|
|||||||||||
PREVIOUS PAGE • SUBSCRIBE TO THE NEWSLETTER • CLIENT LOGIN Nuke that spammer4TH IN A SERIES OF 5 Let's get one thing out of the way at the top: I'm totally in favor of marketing and advertising. Much of what I do involves marketing and advertising. These activities are good when they're conducted by ethical people. Spam is not ethical. It usually involves the use of stolen SMTP (simple mail transport protocol) services. In many cases, the offers are fraudulent, illegal, or questionable. Virtually every ISP and most Web hosting organizations have terms of service (TOS) that specify what users may not do. The TOS usually forbid spamming (either e-mail or newsgroup) and "spamvertized" Web sites. The user who violates the TOS faces loss of account and loss of Web site. While sending spam violates virtually every Internet service provider's TOS, it is not illegal in most jurisdictions. Where it is illegal, the law cannot reasonably be enforced. But spammers won't lose their accounts until you complain. Their Web sites will remain open if you remain silent. We pay for the Internet. Spammers steal from us. Stopping the vermin is up to us. Do not reply!Under NO circumstances should you ever reply to a message that offers to remove you from the list. Never! You are not dealing with ethical homo sapiens. You are dealing with con masters, bunko artists, and pathological liars. If you reply to a spam, you simply VALIDATE your address. The spammer now knows that your address is a live one. You will simply receive more spam. Why spam existsBecause it works. Not well, but it works. If someone has to pay to send messages, the response rate becomes very important. If you don't have to pay to send a message, and spammers don't pay because they typically steal everything they use, then the response rate doesn't matter. If you send out 1,000,000 messages and 0.01% respond that's 1000 orders. If you're selling something for $20, that's a quick $20,000 for little or no investment. Particularly when what you sell for 20 dollars costs 20 cents to produce and 33 cents to mail (presuming you send anything at all). It's not uncommon for spammers to send nothing at all to people who send them money. Some of the worst spammers operate "pump-and-dump" stock schemes. The cost of spam is paid by Internet backbone operators who have to transport the junk, by ISPs who have to store it, and by consumers who have to waste their time opening it. Education is the answer. When people understand why spam is bad and understand who they should complain to so spammers' accounts can be found and nuked, the problem will go away. It will not be legislated away. Some say "The absolute best thing you (and everyone) can do is to DELETE (or ignore) it." Well, I strongly disagree! The way to stop this crap is to make the spammer's life so miserable that he or she will stop. If someone sneaks up onto your porch every morning and steals your newspaper, is the best solution to just forget about it and buy another copy? I don't think so. If everyone simply deleted spam, eventually the network would slow to a crawl because there would be so much junk e-mail. What happens then? Well, ISPs will buy more (and faster) mail servers and better connectivity for the servers. Who will pay for this?Since nobody would be complaining, spam would continue to multiply until it clogs the new servers and connections. Educate ISPs. Educate spammers. Treat the cause, not the symptom. It's just thieverySpammers are thieves, plain and simple. If even 10% of the people who received a spam tracked down the ISP the spammer used for e-mail or the Internet presence provider (IPP) for the spammer's Web site and complained, spammers would be forced to find an easier line of work. NOTE! Since some IPPs are in cahoots with spammers, you may have to complain to the upstream provider. It's not rocket science. Examine the spam's headers. Find where the message came from and complain. If there's a Web site involved, complain. I've managed to get numerous e-mail accounts terminated and several Web sites shut down. This can cost the spammer some cash (besides causing orders to be lost). If you want to see spam continue to proliferate, just ignore it. If you want it to go away, be a pain in the ass to spammers. The thieves will get away with it only as long as we allow them to. How spammers get your addressEver see an ad for 15 million "verified" addresses? Spammers have long lists of common names (I would never have thought "blinn" to be a "common" name) that they couple with each letter of the alphabet (ablinn, bblinn, cblinn, and so forth). They then couple the result with all the common domain names (aol.com, att.net) and all the obscure domain names (blinn.com, procomp.com) that they can harvest from the Web. They send mail to each address. If somebody is trusting enough to reply to the "We honor requests to remove your address" link, the address is immediately verified and will receive junk until flying pigs are made into silk purses while flying over Hell's frozen landscape. These addresses are valid. If the mail generates an error message, the spammer knows that the address