Prosecuting A Spam Artist

ronmon writes: "DSLReports has discovered evidence of a creative Spammer / Data Miner who has managed to glean email addresses from their member's information pages. Apparently someone has gotten around to writing a script that decodes obfuscated addresses like imasobATspam_centralDOTcom, which was only a matter of time. Server logs show well over half a million requests from several IPs in a specific block and they have been advised that they are in a good postion to prosecute. They're asking for legal help, so any of you good hearted lawyers out there looking to boost your karma, here's your chance :)"

A suggested solution

[Second_Derivative]

I'm of the opinion that there's only really one proper way to do this: an image generator. The site should keep a database of emails, together with a random ID. Then, whenever an email needs to be displayed on a page, you insert an image tag that looks like, say <img src="http://site.com/cgi-bin/email.cgi?27571084512 571904" /> or whatever. This script looks up the email address in its database, then draws it. It then applies some noise and distorts it so that the email is more or less readable, but you'll have a hell of a job trying to automatically read these emails. Dunno, anyone think this will work?

Re:A suggested solution

[TheGratefulNet]

yes, I believe it would work.

I have a .gif on my website that is readable by humans but doubtful its easily readable by auto-spammers.

Re:A suggested solution

[mosch]

That's a great way to make your site less accessible to people with disabilities. You've succesfully made it so people with visual disabilities cannot get your email address.

Your solution breaks the web even more than it's already broken, as a blind person, I find your idea contemptable.

Re:A suggested solution

[TheGratefulNet]

You've succesfully made it so people with visual disabilities cannot get your email address.

no, I've made it difficult for most people to reach me. I'm a curmudgeon, I don't like email from strangers.

but if you must reach me, there's a cgi form that is very simple and even lynx friendly, that you can fill out and I'll get your info and be able to email you.

if you bothered to even click on that gif, you'd have been taken to such a cgi form. and if its lynx-friendly, it will work for everyone.

Re:A suggested solution

[mosch]

There's no need to be testy and defensive, just because you're wrong.

Your site may have linked to a form that is able to be filled out by a person with visual disabilities, however you did not suggest this in your post. You merely suggested obfuscating all addresses in images, thus making it a little harder for me to use the web.

For those of you who are complaining that this brings the web down to the least common denominator, you're missing another important point. Pages that work well for people with disabilities work well for people using alternate browsers, such as those that you might want to use someday on your PDA, or cell phone, or car radio.

Everybody, please validate your pages with Bobby [cast.org].

Cause and Effect.

[Martin Spamer]

>That's a great way to make your site less accessible to people with disabilities.

Blame the Cause not the Effect.

Re:A suggested solution

[Cow4263]

In theory, it will work. However, it will probably wreak havoc apon the design of your page (probably, however your results may vary). An alternate idea that I was thinking is to use the actual character entities for the email (i.e. cow4263yahoocom), although I have to admit, my knowledge on auto-spammers is somewhat limited seeing as how I don't use them. Another anti-spam method is described on this previous /. article [slashdot.org]. But, we are slowly getting offtopic, so I'll degress

Re:A suggested solution

[SEWilco]

You're trying to use technology to fight technology. It's easy to make scripts which untangle many of the existing text obfuscations. If enough people obfuscate with graphic images of text, OCR technology will be used to read the images.

Re:You know, I don't think spam is all bad.

[Snowfox]

Sometimes, you get something through the snail mail that actually interests you. Occasionally those carefully targetted advertizing campaigns actually hit the mark.

Now I am not trying to apologize for irresponsible spammers, but you have to admit, some spam is actually interesting. I am talking about the mailings from corporations whose product you have bought in the past, and who you might be interested in dealing with again.

I actively avoid supporting marketers who annoy me, and I urge you to do the same. If a company is advertising in a magazine I like, in a banner ad on a web page I like, or on a TV show I like, they're starting out with an even trade. A little support for my interests in exchange for a little bit of my attention.

