[skip nav] www.ackadia.com
ant worker
  • Recent Blog entries:

    Fixing a site
    Helping someone turn their holiday review site around and improve their Adsense revenue

    More code fixes
    Improving the search engine optimisation for a travel site
  • Alexa
  • Free IQ
    the Marketplace For Ideas!
    Currently in beta, this site has to potential to be the next 'big thing' since YouTube!

» Blocking Spam - Notes from 2003 «

Introduction, news and views : 2003

[S] [ 2002 ]     [ 2003 ]     [ 2004 ]     [ 2005 ]    

December 2003

[Δ]


Please note:
If you are trying to contact me, I am insanely aggressive at blocking Spammers long before they get anywhere near my mail box - at worst only one or two a month actually reach our in-trays. If you are genuinely trying to contact me and I ignore you, try a different ISP - yours is probably blocked.

If I exclude the newsletters we subscribe to, Spam currently outnumbers my regular e-mail BY AT LEAST 1,000:1
How much is too much ?

Hint...
With one or two exceptions, anything with 'mail', 'value', 'free' or 'offer' in the domain is binned.
Earthlink and several other large ISP's prone to let Spam through, or appearing to, are blocked
Certain domain codes such as .ru (Russia) .us (America) and .biz are automatically deleted (Yes, .Biz too)
Several large IP ranges are utterly trashed. These include 69.6.x.x, 64.119.x.x
Spam from this range is so bad I am tempted to block all 64.x.x.x through 69.x.x.x, which is ridiculous!


For this month only (starting the 1st), I have removed the filters for a few ISP's. I will log the results below:


Breakdown of my Spam in December 2003
ISP Spam count Average/day Genuine email Ratio Percentage
AOL 172 6 5 (4 expected*) 34 : 1 14%
HOTMAIL 197 6 1 (1 expected) 197 : 1 16%
MSN 299 10 0 100% Spam 24%
YAHOO 557 18 1 557 : 1 46%


For me, the above ratio from these 4 ISP's alone makes a complete joke of claims that Spam is 55% (1:1) of all e-mail, eh

* I made them buy a new domain, else they won't be emailing me next month when the filter's goes back in Smiley Smile!


Already I can tell you these things:

  1. All the Spam was spoofed, faked, false

    In this day and age I find it incredible that ISP's can't/won't run a routine that says something like:
    I am from Yahoo.
    Prove it.
    Ummm.
    Right, in the bin y' go

    Stuff false positives. If the headers are false ISP's should delete on sight. Naturally, at present there are a host of reasons they can't, don't and shouldn't but still. Worth looking into I reckon.

    *That said, Yahoo are reported to have developed a system to do just that*. Just needs industry acceptance, but the license is royalty free.
    Extract:
    Yahoo's DomainKeys is designed to let receiving e-mail systems confirm that a message in fact originated from a user authorised to send e-mail for the domain stated in the header. DomainKeys uses public cryptography technology to accomplish this validation. The outgoing message is digitally 'signed' with a private key while the receiving e-mail system uses a public key to validate the signature.

  2. Spam is increasing on an almost daily basic. Smiley Boggle!

  3. AOL and especially Yahoo are a complete waste of space. Apart from Yahoo France, they don't even acknowledge abuse reports. They might as well hang a huge sign up saying 'open relay.' Taking the attitude, Well it never come from us, honest and hoping the problem goes away it ridiculous. If you see dog muck on your step and next door's mongrel is staring up at you, who will you blame ?
    *Growls*
    At least Microsoft acknowledge the situation and are taking action - whether it come from them or not!

  4. Constantly reporting Spammers is slightly reducing the amount of Spam from these, I reckon. The 'from' can be something like yahoo.com and really comes from Roadrunner, or Blueyonder in the UK or...   Presumably some virus or other was turning some sap with a broadband line into a lackey Spam farm. Can't say I investigated too deeply.

    Sadly, if the figure I read in PC Pro is to be believed, 65% of all Spam is spoofed, mostly from infected hosted. What can you do!?

    Get a decent firewall and antivirus, update it daily and, actually, get up of your behind, find out where it came from and report it to the ISP. If everyone in the world reported one spoofed UCE a day, Spam would cease within a month!

