How to Become A Spammer

permeablepdx points to this story in The Oregonian about how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."

does this really require a readme.txt??

[Tuxinatorium]

all you need is a database of email addresses, a DSL connection, and a mass mailing program. You can send out a million spams an hour.

hmm

[revmoo]

What I find most interesting about this is that the article says that Sheils made over $1000 a week. That just amazes me that there are that many stupid people out there, that actually purchase products from UCE.

I mean, just on principle alone, I will never purchase something that I get spammed about, and I would think that most people feel the same way, so that just makes me wonder, who DOES buy this stuff? It's those people that are to blame for the continued onslaught of spam. If no one bought their stuff, they wouldn't waste their time(and ours) anymore

Just a thought

Re:spam & mail

[Golias]

He also doesn't seem to realize that he made his thousands by sending messages about penis enlargement to young children's e-mail boxes.

Furthermore, he doesn't seem to realize that Spam makes the entire infrastructure of the Internet more expensive.

I don't care if he got out of it because he couldn't stand the heat. Assholes like him, each getting into it for a year or two and then getting out, are what keeps the problem going. I would very much like to punch this guy in the throat.

maybe ?

[Anonymous Coward]

Duncan Shiels (support@mousehousestudios.com)
503.702.7466
FAX : none
#301 6663 SW Beaverton Hillsdale Hwy
Portland, OR 97225
US

Re:What is truly amazing

[datavortex]

The Computer Fraud and Abuse Act of 1986 covers exploitation of open relays. My company tested this in court against spammer Khan Smith, and we trounced his ass. Using an open relay to send mail is illegal in the states, provided the relay is also in this country. This ex-cop most certainly broke the law.

As usual, someone misread the article

[compwizrd]

How is a 41 year old man called a boy?

Weapons against Spammers:

[LaceHater]

Some useful links for reducing spam income:

For People with an *nix Account:

• Spamassassin [spamassassin.org] ruleset-based mail analizer. Detects spam quite well, especially if you enable access to Razor and Realtime-Blacklists. Newest release includes a bayesian filter.
• bogofilter [sourceforge.net] My favourite bayesian spam filter. Pro: Very good detection rates after training properly. Con: Needs to be trained.

For everybody

• Use Mozilla Mail [mozilla.org] The up-to-date Mozilla release includes a bayesian spam filter which can be easily trained by marking spam messages. Very good detection rate after resonable low training effort.
• Find your favourite bayesian filter here [miningco.com]

here are some

[ramzak2k]

http://www.email2success.com/?hop=gilly031.e2succe ss

http://www.spamfreedesign.com/

http://itsmyfranchise.com/sfop99/os.cgi

http://www.anconia.com/?r=1&s=email+advertising+ so ftware

http://www.allaccessmarketing.com/clients.htm

Some more by seaching on google where these scumbags advertise
http://www.google.ca/search?hl=en&ie=UT F-8&oe=UTF- 8&q=email+marketing&meta=

Re:In the article, it says...

[mutende]

whois defibworld.com says:

Duncan Shiels [mailto]
#301 6663 SW Beaverton Hillsdale Hwy
Portland, OR 97225
US
Tel.: 503.702.7466

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Early adopter or bad reporter?

[ipsuid]

Sorry, but you are wrong...

• The web was available to the general public prior to 1995. If it wasn't then I'm not sure what I was using while in high school!
• Netscape was not the first publically available web browser. You mention Mosaic, but assume that it was only available to academic institutions. It might have crashed every third image, but it was available.
• There were public ISPs well before 1993. In fact, one of my accounts from that time is still active (after 9 years of not being billed). The web was just as open as the rest of the net was at that time.

• Early adopter, sure... but definately not impossible.

Talk about fucked up facts!

[autopr0n]

And it was not until March 1995, that CERN handed over the control of the web to the WWW Consortium run by MIT and INRIA (France). It was only at this point that the Internet was first available for outside use by non-academics.

WTF!? The 'internet' was available for outside use long before that. Intel.com was registered in 1989. There are other uses of the internet besides 'the web'. Like, I donno, email... Also, before the web, people used things like IRC, email, gopher, telnet, ftp, and Usenet (around since the mid-80s).

and not only that, mosaic wasn't the first web browser, it was just the first 'good' one. HTML and hypertext had been around (but in limited use) since 1989.

I'm not saying that this guy isn't full of shit. I'm just saying that you are as well.

Re:You're cheaping out - CRAFT TIME!

[Anonymous Coward]

Dude that shit hasn't worked in over thirty years!!! Back in the mid to late sixties Abbie Hoffman, The Youth International Perty and other groups advocated what you are talking about. It worked for a very short period of time. As in since about 1968 the scheme you are suggesting has not worked the postal service got wise. My god, next you'll be talking about building blue boxes and rainbow boxes... Get with the times man, it is fscking 2003 already!!!

Re:does this really require a readme.txt??

[letxa2000]

Defeating naive bayesian filtering is easy: weight the message with N random words from a dictionary file, where N is calculated to be sufficiently large that it will surely contain at least half as many squeaky clean words as the number of "most interesting" tokens the filter considers.

I don't think it's that easy. Bayesian filtering assumes each user has his or her own corpus of good and bad tokens. Taking dictionary words is not likely to find words that have extremely low Bayesian scores--they are likely to find words that are either previously not in the corpus (Paul Graham and I assign those 0.40) or will find words that are not particularly innocent.

