Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Spam The Almighty Buck The Internet Your Rights Online

Confession For Two: A Spammer Spills it All 389

defender writes "Rejo Zenger, well known Dutch anti-spam activist, recently had a very frank talk with a (now retired) spammer. He got information as to how and why S. Pammer started, where and why he was kicked out, who helped him get his bulletproof hosting, his open proxy mailings etc. It gives a nice and concise view of what the costs for a smalltime spammer are. About 200 Euros for the hosting and ability to spam at least half a million addresses (in a months time). That's for a turnover of 6 times and a net profit of well over twice those initial spam-related costs. Complete with screenshots, of course."
This discussion has been archived. No new comments can be posted.

Confession For Two: A Spammer Spills it All

Comments Filter:
  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Monday June 21, 2004 @06:27PM (#9489828)
    Comment removed based on user account deletion
    • by elohim ( 512193 ) on Monday June 21, 2004 @06:29PM (#9489840)
      How about paying those vigilant individuals? maybe yahoo or hotmail could pay them?
      • by bersl2 ( 689221 ) on Monday June 21, 2004 @07:30PM (#9490236) Journal
        That's very insightful. Given that spam is an overall economic bad, you can somewhat offset the production of spam by spending money for its removal. Or you could spend money so that it is never produced in the first place.

        Maybe we should treat other economic bads (e.g., pollution) in such a way: subsidize the non-production thereof.
        • Maybe we should treat other economic bads (e.g., pollution) in such a way: subsidize the non-production thereof.

          Taxing excessive pollution is rather common in Europe. Unfortunately actually paying people for doing the opposite is not ;)
      • Better yet, confiscate the profits from spamming activities and use that to pay them. We need to introduce disincentives. Having some big company pick up the tab just subsidizes the spammers.
    • by Anonymous Coward on Monday June 21, 2004 @06:41PM (#9489929)
      If everyone behaves, the 'net's a good place.

      If no one behaves, it's useless.

      But if most behave, a few have a huge incentive to misbehave.

      They key is to increase the penalties for misbehaving so that there is no incentive.

      • Re: (Score:3, Funny)

        Comment removed based on user account deletion
        • by Crayon Kid ( 700279 ) on Tuesday June 22, 2004 @03:15AM (#9492840)

          IMHO, it would only take three or four spammers being found beaten to death in an alleyway somewhere, to scare off the majority of the Ralskys of the world. That would just leave the serious mafia types, and getting rid of them would be very tricky..

          This would only escalate violent methods. The big spammers who make the serious buck would just hire bodyguards, personal guards or would be compelled to make deals with actual organized crime. The guy in this story was a small timer and stopped after a while. But if there were angry people on the streets ready to beat him up maybe that would've prompted him to look up the local gangs or mobsters and pay a protection fee. Now where would that go next?

          • Or to put it another way: there's always going to be spam as long as there's a profit to be made out of it. No matter what measures are taken, technical or social, it will only be an escalating arms race of spammer vs anti-spammers (whoever they are). Look at all the wrong things for sale out there: arms dealings, drugs, people and so on. As long as there's someone buying, the incentive remains. The harder it is to sell those things, the bigger the risks, the bigger the profit. The fewer the sellers, the h
          • I'm certainly not advocating physically harming spammers. (As tempting as it may be sometimes) However, I think the profit margin on spam isn't large enough to offset the cost of physical protection, protection fees, etc... The "market" for spam is pretty much saturated by definition, and even though the "production" cost is low, the number of customers is equally low. In your follow-up you do mention that getting rid of the few fools who buy via spam would fix the problem quickly, but there will alway
        • IMHO, it would only take three or four spammers being found beaten to death in an alleyway somewhere, to scare off the majority of the Ralskys of the world.

          Am I the only one who thinks your avereage spammer could take 3 or 4 average slashdot dweebs on at a time?

          Anytime there's a story about spammers, there's unending comments about how somebody is going to kill them/kick their ass.

          I've met spammers and I've met Slashdot nerds, and I think you guys (slashdot nerds) are in trouble.
      • by oh ( 68589 ) on Tuesday June 22, 2004 @01:33AM (#9492499) Journal
        But if most behave, a few have a huge incentive to misbehave.

