February 18th, 2011, 12:57 AM
Sure that will work, but do you need to have the contact set up first. That could be a bit limiting if you get an e-mail address from a mutual aquaintance for example? I am afraid I am rather lazy and wait for an incoming mail before setting up a contact record.
Another problem with that would be like I had down the local bar last night (why is it none of you seem surprised at that?). A friend asked me for advice on some applications for his new Windows 7 box..............this being his first PC at home, and I think he uses XP at work.
I said I would look at my Win 7 machine and get him a list of what I used and the links to it. He gave me his new (top secret) e-mail addy. Now, if he had a contacts only system and didn't realise the implications, I would send him an e-mail that he wouldn't get?...............question is: would I get a failed delivery message, or would it just fall into a black hole?
Not a great issue as I suppoose we will both be in the bar again shortly, but it could be a problem with a more sporadic or casual aquaintance?
I am more inclined towards westin's suggestion of a better spam filter. One of the mail providers I use (Yahoo!) seems to have a quite efficient one.........I end up retrieving about 90% of it, because it isn't spam as such. Sure it is "unsolicited", but is from outfits that I have dealt with or their business partners.
Hey! if I have done business with someone and they don't tell me about new deals they have going, I am not a happy bunny......customer loyalty? what about supplier loyalty?. That said, it is an account I use specifically for that sort of thing.
I guess I just don't get much true spam, if any...........but I will only give a regular e-mail addy to a personal aquaintance or an outfit I would trust enough to send money to
Which takes me back to my earlier question: have you considered why you are receiving this spam?
Not if the item was ladies panties..............pre-filled of course ...........I'd want the URL
The best we can do is, if we know anyone personally who visits or buys from a web site that spammed them, beat them senseless.
Now, to move the thread on: I really don't see a solution in the short term.
Like a lot of internet problems, it stems from the fact that it is the WWW (World Wide Web) encompasses all sorts of regimes and cultures. We really only have pretty widespread agreement on a few fundamentals such as fraud and child pr0n?
JPnyc has the fundamental answer............ if nobody bought from a spam ad then there wouldn't be a point in them, and they would stop (other than for ladies panties, as previously mentioned)
Looking at spam (other people's) I note that most of it is either sex, drugs or get rich quick. Many of them are probably totally fraudulent???
Unfortunately there are some very sad and desperate people out there, and I have read that it only takes a very minute fraction of responses to make the exercise economically viable?
I do feel that ISPs are currently shirking what I would consider to be their responsibilities in this area. To hell with the RIAA and MPAA...........they should find a business model that doesn't come from the 1960's............ the ISPs should be made to take a more proactive role in real issues.
They are quick enough to "throttle" traffic when it suits them, so they can spot a spamming zombie if they wanted to, and stop it?
Anyone got other ideas or comments?
February 18th, 2011, 02:27 AM
I think you hit the nail on the head here, nihil. Although, I think it should be Congress that does the regulating (I know, I know... This isn't a libertarian think-tank, so let's leave our political views aside for a moment, please!). Obviously, protecting consumers is NOT on the top of ANY corporation's to-do list. I don't think we could expect ISPs to do anything even slightly effective towards the end we seek.
Originally Posted by nihil
On the other hand, the good ol' guvment could at least pass some kind of right-to-know law (or something to that effect) with regards to contact information of companies/individuals - that operate within the U.S., at least (we ARE talking about the U.S. here... right?!) - who are suspected of using anonymous domain hosts and the like for the sole purpose of defrauding people.
Let me make this clear: I use Tor to browse the internet anonymously (Well, most of the time. Let's face it, YouTube is just too good to pass up...). I also run a Tor relay, so that I can help other people do the same. I'm a big fan of anonymity, as opposed to being forced to share your information with whoever feels like finding it. And I'm totally against the government telling people what they can and cannot do with their time, so long as what they choose to do does not hurt anybody.
