Paid To Spam 629
Lathiat writes "It seems that spammers have taken a new distributed approach to sending spam, and you get paid for it.
Virtual MDA will pay you $1 per CPU hour their program is running to relay spam around the world. Obviously this is not something you should do, most users are all to familiar with the atrocity of sorting through up to hundreds of spams a day just to find one real email, Although it has been previously reported that some users love spam, I for one don't.
Is there any way end users can fight back against people like this?" At $1/hour, this sounds like a low-gain way to infuriate both your friends and perfect strangers.
Fight back! (Score:4, Insightful)
I say we sentence the people who like/read/send spam to filter through all the email that the filters tosses, just to make sure no legitimate email has been accidentally deleted. Maybe if the know what it's to sift through this crap all day long (like I do when the server filter goes down), they'll get the drift.
Thousands per year (Score:3, Interesting)
The money is tempting. Imagine all the toys that could be bought with it.
Re:Thousands per year (Score:5, Interesting)
Not so free... (Score:5, Insightful)
Oh my goodness (Score:3, Insightful)
Bottom line though, good luck finding an ISP that will sell you a T1 without SPAM restrictions. Perhaps more importantly, you would be 1/2 or 1/3 responsible for any CAN-SPAM violation law-suits. That would put a hamper on your day. The lawyer fees alone would swallow your profits whole.
Re:Not so free... (Score:3, Insightful)
Well, the fact that a company would happily pay you $1 an hour to send spam over an ADSL is strong evidence that, if you were delivering spam from eight machines hooked up to a T1, you could be making far, far more than $8 an hour.
I mean, if you want to be evil, why pay most of your profit to a middleman?
Re:Thousands per year (Score:5, Interesting)
Not that much (Score:5, Interesting)
DSL/Cable Method:
Sounds good: $840 per week
First, Taxes: $500
DSL/Cable gets cut off after a week, weekly replacement, non refundable: $440
Two day wait for installation of new DSL provider (cuts funds by 2/7): $315
Give two months, and you have likely run out of providers.
T1 Method
Sounds good: $840 per week
First, Taxes: $500
Pay for T1: $375
Now were talking!
Oh, but wait - assuming you find a provider that offers a T1 that doesn't cut you off... then, within 6 to 12 months, you become a Co-Defendant in a CAN-SPAM law suit. Assuming the judge does not find you responsible... Good luck paying yourself and a lawyer on $375 per month.
There's another thing here as well. There's very little likelyhood that ANY computer can dedicate more than 95% CPU to a single task (unless you are running this program on DOS). It also assumes that they give you enough addresses to process to actually make this type of money (very doubtful).
However, assuming everything were to go your way, T1 provider that likes you and no law-suit...Yeah, you can live on that, but you'd probably want to steal candy from kids to suppliment your income.
Not quite (Also, it has a trojan) (Score:4, Informative)
Time Run: 1:31:14:999
CPU Time Used: 0:01:05:199
CPU % Usage: 1.69%
Oh yeah, did I mention it has a trojan?
Typed screenshot from AVG Antivirus:
AVG Residant shield
Virus
Trojan horse Downloader.4.Small.BT
is found in file
D:\Program Files\VirtualMda\package.exe
To remove this virus, please run AVG for Windows
Re:Thousands per year (Score:5, Funny)
Re:Thousands per year (Score:3, Insightful)
Re:Thousands per year (Score:4, Insightful)
Not that we would fall for it, but just think about who will.
Re:Thousands per year (Score:5, Informative)
"In the event of technical problems or data loss which causes a loss of account information, your account will be reset at $0.00, and you hereby waive any and all claims for any amount previously accrued but not yet disbursed."
You can't claim until it gets to $50, and your account can be reset to $0 at any time.
Re:Thousands per year (Score:3, Interesting)
It would be fantastic! Take the spammers money and have all their spam flow into a big blackhole. This has definite possibilities....