        They key is to increase the penalties for misbehaving so that there is no incentive

        You are assuming that most people make rational decisions when deciding if some thing is "worth the risk". If you try and compensate for a low risk of getting caught by increasing the punishment then people will just think that they will never get caught. Its called "personal positive bias", similar to the way people play in the lottery even though it isn't strictly speaking "worth it".
    • The sort of people to look at this kind of cost/risk ration and think "cha-ching" may actually be stupid enough to punch themselves in the face (even after reading this post). Where's my film?
    • The costs these fucktards incur upon everyone else leaves us with a wasteland. If it weren't for vigilant individuals spending their free time trying to fight the problem, the internet would probably die
      And praise be to those vigilant individuals. However, it is not that the Internet would die; more like this crappy insecure non-authenticated protocol called SMTP would die. The only problem with just pre-emptorily killing it ourselves is that it would cost many $billions to replace it.

      My favorite alternative to replacing SMTP is to adjust the penalty for activities like this guy S.Pammer to be "head mounted on a stick". There is lots of data that says that a majorit of all spam is sent by the top 200 spammers; kill them all in greusome ways, and they are unlikely to have followers :-)

      Crispin
      ----
      Crispin Cowan, Ph.D.
      CTO, Immunix Inc. [immunix.com]

    • by halowolf ( 692775 ) on Monday June 21, 2004 @06:51PM (#9490004)
      I'm not trolling, (and I'm not have a jab at every BL project out there) but these "vigilant individuals" also create problems of their own as they counter the problems of SPAM, blacklisting without accountability and the like. Their actions can also degrade the quality of the internet. I'm not saying do nothing but sometimes doing a knee-jerk reaction can be just as harmful. The word vigilant, is too close to vigilante for my comfort :)

      I am pleased however that more proactive steps are being taken by organisations such as Spamhaus [spamhaus.org] in addressing the problem by both a technology and policy driven approach in combatting the problem. And that more prosecutions are happening. But I don't see the tide being turned anytime soon.

      As for the internet dying, I don't see it. There is now to much commercial interest in it for corporations to sit idly by and do nothing about SPAM and other problems we encounter on the internet. Even our governments misguided steps at regulation, show that the internet is here to stay. It may transform in the future but I don't see it dying just yet.

      • The word vigilant, is too close to vigilante for my comfort :)

        This is the most civilized way of handling any annoying situation:

        1) Confront the annoying person directly, and politely.
        2) If 1) fails, inform his superiors or some authority that can punish him for his misdeeds.
        3) If 2) fails, try again.
        4) If 3) fails, inform said authorities that if they cannot deal with the problem properly, you will take matters into your own hands since they are clearly not doing their jobs.
        5) If 4) fails, bury the fucke
      • Their actions can also degrade the quality of the internet.

        I get my email bounced sometimes because AOL and some other ISPs have blacklisted mine; meanwhile I still get tons of spam. So I'm getting screwed by both the spammers and anti-spammers.

    • by Fnkmaster ( 89084 ) on Monday June 21, 2004 @06:54PM (#9490015)
      I don't know what the heck this "green economic" theory is, but you don't really need that to analyze this problem. We covered this in AP Economics in high school, many years ago before spam existed. These are called negative externalities - the commons is polluted because the polluter doesn't pay the cost of the collective damage he does. Just like pollution, the solutions all require some sort of government regulation.


      The problem with spam is it's much harder to catch spammers than illegally polluting factories where disgruntled workers, regular inspections and so on can be used for enforcement. Spammers are hard to catch since they operate through intermediaries in other countries and fly beneath the radar, and because the legal tools to fight spam have been very slow to catch up. And there need to be government organizations dedicated to tracking down and prosecuting spammers, like there are for polluters.

