Please create an account to participate in the Slashdot moderation system


Forgot your password?
Spam Communications The Internet

Spamfighting Since the Death of MakeLoveNotSpam? 352

vacuum_tuber asks: "The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd. There was speculation after its demise that Open Source spam-punishing tools would emerge. Other tools such as SpamVampire, LadVampire (punishes fake bank sites), Spam Research Tool and others were mentioned with increasing frequency, but there has been no coherent followup to gauge what people are doing since the death of the Lycos screen saver. What are you doing that you think is effective in punishing spammers or their spam-site sponsors?"
This discussion has been archived. No new comments can be posted.

Spamfighting Since the Death of MakeLoveNotSpam?

Comments Filter:
  • by ActionJesus ( 803475 ) on Monday December 27, 2004 @08:00PM (#11195597)
    Just chop their heads off. See how well they spam if they cant see their monitor.
    • I Agree, I would like a wealthy eccentric to set up us unemployed Sys Admin with Licenses to Kill and Living expenses ALA Martin Blanke In Gross Point Blanke.

      We could hunt down and execute the SOB's that pollute inbox with Cheap Meds and Penis Enlargement adds.
  • The best way (Score:5, Insightful)

    by nilbog ( 732352 ) on Monday December 27, 2004 @08:01PM (#11195603) Homepage Journal
    The best way to fight spam is to go home and turn off your mom's zombie computer...
    • by Anonymous Coward on Monday December 27, 2004 @08:06PM (#11195649)
      Duh, slashdotters are home, in the basement. That should be go *upstairs* and turn off their mom's zombie computer.

    • Or better yet, harden it so she can't be compromised again when she turns it back on.
  • Well... (Score:2, Funny)

    by rasafras ( 637995 )
    A solid wooden stake usually does the trick. Make sure it's the heart, though...
  • Don't join the mob (Score:4, Interesting)

    by IntenetStormCenter ( 843983 ) on Monday December 27, 2004 @08:03PM (#11195622) Homepage
    The vigilante mob created by Lycos was nothing more then a publicity stunt gone wrong.

    Cooperation and user persistance has pushed spam already to the fringes of the Internet. Spammers have to just compromissed machines and other criminal methods to spread their messages.

    Making them a victim will only make it harder to push them out, and it will take away resources from the actual problem: People buy the crap offered by spam! Spam is no longer free. If people would just stop buying based on spam, the problem would solve itself.

    • by Chordonblue ( 585047 ) on Monday December 27, 2004 @08:15PM (#11195725) Journal
      "...the actual problem: People buy the crap offered by spam! Spam is no longer free. If people would just stop buying based on spam, the problem would solve itself."

      So what you are in effect saying is that people who hawk too-good-to-be-true investment schemes and storcks shouldn't be punished? People are gullible, people are going to continue to be taken in by their greed, ignorance, or even illness.

      I think these parasites should be taken down. Whether you agree with Lycos or not, I commend them for at least bringing this possible solution to the spotlight.

      • of course they should be taken down. And they are being taken down at faster and faster rates. But DDOSing them is the wrong way. First of all, you take down an ISP in addition to the spammer, but in addition the ISP may now have to help the spammer to defend itself in order to keep other innocent customers online.

        Its important to keep the rules simple. Otherwise you will lose cooperation among ISPs. DDOS is bad. Spam is bad. Lets cooperated and stop both.

        • of course they should be taken down. And they are being taken down at faster and faster rates. But DDOSing them is the wrong way. First of all, you take down an ISP in addition to the spammer, but in addition the ISP may now have to help the spammer to defend itself in order to keep other innocent customers online.

          ISP's who have spammers as customers are just spammers one step removed. It should be costly to ISP's to knowingly have spammers for customers. ISP's generally charge for bandwidth usage and I

    • Spam that originates from the "fringes" of the internet clogs my inbox the same as spam sent from any other machine.

