Unbelievable Spam.

michael.dillon2 · February 3, 2004, 10:31am

Spam Hosting - from 20$ per mounth.
Fraud Hosting - from 30$ per mounth.
Stoln Credit Cards, Fake ID, DL's.

This is known as "Rule #3" on n.a.n-a.e... Spammers are stupid.

Stupid!?
These spammers are not stupid. There are very few legitimate
businesses which can actually turn a profit from spamming.
Most of the money to be made is in selling spam related software
and services to suckers. The problem is, how do you identify
people who are dumb enough to think that spam services are
worth paying for?

Simple. You send lots of spam which, by definition, only goes
to people who know something about the Internet and might be
willing to spend money on an Internet-related service. Then you
wait for responses which, by definition, are only going to come
from grade A suckers. Then you pounce on these hapless marks,
rip them off and move on.

Spammers are not stupid. They are smart criminal gangs which
have not only managed to keep their schemes running for
several years in the face of great public animosity, they have
also managed to sabotage the efforts that supposedly work
against them. A favorite trick is for them to go into a forum
like NANAE and support a flawed anti-spam effort because they
know that it keeps people from focusing on real solutions.

The net effect of all of these flawed technical attacks on
spam is that it has filtered out the naive spammers from the
spamming community and left spamming in the control of
criminal gangs.

When will we realize that SPAM is a social problem and it
needs a social solution? When will the major email providers
sit down around a table and agree to some guidelines for
email exchange that make it impossible for rogue users to
inject large volumes of email into the system? The existing
non-hierarchical email exchange network is not scalable.
I hope that everyone on this list can understand what the
email exchange overlay network is and recognize that it
is subject to similar scaling rules as the underlying IP
network.

--Michael Dillon

Alexei_Roudnev · February 3, 2004, 3:49pm

Spam is VERY EFFECTIVE. It _really_ increase sales. People (yes, and me
too -:)) read SPAM and
sometimes find interesting things. (Example - yopu can hate spam, but if you
call Europe every day, and you see $.03/minute adv for long distance, you
will remember it).

Problem is, that spam is not selective, so you receive 99.99% garbage and
0.01% useful information.
(Effectiveness of spam is proven, unfortunately).

Vijay_Gill · February 3, 2004, 3:56pm

So you are saying that the existing email exchange network
is not scalable because it is non-hierarchical?

It looks like its scaled pretty well so far. Maybe I'm
not understanding something.

The entire paragraph quoted appears to be entirely content
free except for some various assertions. Could you elaborate
further on

1) how the existing non-hierarchical email exchange network is
not scalable. What are your definitions of "scale" and what
are the current choking points that you see?

2) the email exchange overlay network and the similarities
to the underlying ip network with elaborations on how the
hierarchy of IP maps to the hierarchy in email overlays.

thanks

/vijay

Alexander_Bochmann1 · February 3, 2004, 4:47pm

Hi,

> When will we realize that SPAM is a social problem and it
> needs a social solution?

I agree insofar as a solution is needed that helps making
the criminals accountable. But then, the low barriers
are probably the major reason for the success of the
mail system - I assume the likes of AOL and Compuserve
and MSN would have wanted something else before they
became some kind of value-added internet dialup providers
(or disappeared).

> When will the major email providers
> sit down around a table and agree to some guidelines for
> email exchange that make it impossible for rogue users to
> inject large volumes of email into the system?

Aren't you suggesting a technical solution here?
A social solution wouldn't need to make it impossible to
inject rogue mail into the system, it would just need
to make the sender identifiable. As soon as that's
happened, the infrastructure to take care of the
offender is already in place in the real world.
(Although I'm not shure which of both is the harder
problem.)

> The existing
> non-hierarchical email exchange network is not scalable.

Oh, given the amounts of spam and virii we transport
today, I think it scaled well beyond anyone's expectation,
and I don't see the big internet email meltdown coming
on any kind of technical layer soon. End-Users will
become fed up in the system much earlier.

Alex.

Tom_UnitedLayer · February 3, 2004, 9:31pm

Spammers are not stupid.