Re:Thousands per year (Score:3, Insightful)
Re:Fight back! (Score:3, Funny)
CPU hour, not normal hour (Score:5, Informative)
It runs as a service (or whatever windows calls daemons nowadays) so you're not getting even close to a CPU hour in an hour.
Re:CPU hour, not normal hour (Score:5, Informative)
It all depends on what the thing it trying to do. Look at Seti or Folding, bot run as daemon/service/background processes and both will use 100% CPU.
Re:CPU hour, not normal hour (Score:5, Insightful)
Look at it this way, if you let it use 100% CPU usuage, but only give it a 1bps internet connection (use a router to alterate the uprate speed or something), do you still get paid by CPU? Isn't the problem with spam bandwidth not CPU? I'm so confused! Would a person running a 486 with a modem get paid as much for 100% cpu as someone running a zSeries IBM mainframe on bundled T3's??
Re:CPU hour, not normal hour (Score:3, Interesting)
Even at lowest priority it'll get all the cycles no one else demands, which could be just shy of 100% all night long (plus most of the day, while you're at work or in class or whatever). Viewed over a 24-hour period, the vast majority of computers nowadays have essentially zero load.
Re:CPU hour, not normal hour (Score:3, Insightful)
does a VIRTUAL cpu hour cost?
how about running 100 clients on one computer under virtualisation on one feeble line that, that gets the sent spam filtered later on the line anyways, just to screw these guys up?
Re:Fight back! (Score:5, Interesting)
If you simply install a firewall filter that blocks the outgoing spam mail, the spammers can never figure it out and you're making money for nothing. The program runs, it sends spam, the spam just gets nowhere.
A powerful computer to pump out spam quickly and a decent firewall to block it will pay for themselves quickly if you keep them running 24/7.
Re:Fight back! (Score:5, Interesting)
I'm unimpressed, but wait till someone codes this into a trojan with his spam-sender-id-thingy on it. He'll easily make thousands an hour without ever sullying his own machine, and at no risk to his ISP account because hey-- he's not sending the spam, the zillions of clueless users he infected are.
Re:Fight back! (Score:3)
It'd be trivial for them to detect this--seed the mailing lists they give you with a few addresses that forward to them. I believe the same thing is established practice in the world of mass (non-electronic) mailings.
--Bruce Fields
Re:Fight back! (Score:3, Interesting)
Re:Fight back! (Score:4, Insightful)
Re:Fight back! (Score:5, Informative)
Re:Fight back! (Score:3)
Umm... I believe they said $1 per CPU hour. You'd probably have to send many millions of messages just to get your first buck.
Re:Fight back! (Score:4, Interesting)
And loss of your ISP connection due to violation of the TOS.
I guess they will find enough short term accounts this way. They don't care that the people they use have a new problem to deal with.
Re:Fight back! (Score:4, Informative)
In short, after you sell your soul and your internet access, you get nothing in return. Zero, zilch, nada. Find someone who has received a nickel from these guys, if you can.
I got paid! (Score:3, Funny)
While you're at it, don't forget to make your order for viagralax, the only viagra alternative that's also a laxative. I'm not only a peddler, I'm also a satisfied customer!
(As if you could really trust someone who said they got paid.)
Re:Fight back! (Score:3, Interesting)
I'll bet you get a free gift!
Identity theft! Especially since they'll probably ask for account information where they can deposit your ill-gotten gains.
(Never try to out-scam a scammer... it's like trying to argue with an idiot.)
$1/hour (Score:5, Insightful)
What happens when other spammers adopt this business model? That $1/hour assumes that you would only work for one spammer at a time. If you were really trying to make a career out of it I'm sure you'd be working for as many spammers as once as you can handle. That being said, it's still a very sleezy way to make a few bucks considering the majority of people hate spam.
I for one would feel like I was selling the rights of everyone else for a living. I'm not sure how people can feel "good" about doing something like this.
Re:$1/hour (Score:5, Insightful)
-
That $1/hour assumes that you would only work for one spammer at a time.
