Brian McWilliams (bmcwilliams) Mon 31 Jan 05 19:24
David wrote: >There's a growing number of younger people who think that getting a >free ipod (or even a copy of Girls Gone Wild) is a perfectly >acceptable trade for some extra spam. I'm not sure why that is -- >possibly because they treat e-mail addresses as disposable? Could be. Plus, a lot of under-20s are relying on instant messaging as their primary online communication tool. Email is just for registering for web site access, freebies, etc. >That does bring up another (devil's advocate) question that's central >to any debate about spam: Is it really that big of a deal? As the author of a book about the spam problem, I'd love to be able to say it ranks right up there with global warming and AIDS. But obviously junk email is not anywhere near those issues. Junk email is tantamount to digital pollution. It's a by-product of selfish Internet industrialists who abuse a shared resource. If it's not in your backyard, you may not care too much about spam problem. But in some hot spots, it actually threatens peoples' ability to communicate. >What is there that's so offensive about spam that would cause people >to spend so much time tracking down spammers? Perhaps because it's a business typically built on fraud, theft of resources, and trespass? And because the products advertised are often offensive, illegal, or at least unwanted by many recipients? :) It's hard for some people to understand the bitterness between spammers and anti-spammers. Much of it stems from the fact that many spam opponents have their roots in system administration. (Hence the newsgroup that's become the online homeplace of many anti-spammers: news.ADMIN.net-abuse.email.) For some of these folks, dealing with spam has become a major (and distasteful) part of their jobs. They seem to set the tone for lots of other anti-spammers, even relatively non-techie newbies like Shiksaa.
Brian McWilliams (bmcwilliams) Mon 31 Jan 05 19:25
John wrote: >given the effacacy of my current spam filter, a free iPod might be >worth it.... What filter are you using? There's really no reason today why a filter shouldn't be catching 99% of spam, with very few false positives.
Dan Mitchell (mitchell) Mon 31 Jan 05 19:28
I think he meant it's working well, so there would likely be no fallout to signing up for a freebie.
Brian McWilliams (bmcwilliams) Mon 31 Jan 05 19:54
Dan wrote: >Among other idiocies, several people are saying that shiksaa should >sue you because you used her in the book without paying her. Yeah, there's an unfortunate tendency in newsgroups in general and Nanae in particular for some participants to voice strong opinions on subjects they know nothing about. :) Some Nanae-ites apparently feel that journalists in the past have painted them as kooks or vigilantes. I think they see themselves as gallantly defending Shiksaa against what they assume is an unfair trashing by moi. (If they ever read the book, they'll be surprised to learn that she's the heroine and that the work of anti-spammers is generally celebrated.) >What's the reaction been like from you perspective, both from >spammers, antis, and everyone else, for that matter? The spammers profiled in Spam Kings seem to feel that I was pretty fair and accurate in presenting their stories. (I did get a few complaints from spammers that too much of the story was dedicated to the "antis.") The readers I was most concerned about were those who don't have a strong allegiance to either side. Would they get swept up in the story and care about the parallel lives of Hawke and Shiksaa? I've gotten some pretty nice feedback from that group, and that's been satisfying.
Dan Mitchell (mitchell) Mon 31 Jan 05 19:59
Lots of nice reviews on Amazon too, save for one illiterate guy, and one guy who said he liked it, but gave only one star. >Yeah, there's an unfortunate tendency in newsgroups in general and Nanae in particular for some participants to voice strong opinions on subjects they know nothing about. No way! Really? ;)
bound to cover (mossman) Mon 31 Jan 05 23:11
>That does bring up another (devil's advocate) question that's central >to any debate about spam: Is it really that big of a deal? I guess I've gotten used to the gray mail, and can live with doing the delete button dance. The junk mail filter in Entourage is very effective (much moreso, I'm afraid, than spam assassin). However, what disturbs me is the murkiness of fictitious return addresses, and the fear that my own mailbox is being clandestinely used to pass on spam. So, are any anti spam strategies targetting senders who don't use true email addresses? It would seem this would be a reliable means of separating wanted from unwanted email. And, (exposing my naivite) it true that spammers can slip into an unprotected online computer and use it to send out multitude spam without the user knowing?
Brian McWilliams (bmcwilliams) Tue 1 Feb 05 06:30
>So, are any anti spam strategies targetting senders who don't use >true email addresses? It would seem this would be a reliable means > >of separating wanted from unwanted email. mossman, good point. Fwiw, the CAN-SPAM law forbids "spoofing" the return address and requires a true, working from line. On the technical side, there are efforts underway to establish an email authentication standard (such as Sender ID, Domain Keys, and SPF) that checks to see whether the sender of a message truly is who he or she claims to be. But those standards efforts have bogged down due to technical, political, and legal problems. In the meantime, some ISPs and others are going ahead and using the technology (e.g., AOL is using SPF) as part of their algorithm for identifying spam. >it true that spammers can slip into an >unprotected online computer and use it to send out multitude spam >without the user knowing? Yes, there are a number of computer worms and viruses currently in the wild that turn Microsoft Windows PCs into spam-sending "zombies." The majority of spam is now being sent through such infected computers. As a counter-measure, some ISPs have been blocking the data channel (port 25) used by these zombies to send mail. If you're on a Mac, it's extremely unlikely that your computer could be commandeered by spammers in this way. :)
David Wilson (dlwilson) Tue 1 Feb 05 07:53
I'm afraid I haven't read your book yet, but my question has to do with the Nigerian dictator's fortune spam. Do you deal with this? When I first saw this scam over junk fax broadcasting, I was struck by all of the assumptions about American culture that these spammers were making. They understood enough of our underlying values and attitudes so that they could make a pitch and get enough takers. How much does the spamming enterprise make use of culture and what parts to they focus on?
