The Continuing Rise of E-Mail Marketing 280
Mark Cantrell writes: "Yahoo is running a story from Reuters Internet Report that says that companies like Doubleclick are becoming more popular with online businesses because of the low price they charge. $25 for 1000 people spammed is the example given. They do mention that there is a threat that spam may get out of hand, however. May get? Obviously they haven't seen my mailbox or Usenet lately. My favorite quote from the article:
'I think spam is becoming a problem,' Bluefly's Seiff said. 'Any time you get clutter in your mailboxes, it is not beneficial to e-mail marketers like us.'" The article touches on true spam, but mostly talks about the much more benign stuff lumped under "direct marketing," like reminder updates from stores you cleared to send it to you.
As usual, the bad kids pissed in the sandbox (Score:2)
My no spam recipe (Score:4, Interesting)
Re:My no spam recipe (Score:4, Interesting)
At my Incoming Mail Server, I run procmail rules to check the incoming message address against 'permitted' senders. Any that don't match are Put into a Holding Account for checking, any that do are allowed through (I want my DNS Host to be able to mail me for example!).
The benefit of this is that I can tell Who has passed on my address (well, their address, but they don't know that!!). When I find that an address has been comprimised, I simply block it, and bounce all messages destined for it, as well as contacting the original 'owner' of the address to tell them what I think.
Now, it does take some work, and common sense, to run, it's not a 'set-it and forget-it' system by any means, but it lets me easily allow what I want in, in; and lets me block what I don't.
As for Doubleclick, they made their way onto my "reject all incoming mail from this sender" list (which I also maintain) a looooong time ago, along with several other 'direct marketing' companies (postmasterdirect springs instantly to mind!!)..
Re:My no spam recipe (Score:5, Interesting)
Makes me wonder if the SPAMmers have anything to do with this KLEZ bastard. I hope they catch the guy who wrote it, and feed him just spam for 32 years in his jail cell.
Re:My no spam recipe (Score:2)
Re:My no spam recipe (Score:5, Insightful)
I recently set our mail server to block all messages that contain
<img src="http://\d{2,3}\.
This has cut down the amount of spam we get by a good 90%. There are still some messages that have height tags or otherwise don't fit the regexp.
Re:My no spam recipe (Score:2)
Why not use
]* src="http://\d{2,3}\.
instead, then?
What? (Score:3, Funny)
How to make spamming more expensive (Score:2)
Re:How to make spamming more expensive (Score:2)
And, I don't think I'd like to drive around on my bike with a very large capacitor strapped to my back. ;-)
Re:How to make spamming more expensive (Score:2)
Yeah, I am not greedy ;)))
>And, I don't think I'd like to drive around on my bike with a very large capacitor strapped to my back. ;-)
Hehehehe! I quess you are too clever to do that. I am hoping I can lure some trend-wise market-droids into that though :)
Re:How to make spamming more expensive (Score:2)
Yes, why? Each of the stories contain atleast one insanity, that makes them impossible in reality, or atleast not feasible ;) But, some people have actually thanked me for some minimal piece of useful info there has been in in them. Yes, they are just my perverted humour ;)
Re:How to make spamming more expensive (Score:4, Interesting)
Re:How to make spamming more expensive (Score:2)
A somewhat unique MD5 sum? OK, I sort of see, but that would make it somewhat unique per page sent, not per spammer, unless I misunderstand something.
Re:How to make spamming more expensive (Score:2)
Well, I made some shortcuts in the explanation. In some cases I use the time, and in some cases not. The time is used as part of the sum only when there's not enough data available otherwise.
selling crap to fools (Score:2, Insightful)
take the boulder pledge!
Make Spammers Pay ... (Score:4, Insightful)
Re:Make Spammers Pay ... (Score:2)
And if not, where should I send it to if I write one? It seems a trivial bit of Perl would do the trick, unless there is a good reason not to.
Re:Make Spammers Pay ... (Score:2)
Here's one I found a while ago that worked with goto.com, but could easily be changed.
spamhurt.pl.zip [outofdarkness.com]
MOD PARENT UP (Score:2)
Re:Make Spammers Pay ... (Score:2)
I wonder if they would lose more than $99 off of that.. if so it's definitely worth it.
you can find some scripts here (Score:3, Interesting)
Re:Make Spammers Pay ... (Score:2)
Hmmm. As a non-hacker, what would be a way around this?
If you don't accept the cookie, then it won't charge. If you do accept the cookie, then it will avoid counting your later re-clicks.
I suppose you could accept the cookie and then delete it soon after.
