Eliminate the spam!

[Genialnames]

I am receiving a lot of spam in one of my several accounts (the weird thing is that account belongs to a site I help to mantain and it is a pure no for profit positive initiative, just an ideal, perhaps the most advanced practical proposal for the development of an higher grade of counsciousness of the humanbeings , forgive the ecxess of presumption, isn't personal btw )----------------------------------now if anyone ask mee the URL I will tell .

going back to the topic:

First thing forgive my ingenuity but: what is the goal of the spammers?
These emails are subjected to filtering, noone read it at all and discard it if they pass the filters, so....could not even imagine what they get in change of the job they do, for much it is little work it cost time and the use of resources, so they aree anyway loosing time and money.....are those parasites stupid masochists?

Some consideration that can be useful to fire up the e problem.

As it is recommended to solve any problem focus on the solution instead of the problem. (I would add, after have well analyzed the nature and how the problem works)

I see that all the efforts made to fight the spam are in order to filter the spam messages, in other words not to solve the problem itself, instead just to put a patch on it,(just like traditional medicine :yell: )

That's is very convenient for software houses involved in the bussiness (isn't that like it is for many virus (digital and not, they send out the problem and then try to sell the solution?I am ready to bet on it, in part it is )

I have noted that many spam messages are sent from hot mail accounts, just the account is constituded by casual letters. now, if I am not wrong there is not way to create thousand accounts on public services automatically (except from within the real server itself).

Each account must be created manually, and each further account must be provided with fake data, otherwise it would be easy to go back to the person, and that would be a solution.

In other words in my opinion it is not possible to create thousand accounts on a server without the server 's administrators agreement and help

Other messages are send out from sites that have 3letters.com domain names.... isn't odd? It is a fact , most of these 3 letters domains are not much valuable in my opinion like qyh.com (name just invented now, sorry for the owner eventually) I can't argue the reason of that but all three letters domain names generally worth more than the average. Someting must be under that.

I have recently asked to my host some explanation, he answered to me that spammers harvest adress from servers and then they use these adress to spam .....in my opinion and for my experience this is eventually only part of the problem, spam sent out in such way must have the sender name match the account name. Again to me it is not possible to create an account outside the server (in facts I have never seen a new account in my root, if I eventually see an unknow one I would just delete it, then I would investigate on it and report to the police.

The same if I would be the owner or admin of hotmail or yahoo..... unless I approved it.


The spamming technology requires two elements in order to work
1) fake email accounts (otherwise again the problem would be even exist, knowing the identity of the criminal) from where to spam

2) email adressess to send spam to.

These two requirements involves the paricipation of other persons/entities and since noone works for nothing but only to have an advantage, the thing to understand is who are them?

IMHO being the thing apparently with no advantages (as mentioned at the beginning)there must be something else
a little bit more subtile, and perahps much bigger than what appears.

Until now I figured out a poor idiot in a room in front of a PC studing protocols, triks , writing code and do other nasty activities just to end up with a noisy and useless thing (the same how hackers are made to appears....unbelivable!) mmmm.just unbelivable and anyway for hoe much idiots there are around I hardly believe that the percent of them that own a so big technical knowldge and skill, and machins, multipl connctions , would st up such a gigantic and global problm....isn't?

Just to don't be misunderstud,
The intention of this topic it is not to say I have a solution, I have it not, not alone.
Instead it should be to start a discussion to better understand the situation, and for shure, if not to find a solution here (too much technically complicated for the audience maybe) for sure to not continue to be unaware of the real nature of the problem.

I dont' know if exist the spammers, I see the spam exist.

 

[Peter]

First thing forgive my ingenuity but: what is the goal of the spammers?
These emails are subjected to filtering, noone read it at all and discard it if they pass the filters, so....could not even imagine what they get in change of the job they do, for much it is little work it cost time and the use of resources, so they aree anyway loosing time and money.....are those parasites stupid masochists?