    In this experiment where I have let the lot in and spent up to 12 hours a day reporting them. Result?
    The Spam I was getting from these dropped 400%. Presumably, even on a global scale it made a different. I got replies from ISP's as far apart as Germany and Korea saying they had taken action...   I take a day or so off from reporting them, the volume doubles again. Interesting, no?

  5. The Spam appearing to come from these ISP's is changing in tandem, as you can see from the graphs below. As the volume from Yahoo rises and falls, the rest change in direct proportion. This strongly implies one company or group is behind the actual sendings (using compromised systems), not 40 separate Spammers. This fits in with the volumes I see from big Spamming companies.


Daily Spam totals for Dec 2003, from AOL, Hotmail, MSN and Yahoo

Daily Spam totals for Dec 2003, broken down from AOL, Hotmail, MSN and Yahoo



28th December 2003

[Δ]


Noticing a substantial amount of Spam spoofed as coming from cableone.net, so if you use that server provider, not bother trying to contact me with it, it'll never reach...



24th December 2003

[Δ]


FBI press release Internet Fraud Complaint Center will now be called the Internet Crime Complaint Center, or IC3



21th December 2003

[Δ]


N.Y., Microsoft sue spammers
Apparently New York Attorney General Eliot Spitzer and lawyers for Microsoft have sued some of the world's most prolific spammers, seeking to shut them down and to get damages of at least $20 million. Yay for Bill!

A ring of spammers in New York, Washington state and Texas (I noted a ruck of proofed Spam from Texas myself) used all the usual dirty tricks including hijacking over 500 computers around the world for seven illegal spamming campaigns. According to the article (in the link above), Microsoft received 8,000 spam messages (to honey trap accounts) from May to June, containing 40,000 fraudulent statements.
That all ? They want to check my mailbox. Sheesh! I get more n' that a month.

The defendants are Synergy6, a New York City marketing company, and its president, Justin Champion; OptInRealBig.com and its president, Scott Richter; and Delta Seven Communications and its principals, Paul Boes and Denny Cole. They are responsible for sending more than a billion spam messages each week, Spitzer said.
OptInRealBig I reported loads too! According to the report, Spamhaus say these are "considered the third-largest spamming operation in the world."

The defendants at Optin deny it, naturally, but they would, wouldn't they...

I know who's probably first an' I'm working on that begger, and his friends! Yipes Batman, it's the Joker. Hmmmm. Sending me some 5-10,000 spam is merely annoying. Bombardarding me with religious ads and Mark Twain quotes takes the biscuit!

Anyway, the idea is they want to make an example of someone and send a clear message to spammers what it doesn't pay; something the FTC has been told in no uncertain terms to do also. Being the helpful gent I am, I've sent them a few thousand examples with names, dates, times and addresses, both officially and my regular reports, just to get the ball rolling.


In a fit a pique I've dropped a couple of the bigger Spammers in the brown stuff, and their advertisers, naturally.
Please visit my meat market in Omaha, indeed!

All I can say is if you are going to send me UCE, spoof your Spam to us or even mail-bomb me again you'd better be darn good at it, 'cos it's a rare bird indeed that can fully hide it's trail... I suspect I'm one of those funny beggers you get now and again that actually make a difference when then they go on a crusade. This entire anti-spam section is merely a distraction from the other more interesting things I do. If I focus on a thing...
*Shrugs* Your call !


In case you are wondering, next month, regardless of other projects, I'm going after all these idiots that send me UCE trying to sell anti-spam software. That just takes the biscuit. Actually, the idiots are the ones that respond and encourage these parasites to carry on, but you know what I mean. Suffice as to say, I am going to make an example of a few companies when the Can Spam is official on the first. The way I look at it, Opt-out? Nope, I didn't opt-in, your getting reported. Opt-in ? Well, seeing out I didn't, your getting done too, matey.




16th December 2003

[Δ]


Bush Signs Can Spam Bill
The great news is Bush has signed the Can-Spam act and it is effective 1st January 2004. WooHoo.
The bad news, which has been reported many times, by many sources, we have been done up like a kipper by possibly (or probably given the money involved) corrupt officials 'listening' to Spammers. To quote the article:

The law was written and passed solely through back-room compromises and with the input of the marketing industry and Internet service provider lobbies, but with scant regard for the interests of America's consumers and business Internet users.