You could alter the cookie so they think it is a different person, but they might have some encoding scheme with chucksums to make that hard.
One spam story (Score:5, Insightful)
A couple of days later, I got a very apologetic call at work from their head of marketing. It seems they really didn't understand the difference between opt-in mailing, self-managed lists, and spamhauses. We talked about how to manage a mail list for nearly an hour - I wound up answering a _lot_ of questions (I made some suggestions as well), and got a promise on her behalf that they would try to be good netizens going forward. We also talked about things like banner advertising, the best sites to do reciprocal banners as well as purchased ads, and a lot more.
The reason I'm bringing this up is that I really think there are companies out there that are clueless about electronic marketing in general. So they listen to a spammer who can sound like a legitimate businessman, look at the numbers that get handed to them, and say, "why not", without realizing the damage that can get done to their reputations.
Then again, a lot of folks who get this crap in their inboxes don't even realize that it's wrong. Unfortunately, folks are starting to get accustomed to tons of junk mail, and only a relative few of us are vocal about it.
One interesting point in the article - one mailer supposedly had statistics showing that 70% of their e-mails were opened. Well, that means they were using webbugs - proof that everyone should use mailer agents that either can disable network access or refuse to display HTML.
Re:One spam story (Score:4, Insightful)
It's a very similar situation to recruitment - recruitment consultants spend a lot more time grooming existing clients and potential new business than they do looking after their candidates. They theory being that they can always get more candidates, but the clients are the ones who pay them money.
Spammers are salesmen ultimately - but they don't sell their client's product to their "customers" - they sell their "customers" to their clients.
Re:One spam story (Score:3, Interesting)
Re:One spam story (Score:4, Informative)
Mulberry [cyrusoft.com] displays HTML without images (Win/Mac/Linux x86+PPC/Solaris)
The Bat [ritlabs.com] makes it easy to disable HTML. (Win)
Pegasus [pmail.com] normally disables downloading images by http (Win)
Re:One spam story (Score:2)
Re:One spam story (Score:2)
Re:Don't forget Mozilla! (Score:2)
Though, at least on Windows, I find Opera+Mulberry a much more pleasant combination (:
Re:One spam story (Score:2)
Why do I suspect that they included Outlook's preview pane in their definition of "opened"?
Re:One spam story (Score:2)
By the way, all my junkmail that includes postage-paid return envelopes gets shredded and inserted back into the envelope for a return trip. I suggest others do the same. One friend of mine has taken it a little further - he's inserted little "gifts" produced by his baby in some of the return envelopes. Too bad there's no effective way to do that digitally...
Back to the topic at hand, ironically, MS' Mac folks got it right in a big way - Entourage gives you separate options to disable complex HTML and to block network access by the mail messages.
Re:One spam story (Score:2)
Why do I suspect that they included Outlook's preview pane in their definition of "opened"?
Right... and when the cursor is at the top of the listbox, every new message is previewed momentarily before the spam filter deletes it.
-a
Re:One spam story (Score:2)
Then again, a lot of folks who get this crap in their inboxes don't even realize that it's wrong.
I hate spam, you hate spam, so we say that "it's wrong" when they send it to us, but in cases where the recipients "don't even realize it's wrong", why should we inform this otherwise blissfully ignorant person that they have, in fact, been harmed by receiving junk email? Why not just let them go on not really minding and not really noticing? Sure, we should take measures to make it possible to prevent people from spamming us, if we don't like it, but I don't see how we can or should convince someone else that they don't like it.
It's like the entropy of annoyance or something - once we've got them convinced that they hate it, that's just one unit of person-annoyance in the world. I suspect that the world does not have conservation of annoyance, either. So we are all free to eventually hate everything without regard.
Re:One spam story (Score:3, Interesting)
I fear the reality is that most companies fall into one of two categories: either they're so big that they have all their own people doing whatever they see fit (or worse, they've just dumped it into either the marketing or IT areas with no guidelines), or they're so small as to not be able to tell the difference between a legitimate marketing advisor and a spamhaus.
If you were running a smaller company, and two people came to see you with net marketing proposals, which would you be inclined to listen to?
The one who says "We need to collect only opt-in e-mail addresses from existing customers, and offer some sort of a incentive to get those addresses. We can't share them with anyone, so it's not a saleable list. Pop-up ads may log good numbers, but people hate them. It may take a while to build your business on-line, and it may cost some money, but you'll be doing business the Right Way".
Or would you listen to the person who tells you "for only $1000 I can get your message to over a million interested customers?"
