How to Become A Spammer 460
permeablepdx points to this story in The Oregonian about
how to become a spammer. Summary: "Local Oregon boy makes big bucks after learning from the Spam masters."
"Gravitation cannot be held responsible for people falling in love." -- Albert Einstein
online clubs? (Score:5, Interesting)
Where are these things? I'm sure tons of
Re:spam & mail (Score:5, Interesting)
Not entirely true. Most cities (including mine) have a recycling program (and most likely a cost-per-bag for garbage); every pound of recycling will end up costing you something in your taxes somewhere, so the more you have, the more cost to recycling, the more of your money in taxes.
So while bulk mailers pay for sending it, it's still costing you to dispose of it.
Re:hmm (Score:5, Interesting)
What I find more interesting is that trivial software was being sold for many many thousands of dollars. He must have spent $20K on software. Are spammers themselves that stupid?
Re:does this really require a readme.txt?? (Score:3, Interesting)
-dk
Early adopter or bad reporter? (Score:5, Interesting)
Re:does this really require a readme.txt?? (Score:5, Interesting)
You must have quite a few clients willing to pay you
for your "services".
Otherwise, every friend and coworker I have can be a spammer.
Each one of these persons have either a DSL or Cable modem
connection, and most are proficient with computers.
What they (my friends) lack are people willing to pay them for
sending out spam (oh, yeah, another thing working aginst their
success as spammers is morality).
To fight spam and spammers successfully, i think, we must
fight the source and not the messanger (= spammer). That
is finding out who is actually paying for the spam being sent
out and "pound" on them.
I've been fighting spam for several years now. I use RBLs
and ORDBs and even have blacklisted close to 14000 IP
addresses in addition to using spam-filters. But the spam
keeps coming in.
Interesting Read (Score:4, Interesting)
I thought that was an interesting point. Although this article doesn't go into too much technical detail, it provided some insight into the business aspects of this which I don't particularly agree with ethically. Sure, it's a very easy way to make money if you know what you're doing, but it's still violating people's privacy by sending them unwanted messages.
Another thought... If your regulary Joe (the guy in this article) can find ways to become a spammer in 5-6 months of research, why can't the government do its own investigations and just put a stop to these facilitating network groups? I thought there were laws against spam in the U.S.
Controlling their money flow (Score:4, Interesting)
If someone receives spam for a product and it could be shown that the company that makes the product financed the spamming, then fine the company some big bucks. It might be hard to prove, but in a lot of cases the fear that it might happen would be enough to stop companies from doing it.
There were some figures in the article indicating how much the spammer got paid per sale or per inquiry about the product. That has to be showing up (probably under some other name) in some company's advertising budget. With the crackdown on corporate accounting I think some of this could be uncovered.
A clue about effective spam deterrence (Score:3, Interesting)
The most satisfying solution would be to hunt down and kill spammers myself, but some courts still erroneously think that spammers are human beings. We need to have more children of judges receive explicit XXX spam. If you know a judge and their kids' email address, you know what you have to do. :-)
Until then, we are forced to put down the ClueBat and resort to financial penalty for spammers and people hiring them.. The article says: Viagra distributors pay spammers per sale -- about $60 for every $150 order -- while financial companies typically pay for every consumer who requests more information -- as much as $12 for mortgage leads and as much as $5 for insurance referrals.
There is something to act upon here. It's already illegal to make a sell through a prohibited third-party. You cannot, say, give a commission to a guy who sells your stuff in Libya.
So how about giving the Federal Trade Commission the power to slap a fine on people who make sales on spam-acquired leads? Enforcement would be easy. Just answer mortage or insurance spam. The would-be insurance or mortagage broker contacts you, proving he has used the services of a spammer. Small claim court, or send the stuff to the FTC. Whammo, big fine, they won't do it again.And since they have a legal front-end in the financial world, they have assets to seize if they try to evade courts.
Re:spam & mail (Score:4, Interesting)
Yeah, its not much, but at least I'm sending a little more $ to the USPS for the PP mail, and I'm having the sending company use their resources to dispose of the trash they shouldn't have sent me.
Killing the demand (Score:5, Interesting)
Simply create ten million or so "honeypot" email addresses, and have an automated system have them all request information on the mortgage deal.
Once the mortgage company is on the hook for $50 million, they will think again before going to a spam outfit.
This will knock out the mortgage and credit card spams, but won't make a dent in the porn or Viagra spams, as those actually require an order.
