Attacking the Spammer Business Model 655
Stephen Samuel asks: "Spammers spam because it's an 'easy way to make money'. They send out millions of spams knowing that 99.995% of them will be ignored, but the other 0.005% of responses are pure gold (Andrew Leung at Telus has an excellent report on the economics of spam). Responses to mortage spams are reportedly worth $50.00 each. What would happen if, instead of technical and legal approaches, we simply started attacking their business model? If people
started responding to just 1% of the spam we received, spammers would drown in the responses, and the mortage spam responses wouldn't be worth an email, much less $50. The Nigerian Sweet Revenge is an example of this. The nice thing about this sort of statistical approach is that it would start to reward spammers for sending out -fewer- emails. (fewer emails -> fewer bogus responses). What other ways can people think of to attack the spammer business models, and what are the expected downsides of such approaches?" Of course, the one major drawback to this is the likelihood of more spam, since you'll be giving them a valid email address. However, many of you may be receiving increasing amount of spam as it is (even through your filters) so might an organized spam-the-spammers movement work?
My spam is better then your spam (Score:3, Informative)
Does this mean I now have to read all my spam to decide which I should reply to and which I should ignore???
As for giving them a valid email address..... (Score:2, Informative)
Once you're done messing with them, just kill the address. Not exactly a foolproof solution, but I don't see why it wouldn't work most of the time.
Filters that fight back... (Score:5, Informative)
Here's a link to the article.
http://www.paulgraham.com/ffb.html
Re:Richest spammers could afford to handle replies (Score:1, Informative)
Re:The Best Way to Attack Spammers (Score:5, Informative)
Add all the spammers to an e-mail list and automatically forward any spam I get (using an address I use only for this purpose) to everyone on that list.
Having recently been a victim of having my addresses spoofed by spammers, I don't think this is a good idea. Only if the SPAM actually says to reply for more information (or to make a purchase) would this work; in other words, only if you have a reason to believe that the address is in fact going to reach the spammer.
The majority of SPAM I get does not come from a valid email address, but instead includes a URL to visit or a telephone number to call. Thus, forwarding SPAM to the From/Reply address will either just bounce, or worse, go to the unsuspecting person who's address was inappropriately used.
I know that often the spammers just use a random address from their list as the From/Reply-To, but for a couple of weeks I was the proud recipient of many thousands of bounced SPAM messages, to the extent that I had to temporarily
Re:Bogus spams? (Score:4, Informative)
In Mozilla Mail, going to View->Message Body As and select Plain Text turns off HTML for email.
Red Condor does this (Score:1, Informative)
Re:Bogus spams? (Score:5, Informative)
This might be the result of blocking remote images in email, to avoid spam filters, some spammers now have an email consisting of little more than a pointer to an image on their (zombie?) servers. The image has all of the text in it.
If you have images blocked, try reading the source and see if that's the case.
Re:automated replies / anon remailers (Score:3, Informative)
For the most part, reply addresses are bogus. They usually expect you to visit a web site. It's only 419 spammers (and the like) who usually give (and read) legitimate reply addresses. I'll often use those as my 'response' address.
Actually, you'd enrich spammers (Score:3, Informative)
That means that everyone dealing in leads makes less money, but the spammers make more. That would squeeze everyone, until the only ones making money in mortgages are spammers. This would result in rich spammers, plowing more money into spam.
The lead business is much less efficient than you think, with hundreds/thousands of buyers and sellers, so if one company dumps the lead broker, another one will pick up their leads. The leads are mostly unpriced, and buyers are chasing lead sources.
Alex
Re:in the short run... (Score:1, Informative)
Thats not how it works. They only get a commission if the loan closes- otherwise people would be just making up names and email addresses to get the $50.
The affiliate programs work on commission- if there is no sale, there is no commission and the spammer does not get paid.
Re:Richest spammers could afford to handle replies (Score:5, Informative)
That would be form fucker [slashdot.org]
The plan would work if enough people did it (the single reply, not necessarily the form fucker), and it would work for the same reason that spam makes my inbox useless. A poor signal to noise ratio. Someone has to dig through all of those garbage e-mails and harvest the truly interested parties (both of them).
How many spams have 800 numbers? (Score:3, Informative)
Re:Richest spammers could afford to handle replies (Score:5, Informative)
Re:Spam their 800 numbers.. (Score:3, Informative)
Re:Filters that fight back... (Score:5, Informative)
All the schemes are easily overcome by a spammer. And it is still easy for them to pick on innocent bystanders. For innocent people, all they have to do is include their URLs in a spam message. Thousands of individual servers checking an innocent person's server even if they decide it is harmless will still be a DDOS against a good guy.
