Back to previous post: Fans and fires

Go to Making Light's front page.

Forward to next post: Groundlings

Subscribe (via RSS) to this post's comment thread. (What does this mean? Here's a quick introduction.)

October 29, 2003

Die, die, die, die, die
Posted by Teresa at 12:51 PM *

I just mucked over seven hundred pieces of spam e-mail out of my in-box, almost none of them for legitimate businesses. This is the stuff that got through my filters and my ISP’s very good filters.

Why isn’t it legal to track down spammers and shoot them out of hand?

Comments on Die, die, die, die, die:
#1 ::: Xopher ::: (view all by) ::: October 29, 2003, 12:55 PM:

Would any jury of your peers (i.e. people with email, preferably bloggers) convict you?

#2 ::: Erik V. Olson ::: (view all by) ::: October 29, 2003, 01:11 PM:

Why isn't it illegal to track down _____ and shoot them out of hand?

You are more that welcome to fill in the blank, so long as you understand that other will be filling that blank as well.

#3 ::: pericat ::: (view all by) ::: October 29, 2003, 01:19 PM:

They'd still arrest you, same as if you'd killed a real human being. -- Anne Cameron

#4 ::: Jaquandor ::: (view all by) ::: October 29, 2003, 01:28 PM:

I plan to take out a large bounty on spammers, just as soon as I get my windfall from the little service I'm performing for the exiled President of Nigeria.

#5 ::: Dan Layman-Kennedy ::: (view all by) ::: October 29, 2003, 01:36 PM:

What worries me is that my spam is starting to get weirdly personalized. Since I started posting on the NaNoWriMo boards this month, I've gotten at least three emails from outfits offering me the opportunity to become a - what's the phrase from Foucault's Pendulum? - ah, "Self-Financed Author." (This morning was from Alibris. Even if Alibris didn't feel like a vaguely oily outfit in the first place, the fact that they spammed me would've been the nail in the coffin. Do spammers not realize this? Or is the sucker-to-sensible ratio so high that they can still turn a profit from this nonsense? I shudder to think.)

But, but... Seven hundred? I'd say that's more than enough just cause to commence with the burninatin'.

But see if you can make them read this first.

#6 ::: Charlie Stross ::: (view all by) ::: October 29, 2003, 01:48 PM:

I'll take your 700 spams any day ...

I used to use a dialup account, and because it got switched to freebie status after I did some work for the ISP it's still there. I usually run a script that uses it as a spam honeypot, feeding spam into the Vipul's Razor database. There have been no outgoing posts from that account for nearly five years, now.

Last month my server nearly fell over (thank you, Swen-A worm) and the honeypot script stalled. I got back to it after a month, to find 10,650 spams waiting for me.

#7 ::: Mike Booth ::: (view all by) ::: October 29, 2003, 01:52 PM:

Out of curiosity, which filters are you using? The Apple Mail spam filter (which is a trainable, Bayesian filter) chops out most of my spam. I get perhaps 100 spams a day, on average (Friday and Saturday are peak days) and only about 5 of them end up in my Inbox. There are odd gaps in my filter's logic (even after my 10,000th Home Refinance spam, they still seem to end up in my Inbox, for whatever reason) but it's still manageable.

The question I'm always asking myself is: is my spam still manageable because I have a better filter, or am I just "lucky" (i.e. "insufficiently famous")?

#8 ::: Rachael HD ::: (view all by) ::: October 29, 2003, 02:07 PM:

I used to get NO spam at work, I foolishly attributed this to the general honor (?) among spammers realizing that teachers and students in public school settings were not appropriate targets. That honey-moon appears to be over. Any one want great deals on overpriced outdated computers or discontinued text books? At least the wee-wee enlarging spamers seem to avoid .k12.us addresses.

#9 ::: Yonmei ::: (view all by) ::: October 29, 2003, 02:23 PM:

Do spammers not realize this? Or is the sucker-to-sensible ratio so high that they can still turn a profit from this nonsense?

No. Apparently the sucker-to-sensible ratio is extremely low, and, I'd guess, falling. As I'm sure you already know, spammers operate on the basis that it costs them almost nothing to send out a million e-mails. If just one sucker responds and pays them 50 dollars, the million spam are more than paid for, and every sucker after that is clear profit. You don't need very many suckers to make a living.

