Spam Hosting - from 20$ per mounth. Fraud Hosting - from 30$ per mounth. Stoln Credit Cards, Fake ID, DL's.
This is known as "Rule #3" on n.a.n-a.e... Spammers are stupid.
Stupid!? These spammers are not stupid. There are very few legitimate businesses which can actually turn a profit from spamming. Most of the money to be made is in selling spam related software and services to suckers. The problem is, how do you identify people who are dumb enough to think that spam services are worth paying for? Simple. You send lots of spam which, by definition, only goes to people who know something about the Internet and might be willing to spend money on an Internet-related service. Then you wait for responses which, by definition, are only going to come from grade A suckers. Then you pounce on these hapless marks, rip them off and move on. Spammers are not stupid. They are smart criminal gangs which have not only managed to keep their schemes running for several years in the face of great public animosity, they have also managed to sabotage the efforts that supposedly work against them. A favorite trick is for them to go into a forum like NANAE and support a flawed anti-spam effort because they know that it keeps people from focusing on real solutions. The net effect of all of these flawed technical attacks on spam is that it has filtered out the naive spammers from the spamming community and left spamming in the control of criminal gangs. When will we realize that SPAM is a social problem and it needs a social solution? When will the major email providers sit down around a table and agree to some guidelines for email exchange that make it impossible for rogue users to inject large volumes of email into the system? The existing non-hierarchical email exchange network is not scalable. I hope that everyone on this list can understand what the email exchange overlay network is and recognize that it is subject to similar scaling rules as the underlying IP network. --Michael Dillon
Spam is VERY EFFECTIVE. It _really_ increase sales. People (yes, and me too -:)) read SPAM and sometimes find interesting things. (Example - yopu can hate spam, but if you call Europe every day, and you see $.03/minute adv for long distance, you will remember it). Problem is, that spam is not selective, so you receive 99.99% garbage and 0.01% useful information. (Effectiveness of spam is proven, unfortunately). ----- Original Message ----- From: <Michael.Dillon@radianz.com> To: <nanog@merit.edu> Sent: Tuesday, February 03, 2004 2:31 AM Subject: Re: Unbelievable Spam.
Spam Hosting - from 20$ per mounth. Fraud Hosting - from 30$ per mounth. Stoln Credit Cards, Fake ID, DL's.
This is known as "Rule #3" on n.a.n-a.e... Spammers are stupid.
Stupid!? These spammers are not stupid. There are very few legitimate businesses which can actually turn a profit from spamming. Most of the money to be made is in selling spam related software and services to suckers. The problem is, how do you identify people who are dumb enough to think that spam services are worth paying for?
Simple. You send lots of spam which, by definition, only goes to people who know something about the Internet and might be willing to spend money on an Internet-related service. Then you wait for responses which, by definition, are only going to come from grade A suckers. Then you pounce on these hapless marks, rip them off and move on.
Spammers are not stupid. They are smart criminal gangs which have not only managed to keep their schemes running for several years in the face of great public animosity, they have also managed to sabotage the efforts that supposedly work against them. A favorite trick is for them to go into a forum like NANAE and support a flawed anti-spam effort because they know that it keeps people from focusing on real solutions.
The net effect of all of these flawed technical attacks on spam is that it has filtered out the naive spammers from the spamming community and left spamming in the control of criminal gangs.
When will we realize that SPAM is a social problem and it needs a social solution? When will the major email providers sit down around a table and agree to some guidelines for email exchange that make it impossible for rogue users to inject large volumes of email into the system? The existing non-hierarchical email exchange network is not scalable. I hope that everyone on this list can understand what the email exchange overlay network is and recognize that it is subject to similar scaling rules as the underlying IP network.
--Michael Dillon
On Tue, Feb 03, 2004 at 10:31:00AM +0000, Michael.Dillon@radianz.com wrote:
inject large volumes of email into the system? The existing non-hierarchical email exchange network is not scalable. I hope that everyone on this list can understand what the email exchange overlay network is and recognize that it is subject to similar scaling rules as the underlying IP network.
So you are saying that the existing email exchange network is not scalable because it is non-hierarchical? It looks like its scaled pretty well so far. Maybe I'm not understanding something. The entire paragraph quoted appears to be entirely content free except for some various assertions. Could you elaborate further on 1) how the existing non-hierarchical email exchange network is not scalable. What are your definitions of "scale" and what are the current choking points that you see? 2) the email exchange overlay network and the similarities to the underlying ip network with elaborations on how the hierarchy of IP maps to the hierarchy in email overlays. thanks /vijay
Hi, ...on Tue, Feb 03, 2004 at 10:31:00AM +0000, Michael.Dillon@radianz.com wrote:
When will we realize that SPAM is a social problem and it needs a social solution?
I agree insofar as a solution is needed that helps making the criminals accountable. But then, the low barriers are probably the major reason for the success of the mail system - I assume the likes of AOL and Compuserve and MSN would have wanted something else before they became some kind of value-added internet dialup providers (or disappeared).
When will the major email providers sit down around a table and agree to some guidelines for email exchange that make it impossible for rogue users to inject large volumes of email into the system?