Re:does this really require a readme.txt?? (Score:3, Interesting)
This shows that an anti-spamming law would, in fact, be a lot easier to enforce than one might imagine. Troll the "spammer support" boards, answer an ad, and then:
(And, no, it would not be "entrapment" if the police had evidence that the perp was offering spam services before the sting was set up -- that's one of reasons for the initial ad-trolling step.)Re:Do the math... (Score:3, Interesting)
It just occured to me, this could present the ultimate punishment for spammers... jail time for the amount of our time they've wasted. It's a numbers game...
It amazes me... (Score:4, Interesting)
I still think the best possible defense against spam is to be self-hosted, server-wise. I would also be interested to know how often this guy had to change ISPs thanks to being (rightfully) shut down for abuse of resources.
Then again, if he were hosted on AT&T/Comcast, that might never have happened. AT&T likes spammer money too much.
Re:does this really require a readme.txt?? (Score:3, Interesting)
Exactly. Morality. Any woman can be a hooker, they all have the tools... but that doesn't mean that every woman would be a hooker if they had a paying customer. Likewise, just because someone comes to me and offers $2k to spam 10 million addresses from my connection I'm not going to do it. It's not the lack of a paying customer, it's morality.
Unfortunately, morality is hard to control. There are hookers even where it is supposedly illegal and there will be spam even if its illegal. The solution is not political or legal (other than suing them based on theft of service to drive up costs), but rather technical. While I will not deny spammers have been very innovative in getting around simple filters, there is a limited number of things they can do and still deliver a useful commercial to the intended reader. They already mangle words such as V!^gra, etc. and even so my Bayesian filter gives them a rating of 100%. They're going to have to mangle their message so much to get past ever-improving filters that at some point their messages are going to be so mangled that they will scarcely be readable. At that point, their already astonishingly low response rate will drop even further.
Spam and anti-spam is a war, as they said in the article. But the anti-spam camp will ultimately win because we have the advantage that, in the end, the spammers have to deliver a readable and understandable message. That puts limits on what tricks they can play to get around filters.
Open proxies (Score:4, Interesting)
They do filter postal junk mail--if you ask (Score:5, Interesting)
Also, back when I only got a few spams a week, I used to read them. I never bought anything from them, but I would look at ones I found interesting. The problem is that we have gone from five to ten spams a week to hundreds. My yahoo account (which I mainly use for site registrations) collects hundreds of emails each week in its bulk (spam) folder.
There are several costs to me of that volume. One, I have to spend a certain amount of time checking for legitimate email. Two, what if I incorrectly classify a real email as spam. Three, I don't feel comfortable publishing my email address now, since I don't want to get more spam. In the normal course of business, I would want to publish my email (how much time is spent on taking anti-spam kludges out of email; how much server time is spent trying to send email to these invalid addresses). Four, since spam is sent indiscriminately, it drowns out legitimate uses; if it is a product in which I would be interested, I would like to learn about it. Unfortunately, very little spam is targeted towards my interests (science fiction, fantasy, etc.). Five, when I send email, I am subject to it being indiscriminately deleted because I am not a recognized sender.
Two thirds of the email traffic overall is spam. Without it (and the computationally intense filtering created by it), we could easily cut the infrastructure in half. Think about it. Half the email servers in use could become web servers, etc. instead.
By contrast, postal junk mail does not increase your delivery costs. In fact, postal junk mail fees pay a good portion of the cost of maintaining mail delivery to people. If postal junk mail stopped tomorrow, the post office would have to raise postage to cover the fact that they would then be running the same delivery routes with less mail. Even if there are disposal costs, these are offset by the savings in postage.
There are very few anti-spam laws in the US. The few that do exist are state laws rather than federal laws. Most anti-spam prosecutions are based on fraud and damage claims. Further, in the US, it is not really possible to shut down a group talking about doing something. It's not illegal to discuss how the law could be broken.
Re:does this really require a readme.txt?? (Score:5, Interesting)
It's been a long time since I used the account regularly, but I still have that account. I use it when I'm out of town, because no matter where you are, you'll usually find an access number. Not for email though. Never for email. Sometimes I'll go into my inbox though to show people what eight years' worth of abuse from people like you has done to it...
I log in, and the box is full. Every time. I start my demonstration by deleting about twenty or thirty emails, and then we watch. After a minute, I refresh it. One or two more emails. Another minute, same thing. Wait five minutes and there are at least ten new messages. Wait half an hour, and the box is full again.