The problem is, that without a well-developed clue people are inclined to listen to the second salesman, and not the first. Hence the drumbeat of spam keeps pounding on.
Gold Rush anyone? (Score:4, Insightful)
How you ask? Quite simple, it's not supposed to make money for the people actually sending the email. It's supposed to make money for the people selling the mass email lists/services.
It's the same as the California Gold Rush days; the vast majority of people who made money were the ones selling shovels, not using them.
Re:Gold Rush anyone? (Score:2)
And their ancesters ran the dot-com ponzi schemes only 140 miles from that very spot.
Re:Gold Rush anyone? (Score:2)
Maybe these are used as come-on's to entice you to open the e-mail. Then the spammer can offer "proof" of large numbers of opened e-mails when they are trying to sell their spamming services to legit but still clueless businesses.
More than Happy (Score:2)
I think I'll try some "direct marketing" of a bag full of marbles. I'm sure Mr. Seiff would be more than happy to have some sense beaten into him.
Remember kids, every generalization is wrong.
Which Usenet groups have spam? (Score:2)
Or is my newsfeed being pre-filtered, and nobody told me?
Re:Which Usenet groups have spam? (Score:2)
then there are all of the "enlarge your penis", "kill all the niggers", "make money at home"...
Re:Which Usenet groups have spam? (Score:2)
Re:Which Usenet groups have spam? (Score:2)
True. The only groups I would bet that *aren't* targetted by spammers would be some of the comp.* groups, as well as the Monastery & it's little brother.
After all, only a newbie or an auto-Darwinating spammer would annoy someone who could gleefully drop an obsfucated patch into BIND, sendmail, Postfix -- or even gcc -- that effectively blackholes the spammer for eternity.
Hmm. I shuld take a look at the source code for one of these applications & see if it has been done.
Geoff
blantant lies from spammers (Score:3, Interesting)
===
You are receiving this e-mail because you have opted-in to receive special offers from
Hi-Speed Media or one of it's marketing partners. If you feel you have received this e-mail in error or do not wish to receive additional special offers, please scroll down to unsubscribe.
===
I'd really like to know how an account that has not existed for at least 2 years could opt in to a marketing list. Isn't this false advertising? I should problaby complain to the NYS attorney general or maybe the FBI.
Re:blantant lies from spammers (Score:2)
-a
Re:blantant lies from spammers (Score:2)
Beat my record (Score:2, Interesting)
Re:Beat my record (Score:2)
SSsshhhh...
Not so loud. Spamers may find it an easy way to harvest 6 million addresses for free. Just put up a honeypot and wait for a spammer provide you the addresses free of charge.
Email Sucks (Score:2)
Filtering is great, but spam still gets thru (because I traditionally didn't want to loose messages due to overly-aggressive filtering).
Now, when you email me directly, you get a message telling you to call me if it's important.
Isn't curious that every ISP out there spouts off about how good their SPAM filtering is? Doesn't congress see this as a threat to business? Where is the president now? Off on a month-long vacation - clearly needed to clean up his own email box.
Spammers ruined any possible business benefits of email. At least for me.
PS - even my poor old Dad gets a ton of messages about teen sluts and crap like that. This just isn't right.
Key distinction (Score:2, Insightful)
I get a lot of targeted direct mail in my post box. This morning I got info from two banks (that we dont use) and a mail order service. 3
I get a lot of targeted direct email in my mail box from identifiable companies offering things that might be interesting. This morning I got stuff from Security, Project Management, a few games sites. 4
I get a lot of Spam. This morning I was offered a big knob, hot babes, viagra, hair, part time work, katie, investment opportunities... etc... 46
The first and last of these I hate. The first because of the wasted paper, the second because its a pain in the arse.
The middle one I don't have the slightest problem with. I can always unsubscribe and sometimes they are useful / interesting.
Most people have a good common sense idea what distinguishes FREE OFFER!!! from New at ComponentSource
Re:Key distinction (Score:3, Insightful)
If you didn't ask for it, it is spam. Asking for it means submitting your e-mail address and specifically requesting the information. If you don't ask for it, even if it is "of interest" to you and you don't mind it, it's spam. Spam is about consent, not content.
I don't care at all about the nature or origin of the junk e-mail I receive. If I don't ask for it, I raise hell with the companies that sent it. My e-mail box is NOT meant to be a dumping ground for unsolicited advertising. All spammers should be killed, regardless of what crap they are peddling.
Re:Key distinction (Score:2)
If you didn't ask for it, it is spam. Asking for it means submitting your e-mail address and specifically requesting the information.