I'd guess that the number of suckers who respond to spam is falling simply because the amount of spam being sent is rising. I suspect that spammers are finding they have to send out more and more spam to net a profitable number of suckers. One plus is that I no longer regularly get the offers to send me mass-marketing e-mail software and/or CDs with a million guaranteed e-mail addresses (they haven't entirely disappeared, but they used to be a daily occurance).

Adverts for porn sites, though, are going up. As are adverts for Viagra and penis-enlarging stuff. The best subject-line I ever heard of, though, was "Increase the size of your penis broth". Cockery and cookery in one easy spam...

#10 ::: Teresa Nielsen Hayden ::: (view all by) ::: October 29, 2003, 03:26 PM:

Got it, Yonmei. It must be an ad for this stuff.

#11 ::: Sumana ::: (view all by) ::: October 29, 2003, 04:30 PM:

You may be interested in The Spammer's Compendium, listing spammers' tricks and rating them.

#12 ::: Skwid ::: (view all by) ::: October 29, 2003, 04:46 PM:

Considering my various (though rarely nefarious) *net activities and my *never* having munged my address for public forums, I get a relatively small amount of spam. Actually...I have no idea what the real number is, but I get roughly 20 or so a day, which really isn't bad at all. As a plus, ubiquitous filtering has made it such that spam Subject/Author fields have gotten so bizarre now that I almost never have to see anything other than those fields to identify the missive as spam, and can quickly delete it.

Lately, I've been getting a lot of prescription drug spam, some Nigerian Scam spam, and the occasional missive regarding my genitals. I haven't seen much porn spam in a while, though.

#13 ::: Paul Hoffman ::: (view all by) ::: October 29, 2003, 05:17 PM:

>Why isn92t it legal to track down spammers and shoot them out of hand?

Because spammers develop ways to hide behind innocent victims more easily than probably any other kind of criminal. See "joe job".

#14 ::: Randolph Fritz ::: (view all by) ::: October 29, 2003, 05:28 PM:

We need to get that ole invisible hand on the job...

#15 ::: Edward Liu ::: (view all by) ::: October 29, 2003, 05:38 PM:

Howdy,

It's poor consolation, but there's a site that collects Nigerian Spam tales at http://www.scamorama.com/ . Apparently, there are lots of easily amused people out there who take great pleasure at stringing along Nigerian spammers in a variety of ways. Most amusing are the ones where someone manages to scam the scammer out of something of value.

Sometimes, I think of sending an e-mail to a Nigerian scammer (they went away for a while, but they're beginning to come back now) saying I'd love to participate, but all my funds are currently tied up with similar plans from (list 4 or 5 of the other scam e-mails).

-- Ed

#16 ::: Scott Lynch ::: (view all by) ::: October 29, 2003, 06:26 PM:

I had a great deal of fun with several Nigerian scammers by responding to their spam with mail from a different Yahoo! account. Introducing myself as "M. Messervy of Universal Exports," (uexports-m@yahoo.com), I told them that I would be delighted to assist them in any way possible and that I was putting my top man, James, on the case right away. A day or two later, new mail from "J. Bond" (uexports-jb@yahoo.com) would start to ask all sorts of leading questions and drop hints about beautiful women and exotic locales.

Inevitably, when the bastards (These guys aren't gentle pranksters, folks; they'll physically assault any mark dumb enough to get on a plane to a "meeting location" with money in hand) copped to the fact that they were being toyed with, I was cautioned NOT TO TELL ANYONE!!!! AN EYE IS UPON YOU, WALK AWAY IT IS MOST DANGEROUS TO CONTINUE!!!!

Not quite as artistic as the guy who pretended to be Randolph Carter, and no use against general spam, but a modestly rewarding little game nonetheless.

#17 ::: Dave Kuzminski ::: (view all by) ::: October 29, 2003, 10:54 PM:

I think it depends upon which hand. However, even if you choose the correct hand, can you seriously afford that many bullets? ;)

#18 ::: dragonet2 ::: (view all by) ::: October 30, 2003, 12:15 AM:

Michael Booth, our (I HAVE THE SAME FILTER) is wonderful. You do occasionally check before you ditch out the trash / junk mail file to make sure you don't ditch something that's a necessary email). And until my company was bought and changed our email addresses, I was receivingf up to 200 emails a day for everything from 'increasing the size of my package" (penis) to "finding those excitable co-eds."