If they spam, throw junk mail at me, pop up annoying windows all over my desktop, stick business cards or flyers on my windshield or otherwise inconvenience me, I ensure that I never ever support them. I've stopped dealing with companies I previously liked because they started engaging in these practices.

Spamming is essentially stealing. I don't know why the hell I'd want to support someone whose first action was to take from me without giving anything in return.

Re:You know, I don't think spam is all bad.

[The G]

Of course, this will only have an effect if a large number of people act in a relatively concerted way. I have frequently thought that there ought to be some sort of centralized database-based "blacklist" of which companies use various irresponsible marketing techniques.

Of course, I sure don't have the time to build such a list, or the money to withstand the lawsuits it would spawn.
--G

Re:You know, I don't think spam is all bad.

[Snowfox]

Of course, this will only have an effect if a large number of people act in a relatively concerted way. I have frequently thought that there ought to be some sort of centralized database-based "blacklist" of which companies use various irresponsible marketing techniques.

It's already had an effect. The kinds of places that spam are the kinds of places that don't give a fuck about anything but growing the business. By avoiding spammers, I'm increasing the probability that I'm dealing with a company that has some measure of a concern about the consumer.

The rest will sort itself out. The worse spam gets, the more likely it is to get legislated into a black hole, or the more likely it is that enough ISPs will start deploying cooperative spam circumvention devices to make it effective.

It'll get there, through law or common sense. In this day and age, the problem just has to become expensive to big business first.

Re:You know, I don't think spam is all bad.

[Mysticalfruit]

That's what has happened with all of those who maintained MBL lists. They got sued until they ran out of money, lost or won. If they won, the suer would then just go after their ISP to get them cut off.

Thats why most sites just maintain our own block lists and/or do content blocking (aka, all mail with the word "brest" gets deferred)

Re:You know, I don't think spam is all bad.

[DreamerFi]

I do the same, with twist. I actively tell them I stop doing business with them. It tends to surprise the fuck out of them that somebody actually is not only not interested in their "great business opportunity" but enough so to avoid them. If one person does that, they usually think "lunatic" and just go on. If several people tell them, they either get a clue, or are out of business a few years later...
-John

Re:You know, I don't think spam is all bad.

[roybadami]

If a company is advertising [...] in a banner ad on a web page I like [...] they're starting out with an even trade. A little support for my interests in exchange for a little bit of my attention.

Well said. And shame on those who favour software that blocks banner ads, and expect their favourite web sites to provide them a service without any revenue

Re:You know, I don't think spam is all bad.

[Snowfox]

If a company is advertising [...] in a banner ad on a web page I like [...] they're starting out with an even trade. A little support for my interests in exchange for a little bit of my attention.

Well said. And shame on those who favour software that blocks banner ads, and expect their favourite web sites to provide them a service without any revenue

I'll meet you half way. I still block out banner ads from companies that request cookies with the ad. Unfortunately, that's most of them these days. I'll allow unobtrusive ads supporting a site I like, except when they engage in secretive tracking of my browsing behaviors.

An advertiser keeping tabs on me without first asking me if that's okay steps way over the line of trust.

Re:You know, I don't think spam is all bad.

[BobMarley]

I've resisted the urge to follow the link in a spam if the link looks like it might be interesting.

The definition of "spam", at least in my book, is "Unsolicited Commercial Email".. for the most part, anyway. There's non-commercial spam too. The whole concept being that it's UNSOLICITED. I get tons of mailings (electronic and dead-tree versions) from organizations whose products I have purchased. I don't consider this spam, because by purchasing their product, I have elected to become part of their "previous customer" list. If I have a choice, however, I ALWAYS elect not to have my contact information sent to any outside parties, and I won't knowingly do business with any organizations who do this without my knowledge.

cheers
BM

Re:You know, I don't think spam is all bad.

[Anonymous Coward]

Sometimes, you get something through the snail mail that actually interests you. Occasionally those carefully targetted advertizing campaigns actually hit the mark.

