired, start hacking on their box. What fun!

What we need is software like this. (Don't ask, mine isn't ready for release, and I don't code "collaboratively" -- I do it for my own amusement).

Ratboy.

How to really get rid of spam

[holviala]

A month ago I got around 100 spams per day, every day. Now I get nothing. Haven't gotten one since I changed my filters around. I dumped the idea of using a blacklist filter and took the approach that firewalls take: assume that everything is evil and only let the good stuff in.

So now I have a whitelist with addresses of my friends, co-workers and the mailing lists that I have subscribed to. Those emails will get to my Inbox directly - the rest will get filed to a spam folder and an autoreply is sent to the sender telling them how to get through the filter. This requires the sender to read the autoreply and do what it says.

It works.

Time for some blatant self-promotion: my .procmailrc can be found from here [holviala.com].

Re:This is *why* we need laws!

[WEFUNK]

We certainly need laws, but I don't know how they're going to discourage the kind of people who think they can make money by sending spam filled with blatent spelling mistakes, that often makes no logical sense, and sometimes doesn't even have a means of actually responding to it.

To really attack the issue, I think we need to first stop labelling everyone involved as a "spammer" when there appears to be a hierarchy of culprits, including:

1. The ISP that provides refuge for spammers.
2. The spam enablers that provide the software, lists, and sometimes mailing services.
3. The spammer who may be an independent jerk, or who may be misled and effectively taken advantage of and pimped out by a #2 organization.
4. The people who actually buy their products.

Most spammers (#3) are just idiots that will probably keep on trying regardless of whether they ever make money, and there's a new one born every minute. It's #2, the spam enablers (or spam pimps, perhaps?), who should be the most vilified and attacked. They're the ones making money off of spam regardless of whether anyone actually buys it or make money and they present much larger targets. With empty promises of wealth, they take advantage of the idiots who make up #3 by taking their money in return for mailing lists and sometimes actually sending out the spam. Many of these "clients" are probably people with legitimate and sometimes severe mental health problems (hence non-commercial spam about aliens and time travel) who might never be diswayed by legal means without eliminating the means.

Like prostituition, strong laws should be made against this kind of pimping activity (spimping?), both directly, and at the ISP (#1) level. Also, maybe an ISO 9000 type practices and auditing standard for ISPs can be developed and widely publicized. This might require that an AUP include certain anti-spam requirements, and/or that the ISP takes responsibility for bulk mailing. ISP's might be encouraged or even forced to restrict bulk mailing to lists that can be independently confirmed to be opt-in and/or have a verified individual who will sign-off to that effect (under penalty of law), and to label all bulk mail with a certain identifier etc.

Re:Spammers are middlemen

[siskbc]

They are, indeed. But as the article points out, there are hundreds (thousands?) of companies hiring a relative few spammers - probably less than 100 egregious offenders. It may be preferable to hit the company, kind of like you'd rather get the mob boss than the hit man, but in this case the numbers are reversed - if there were only 5 hitmen in NYC, what would you do if you were the cops? Also, spammers often lie to companies. They say they have opt-in lists - they don't. They say they have their own servers - they don't. I think most companies hiring these guys don't want to see a bunch of foreign open relays on their mail headers, but it happens. I think a lot of companies probably turn a blind eye, but some are just clueless. Ultimately, you can't prove what the company knew. But the actions of the spammer are clear. You have to hit him.

Re:I think...

[Junta]

No, there is a difference. Sure people can post signs, they can put up websites, they can do all sorts of things, but forcing the issue down the end-users throats through a medium in which the recipient may be paying just to receive it. Spamming is for a number of people the equivalent of having a telemarketer call you collect and the receiver having no choice to decline (this is illegal, of course).

But it doesn't stop there. It is bad enough that end users are abused in this fashion, but the distribution channels for the spam is just exceptionally bad. It is one thing if they had to foot the bill for mail servers and associated bandwidth, but instead they are scanning for open relays to *exploit* for their mail capacity and bandwidth usage. I was called in by one company with mediocre IT infrastructure, enough to be dangerous. They called saying that over the last few days mail through their server was taking hours to get anywhere, if it got anywhere at all. Well I go in and find it is an open relay, and the thing had 400,000 queued messages, among which there where about 350 legitimate messages to retrieve. I closed the exploit, and eventually recovered the messages of interest for them, but they lost a lot of time because of it and their bandwidth charges were really high because of it. Spammer's are doing wrong and they know it, why else hide behind other companies resources?

free enterprise?? With a price...