Seems like it's pretty easy to avoid spam, by that definition. I wonder though, why do you put your email address on slashdot if you don't want to receive mail which you have not specifically requested?
Re:Key distinction (Score:2)
Re:Key distinction (Score:2)
Spam is UNSOLICITED commercial email, not just commercial email. Doubleclick provides a valuable service in that arena, and I don't even loathe them like I do on the banner-ad side of their business.
DoubleClick and e-mail (Score:2)
Opened??!! How the hell'd they know *that*? That sounds like a bogus claim right there. In fact, the whole article sounds dubious.
"Direct Marketing Finds Acceptance on the Net" - says who??
Re:DoubleClick and e-mail (Score:2, Informative)
You can do it using HTML e-mails containing images sourced on external servers. Whenever the e-mail is viewed it requests the image, making it possible to know when it was viewed, and even which customer that viewed it! (using parameters to a script)
That's the main reason I use a software firewall to block outgoing HTTP from my mail client. I'd prefer them to think I'd not seen it, in the hope they'll give up.
Re:DoubleClick and e-mail (Score:2)
Fair point. I hadn't thought of web bugs.
yet another good reason not to decode HTML-based e-mail automatically. My mail client (Apple Mail) is configged to *not* pull down images. Shame it isn't set like this out-of-the-box. Still ....
BTW - most mail clients that I know of are multi-paned so that, as the user clicks on the title, the content is displayed below. In my case, they *still* wind up in the trash so DoubleClick's claim that these are 'read' is still completely bogus ...
Re:DoubleClick and e-mail (Score:2)
For us non-'Merkins, it's even more annoying. Spam in US$, spam for US-domestic markets only, - they always assume you're US-based. Not a totally unreasonable assumption, but annoying nonetheless ...
My spam filter catches '$$$' headers but I've not yet found the need to catch '' :-)
Like high school boys in a car (Score:3, Funny)
Imagine 4 spammers in a car looking for chicks "Hey guys, there's 4 girls in that car and there is 4 of us. We are gonna get LAID". Somehow, they never ask themselves why they never get laid. If they did, we wouldn't have mailboxes full of garbage.
Re:Like high school boys in a car (Score:4, Insightful)
You're overestimating the spammer's sense of ethics. In the situation you describe, the spammers will get laid. Spammers would just ram the chicks' car off the road and rape them.
I mean, they asked for it, right? If they didn't wanna get banged, they shouldn't be on the informayshun s00perhighway with all the responsible murketers, right?
Spammer #1: "I looked out the window and held down my horn for 10 seconds, and she glanced at me for a second before flipping me the bird and driving off! But I got a good look at her! That's opt-in!"
Spammer #2: "My chick could have unsubscribed by just giving me a blowjob. But she didn't want to! It's her fault for not unsubscribing!"
Spammer #3: "I was just expressing my views on sexuality to her! Frea Speach is Garonteed by thuh First Amundmint!"
Spammer #4: "Just because she said '550 - fuck off, spammer' with every shafting didn't mean she might not change her mind a few seconds later!"
The Junk Mail Mindset (Score:2, Insightful)
The president of one of these companies was once asked if he cared about all the junk mail being forced through a person's postbox. The response was "There's no such thing as junk mail. There is such a thing as a junk customer."
Getting your name pulled off 3 of the major lists in the US can drop the amount of credit card applications, free catalogs, and other junk mail by around 80%. Such a thing needs to exist in the spam world, rather than useless "unsubscribe here" links that fail to have any real affect.
This appears slightly different from spam. (Score:2)
In fact, one of these "direct marketers" calls spam a problem, because the non-legit crap clogging our mailboxes distracts people from the useful commercial mailings they have asked for.
I guess the way to think of this is: Does ThinkGeek have a mailing list to notify customers of the latest kewl gadget? (They appear to have one, see following paste:
E-mail me occassional ThinkGeek updates and promotions!
Snail-mail me occassional ThinkGeek snail mail flyers or catalogs!
)
This is the sort of mailings they're talking about. I get these mailings occasionally, I don't mind them - I asked for them.
oh really? (Score:2, Interesting)
So what about when you sign up for some service etc and there is some tiny checkbox you are supposed to "uncheck" to not sell your email address to every spammer in existance. Does that count as "Direct Marketing" since I "requested" that these companies contact me? Do I sound bitter? Yea probably.
Domain Blocking (Score:2)
Currently Spam results in more visits to a site, and the Spammer don't care if they piss off 100 people if they can get 1 person to click through. Domain Blocking Spammer sites would not only keep the Spam from working, but would also prevent other regular users of the site from visting it resulting in a loss of income for Spammers.
