Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Spam Security IT Your Rights Online

Amazon Bulk-Email Service Could Lure Spammers 71

snydeq writes "Amazon Simple Email Service and Amazon Web Services look to be a potent combination for businesses and developers, no matter which side of the law they're on, InfoWorld reports. The newly announced bulk email service, which will enable Amazon customers to send 100 emails for a penny, could prove enticing to those seeking a cheap way to bombard inboxes with spam, malware, and phishing lures. Amazon claims its in-house content filtering technology should assuage anyone thinking SES will be used by scammers. 'Those assurances aren't entirely heartening, though, unless Amazon is way ahead of the curve with content-filtering technology. Email services and software vendors have tried for years to keep spam and other unwanted messages from showing up in users' viewing pane, but the crud keeps slipping through.'"
This discussion has been archived. No new comments can be posted.

Amazon Bulk-Email Service Could Lure Spammers

Comments Filter:
  • by h00manist ( 800926 ) on Tuesday January 25, 2011 @07:59PM (#35002094) Journal
    Or does anything decent really have to run on a server?
    • There was an open-source project called SAProxy at one point which would put SpamAssassin on your desktop. Not sure what happened to it. It was integrated into a great email client I used to use called Bloomba.

    • by Anonymous Coward

      Making money and gaining prestige too often drive business decisions and are the enemy of "doing the right thing."

      Why should businesses be interested in doing the right thing? Small businesses can develop a strong competitive advantage by deliberately focusing on ethics. They can earn repeat business and a good reputation. In addition, business ethics are important because, without them, three behaviors result:

      # People follow their own preferences without concern for others.

      # Individuals lose their sense of

    • Spamassassin works fine here.

    • Thunderbird's spam filtering isn't horrible; it's based on the same ideas as SpamAssassin, but can be easily hand-tuned. In addition, on a Linux desktop, you could always setup SpamAssassin with procmail [apache.org], but this implies that your end-users actually understand things like procmail. ;)

      Personally, I use dovecot+postfix+spamassassin on my home e-mail server and fetchmail to grab mail from remote servers such as my gmail account and then use Thunderbird's junk mail filters to filter out anything SpamAssassin

    • I get no satisfaction filtering the email after it has been delivered. I go out of my way to run spam assassin and a dozen other methods to end the session before it gets delivered. I know they don't get the message that I won't be spammed, but it makes me feel good when I see that 500 or 554 rather than giving them a friendly 250.
    • POPFile [getpopfile.org] classifies email. Not just spam and not-spam, either, but into any number of categories you choose (personal, business, etc.). The more email you feed it, the better it gets at automatically classifying it.

  • by colinnwn ( 677715 ) on Tuesday January 25, 2011 @08:00PM (#35002108)
    Amazon's content filtering may be on-par with the industry. But if any customer has the temerity to forward Wikileaks docs through their bulk email service, I bet we'll find out that their "spam" filter is better than we thought.
  • by plover ( 150551 ) * on Tuesday January 25, 2011 @08:04PM (#35002154) Homepage Journal

    When I read that Amazon was going to "Lure Spammers" I was hoping they meant "into pit traps, filled with tigers."

    Boy, was I disappointed.

  • by bradgoodman ( 964302 ) on Tuesday January 25, 2011 @08:07PM (#35002184) Homepage
    In their docs, they mentioned something about working with other Major ISPs. From what they indicated, other ISPs (Google, Yahoo, AOL, etc) track metrics on emails - people who click them as "spam", "objectional", etc. These ISPs forward this information back to Amazon. If they detect that someone is sending out mail which is being flagged as objectional by too many users, they can shut you down.
    • by Cylix ( 55374 ) *

      There are also other white list approaches I've seen as well.

      A similar service operates on an opt in approach in which you must respond back to the opt-in request for the bulk mailers. Once you are verified on the list of approved senders the email relay service will allow your address to be filtered by that particular opt in list.

      It's very much a major-domo like service for spam, but applied more to an entity rather then a particular list. (Say concept and objects, but a slight twist). I wouldn't be too su

    • What ever happened to being responsible for what leaves your network? Recipients, and even email operators often simply give up reporting abuse, as traditionally the success of reporting to abuse departments has been very low. And isn't this a little like closing the barn door after the cow is gone? A simple stolen credit card, and 24 hours head start, boy are we in trouble with that kind of power. And the idea of 'opt-in' or 'permission' based according to current anti spam legislation is so loose, and
    • That's called a feedback loop, or FBL. These have been around a long time. Most ISPs and gorilla mailers have been using them for many years. They aren't a magic bullet against spam--far from it. An FBL is simply analogous to walking over to your neighbor's house and telling him his son just threw a rock through your window. The dad isn't able to keep tabs on his kid all the time. Same with an ISP, freemailer, or in this case, Amazon. The FBL is simply an extra set of eyes and ears.