      • this is where the UN has started taking looks at 'managing the internet' and the general response from the tech community has been fear and horror.

        either we WANT a system that is monitored and every packed is tracked (ala big brother, 1984, the current US DMCA-Patriot Act version of things) OR we must create a self-managing system that provides accountability and protection from fraud.

        spamhaus seems to be a step in the right direction, but the direction that microsoft and the various big companies seem to
  • by ErichTheWebGuy ( 745925 ) on Monday June 21, 2004 @06:28PM (#9489834) Homepage
    ... a 'how to become a spammer' article.
  • Net profit? (Score:5, Funny)

    by Rick the Red ( 307103 ) <Rick,The,Red&gmail,com> on Monday June 21, 2004 @06:29PM (#9489841) Journal
    Hmmm. Net profit of over 400 euros a month, eh? Wow, that will buy a lot of champagne and BMWs! Yeah, that's worth having everyone on Earth hate you.
    • Re:Net profit? (Score:3, Insightful)

      by rsmith-mac ( 639075 )
      The profit is a product of the investment though; had he had a large investment, he would have seen large profits(in theory).
  • He's earned 523 Euros which in America = close to 1000 dollars (no I don't have a currency converter).

    Job Paying $8/hr * 40/hrs week = $1280 or about $1,000 after taxes, that's the average rate of your Starbucks Coffee guy in the United states, and the money is legit!

    Mid level computer programmer (or someone like me) = $50k/year or $3,000/month after taxes.

    In short it's getting pretty damn tough for the Spammers I see. The harder we make it, and pretty soon Spamming will just be unprofitable I hope. In the meantime my advice to this spammer = get a real job...even Starbucks Coffee guy is better than what you're doing.
    • How muc hdo you think companies like this Send-Safe are pulling it? They are the problem, not the joe-spamer.
      • Won't argue with that. But as spamming becomes less profitable, so will they to the point that their business model becomes unsustainable. Besides now that everyone on Slashdot is aware of their existence, I predict that life will become a living hell for Send Safe + their clients :-/
    • by radish ( 98371 ) on Monday June 21, 2004 @06:37PM (#9489894) Homepage
      Actually, 523 euro is more like US$650, so it's even worse. For me, it's approaching "won't get out of bed" levels. Which is handy, seeing as you can spam from anywhere in the house :)

      I really can't see why anyone would bother...
      • On the other hand (maybe I should have said OTOH, so the /bots can understand), it's a lot more money for a lot less work than other "Make Money Fast From Home" operations.

        If you can run this for 2 hours an evening 8 times a month, $650 or $500 Euros doesn't seem so bad... Pardon me if I missed it in the article, but he only did runs every few days, and then he paid his housemates to pack em. It doesn't seem like a business that scales, but it's decent pocket change.
    • you think it took all that time for him to spam? apart from the initial costs to get spamming wasn't it practically downhill from him ever since?

      you know what's the sad thing? for him it would make perfect sense to just send 10x the emails for 10x profit!
    • Visit their website.
      Look at all the pages.
      Maybe do a wget websuck to /dev/null
      Look for Contact forms, and fill them out.
      If it is a Mortgage scam, fill out the forms with random stuff, or put in the name and addresses of known spammers.
      Same for the car lookup stuff (How in the world do they make money?)
      Keep them busy and waste their time.

      If everyone who received a spam visited the site just once I doubt they would be able to afford the bandwidth.

      And, just an afterthought on a different note, do most spamme
  • by Faust7 ( 314817 ) on Monday June 21, 2004 @06:33PM (#9489865) Homepage
    Most orders seem to have been made on impulse: they are done during or immediately after the spam run.

    And I'd have thought they'd engage in long, thoughtful consideration before trying an experimental manhood-enhancing product, mortgaging their home, choosing a Third World bride, or deciding which bestiality DVD set to purchase?
    • Re:Impulse purchases (Score:3, Interesting)

      by tekiegreg ( 674773 ) *
      Ok let's analyze that statement if they impulse buy x on impulse:

      Manhood enhancing product: Hopefully the end result of a disastrous manhood enhancing products is the destroyed ability to procreate, so spam customers can't begat more spam customers, W00T!!!

      Mortaging their home on impules: Worst case scenario their home is repo'd, gets harder to fall for spams when you don't have a home to check your email for spams in.

      Third world bride: Oh dear god don't go there on impulse buying a woman...*shudde
    • "And I'd have thought they'd engage in long, thoughtful consideration ..."

      I know I would have...

      From the article:

      "The tins of meat are bought at a Dutch importer, who in turn buys them from a Belgium importer who buys them in the former Sovjet Union."

