Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spam Research Six Month Report

CowboyNeal posted more than 11 years ago | from the porn-nigeria-and-unrequited-crushes dept.

Spam 193

Zoomer writes "Every day, millions of people receive dozens of unsolicited commercial e-mails (UCE), known popularly as 'spam.' Some users see spam as a minor annoyance, while others are so overwhelmed with spam that they are forced to switch e-mail addresses. This has led many Internet users to wonder: How did these people get my e-mail address? In the summer of 2002, CDT embarked on a project to attempt to determine the source of spam. To do so, we set up hundreds of different e-mail addresses, used them for a single purpose, and then waited six months to see what kind of mail those addresses were receiving. The results offer Internet users insights about what online behavior results in the most spam. The results also debunk some of the myths about spam." Update: 04/12 15:47 GMT by CN : About a minute after this went live, I found that michael posted this earlier. Mea culpa.

cancel ×

193 comments

Sorry! There are no comments related to the filter you selected.

fp (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#5716123)

could it be????

Re:fp (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5716128)


s_/_____\____REPORT___\___DUPES____/____\_______s_ _
l|___I___|_____________\__________|______|______l_ _
a|__LOVE_`.__Call_1-800-SUCKTACO__|_______:_____a_ _
s`___M____|_____________|________\|_______|_____s_ _
h_\__I____|_/_______/__\\\___--___\\_______:____h_ _
d__\__C___\/____--~~__________~--__|_\_____|____d_ _
o___\__H___\_-~____________________~-_\____|____o_ _
t____\__A____\_________.--------.______\|__|____t_ _
s______\__E__\______//_________(_(__C__\___|____s_ _
u_______\__L.__C____)_________(_(___C___|__/____u_ _
c_______/\_|___C_____)/__/.__\_(____C___|_/_____c_ _
k______/_/\|___C_____)|_MODS_|__(___C___/__\____k_ _
s_____|___(____C_____)\_HERE_/__//__C_/_____\___s_ _
*_____|____\__C_____\\_________//_(__/_______|__*_ _
s____|_\____\____)___`----___--'_____________|__s_ _
l____|__\______________\_______/____________/_|_l_ _
a___|______R_______/____|_____|__\____________|_a_ _
s___|___F__E______|____/___/.__\__\____F__S___|_s_ _
d___|___U__A___/_/____|__SERVER_|__\____U_P____|d_ _
o___|__C___L__/_/______\__/\___/____|___C__E___|o_ _
t__|___K__N__/_/________|____|_______|__k__E___|t_ _
s__|______E___|_________|____|_______|_____C___|s_ _
u__|______W__|__________|____|_______|_____H___|u_ _
x__|______S__|__________|____|_______|_________|x_ _
*_s_l_a_s_d_o_t_s_u_c_k_s_*_s_l_a_s_h_d_o_t_s_u_x_

Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page) Important Stuff: Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads. Read other people's messages before posting your own to avoid simply duplicating what has already been said. Use a clear subject that describes what your message is about. Offtopic, Inflammatory, Inappropriate, Illegal, or Offensive comments might be moderated. (You can read everything, even moderated posts, by adjusting your threshold on the User Preferences Page)

spam is a killer (4, Insightful)

Anonymous Coward | more than 11 years ago | (#5716130)

you can't just put your email address on your website like you once did
you can't add your email address to your usenet posts
even if you email someone and they get an email virus, then you're on every spam list this side of Mars faster than you can say kazaa
spam is harrasment, spam is bad, spam is undermining the internet. What would my mother think if she suddenly received "cum see horny l0litas" just because someone she emailed got a virus
Legally treat spammers like vandals I say.

Re:spam is a killer (0)

Anonymous Coward | more than 11 years ago | (#5716158)

Treat the spammers like Vandals. And we're the Huns. Ha ha ha!

Re:spam is a killer (0)

Anonymous Coward | more than 11 years ago | (#5716190)

Well we Europeans wiped the huns out, so yes, spammers being huns, be my guess.

Re:spam is a killer (0)

Blueice88 (648233) | more than 11 years ago | (#5716195)

I Agree with you buddy, but if the providers gives for us something filter of spam functional, the situation will be different, do you think so?So... I think what many peoples of ISPs(internet providers)are partners of spammers, isnt?? Blueice88

Re:spam is a killer (1)

Mononoke (88668) | more than 11 years ago | (#5716196)

What would my mother think if she suddenly received "cum see horny l0litas" just because someone she emailed got a virus
Hard to say. I don't really know your mother's interests that well.

What I want to know.... (3, Interesting)

invenustus (56481) | more than 11 years ago | (#5716211)

.... is the profile of the average spammer. Most of my spam is poorly spelled and frequently points to sites that don't have anything to sell. My suspicion, and I have no way of verifying it, is that most of these messages are sent by people who get suckered into a "Make Money From Home!" offer, send a few messages to a giant list of addresses, and then give up when they're not living in MC Hammer's mansion by the end of the week.

Does anyone know who the average spammer is?

Another cool piece of spam research I've never seen mentioned on Slashdot is the Bot Trap [kloth.net] , which I learned about from this Little Green Footballs entry [littlegreenfootballs.com] . If you're the admin for any web server, I strongly recommend setting this up. You probably don't make a huge dent in spam, but you get the satisfaction of seeing the list of IP's you thwarted.