  • by arevos ( 659374 ) on Tuesday January 25, 2011 @08:15PM (#35002270) Homepage

    Those assurances aren't entirely heartening, though, unless Amazon is way ahead of the curve with content-filtering technology.

    Amazon has the spammer's credit card details, knows where each email comes from, and can freeze or terminate accounts at the touch of a button (or via an algorithm). This gives it a considerable advantage over those that have to passively filter spam.

    And in any case, spam filters are pretty damn good these days. I've had a public email address for going on 15 years, which used to get hundreds of spam emails every day. Now it's very rare for even one to slip past GMail's filter.

    • by Zebai ( 979227 )

      Very likely the sending isn't immediate either for larger bulk operations. I wouldn't be surprised if an order for 25,000 emails would appear on someones report list for investigation. It would not take a great deal of time to find out if an email was a piece of spam designed to get past normal filters as they tend to be unusual looking emails and if it wasn't designed to get past normal filters than amazons own normal filters would catch it. They can also be sure that every single email is labeled with th

      • by Anonymous Coward

        25,000 emails will cost $2.50 to send. Do you really think Amazon are going to put a human investigator on every $2.50 order?

    • by Anonymous Coward

      Cool, you have an anonymous VCC purchased from a reseller in Afghanistan and you have the anonymous proxy IP I've paid for using an anonymous foreign Paypal account. Problem?

  • by John Hasler ( 414242 ) on Tuesday January 25, 2011 @08:16PM (#35002284) Homepage

    Why would any spammer pay that much when they can rent a botnet?

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      If they're using a stolen credit card, they don't have to worry much about payment.

  • I think this unattractive to true spammers due to the $0.01 per hundred messages charge, and they'll just be terminated anyways. The real spammers send millions of messages a day, most of them to invalid recipients that never get anywhere.

    Most spam abuse of SES is likely to come from the uninformed, or misguided newbies.

    As described on amazon's site [typepad.com]

    :

    • When you first register, you'll have access to the SES "sandbox" where you can send email only to addresses that you have verified. The verification proc
  • by TimFreeman ( 466789 ) <tim@fungible.com> on Tuesday January 25, 2011 @08:27PM (#35002360) Homepage
    The response rate for spam is very low (1 in 12.5 million according to http://www.techradar.com/news/computing/spammers-get-1-response-to-12-500-000-emails-483381?src=rss&attr=all [techradar.com]), so a spammer would have to pay 12.5M / 1K * $0.10 = $1,250 to get a response by paying Amazon to send emails. Multiple responses will be required to make a sale. If they can't make $1,250 of profit per response, they can't make money by using Amazon to send their spam.
    • by Cylix ( 55374 ) *

      An old manager of mine was one such person though.

      He would often site the great deals he would get through spam. I would often explain that while he might think it is a great deal he is really making the world a worst place for the rest of us by encouraging this behavior. (Of course he didn't really care)

      Naturally, he was also suckered into losing a thousand or so dollars on more then one questionable deal. (To which I advised him not to dare do it)

    • The response rate for spam is very low (1 in 12.5 million according to http://www.techradar.com/news/computing/spammers-get-1-response-to-12-500-000-emails-483381?src=rss&attr=all [techradar.com]), so a spammer would have to pay 12.5M / 1K * $0.10 = $1,250 to get a response by paying Amazon to send emails. Multiple responses will be required to make a sale. If they can't make $1,250 of profit per response, they can't make money by using Amazon to send their spam.

      Actually, that would be the business doing the spamming.

      Amazon in this case is doing what spammers do - sells email services on a per-email basis. Most spammers get payment to spam N million people, and they don't really care if 99.9999% of them are filtered out by the time it's received - they've gotten their $100 or whatever they've charged. It's the business wanting the spamming service that has to make up the $100 on the remaining few.

      That's why spammers make so much money - they just have to send email and not guarantee results. And the business that paid $100 to get $12 worth of business? Well, he may never hire a spammer again, but there's another business "genius" wanting marketing services at his door.

      It's also why most spam is virus laden crap - that's far more profitable than trying to sell product.

  • by rudy_wayne ( 414635 ) on Tuesday January 25, 2011 @08:27PM (#35002368)

    Email services and software vendors have tried for years to keep spam and other unwanted messages from showing up in users' viewing pane, but the crud keeps slipping through.