  • It seems like spam (Score:5, Insightful)

    by foidulus ( 743482 ) * on Monday June 21, 2004 @06:34PM (#9489871)
    is a "pyramid scheme" of sorts. People who may or may not be the most adept at technology or business get the idea to spam. They pay the more "gifted" people at the top money for things like addresses and hosting etc. These are the people who are really cleaning up on spam and should probably be the ones that the authorities go after, cept that they usually hide in places (Russia, Hungary, China etc)where it's hard to enforce international laws, esp. spam laws. Even if we go after the little guy, there will probably be more to take his place, the lure of such "easy money" is too great for some people.
    On a side note, it is kind of interesting the comment about bounced mails. My university disabled my account(because they thought I was no longer a student, even though I was) for about 2 months. As soon as I got it re-activated, the spam started flowing in like water again. Amazing.
  • I can see it now (Score:2, Interesting)

    by wangotango ( 711037 )
    Spammer's Cookbook.
    Should make the NY Times Bestseller list in a matter of days along with a few more Euros.
    Not funny, and likely to happen.
    • Re:I can see it now (Score:5, Interesting)

      by actiondan ( 445169 ) on Monday June 21, 2004 @07:16PM (#9490153)

      Remember, the book wouldn't have to actually be accurate in order to sell - it would just need to promise to tell readers what they need to know in order to spam effectively.

      In fact, the book could quite easily lead prospective spammers down a route that will get them quikcly caught and shut off...

      The book could make a lot of money from people who want to spam their way to riches _and_ help to make sure that such people get identified and stamped on early in their (hopefully short) careers.

      Hmm, better that I make the money with a fake spamming guide than some real spamming expert...

      Would it be wrong to scam people who want to become spammers?

      Dan.

  • Baiting? (Score:5, Interesting)

    by bucky0 ( 229117 ) on Monday June 21, 2004 @06:35PM (#9489885)
    Reading this article gave me a good idea (Although, it's probably been done before)

    Would it be possible to set up to send spam through one of those sites to numerous address you set up? Then, after you recieve the spam, you could block those proxies(being relatively certain that they're zombified machines)

    Yes, you would have to spend a bit of cash up front, but it seems (at least in principle) to be a fairly accurate way to find spam relays.

    My $0.02..
    • Re:Baiting? (Score:5, Insightful)

      by MBCook ( 132727 ) <foobarsoft@foobarsoft.com> on Monday June 21, 2004 @06:45PM (#9489952) Homepage
      That depends on what you're willing to give up. Now I'll admit that if a site got a big donation where people each paid $1 to get access to the list you could probably cut a decent chunk of the spam from your e-mail account.

      The problem is what you're willing to give up. Some servers are probably used for nothing but spam, but what about the other servers. What about the servers that belong to small ISPs, hosting companies (which might be used for MANY businesses), etc? Are you willing to assume all that is spam too? You might lose a decent number of ham messages that way.

      But you could definatly use it as another input to a spamassassin type filter.

    • Re:Baiting? (Score:3, Interesting)

      by torinth ( 216077 )
      A few problems:

      1) Your single message may only go out through one or two proxies. Remember that the spammer you hire has other jobs running, and has many choices as to how to distribute the load.

      2) Spam proxies are generally short-lived or part of a dynamic pool of addresses that it might not be appropriate to block. Some are also just corporate machines that were poorly administered (open relays). You may inadvertantly block regular people from getting email to you.

      3) It would be easier to just buy a
  • by Anonymous Coward on Monday June 21, 2004 @06:38PM (#9489909)
    Every time I get one of those "Mic.ro sofT Sof1w.are cheap!" emails, I am always tempted to start some Linux spam.
    "For a low, low fee I can show you the best software site on the internet, everything from operating systems, to office suites, to graphics programs can be yours for free. Yes the sourceforge is a wonderful place. To find out, please send CowboyNeal your first born."
  • Not a true example? (Score:4, Interesting)

    by fembots ( 753724 ) on Monday June 21, 2004 @06:38PM (#9489910) Homepage
    This guy is only making a small profit, and the way he did his business wasn't really taking advantage of the "investment".