[josepha48]

This guy is a butt head!

He uses other peoples systems to spread his crap. He forgets that all this spam clutters up many mail servers and screws people who have to pay for their time on line.

Legally speaking, sending a 7-year-old an e-mail advertising hardcore pornography might be a nuisance, but it's not a crime, said Timothy Healy, chief of the FBI's Internet Fraud Complaint Center, based in Fairmont, W.Va. "There's not much we can do," he said.

This is not a crime, but talking to a 7 year old on line is? Hmm to me this would be one step away from pedophilia(did I spell that right?). What is the difference is you unknowningly send a 7 year old an email that has a URL to a porn site and says things like watch 2 girls do f***, or see cindy take it up the a**, and pedophilia?

Personally if I was their ISP I'd ban them from using my service. I know some ISP's do that. Maybe what we need is a list and take this list to the ISP and get them to ban these people from getting online. No service to spamers is a policy that some already have, if there was a list of people (maybe what is on the .org website that I can't get to right now) then we'd have less spam.

I'm not sure about the rest of /. but I am tired of my mailbox filling up with spam. I do like my new filters though, much of it goes straight to the trash. I still wish my ISP would let me set up my own personal filter rules on their system. Just for my own mailbox, so that I could delete some of these spam messages like the ones that have korean character sets that automaticly go to my trash on my local machine. This would actually cut my spam downloads by about 70%.

Hit them where it (financially) hurts.

[Talinom]

A concerted effort seems to be required to stem the unending tide of spam. As one poster previously stated, making it unattractive to send spam would help a lot.

What would happen if people did the following:
1) We went to every advertised site sent to us by a piece of spam to give them a nice dose of the slashdot effect. I'm sure that their ISP would slam them with increased bandwidth charges incurred by this level of activity.
2) While you are there study what their product is and give their customer service department a letter stating what you liked about their product or service and what you didn't like about their product or service. Then tell them that you recieved a piece of spam and have effectively put them on a blacklist and will never purchase from them. Ever.
3) Find the home state of the advertised site and submitted complaints to the State Attorney General for their behavior. If your state has anti-spam laws show them how they violated them (I live in Washington) and ask them how to get your $500 per unsolicited e-mail. If the SAG got overwhelmed by complaints they might do something about it.
4) This is unethical (like spam isn't IMHO) and illegal (like spam isn't IMHO) but hack the site into oblivion. Backdoor the place and use it for a DOS on the spam generating sites.

Not that anyone will actually DO this, but I am thinking about doing this for my hotmail account. If someone hits my home account I DO some of the above items. A typical e-mail looks like this:


To the SysAdmin at phat.co.nz:
Your server may have been hacked or spoofed. Here is the information.

To the SysAdmin at freelance.docspages.com:
You are having unsolicited e-mail for your server being sent out.

------- FORWARD, Original message follows -------

Date: Thursday, 25-Jul-02 09:54 AM

From: postmaster@myisp.com \ Internet: (postmaster@myisp.com)
To: talinom \ Internet: (talinom@myisp.com)

Subject: Delivery failure (philmoss@phat.co.nz)

--103578/1720/1027616055/MailSite/mail.myisp.com Content-Type: text/plain

Your message has encountered delivery problems to the following recipient(s):

philmoss@phat.co.nz
Delivery failed
550 : Recipient address rejected: This user does not have an account here (MTA:imta10)


No recipients were successfully delivered to.



