How to Become A Spammer 460
permeablepdx points to this story in The Oregonian about
how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."
A list is only as strong as its weakest link. -- Don Knuth
It doesn't seem terribly complicated (Score:2, Insightful)
Jeez (Score:5, Insightful)
And they wonder why they get death threats.
Thanks Slashdot! (Score:3, Insightful)
I don't under stand why... (Score:4, Insightful)
As much as I hate to make it personal... (Score:5, Insightful)
There you have it. I wonder if there is a way of applying this cost to every spammer.
information wants to be free (Score:5, Insightful)
What is truly amazing (Score:5, Insightful)
If he feels that this stuff is so legitimate, why is he using software that abuses open relays and proxies, and forges mail headers, instead of publishing the real address he is sending his spew from? Hmmm?
It's forgery, plain and simple, and there are laws that deal with it. Prosecute the fsckers on it already!!!
Re:information wants to be free (Score:2, Insightful)
DeCSS has legal uses... (Score:5, Insightful)
Before DeCSS you would not be able to watch a DVD on Linux. Before spamming it was possible to let kids use email with no fears of them seeing obscene things, you can't now. Which is the biggest menace, I'll let you decide.
Seems rather honest, and upfront. (Score:3, Insightful)
Also rather intelligent and well spoken.
While his previous 'career' is absolute scum, at least he took it seriously, as a legitimate business..
I'm impressed, too bad not most of the rest don't have his level of 'morality', and 'responsibility'.
As much as we all hate it, ( I know I do, both at home and due to my position at work ) as long as its legal, it will continue to be a large part of net-life.
Re:hmm (Score:3, Insightful)
Maybe, but really i believe these guys about as much as those guys on late night tv with the yacht selling real estate advice.
If Sheils is really smart he is probably setting himself up so he can sell software/books to wannabe spammers. He can include articles like this and tell people "Work from home, make money like me."
Re:does this really require a readme.txt?? (Score:3, Insightful)
Re:online clubs? (Score:3, Insightful)
If you're implying some denial of service attack, I don't really think you're any better than they are.
Re:online clubs? (Score:1, Insightful)
PZ
Re:does this really require a readme.txt?? (Score:3, Insightful)
At least drug users voluntarily buy the drugs from the dealers.
Re:maybe ? (Score:5, Insightful)
Re:hmm (Score:4, Insightful)
Re:online clubs? (Score:3, Insightful)
I do not find your moral equivalence between an unprovoked attack on innocent bystanders (what the spammers are doing) and a retaliation/deterrent attack on perps (what a DoS on a spammer-support site would be) to be at all convincing.
Bulk Snail Mail (Score:2, Insightful)
A Warm, Fuzzy, Happy Feeling (Score:5, Insightful)
He quit because of hostile, harassing emails from the angry public! They work! Every email you've sent telling a spammer that they're a worthless turd of a human being had some miniscule effect!
Even now, the guy admits no moral qualms about his former job. He's still a thoughtless punk who sees nothing wrong with the practice, and I'd still like to punch him in the nose. But he QUIT, because we made his life miserable in return.
The lesson: keep giving 'em hell. It's not just gratifying, it sometimes works.
Meh (Score:3, Insightful)
Has Anybody Actually Checked This Out? (Score:3, Insightful)
I'd want to take a look at his books, and his bank account. Get a list of his clients, and see how much stuff they're actually selling. "Spam on commission" sounds seriously odd.
Also keep in mind that $1000/week is $50,000/year -- not all that impressive.
Sadly, I have to agree with him (Score:3, Insightful)
Re:This quote says it all (Score:3, Insightful)
1. Mugging them on the street (theft of service).
2. "Brrowing" their cars without permission to rob a bank even though they return them later, so what, difference does it make? (using someone elses mail server to relay spam).
3. Sending threats to politicians using your address as the return address (using some innocent person's email address as the return address for bounced spam).
4. Handing out pornographic magazines to everyone that walks by--10 meters away from an elementary school (sending porn spam when you have no clue whether or not the recepient is even an adult).