This was largely due to the opt-out clause being used rather than the opt-in. Could be worse I guess. They could have the lame, toothless system and support found in Britain. More back-handers I guess. *mutter*

The article (link above) actually starts: While Bush had no official comment…
I'm not (expletive) surprised he has no comment. His (more expletives) campaign group - GeorgeWBush.com - has been Spamming my 9 year old son for months with begging letters for campaign donations. Getting to something when you have to report the President of the United States to his own FTC for breaking his own laws...
And yes, I ruddy well did report him! Spam is Spam

On a rosier note, on top of the usual thou shalt not hack nor shalt thou forge the headers, matey, the article adds that:

The legislation prohibits the sale or other transfer of an e-mail address obtained through an opt-out request.

Translation:
This person you have just spammed (using an illegal forged header) to his home address (which you illegally obtained though harvestering) wants to opt-out. You do realise know that it's illegal to sell his email address as kosher when he tries to opt-out...

And continues:
businesses knowingly promoted in UCE with false or misleading header information are also subject to FTC penalties and enforcement remedies, regardless of whether the FTC is able to identify the spammer who initiated the e-mail

I seriously doubt my voice was heard above all the other screams, but that was one thing I kept adding to FTC complaints. You'd get 50 Spam is a row from as many fake addresses each advertising Coffee Perculators from the same company in Maine, but hey, they never sent the Spam...   Okayyy. You bought a pump-action shotgun and a bandoleer, sought out a hired killer, paid him in cash and, handing over the weapon said Whatever it takes - but it was nothing to do with you, gov'nor. Riiight!
The times they are a changing... Book him Danno, murder one.

And finally:
The FTC is drafting suggestions for a system to grant a reward of not less than 20 percent of the total civil penalty for the first person to report the identity of a false header source.

Sweet if it comes off. I'd make a fortune Smiley Smile!


[Δ]


What is it with Spammers and daft domains like 'indespensiblemailerz.com' ?
I get the whole 'create a URL to send junk from/get replies to' but what's with the 'z'. Is it trendy to use zed (or zee if you prefer) instead of an es?   And 'indespensible' !?   You'd think if they were going to the trouble of registering a domain name they'd at least spell 'indispensable' correctly. That they are technically competent I don't doubt, or at least employ folk that are, but the level of literacy is abominable. I can't decide if they are too lazy or thick to check the spelling, if it's done on purpose (hey look at me, I'm ignorant) or what ?

For the present - unless I get a bee in my bonnet - I haven't the hours in a day to go after every begger that Spams us, but I might make an exception for misspelt urls.

*Mutters grumpily about the standards of education in the world these days*


To signs Brightmail to fight junk mail
BT Openworld users can rest a bit easier checking their e-mail as Brightmail are now filtering it.
A related (now dead-linked) Computer Shopper article had a few other interesting points and figures to make it worth reading.



8th December 2003

[Δ]


Clickz.com - Ben Isaacson on the Can-Spam Act about to be passed.


If there's one breed of Spammer I truly detest it's the idiots that send offers of anti-spam software and tag on the end comments like This is NOT unsolicited e-mail

*Knock, knock*
Hi. I see I've got you out the shower. Never mind. Only my dog seems to have left a message on your doorstep. Yes sir, I see you've just stepped in it. Anyway, would you like to buy a a Pooper Scooter ? Hmm. We can sell you a mop, disinfectant and a footbath too...

It's almost like a protection racket!


Spam: A possible answer ?

The problem is, the DMA and other pro UCE organisations will bend any which way to veto bills. However, they themselves are going mental with the Spam side of UCE. Joe and Joanne Public and cousin Corporate meanwhile have long since had enough of the lot of them, thank you very much.

I've been thinking about Spam a lot this past week, wandering from various forums, even one where some idiot claimed being against Spam was unAmerican! Anyhow, I've mulched all the other ideas I've had this past year and come up with a workable solution. It isn't perfect, but I reckon it's a good compromise.