Aren't you suggesting a technical solution here? A social solution wouldn't need to make it impossible to inject rogue mail into the system, it would just need to make the sender identifiable. As soon as that's happened, the infrastructure to take care of the offender is already in place in the real world. (Although I'm not shure which of both is the harder problem.)
The existing non-hierarchical email exchange network is not scalable.
Oh, given the amounts of spam and virii we transport today, I think it scaled well beyond anyone's expectation, and I don't see the big internet email meltdown coming on any kind of technical layer soon. End-Users will become fed up in the system much earlier. Alex. -- AB54-RIPE
On Tue, 3 Feb 2004 Michael.Dillon@radianz.com wrote:
Spammers are not stupid.
I would suggest a statement of "All spammers are not stupid" instead of the above. Some spammers are quite dumb/naive, some are middle of the road, some are very smart and organized. Just like any other profession, there is always a mix.
They are smart criminal gangs which have not only managed to keep their schemes running for several years in the face of great public animosity, they have also managed to sabotage the efforts that supposedly work against them.
Frankly, I think thats a myth perpetrated by rabid anti-spammers. Its more like organized crime than any ragtag street gang.
When will we realize that SPAM is a social problem and it needs a social solution?
Buyer education is the big issue. People get scammed every day, whether its over the phone, over TV or email. Educating people to not fall into these traps is the hard part.
When will the major email providers sit down around a table and agree to some guidelines for email exchange that make it impossible for rogue users to inject large volumes of email into the system?
I think that you'll find that there have been several attempts at coming up with a way to legitimize email marketing, and a lot of the attempts seem to be aimed at stomping out the chickenboners and junkmailers. I may not enjoy junkmail, but there are people who do sign up for mailing lists for commercial things. A long time ago when I was new to the internet I managed to sign up for some mailing lists because they were things I wanted. Now that address is spewed all over the place due to people selling my address, but thats happend with my phone numbers and my postal address as well. What does that mean -> I signed up for commercial email. Does it mean I want it from everyone? no. Its an important distinction which needs to be recognized, even by people who spend all day obsessing over spam (and posting it to NANOG-L). Supporting 'legitimate' marketing VS UCE I think is the key to reducing the deluge of crap in our mailboxes every day. Is it an easy task, absolutely not.
On Tue, 03 Feb 2004 13:31:28 PST, "Tom (UnitedLayer)" <tom@unitedlayer.com> said:
They are smart criminal gangs which have not only managed to keep their schemes running for several years in the face of great public animosity, they have also managed to sabotage the efforts that supposedly work against them.
Frankly, I think thats a myth perpetrated by rabid anti-spammers. Its more like organized crime than any ragtag street gang.
Tell it to the owner of monkeys.com, Osirusoft, and OpenRBL.
"Michael" == Michael Dillon <Michael.Dillon@radianz.com> writes:
Michael> When will we realize that SPAM is a social problem and it Michael> needs a social solution? When will the major email Michael> providers sit down around a table and agree to some Michael> guidelines for email exchange that make it impossible for Michael> rogue users to inject large volumes of email into the Michael> system? The existing non-hierarchical email exchange First - lots of providers are definitely working together, quite often behind the scenes, without press conferences or even posts on nanog. You do have to consider that almost all of them have their main servers locked down fairly tight, and those that don't do this soon find themselves blocked till such time as they can shape up. However, a lot of the spam is being sent through IPs that should not ordinarily originate mail .. trojaned hosts, open proxy servers etc. So, a lot of providers are becoming more proactive about sweeping their network for trojaned hosts, open proxies etc, and sometimes filtering out known trojan / proxy ports. Another easy thing to do is to split their inbound and outbound mailservers, and ensure that none of their inbound servers (MXs) relays for their customer IP (dialup / dhcp) pool. This is because there are lots of trojans out there that take the domain from the computer's hostname or IP's rDNS, do an MX lookup on the domain and try to pump their payload through the MX, hoping that it will relay for the customer IP. And it is not just the big guys, it is the small guys ranging from mom and pop ISPs to corporate admins who run a single exchange server on a DSL line that need education as well. Regular tutorials on systems security at NANOG and the assorted other meetings that operators and sysadmins frequent is a very good idea indeed. FWIW, I did a tutorial on this at SANOG 3 in Bangalore a while back - found myself having to answer a lot of questions, some which were obviously FAQs. Next - an antispam tutorial and a conference track (featuring Dave Crocker, Meng Wong etc) at APRICOT 2004 in Kuala Lumpur, later this month. Michael> network is not scalable. I hope that everyone on this Michael> list can understand what the email exchange overlay Michael> network is and recognize that it is subject to similar Michael> scaling rules as the underlying IP network. Say what? Agreed, spam is not just a technical problem, it is a social problem. But I do have to ask you the same questions that Vijay Gill asked. Please feel free to mail me offlist or take this thread to spam-l or elsewhere if you feel that this is getting offtopic (though spam, especially the network security / virus related issues about spam, is definitely an operational issue these days). srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
participants (7)
-
Alexander Bochmann
-
Alexei Roudnev
-
Michael.Dillon@radianz.com
-
suresh@outblaze.com
-
Tom (UnitedLayer)
-
Valdis.Kletnieks@vt.edu
-
vijay gill