      Dan East
    • Cooperation and user persistance has pushed spam already to the fringes of the Internet.

      Fringes? That's like saying everything outside of the asteroid belt is in the fringes of our solar system. Is McDonald's a fringe restaraunt? Wal-Mart's are always parked on the fringes of towns, does that count too? Large SUVs are owned by people in the upper fringes of the income bracket, and yet they still use most of the gas.
  • I've been spamming the spammy spammers with my anti-spammer spammer. My spam scripts is well suited to spamming spammy spammers with spam. Spaming spammers is the best way to get them to stop spamming. Infact sometimes I use other spammer's spam to spam the spammers.

    Now I'm off to eat my breakfast of spam, eggs, bacon, and spam.
  • by koreaman ( 835838 ) <> on Monday December 27, 2004 @08:04PM (#11195630)
    Make spam illegal, that is the only real way to stop it.

    Write your congressman, if you have some free time try to meet with one of them and lobby them. Few people know how remarkably easy it is to get your congressman to sit down and meet with you.
    • by sqlrob ( 173498 ) on Monday December 27, 2004 @08:09PM (#11195680)
      Like making drugs illegal has stopped drug abuse.

      Or like making identity theft illegal has stopped phishing scams.

      Or how making unauthorized access to a computer illegal has stopped spam coming from compromised machines.

      • And now that handguns are illegal shootings in DC have all but disappeared....
        • They are a LOT less common (per 1000 head of population etc) in the UK than they are in the USA.

          You have the right to bear arms to overthrow wicked governments, but you never will.
          I have the right to walk down the street more freely than you but even a bunch of Ruperts can break into parliament to protest about bad laws!

    • Yeah! it worked for drugs, didn't it?

      The real "only real way" to stop spam is to make it unprofitable. Don't ask me how though.
    • by flyingsquid ( 813711 ) on Monday December 27, 2004 @08:14PM (#11195717)
      Write your congressman

      You mean we should flood their mailboxes with offers for viagra and penis enlargement?

      • by Feanturi ( 99866 )
        I know you're being funny, but that might be a seriously good idea. Dump a whole lot of paper in their offices. Send a letter as you would normally, describing your grief and then, as examples, give hardcopies of every spam you've received in the past week.
    • I disagree. Spam already is illegal, at both the Federal and many state levels, but that means nothing if the rest of the world doesn't take similar steps. And it isn't. Spam is not a US-only problem: it crosses all national boundaries, and won't be cured by the passage of more laws. Ultimately, there are only two solutions: convince people not to click on spam links (unlikely), or implement a technological solution. But those suffer from the same problems as the legal/diplomatic approach, that is, if t
      • by ( 142825 ) on Monday December 27, 2004 @09:38PM (#11196267) Homepage
        I just returned from serving about 12 lawsuits on Avtech direct []. With enough people suing spammers under their state's laws, it will tend to reduce much of the spam -- by making the spammers pay for spammers.

        Even though spam may be international, the foreign companies can be sued. When you send spam into the USA (or the particular state) you are subject to the laws of the USA. After I sued Global Web promotions [], the FTC sued them and siezed their funds. Even though they are in Australia, they are doing business here by sending spam.

      • Spam is not a US-only problem: it crosses all national boundaries

        Not only a US problem, but it is primarily a US-based problem. 42% of spam originates from the US.

        • That's pretty much irrelevant. If there's one thing spammers are, it's adaptable, and if the United States becomes an untenable host nation they'll simply move on. I might point out, however, that that 42% figure isn't too meaningful either: that much spam may or may not originate here, but it sure as hell doesn't all go direct from the spammer's domestic server to the target mailbox.

          China, India, other up-and-coming high-tech nations have thousands upon thousands of unsecured mail servers and Windows
    • Write your congressman

      I don't think my congressman has alot of clout in african countries that are run by warlords.
    • ...but it still happens, sometimes almost unchecked in foreign countries. How is this really going to help unless you target the companies USING spam to hawk their goods?