Actually it's $1 per CPU hour, so you can only work for one spammer per CPU hour. Seeings as spammers spam nonstop, I doubt your CPU cycles would ever be free to sign up with another spammer.Re:$1/hour (Score:3, Insightful)
Never trust a client computer, particularly if you are a spammer paying that client.
I'd be willing to report about 500 hours of work per day to as many spammers as I can scam.
Re:$1/hour (Score:5, Funny)
How about a beowulf cluster of x286's?
Fifty old slow cpu's and you're making $50/hour.
Oh, and did I mention that my 50 old x286 boxes all share a single dial up line?
On a 300 baud modem?
Re:$1/hour (Score:5, Insightful)
Re:$1/hour (Score:4, Informative)
Not really an original idea. Snail mail mass marketers seed their lists with their own PO Boxes and such to ensure that mails are actually getting sent.
Re:$1/hour (Score:4, Funny)
Sounds like a bad idea (Score:5, Funny)
Great (Score:5, Insightful)
On another note, perhaps legislation should be put forward to outlaw distributed (this would have to be defined further... perhaps third party or in a different physical location, obviously wouldn't want it to affect legitimate servers) mail delivery like this. There's not really any point in a widescale distributed email delivery system OTHER than delivering spam that I can think of... Though I'm sure spam companies would try to come up with something. In this case, I think legislation may be a good thing.
Better Watch The Laws (Score:2)
There are may legitimate companies that have distributed mail systems in may different locations. Yahoo and M$ for example. This is not only for load but redundancy. Something like this might be hard to do.
Here's some more free advertising.. (Score:3, Informative)
Sendmails Corporation
P.O. Box 195
Manchester, NH 03105
TEL: 603.622.6999
FAX: 603.624.9089
Of course what you choose to do with that information is up to you...
And don't forget their WHOIS Info: (Score:5, Informative)
55 Bridge Street
Manchester, NH 03101-1188
US
Administrative Contact:
Host Master hostmaster@atriks.com
Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US
Phone: 603-624-7008
Fax: 603-624-9089
Technical Contact:
Host Master hostmaster@atriks.com
Atriks, LLC
55 Bridge Street
Manchester, NH 03101-1188
US
Phone: 603-624-7008
Fax: 603-624-9089
Re:Great (Score:3, Insightful)
Oh, tish tosh. They're now very much in the public eye because of articles like this, which means a better chance of a politician spotting them. And, being an election year, they'll be tripping over themselves to be the one to legislate this monkey into th
illegal in many places (Score:5, Insightful)
We've already struck back... (Score:2, Funny)
ISPs (Score:5, Informative)
Re:ISPs (Score:2)
Re:ISPs (Score:3, Insightful)
IP address fun (Score:4, Interesting)
I'm a commercial bulk emailer. We've wanted to do something like this for a while but always got scared off by liability issues.
This is a brilliant solution because the one thing we're always short of (even as legal bulk emailers) is IP blocks that aren't blacklisted (since a lot of the blacklists run simply on volume of email sent or take the word of somebody who's too stupid to remember he actually did sign up for a mailing list). I would assume actual spammers have an even tougher time with their IP addresses. Now they can spam up all the cable ISP's IP blocks, and once a block gets blacklisted they can just switch to a new set of users. Brilliant.
Re:IP address fun (Score:5, Insightful)
Yes, very "brilliant" of them. The only thing this will accomplish is getting port 25/tcp blocked all across the Internet completely whether you're an offender or not. Thanks asshole.
Re:IP address fun (Score:3, Insightful)
Does telling yourself you're not a spammer make your money seem less dirty?
Re:IP address fun (Score:5, Insightful)
This is a brilliant solution because the one thing we're always short of (even as legal bulk emailers) is IP blocks that aren't blacklisted **SNIP**
Except for the fact that *legitimate* "commercial bulk email" uses confirmed opt-in (note that I didn't say "double opt-in", a term used by spammers to imply that it's somehow extra work), has a simple and effective unsubscribe process, never purchases or rents lists, never assumes permission to do anything (email, phone, physical mail, etc), provides something of real value (weekly commentary newsletter, real sales specials, etc), and doesn't send it out too often. I have colleagues that support companies with thousands subscribed to weekly newsletters and the like (industry commentary, etc) which they send directly from their own mail server and they've never been on an RBL or had a spam complaint.