Thanks, asshole.
But I do admire your courage in posting non-AC that you used to do this. And I thank you for giving me an opportinuty to actually speak to one of you. I wish your email address wasn't hidden, but I do see a URL. In glancing at your page I don't see an email address, but I do see a form on your page for sending messages to your cell phone.
Fortunately, I don't care enough about it to do anything with that, but I did want to point that little detail out for every one of the good folks on Slashdot to see...
Sentencing for Convicted Spammers (Score:4, Interesting)
1 second in prison, for every email that they've sent.
So if a spammer is caught, and after they raid his computers they figure he did 10 million emails that week, that would be...
10 000 000 / (24 * 3600) = 115 days in prison (roughly 4 months, for that week)
I think that would work out to a managable amount of time (ie something that won't overflow the prisons). It also would make things easier since the authorities would only need to analyze a relatively small set of data to get proof and sentencing (ie this month's ISP logs)
Or even if it wasn't prison-time, they could easily be forced to manual labour for the city the live in or something... (preferably something like cleaning sewers, but basically anywhere that manual labour is needed...)
sound like a good idea?
Re:It doesn't seem terribly complicated (Score:1, Interesting)
1. You need a buyer, somebody who is going to pay for the stuff you send.
2. Obtaining a valid list of e-mail addresses is not very easy, you either need to invest money or you need to figure out how to harvest e-mails from the web/usenet.
3. Just sending e-mails is not going to work, you need to design the e-mails so that they don't get blocked
4. Mail relays are not really necessary but nice. You can send e-mails using an MTA on your own computer and for more security you can find a few misconfigured proxies, so that your IP is not easily traceble.
Re:hmm (Score:4, Interesting)
Somebody's eMail address gets abused as a spam reply-to (yielding a LOT of bounces, replies, etc.), sends it to a friend of mine who then goes on to investigate. Product being advertized is some kind of herbal that is supposed to give you more power, if you know what I mean.
Either way, site looks flashy (no flash though), with a snappy order-form, asks for cc number, etc. all through normal http. Now of course since you want to find out WHO is the perpetrator, you try variations on the URL, say, / instead of
(we did forward said information to mastercard and visa)
A few days after, we check back. That file has now grown to a couple hundred (!) lines, most of which look legitimate (all @aol addresses though), all ordering them herbal bottles for $50 a pop. Sucks to be them. I don't know whether or not others have found the same facts, but I'm rather sure there are more than one or two persons that have found this gaping hole.
Either way, spam works, unfortunately. Just think about it
Even if most people feel the same way as us, that leaves the 0.5% completely and utterly clueless and desperate for a longer version of a certain organ. Send enough eMails, find enough idiots.
Woohoo.
Re:Interesting Read (Score:2, Interesting)
A few reasons. For one thing, spam is new, but we've been getting junk snail mail for years so we've had more time to adjust to it as a fact of life. Spam has seen a massive surge in the past year or so and people who weren't especially bothered by it in 2001 are now getting 300+ messages per day in their hotmail accounts.
Secondly, we trust snail mail more because it's distributed by the government and the senders have to pay for it and follow certain regulated procedures. While it's still unsolicited and still an invasion of privacy, it's generally legitimate and we take it on faith that there is an accountable, legitimate business behind it. The vast majority of spam is shady and sleazy, selling pyramid schemes and unapproved drugs and beastie porn, sent blindly to people who didn't ask for it and have no interest in it, by spammers who hide their identities and steal resources to do it.
We tolerate pushy salesmen at car dealerships because they work for a real company and are just doing their jobs. If snail junk mail is the pushy salesman, spam is the shifty guy in a trenchcoat standing in an alley going "psst, hey buddy, wanna Rolex?"
Re:He's not making much money (Score:2, Interesting)
He may have been making only 52k a year, but he could quite easily have worked a regular 40hr/week job in addition to that if he really needed more money, and this took virtually no skill on his part, which is the problem.
Even in a much better economy than currently exists, only highly skilled workers are going to be making much more than 40k a year, if you don't have at least a bachelor's degree you can probably kiss even 40k a year good bye. For someone who doesn't have a college degree and is making closer to 30k or less for working their tail off, this sort of money would look damned appealing, especially if they could keep their current job.