      The spammers are a symptom of a much larger problem. Don't get me wrong - I wouldn't mind seeing them strung up too - but I'd rather see the CEO of some penis enlarging / Viagra-distributing company do some hard time with big guys...

    • I believe that the only way to stop the proliferation of spam is through user education, not only about why one should fall for spam but also how to take care of their computer. Making spam illegal is just another way of limiting freedom of speech. Spam is speech just like yelling at passing pedestrians about the coming apocalypse is speech; illegalizing spam would be just as morally corrupt as illegalizing proselytism.
    • Funny? (Score:3, Insightful)

      It's a disturbing sign of the state democracy is in in America that this has been modded "Funny"...
  • by overbyj ( 696078 )
    I, for one, truly do welcome our new spamfighting overlords!

  • by Man in Spandex ( 775950 ) <> on Monday December 27, 2004 @08:06PM (#11195659)
    SPAM punishes itself by giving an "evil" image for their company.

    Best way to punish spam is by keeping your friends AND foes aware of what to not pay attention. In the end, hopefully, they'll make less profit. Nonviolence resistance demands patience and is a slow process but always shows progression.
    • I agree with nonviolence resistance and am a firm believer in it but I think using these people's bandwidth is the epitome of nonviolent resistance. You basically bother someone till they HAVE to change something (i.e.: SCLC's bus boycott, Gandhi's march to the sea, etc.) Of course I don't htink the term for this is nonviolent resistance because that really is for something much more serious but that concept fits.

    • I agree.

      Why waste effort on this? Just make it a rule: Don't ever, ever buy anything from an unsolicited email. I've got the same rule for phone solicitation - If your company EVER pisses me off by calling me at supper or on my day off or whatever, I won't buy from you. period. I don't care what you're selling. I'm not interested.

      If there is no positive response, phone/email spam becomes an expense rather than a revenue generator. The 'invisible hand' of the market place will get rid of it.
  • Spamvampire works (Score:5, Interesting)

    by DogDude ( 805747 ) on Monday December 27, 2004 @08:09PM (#11195672)
    I use Spamvampire almost constantly. It works great. It sucks up their bandwidth, and while it doesn't DOS them, it does make the business of spam a hell of a lot less financially viable. I regularly pound on spammer sites (the sites actually selling the garbage) for a few days, then the site dies. Now, there's no way to know if it's because these sites are only designed to be live for a week or so at a time, or if I really am hitting them in the pocketbook, but I'd like to think that it works. At the VERY least, it makes me feel better knowing that somebody is going to be very shocked when they see their bandwith bill at the end of the month. And, the info that the guy who wrote the SmapVampire scripts concerning the 97% billing is very true, so the results he describes are actually quite realistic.
    • Re:Spamvampire works (Score:4, Informative)

      by Matt Perry ( 793115 ) <perry.matt54@[ ] ['yah' in gap]> on Monday December 27, 2004 @08:46PM (#11195925)
      I use Spamvampire almost constantly. It works great. It sucks up their bandwidth, and while it doesn't DOS them, it does make the business of spam a hell of a lot less financially viable.
      Wouldn't local, transparent HTTP proxies put in place by ISPs, such as DSL and dialup providers, prevent SpamVampire from being effective?
    • Hmm. How do I run it? I downloaded it, added some spam sites, opened it in Incontinent Exploder, and it /displayed the HTML/. Damn. Why do browsers do that? I've seen Firebird do that as well - it opens an HTML file, it's obviously a well-formed HTML file because I can see the damn code, but it insists on displaying the HTML instead of interpreting it????
  • Unsolicited Commando (Score:3, Informative)

    by Anonymous Coward on Monday December 27, 2004 @08:09PM (#11195681)
    Nice tool to jam spammers...
  • My solution (Score:5, Funny)

    by nizo ( 81281 ) * on Monday December 27, 2004 @08:10PM (#11195686) Homepage Journal
    What are you doing that you think is effective in punishing spammers or their spam-site sponsors?