Re:spam is a killer (0)

Anonymous Coward | more than 11 years ago | (#5716239)

What would my mother think if she suddenly received "cum see horny l0litas" just because someone she emailed got a virus

She'd probably roll her eyes since she's featured on most of those websites.

Re:spam is a killer (1)

villain170 (664238) | more than 11 years ago | (#5716252)

spam is harrasment, spam is bad, spam is undermining the internet

There might be some hope for you in the works. Congress is trying to pass a bill in order to control spam.

Senators' bill takes aim at spam [cnn.com]

Re:spam is a killer (0)

Anonymous Coward | more than 11 years ago | (#5716305)

Yeah, that's great. The government regulating my ability to communicate on the internet will be the most wonderful thing ever. I cant wait until they tax email! That'll surely stop spam!

Here's hoping that the War on Spam is as effective as the War on Drugs was.

(Notice how slashbots flip-flop on the whole government big brother thing when the issue is spam and not P2P filesharing?)

Re:spam is a killer (1)

villain170 (664238) | more than 11 years ago | (#5716324)

It's a tough call. We hate spam, yet we're scared of having the government regulate the Internet which they have been having trouble with as of late.

It's a conundrum of epic proportions that I think the government is not coping with very well.

Re:spam is a killer (1)

Invalidator (444283) | more than 11 years ago | (#5716469)

If Congress had acted ten years ago when spam first raised its ugly head, we wouldn't have the mess we are stuck in now. Spam took hold and grew precisely because the government did nothing. The Direct Marketing Association had more influence with the governement than voters.

Now, after years of fine tuning their torture, spammers have web sites and mail servers in China, Brazil, Iraq (?), etc. and the US government won't be able to do a thing.

You said it! (2, Funny)

DrMrLordX (559371) | more than 11 years ago | (#5716309)

With all that sodium and saturated fat, it's just not safe to eat it. And it's not cheap anymore, either, so it'll ruin your budget too! I guess it's okay baked in a brown sugar glaze with raisins, though. If you're desperate for meat.

Support your local troll.

I hate spam too, but... (2, Interesting)

rmdyer (267137) | more than 11 years ago | (#5716335)

...I just don't understand how some people are having so much trouble with it.

I've had the same email address since Sept 1992. We don't use any filtering on the mail server. I only get about 5 or 6 spam messages a day. On a bad day I might...might get up to 10. Granted, I have seen a marked increase in spam in the last year. True, it's probably going to get worse. I sometimes get more telemarketer calls a day than email spam tho...that says something.

I can only surmise that some people don't know how to browse the internet securely.

First rule of the internet, create a hotmail account for anything non-professional like general browsing and usenet. For professional sites, always uncheck the boxes that request news and updates. This is no-brainer stuff.

If you really want to eliminate spam, get rid of drop-box mail solutions like SMTP. Require the sender to request a token for email transfer.

Just my 2 cents.

Re:spam is a killer (0)

Anonymous Coward | more than 11 years ago | (#5716407)

How can a group of people (slashdotters) that are so against government regulation of technology (DMCA) think that that spam should be regulated? A piece of spam takes a half of a second to recognize and delete. If you say you spend more than 2 minutes a day deleting spam you are either lying or stupid. Filters can get rid of 80-90% of spam and the other 10-20% is easy to deal with. Don't bring government regulation into something that can be stopped by the end user with technology.

Fucking socialists.

Re:spam is a killer (I'm immune) (1)

mongus (131392) | more than 11 years ago | (#5716425)

My email address is on my website.
My email address is in my usenet posts.

I make my email address easily available to spammers everywhere. Go ahead, add me to your list. You don't scare me!

I feed Herbivore [herbivore.us] all the spam I can but it doesn't like it much.

Hotmail (2, Interesting)

obotics (592176) | more than 11 years ago | (#5716131)

I think if the government or something was to just do a raid on Hotmail servers and shut them all down, this would cause a heavy reduction on the amount of spam. It is amazing how much my Hotmail account receives. If I don't check the account for a whole day, the account will reach the storage limit and bounce incoming e-mail.

PS if anybody needs some good spam to help Mozilla Bayesian Junk Mail filters learn, just set up a Hotmail account and copy those e-mails into Mozilla :)

Re:Hotmail (5, Insightful)

Servants (587312) | more than 11 years ago | (#5716200)

No... that just means Hotmail receives a lot of spam. So many people use it that a reasonable proportion of possible usernames are taken, and that means spammers can and do use "dictionary" attacks, where they send e-mail to random usernames and then just hang onto the addresses that don't bounce.

I believe that big providers like Hotmail and Yahoo try reasonably hard to prevent people from sending spam from their accounts, as it uses up bandwidth and creates ill will, so they do things like limit number of recipients per message, or recipients per day, that sort of thing. (Can anyone confirm that?)

But a spammer can make their e-mails appear to come from whatever address they want, and if there's a URL in the message they don't need to worry about whether people can reply.

Re:Hotmail (1)

villain170 (664238) | more than 11 years ago | (#5716259)

they do things like limit number of recipients per message, or recipients per day, that sort of thing. (Can anyone confirm that?)

I heard this too and did some research. Here's an article [internetnews.com] to quench your thirst for email liberty!