When I got ready to go to Toronto for worldcon, I emailed our web email=master and said, "we need to put a stop to this because at the current rate, after being out of office for 10 days, I could have upwards of 15,000 emails, 99.9% of which I do not need to even see. What can you do about that?"

He said, "Can you cut off the @atwood email." And I said yes, all my CLIENTS have my home and new WORK emails as well as my cell, work and home phone. So he did. And my work spam went to 0,

On my home email, I get about 20 a weeek, but they go into the "junk' folder before I have to read them. I like that.

Paula Helm Murray

#19 ::: Elaine ::: (view all by) ::: October 30, 2003, 10:47 AM:

I just decided to abandon an email address that I had for over eight years. I get approximately 200 junk mail there a day. I have replaced it with a "public" email address for my website and for leaving with comments, a private one, and several dedicated to getting discussion list mail.

I am really, really pissed that I have to do this, but my old address is on every spammer's list in the universe, because I had it before there was such a thing as spam.

#20 ::: Dave ::: (view all by) ::: October 30, 2003, 12:31 PM:

I'm using Popfile and SpamAssassin on my home Linux box, and I'm deliriously happy with the combo. I aggregate 5 or 6 different e-mail accounts with fetchmail, run all of them through those things, and then get all mail via Eudora and Mail.app on my Windows and Mac workstations. PF and SA together are significantly better than either individually. I catch about 80 spams a day - maybe 1 or 2 spam a week get through (and decreasing as bayesian systems learn) with one righteous email getting caught in the last six months. I have effectively no spam problem anymore. Nonetheless I am still going to decommission my longlived address that used to be posted to web pages and is now spammed frequently.

#21 ::: sennoma ::: (view all by) ::: October 30, 2003, 04:30 PM:

My internet pal and all-round good guy Brad has been keeping count: 90,947 unsolicited commercial messages since Jan 01 this year.

#22 ::: Greg ::: (view all by) ::: October 30, 2003, 04:42 PM:

Most spammers apparently live in Boca Raton, Florida. A convenient hurricane might alleviate our problems considerably.

#23 ::: Dan Layman-Kennedy ::: (view all by) ::: October 30, 2003, 06:29 PM:

Most spammers apparently live in Boca Raton, Florida. A convenient hurricane might alleviate our problems considerably.

I'm on it. I'm almost convinced it as my opening-on-Halloween production of The Tempest that called down Isabel on DC... that leaves tonight's dress rehearsal to recalibrate the distances...

#24 ::: bryan ::: (view all by) ::: October 31, 2003, 05:45 AM:

one of the main problems with such a high number is of course that you have got to download the email before you can start deleting it, I believe there are various tools that solve this problem.

I use a scripting language called Rebol for such administrative tasks, www.rebol.com, and there is a free script that allows you to look at the emails on your account without downloading, and deleting the ones you don't like.

these scripts are available from http://www.agora-dev.org/forums/view.php?bn=rebol_prjnvxprod&key=1061826280

and the version of Rebol that you would want, which is free for personal use, is at http://www.rebol.com/view-platforms.shtml

writing ones own small scripts to deal with unwanted email annoyances is often a matter of a few lines with Rebol, as can be seen here:

http://www.rebol.com/docs/core23/rebolcore-13.html#section-10.2


hope no one takes offence at this info, I just find it to be a particularly helpful tool for working with email. I am not affiliated with RebolTech in any way, other than as a satisfied user of their product /end-shill :)

#25 ::: Kathryn Cramer ::: (view all by) ::: October 31, 2003, 09:43 AM:

one of the main problems with such a high number is of course that you have got to download the email before you can start deleting it, I believe there are various tools that solve this problem.

I still use good old-fashioned Pine for my email, which means I _don't_ download before deleting. As time goes on, Pine is looking better and better. (It also seems to be impervious to most viruses sent by email.)

#26 ::: Alan Bostick ::: (view all by) ::: October 31, 2003, 03:29 PM:

Kathryn Cramer: How fortunate for you that you have a shell account and know how to use one. The vast majority of Internet users get their mail off a dedicated server using a client on their PC.

