Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Spam - Who Is To Blame For The Problem?

By fmaxwell in Op-Ed
Fri Oct 13, 2000 at 11:21:56 AM EST
Tags: Internet (all tags)
Internet

As a dedicated spam-fighter, I have been frustrated by the utter lack of cooperation from ISPs. Many seem determined to make it easy and safe for their users to spam. Spammers rely on ISPs to shield them from the irate recipients of their spam e-mail. What we need are pro-active ISPs.


Being a Virginia resident, I am fortunate enough to live in a state with an anti-spam statute (SB-881) on the books. While this statute allows me to collect modest damages from spammers (who forge header information), identifying the spammers is a practical impossibility. The problem stems from ISPs that will not release the identity of the spammer without a court order. The cost of obtaining a court order normally exceeds the damages that one can collect.

The ISPs claim that they are contractually obligated to protect the privacy of their clients. Well, who wrote the contract? We need contracts that say "By sending unsolicited commercial e-mail, you give up your right to anonymity and we will release any and all identifying information to those who request it." Let the spammer receive phone calls at all hours of the day and night, threatening letters, and lawsuits and they will give up spamming. After a few articles about spammers being persued, taken to court, and financially devastated, you'll find the spam problem drastically reduced.

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Related Links
o Also by fmaxwell


Display: Sort:
Spam - Who Is To Blame For The Problem? | 21 comments (20 topical, 1 editorial, 0 hidden)
Do people really fall for spam? (4.28 / 7) (#1)
by duxup on Fri Oct 13, 2000 at 07:51:16 AM EST

Here's a related question. I'm not sure if anyone here personally can answer it, but I've always wondered:

Does spam work?

Do people really send those people money for "the internet spy" software? Do they really go to those porn sites and buy memberships? What's the cost of sending spam?

I could understand it's popularity if it's cheep and some jerks might want to give it a try. However, if it is expensive then I would theorize that people really do make their $ back (or they wouldn't do it). Then it's even harder to believe that there's that many suckers out there who actually fall for spam.


Spam is so very cheap (3.33 / 3) (#2)
by Holloway on Fri Oct 13, 2000 at 08:00:25 AM EST

I haven't a clue as to actual costings, but I have perl scripts that automatically signup with Hotmail/Yahoo! and spam away. They can do several accounts at once and send dozens of emails/second even on my shoddy dialup (as i've tested on myself).

(no, i'm not a spamer - I'm writing some client email software that transparently uses webmail as storage)


== Human's wear pants, if they don't wear pants they stand out in a crowd. But if a monkey didn't wear pants it would be anonymous

[ Parent ]

[OT] Webmail as storage (none / 0) (#8)
by Morn on Fri Oct 13, 2000 at 09:03:23 AM EST

Couldn't you write a file system to work like this? It'd be slow, not-really-worth-it, and probably against service agreements, but it'd be interesting to see someone accomplish it.

[ Parent ]
Good idea... (none / 0) (#15)
by Holloway on Sat Oct 14, 2000 at 03:31:50 AM EST

I hadn't considered that. TODO for version 2 :)


== Human's wear pants, if they don't wear pants they stand out in a crowd. But if a monkey didn't wear pants it would be anonymous

[ Parent ]
[OT] Good idea... (4.00 / 1) (#18)
by Morn on Sat Oct 14, 2000 at 10:35:52 AM EST

The idea actually came to me from a comment a while ago on 'The Other Site'. His idea was a 'mail bounce file system', where you'd packet up file-system data and send it to a non-existent email address. When it got bounced back, you'd just email it to the same address again, thereby storing all your data 'on the Internet' without actually having it stored at any one precisely locatable point. Of course, it's not practical (it's /eat/ bandwidth, and probably rather annoy the people running the domain you were bouncing your data against), but it caught my interest nonetheless.

[ Parent ]
I've gotten the greatest things from spam! (3.33 / 3) (#5)
by Defect on Fri Oct 13, 2000 at 08:34:43 AM EST

I've won a "$500 Gift certificate or a Digital Camera"

And i got this from some clear minded soul

"Look, we don't want to waste your time...or ours
You must be determined to earn a bare minimum of $10,000 in the next 30 - 45 days"

And boy! Am i determined!

I've also cut my credit card bills by 60% thanks to spam!

Spam has helped me "Capitalize now!" and "Receive a FREE vacation!!"