Re:Hotmail (0)

Anonymous Coward | more than 11 years ago | (#5716201)

Actually, that's not such a good way to teach Bayesian filters as you would then be picking up and normalise against a lot of tokens from the Hotmail headers, which your regular mail won't have.

This kind of thing can actually undermine your previous Bayesian training, though you should still hopefully get a lot of good tokens in the body; subject lines etc..

Re:Hotmail (0)

Anonymous Coward | more than 11 years ago | (#5716320)

I picked an obscure, lengthy Hotmail account to receive junk emails and random survey confirmations. In the eight months it's been operational, I haven't received a single piece of spam. I haven't been loose with the address, but I've certainly given it to websites in place of my normal addresses.

The junk mail filter catches lots of stuff before it even reaches my "junk mail" folder, but I've only had two pieces of mail enter the junk mail folder, and neither were junk.

So I think all addresses have the potential to be spammed, and that more dictionary attacks occur on hotmail.com because it's more prominent.

Re:Hotmail (1)

mongus (131392) | more than 11 years ago | (#5716455)

I stopped using my Hotmail account about two years ago because I'd get about one valid email per month and about 500 spams. It really sucks going through page after page of spam just to see if you have any valid emails. I gave up on Hotmail.

I'm using my Hotmail account again thanks to Herbivore [herbivore.us] . It has support for Hotmail. An added bonus is my messages come straight into my mail client so I don't have to go through Hotmail's site to read them.

Dupe (1, Redundant)

SuperQ (431) | more than 11 years ago | (#5716132)

http://slashdot.org/article.pl?sid=03/03/19/173624 9

atleast this one is in html form, not pdf.

I saw it in the Mysterious Future, but there still isn't a good way to report dupes before they go live. I think you should open the thread for comments before it goes live, and nuke/archive/whatever those comments after it's live.

Re:Dupe (mod) (1)

1u3hr (530656) | more than 11 years ago | (#5716498)

I see the parent "Dupe (Score:1, Redundant)" was modded "redundant" by some twat of a moderator. The following post "Duplicate (Score:3, Informative)", was psoted one minute later.

... moderators on crack...

grrrr (0)

kewsh (655090) | more than 11 years ago | (#5716138)

This still doesnt solve the spam problem. Do I have to start using the web different to avoid 50 spams a day?

Harvesters- come and get it. (-1, Troll)

Anonymous Coward | more than 11 years ago | (#5716140)

cmdrtaco@slashdot.org
michael@slashdot.org
chris d@slashdot.org
taco@slashdot.org
cowbotneal@slas hdot.org

Do as I say... (5, Funny)

iconian (222724) | more than 11 years ago | (#5716142)

.... E-mail addresses composed of short names and initials like bob@ or tse@, or basic combinations like smithj@ or toms@ will probably receive more spam. E-mail addresses need not be incomprehensible, but a user with a common or short name may want to modify or add to it in some way in his or her e-mail address.

For further information, please contact Ari Schwartz at the Center for Democracy & Technology, 202-637-9800, ari@cdt.org.


Anybody see the irony in that?

Eh, how many people do you know named Ari? (0)

Anonymous Coward | more than 11 years ago | (#5716153)

FFS, STFU.

Besides, his recommendation is for the average user--that is, WITHOUT SpamAssassin running on their mail server.

Two (0)

Anonymous Coward | more than 11 years ago | (#5716279)

Ari Fleischer, White House press secretary
Ari Myers, cute girl from 80's sitcom "Kate & Allie"

Perhaps YOU should be the one to STF, sir!

Re:Do as I say... (1)

Artifex (18308) | more than 11 years ago | (#5716173)

Anybody see the irony in that?


You do realize that was probably a set-up, right? I tried to go back and look at the source after leaving the page, to see if it had been posted as alpha tags, but the site's already been slashdotted.

Re:Do as I say... (1)

mongus (131392) | more than 11 years ago | (#5716235)

Just a continuation of the research project. :-)

Re:Do as I say... (2, Informative)

oscillateur (410978) | more than 11 years ago | (#5716289)

In the source the email was "hidden" : &#97 ;&#114 etc.

Since this was last posted 2 weeks ago (1)

geordie (258181) | more than 11 years ago | (#5716143)

I've got roughly 2500 spam emails....

WHOIS (5, Interesting)

SamMichaels (213605) | more than 11 years ago | (#5716144)

They mentioned that no spam was received from emails listed in the WHOIS database...

I'd be interested in seeing a study for companies that harvest snail mail addresses from the database.

I've received junk snail mail from every shady company on the face of the planet when I register a new domain or when it's up for renewal...plus I've even received phone calls (back when I used a real phone) about "we're ready to setup your web hosting and web design. Call us back immediately!" Persistant bugger, too...he kept calling back.

Re:WHOIS (1)

dacarr (562277) | more than 11 years ago | (#5716171)

Speaking personally and based on one source (my current work address), so far we've received no junk snail mail pertaining to our domains we registered on Dotster last year sometime. Of course, we don't actually *use* the domains, we just registered them. The owner of the company thinks that by doing this alone we have a web presence.

Re:WHOIS (2, Interesting)

juuri (7678) | more than 11 years ago | (#5716186)

I get a bit of spam related to domains registered through netsolutions, this is around 25 domains. At last count it was about 10 emails a week, far higher than the single email received during this study.