The NERVE of some of us getting upset about such silly things.
I disagree. (Score:2, Insightful)
Not to mention I am sure he was in violation of his ISP's Terms of Service.
And he keeps portraying those who oppose his spamming as "living in basements".
What's with that? Doesn't he feel secure enough in his previous profession? Why does he have to keep making such claims about people who oppose his previous profession?
Also, why does he phrase it as "a war" and having to "bombard" people?
No, this isn't like a commercial on television. If I'm not watching that show, I don't get the commercials.
small social networks are vulnerable. (Score:4, Insightful)
A digital social network (in the form of bullitain boards, etc) through which people can trade information about addresses, software, and spamming methods should be a trivial thing for a large digitally sophisticated crowd (ie slashdot) to find and then attack, either by trolling/flooding, or more outright destructive means.
This dosent address the actual hardware involved in sending and receiving spam, but rather constitutes a multi-front assault against a subculture. Maybe it wont stop all spam, but it would make it harder for people to get into the spam business, by either exposing this social infrastructure and diluting it, or disabling it violently by disrupting the virtual real-estate it resides in.
Do the math (Score:5, Insightful)
He spent the first 5 months researching and one month of spamming
He spent $10.000 on spam-software
He claims he made $1000 a week.
4 weeks times $1000=$4000 income.
$4000 income minus $10.000 is -$6000. So, the guy loses $6000 on spamming.
Film at eleven...
Re:Killing the demand (Score:2, Insightful)
The best way I can see to fix the current spam problem is to use tarpits like spamd. My OpenBSD mail system will tarpit any incoming SMTP connection on the spews list, and any connection from a netblock that I don't like the look of.
Tarpits make sending spam a very slow process, a few more of these would make spamming too expensive to be worth the effort.
Spammers - My email is spamme@our-police.co.uk
But you do get one benefit... (Score:3, Insightful)
Bulk unsolicited email is the exact opposite. It is an unnegotiated public bad- neither you nor your ISP negotiates that 'contract' with the spammers that makes all email / ISP services much more expensive.
Speaking as an EMS director (Score:3, Insightful)
He might be reformed, or he might not... but he clearly has not paid ANY of his debt to society, and his ethics are in question.
People tend to surround themselves with people of a similar stripe and philosophy (the old birds-of-a-feather argument). Just the presence of that questionable past makes me not want to do business with the company.
Re:Jeez (Score:2, Insightful)
Re:I thought the idea was to rid ourselves of spam (Score:3, Insightful)
Right and Wrong (Score:1, Insightful)
Cops enforce laws - which have nothing to do with right or wrong, and are encouraged to lie to you in the process. Don't believe me? Ask anyone who has been arrested, or their lawyers.
Cops are just gang enforcers - that they have the backing of the "law" is a nice moral justification they can use for themselves - but they'll happily enforce laws that they admit are wrong.
Re:It doesn't seem terribly complicated (Score:5, Insightful)
> you either need to invest money or you need to figure out how
> to harvest e-mails from the web/usenet.
That part's trivial. You'll get 50% invalid addresses, but so what?
Step 3 is easier than you think: at this time, you don't have to
fool the filters of the 0.05% who use even moderately complex
filters[1]; all you have to do is get past the things that are
deployed ISP-wide, like psmtp.com's filtering service. (This is
trivial to get past: write three spams at random, and two of them
will get past. No cleverness required.)
If you have to get past word blacklists, then you also need to use
a thesaurus (or 1337 sp33k), but word blacklists are relatively
uncommon, because they get too many false positives. Really, all
you have to do is get past the filters that ISPs deploy, not the
ones individuals install. Remember, if you have to send twice as
many messages to get the same response, it doesn't cost you that
much more. (This is what makes spam so problematic. *Almost*
makes me want the estamps thing to succeed.)
The hard part is convincing businesses that have money (and are
therefore presumably profitable) that they can gain more than
they lose by investing in your services. I assume you send all
the businesses in the universe adverts for your services and hope
0.001% of them bite. I would like to think that more than 99.9%
of them know better, but... I know better. Fortunately each
spammer has to compete with all the others for limited business,
so the number of spammers who can make money spamming is finite.