    Sending xmas cards to inmates about to be released from prisons in their state with the spammers name and home address as the return address with sincere hopes that they will come visit once they get out. Plus I get to use up all these extra xmas cards instead of packing them away for next year.

  • Turn images off (Score:3, Informative)

    by Neil Blender ( 555885 ) <> on Monday December 27, 2004 @08:10PM (#11195688)
    Turn images off. And filter on <img src=. And tell your Mom to.
    • An even better way would be to filter HTML Mail completely. You kill two birds with one stone:
      1. You don't get Mail from Spammers
      2. You don't get Mail from Morons sending Text-Mails as HTML with Outlook or similar programs
  • Otherwise for every spammer ... removed, there will be ten new spammers to take its' place.
    • Better yet: get a throwaway account, and use it to email companies who spamvertise. Tell them that you've received their spam and will never, ever, under any circumstances buy anything from them because you know that anything spamvertised has to be junk. Tell them you're going to tell everybody you know to do the same. If enough people do this, maybe they'll start getting the message.
  • by speculatrix ( 678524 ) on Monday December 27, 2004 @08:12PM (#11195704)
    Why don't we consider the complete opposite: make it illegal to buy from spammers - kill the revenue stream, kill the spammer's business, stop the spam.

    Another method is to hit the spammer's website... consider this perl fragment:
    while (1)
    • $sock = new IO::Socket::INET (

      • Proto => 'tcp',

      • PeerAddr => 'website',
        PeerPort => '80',
        Reuse => 1
      push @sockArray, $sock;

    Naturally, the above code is for educational purposes only and is not intended to be used in anger :-)
    • Hmm and if you are caught carrying more than 10 bits of spam, we put you in prison as a spam dealer?
  • by Quixote ( 154172 ) on Monday December 27, 2004 @08:13PM (#11195713) Homepage Journal
    and this motley crew shall /. into oblivion...
  • If a spammer and a phisher were both drowning in a pool, and you only had enough time to save one, would get lunch or go for a walk?
  • What about - (Score:4, Interesting)

    by thewldisntenuff ( 778302 ) on Monday December 27, 2004 @08:14PM (#11195718) Homepage
    Forcing ISPs to turn off/temporarily disable the accounts of zombied, 0wned, computers? Isnt that where most of the spam comes from? How much spam could be stopped that way?

    Doesnt have to be permanent, just cut it off and request the user run ad-aware/spybot/a decent virus scan and away they go......

    • And then half of their users will, if I can use the term here, /. the telephone system trying to get through to their ISP, demanding to know how, what, and why. If you thought tech support jobs at ISPs were bad before, just you wait...

      Still, if properly implemented, it's a great idea. Instead of cutting them off, drop any repeated, zombie-looking packets. Anything else, redirect it to a local site hosted by the ISP, for customers only.

      It should read something along the line of..

      "Our monitoring system
    • Most major ISPs actively search out people who are spamming. The ISP I work for (which is sort of a meta-ISP) does this.
  • Respond to them (Score:5, Interesting)

    by Stephen Samuel ( 106962 ) <samuel@bc g r e> on Monday December 27, 2004 @08:15PM (#11195722) Homepage Journal
    This is especially usefull for things like Mortage sites.

    Give them info that at least looks real.
    If you give them your real phone number, then you can keep them on the phone line for 1/2hour (if you've got a headset), while you play your favorite game.... then tell them you hate spammers.

    Even if you don't give them your real time, it forces them to verify the data. People pay for info from those spams because it's mostly good data. from people who want mortages.

    If you keep the S/N ratio from spams higher than random cold-calling, then the spam's useless.