I don't know what i'd do without my "Secure offshore bank account." Thank you Spam!


(these were all taken from a days worth of email from my spam-only email address)
defect - jso - joseth || a link
[ Parent ]
Little profit, high costs (5.00 / 1) (#7)
by pw201 on Fri Oct 13, 2000 at 08:57:58 AM EST

Do people really send those people money for "the internet spy" software? Do they really go to those porn sites and buy memberships? What's the cost of sending spam?

The feeling on news.admin.net-abuse.email was that the only people making money on spam are the folks selling the address lists to gullible people who think they'll make money using them to spam.

The costs of spam to the spammer are minimal. The costs to the folks who have to clean up after them are greater. For example, I got a couple of messages frozen on the queue the other day because they were spam to a non-existent address on my machine with an empty SMTP envelope from address (so they looked like bounce messages). If I was postmaster of something more than the 3 people in my house, I'd have got a whole lot more of these. If the admin turned off the warning mail to postmaster in this situation they might miss a real mail problem. (As it is, I've turned on recipient verification at the SMTP transaction stage, so it'll become Demon's problem. Maybe they'll start running the RBL or something :-)

[ Parent ]

Bzzzt, wrooong. (1.16 / 6) (#4)
by ksandstr on Fri Oct 13, 2000 at 08:30:23 AM EST

"Eeek, spam problem, panic panic blame blame blame" - yeah, right, as if blaming the ISPs or whoever would help any.

The thing is, we can't just pin blame on someone and then say that "it's their fault, so they must fix it". That may be the american way, but it sure won't get anything done. Things like the MAPS RBL are much better.



Fin.
Bzzzt yourself. (none / 0) (#14)
by fmaxwell on Fri Oct 13, 2000 at 03:38:20 PM EST

No one is panicked or yelling "Eeek". Determining blame is what grown-ups do in order to figure out who should correct a problem and how.

MAPS RBL may be useful but it ends up hurting individual users. Sue starts getting bounced e-mail because her ISP's mail server is on the RBL. All she knows is that her e-mail bounces and those bounces could be job applications, business-related, etc. That's your idea of how best to solve a problem?



[ Parent ]

Done there, been that. (4.62 / 8) (#6)
by eann on Fri Oct 13, 2000 at 08:57:07 AM EST

I've been the guy at the ISP who investigates the spam complaints. Sure, it was a smallish ISP by comparison (only a few thousand customers), but we had our share. I, personally, abhor spam. I had an account once (in the days before SpamCop) that averaged about 1 MB per day at its peak. I reported every one that I could trace, and complained to the postmasters of machines that forwarded messages without proper logging.

No. This isn't the answer.

The ISPs do have an obligation to protect their customers' privacy, even if the customers are jerks. I hate to rely on the slippery slope here, but what happens when something else gets considered a nuisance? People who surf for pr0n really annoy that sector of society that feels it's important to control everyone's morality; since ISPs route the traffic, could they figure it out and give out (or charge for) the list? Should I have access to the personal information of Napster users because they clog up the bandwidth pipes I'm trying to use to do schoolwork (going through 2 college networks--oy, vey!)? Should the RIAA?

For the most part, spammers are simply uneducated about the ways of the net; a nastygram from the system administrator often gets them back into line. Why does this kind of spam keep happening? Because there are more newbies every day.

Granted, that doesn't get rid of the career spammers. Ask Sanford Wallace or Canter and Siegel if giving out their real names, addresses, and phone numbers deterred them. If anything, I think they like the attention. And the lowlifes who go trolling newsgroups and web sites for email addresses are probably not dumb enough to send the spam themselves anyway; they make more money selling their lists to others.

Our scientific power has outrun our spiritual power. We have guided missiles and misguided men. —MLK

$email =~ s/0/o/; # The K5 cabal is out to get you.


Customers or criminals? (5.00 / 1) (#12)
by fmaxwell on Fri Oct 13, 2000 at 03:15:08 PM EST

I can't believe the age-old "simply uneducated about the ways of the net" argument. Right. He hunted down a package to send spam. He located an open relay in Japan. He forged the originating domain. He forged the e-mail address of the sender. He created throwaway e-mail accounts on Hotmail and mail.com for removes and replies. He set up a web page on some other service that the spam points the reader to. So why did he do this if he was unaware that what he was doing was wrong?