Re:Jeez (Score:3, Interesting)
These people have a HUGE call center in London. But they have a USA registered toll free number.
Interestingly though, the ring sounds like a European type ring (germany, russia, france), but not the Brr brr type OK ring.
After further invstigation and social engineering some people at the UK call center, I found out the cost of every phone call.
30 cents - when calling them from a payphone (no charge to the caller of course).
$1.75/min connection fee from the 800 number through the overseas link to the UK call center.
SO I encourage all of you slashdotters to work their dialing finger and start calling their number...
877-722-2413 TOLL FREE to the caller, but over $2/min for the spammer.
It's best you call them from a payphone (they incurr more charges that way).
They apparently have about 10 USA lines, so it won't take up that many people to completely cut off their call center from USA calls.
Tips for keeping them on the line for a long time include giving them a speal about how you want to mail them a check, and to please give out their snailmail address. Of course they won't give it, but ask to speak to a supervisor (Even MORE hold time they have to pay for), then argue with them. I assure you, they are really sneaky people and KNOW they are selling this crap, but I also learned their policy is not to spam just once, but these people just HAVE to send at least 1000 spam messages PER EMAIL address.
REMEMBER - YOU can fight SPAM - FIGHT BACK. Take advantage of those 800 numbers they give out. Make them pay.
Waiting for bus or train? Are there payphones handy? Well, take down this number, and put it in your address book, then you can amuse yourself while waiting for train or bus, and put those payphones to good use.
1-877-722-2413
After your little dialing binge, you'll feel a great satisfaction, knowing you costed them this money.
Cable & DSL are geting BIIIIG here. (Score:4, Interesting)
This makes sense. In the past month or so, the amount traceable to DSL or cable clients has now pushed over 50% of my spam. I'm slowly automating turfing them to the abuse depts - but some don't even let you send directly - you have to go fill out a form. And they demand the full message- difficult when the email grabs an image as you open it - those don't stay. Seems the cable/dsl companies have this very low on their priority list.
I thought the idea was to rid ourselves of spam! (Score:5, Interesting)
Okay, the above poster is just being stupid.
I thought the goal was to give spammers incentive, whether negative or positive, to stop spamming.
How is abusing someone who gave up spamming going to help?
The message you are saying is:
"Once you've spammed, you're screwed. Doesn't matter if you stop or change."
That is plain stupid and the wrong attitude to take. If someone stops spamming, give them the pat on the shoulder and leave them alone. Move onto the next spammer. Why continue to harass someone who has gone legit?
If you abuse people because they spam and you abuse them if they stop, then you are basically telling them and anyone else that hey, once you have started to spam, there is no reason to stop.
I for one would like to see the spamming stop.
Comment removed (Score:5, Interesting)
Re:does this really require a readme.txt?? (Score:5, Interesting)
I'm not forgetting that... But you have to remember it's a sales pitch. The more distorted and mangled the message looks, more people will just completely ignore it. Regardless of whether a message was spam or not, I would not take seriously any message that was sent to me in, essentially, SMS-speak. I certainly wouldn't refinance my home or accept medical advice from an organization that wrote me in that fashion.
Second, and more importantly, the majority of people do not wage a 24 hour war against spam and run a Bayesian spam filter. They just put up with it.
For now, that is true. But as time progresses more and more companies and ISPs will offer filters (perhaps Bayesian, others, or both) to their customers--perhaps defaulting it to "on." I wouldn't count on typical users making an effort to avoid spam, but I would expect more and more comapnies and ISP to do so.
If it was purely Bayesian filter vs spammer, spammer would win hands down.
I disagree, and I wonder if you have done much investigating with Bayesian? I've been working on it for the last 7 months and, believe me, Bayesian is surprisingly effective despite its simplicity. Messages I thought it wouldn't catch ARE caught with no special logic whatsoever.
Three things I would mention and which I advocate, especially as spammers try to outwit Bayesian.
1. Bayesian WILL catch their messages unless they munge their messages, which we must assume they will. They already do and, presumably, they'll do it more in the future. This is simple to address. Once your Bayesian corpus gets sufficiently large the expectation is that a typical valid email will not add a significant number of previously-unseen tokens to the corpus. If you have a corpus of thousands of messages and receive a new message of which 40% (for example) are new tokens, you may want to assume that's a spammer munging because a real mail is not going to have that many "new" tokens.