isn't valid. (Oxymoron alert!) Ethical spammers will remove these addresses before selling the list. If the mail doesn't generate a response or an error, it can be assumed that the message was delivered somewhere. Computers, of course, make this process very easy. If you want to generate fake bounce messages, check out "Bounce Spam Mail", freeware from a Canadian programmer. The program lets you pretend your address is invalid and may convince spammers with elevators that don't go all the way to the top (most of them) that your address doesn't work. To find the program, search for "bsm18.zip" by Albert Yale. NOTE: SpamKiller (see below) now offers this feature. Eliminate dictionary cracksThe user name bblinn seems to be easy to find because apparently Blinn is in the "top 500" names. If I'd used wmblinn or billblinn, it would take them several more years. I think they'd get wmblinn first. An address like william179blinn would be virtually impossible for anyone to construct but would also be ugly. Get spammers' sites in your sightsSee http://www.Sputum.com/sputools.html for examples of how to track all 3 types of spammers: "Stupid clueless newbie, posting in the clear; Careful clueless spammer/warez kiddie, attempting pseudonymity; and Professional SpamDude, posting pseudo-anon from rogue ISP." How to complain: First, keep in mind that you'll be complaining to a network administrator or postmaster - someone who's just as interested as you are in nuking the spammer's account. So there's no good to be gained by insulting the person you complain to. Be polite. If you're reporting an open relay, it may be that it's a new relay - one the spammer just found. Those you're complaining to will almost always want to make their servers unavailable to spammers if for no other reason than the spam traffic slows down their networks. When I see an open relay, I generally just send a note to abuse (and only to postmaster if the message to abuse bounces). In many places, the same person receives mail to either address. I'm less interested in the e-mail account, though, than in the Web site. Spammers simply open a new e-mail account or steal services from another open relay. The best thing, if they mention a Web address is to get that shut down. Note, though, that some spammers list Web sites that aren't theirs in the spam. Their goal is to send you after the wrong person. Before you report a Web site, make sure it really belongs to the spammer. If the Web host is spammer friendly (and a few are) complain to their upstream provider (find out who it is by using traceroute and whois). Keep moving upstream until you find somebody who cares. Administrators are badly overworked. One administrator for a large organization has a staff of 4. They receive more than 30,000 e-mails per month concerning spam and security issues. It's important that you send reports to the right people and that you provide adequate information. Don't expect a personal reply; you'll probably receive only a form letter that confirms receipt of your message. When enough people make enough noise, spammers' accounts will be terminated with extreme prejudice. ResourcesFirst and foremost: http://Abuse.net/. This site has links to lots of spam-fighting sources. Second, the news.admin.net-abuse.email Usenet news group. Learn from the pros how to track down the vermin of the Net. And if you have a question about a specific spam, this is a good place to ask for help. Third, work with your Internet service provider. Some ISPs offer network-based spam blocking tools that you can sign up for, while others provide customers with spam fighting tools. Many resources are free. Most of the people who actively fight spam are more than willing to help educate those who want to learn how. We know that the only way to rid the Internet of these vermin is to actively pursue them. The Mail Abuse Prevention System is a non-profit organization that claims to defend the Internet's e-mail system from abuse by spammers. MAPS says that it educates ISPs and encourages them to enforce strong terms and conditions prohibiting their customers from engaging in abusive e-mail practices. Some say that MAPS is more than a little heavy handed. See http://mail-abuse.org/ for information on what to report and how to report it. MAPS has 3 abuse "levels" - the realtime blacklist (RBL) for hardcore proven spammers, a dial-up list (DUL) that lists dial-ups that pass mail (mail should come from a legitimate mail server and never directly from a dial-up), and the list of known, abused open relays (RSS). The Forum for Responsible and Ethical Email takes a somewhat softer approach than MAPS. Ffor information on the organization's programs, see http://www.SpamFree.org/. This organization is attempting to make spam illegal. Attempting to legislate against spam is naive because of the way the Internet works. Make spam illegal in Ohio and the spammer will move to Michigan. Make it illegal in the US and the spammer will work from overseas. ISPs and "big-pipe" backbone providers working together with end users can stop spammers without legislation. |
|
William Blinn Communications - All Rights Reserved |
|||
 |
|
|
|