Praises be.
As for point 4, finding a spam-friendly ISP is a real pain; it's
much easier to run port scans and find open relays, then test
them to see which ones *don't* do a reverse lookup of your IP.
Then you send to the open relay from a custom MTA that you run
on a dynamic IP in such a way that it randomly generates From
and Received headers and such for each message, thus making it
a real pain for the recipient to track down where the spam
*originated*. Finding out where it came from to your ISP is
easy, but that's an open relay in the APNIC block whose IP is
not reverse-lookupable (virtually *nothing* in APNIC supplies
PTR records), and so tracking down the owner of the relay is
hard, and they don't speak your language, and they don't give
a rodent's posterior about your spam problem. For extra bonus
points, get a hosting deal in Asia and run your MTA there, so
that tracing you back to your ISP in the US is basically
impossible, and if we *do* figure out who runs the MTA in Asia,
we'll assume it's an open relay, provided you insert the usual
forged Received headers. Yes, I've spent way too much time
looking at mail headers.
So in conclusion, the main thing preventing a lot of people such
as myself from becomming spammers is that we hate spam. That, and
it's so obviously *wrong*.
[1] e.g., people like me, who trained a naive bayesian mail
classification system (ifile) on a collection of tens of
thousands of well-categorised messages in 3 dozen distinct
categories, including several distinct spam categories.
But actually, with a modicum of cleverness, a naive bayesian
system can be easily defeated. As soon as I read how the
algorithm works, I realised inside ten minutes how they can
defeat it. Consequently, they can figure it out too; if
enough people start using such systems they'll do that, and
we'll have to get more clever with our mail classification
systems, taking context into account for tokens, at which
point they'll drag out the Markov chain generators, which
will be *hell* to try to filter against. At that point it
might be easiest to hire somebody in the third world (where
the ecconomy is suc
Re:does this really require a readme.txt?? (Score:2, Insightful)
with N random words from a dictionary file, where N is calculated
to be sufficiently large that it will surely contain at least half
as many squeaky clean words as the number of "most interesting"
tokens the filter considers. Further note that these words do
not have to get in the way of the message: they can be stuck
anyplace the filter will see them, even if the user will probably
not see them there. (Think: X-Die-Filter-Die headers, sig blocks,
MIME separators, HTML comments, to the right of a hundred spaces,
and so on and so forth.)
Of course, we can make bayesian filters less naive by having them
consider context of tokens, but that consumes more system resources,
and then the spammers can drag out the Markov chains. And we know
there are miscreants who know how to write Markov chain generators,
because hipcrime has been using them for years to get past the
net.admin.net-abuse.* robocancel-moderation and pull assorted
maladjusted and juvenile stunts. And detecting Markov chains is
probably AI complete, or at least significantly difficult.
Regardless of what the spammers do, bayesian filters (if made less
naive than the current ones) can *probably* continue to work when
trained on a large bulk of well-sorted mail from a single user's
account and used to sort that same user's mail, but I don't think
they will ever be a hassle-free drop-in solution for the masses.
Without good data on the nature of a specific user's mail (i.e.,
data the spammers (hopefully) don't have), they're too easy to
defeat. Markov chains are not even especially new technology, and
while the idea is clever, much more advanced autogeneration is
possible... *generating* human language text is *way* easier
than parsing it, which makes the filtering game ultimately a
losing battle for mail clients -- unless intelligent user input
(selection) goes into training the filter for *each* person's mail,
which gives you a leg up on the spammer who doesn't have your data.
Re:I thought the idea was to rid ourselves of spam (Score:3, Insightful)
The article shows various interesting things, one of them being that spammers are hated like beelzebub himself. If that does not prevent one from starting it, what does?
I must admit I was tempted about the idea of "taking revenge" on a spammer, but no. Stop spamming and repent, that is good enough for me.
Alex
P.S.: Then again... he raked in $4.000/mo. Maybe he should donate some of that money to spamhaus.org