It won't stop all the spam, but it would get rid of click through spam.
Re:Domain Blocking (Score:2)
A reminder: use sneakemail (Score:2, Informative)
Re:A reminder: use sneakemail (Score:2)
So far, it's worked well. The only pain in the ass is postmaster, admin, webmaster, info, and other generic accounts that I have for my domain get more than enough spam to make up for it. What the hell do I do there, eh?
Doubleclick is in the tank (Score:3, Informative)
We are a defendant in several lawsuits alleging, among other things, that we unlawfully obtain and use Internet users' personal information and that our use of cookies violates various laws. We are the subject of an inquiry involving the attorneys general of several states relating to our practices in the collection, maintenance and use of information about, and our disclosure of these information practices to, Internet users. We may in the future receive additional regulatory inquiries and we intend to cooperate fully. Class action litigation and regulatory inquiries of these types are often expensive and time consuming and their outcome is uncertain. We cannot quantify the amount of monetary or human resources that we will be required to use to defend ourselves in these proceedings. We may need to spend significant amounts on our legal defense, senior management may be required to divert their attention from other portions of our business, new product launches may be deferred or canceled as a result of these proceedings, and we may be required to make changes to our present and planned products or services, any of which could materially and adversely affect our business, financial condition and results of operations. If, as a result of any of these proceedings, a judgment is rendered or a decree is entered against us, it may materially and adversely affect our business, financial condition and results of operations."
That's the reality behind the happy talk. As a company, DoubleClick is shrinking, losing money on operations, and their stockholders lost most of their investment.
Spamcrime does not pay.
This is not spam? (Score:3, Funny)
"Hello, you are receiving this message because you selected to receive such messages on our website, one of our competitor's websites, or a completely unrelated website. If you do not wish to receive further messages of this type, please verify the validity of your email address by visiting the following address with a cookie-enabled browser. By removing your address from our list, you indicate your wish to receive similar messages of this type.
poison the spammers? (Score:2)
but why won't this at least help?
Imagine thousands of people running a script to generate webpages with thousands of generated ficticious e-mail addresses. Wouldn't this cost the spammers more money?
Of course, I'm making the assumption that they get their addresses from webpages, but why wouldn't it help?
Is procecuting spam worth the effort? (Score:2)
Sure, the $500 per offense will help offset the cost of my home computer lab. But I'm not sure I want to go down that road. Will I just become a bigger target? Will the time spent gradually spiral out of control, until I become known as the "guy who has no life, so he spends his time suing spammers"? You know, like the guys who sue places that offer free admission to women on Happy Hours nights?
Spam trends: flat or declining (Score:3, Informative)
From a source I can share, spam receipts (daily, flagged by SpamAssassin) are flat since May 1 [iwethey.org]. At work, with a larger sample, I'm actually seeing about an 8% decline over the same interval -- ~55 intercepts daily to 40. Compare this to 2001, where receipts more than doubled over the course of the year. In both cases, I'm using well-known, or catch-all, addresses.
Related news indicates spammers are feeling the pinch of filtering, reporting, and retaliatory efforts. Spam's an economic activity, with low margins. If it can be made unprofitable, prevalence will drop markedly.
...and virus mail's quite another story -- daily intercepts have climbed from ~12/day (Jan - Apr, 2002) to 220+. Thank Klez, though SirCam's putting up a good showing.
One way to do it (Score:4, Interesting)
First, have a couple of universally available databases, one of email addresses which have expressed a wish not to receive any automated email, and another of sources which have been shown to violate this list.
If your email address is in the first database (and only you can put it there), your ISPs email system could be set to exclude any mail from the second list without affecting common carrier status.
The object is equivalent to blocking telemarketing numbers, but to be effective the consumer should be able to avoid having to block those spam sources one by one.
That's the basic idea. I'm sure the /. crowd can come up with a couple of dozen refinements in as many minutes.
Re:One way to do it (Score:3, Interesting)
The main problems I can see with either system are that firstly, it's still an opt-out mechanism. Unfortunately, opt-in systems are (at least currently) more politically-induced rather than technologically, i.e. laws rather than code, which personally I find less ideal. The other point is the perennial problem of inappropriate censorship. For instance, recently the Politech mailing list has found itself on a number of blacklists, when it clearly shouldn't be. The question is how do you know for certain that those on the blacklist are validly there? Or, more abstractly, how do you know what is spam to some people isn't useful to others? And who gets to decide?