Domains registered with other registrars have yet to generate spam. Weird.

Re:WHOIS (1)

swb (14022) | more than 11 years ago | (#5716188)

This cracks me endlessly. I have two domains registered, one has a vaguely professional sounding name associated with it and the other has a crypto-anarchist name associated with it.

Both of them get sent junk snail mail, and I've even gotten some sales calls to the crypto-anarchist name.

Sales: I'd like to know if ____ is interested in updating their postage meter to a new Pitney-Bowes Mailmaster 1000.

Me: Actually, ____ is more interested in burning Pitney-Bowes machines in the street as part of our worldwide campaign to forment revolution.

Sales: Well, if you are interested in a better postage meter, will you give us a call?

It's pretty funny. I wonder if people with domains like "fuckoffasshole.com" get called, too...

Re:WHOIS (2, Informative)

the uNF cola (657200) | more than 11 years ago | (#5716227)

Whois records are definitely sources of spam. It depends on

1. How secure the whois information is from automated stuff.

2. Does the company sell your info to other companies?

Read the report properly (1)

Xavier000 (449480) | more than 11 years ago | (#5716384)

What it actually said was:

"Despite the fact that the WHOIS database is publicly accessible, our project
received just a single spam message to an address that was in WHOIS for six
months."


So while there was only one, it is very different to there being none at all.

Really good report (5, Interesting)

dtolton (162216) | more than 11 years ago | (#5716145)

It's interesting to see those results. While I knew that spammers
harvested e-mail addresses from Web Sites, I didn't realize the
magnitude of it.

of the 10,000 spam messages they received over the six month period,
8,609 of them were from simply posting it publicly to a web site. I
always opt out of the subscription services where I can, and most of
the time I avoid posting any of my e-mail addresses publicly, now I
will redouble that effort.

They had some really useful suggestions also, my favorite was using
multiple "disposable" e-mail addresses and forwarding them to a main
e-mail address that you keep private. When you sign up for a site,
create a new disposable e-mail address and use that. If you start
getting spam from it, just shut off that disposable e-mail. That is
incredibly good advice.

I like the idea of disguising or masking your e-mail address,
although I think using HTML characters or a "Human readable"
equivalent is something that spammers will easily be able to
circumvent if the practice becomes widespread. They don't bother now
because not many people do it.

What I would like to see is a standard practice of generating your
posted e-mail address into an image. This would make it
*significantly* more difficult to harvest e-mail addresses in mass,
while remaining easy for a single use of sending someone an e-mail message.

Think of the blind (2, Insightful)

yerricde (125198) | more than 11 years ago | (#5716169)

What I would like to see is a standard practice of generating your posted e-mail address into an image.

This would shut out people with less acute vision and would shut you out from contracting for the U.S. government [section508.gov] .

Re:Think of the blind (1)

Fjandr (66656) | more than 11 years ago | (#5716203)

Okay, then use a vector format. :)

Re:Think of the blind (2, Insightful)

dtolton (162216) | more than 11 years ago | (#5716204)

While I symphathize with the blind, there has to be a better way to make e-mail addresses available without publicly disclosing the information in text format. If we are forced to always disclose e-mail addresses in this way, there is simply no way to stop spammers.

Typically when you are posting it for some type of a government contract or any type of business page, the actual membership consists of a fairly closed set of individuals. If you have that set, you could easily make the e-mail address display in text for blind users, and display as an image for everyone else. Although you would have to implement a strict policy before allowing someone to register as a blind user.

I know it imposes hardships on some people, but the current system imposes hardships on everyone, including blind people.

Re:Think of the blind (1, Insightful)

Anonymous Coward | more than 11 years ago | (#5716300)

While I symphathize with the blind, there has to be a better way to make e-mail addresses available without publicly disclosing the information in text format. If we are forced to always disclose e-mail addresses in this way, there is simply no way to stop spammers.
This is quite pessimistic. What we should be looking for is a way that we can disclose our email addresses and still not get spam.

Easy disposable addresses. (1)

JKConsult (598845) | more than 11 years ago | (#5716291)

You can see my post a few down from parent, but I'll repeat it here. Spam Gourmet [spamgourmet.com] provides you an easy way to have disposable addresses. Sign up with them and give them a user name, password, and your email address. Then, whenever you post an address, or subscribe to a web service, you give them this: (a unique identifier).(some number).(your spam gourmet user name)@spamgourmet.com . The number is the number of emails that can be sent to that address before it gets killed. (Mail after that point is "eaten", hence the name Spam Gourmet.) No need to actually "create" disposable addresses. No need to manage them. Go to Spam Gourmet once, and never go back.

Re:Really good report (2, Funny)

olau (314197) | more than 11 years ago | (#5716454)

Why would you use images? ASCII art is great:

$ banner -w 40 joe@foobar.baz

It is a bit large, though.

Re:Really good report (2, Interesting)

wass (72082) | more than 11 years ago | (#5716478)

People have long been putting the NOSPAM identifier in your their address to be displayed publically, but I'm pretty sure spammers robots are by now regex'ing these attempts out.

What I have done in the past is to disguise the @ and . chars with other characters and include instructions how to fix it. For example, sign your posts like : email address me at "johndoexfakeyemailycom" and change the x to @ and the y to .