Re:IP address fun (Score:4, Interesting)
We've had maybe 10 spam complaints in 5 years, and in all 10 cases we had the date, time, and IP address from which the user signed up for the list. Despite the fact that we can prove when and where they signed up for the list, those complaints + our mail volume is enough to get us blacklisted.
Re:IP address fun (Score:3, Informative)
Yeah the email address signing up receives a confirm/deny email with three links: "subscribe", "don't subscribe", and "for God's sake don't ever send me anything from any of your servers ever again" (last two links are also in the footer of all messages we send out). We did once have a problem with a h4x0r (one of our clients at the time) trying to automate hits to the subscribe link but we caught him.
We never could think of a good fix to prevent that. Anybody have any ideas?
Re:ISPs (Score:3, Insightful)
As a 'power user', I was a bit annoyed when I noticed this. Then I reconsidered, I'd rather be forced to my ISPs SMTP relay (which really isn't a big deal for non-business accounts) than have spammers free to send email.
This give me a GREAT idea (Score:5, Funny)
UBE/UCE Liability Issues? (Score:4, Funny)
Earn money fast! (Score:5, Interesting)
I guess it's tempting to think that "ahh, I have 500 "clients" and could earn thousands each day!".
Take the money and run (Score:2, Interesting)
Re:Take the money and run (Score:3, Insightful)
Cool! I'll do it! (Score:2, Interesting)
Psst.. don't tell the spammers: I'll fix the spamming problem by putting a black hole transparent proxy between the machine running their program and the internet...
Anything they'll try to mail gets sent straight to
No, not really, but it'd be a nice way to cheat them...
Re:Cool! I'll do it! (Score:3, Insightful)
Spammers may be immorral liars, but they aren't stupid!
SCAM THEM! (Score:2)
Why would this be any different? Drain $1/hr from the pockets of the spammers, but use a crack that sends all the spam either to their joespam@spamco.com address or to
Scam them, my fellows. Scam
Re:SCAM THEM! (Score:4, Informative)
Hungry People. (Score:5, Interesting)
As much as I hate spam, if I was ever in the same situation again, I would sign up for this in a heartbeat. $720 per month is more than I would make with a legitimate part time job (considering that I am a student, making Canadian money). Spam isn't going away, and I would be more than willing to run the risk of losing friends, and making enemies of perfect strangers if it meant putting food on my table, and giving me a roof to live under.
At the moment however, I am doing fine, and in spite of the nice things I could buy with $1000 a month, I will not be signing up for this, as I value my principles more than material goods.
Just something to keep in mind before slamming people who give CPU time to this cause.
Re:Hungry People. (Score:4, Insightful)
Re:Hungry People. (Score:3, Insightful)
And you'd deserve everything you got - like having your internet account terminated, and not getting any money.
Remember rule #1: SPAMMERS LIE.
These are people who have no problem with stealing from people. You really think that they'd pay you?
Spammers are con men who prey on stupid people. I'm guessing they're counting on people like you.
I value my
Once again, missing the obvious! (Score:5, Insightful)
Since in almost every case you will be I/O bound, while this thing may tie up your entire connection it will not run more than a couple of CPU minutes per wallclock hour.
Thus the spammers screw the people doing this - they think they are going to get 24*7 = $168 a week, but they really are going to get about 24*7*.1 = $16.8 a week. Then they will get nothing because their account was terminated.
HOWEVER, this gives us a GREAT way to screw the spammers - run this sucker on an UNDERCLOCKED machine.
WAYYYYYY underclocked.
Like about 100 kHz.
That way, even with a modem the program will be CPU bound.
Re:Once again, missing the obvious! (Score:5, Insightful)
they are SPAMMERS, they won't pay, EVER.