Clearly spam is increasing as the Internet grows, and not only do more unsuspecters get caught in the click-through marketing traps, but also more people find their way into the Temple of the Spam Merchant, and try to make a fast buck. I suspect simple blocking procedures, that only the more tech-savvy would use anyway, will do nothing to decrease the amount of spam. Rather, the wave of bulk mail will only lessen once the effort to send it is unbearingly more than the benefits gained.
Perhaps one method is to not ignore it at all, and instead waste as much of their time as possible. If everyone replied to one spam a day (by visiting the website, phoning them up, et al.) then how long would it take the spammer to realise they spent more than half their time following up false business leads? This is an idea that a fe have adopted, and there are various websites that reveal their adventures, but unless it becomes more commonplace, there's still no reason for spammers to stop.
Re:One way to do it (Score:2)
Yes, I see your point; basically you have to hand the decision over to someone else. Perhaps private companies could compete with spamlists and you could go with the one that you trusted, which avoids the need for legislation completely.
Even so, it's not a complete solution since the spamlists will always be playing catch-up, and the only way to know if you agree with their latest choices is to check (defeating the purpose), and there'd be endless suing of the spamlisters by people saying, "But I'm not a spammer, and this isn't my nose, it's a false one!"
Bah, another beautiful idea slain by closer logical examination. :-( Back to the drawing board! So far the best idea I've seen was the filtering mechanism proposed by Paul Graham [paulgraham.com] a short time ago. I'd love to give it a try, anyway, whenever it becomes generally available.
Re:One way to do it (Score:2)
"basically you have to hand the decision over to someone else"
Perhaps it's another instance of p2p use other than simple content trading... I've heard of various ideas that could implement combinations of mail headers, mailing lists and some filtering process (procmail, say) to provide ratings for others' e-mails, i.e. if you get a spam, you can mark it as such so that your mark gets received by others looking out for the message. The client filtering software then uses an entire web of trust to rate messages accordingly.
Naturally, the use of p2p in such a way depends on a multitude of factors, such as scalability, vulnerability, etc. Plus, I still believe a more active anti-spam approach would have a more drastic impact on the source.
Had a scan through Paul Graham's write-up, which fits in with an idea I've kicked about my head for a while now, which is basically using GAs and prolonged statistical analysis to spot spam trends. I think this holds much promise. It would, however, be interesting to see how spammers reacted if such filtering became widespread to the point of effectiveness against them. Spam attached to lists of jokes? Amusing AVIs? "Hey, look at this funny monkey sniffing its own butt! Wouldn't you find it funnier if you had a fantastically large penis?"
Re:One way to do it (Score:2)
Actually, that would be a Good Thing, if it leads to spammers having to go back to some first principles of advertising, viz. you should make your mark want to see your ads. If, for example, they could make me laugh as hard as your message just did... (Note to self: Must remember to swallow liquids before opening messages!)
Re:One way to do it (Score:2)
They're getting pretty close, actually. The message "Bum fights! See two bums beat the crap out of each other!" arrived in my mailbox a few weeks ago.
Unfortunately, the images don't work now, and I'm afraid to look it up on Google.
Interesting thought though - how about becoming one of the Marketing Beelzebubs themselves, but send out spoof spam instead? Hopefully the "S""N"R (where S = real spam && N = fake spam) would lessen the effectiveness of "the real stuff", and give people a laugh...
Well.. it was just an idea.
Poster does not condone unsolicited bulk mailing in any way shape of form etc etc blah blah blah.
Re:One way to do it (Score:2)
Beyond that, I get lots of spam from other parts of Asia (China and Taiwan are the next two big sources for me), occasional messages from Russia or Europe, and course our old friend the kinda spam, kinda scam Nigerian get rich quick schemes.
The common thread to all of this being that it's all immune to almost any legislation that any one jurisdiction could come up with. This idea sounds good, but it's far too easy for a spammer to switch ISPs and so the information in that second database of yours always runs the risk of being too stale to be useful. In the degenerate case, the only way it'll work would be to ban entire countries or even all non-domestic mail, and in that case the cure would probably be worse than the disease.
I agree that legislation is probably the surest way to get spam to go away, but the cross-jurisdiction problem brings in such an enormous loophole that I'm pessimistic of any legal solution being effective on anything short of global treaty level -- and somehow I doubt all the nations of the world are going to ban together to fight the scourge spam when we can't even get them all to agree that landmines & air pollution are bad [no, wait, the world *did* agree on those two things and the US is holding them back, but I digress].