Brian McWilliams (bmcwilliams) Tue 1 Feb 05 10:01
David Wilson wrote: >My question has to do with the Nigerian dictator's fortune spam. Do >you deal with this? Sorry, no, I don't. It's certainly an interesting (and yet annoying) genre of spam! But the people behind it don't really qualify for "spam king" status. (None are listed on the Spamhaus list of the biggest spam operations, etc.) >How much does the spamming enterprise make use of culture and what >parts to they focus on? I don't think there's anything too profound about spammers' understanding of the consumer psyche. They sell whatever people are willing to buy via this medium. (See our earlier discussion about furtive shopping and porn, pills, etc.) The most successful spammers are opportunistic. Case in point: right after 9-11, spammers were pumping out messages advertising gas masks, cell-phone boosters, and anthrax test kits. When U.S. troops marched into Baghdad, Scott Richter broadcast millions of spams for the Iraqi Most Wanted playing cards. When the FDA announced an impending ban on Ephedra, Davis Hawke started sending out cell-phone spam touting a diet pill containing Ephedra ...
one big petri dish (jnfr) Tue 1 Feb 05 11:42
It is interesting how spam goes in waves. In the Well's <media.> conference there's a topic where people sometimes post annoying or amusing spam. And we all noticed together when there was a sudden recent upsurge in Rolex spam. No one had seen much Rolex spam before that, and all of a sudden everyone was getting a dozen of these a day. Do you know why spam would go in waves like that, not really related to outside events such as 9/11, but a sudden increase in specific offerings?
Dan Mitchell (mitchell) Tue 1 Feb 05 11:50
I think, but am not sure, that there is essentially just one Rolex peddler. The spams, though, come from dozens or hundreds of different spammers under the supplier's "affiliate" system. Many, many de facto spammers hide behind their affiliates, Pontious Pilot-like.
Brian McWilliams (bmcwilliams) Tue 1 Feb 05 12:44
>there was a sudden recent upsurge in Rolex spam. No one had seen much >Rolex spam before that, and all of >a sudden everyone was getting a >dozen of these a day. Do you know why spam would go in waves like >that, not really related to outside events such as 9/11, but a sudden >increase in specific offerings? Jnfr, a few months back I asked Louisiana spammer Ron Scelson about the Rolex spams. (Scelson is in "Spam Kings," and he spammed Rolexes a while back.) He told me that it's a seaonal thang, a pre-Xmas push from spammers not unlike what brick-and-mortar retailers would do. Then again, some of these waves may be caused by the manufacturers who supply spammers. Hawke's 2003 barrage of penis-enhancement pill spams started when a contract manufacturer in Kansas told him it had come up with a new idea for packaging herbal Viagra as penis fertilizer. :) When that market slowed down, Hawke switched (ironically) to hand-held lie detectors, because he discovered a company that was wholesaling them for cheap.
Brian McWilliams (bmcwilliams) Tue 1 Feb 05 12:51
>I think, but am not sure, that there is essentially just one Rolex >peddler. The spams, though, come from dozens or hundreds of different >spammers under the supplier's "affiliate" system. Dan, I know of at least two big Rolex spam operations, but your point is correct: spammers like to farm out the work to affiliates. As I describe in the book, Hawke had scores of people signed up as affiliates. He agreed to pay them about a 40% commission for every order of penis-pills they sent his way. I recently reported on my experience undercover as a Rolex spam affiliate: http://www.salon.com/tech/feature/2004/12/14/spam/
one big petri dish (jnfr) Tue 1 Feb 05 13:25
I remember that article now that you mention it. That was pretty interesting. So it's much like an "ordinary" retailer in the sense that they come across a quantity of a cheap product, or they are hitting a particular marketing opportunity, but instead of using what most of us would consider acceptable channels, they use spam. And of course, a lot of what they are selling are scam products or just not worth the money...
Dan Mitchell (mitchell) Tue 1 Feb 05 13:42
Brian, you didn't get much into pornospam in the book. Was this a conscious decision on your part, or did you try to get some of them to talk to you? There is the infamous Whittaker Communications/US Wives outfit, there is the "pussycash" guy in San Diego, and the one I think is the biggest of them all, Webfinity/Dynamic Pipe.