Then we have the "privacy" argument. When a person is violating a state anti-spam law, it is a crime, not a "nuisance." People who protect the "privacy" of these spammers are aiding an abetting them. Claiming that this is even roughly akin to revealing the identity of people who surf porn sites or use Napster is ludicrous.

Again, it's up to the ISPs. If they want to cut down on spam, they will write contracts allowing them to divuldge the identity of spammers.

[ Parent ]

Re: Customers or criminals? (none / 0) (#20)
by eann on Tue Oct 17, 2000 at 04:19:00 PM EST

Well, in 1996, "uneducated" was a better argument than it is today. But it's still valid.

The mythical "he" likely didn't do anything but get spam advertising spam software (the worst kind of spam, of course), and the software did the rest. Don't believe me? Go looking for some yourself.

There are still relatively few anti-spam laws, and the ones that do exist are often vague. There are, however, many consumer privacy laws, and until it's proven that a person violates the law, he's still a customer, not a criminal.

Our scientific power has outrun our spiritual power. We have guided missiles and misguided men. —MLK

$email =~ s/0/o/; # The K5 cabal is out to get you.


[ Parent ]
Criminals. (none / 0) (#21)
by fmaxwell on Sun Nov 26, 2000 at 08:24:33 PM EST

Defrauding ISPs via open relays is a crime. It is theft of services and a violation of the Computer Fraud and Abuse Act. I live in Virginia. There is a clear law on the books against spamming. Therefore, people who send me spam via open relays or in violation of Virginia's anti-spam law are criminals, not "customers."

Are you seriously trying to say that there is software out there that will create throwaway e-mail accounts on multiple e-mail services (for replies, remove requests, etc.) and will violate the acceptable use policy of your ISP without you having any idea that it is happening. I think not.

[ Parent ]

Why the conventional spam-fighting methods suck (4.50 / 2) (#9)
by Sheetrock on Fri Oct 13, 2000 at 10:22:33 AM EST

I've never given out my e-mail address publicly. My friends and coworkers know to bcc: rather than cc: me to keep from spreading my address to people I don't know. Yet I still periodically get unsolicited commercial mail in my box.

How does it work? The name on my e-mail address could be considered a dictionary word. Some spammers actually take dictionary files and dump a probe message to every word in the file at a particular internet site and record the messages that don't bounce.

I've got the IP of the spammer. He's done it twice from the same ISP in four months (some dialup in Florida according to the IP in the headers)... an ISP that has yet to give me a response to any of the messages I've sent notifying them about this problem. They obviously haven't taken steps to ensure that the same person couldn't use them after being kicked off, and for all I know they filed my letters in /dev/null. Other ISPs who have responded to me in the past have done things like given me assurances that 'a friend of the account holder used the account without her permission and that the holder would see that it wouldn't happen again'.

Even the ISPs that are supposedly anti-spam and actually investigate and kick the spammers tend to be fairly worthless. I received the same spam from (I presume from the format of the headers) the same spammer from an AOL account no less than six different times over the span of approximately seven months. Logically, if the spammer is selling a 'product/service' that nets $20 or $25, and they can pump 100,000 messages out in a night, and I alert the ISP immediately after receiving a message, the odds are that most if not all of those messages (and probably another batch) are going to get out before the ISP, even moving at heroic speed, can shut down the account. The ISPs have no real incentive to stop the spammers, because they can afford the bandwidth drain and still make a profit if they're getting $20-25 every other day from the vicious cycle of spammer buys account - spammer spams - ISP pulls account - spammer buys account - spammer spams...

It's just the rest of us that get screwed.

Small claims court. (3.40 / 5) (#10)
by www.sorehands.com on Fri Oct 13, 2000 at 11:02:24 AM EST

Some small claims court provide a method for discovery.

Once you have discovery, you can serve a subpoena on the ISP.

Some courts will permit a "John Doe" suit. Otherwise, you can include the ISP, and then ammend the complaint once you have the real name.

Some ISPs are very willing to provide the information, when served with a subpoena. They will honor, a foreign (meaning out of state) subpoena without having to have a local court issue it.

I suspect that if a few spammers are sued out of business and put in jail, spam will go down.

BTW. There was a case where the Washington Anti-spam was held not to be enforcable.

This is not legal advice until: 1. I go to law school; 2. I pass the bar in your state; 3. your retainer check clears.