For example, if you look at my corpus right now, the word "CAT" has a 20% chance of being spam, "DOG" has a 56% chance of being spam, "KITCHEN" has a 50% chance of being spam, "THE" a 56% chance of being spam, "RED" a 21% chance of being spam. The point is, you find that you need some truly exceptional CLEAN words (i.e. spam score of 1% or 2%) for a message to NOT be considered spam. If you have a few that rank 99% and your best "dictionary" word comes in at 10%, it's probably still going to be 90%+ overall. In fact, with just 100 good emails and 100 bad emails in the corpus Bayesian will do really good at catching pretty much all spam: the problem is with 100 and 100 you'll get many false positives. A large Bayesian corpus isn't necessary to CATCH spam: a large Bayesian corpus IS necessary to reduce false positives.

So the point is: Dictionary words will seldom be the words that are going to reduce a message's spam score. It's person-specific words, such as "TED" if you know someone named Ted, or "PARIS" if you like to discuss Europe, etc. that's going to get a message through--not a dictionary attack.

Plus even if a dictionary attack happens to get through, it will work only a few times at best: The words used in the dictionary attack will eventually have a spam probability assigned to them that makes the very use of the dictionary attack RAISE the spam score rather than lower it. :) It's really quite slick. :)

I believe Paul Graham is right: This is going to stop current spam big-time. Eventually you'll see really short spams, 1-liners with reference to a website. I'm seeing that already, actually. Messages with a 1-liner that is nothing more than a URL to some incest site. That's where spam is going--and that's going to be even less effective than current spam which will reduce even further the incentive to send spam in the first place. But even those 1-liners will soon be filterable by Bayesian as developers add new characteristics to the Bayesian filter that rank the probability of a message being spam if it consists of nothing but a single URL link, etc.

Don't underestimate Bayesian. I think you'll find it's much harder to get around than you think.

Re:It doesn't seem terribly complicated

[autopr0n]

(This is what makes Spam so problematic. *Almost* makes me want the estamps thing to succeed.)

Estamps are the most idiotic things ever thought up. They introduce so many new parties and variables into the equation it's not even funny.

Email is a relationship between two people. Estamps would require a relationship between the sender, the sender's bank, the receiver's bank, a central authority, etc. It's stupid.

The solution is sender-verification. If you get an email from someone you don't know, send them a response indicating their need to prove their humanity to you. (obviously the other person needs to allow email replies from you as well.). If you need to get mail from some company, you can 'pre-verify' them, for things like receipts from e-commerce companies.

Three types of spammers

[Hoser McMoose]

I'm currently working for a spam-filtering company, so I see a LOT of spam, and I've seen pretty much every trick in the book. Spammers generally can be broken down into three catagories. What you described would be the first catagory:

1. The amature. This is some guy who runs a mail server out of their basement. Mostly just hawking for their own business of running a fraudulant store (ie selling HGH or viagra), or some sort of scam to get users bank accounts or credit cards. These are DEAD EASY to block. Usually it takes all of about 10 seconds to block this sort of spammer. They might get a few thousand messages out in the first 10-20 minutes or so before their spam is spotted, but everything after that will be blocked.

2. The "legitimate business" spammer. These are the people who claim to be some sort of legitimate business. These are the people like 00Fun.com or Joke-of-the-day.com, as well as the people selling you wonderful new kitchen utensils, etc. They all claim that they are in full compliance with the law and that they only send to opt-in mailing lists. The trouble with these spammers is that it's sometimes hard to tell these people appart from some real legitimate businesses mass e-mails. What's worse, I've encountered many services where the spammer clearly used web harvesting software to get their addresses, but they also have had real users sign up to request the e-mails (mailing lists selling religion related products are the worst for this). When you figure out that these people are spammers though, it's usually dead-easy to block them.

3. The professional spammer who doesn't even bother hidding he fact that they're spamming. This is mostly porn, penis enlargement, loan sharks and HGH sellers. This is the only type of spam that is tough to block. These people will use every trick in the book to avoid spam filters. Given enough time, all of these messages can be blocked, the big question is just how much gets through before the filters are in place and how much time it will take to create those filters (often it's just not worthwhile to spend too much time on a single spam, even if it's not being filtered, simply because there's so much more than can easily be blocked).

The one upside to all of this is that, generally speaking the harder it is to block spam, the less likely it is that some moron is actually going to buy the stuff. While you would have to be REALLY incredibly dumb to buy HGH (Human Growth Hormone, aka snake oil) from a message with the subject: "Reverse the Effects of Aging!", you would have to be even stupider to buy HGH from a message with the Subject: "alksjdflksjdffhhfggf sjhdhfhfdsgfd Get Young!!!alosjdfalsdjfklsdjflsdfhhffg jdsjsdfd"

As a bit of a side note, I find that spam paints a REALLY sad picture of our society. Not so much so because there are people so lacking in morals that they think spamming is a legitimate business, but rather because some people actually BUY this crap! Honestly you have to be really REALLY dumb to buy anything from spam. It's blatently obvious that these products are not legitimate to anyone with an IQ above the freezing temperature of water (and I'm talking in degrees C here). But not only are people buying this stuff, but it would seem that there are hundreds of thousands of people buying this stuff. There are approximately 20 billion spam messages sent every day (rough estimate for, but a fairly conservative rough estimate given that Hotmail and AOL alone receive nearly 5 billion spams a day). A good 10% of those are penis enlargement spams. Thats 2 billion penis enlargement spams sent every day. Now, if we figure that it only costs $10 per million spams (it's actually probably at least $100 to send a million spams, when all costs are counted). That's at least $10,000 a day that is spent sending penis enlargement spams. If it costs $50 per dose, that means that at least 500 people need to buy penis enlargement pills every day just to break even (assuming zero costs to process the sale and no cost to supply the pills, which is a reasonable assumption since I doubt that spammers would worry about actually sending any products they sell).

Just some food for thought.