That technique might eventually fail if a large database of domains is built up such that it's easy to figure out where the x and y are. At that point, you can add longer words like 'xyzzy' instead of just 'x' for the @ substitution, etc.

Other good techniques I've seen is putting an email like "johnappledoe@fake.orange.email.banana.com" and then saying "remove all fruits to email me".

Although, whenever possible, I think embedding a picture of an email address is a great idea. I'll start doing that on my own webpages.

a guaranteed way to get gay porn spam... (0)

Anonymous Coward | more than 11 years ago | (#5716146)

...tell the wrong person on slashdot that he's a blithering idiot.

How about... (2, Offtopic)

pr0nbot (313417) | more than 11 years ago | (#5716148)

How about a "dupe" category on slashdot? That way the editors could mark stories as dupes and users could filter the category.

Re:How about... (1)

pr0nbot (313417) | more than 11 years ago | (#5716297)

No no, I wasn't being funny... I meant, once an editor has realised that something is a dupe, they change the category, at which point it drops off the slashdot page of anyone who's filtering dupes.

Re:How about... (1)

Grim Grepper (452375) | more than 11 years ago | (#5716370)

That's really not a bad idea.

Re:How about... (1)

1u3hr (530656) | more than 11 years ago | (#5716526)

That's really not a bad idea.

It wasn't a bad idea all the times it's been suggested over the last two or three years.

At this moment, Cowboy Neal has an apology added to the article. Why the fuck can't he pull it from the front page then? Are these guys too busy watching anime that they can't work out a way to detect dupes (since they dupe stories twice on the same day quoting the same sources, obvioulsy there is no system at all in place to even try), or at least a way to hide them after realising it.

personal statistics... (1)

simp (25997) | more than 11 years ago | (#5716150)

400 spam emails in the period of 2-apr upto 12 - apr. That's 40 a day. My spamfilters can cope with that, but it is annoying.

What I don't understand is how it is financially still possible. Someone has to pay the bill for the used bandwidth/server usage..

Re:personal statistics... (0)

Anonymous Coward | more than 11 years ago | (#5716166)

Yeah, and the somebody who pays is you.

Re:personal statistics... (1)

Artifex (18308) | more than 11 years ago | (#5716208)

400 spam emails in the period of 2-apr upto 12 - apr. That's 40 a day. My spamfilters can cope with that, but it is annoying.


What I don't understand is how it is financially still possible. Someone has to pay the bill for the used bandwidth/server usage..


In my case, my 40/day translates into at least 120/day total transactions, because every spam I get ends up getting shoved to uce@ftc.gov (go ahead, spammers, copy that!) and a Spamcop.net address. That makes 120 mails even before Spamcop starts sending out its notices, which add anywhere from one to a dozen or so new mails.

As you can see, the problem is even greater than we want to admit - I am sending out a larger volume of messages in spam-related complaints per day than I'm getting back as useful mail.

Re:personal statistics... (0)

Anonymous Coward | more than 11 years ago | (#5716301)

Same here.

I've set up an alias for use@ftc and spamcop, and forward each of the 40 spam a day I get to this alias. So effectively I send out only one e-mail per spam, but two boxes will get it.

It's a pity, there are hardly any spammers in Europe, otherwise I would make a living in fighting spam.

GW Bush should have declared war on spam, not Iraq! At least this way there would have benefitted 600.000.000 Internet citizens, and not only the handful US-Oil-Multis.

My .2c

Re:personal statistics... (2, Insightful)

LMCBoy (185365) | more than 11 years ago | (#5716340)

What I don't understand is how it is financially still possible. Someone has to pay the bill for the used bandwidth/server usage..

Well, that's entirely the point. The spammers don't have to pay for it, the recipients' ISPs do. That's why so many people regard spamming as a criminal activity, and not merely annoying antisocial behavior. They are literally stealing bandwidth.

Bad Addresses (4, Informative)

mongus (131392) | more than 11 years ago | (#5716152)

Almost all of the spam I get is to invalid addresses. I get all of the incorrectly addressed email for about 10 different domains - somewhere around 1000 messages per day. I don't know if the spammers just made up the addresses or if someone intentionally filled out forms with bogus addresses.

I'm happy to get all of this spam because it increases the effectiveness of my anti-spam system Herbivore [herbivore.us] . Herbivore is a distributed anti-spam system. Everybody that uses it increases it's accuracy. If you're interested, any Slashdot readers can get two years for free by entering "slashdot" as the promotional code. Help us fight spam!

Re:Bad Addresses (1)

duncf (628065) | more than 11 years ago | (#5716500)

How is this different from the open-source Vipul's Razor [sourceforge.net] , Pyzor [sourceforge.net] or DCC [rhyolite.com] , all of which are already in wide use through their easy integration with SpamAssassin [spamassassin.org] ?

Clearly a proprietary system just won't be as good because it needs, by its very nature, a lot of subscribers to be effective. Having said this, Cloudmark [cloudmark.com] seems to do alright by using Razor's network.

Hrmm... (3, Funny)

acehole (174372) | more than 11 years ago | (#5716154)

We might look at this from a different perspective, if we eliminate all spam the 'penis enlargement' and 'hot barely legal lolitas that want you!' industries might collapse overnight.