2. Even if you don't assign a cut-off point as in #1, you just make "characteristics" out of the number of new tokens. For example, if you have a message that contains 50-60% new tokens, that itself becomes a new Bayesian token. Perhaps, over time, Bayesian will find that "messages with 50-60% new tokens have an 80% chance of being spam." So the fact that they munge becomes a damning factor even if the computer can't identify the actual munging.
3. You add new characteristics as in #2. Perhaps another characteristic is "Messages that contain no body except for a URL." Perhaps 85% of those messages are spam, and Bayesian can count that as a damning characteristic. Or, perhaps, messages where over 50% of the body are devoted to URLs have a 90% chance of being spam. All these add new "characteristics" that can be used to calculate a spam probability for Bayesian.
So, the point is, Bayesian itself is very, very capable of solving the spam problem. I'm not saying that we write a Bayesian filter today and it never has to evolve. But now when spammers implement new countermeasures, we just have Bayesian do analysis that looks for those countermeasures and, when found, counts them as another characteristic. The algorithm remains untouched, but we have a growing number of characteristics that Bayesian is scoring--not just tokens (words) in the message, but characteristics OF the message.
Believe me, 7 months of research and development on this has convinced me that Bayesian is going to be the headache to end all headaches for spammers. Will it catch 100% of spam? No (more like 99.5%, actually |grin|). But will it catch enough so that the typical user isn't bothered by spam and to further reduce the response rate of spam to reduce the incentive to send it? Yes, it will.
And regardless of whether or not the w
Vengence and getting back at someone who wrongs u (Score:4, Interesting)
Some people who posted responses made many good points. They mainly center around one of the following:
1) The person wronged the online community and profited from it. "Just" letting them go would be wrong!
We all want satisfaction. That is the difference between enforcement of Law and dealing out of Justice. Persons who abuse online resources would be in violation of the law. The anguish they cause people isn't as clearly defined by the Laws. That leaves us without satisfaction. Without closure.
Taking it unto yourself to right what you percieve to be a wrong by taking the law into your own hands is called vigilantism(sp?). Those actions typically land outside of what is condoned by the Law as it currently stands.
I do believe that people should be penalized for doing something which is wrong and costs everyone in the community. Spam and Spamming falls under this kind of community abuse.
If you want satisfaction, change the Laws so that Spamming and Spammers will be penalized and not just slapped on the wrists.
2) "Spammers will think it is okay to spam and quit when they have made their money if we take the 'give them an out' attitude!"
The real problem here is that there is the question of satisfaction of our sense of justice being served. When a person goes to prison and serves their term and are released, we believe them to have repaid their debt to society. If they are repeat offenders, we consider them to be lost causes. (Sorry, I'm generalizing here.) And then, there are those who commit crimes and get away with it. They decide to quit while they are ahead and try to be productive elsewhere. If they slip back into the lifestyle, they will eventually screw up.
I guess my point is: Here is an example of someone who tried it out. Saw it was profitable, but due to the stream of hate mail and just having to dodge the proverbial bullet, has decided to quit the lifestyle and earn a living in a more accepted way.
He's already quit the spamming life. Harassing him more doesn't make him quit spamming any more than he has. Nor will it set an example for others to quit. Quite the opposite.
Then, you have those who are career spammers. They are the ones raking in 5+ digit earnings per month and they escape the reach of the law. Given death threats and harassment, they continue on.
I see them as the repeat offender criminal. The lost causes. They will continue to commit crimes both legally and socially. They should be the ones hatred and "requests to stop" be directed at. Not at people who have already stopped.
When you try to bring someone out of a life of crime or who has taken the wrong path, you don't continually harass them after they have stopped. That just pushes them back into the life. You don't pat them on the back either. You watch them carefully to make sure they don't repeat their offense. They ask for forgiveness from the community and work to re-earn the communities' trust. They are in essence, the little fish who have a future.
The repeat spammers who have been at it for years are the ones which deserve a lifetime of punishment for the ill they have caused and willingly continue to cause.
What we all want is spam to go away. So give them a reason to stop if they are spamming. Give them a reason to stay stopped if they have decided to stop. And get the law/government in on it if they refuse to stop.
Re:does this really require a readme.txt?? (Score:2, Interesting)
As of last month, 75% of my mail was spam. This month it appears that has inched up to 81%.
Re:Sentencing for Convicted Spammers (Score:3, Interesting)
So, is a life sentence a fair punnishment for one year of spamming?
-