Just out of curiosity (Score:3, Interesting)
-Colin [colingregorypalmer.net]
Re:Just out of curiosity (Score:3, Informative)
TOS? (Score:5, Insightful)
First of all, does this mean that the mail is sent through your own mail server? If so, that's a major TOS violation for most ISPs. If your computer is going to be its own mailserver, that may not work either, because of the number of ISPs now blocking outbout mail servers on their networks.
Secondly, check out their own TOS. For example, this line:
So, not only are you helping spammers, but if they "accidentally" drop that table in their database, they don't have to pay you a thing. Sounds like a really good scam to me. I should go buy a house and put in the contract that if I forget to pay, the house is free for me to keep and the loan is forgiven.Use the VMDA as an input to spam filtering (Score:3, Interesting)
This could be coupled with upstream filtering, and used to collect hashes of known spam in order to block spam all over the world.
How about getting paid $1/hour to help STOP spam ??
This sounds like a great idea for an open source project!
$1/CPU hour? Sure! (Score:5, Funny)
Sure I'll run it. I'll also setup a firewall so that this program can't send any actual data. After all, you're getting paid per CPU hour and not per email actually sent. Who cares if the program sits there and spins the cpu trying to send and resend it's first email message? Sounds like easy money to me! ;)
no outbound connections? (Score:3, Informative)
Aw crap... end run around RBLs? (Score:3, Interesting)
And I just installed SpamAssassin/Amavisd-New/Razor/etc, then they go and do this.
Don't get too excited (Score:5, Informative)
Let me demonstrate: here's a section from my ps -ax:
PID TTY STAT TIME COMMAND
1 ? S 0:05 init [4]
and here's my uptime:
16:45:07 up 4:31, 4 users, load average: 0.09, 0.34, 0.34
(yes I turn my PC off at night, so what...).
To sum it up, init has been running for 4 hours 30 minutes, but only has 5 cpu seconds on the clock. This is an extreme example, X on my laptop has used 15 mins on 2:30 hours uptime, but it get's the point across.
Sending out spam is bandwidth limited, not cpu limited (unless you run this on a 486 over a T1), therefor, you are going to be hammering your connection, whilst only using a small percentage of your cpu, and only earning mabey 2-3 dollars a night (and I'm being optimistic there, it could be a lot less).
So in short, this will work until people realise that there being had, and then it'll just disappear into the mist.
Nice try, but zombies are more effective...
Pay people to find spammers (Score:5, Funny)
That will end the spamming quickly.
perfect! (Score:5, Interesting)
Now here we have an email system which is increasingly broken, taken over by spammers, yet no one can agree to cooperate on a solution. Even the laws we make dont have any teeth.
I think we should promote this new thing, and all jump onto the bandwagon.
We should be able to definitely slashdot the email system at a planetary scale, thereby causing massive amounts of media aired/printed 24/7 for a few weeks.
The repercussions on spammers would be spectacular, to say the least.
I bet there would also be some political clout to revamp email to eliminate spam and prevent it from ever occuring again.
I equate this to a spammer saying: "here's a perfectly working gun. now use it to shoot me."
Yeah, right. (Score:3, Insightful)
- They're paying by CPU time
- Sending mail is by nature completely I/O bound
- Computers are really really fast these days
- They're not paying anyone until they build up $50
It's almost a certainty that they will never have to pay anyone anything before they are put out of business. It would take months if not years to build up fifty hours of CPU time sending mail over a cable modem. And if they actually manage to hook someone with a rediculously large pipe, they're getting their money's worth in spades.This is a brilliant scam for people who don't know what CPU time means.
And when thay are done sending spam? (Score:3, Insightful)
And what might "their" program do when, after approximately one CPU hour, the IP that it is running on has been blacklisted and is no longer of use for spamming? Join a DDoS net? Download and host some very dodgy software or porn? The list goes on... Still, at least you'd be able to afford a quartet of two bit lawyers when you get busted for hosting a kiddie porn site or something.