No, I don't, and no, they NEVER hit the mark where I am concerned. In fact, I proactively boycott companies that violate my privacy to send me advertising, and I proactively do what I can to do monetary damage to them. If a company buys or sells or harvests information about me for the purposes of sending me unwanted, unsolicited advertising, I will make them pay for it.

Now I am not trying to apologize for irresponsible spammers, but you have to admit, some spam is actually interesting. I am talking about the mailings from corporations whose product you have bought in the past, and who you might be interested in dealing with again.

You are dead wrong. When I buy from a corporation, I explicitely tell them not to attempt to advertise to me in the future. I do NOT want to hear from them. If I have any interest in purchasing anything from them in the future, I will do so of my own volition. If they attempt to pressure me to purchase from them my making any attempt to send targetted advertising to me, they win an instant enemy, and virtually guarantee that neither I, nor anyone that looks to me for product recommendations will purchase from them again.

So before jumping on the spam==bad bandwagon, stop for a minute and think. Is it really bad ? Or are you just being a bit of a whiner...

You are absolutely right about stopping and thinking. Let's stop for a minute and think:

• Unsolicited bulk email shifts the costs of advertising from the advertiser to the recipient. The recipient or the recipient's ISP has to pay to receive the unsolicited, unwanted garbage email.
• Unsolicited bulk email is almost always theft of service. The operators of the mail relays that are hijacked to send the junk almost never give their permission to have their equipment and bandwidth resources stolen. So, spammers are resource thieves.
• The bandwidth and admin costs of dealing with unsolicited unwanted junk email are high, jacking up the costs of Internet service for people everywhere.
• Unsolicited bulk email can deluge an email account to the point where it's useless. My email account at my DSL provider is unusable because it gets a fifty to one ratio of spam to legitimate email. I had to filter everything except emails originating from the ISP itself. Fortunately, I run my own sendmail server and can generate as many email addresses as I need. Spammers poke at it and probe it attempting to hijack it as a spam relay several times a day.

So, after thinking about it, I can conclusively say that yes, spam is bad. Spammers should be prosecuted. Personally, I'd like to see criminal charges be applicable.

Cheers!

Looking at some of the IPs involved

[DragonPup]

It's interesting to try ro decipher some info from the IP addressed that mass scanned DSL Reports. For exmaple:
216.249.93.15 = hsa015.pool022.at101.earthlink.net HSA possibly means High Speed Access, since Earthlink is doing some cable modem stuff now. The pool doesn't give any relavent info. at101 could mean Atlanta, though

The other IP address also go in the form of hsaXXX.poolXXX.at101.earthlink.net, so it definatly looks like it was the same guy

I hope DSL Reports sues the spam off this guy, this type of datamining is just low.

-Henry

I'm guessing LA area...

[Dr.Dubious DDQ]

Doing a tcptraceroute from here, the last few entries are:

18 EarthlinkLA-gw.customer.ALTER.NET (157.130.224.86) 107.363 ms 107.592 ms 106.501 ms
19 f5-0-0-cr02-pas.neteng.itd.earthlink.net (207.217.1.44) 106.004 ms 107.202 ms 106.447 ms
20 207.217.2.27 (207.217.2.27) 107.577 ms 109.698 ms 111.014 ms
21 216.249.64.35 (216.249.64.35) 107.946 ms 108.521 ms 106.762 ms
22 hsa015.pool022.at101.earthlink.net (216.249.93.15) [closed] 124.726 ms 123.248 ms 129.078 ms

Pasadena area, maybe?

They Should just beat him with his DSL modem

[Mysticalfruit]

My mail servers are always bogged down with SPAM. I really think it should be a beatable offense. Possibley we could clone that sex offender law for spammers. If convicted you'd have to register with the local police.

we should all fight spam

[4444444]

if everyone would do what ever they could to fight spam we could really make some progress against spammers
you could use spamcop.net or read some of these ideas [lenny.com]

Re:we should all fight spam (fixed link)

[4444444]

spam fighting ideas [lenny.com]