However, I don't think that people who choose to exploit that freedom and use it to victimize other people should enjoy any protection at all whatsoever, and I think they should be exposed to the public to allow their victims an opportunity to pursue litigation against them if they so choose. I think it is extremely obscene that the government allows these people to operate freely, either through lack of concern, or lack of resources. If we can find Saddam in a whole in the ground, we can find Joe Hacker in his mom's basement.
Start by getting a list of all male purchasers of Proactiv, maybe?! j/k...
Last edited by human errer; February 18th, 2011 at 02:37 AM.
Reason: Fixed some grammatical errors
February 18th, 2011, 08:04 AM
One other issue that has not been pointed out yet is, you think that you can just rely on a technical solution for all this. Blame it all on software/hardware. One of the main issues though, that can NOT be fixed easily is user awareness and use education. A very lot of spam could be avoided if people were educated, the normal users, the victims of said zombie machines.
Originally Posted by human errer
Like Nihil pointed out:
This is a very valid point.
If you are sick of spam perhaps you should ask yourself how they got hold of your e-mail address?
Back to subject:
This example too can be categorized as a user issue. There are many ways to 'avoid' spam, but for this to work, people need to learn and change their ways. While non of the solutions are favourabale (such as posting email addresses like bla[AT]bla[dot]com), or using more advanced captcha, etc...) they do their part in avoiding spam. For this to be more effective though, EVERYONE would have to start using their computers that way which is merely impossible.
I for example have way more than 1 email account, most of them I use for spam possibilities, such as when i sign up to various sites on the internet. Another solution would be those temporary online email services, where you just register a temporary email for 30 minutes, then that account gets erased again. Good enough to receive just 1 email from a public site if that is all you want from them.
In short, there is not reliable technical solution. Most technical solutions do their fair amount of spam filtering, but it is annoying, since a lot of legit emails do get lost in there once in a while.
Now to actively make a difference in the fight against spam, many things are needed. Things that not everyone has or can obtain too easily. Some examples would be:
- Alot of time on your hands.
- Advanced knowledge on computer security, as it would involve setting up various honey pots to collect data that would assist you in your fight against spam.
- ISPs need to work with you, as mentioned above, they would be able to block out zombie machines that are spamming.
I remember some years ago, Captain Crunch visited us here on AO, and there was an interesting discussion about fighting spam. Unfortunately i can not seem to find his website anymore (shopip[dot]com).
You want to make a difference out there? Start by spreading the word on how to avoid getting spam. On how to avoid falling victim (basic security 101 rules for average users, such as dont open email attachments from unknown people, dont visit sites/links from people you dont know, all that stuff that you would tell your kids about using the internet etc...). That would be more effective than waiting for a software solution.
Ubuntu-: Means in African : "Im too dumb to use Slackware"
February 18th, 2011, 02:16 PM
I agree entirely, and would add that you also need motivation. We have a saying over here: "You can lead a horse to water, but you can't make it drink". I am afraid that there are a lot of people who would subscribe to the theory and then go and do exactly nothing about it
One other issue that has not been pointed out yet is, you think that you can just rely on a technical solution for all this. Blame it all on software/hardware. One of the main issues though, that can NOT be fixed easily is user awareness and user education. A very lot of spam could be avoided if people were educated, the normal users, the victims of said zombie machines.
Back in the mid-1990's in the UK, people typically used a 28.8/33.6Kbps dial-up modem connection. The most common billing option was pay-as-you-go via your phone bill.
People used the internet differently then, as you read and composed e-mails offline and only logged on to send and receive. I had a bit of software that put up a list of mails I was about to send and wanted a password to let it happen.
A retrospective method was looking at your sent mail, as you would pretty soon see if you had a problem.
OK, the spammers quickly graduated from hijacking your mail client and packaged their own with their spambots. People were rather more concerned and motivated back then, as there were also "dialers" that connected you to premium phone numbers. $$$£££
My point is that it cost you personally, so you took more care and were motivated. BTW we didn't have free local calls in the UK back then.
Today we live in a World of "always on, always connected" broadband, and nobody seems to care anymore? presumably because they don't perceive any tangible cost to themselves.