    The company I work for used to use a company called Postini for spam filtering. They are now owned by Google. They do a really fantastic job of spam filtering. Over the past several years, with my employer and with GMail, zero spam has gotten thru and the number of false positives have been about 1 every few months (and even then it was never anything important).

    • by yakatz ( 1176317 )
      I can add that this is not a one-of-a-kind result. We have used postini for years and had the same great effects.
      • A few years back CenturyTel started pushing all my email through Postini without any notice. As a direct result I quit using that account. During the first three days the filtering was in effect it passed 50% of the spam and stopped half a dozen valid messages.
        They provided no way to turn it off completely: just a couple of "aggressiveness" settings.

  • by Arrogant-Bastard ( 141720 ) on Tuesday January 25, 2011 @09:08PM (#35002608)
    Several of these have already been emitting spam for a while; whatever Amazon's doing (presuming that they're actually doing ANYTHING beyond having their spokespeople lie about it) isn't working.

    50.16.0.0/14
    67.202.0.0/18
    72.44.32.0/19
    75.101.128.0/17
    174.129.0.0/16
    184.72.0.0/15
    204.236.128.0/17
    216.182.224.0/20

    Mail from these ranges should probably be refused, or, at minimum, subjected to heightened scrutiny.

    • I suspect that there are two different things at work here:

      Amazon already sells, through "EC2", fairly cheap linux VM instances(possibly windows now, as well). It doesn't take a rocket surgeon to set up a stock linux server VM as a spam system(or, if you aren't exactly a rocket surgeon yourself, have your instance rooted and turned into a spam system for you...)

      Amazon has, beyond the boilerplate "if you do wicked things, that would be against our TOS and stuff", never promised any sort of filtering of
      • EVERYBODY sells cheap Linux instances and it's not going to stop, but what I suspect is that Amazon will eventually restrict outgoing SMTP traffic to only the Simple Email Service hosts (much like ISPs do) in order to funnel/filter spam before it leaves their network.
    • Sigh. Blacklist Nazis. I just put up three new EC2 instances tonight for my clients: one's running a maintenance tracker Website for a construction firm, the other's for a realtor, and the third is for a recruiting firm. . All of them send out email now using Postini's smarthosts to send mail but I'll definitely be looking into this new Amazon service as an alternative. However, If everyone blacklisted like you do, my legitimate (and very much wanted) email notifications would never get through.
  • by Opportunist ( 166417 ) on Tuesday January 25, 2011 @09:43PM (#35002800)

    First and foremost, why should I sign up for this "service"? Last time I checked I can send out mail quite fine, without paying anyone for it. Now, I rarely send out millions of mails, but a few thousands (for a opt-in newsletter, in case you're concerned) work just fine in a matter of seconds.

    And second, why should I assume that any of these mails will actually reach their targets? Any mail admin worth his salt (and every filter provider) will have the relevant addresses SO fast on his block list that you can't even use it the second day of its existence sensibly anymore.

  • Good,spam from amazon should be easy to block since they wont be using a botnet to send it. I hope lol. Which raises another question how will amazon guarantee there spam will land in mail box's?
  • by rjbrown99 ( 144423 ) <rjb@@@robertjbrown...com> on Wednesday January 26, 2011 @12:11AM (#35004380) Homepage

    All I have to say is http://www.authsmtp.com./ [www.authsmtp.com]

    I have no relationship to them other than a happy customer, but it took me WEEKS of effort to find a good mail relay from the cloud that could hit the inbox of all of the major e-mail providers (Gmail, Hotmail, Yahoo, etc.) They do it every time and for very little.

  • by Bert64 ( 520050 )

    It's unlikely spammers would want to pay a penny per 100 mails, when they can use compromised boxes to send thousands for free...
    Spam has a very low hit rate, if you send out a million mails maybe a small handful of them will achieve the desired result, the rest will either be ignored, bounce, or get deleted by filters.

  • From their website:
    http://aws.amazon.com/ses/#functionality [amazon.com]

    "Verify Email Addresses: Before you can send email via Amazon SES, you need to verify that you own the email address from which you’ll be sending email. To verify an email address, make an API call with the email address as a parameter. This API call will trigger a verification email, which will contain a link that you can click on to complete the verification process."

    So, what's all this talk about Amazon needing great content filters
    • Ok, sorry, I guess I just misunderstood it. They are only asking to verify the account you're sending from. Whoops.
  • Doesn't matter if my viagra emails come from a hacked chinese botnet or an amazon approved paying customer - I still don't want that garbage in my inbox.

No spitting on the Bus! Thank you, The Mgt.

Working...