So here are several ways a spammer can get around everything that is proposed:
It is way easier to do this stuff playing defense. Using RBLs etc when someone tries to get access to your mail server works pretty well. Worst case you deny legitimate email, and the only one hurt is you.
When going on the offensive, you are trying to hurt others. How much collateral damage is ok? One poster in this thread posted their web site. If a spammer included that URL in several billion spams and you had hundreds of thousands of hits against you, how would you feel? How would you feel if your site was listed as a bad guy site? How would you feel if your system had done something automated as an offensive action against another site (eg trying to fill out name and address forms with bogus information) and it turned out that site was mistakenly listed as a bad guy site?
And if you think it is easy classifying sites, try these two: jennifer [jennifersblog.com] and jamie [iagreewithjamie.com] (answers at Metafilter: jennifer [metafilter.com] and jamie [metafilter.com]).
Re:3 Lawyers, 3 geeks (Score:2, Informative)
I think you missed the point here.
1) The plan in question is being carried out by a Government, not by you or me or some random geek.
2) The bulk emails sent out are already in violation of the law. Many jurisdictions require valid list removal options and reply-to addresses. The purchase serves only to identify the spammer through his accounts and whatnot.
3) V/MC is probably breaking numerous laws if they knowingly complete transactions solicited in an illegal manner. Usually they will use the "Ebay" "we didn't know" defense to avoid liability, therefore, the purpose of these GOVERNMENT actions would be to make sure that they (V/MC/DISC/AMEX) officially "know".
4) The purpose of this activity is not to bring charges, but rather to compel and coerce V/MC etc. into using their various merchant agreements for the public good.
5) Finally, maybe a few prosecutions wouldn't be a bad thing after all. First we freeze the assets of the spammer and the company being illegally advertised, then we send in some goons to collect "evidence"... and well, you know the rest.
V/MC and the others will cooperate. They have no choice.
And no, you will never look at your government the same way again.
Re:3 Lawyers, 3 geeks (Score:3, Informative)
Sounds like a huge market for the enterprising lawyer, who only yesterday thought that tort reform had cut off his cash cow.
P.S. It ain't entrapment if the 'entrappee' is already committing or planning to commit a crime.
Re:Richest spammers could afford to handle replies (Score:3, Informative)
The idea isn't to attack at all, rather to reply as an interested customer.
The scenario is that you recieve a mail about getting, say pills that make your nostrils bigger. All spammers will need a way to ensure that you can make a purchase, and it's through that mechanism that you inquire for more information about nostril enhancement through magic pills.
If everyone who recieved an email did this, they would get thousands of requests.
If they only reply to a few of them then the company selling the pills looses sales.
So instead, they hire more staffers. When they do that, they are potentially eating into thier own profits.
Given sufficient numbers of respondants, this would make it suddenly unprofitable to mail everyone in the world, leading to an incentive to stop mass spamming.
That's the idea at least. There's no "attack" involved.
- Serge Wroclawski
Hitting their lifelines (Score:3, Informative)
After playing the game a couple weeks, I reported his banking connection (a real person) to the London Met Police and his email info to his ISP (SIFY of India - *great* customer service!) and had his accounts terminated.That was a laugh and a breeze.
If you look for the lifelines of 419 scammers, they have their email and their banking connection. Shutting down their email account fast makes their spamming futile. Shutting down their banking connection is harder, but very painful for them. Bottom line: MeThinks 419 scamming will stay benign, they're too easy to wipe out.
Looking for the lifelines of the real spammers (the Viagra, Mortgage, Patches etc. stuff), there are three: Ability to send loads of email, ability to recieve responses (web site or phone number) and ability to receive money. Kill any one of these, and the situation is solved.
The ability to send email is tricky to fix. We all want that email can be sent freely, preferably for free. Fixing/replacing SMTP to include authentication would be great! But we're still awaiting news from this front.
Hitting their web sites could be done in several ways. Proper legislation could make it a felony to operate spam-advertised web sites, and they could be taken out. If spam filters included the ability to automatically spider the web sites referred in the mails, they would have to pay for loads of useless traffic to their sites - and their ISP's would look at disconnecting them. It's not a DoS attack per se, we're just making backup copies of potentially useful information :)
And for hitting back on their payment options, there was an excellent suggestion earlier that the FTC take care of this. That looks very cool,. Much better than more laws that are not enforceable anyway :) So clearly an FTC issue if I ever saw one.
Getting the spammers on any one of these three lifelines would be sufficient - getting them on all three would be very, very effective.
Re:Attacking Business Model - Posted Anonymously! (Score:3, Informative)
So you can use wget, which doesn't have any trouble with a conscience. Replace the 'lynx string with: Cheers,
Costyn.