Turn it on it's head!
Everyone agrees UCE is legal, Spam is illegal, then go off kicking all the lines out the sand as to what constitutes Spam. I have my own definition, the DMA a mightily more relaxed version, Mr Spam is off in cuckoo land. Now everyone (apart from Spammers) from myself to the various Marketing Associations agree (in public at least), if it is spoofed or in any way trying to hide it's source, it is clearly illegal.

Here's a perfect example. WholesaleBandwidth, Inc. / Jays Web Service (Bluerocketonline/Tekmailer etc) are, in my opinion and many others, Spammers. They do a number of tricks to get past Spam filters and drove me mental until I worked out how to block them completely.

However, regardless of my dislike for them, regardless of the tricks they do, they have one saving grace. They don't spoof. Sure, they have a hundred domain to sent out 150 million UCE a day, but they don't pretend to be anyone else. As far as I'm aware, they never pretend to be Microsoft or Yahoo or some Australian University, send via a compromised RoadRunner account. Granted, they are beggers, IMO, but there have drawn their line, and I can see it in the sand. It's in the distance for me, but yep, it's there. And yes, I freely admit I'm biased; my line is somewhere around Get off that sandpit, you can draw from the grass, with a short stick.

Then we have the like of Mr Loek, apparently of rxmoreusa.com (appear to be based in China) and sundry other peddlars of HGH and little blue pills with fake V's, we have the porn barons, pirate software, scams, fraud and general organised crime.
Sand ? What sand ? I'm going straight to the sea and if you dare try and stop me…

There's your line! Right where they leave the sand altogether...

Legalise Spam!
Yep. You read right. Across the board, legalise it. Then throw in conditions. Hard, solid, globally agreed and workable conditions.
For this list, bear in mind I am seeing UCE as legal, organised advertising / promotional mail shots, in the same way I get junk through the post offering me loans and mortgages I neither want nor need. This is a world apart from newsletters folk request and mailing your existing customers with news of product updates they have specificially requested. Anyone who cannot see that distinction is a Spammer! Again you can knock all that "through a partner" rubbish right in touch!

  1. Create new domain types. UCE adverts must use the new extensions:
    1. .adv for all regular product offers such as coffee machines, toys, gadgets, holidays
    2. .advadult for the likes of singles and such, but the "other stuff"
    3. .advcash for all loans, mortgages etc
    4. .advdrug for all Viagra, HGH and related 'medicines'
    5. .advedu for adverts relating to training course etc
    6. .advsoft for all software
    7. .advxxx for all adult material
  2. All UCE is government regulated and govt/ISP taxable/chargeable.
    A minimal fee to cover bandwidth and admin costs
    i.e. eMail Marketing companies MUST belong to a single, suitable orgainisation such as the DMA in the US
  3. Any spoofed / faked UCE gets the harshest possible penalties, from huge fines and jail sentences up to and including trade embargoes against rogue countries not toeing the line
  4. Similarly, harvesting emails, using malware, viruses and other dirty, illegal tricks faces the harshest possible penalties
  5. ISP's and Telcos proven to be repeatedly supporting/allowing Spoofed Spam have their status revoked and the IP ranges reassigned
  6. Mailing lists must be opt-in ONLY, with clear and enforceable opt-out if you decide you have had enough. Again, punitive fines
  7. Some system where advertisers can be sued for punitive damages, even from other countries, if the don't honour opt-outs
  8. Passing and selling on mailing lists should, IMO be made illegal. It won't, but it should. However, the above implimentation would make mailboxes saner
  9. AND government agencies must be seen to be catching and making examples of offending.
    Let them catch them and seize their assets to cover running costs.


*Glances down the long long list of his unread email*
Macromedia, Dell... yadda yadda. Shhhh!
What, you can't create Dell.adv ?
Seriously. Yes, there will be some wrangling, some issues, but at the end it comes down to this:
If, for example, the secretary pool at IBM accidentally get innundated for 'graphic' Spam, IBM can be in deep poop for allowing abuse and harassment to their staff.
If the lecturers at Harvard really don't want Viagra, they also don't want v!agra, '86,105,97,103,114,97' or any other variant.

Taking this to its conclusion. If folk don't want something, they don't want it. Sending the offer to them from a hundred addresses won't make them want it any more, but it will start to make them angry. Until somewhere, someone snaps...