------------------------------------------------------------------------------
http://www.barbieslapp.com
Mattel, SLAPP terrorists intent on destroying free speech.
-----------------------------------------------------------

Are you serious? (none / 0) (#13)
by fmaxwell on Fri Oct 13, 2000 at 03:28:47 PM EST

I am an individual. If someone spams me, I can get something like $25 or $50 under the Virginia anti-spam law. Great, so I take a day off of my consulting work, burn up the potential award in about 30 minutes, and spend my day in court to get a subpeona. That's about $150 court costs, I believe. After that, the ISP may reply that the spammer gave a false name and address. If not, I get a court data at which the spammer will not appear. Then I get a judgement I can't collect.

I prefer to call the bastard at home at 3:00AM and tell him to not send any more spam to me. Yes, I have done this on rare occasions where I find the spammer's name and number. No, I don't think it's wrong. He contacted me via e-mail without concern for whether it disturbed me, cost me money, wasted my time, etc. Turnabout is fair play.

[ Parent ]

Harrassing Spammers (none / 0) (#17)
by Delirium on Sat Oct 14, 2000 at 06:10:46 AM EST

I prefer to call the bastard at home at 3:00AM and tell him to not send any more spam to me. Yes, I have done this on rare occasions where I find the spammer's name and number. No, I don't think it's wrong. He contacted me via e-mail without concern for whether it disturbed me, cost me money, wasted my time, etc. Turnabout is fair play.

First of all, calling someone at home at 3:00AM and sending them an email are not even close to analogous. One immediately disturbs the person in the middle of something (in this case, sleeping), while the other may possibly take 3 seconds of their time when they next read their email. Unless this spammer somehow wakes you up and 3:00am and makes you read his ad then I don't see the justification.

Furthermore, I disagree that "turnabout is fair play." Committing a crime as some sort of retribution for another (in this case, more minor) crime is never justifiable. Someone sending you unsolicited email is certainly not justification for harrassment.

[ Parent ]

Getting the net access is getting too easy... (3.00 / 1) (#11)
by WWWWolf on Fri Oct 13, 2000 at 01:50:23 PM EST

From the pure subject-line point of view... well, ahem, we can blame the search engines of the spam. Say someone wants to know about something. They don't find anything, so they go spam Usenet to get replies. If search engines would work better, there would be no spam.

Oops. That was the Usenet kook organization ("New America" or whatever it was called) reply. Sorry. Got my papers mixed up.

There are problems in the ISPs. I think it's great that it's possible to get into the Internet for free with only monthly charges, but the offside is that the ISPs send those free CDs like candy - spammers just get a free account, spam away, and disappear like a bad smell to Sahara. It's like the "GSM Easy" packages the local phone company is selling. Buy a SIM card for your cell phone, talk until it's used up - and since no one asks for papers when you buy one, guess who's using those cards most? Yeah, the drug dealers.

Maybe "getting into the Internet" is too easy - you have the point there... At least the ISPs should take the spam very very seriously. I'm glad the local ISPs do that and spammers get spanked...

(ObTechnologyCultureTrenchStuff: Recently the local Green Party had to officially tell in newsgroups that they Do Not Like Spam. One of the municipal election candidates had spammed Potential Voters and they had a lot of explaining there...)


-- Weyfour WWWWolf, a lupine technomancer from the cold north...


Double Standard for Privacy (4.33 / 3) (#16)
by Delirium on Sat Oct 14, 2000 at 06:01:51 AM EST

It seems that the majority of the technically skilled people have a double standard for privacy online. On the one hand, they feel that privacy is extremely important - even more so, perhaps, than laws. If Slashdot, for example, were to give out without a court order personal information on people who reposted (in an incident several months ago) some Microsoft copyrighted material to the site (obviously a crime), people would be quite upset. On the other hand, the same people want ISPs to give out personal information about people who have been accused of spamming (a more minor crime than copyright infringement) without any sort of court order.

I personally would rather err on the side of requiring a court order for any disclosure of private information to a third party, regardless of the reason.

The ISPs (3.00 / 1) (#19)
by CentrX on Sun Oct 15, 2000 at 02:37:50 PM EST

I think the ISPs are a BIG problem. I reported every spam I could trace and I still recieved that same spams from the same people at the same ISP. They were never kicked off the systems and they certainly weren't prevented from coming back on.
-- "The price of freedom is eternal vigilance." - Thomas Jefferson
Spam - Who Is To Blame For The Problem? | 21 comments (20 topical, 1 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!