    Shouldn't he be selling more products, ie he paid EURO$388 for the CDs, he should have used the same CDs for many more products at once, and each of them will guarantee the same readership of 30%.
  • The real money... (Score:5, Interesting)

    by j3ll0 ( 777603 ) on Monday June 21, 2004 @06:41PM (#9489927)
    ...would appear to be in the production and sale of address lists.

    Seriously, it would be trivial to write a script to generate e-mail adresses (actual reachability is a moot point). All you would need is a list of registered DNS names with mx records, and a list of names (nationality doesn't matter either: as many nationalities as possible). Then just run through the common variables

    firstname.lastname@mx.tld
    lastname.firstinitial @mx.tld
    first6charsoflastname.firstinitial@mx.tld
    and so on....

    Costs to burn the CD
    Yup, that's where the real money is....
    • " ...would appear to be in the production and sale of address lists...Seriously, it would be trivial to write a script to generate e-mail adresses..."

      Production? Seems like you could do it even easier: just buy some other spammer's CD, then redistribute it yourself. What's the original producer gonna do...sue?

      • by actiondan ( 445169 ) on Monday June 21, 2004 @07:18PM (#9490172)
        What's the original producer gonna do...sue?

        Yeah, you're right, people who engage in illegal trades never have any way to get at people who shaft them because what they do is illegal and they can't go to court.

        That's why I always steal from drug dealers and money launderers...

        Dan.
      • huh. read the article, one shitty cd with just a fraction of working emails cd cost 300$.

        now, I'd rather spend that 300$ on booze while doing the script to generate the names..
    • Re:The real money... (Score:3, Informative)

      by torinth ( 216077 )
      The value of a mailing list corresponds to it's accuracy as well as any supplementary information it contains (interests, habits, geography, etc.).

      When you say actual reachability is a moot point you're completely wrong. Actual reachability is a very important point.

      If a spammer knows that an address is good, that the person on the receiving end reads the messages, and that they're generally interested in the kind of product being pitched, they'll pay a lot more.

      If a spammer doesn't know anything about
  • by Anonymous Coward on Monday June 21, 2004 @06:42PM (#9489939)
    I guess he hasn't heard of the White Pages....

    Link [yahoo.com]
  • Fscking God! (Score:4, Insightful)

    by dark-br ( 473115 ) on Monday June 21, 2004 @06:45PM (#9489958) Homepage
    Have a look at the botton of the screenshot pay a visit [send-safe.com] for the "Send Safe" home page.

    Would somebody PLEASE just kill those fuckers?

    To sell such a program should be considered a crime for itself!

    And have a look at the testimonials... Gosh... we are doomed.

    • by Daniel Dvorkin ( 106857 ) * on Monday June 21, 2004 @06:54PM (#9490014) Homepage Journal
      Based on how slowly their server is moving at the moment, I have the feeling they've been /.ed with a vengeance. It's not as good as murder, but if nothing else, it will slow them down for a while.
    • support@send-safe.com
      techsupport@send-safe.com
      good@send-safe.com
      orders@send-safe.com
      For pre-sale only questions please call 813-747-9677.

      heh heh heh, not for "pre-sale only" anymore.
    • Re:Fscking God! (Score:5, Informative)

      by ktakki ( 64573 ) on Monday June 21, 2004 @09:47PM (#9491225) Homepage Journal
      Would somebody PLEASE just kill those fuckers?

      Okay, who owns send-safe.com?
      domain: SEND-SAFE.COM
      owner-address: Ibragimov Ruslan
      owner-address: 12 Krasnokazarmennaya
      owner-address: 111250
      owner-address: Moscow
      owner-address: Russia
      owner-phone: +7.957235641
      owner-e-mail: b35ed568876bf16d66d15c298b2159a8-564687@owner.gan di.net
      admin-c: IR14-GANDI
      tech-c: IR14-GANDI
      bill-c: IR14-GANDI
      nserver: dns.send-safe.com 217.107.162.252
      nserver: dns2.send-safe.com 217.107.162.200
      reg_created: 2001-11-14 04:31:54
      expires: 2005-11-14 04:31:54
      created: 2001-11-14 10:31:55
      changed: 2004-04-27 11:56:07
      Gah! The Russian Mob! Well, I'm all for killing spammers, but in SOVIET RUSSIA spammer kills YOU!