$1 per *CPU* hour (Score:4, Informative)
Paid spam (Score:3, Interesting)
Non-event (Score:3, Informative)
I noticed recently while trying to diagnose an email problem that Time Warner Cable now limits its "unlimited service" to 1,000 emails sent per day [rr.com]. Obviously, you'll hit your limit well before that CPU-hour, so you'll never make more than $365/year and eliminate your ability to send any personal email.
You'd make more money hanging out at the street corner holding cardboard sign that says, "Will compute for food."
Both your friends? (Score:5, Funny)
Hey, how'd you know I only have two friends...?
Terms of Service (Score:3, Informative)
Terms Of Service
1. ACKNOWLEDGMENT AND ACCEPTANCE OF TERMS OF SERVICE. Atriks, LLC
("ATRIKS") web site, VirtualMDA and other ATRIKS services and web properties ("Service"),
owned and operated by ATRIKS, is provided to the
member community under the following Terms of Service and any operating rules
or policies that may be published by ATRIKS. The Terms of Service comprise the
entire agreement between Member and ATRIKS and supersede all prior agreements
between the parties, regarding the subject matter contained herein. By
participating in the registration process, members are indicating their
agreement to be bound by all of these Terms of Service.
2.Payment. Upon completing the registration procedure, you will be given a unique
identification account number ("UID"). You will be paid by ATRIKS $0.25 for every
Central Processing Unit Hour ("CPU HOUR") used by the VirtualMDA software located
on your personal or business computer(s) (either or both of which shall be the
"Installed Computer(s)") is actively connected to the internet ("Online"). The
Installed Computer may accumulate a maximum of 24 CPU HOUR's in one day. If
your UID logs more than 24 CPU HOURS in one 24 hour period, your account
may be suspended or terminated for unusual or suspicious activity. In order to
receive payment, you must submit a request to ATRIKS using the electronic request
form provided to you via your member account webpage. Your member account webpage
will contain a calculation showing the amount of money accrued in your account.
In case of a dispute as to the amount accrued, the amount shown in your account
is final and binding upon you in all respects. You may only request payment, and
ATRIKS shall only disburse from your account, when your account is equal to or
greater than $50.00 for United States residents and $90.00 for those residents
outside the United States. In the event of technical problems or data loss which
causes a loss of account information, your account will be reset at $0.00, and
you hereby waive any and all claims for any amount previously accrued but not yet
disbursed. All payments shall be by check, made payable to you, and sent to you
at your last known address via the U.S. Postal Service, first class mail. There
will be a check processing fee of $3.00 (three dollars) and any payment returned
to ATRIKS shall be voided, and your account shall be deleted and any accrued
amounts will be forfeited
3. DESCRIPTION OF SERVICE. ATRIKS is providing Member with Internet services and
opportunities to get rewarded while using the Internet in exchange for performing
certain actions as desired by our advertisers. As part of this service ATRIKS provides
Member with proprietary software ("SOFTWARE") for relaying email messages.
In consideration for this Service, Member agrees to: (1) create only
one account per household and, (2) provide certain current, complete, and accurate
information about Member as prompted to do so by the Service and, (3) maintain and
update this information as required to keep it current, complete and accurate and.
All information requested on original sign-up shall be referred to as account
information ("Account Information"). Furthermore, ATRIKS will not share, sell, trade,
or give away personally identifiable Member information to third parties without Members'
explicit permission. Upon registration, all users grant to ATRIKS their explicit
permission (1) to contact them with important information about Members' accounts and
updates to our services, policies and business practices, (2) to access and use the
Installed Computer(s) for relaying permission based (opt-in) email for ATRIKS and/or
third parties, and (4) data gathering activities, without further notice to or permission
from Member. The users have the option to choose not to be contacted or t
Perfect use for Vmware (Score:3, Insightful)
Single Professional License for Vmware from ebay: $200~
The ability to milk a spammer for 30 bucks an hour: priceless.
umm ... (Score:5, Funny)
You could've started by not advertising their product for free on the front page of Slashdot
DUL RBL *NOW* (Score:3, Interesting)
Here's how they describe their distributed system (Score:3)
Atriks Description:
Email Deployment
Reliable and Effective Email Campaigns
Atriks has created relationships with over 60,000 individuals throughout the world who act as sending agents for the Atriks Distributed Email Delivery System. Atriks has developed a software called VirtualMDA (see www.virtualmda.com ) which resides on these sending agents' machines and periodically talks to an array of servers within our data center, looking for messages to deliver. When messages are available, each agent machine can receive up to 100 emails to deliver. For example, with 20,000 agents sending 100 emails each, the Atriks Distributed Email Delivery System can deliver 2 Million emails in one quick shot.