Re:Hrmm... (1)

mongus (131392) | more than 11 years ago | (#5716258)

If everybody would just give in and get a penis enlargement we'd eliminate half the spam.

"We've already got one!"

I'm not sure I want "everybody" to get one.... (0)

Anonymous Coward | more than 11 years ago | (#5716306)

I kind of like my wife the way she is.

Re:Hrmm... (0)

Anonymous Coward | more than 11 years ago | (#5716294)

Thanks. You just made my day. :)

Fight SPAM. (2, Interesting)

termos (634980) | more than 11 years ago | (#5716155)

I recently registred a new e-mail adress, two days later I already had spam in my inbox. I noticed that I had been releasing my e-mail on a few web-pages, and came to think of something. The spammers "scan" webpages for e-mail addresses, and automaticly send commercial mail to them.
If you are sick of this - as I am - add your e-mail address with NOSPAM in the middle of it like name@NOSPAMhost.com, or write it like this; name at host dot com. I have started doing that, and as I can see spam has acually increased a little bit.

Re:Fight SPAM. (1)

Absurd Being (632190) | more than 11 years ago | (#5716183)

How about setting up the email name@NOSPAMhost.com, and using that as a trap for emails. People will truncate the NOSPAM, spammers will lose time.

Re:Fight SPAM. (1)

eugene ts wong (231154) | more than 11 years ago | (#5716245)

I've always wondered what would happen if your actual address was JohnDoeNOSPAM@server.com The spambots would truncate the text, but your friends wouldn't because you would tell them to leave it in. The spambots would eventually catch on but it would be much harder to figure out, & in the process, they may end up getting fooled by addresses which actually should be truncated.

Re:Fight SPAM. (0)

Anonymous Coward | more than 11 years ago | (#5716286)

Since it's effectively free to send spam, they could just e-mail JohnDoeNOSPAM@server.com and JohnDoe@server.com. They probably already do that. That's what's so hard about stopping spam. It's so close to free, they don't give a damn about sending stuff to /dev/null.

Re:Fight SPAM. (1, Insightful)

Anonymous Coward | more than 11 years ago | (#5716237)

I see this a lot. People who think they're beating the spammers by putting "NOSPAM" as part of their email address.

I'll give you a little tip: it doesn't work.

Despite what you may want to believe about spammers, they have some pretty darn good scumbag software behind them. You don't think they go to every web page and write down addresses they see on a piece of paper, do you?

The spammer himself may not be that bright, but he most certainly has a geek who knows his perl and how to hack up sendmail configs to spooge tons of spam.

I will attest that by the time about the 5th person started putting "NOSPAM" as part of the email addresses, some smart person started regexp'ing that out.

Re:Fight SPAM. (1)

frohike (32045) | more than 11 years ago | (#5716292)

I find it hard to believe that spammers aren't already accustomed to these techniques, and haven't had stuff built into their software to remove phrases like "NOSPAM". Apparently they haven't, but...

What I like to do, and what I see as a future-proof way of handling this, is to reverse the @ and the . in my email address (see comment header for example). That way if there is a "clever" spam harvesting program at work, it'll either throw it out (domain name too short) or it'll start sending spam emails to Network Solutions. I win either way! :)

My "business" email (on cagames.com) has been posted this way for a good 6 months now and hasn't received a single piece of spam.

What a great idea! (1)

mongus (131392) | more than 11 years ago | (#5716377)

So original! Google groups only turns up "about 13,700,000" matches for "nospam". I'm sure the spammers haven't figured it out yet.

Spammers, please take note of my email address above. Send me all the spam you've got. It helps improve Herbivore [herbivore.us] 's accuracy.

Re:Fight SPAM. (1)

moncyb (456490) | more than 11 years ago | (#5716409)

So if I put the addresses of my good friends here--such as jvalenti@mpaa.org and csherman@riaa.org --then they would get lots of spam? Good to know.

NEW POLL (0)

Anonymous Coward | more than 11 years ago | (#5716160)

Deja vu?

a. CmdrTaco
b. michael
c. RFC EVIL BIT
d. CowboyNeal's dupes
e. The CowboyNeal Option

Maybe... (0)

Anonymous Coward | more than 11 years ago | (#5716161)

If the 'net wasn't clogged with articles about spam, more bandwidth would be saved than if spam itself was eliminated. These are a waste of reading time. We all know the best techniques to get rid of spam, yet our news sources are cluttered with spam complaints and recommendations. Am I the only one thinking this?

Re:Maybe... (2, Insightful)

gbjbaanb (229885) | more than 11 years ago | (#5716397)

nobody knew how to get rid of spam once upon a time. Just because you now know, doesn't mean that the rest of the population knows.
The articles should stay for as long as there's a problem. If you have an issue with this, save the bandwidth by not reading them. the subject was clearly marked after all.

Shouldn't this have been posted by CmdrTaco? (3, Interesting)

MondoMor (262881) | more than 11 years ago | (#5716175)

"Spam" ought to be CmdrTaco's category to update all by himself. It appears to be some weird obsession with him, since most people in his position just use one of the many freely-available tools and live with it.

Spam, the religion of CmdrTaco, who will soon declare SpamJihad on the troll community here, unleashing his SpamFedaykin-Slashbots! SPAM!