    For stuff like cheap viagra, it's mostly an attempt to get them to annoy their credit card company. or just wasting their time. If we (slashdot) can each get spammers to waste 10 seconds of their time, that's some number of spammer man-years. If we can each get them to waste 10 seconds a week, they're out of business.

    It's using the statistics of spamming against them. They currently get about 1million-1 response ratio with a very high signal-noise ratio. If we can get that up to 1000-1 with a 1-1000 signal-noise ratio, then they'll drown in their own garpage.

    • Re:Respond to them (Score:2, Informative)

      by Anonymous Coward
      This is also what is best to do with telemarketers, if you have time. Ask lots of questions. Get lots of information. Waste as much time as you can.

      BTW, remember that they called you. When they won't take no for an answer, hang up. Yes it is rude, but it the telemarketers who is being truly rude, forcing you to take drastic action. So, they called you. Take to them. Find out the pitch. Find out what they are wearing, if they had a good night sleep. How many kids they have. Get references. Have

    • Re:Respond to them (Score:3, Interesting)

      by Anonymous Coward
      and i love it too. I comb their site and post virtual orders, contact info, customer surveys (its dangerous to ask my opinion about spamming ;) and grab all the customer support and sales email addresses and un-subscribe them to their own spammer, as well up to 50 other address collection sites (i keep a current list). That way they get their own spam (and much more) and get a taste of what their own dollars are doing to me. That way they can DoS themselves with spam.

      Yea, it takes time to be a pain in the
  • by cluge ( 114877 ) on Monday December 27, 2004 @08:20PM (#11195764) Homepage

    LWP + PERL + SPAM = Fun

    Take your pick, for something simple like a website that is hosted on compromised machines, simply loop the address through wget, use the output of ps -aux | grep wget | wc -l to keep the system load down to something reasonable - like 50.

    Another fun game is when the spammer/phisher wants some personal information. Use LWP to walk through the order stages or web pages. Then give them the information that they asked for.

    Name - Don't you know
    Address - don't you wish you knew
    City - not yet
    State - that one
    zip - 12345-678

    Special order instructions:

    Don't ever e-mail me again, ever, please. I'm begging you. In fact I'll be nice, i'll only send this very same message once for each attempted spam delivery. So far the machine that delivered this message has also made 150,000 connections, to try and deliver messages to users that don't exist.

    Add random garbage to through off simply filters. Rinse and repeat until messages stop coming to you

    Using the host command, with the name servers that show up in the whois. Walk the dns. It's trivial to repeat until server stops responding. Especially if the server is another zombie.

    Tactics usually prove good at stopping sites hosted on compromised broadband connections. These machines generally have upload limits that run out quick. Sites hosted in China or Russia seem to have more bandwidth and can take more of a load. I only know this because I read around. I would never, ever advocate such a thing as returning the spam I receive to the spammer via his web sites order page. Doing what is suggested would probably get you in trouble.

    My solution? Baseball bats, but my lawyer has told me that they may be illegal as well.

  • The now-defunct Lycos anti-spamsite screen saver, MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd

    Yeah, um, right. Say the same thing in regards to the RIAA trying to prevent music piracy and you'll hear endless howls from the /. crowd about how hacking/DDoS is illegal and should be a punishable crime.

    If you want anyone to remotely take you seriously, you will have to first drop the double-standard.
  • I don't see this as being a retribution. The spammers use our network resources to send us URLs that they want us to click on. In exchange, they want some of the recipients to click on the URLs and buy their wares. If every spam recipient were to go to those web sites, the whole balance of sending "free" bulk commercial emails becomes not so free.

    I think that if it's the recipient who is (automatically) pulling down the web sites pointed to by the URLs, then this could not be considered retribution. If ins
    • The problem with retribution is that if, for some reason, I happen to not like you, and I spam a few hundred thousand emails with:

      Go check out my cool site!

      And whammo, you get screwed and you did nothing wrong but piss off an asshole. It'd be bad enough wading through the responses and bounce messages (if I use your real email as the return addy) but to get your site whacked on top of it?