      Okay, who owns that netblock?
      $ whois 207.107.162.252
      Sprint Canada Inc. NETBLK-SPRINTCAN-BLK3
      (NET-207-107-0-0-1) 207.107.0.0 - 207.107.255.255
      Western Inventory Service NET-WESTERNIN-107-163 (NET-207-107-162-0-1)
      207.107.162.0 - 207.107.163.255
      Canadians! Back-bacon eating, toque-wearing, Stanley-Cup-losing Canadians. I'd rather take on 25,000,000 Canadians any day than mess with the Russkie Mafia.

      Now, who hosts www.send-safe.com?
      $ whois 65.210.168.34
      UUNET Technologies, Inc. UUNET65
      (NET-65-192-0-0-1)
      65.192.0.0 - 65.223.255.255
      MTI SOFTWARE UU-65-210-168-32-D9
      (NET-65-210-168-32-1)
      65.210 .168.32 - 65.210.168.39
      Hmmm...I knew UUNET would pop up somewhere. There are a couple of MTI Software results on Google; one sells support and service for OpenVMS systems, the other sells bulk e-mail software. I think it's the latter...
      Registrant:
      MTI Software
      4577 Gunn Highway #161
      Tampa, FL 33624
      US

      Domain name: EMAILEMAILEMAIL.COM

      Administrative Contact:
      Bentley, Nick nick@mtisoftware.com
      4577 Gunn Highway #161
      Tampa, FL 33624
      US
      813-968-1531
      Technical Contact:
      Li, Jonathan jonathan@123cheapdomains.com
      920 Cranbrook Court, Suite #7
      Davis, Ca 95616
      US
      1-415-682-3859
      Florida. It figures. First in spam, first in hanging chads, first in the hearts of the nation.

      So, to sum up, we have an Axis of Evil: Russians, Canadians, and Floridians, all conspiring to deploy Weapons of Mass E-mail Destruction. Gimme a couple of days to throw together a Powerpoint presentation for the UN Security Council and maybe we can get a posse...err, a coalition together.

      k.
  • why oh why (Score:2, Interesting)

    by sinner0423 ( 687266 )
    journalists iconify these assholes making them out to be some sort of innocent guy, genius, or otherwise. bottom line is, they're breaking the law, and pissing me off. let *ME* interview one of these guys, you'll surely see a dissection of a spammer.

    whose with me? we'll set up some fake wired interview, and just beat them down, hoping they go tell the tale of horror to all of their buddies.

    private funding sent a passenger jet in to near-orbit for a little bit over 20 million. i'll do this for 10 m
  • 213.10.. (Score:3, Interesting)

    by apachetoolbox ( 456499 ) on Monday June 21, 2004 @06:58PM (#9490036) Homepage
    /me gets back from looking at the screenshot...

    i'm banning 213.10.0.0/16 ...

    -jk :)
  • by joeldg ( 518249 ) on Monday June 21, 2004 @07:02PM (#9490058) Homepage
    this guy is "normal" non-tech user.
    he used all 'download and run' services, he built nothing himself.
    I think the real money being made here is providing these programs and websites for them to use and also the lists.
    This is interesting stuff to consider and would make an interesting business model to create spamware for the spammers and then feed the data to places like spamhaus etc.
  • by Andy Smith ( 55346 ) on Monday June 21, 2004 @07:03PM (#9490062)
    Thats for a turnover of 6 times and a net profit of well over twice those initial spam-related costs
    If any business of mine ever makes "well over twice" the running costs, ie: not enough to be expressed in thousands of percent, then I'd shut it down and start asking myself where I went wrong.

    Seriously, just off the top of my head I can think of one much-needed business in my (very small) local town that this spammer guy could set-up and he'd make 10x what he made from spamming. Oh and I've just thought of another one.