Mailshell.com (3, Interesting)

blackmonday (607916) | more than 11 years ago | (#5716191)

Mailshell.com tells me who spams me. You can assign yourself a "new" email address anytime, just by making it up when you give it to someone. The fake email is forwarded to your real address. So I have addresses like amazon@me.mailshell.com, etc. You can also direct any email that comes from a particular address to the trash, and never see it. I like it, I don't think it's too expensive. When I signed on it was still free.

AI... (2, Interesting)

Anonymous Coward | more than 11 years ago | (#5716193)

This still doesn't tell us WHERE spam comes from... i.e. what kind of losers are distributing it. Havent they realised that spam is now an ineffective advertising method? If someone wants pr0n, they damn where know where to get it. They're not just going to one day say "Oh, I think I will 'try' pr0n just because I got an email about it" as someone would try a car if they saw an ad on TV...

OR perhaps spam doesnt come from any one person - perhaps its the beginning of a dormant AI within the internet that nobody sees, it creates these messages on its own free will, and will some day break out of the internet.... okay, maybe i HAVE been watching the Matrix Trailer too much..

Re:AI... (0)

Anonymous Coward | more than 11 years ago | (#5716229)

Havent they realised that spam is now an ineffective advertising method?/I>

It obviously is, as is AT&T calling me twice a week to tell me about long distance savings plans. You don't need more than a tenth of a percent of the people on the other end to respond to turn a profit.

Think about it, you send out a few million emails about a website that costs 50 bucks to register. The cost of sending the emails is maybe a hundred bucks. You need at least 3 people out of the millions of email to make a 50 dollar profit.

Your email on a WebSite (3, Interesting)

GregBildson (316305) | more than 11 years ago | (#5716216)

We found that posting our contact email addresses on a well known website was definitely the worst thing to do. There are some very aggressive email harvesters out there that just eat up website content and easily parse out the email addresses. Using some simple javascript tricks to assemble and display your email address piece by piece will defeat the current generation of harvesters.

Some of our old email accounts are now firmly planted in the email lists that these companies sell to each other and will "be in play" forever. Having received numerous offers to assemble and sell email lists (which we will never do), I know a little about these companies. Once your email is known by one of the big players, it will be sold to others in units of thousands for as little as pennies but sometimes up to a buck per thousand.

Another Internet phenomenon they should research: (3, Funny)

ne0nex (612727) | more than 11 years ago | (#5716226)

The /. effect on webservers. Obviously starting with their own.

Another spam beating method? (1)

villain170 (664238) | more than 11 years ago | (#5716234)

CDT tested two methods of obstructing address harvesting:
  • Replacing characters in an e-mail address with human-readable equivalents, e.g. "example@domain.com" was written "example at domain dot com;" and
  • Replacing characters in an e-mail address with HTML equivalents.

Another method I have seen used effectively is creating an image file (.gif, .jpg, etc.) of one's email address. I guess a truly devious spammer could write a program to check all image files on a website and try to read them if they have characters, but I think that might be beyond the scope of many.

I use the image technique whenever I put my email address on any of my pages.

Re:Another spam beating method? (0)

The1stMentor (637787) | more than 11 years ago | (#5716358)

That's a damn good idea, thank you, I will use it :)

Re:Another spam beating method? (1)

villain170 (664238) | more than 11 years ago | (#5716379)

I can't take credit for the idea. I saw it used a long time ago on some site; can't remember what it was.

Glad I could offer some help and advice. :)

Worth saying again. (4, Informative)

JKConsult (598845) | more than 11 years ago | (#5716242)

It seems every article (dupe or not) on spam returns a thousand people throwing out their personal solution to fighting it. Most involve mail-server solutions, such as SpamAssassin, but I've read about MailWasher [mailwasher.net] a number of times. After the last article (the original of this dupe, actually), I finally decided to try it.

A week later, spam to my hotmail account has dropped from 30 or so a day to about 2. (Warning: Hotmail support is only provided in the pay version, but there's a 30-day trial.) Preview the spam on the server, and you're able to delete it, blacklist it, and best of all, bounce it back to the sender. In my wildest dreams, I never thought it would work so well. YMMV.

Another kick-ass product is Spam Gourmet [spamgourmet.com] . Some website wants your email address? Give them (unique identifer).(some number).(your user name)@spamgourmet.com . The number is the number of emails they can send before the address is killed, and the user name is your user name at spamgourmet. Go sign up, and you never have to go back to the site again. It works.

I'm sure many people are like me, and read these testimonials and figure that they're hype. Trust me. They're not. I wish I had done it the first time I read about them.

Re:Worth saying again. (0)

Anonymous Coward | more than 11 years ago | (#5716512)

replace the word "spam" with "debt" and you've got yourself a spam message right there, JK

dupes aren't always such a bad thing... (1)

evilquaker (35963) | more than 11 years ago | (#5716250)

I missed this story the first time it was posted. Taco: thanks for posting the dupe! It's useful information!

Odd coincidence and report summary. (4, Informative)

phillymjs (234426) | more than 11 years ago | (#5716254)

Just this past Wednesday night I discovered that I left the PDF version of this report sitting on my iBook from the last time this article was posted. Before I deleted it, I actually read the entire thing. Here's pretty much all you need to know:

1. Don't give out your e-mail address any more freely than you have to.

2. For the love of God, NEVER put it in unadulterated form (i.e. user@domain.com) in a Usenet posting or in a publicly-accessible HTML page-- even in the comments or other places that it won't appear on the final, rendered web page. If you do, it WILL get picked up and you WILL get an assload of spam.