      That is the one biggest drawback to an active defense, imho. It WILL target innocents at som
  • by Pretbek ( 600867 ) on Monday December 27, 2004 @08:30PM (#11195826)
    Posting the physical address of a spammer on /. and asking people to "please not sign him up for all the snailmail-spam you can find because that is so impolite" seems to have worked well in the past. Well, it worked at annoying the spammer, that is. I don't know if the amount of sent spam actually declined.
  • Easy really. Either smack all the idjits buying CRAP from spammers (this could work well for the ones clicking on the viruses in their emails too), or make sure every congressman and woman, every senator, every governor, every legislative member, basically everyone at every level of government gets as much spam as Bill Gates. Of course, getting leaders and parliament members of other countries signed up to spam email lists will hasten the demise of spammers, since the US wouldn't be forced to invade to re
  • Hand Wringing (Score:4, Insightful)

    by fm6 ( 162816 ) on Monday December 27, 2004 @08:36PM (#11195863) Homepage Journal
    MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd.
    Hand wringing? Like all vigilantes, you love to emphasis your own macho attitude and the supposed wimpiness of your detractors. Whereas the real issue is the collatoral damage.
  • The Lycos thing was an interesting sortee, but on a day-to-day basis? I'll keep doing what I do now: learn, build better filters, make it harder for the stuff to get through, defeat the purpose, drive their numbers down a fraction. I'm a systems admin; my users don't see much spam, largely because I've spent months tweaking the filters to stop it, building better code into my SpamAssassin, etc. Does it annoy me? Not really. It keeps me employed, and it makes me think, actually. A wise man once said, rather
  • by Anonymous Coward on Monday December 27, 2004 @08:55PM (#11196014)
    For the spam that sells software, I parse the html code (kmail shows the code, not the rendered page) for links to the spam sites selling the software. It's almost always Microsoft Office, Macromedia Dreamweaver (and/or Flash and I forget the other Macromedia software), Adobe suites, Intuit's Quicken or QB, Symantec's software, AutoCad (?) and a few other regulars I can't remember right now. Almost always, the software includes the big ones above, and sometimes a few others.

    So I parse the links, removing the filler, isolate the links, then go to BSA's site, and fill out their piracy form. I provide the isolated links, along with the entire email itself including headers, so that they can investigate the spamvertisement themselves.

    Then I add a few words of encouragement at the bottom. Three words are generally enough, you can figure out your own slogans as a substitute.

    Keeps the BSA busy, their minds on other things, minimizes the amount of trojaned software that clueless users download via spam if BSA actually takes action to close the sites or go after site owners, and lets me kill some time.

    I've been thinking of ratting out the criminals selling "pirated" software on Craig's List to the BSA piracy line as well. Maybe I'll make that the next step. It'll keep cheap "pirated" windows software off people's computers, and perhaps give the prospective buyers more incentive to use FOSS/Linux instead. Or at least OpenOffice on Windows, which makes it easier to get them on FOSS/Linux platform later.

    The BSA is the greatest thing since sliced bread. Without them, why would most Windows users migrate to Linux? Because its a better platform? Bahhh! They don't even know they're running Windows, let alone why Linux is better or not.
    • by IrishMASMS ( 786650 ) on Monday December 27, 2004 @10:06PM (#11196437) Homepage
      There are a few organizations & companies that would love for you to forward on your spam; and Spamcop [] would love to help you LART the headers & spam web hosts.

      You can tell where the spam comes from; or at least identify the web sites they are spamvertizing. Yes, it is sometimes a BPITA - hence why I use spamcop to help auto LART the headers/email for me. I know with squirrel mail any spam you can auto forward to your spamcop account to be LARTed.