Politeness is key
There are approximately 4500 "well known" mail servers within the US and Canada, so being "polite" on how we connect and deliver the messages is important. Atriks doesn't want to cripple the receiving mail servers with millions of messages, so we create delays and meter traffic so not to overload the receiving server with connections.
Distributed delivery prevents blocking
Atriks developed our Distributed Email Delivery System because many email providers will obstruct otherwise legal emails from very large senders at will and without notification to the sender/list owner. Using sending agents and VirtualMDA, blocking is much less likely.
Creating a campaign
Once signed up with Atriks, most customers can create their campaigns in a few easy steps through our web interface:
Create the campaign
Test and OK the campaign
Set delivery date and time
Upload your data records
Set the campaign to "Ready."
Our system automatically starts delivery at the time and date set within the campaign.
For more information about using Atriks to deploy your next email marketing campaign, contact us.
Why are spammers doing this? (Score:5, Interesting)
The answer is because relay-blacklisting is working!
None of the client-side, server-side, content-based filtering has made any difference. What HAS made a difference are mail servers which are utilizing relay-blacklists of known spammer IP space and refusing to connect with them. This has forced the spammers to begin abandoning their havens in China, Brazil, Korea and other areas. Now they're trying to infiltrate domestic broadband IP space. First they tried it via propagating viruses and worms and that isn't working out as well as they'd like (and they probably figure sooner or later, the Feds just might actually prosecute one of them), so now they want to sucker people into spamming for them.
All this is an indication that relay blacklisting IS effective.
RBLs are becoming more sophisticated nowadays. Spamcop can usually ID a spam source in real time within an hour of it beginning operation. AOL and other major ISPs are now looking at RBLs to help them block spam. It's much more economical than strip-searching e-mail content using filters.
Let's keep up the pressure. Let's continue to force the spammers into smaller areas of the Internet where they can be identified and dealt with. This latest effort is a good sign they're getting desperate to figure out where they can send spam out from. None of the content-based filtering schemes have come nearly as close to slowing down their efforts as much as RBLs.
I've been blacklisted (Score:3, Interesting)
Of course, then there's the fact that this proposal is offensive, anti-social, and just plain retarded.
How were we blacklisted, you ask? We use an exim server as the gateway, with sendmail internally. The gateway server was marked as a trusted host for relaying on the internal server (indirectly; it was part of a subnet of hosts that needed to be able to relay). Normally that's not an issue, because the exim gateway would refuse to accept messages asking for relaying anyway.
Unfortunately, the exim gateway permitted percent-hack messages to pass, permitting an attacker to bypass the gateway server's checks, and deliver a message for relaying to the sendmail server. Which promptly relayed it, because the gateway was a trusted host.
Fix: disable percent hack (Why TF is it even supported anymore anyway?) and set the gateway to be able to deliver, but not relay.
Business plan (Score:3, Interesting)
2. Connect them with a LAN.
3. Run Windows and this spam generator on computer A. Set it's network settings to use machine B as its gateway.
4. Run Linux on computer B. Hijack all connections and packets originating from computer A and destined for port 25 (or all which are targeted outside the spammer's IP, to be safe). Let other packets to travel to Internet normally, so that the spammer can download new spam definitions.
5. Run a mail server on computer B. Forward all mail coming from computer A to be study material for a Bayesian filter and then
6. Profit !!!
7. Watch as all the other geeks get the same bright idea.
8. Watch and enjoy as the spammers go bankrupt.
9. ??? (it is impossible to predict what a post-spam Internet will be like).