I would suggest a statement of "All spammers are not stupid" instead of
the above. Some spammers are quite dumb/naive, some are middle of the
road, some are very smart and organized. Just like any other profession,
there is always a mix.

They are smart criminal gangs which have not only managed to keep their
schemes running for several years in the face of great public animosity,
they have also managed to sabotage the efforts that supposedly work
against them.

Frankly, I think thats a myth perpetrated by rabid anti-spammers.
Its more like organized crime than any ragtag street gang.

When will we realize that SPAM is a social problem and it needs a social
solution?

Buyer education is the big issue. People get scammed every day, whether
its over the phone, over TV or email. Educating people to not fall into
these traps is the hard part.

When will the major email providers sit down around a table and agree to
some guidelines for email exchange that make it impossible for rogue
users to inject large volumes of email into the system?

I think that you'll find that there have been several attempts at coming
up with a way to legitimize email marketing, and a lot of the attempts
seem to be aimed at stomping out the chickenboners and junkmailers.
I may not enjoy junkmail, but there are people who do sign up for mailing
lists for commercial things.

A long time ago when I was new to the internet I managed to sign up for
some mailing lists because they were things I wanted. Now that address is
spewed all over the place due to people selling my address, but thats
happend with my phone numbers and my postal address as well.
What does that mean -> I signed up for commercial email.
Does it mean I want it from everyone? no.
Its an important distinction which needs to be recognized, even by people
who spend all day obsessing over spam (and posting it to NANOG-L).

Supporting 'legitimate' marketing VS UCE I think is the key to reducing
the deluge of crap in our mailboxes every day. Is it an easy task,
absolutely not.

Valdis_Kletnieks · February 3, 2004, 9:47pm

Tell it to the owner of monkeys.com, Osirusoft, and OpenRBL.

Suresh_Ramasubraman1 · February 4, 2004, 6:23am

When will we realize that SPAM is a social problem and it

    > needs a social solution? When will the major email
    > providers sit down around a table and agree to some
    > guidelines for email exchange that make it impossible for
    > rogue users to inject large volumes of email into the
    > system? The existing non-hierarchical email exchange

First - lots of providers are definitely working together, quite often
behind the scenes, without press conferences or even posts on nanog.

You do have to consider that almost all of them have their main
servers locked down fairly tight, and those that don't do this soon
find themselves blocked till such time as they can shape up.

However, a lot of the spam is being sent through IPs that should not
ordinarily originate mail .. trojaned hosts, open proxy servers etc.

So, a lot of providers are becoming more proactive about sweeping
their network for trojaned hosts, open proxies etc, and sometimes
filtering out known trojan / proxy ports.

Another easy thing to do is to split their inbound and outbound
mailservers, and ensure that none of their inbound servers (MXs)
relays for their customer IP (dialup / dhcp) pool.

This is because there are lots of trojans out there that take the
domain from the computer's hostname or IP's rDNS, do an MX lookup on
the domain and try to pump their payload through the MX, hoping that
it will relay for the customer IP.

And it is not just the big guys, it is the small guys ranging from mom
and pop ISPs to corporate admins who run a single exchange server on a
DSL line that need education as well. Regular tutorials on systems
security at NANOG and the assorted other meetings that operators and
sysadmins frequent is a very good idea indeed.

FWIW, I did a tutorial on this at SANOG 3 in Bangalore a while back -
found myself having to answer a lot of questions, some which were
obviously FAQs. Next - an antispam tutorial and a conference track
(featuring Dave Crocker, Meng Wong etc) at APRICOT 2004 in Kuala
Lumpur, later this month.

    > network is not scalable. I hope that everyone on this
    > list can understand what the email exchange overlay
    > network is and recognize that it is subject to similar
    > scaling rules as the underlying IP network.

Say what? Agreed, spam is not just a technical problem, it is a
social problem. But I do have to ask you the same questions that
Vijay Gill asked.

Please feel free to mail me offlist or take this thread to spam-l or
elsewhere if you feel that this is getting offtopic (though spam,
especially the network security / virus related issues about spam, is
definitely an operational issue these days).

srs