      Normally I LART anything that gets past the spam filters, thinking that anything that does get caught is by the big spamhouses. I also report my spam to the Feds for action:
      "US Postal Inspectors service"

      These folks ask for spam, to either tweak their anti-spam tools or for internal investigation:

      Specific countries have anti-spam efforts:
      "Spam from China",
      "Spam from Korea",

      As already mentioned - any spam offering grey market (aka cheap) software?

      Any 419 scams?
      "Central Bank of Nigeria",
      "Treasury Nigeraian scam reporting"

      Child pr0n?

      Any stock or securities spam?
      "nasd Penny stock fraud submittal",
      "Securities fraud SEC"

      Any food or drug spam?

      FYI: there are some anti spam groups I am a member of, where a little bit of research dug up these agencies. It is easy enough to set up an auto forward on your spam folder to report & LART the spammer scum. ;)

  • MakeLoveNotSpam, was extremely well received despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd.

    Just FYI.
  • Several people have proposed scripts that click the links in the e-mails received.

    Does this not confirm to the spammers that the address they're hitting is valid? MOST of the spam I get passes some form of variable passed, presumably to uniquely track me.

    I'd be very angry if my ISP's mailserver was clicking these links for me.

    Sure, if done enough, this will completely ruin the idea of tracking people through link-clicking. But in the period between now and when it's fully-implemented, won't it just make
  • despite the whines and hand wringing from the no-one-should-ever-actively-defend-themselves crowd.

    No one complained about defending yourself, they complained because fighting abuse with abuse is:


    in many cases illegal

    in some cases against the wrong party.

    DoSing someone's server is illegal in the US. Had Lycos tried it on my allocation, they would have been null routed as soon as I found out about it.

    Attacking someone's web site is not defense. Even if they are a spammer, it doesn't make it righ

  • by SmurfButcher Bob ( 313810 ) on Monday December 27, 2004 @09:37PM (#11196259) Journal
    A long (long) time ago, I came home to find my wife pumping some online poll, somewhere. Vote, click, wait, back. Vote, click, wait, back. It seems that Marvel was running a "who's the coolest X-Man" poll, and the various fan-groups were doing their damndest to win. Since I wanted my computer back, SpamHammer was born. With a dynamic array of winsocks, it'd allocate as many as the target server could handle, and repeat the voting that you'd "taught" it xxx times. It did well, to the order of a thousand or so per minute if the target could handle it. I must say, the pained expressions on the faces of the various people who were NOT in my wife's fan-group was worth every minute spent coding it, if only I could have seen them. An army of them would spend an hour pumping in a few thousand votes... I'd throw in 10k votes in the time it'd take to make a cup of coffee. It was a few years ago, but it was the type of user-torture that lasts a lifetime.

    Eventually, the phishing scams came out. And the mortgage quotes were flowing in. And I got tired of all of them. And I remembered SpamHammer.

    So, a LOT of searching of the old file-tree to find it, a little tweaking, and V2.0 was born. This new version supports everything needed to pump tons of crap into any site, POST or GET, cookies or not. I spared no feature - from random emails, random name permutations from the USCB, junk mailing addresses that'll pass a city/state/zip xref, random credit card numbers with proper checkdigits, and even stuff picked from lists (think of med sites). Mortgage quoters want leads? Here, have a million. Just don't bitch when the lenders refuse to pay for those leads. Phishers want accounts and passwords? No problem - with the added benefit of DOSing the target host. Free viagra? Oooo... I get wood just thinking about it... here, have a hundred thousand orders for random crap on your site.

    I'm not sure why, but there's something satisfying about getting a "write failure: access denied" after pumping a few million POSTs into a site, consisting of every major field being 32K each. The only thing more satisfying is knowing that certain med-sites simply email the order to an in-box... here, have a big pile of 1Meg emails.
  • by Animats ( 122034 ) on Monday December 27, 2004 @09:40PM (#11196279) Homepage
    RegisterFly [], a service which "cloaks" domain registrations by using RegisterFly's contact information in place of the actual registrant, may be committing felonies by so doing.