--103578/1720/1027616055/MailSite/mail.myisp.com
Content-Type: message/delivery-status
Content-Disposition: attachment; filename="DSN3D402D35.txt"

Reporting-MTA: dns; mail.myisp.com Arrival-Date: Thu, 25 Jul 2002 09:54:13 -0700

Final-Recipient: rfc822; philmoss@phat.co.nz
Action: failed
Status: 5.0.0 (Permanent failure - no additional status information available)
Remote-MTA: dns; sitemail.everyone.net
Diagnostic-Code: smtp; 550 : Recipient address rejected: This user does not have an account here (MTA:imta10)

--103578/1720/1027616055/MailSite/mail.myisp.com Content-Type: message/rfc822

Received: from [216.58.208.124] (unverified [216.58.208.124]) by mail.myisp.com
(Rockliffe SMTPRA 4.5.6) with SMTP id for ;
Thu, 25 Jul 2002 09:54:13 -0700
Message-ID:
To: Phil Moss
Subject: Re: hey!
Date: Thu, 25 Jul 02 09:57:42 -0500
From: talinom
X-Mailer: E-Mail Connection v2.5.02

-- [ From: talinom * EMC.Ver #2.5.02 ] --

I do not know how you acquired my e-mail address as I guard it very closely , however I am a member of Washington State and will use our anti-spam law:
http://search.leg.wa.gov/wslrcw/RCW%20%2019%20%20T ITLE/RCW%20%2019%20. 190%20%20CHAPTER/RCW%20%2019%20.190%20%20chapter.h tm
Chapter 19.190 RCW on http://search.leg.wa.gov/pub/textsearch/default.as p
to assist should this action be insufficient.

I would also like to be removed from any list of any related or subsidiary companies or organizations you may have associations with. I may require contacting some of the people listed below (information found courtesy of the Internet) should my request be unheeded.

I do not tolerate unsolicited e-mail and will prosecute them to the fullest extent of the law when I find the cause of the matter.

I apologize for my bluntness and rudeness in this matter, however I never requested that this e-mail be sent to me.



The information regarding the phat.co.nz domain is as follows:
registrar: Domainz
domain_name: phat.co.nz
domain_DateCreated: 12-Apr-2001 00:00:00
domain_DateLastModified: 19-Apr-2002 14:26:02
holder_name: Adam Jones
holder_contact: Adam Jones
holder_phone: 021 128 6780
holder_fax: .
holder_email: kraven@inspire.net.nz
holder_address: PO Box 12002, ., .
holder_addr_citycountry: PALMERSTON NORTH, NEW ZEALAND
technical_contact: InSPire Net Limited
technical_contact_phone: +64 6 357 8559
technical_contact_fax: +64 6 353 1154
technical_contact_email: domains@inspire.net.nz
technical_contact_address_line_1: PO Box 4387
technical_contact_address_line_2: Palmerston North
ns_name_1: ns2.inspire.net.nz
ns_ip_1: 203.79.89.3
ns_name_2: ns1.inspire.net.nz
ns_ip_2: 203.79.89.2

The information regarding freelance.docspages.com is: Administrative Contact:
NOC NOC
PO Box 11289

Zephyr Cove
NV US
89448
noc@ideaflood.com

Phone: 7755887862
Fax: 7755887823

Technical Contact:
NOC NOC
PO Box 11289

Zephyr Cove
NV US
89448
noc@ideaflood.com

Phone: 7755887862
Fax: 7755887823

Billing Contact:
NOC NOC
PO Box 11289

Zephyr Cove
NV US
89448
noc@ideaflood.com

Phone: 7755887862
Fax: 7755887823



-------- REPLY, Original message follows --------

Date: Thursday, 25-Jul-02 03:41 AM

From: Phil Moss \ Internet: (philmoss@phat.co.nz)
To: Kevin Moore \ Internet: (talinom@myisp.net)

Subject: hey!

Hi there,

How's it going?

If you need help with your last project (or have some free time and want to pick up some freelance work) check out http://freelance.docspages.com

Hope this info could be useful to you:-)

Sincerely,

Phil Moss







**This email is intended exclusively for the addressee(s) named above and may contain privileged and confidential information. If you are not (among) the intended recipient(s), you may not copy, utilize or distribute any of the information contained herein. If you have received this email in error, please notify us immediately via return email and delete the original from your mailbox. Thank you.

-------- REPLY, End of original message --------

Spammers, Read This!

[Guppy06]

FCC hands out record $5.4 million fine to junk faxer. [cnn.com]

It's only a matter of time before legislation similar to this gets passed by Congress targeting unsolicited e-mail advertisements (AP writes an article about the problems of spam, it's an election year... you do the math). Change your line of business soon, unless you want to see if you can break that record...