The real company is Atriks, LLC in New Hampshire (Score:3, Informative)
Whois:
55 Bridge Street
Manchester, NH 03101-1188
Phone- 603-624-7008
Fax- 603-624-9089
hostmaster@atriks.com
Atriks [atriks.com] is a mailing list company. "Atriks offers targeted public record data that comes entirely from publicly available Internet sources. We collect, compile, aggregate and provide the most high-quality, complete, and up-to-date data possible for every individual and business with a presence on the Internet." They're a member of the Direct Marketing Association. They claim a server farm with 330 servers and seven terabytes of data. Here are some of the lists they offer:
-
Atriks Broadband Consumers "1,000,000+ consumers who have demonstrated a thirst for better technology and a willingness to spend money for enhanced products and services are included."
-
Atriks Personal Domain Owners with Credit Cards "7,000,000+ consumers have registered a domain for their own personal use and have created Web sites that share everything from jokes to family pictures. A key part of their registration is supplying credit card information, resulting in a file with all major credit card selects available."
-
Atriks Subscribers by ISP "6,700,000+ subscribers identified by ISP are included in this database. Mailers can target these subscribers by more than 100 selectable ISP providers."
Those are just the "consumer" lists. They also have business-to-business lists.Atriks is co-located with a local ISP, MV Communications. [mv.com]. MV has been in business for many years. They have modest backbone connections for an ISP; 6Mb/s to Global Crossing, 12Mb/s to Level 3, and 12Mb/s to Paetec. Unclear at this time if MV and Atriks have common ownership.
They're what the DMA would call a "legitimate spammer".
Summary of ToS, with comments (Score:3, Informative)
http://www.virtualmda.com/terms.htm
I've paraphrased their clauses.
My comments are in italics after.
1. By signing up, you agree to this ToS
2. You get $1 for every "CPU HOUR".
You have to ask to get paid.
We won't pay unless it's at least $50.
If there's anything suspicious, or we make a mistake in accounting, you get nothing.
Comment: it's not clear what a "CPU HOUR" is, but I suspect despite the many claims on slashdot, that they really do mean $1 for every hour your computer is running their program and is connected to the internet sending email. But their program doesn't run unless both you and they tell it to, so they could guarantee that it runs less than 40 hours if they wanted to.
3. You agree not to cheat.
4. We can change the Terms of Service whenever we want.
My guess is that this happens if you would actually get paid if they didn't.
5. You are responsible for security.
6. There is no warranty.
7. We aren't liable for anything.
8. Our software has a copyright.
9. We decide if you violated the ToS.
10. You can't resell the service.
I wonder why they're worried about that.
11. You are responsible for anything we send.
Yes, they really do expect you to take the fall for what they are doing.
12. You indeminfy us.
And if they should happen to take the fall, then you have to pay for that too.
13. All you can do if you don't like it is quit.
14. The legal jurisdicition for everything is New Hampshire.
15. You agree not to participate in class actions against us.
And that goes for all time, not just this.
In other words, they know you're going to want to sue them, so they want to make sure it's not worthwhile to do it.
Mostly, the ToS is the usual collection of stupidity, but that last clause is so out there that I had to comment.
-- this is not a
They hope you're bad at math. (Score:3, Informative)
24x365x.002 = $17.52/yr
You can bet they've optimized it for minimal cpu usage, and that it'll suck up nearly all of your bandwidth. You'd be paid about $20 a year for most of what you pay over $300 a yr for. A very raw deal, not to mention the high probability of it getting you in trouble with your isp.
Re:validation (Score:3, Insightful)
simular to mass snailmail mailing where you rent a list from someone and then if you continue to use it after the period you paid they know because they planted fake people in the list.
Re:First thought.... (Score:3, Insightful)
Trivial to have every nth (perhaps with some random deviation) email address be one of a number that the spammer itself monitors. If the mail does not get to those monitor accounts, you don't get paid.