    From the CAN-SPAM act:

    • Sec. 1037. Fraud and related activity in connection with electronic mail

      `(a) IN GENERAL- Whoever, in or affecting interstate or foreign commerce, knowingly-- ....

      (4) registers, using information that materially falsifies the identity of the actual registrant, for five or more electronic mail accounts or online user accounts or two or more domain names, and intentionally initiates the transmission of multiple commercial electronic mail messages from any combination of such accounts or domain names, ....

      "or conspires to do so, shall be punished as provided in subsection (b)."

      (2) a fine under this title, imprisonment for not more than 3 years, or both, if-- ...

      (B) the offense is an offense under subsection (a)(4) and involved 20 or more falsified electronic mail or online user account registrations, or 10 or more falsified domain name registrations;

    The CAN-SPAM act is soft on spamming, but tough on spam-related fraud. That can be useful.

    Note the "or conspires to do so" clause. Knowingly assisting in a criminal offense satisfies the legal definition of conspiracy. [] "Cloaking services" are in deep trouble if they knowingly provide that service for a spammer. Unlike ISP's, there's no "safe harbor" for them.

    As for the "knowingly" part, whenever you find a spam associated with a "cloaked" domain, send a note to the cloaking service, and post that you've done so to some public spam forum that's indexed by search engines. That will put them on record as knowingly cooperating in a criminal conspiracy. The next person who gets a spam from the same party will have that information as legal ammunition.

    When you've got that info, report it as Internet fraud. [].

  • missing a really great opportunity to improve its public image.

  • by dragonman97 ( 185927 ) on Monday December 27, 2004 @09:46PM (#11196317)
    For 419ers and other spammers that tell you to correspond with them via Yahoo! or other free e-mail services, I strongly recommend reporting them to the abuse department for that provider. This can cause innocent fools from being able to actually contact the 419er, and if the success rate drops, then perhaps some of them will quit, if it's not worth their time. Yahoo! and others do not need their name further tarnished as being supporters of these scams, so cutting them off can only be beneficial to them.

    Wasting the bandwidth of these phishers only hurts the Internet, by wasting resources. Do keep in mind that the sites may be using stolen credit cards, and the ISPs will lose money on overspent bandwidth bills when the CC company halts payment.
    • I'm sorry, but the abuse desks almost never do anything useful. They are constrained by the lack of manpower, and they are constrained by ISP policy from doing anything that could ever be considered censorship to avoid losing the "common carrier" protections they currently enjoy.

      Moreover, for many ISP's, spammers with "pink" contracts pay good money and help keep pay the ISP's bills. tried this, and it wasn't until the Cyberpromo spammers had their upstream routers DOS attacked to death that Agis
  • As if millions of spammers cried out in terror and were suddenly silenced.
  • Spam Traps. (Score:3, Interesting)

    by qualico ( 731143 ) <worldcouchsurfer&gmail,com> on Monday December 27, 2004 @10:41PM (#11196603) Journal
    I get a lot of spam attempts on my email.

    Using scripting, I've made myself a nice little spam trap.
    If you test, you'll see its an OPEN RELAY!

    BUT, if you try to use it...your email will be dissected and automatic abuse notifications sent to the upstream ISP of the target site, the injecting IP's ISP and any other IP listed in the email.
    Further, reports are sent to all the major blackhole listing sites.

    Very effective at shutting down sites because the instant reporting reduces the time spammers rely on between site switching.

    I've been responsible for taking down a lot of sites and will continue to fight spam with every tool at my disposal.

    Now if I could only extend this functionality to Malware and Adware sites.
  • Do you really think these spam servers, websites and there bandwith costs are not fraudulently optained? Your not costing the spammers your costing whoever ends up paying the credit card bill. Probably the credit card company will take up the tab, sometimes the acual person.

Never buy from a rich salesman. -- Goldenstern