Unless one's ISP is sufficiently decent as to run SpamAssassin or its equivalents, one is reduced to doing some kind of client-side filtering. (Even bryan's rebol scripts constitute client-side filtering, although they do avoid the need to download bulky attachment spam and virii.)

Which brings us to a point we've been overlooking: Suppose some huge percentage of the Internet-using population uses effective spam filtering, and only a fraction of the people who don't will actually respond to the spam they receive.

Then spammers will be sending colossal quantities of traffic, most of which gets deleted on delivery. People like us won't see it, because we're smart enough to use smart filtering. But it still gets transmitted, still ties up backbone bandwidth, still demands the attention of the SMTP servers through which our email passes before it lands in our smart Bayesian filters.

How long will it be before the tide of spam rises to the point of being a vast distributed denial-of-service attack on every mail server on the Internet?

#27 ::: Andrew Brown ::: (view all by) ::: October 31, 2003, 03:48 PM:

I really believe that the only long-term answer to spam is charging some small amount for emails. The system has to bye voluntary: all the charge buys you is the assurance (for recipients) that you have paid tohave your mail sent through the charging server. Again, there can be any number of such things. Let reputation sort them out. A filter at the far end -- and preferably at the ISP -- simply throws away all mail which has not been through this system, or does not come from a (small) list of known good mailing list servers. Again, you choose your own mailing lists. I posted something about this in my Guardian column, though it is not in the least original.

But the principle has to be sound. If it's not worth one eurocent to you to tell me something, I cdon't want to hear it. End of spam.

#28 ::: Graydon ::: (view all by) ::: October 31, 2003, 04:26 PM:

Well, actually, no, not the end of spam, and at least very considerable damage to the social and academic utility of email.

The mail has an indication attached to it that this nominal fee has been charged; this indication can -- certainly would be -- forged.

The only sufficent technical fix for spam is absolutely ironclad cryptographic handshaking throughout the entire transmission chain in combination with reliably unique ids for senders. Such an infrastructure could be built; it would destroy any possibility of privacy for anyone, but it could be built.

It would seem to be much less expensive to criminalize spam, and to actually arrest the people involved. The only expense there is the recognition that abolishing direct marketing is the Right Thing To Do.

#29 ::: Jeremy Leader ::: (view all by) ::: October 31, 2003, 05:22 PM:

Graydon, you could still have services which allow the sending of anonymous email, as long as there's some way to pay them anonymously.

That is, this proposal doesn't prevent you from setting up an account with some ISP, giving them a bag of cash, and sending mail through them.

ISPs that allow anonymous accounts are of course then a possible choke-point for anyone who wants to crack down on anonymity, but that's to some extent already true (look at the history of anonymous remailers).

#30 ::: Andrew Brown ::: (view all by) ::: November 01, 2003, 04:45 AM:

Graydon, there are -- I think the name is Tripoli -- proposals for cryptographically secure ways to check that the mail has indeed passed through one particular authenticating server, wcich is all my proposal needs.

Criminalising spam will only work if it is done on a global basis. That's not going to happen. It is or shortly will be, criminal within the EU. That hasn't done me any good.

As for the damage done to academic email -- there are lots of technical fixes possible. mass mailing lists could be replaced by RSS feeds or gated news servers. I read high-volume mailing lists through a news server anyway. That makes much more sense as an interface. And they are, at the moment, surprisingly free of spam. they're very easy to set up.

All this seems to me a lot easier and more practical than persuading corrupt governments like that of the Ukraine -- or Florida -- that they should do the right thing by us.

#31 ::: Mez sees comment spam, partly in Polish? ::: (view all by) ::: June 15, 2004, 03:37 AM:

Same as on Electrolite

#32 ::: Teresa Nielsen Hayden ::: (view all by) ::: June 15, 2004, 04:03 PM:

Oh, bugger. Let me go fix that.

Thanks, Mez.

#33 ::: Teresa Nielsen Hayden ::: (view all by) ::: June 15, 2004, 04:04 PM:

Oh, bugger. Let me go fix that.

Thanks, Mez.

Choose:
Smaller type (our default)
Larger type
Even larger type, with serifs

Dire legal notice
Making Light copyright 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2015, 2016, 2017 by Patrick & Teresa Nielsen Hayden. All rights reserved.