Another point regarding technological solutions is that as soon as one is created the bad guys work like hell on a workaround, so it is a never ending battle.
I must say that I find it rather disappointing that so many corporate and institutional machines show up in lists of spambot zombies. They should have the staff with the knowledge to put a stop to most of it? There certainly seems to be a lack of care and motivation here?
I do believe that a very powerful tool against spam would be deep packet inspection. This would be fine for private and institutional machines, but as soon as ISPs start to use it, it raises massive privacy issues?
I do have software that warns me if a previously unauthorised program tries to access the internet, or when some things actually do (update checkers etc.)
The problem with that sort of software is it annoys a lot of people (Vista UAC anybody?) and most of the rest just go "clicky, clicky", or turn it off
Perhaps fining institutions that let their systems be zombified and send spam would help send a message? I really don't think that a lot of them have much excuse?
Incidentally, in my previous comment on the structure of the spamming industry I forgot to mention one of the player groups: the harvesters. These guys have spider bots that crawl the web and gather e-mail addresses.
That explains your Craigslist experience, and that of quite a few of my customers. They run small hotels, guest houses and holiday flats, so their e-mail address is on various trade websites and holiday guides. They get loads of spam. Occasionally they will get a corrupted one that screws up their e-mail so they call me out to fix it.
Hey! I guess that makes me a beneficiary of the spamming industry?
February 25th, 2011, 02:56 PM
Oh "human errer" you have much to learn, young Jedi.
Finding and suing the spammers is impossible next only to getting Microsoft to fix security issues....
In one case, you'd have to travel to the organized crime dens in Russia, Ukraine, and pretty much all the other countries on the planet (for a good read on the subject, get: "Fatal System Error" by Joseph Menn). In the other case, well, join the rest of the crowd...
February 27th, 2011, 07:22 PM
Lets put it this way, I'd rather talk to someone who actually writes software for a living as opposed to someone who's just going to foward it through mailing lists then wait a year while morons speculate over it "HuRr DuRRRr... I don't think this effects my distribution. DuR!"
Edit: Also, that super-dooper secret internet crime ring is ebaumsworld.com
Last edited by The-Spec; February 27th, 2011 at 07:30 PM.
February 27th, 2011, 11:07 PM
Originally Posted by human errer
As ridiculous as this sounds, I guess I can't make that much fun of this thread considering this dude making more bank than any of us here http://tinyurl.com/4bopxkx
you'd think with a million dollars he'd have a better website
AN FRANCISCO - Daniel Balsam hates spam. Most everybody does, of course. But he has acted on his hate as few have, going far beyond simply hitting the delete button. He sues them.
Eight years ago, Balsam was working as a marketer when he received one too many e-mail pitches to enlarge his breasts. Enraged, he launched a Web site called Danhates spam.com, quit a career in marketing to go to law school and is making a decent living suing companies who flood his e-mail inboxes with offers of cheap drugs, free sex and unbelievable vacations.
"I feel like I'm doing a little bit of good cleaning up the Internet," Balsam said.
February 27th, 2011, 11:20 PM
Its better simple and poorly designed.
If he'd delve to far into web based scripts I might be tempted.
February 27th, 2011, 11:26 PM
yeah, you and every spammer he's sued, lol. good point.
Originally Posted by The-Spec
March 8th, 2011, 03:42 PM
- great recommendation;it gives lots of insight.
(for a good read on the subject, get: "Fatal System Error" by Joseph Menn)
By securityphreak in forum Product / Book / Training / Conference Reviews
Last Post: November 1st, 2007, 05:14 PM
By genXer in forum Security News
Last Post: April 10th, 2006, 07:27 PM
By valhallen in forum The Security Tutorials Forum
Last Post: September 30th, 2004, 03:45 PM
By FamStars&Straps in forum Miscellaneous Security Discussions
Last Post: October 12th, 2003, 05:33 AM
By problemchild in forum The Security Tutorials Forum
Last Post: April 2nd, 2003, 11:11 PM