Their main aim is to harvest as many emails as possible. It makes their list have a higher value. To say that noone reads them is not exactly true. There have been high progile cases in the last year or so of people being taken to court regarding this matter and it comes to light they have been making millions. Even if 1% read and do what theemail says out of 40,000,000 that is still 400,000 sales.

Regarding the resources issue the majority of them do not use their own resources they use hacked servers, open relays etc.

I have noted that many spam messages are sent from hot mail accounts, just the account is constituded by casual letters. now, if I am not wrong there is not way to create thousand accounts on public services automatically (except from within the real server itself).

Actually alot of spam is sent out using faked headers so who it looks like it is coming from is not necessarily who it is actually coming from. You have probably received bounced emails in the past that you never actually sent (or people sending irate emails to you asking you to stop).

Other messages are send out from sites that have 3letters.com domain names.... isn't odd? It is a fact , most of these 3 letters domains are not much valuable in my opinion like qyh.com (name just invented now, sorry for the owner eventually) I can't argue the reason of that but all three letters domain names generally worth more than the average. Someting must be under that.

3 letter (and 3 char) domain names are worth more because of how short they are (and due to the fact they are rare, as soon as they drop they are gone forever now) not because as you suggest alot of spammers use them.

I have recently asked to my host some explanation, he answered to me that spammers harvest adress from servers and then they use these adress to spam .....in my opinion and for my experience this is eventually only part of the problem, spam sent out in such way must have the sender name match the account name. Again to me it is not possible to create an account outside the server (in facts I have never seen a new account in my root, if I eventually see an unknow one I would just delete it, then I would investigate on it and report to the police.

Your host is correct that is the easiest way for them to get them, other ways include from buying signups from sites (FFA sites are known for doing this). When sending emails there is no need for accounts to match what are on the server when using things such as open relays, also alot of servers do not check because depending on how the system is set up they like php to be able to send emails (which can be sent simply as NOBODY)

These two requirements involves the paricipation of other persons/entities and since noone works for nothing but only to have an advantage, the thing to understand is who are them?

IMHO being the thing apparently with no advantages (as mentioned at the beginning)there must be something else
a little bit more subtile, and perahps much bigger than what appears.

Read above, for the spammer this is a big thing they can make a fortune from it.

Until now I figured out a poor idiot in a room in front of a PC studing protocols, triks , writing code and do other nasty activities just to end up with a noisy and useless thing (the same how hackers are made to appears....unbelivable!) mmmm.just unbelivable and anyway for hoe much idiots there are around I hardly believe that the percent of them that own a so big technical knowldge and skill, and machins, multipl connctions , would st up such a gigantic and global problm....isn't?

Some people thrive on causing havoc, if that were not the case why would anyone write and release a virus or try and bring the internet down (this has happened a few times and was close to actully bringing the internet to a stand still before)

There is no real way to stop spam, you can only minimise the risk of getting any. Some spammers actually email every combination possible. A couple of years ago when I was on Telewest broadband (now called blueyonder) their email's went down for several days because a spammer on the BT network emailed EVERY combination possible for a telewest email account. As you can imagine that is literally millions of emails and it brought the email server to it's knees.

Some good safe guards for wexample are as follows:-

Never publish an email address on your web site (use forms only and if possible don't respond to the user use an online system of course this is not always practicle)
Never give out personal email address except to those that you trust.
Never use a real email address in newsgroups (for example google make these searchable and they show headers as well which include the from and to email address)
When submitting to search engines (especially FFA sites) use a throw away email address that you can get rid of anytime, preferabbly not on your own server. Even if the email address does not exist if the domain does it will attept to send it.

There are many more things that you can do but these are what I think are the main ones.

 

[Genialnames]

a lot of interesting informations, and also useful tips

There could be only three scenario for spammers to sussist.
1) as you say spammers makes a fortune, IMHO just some of them eventually would,since money should come out from selling something and that means someone produce these goods, in sufficient quantities to satisfy even huge requests ,and at production costs that should cover all the expenses, included the margin for the spammer.
This person or these persons would operate as free lancers or they are the same producers of these goods.