3. If you MUST provide your address on a web page or Usenet posting, slightly obfuscating it (i.e. "user at domain dot com") is, for now, 100% effective against fooling the spambots. Which frankly I find amazing, because that trick has been around for years.

~Philly

If you want to stop spam , SUE the sender !!!!!!!! (0)

zymano (581466) | more than 11 years ago | (#5716281)

organize and sue the rich FUCKS that send it !
GET RICH QUICK !

Government Increased My Spam (3, Interesting)

dragons_flight (515217) | more than 11 years ago | (#5716285)

I operate a domain, so it is easy to substitute a unique email address when I register for some suspect activity.

To my shock, one of the single greatest sources of spam that I have gotten is from an email address placed on a CA voter registration form. I've never actually used that address or given it out for anything before or since, and yet a year later I am still getting 3 or so emails a day showing up in my spam filter from that address.

To my knowledge not one of these spams actually came from the CA governement, but I can only infer that either they sold it, or there is some big public list of voter registration emails that spammers know about.

Re:Government Increased My Spam (1)

GigsVT (208848) | more than 11 years ago | (#5716371)

On any sort of paper form like that, if they ask for email, I never give it. I ordered checks from Current, which is a kinda spammy looking company, but they have cheap checks. I just put that I didn't have an email address.

morpheus generated spam (2, Interesting)

roalt (534265) | more than 11 years ago | (#5716298)

I have an own domain, so when I give away my email address I just put the name of that website before the @ (at) sign. All mail is forwarded to my real e-mail address.

I noticed some time ago I received a lot of spam from musiccity@, an e-mail address I provided for the once-popular peer-to-peer network morpheus.

The funny thing is, I just redirected this e-mail address mail towards sales@musiccity.com. It helped!

Avoid Spam Bots (1, Interesting)

ManyLostPackets (646646) | more than 11 years ago | (#5716307)

Their is like a zillion ways to thwart spam bots from harvesting e-mail. less cryptic ones like this one work good enough.

shows up as name@domain.com

<SCRIPT LANGUAGE="JavaScript">
<!-- NoSpam
user = "name";
site = "domain.com";

document.write('<a href=\"mailto:' + user + '@' + site + '\">');
document.write(user + '@' + site + '</a>');
// End -->
</SCRIPT>

perfect spam-filter (1)

dh003i (203189) | more than 11 years ago | (#5716321)

Maintain a list of those with whom you want to collaborate via e-mail. Tell your prog to only download e-mails from these people, and inform you of SPAM with a message, asking you to check the server. When you feel like it, you can check the server (if you want).

Alternatively, use SpamAssasin, which uses Bayesian filtering. Btw, if you're going to be throwing the term Bayesian filtering around, please at least find out what Bayesian Inference and Bayes Factors are, and maybe understand MCMC.

A good place to start is here:

http://members.tripod.com/~Probability/bayes01.h tm

Summarily, here's Bayes' Theorum:

P(A|B) = P(B|A)P(A) / summation { P(B|A)P(A) }

Simply put, Bayes Theorum is a way of altering existing hypothesis' (the prior) progressively given newly generated data.

Who wants to get rid of spam? (4, Funny)

ZaPhOd42 (60796) | more than 11 years ago | (#5716327)

I love spam!

Since I've had an e-mail address I've had my penis extended 6 times, my breasts enlarged 8 times, I own the worlds supply of viagra and, and I get to have hot teen sex every night with 18 year old nymphos!

And to top it all off I've just received £3498435784354085 from Senator Hamza Kalu from Nigeria just for opening a bank account! ;)

Opting out works huh? (1)

Xavier000 (449480) | more than 11 years ago | (#5716402)

According to the report opting out of spam emails actually works by and large.
What I would like to know, is whether this means that the company (that now knows your email address is valid) just stops sending spam, or if they also do not onsell your private details to other spammers.

My hunch is that while they may stop sending spam, they could put you on a list and sell your email address to other marketers. I don't think the report looked into that.

He's in trouble now... (0, Redundant)

AndyMouse GoHard (210170) | more than 11 years ago | (#5716451)

"For further information, please contact Ari Schwartz at the Center for Democracy & Technology, 202-637-9800, ari@cdt.org"

Hmmm... just after a section on disguising emails. Guess he'll need a new address soon:)

Bill

Re:He's in trouble now... (1)

AndyMouse GoHard (210170) | more than 11 years ago | (#5716458)

Can I mod my own post down as redundant?

Bill

CDW (1)

unix_hacker (136192) | more than 11 years ago | (#5716542)

I use a unique email address for each company I deal with on the net, and have been doing this for years. I've never received a spam to one of these addresses until recently. I got a spam to my cdw@ address which I use to deal with CDW. It was from a two-bit competitor of CDW's, so I seriously doubt CDW provided it. It was, interestingly, in the same state as CDW. My first guess is that a disgruntled employee left CDW along with its customer email list.

I contacted CDW requesting an explanation, and got no reply. Has anyone else had a CDW email address compromised recently?

(I got a spam to my WHOIS email address while typing this...)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>