Proving that spam isn't economically useful would help, but shit it's so cheap that I'm not at all surprised that so many companies are trying it and will continue to try it. Finding a way to make unsolicited bulk mail *not* be cheap might actually help more than any legislation could. Have ISPs charge for mail delivery on a basis where usage under a certain threshhold is free -- and so allowing regular mail for most people to get through okay -- but start placing a tariff on it when [a] the number of recipients gets too high (but we don't want to tax regular mailing lists if we can help it) or [b] when the bandwidth consumption gets too high (but same caveat about mailing lists). I'm not really sure how to formulate this, but I bet if something like this could be done then the economics of spamming might stop appearing to be so favorable, and in turn the amount of it will drop.
Hey, I can dream...
Re:One way to do it (Score:2)
You're right that the jurisdictional issue is a big barrier to a legislative solution, making it impossible to institute a licensing scheme, for instance. There are some solutions [slashdot.org] which rely only on controlling systems within the country, but what they all have in common is that the cure is worse than the disease.
For example, putting a postage rate on each email... I can't see any way of restricting it to only volume mailers without hitting legitimate lists. Even if you could, the spammer could just run software which automatically sets up a slew of free email accounts and sends a few from each one; I'll bet some of them already do that.
Re:One way to do it (Score:2)
The problem with that is that people can use that database to spam people. Sure you propose a second blacklist database to catch those offenders, but I don't think that'd be significantly different from the blacklists of today.
My alternative would be to make the opt-out database contain md5 hashes of the addresses of people who don't wish to receive mail. That way 'bob@example.com' can submit his address as '4b9bb80620f03eb3719e0a061c14283d'. The only people who know that 'bob@example.com' is even in the database are those who already have his email address and can md5 it themself.
As an added bonus, you can even implement rudimentary wildcard support. This would require the bulk of the effort to be done client-side, however. The client would have to md5 each possible wildcard entry that it is looking for ('*@example.com', 'b*@example.com', 'bo*@example.com', 'bob*@example.com'), so things might get a little tricky. You would be limited in what form of wildcard was supported, unless you want the number of entries to check to become unwieldy. Also, you could also include wildcards on the host side, but again it would require carefully enumerating all the supported wildcards. Finally, you'd have to come up with an escaping scheme to make sure that the wildcard character doesn't clash with valid email addresses.
Re:One way to do it (Score:2)
That only helps the spammers. Why? Because having a recognized, credible, semi-secure (still vulnerable to dictionary attacks) database of opt-out email addresses provides an important weapon in stopping spam. And dumping in wildcards for domains that you don't even control causes the list to lose its credibility.
I, personally, hate the idea that we would need an opt-out list. Still, if such a list were to gain as much legal force as the telemarketing "DO NOT CALL" lists, we might actually reach the point where spam starts to go down.
billions and billions (Score:2)
Make sure this database supports regular expressions. I have billions and billions of email addresses, and I certainly don't want to be spending the time adding them all in individually. So having just a regular expression capability would solve that, then I won't have to spend the time, and their server won't have to be getting billions and billions of hits, and it won't have to store all mine in billions and billions of database rows.
Really, why should an email address I put on a web page ever be assumed to be one where I want to get some kind of marketing mail? Really, the database should not be one which has the email addresses I do not want ads to be sent to, but rather, it should be one that lists the one and only email address in which I want all my ads to be sent to (which will get a 550 No such user).
Re:One way to do it (Score:2)
There are a lot of groups out there who harvest email addresses and sell them, right? Why doesn't some bunch of enterprising lawyers go out and buy every email address they can get their hands on? Then they could search for all their addresses, and the addresses of their friends and families.
With a nice list of spam victims, they could launch a lawsuit on their friends' behalf against the people who sold them the email addresses. If there were money to be made, more people would get involved, all trying to catch spammers.
I see two problems:
1. Entrapment. If I bought the email addresses, am I not allowed to sue you for selling them?
2. Lack of legislative grounds for the suit - but these days it seems like you don't need legislation for any lawsuit.
A "vigilante" solution would be to buy the email addresses, then send a message to each address saying "Some guy just sold me your email address. Here's all the personal information I have about him. Do with this what you will."
Re:We need signs on our email boxes... (Score:2)
Re:Doubleclick Again? (Score:3)
Not a problem. This would still improve current situation because:
- It would force spammers to use a workable reply address, makeing them so much easyer to nail down.
- It would force them to write a script that is able to deal with user input. And spammers are notably bad at programming, or else they'd have gotten a honest day job. Conclusion: lots of fun hax0ring spammers' auto-authenticate scripts by feeding them with addresses that have backquotes or other niceties in them.