The third case would be just a kind of sabotage, but still in such case I cant believe that one would set up all the things necessaries to operate as spammer and spent money and time just to come up at the and to make someonelse to make profit on his work, especially considered that eventually this last one would belong to the same system to who the sabotage would be directed. The same concept it is even more evident it is a paradox applied to the hakers.
Who and why would anyone, that is sane in the mind, would do sometingh that, a part the cost and the risk involved, definitively brings even more advantages and power to those who are supposed to be the target to fight? (But it works perfectly at reverse!)
In the first two cases, spammers who act for commercial purposes, thats basically what it is, the responsability of course it is obviously belonging to the persons behind the product, nobody else, and it is not a secret.
By persecute them would mean to mostly eliminate the problem.
So if the situation it is like we all know it is just because the estabilishment (those persons behind it of course)they take an advantge from the whole situation, and , coincidence, in our days the IT is one of the fundamental column that own and control the "power" to impose their decision to the world (In the negative acception of the term power).
In such scenario you are perfectly right, it is not possible to eliminate the spam itself, just build some barrier against it. Otherwise it would be like to say to have resolved the problem of our sick society: a mental sickness.

IMHO

 

[Peter]

The majority of the time the spammer isnt actually the person selling the item. They have been contracted to send out the emails on behalf of someone else. You have probably seen the ads about and even received them yourself via email (I get them daily).

They offer to send out say 2 million emails on your behalf for free, then in the small print it says for non profit organisations only.

The main problem with fighting them is finding out who they actually are. The fact that they spoof the header means you cannot trust the header information in the email. Complainging to thatperson will not do you any good as they ussually have nothing to do with it they were just unfortunate enough to have been the ones used as spoofs. Also you cannot trust the source of the email as chances are it is either a compromised box or an open relay. You could complain to them and they may close the security hole or shut off the open relay but then the spammer just finds another and there are plenty for them to choose from.

Prosecuting spammers does not seem to work that well, have you ever got the email claiming microsoft spam. Well that is sent from a spammer that microsoft persued and had prosecuted as a spammer. Doesnt seem to have stopped him much.

http://www.boycottwatch.org/misc/spam01.htm

I agree with you something HAS to be done to fight spammers. They are not just going to stop there is too much money that can be made. 1 problem being how to stop the spam, if you block aftyer so many have been sent out you are at risk of blocking legitimate emails and also of letting so many spam messages actually leave (thats how some of the current spam lists work).

 

[Genialnames]

They offer to send out say 2 million emails on your behalf for free, then in the small print it says for non profit organisations only.

Grrr I have this one sent to me !
I am involved with a no for profit organization and considering make it more poular, but when I read they would send out 2.500.000 e-mails for me, I get irritated since I 've immagined that the organization image would have suffered from passing for scammers and I declined, they send me several emails in various account weekly.

header means you cannot trust the header information in the email

there is this technical issue , and it is like for the normal postage , it is easy send an anonimous letter to anyone. But in such case to stop these e-mails would be sufficient to block any e-mail containing a false header.
Of course on the other side there must be some kind of authentication in the mail system (from server to clients, embedded in the protocol) so that every e-mail that is not for scam purposes would be not filtered. The difficult part of that it is to be able to realize such system in transparent way for the users, or with very little disturb, and without limiting the individual privacy.

Prosecuting spammers does not seem to work that well,

Yes it is the same mine point of view. It is necessary but is not the solution, should be considered only part of a bigger and morfe comprehensive action plan.

risk of blocking legitimate emails and also of letting so many spam messages actually leave

True! That is very bad both fro who write and for who desn't receive it. To not count all the time wasted to set a decent set of filters,after have found the right tools, and have learned to use it, that is particularly complicated in case of many accounts that was set long time ago and now at risk.

Also should help to issue info campaigns targeted to the internet users to make them more aware of the nature of the problem, and some action too, for istance an invitation to never buy anything from spammers, boycot them, so no money no honey.



My ISP is a spammer! (not less then 10 emails day on a single account, I have 5).