Brian McWilliams (bmcwilliams) Tue 1 Feb 05 16:30
>You didn't get much into pornospam in the book. Was this a >conscious decision on your part, or did you try to get some of them to >talk to you? Dan, sounds like you really know your pr0n spammers! ;-) It wasn't really a conscious decision. I guess I organized the book primarily around the stories of Hawke and Shiksaa. If either had encounters with major porn spammers, then that might have convinced me to work them into the narrative. On the other hand, I wouldn't have wanted to drop any of the spammers who are in there. Maybe I'll add porn kings to Spam Kings II. (Just kidding.)
David Adam Edelstein (davadam) Tue 1 Feb 05 17:06
Do the porn spammers use any different techniques from "regular" spammers? Obviously the e-mails are more generally offensive (I'll never forget the stunned and bewildered look on my mother-in-law's face after she got her first hardcore porn spam), but are they any different otherwise? Dropping back a little earlier in the discussion, it seems like laws and spam filters and so forth are only barely keeping up with the flood of spam -- if not losing ground. Do you think the war on spam is winnable? And (as a twist) do you think the tactics the anti-spam fighters use are helping or hurting the cause overall?
Dan Mitchell (mitchell) Tue 1 Feb 05 17:37
I wrote about a pornospammer,hence my particular knowledge. And for some reason, they bother me more than the others. I'm no shrinking violet, but I still don't like getting lowbrow messages from guys hawking ASSES RAMMED WITH GIANT COCKS in my inbox.
Betsy Schwartz (betsys) Tue 1 Feb 05 19:23
Bad enough that I get them, but I sure don't want my grade-school daughter getting them. I'm willing to let her browse uncensored in the grownup section of the public library, but not this. I have wondered, though, about porn ads, how many of them are actually selling a product as opposed to just harvesting credit card numbers. I was quite surprised, reading Spam King, at how much actual product is shipped (whatever the quality of that product might be)
Brian McWilliams (bmcwilliams) Wed 2 Feb 05 06:55
Betsy, your hunch is right ... porn spam is sometimes designed simply to harvest credit card numbers. In other cases, the advertised porn sites will indeed deliver the goods, but they will also secretly try to infect visitors' computers with malicious software (keyloggers, autodialers, spyware, etc.) using vulnerabilities in Microsoft's Internet Explorer. Yeah, successful spammers can move a lot of product when they're on a roll. At one point, Hawke's company was spending a couple thousand dollars each month on shipping.
Dan Mitchell (mitchell) Wed 2 Feb 05 07:12
It's funny that just a few years ago, it was assumed that very few spammers actually made any money. I remember really savvy people saying that spam may not last, or would at least dwindle to acceptable levels, because it would become generally known that there was no money in it.
Brian McWilliams (bmcwilliams) Wed 2 Feb 05 08:53
Dan, I was among the people who suspected that the only money was being made in selling spam software, mailing lists, etc., and that it was a kind of Ponzi scheme that would implode over time. My eyes were opened in 2003 when I stumbled across order logs at one of Hawke's penis-pill sites, and saw that people from all walks of life were placing orders totalling hundreds of thousands of dollars. I wrote about it for Wired News: http://www.wired.com/news/business/0,1367,59907,00.html
one big petri dish (jnfr) Wed 2 Feb 05 08:57
"No one in this world has ever lost money by underestimating the intelligence of the great masses of the plain people. Nor has anyone ever lost public office thereby. " - H. L. Mencken
Brian McWilliams (bmcwilliams) Wed 2 Feb 05 09:12
David asked: >Do the porn spammers use any different techniques from "regular" spammers? < Hmm. Well, their subject lines tend to be a little more direct. I see a lot of pill spammers trying to "social engineer" recipients with phony subject lines, such as "Schedule change" or "Urgent update." The porno guys often make it quite clear in the subject line that it's porn spam. Then again, few porn spammers are complying with the federal "brown wrapper" rule requiring them to label their spams with the phrase "Sexually-Explicit." >Do you think the war on spam is winnable?< I believe that, for individual users, the spam war is quite winnable. Get a good spam filter and you can reduce spam to a nuisance level. But I have my doubts about whether spam is going to stop being the majority of all email traffic anytime soon. As we've discussed earlier, there's a population of people willing to do business with spammers. And some of them are actually responding to spam AFTER it's been filtered into their spam folders! >do you think the tactics the anti-spam fighters use are helping or hurting the cause overall?< With an estimated 5 trillion spam messages having been sent in 2004, I don't see how any anti-spam tactics could actually make things worse! :) I take that back ... it's arguable that a certain federal "anti-spam" law has actually made the problem worse by making it legal to spam someone as long as you give them an option to unsubscribe from future mailings.
Betsy Schwartz (betsys) Wed 2 Feb 05 10:55
I'll note that I've reduced my own spam level to nuisance (with the help of the WELL which has excellent and sophisticated spam filtering, with customizable opt-in and opt-out, plug plug) BUT I've had to be very vigilant against false positives. Many sites apply spam filtering to all user email without user control, and the result is that email is becoming less reliable, as valid email disappears into "black holes". As an email administrator I understand why we've had to abandon sending bounce messages (which can spread viruses) or answering postmaster mail (because large sites can get gigabytes daily) but it hurts to see email reliability degrading.
Members: Enter the conference to participate