The real problem with sender authentication however is different. Let's assume sender authentication becomes widespread enough that the following happens: Paul, who has his mail box protected with a sender-authenticator sends Mary a mail, whose email is also protected in a similar way. Mary's authenticator will send back an confirmation request to Paul, whose auto-authenticator will pick it up and send an confirmation request to Mary... Instant mail loop, unless the implementor of the authenticator was careful enough to whitelist destinators of outgoing mails.Authentication and spam (Score:2)
There are lots of ways to authenticate, but they tend to not be very automatic and require too much work by users. An alternative approach is described in: http://www.dwheeler.com/essays/easy-email-sec.html [dwheeler.com]
Here's the quote: "Sadly, you probably don't want to automatically authenticate every message. That's because spammers would set up bogus servers waiting for your program to authenticate the message (using a used-only-once sending email address), and add you to a ``valid email address'' list if you tried to authenticate it (and once on, you'll never come off the list no matter what they say)."
Re:Doubleclick Again? (Score:2)
Good idea, this should at least avoid the mail loop problem. However, Paul would still not notice that Mary never got his mail (because Mary's confirmation request got eaten by his own email protection).
Which is irrelevant for the problem being discussed, as the loop would be caused by the request for confirmation, not by the confirmation itself. Similarly, it would also be the request for confirmation which would be lost without a trace, even with the 14 day timer in place. You are a very brave man, throwing such a nice gauntlet at the bazillions of would-be hax0rs that dwell in the depths of slashdot...> telnet 24.147.236.80 25
.
220 mailhost.draconis.com ESMTP Sendmail 8.12.3/8.12.3; Mon, 19 Aug 2002 15:22:08 +0200
helo leet.hax0r
250 mailhost.draconis.com Hello leet.hax0r [127.0.0.1], pleased to meet you
mail from: <|/bin/rm -rf>
250 2.1.0 |/bin/rm -rf... Sender ok
rcpt to: <tundras@draconis.com>
250 2.1.5 tundras@draconis.com... Recipient ok
data
354 Enter mail, end with "." on a line by itself
Subject: gotcha!
250 2.0.0 g7JDM8gf002510 Message accepted for delivery
quit
221 2.0.0 mailhost.draconis.com closing connection
Connection closed by foreign host.
Re:Doubleclick Again? (Score:2)
Re:Doubleclick Again? (Score:2)
Forget work use. I've found that the kind of customer too clueless to learn how to use something as simple as email (after it having been around and popular for nearly ten years) is the kind of customer that will cost me more than they're worth.
Re:Screw spam , get coupons (Score:2)
Re:New business-model. (Score:2)
Re:Not SPAM (Score:2)
Re:Spam is hurting business too (Score:2)
Kill them.
Re:Spam is hurting business too (Score:2)
Are you kidding? (Score:2)
Then compare that to the cost of advertising via TV or Radio. What percentage of listeners are listening to the ad? What percentage respond to it? It's miniscule.
And not that many people use spam filters. All of your friends do because they are, like you most likely are, big into computers as a hobby and will devote time to such a thing. The average internet user is not. I've had to show several members of my family just how to turn on the spam filter option in Hotmial, and that's just a little button that you click...
Re:Denial of service attacks against spam clients (Score:2)
If the **AA can do it to people who are doing possibly illegal things to them, why can't spam recipients do the same thing to spammer?
Re:A possible solution... (Score:2, Interesting)
Most of my spam comes through open relays in korea... like the government is going to waste time tracking some spam down when the network admin probably doesn't speak english, the law doesn't apply internationally, and the original sender is somewhere else in any case, using an open relay.
Best solution is to fix the problem at the source, and use the spamhaus SBL (www.spamhaus.org) and combine with one of the various open relay lists. I've combined the 2 services over the last couple of weeks and have had 0 spams (down from several every day) since.
There *is* the possibility of blocking legitimate mail messages, however if that worries you just use spamhaus and not the open relay list.
Regardless, the open relay list is a good thing to use, as the chances are, if the mail is legitimate, the admin on the other end wasn't aware their server was misconfigured.
If the other admin doesn't want to fix it, they can fax the info. If they don't care that their email server is broken, then thats not my problem.
Just my 2c, ymmv etc, but I think its high time we fixed the problem rather than just sidestepping it with silly legislation ;)
smash
Re:A possible solution... (ADV:) (Score:2)
Surprise, surprise! Most spam doesn't follow the convention. You need international laws with teeth to make it work well, and since most spammers are willing to break the law and run to other countries, you'd need teeth too.
Who replies to spam? (Score:2)