    The world is full of money-making opportunities if you stop thinking about money and start thinking about what people *want* and what useful products and services you can provide. I'm pretty sure you'll find that those opportunities are more profitable than all but the most serious financial crimes.
    • Parent post was a case of an Internet person commenting on the real world. As soon as I posted the comment I instinctively started thinking about the hypothetical business I mentioned, and it's obvious that 1000% profit would be downright impossible to achieve. I still think the spammer guy's an idiot/scum if he's only making 2x/3x profit by *spamming* but apologies for letting my ego run away with me.
  • Unfortunately (Score:4, Insightful)

    by krray ( 605395 ) * on Monday June 21, 2004 @07:03PM (#9490064)
    Unfortunately it will always be profitable, at some level, to spam with the current email setup. The can is open and it will always remain as much of a problem as unwanted callers and junk faxes. Heck, at some point I'm peckered by street vendors trying to sell me something and I find them annoying too.

    I'm no fan of Microsoft, but their efforts -- coupled with whatever other "standard(s)" are incorporated will go a long way to squelching the issue in short order. Yeah, like many of you I'm sitting here waiting for the "right" standard to catch and implement it into my Linux & BSD servers (and soon to be OS X running the same software :). The .01/email type of setup simply won't catch on (hopefully :), but even with "Caller-ID" email somebody, somewhere will still try and spam you at the cost it needs to get the bandwidth. Clever spammers will continue to rape Windows boxes and instead of DIRECTLY sending out the messages properly send it through the subscribers "registered" and "authentic" mail server -- and if they're smart send out a message every 3 minutes now and forever. Times 5,000 infected computers and I'd bet you could still get the message out and make a buck doing it.

    TODAY by simply blocking IP's (spam me once from any IP and that IP will never talk to me again, rule #1 :), harvesting messages to spam traps (their game is a doubled edged sword :), and a little filtering I see maybe a couple of messages a month. Maybe. My logs show a very different story though...

    Caller-ID email added into the mix and I could whack 'em and stack 'em even faster -- so it will be on par with the number of soliciting phone calls I get [one maybe every six months ;].
  • by EggMan2000 ( 308859 ) * on Monday June 21, 2004 @07:03PM (#9490067) Homepage Journal
    Did the Honey Pot Hunter link on the screenshot get anyone else's attention?

    screenshot [zenger.nl]

    It seems to me that there is some level of sophisitication to these spammer sites. I'm guessing they are really ripping off the poor shmucks who sign up.
  • by G4from128k ( 686170 ) on Monday June 21, 2004 @07:32PM (#9490258)
    This story illustrates that the profitability of spamming is not that great. It would be even less profitable if spammers e-mail address books were even more polluted by bad addresses. And spam would be even less profitable if spam-using sites were innudated with mail.

    I wonder if we could kill two birds with one stone. Littering the web with dummy e-mail addresses that include the domains of spam-supported sites. That way, the sites become overwhelmed by inbound mail traffic. It would be a version of this [hostedscripts.com] or, better yet, this [armchairgenerals.com] using real domains of spam-using sites (from a blacklist service). E-mail addys such as sdadhja@viagraspammer.com, eywheh@viagraspammer.com, wywhdi@viagraspammer.com would both cost the spammer and the site that is using spam.
  • by josepha48 ( 13953 ) on Monday June 21, 2004 @07:44PM (#9490331) Journal
    .. is when they start forging email addresses. Like sending email to me with my own email address.

    Its kinda like faking where a letter is sent from and who you are at a bank. Its forgery, and fraud. Personally I think people that do this that get caught should end up in jail or shot.

    • .. is when they start forging email addresses. Like sending email to me with my own email address.

      I recently told Postfix to reject any SMTP session that start with "HELO $foo", where $foo is my public IP (I'm behind a NAT) or my domain name or any hosts in the domain, and the source is not in fact a machine on my LAN (or someone using authenticated SMTP to send an outbound message). I've also started rejecting all email that fails SPF - that is, email that specifically violates the alleged sending domai


  • The next time I hear about a spammer spilling his guts, I expect *real* guts from a real spammer.

    Oh yeah, screenshots included !
  • by jonwil ( 467024 ) on Monday June 21, 2004 @08:24PM (#9490557)
    Basicly, FBI etc runs an "open relay" that is really a honeypot gobbling up the SPAM.

    Leave it going for a while and from there, trace back to the spammers themselves via the logs.

Philosophy: A route of many roads leading from nowhere to nothing. -- Ambrose Bierce

Working...