If UCE is put into a agreed legal framework, it ceases to be Spam. If I block .advdrug I never ever want to see HGH ads again. If I do I should be able to validate it and say "That is clearly fraudulent, I will report it"

You might arguement with the implimentation of it, but anyway that argues with the heart of it is almost certainly an illegal Spammer with something to hide, hmmm.

But We respect your privacy. We always honour unsubscribe requests
To which I must answer, if you respected my privacy, why are you bothering me in the first place ?



7th December 2003

[Δ]


It appears to be workings. Admitedly I get less Spam of a weekend, but there was only 37 Spam at the server this morning - and that's with a number of filters removed. The way I'm looking at it, if you catch and report these Spammers as they start their abuse, the ISP's will cut them off before they get streamrolling. Ah well. time to report another 37. I really like the piracy one's mind. I get to report them to several agencies at once. Smiley Smile!



6th December 2003

[Δ]


Noticed a slight slowdown this morning. I'll like this think it was my doing, if not, then I helped and every little bit helps. If we all took the trouble to report Spam, something would be done about it. Criminals like these send out millions of Spam a day, often from faked addresses via compromised servers, and/or against the 'Agreed User Policy'. Generally, as soon as admins are aware of the problem they will take action....

Spammer / Advertiser : www.rxmoreusa.com : [ 68.157.173.136 ]
ISP has indicated spam will cease ISP resolved this issue sometime after Sat, 6 Dec 2003 12:26:56 UTC

Whois puts this Viagra peddler's address as China:

domain: rxmoreusa.com
owner: Nick Loek
email: nickexpo333@yahoo.com
address: 98ui Fert Ave.
city: Hong Kong
postal-code: 100101
country: CN




5th December 2003

[Δ]


Out of over 400 UCE I reported so far today (both to the FTC and to their ISP) for sending me UCE Spam, you know who stood out the most...? Apple.   Let's see now, I neither own nor want an Macintosh, so I am reasonably sure I didn't ask to go on this mailing lists. Being big does NOT make it right! That said, I have downloaded the Quicktime player so I assume this is why. I guess I'm a tad jumpy eh...   I guess I did ask to go on their mailing list!
*Sigh*
A lesson in thinking before you just jump down some poor beggers throat, eh.
It's a measure of how rattled I am by Spam. *Eats humble pie AGAIN. *Mutter*

A lot of stuff is coming from Ontario and Texas of late. Not for much longer, I reckon. I've reported the lot of them Big grin!


Spam epidemic gets worse
This report in The Register save me bothering with percentages...
Apparantly Spam for November rose of 56% of all email. Two year ago if was just 7%. Accordingly to Brightmail, The biggest volumes of nuisance email blocked were:

Two years ago, spam accounted for just 7 per cent of email, Brightmail says.


Joyeaux Noel, but if I get one more spam from Santa I'm gonna booby-trap the chimney and grease the roof!
Christmas, a time of joy and good will to all men, they say. For many, for any of a thousand reasons, it is also a time of sadness, upset, misery or frustration.

While the Spammers bank their ill-gained millions, folk are getting angrier and angrier whenever they check their mailboxes.
The current world population is estimated at 6.3 billion, with some 293 million living in the States. Factor in seasonal emotions, America's gun culture and human nature and I predict that in the next few weeks someone is going to open up Outlook, glace over and snap. I can't say the day but, as statistics go, it's a given someone is going to arm up and make a bloody mess in the offices of one or more Spammers.



SpamRage Mass-murder reads the headlines
When it happens, as it must, I sincerely hope they take the stance of giving the shooter a proverbial pat on the back and a ruddy medal, rather than giving an iota of sympathy for the victims. You can't bully, upset and hound billions of people on a daily basis and not expect a comeback. This applies to the greedy corporations paying these leeches, with a portion of blame going to the idiots (and low lifes) that respond to Spam. Apparently Spammers are happy with 1 in 10,000 responses!

In any given day we all get a variety of distateful offers.
Scenario:
Mr Redneck's daughter is abused, his partner dies of a heart-attack as a result, and the distress causes him to lose his job and home.
Then Spammers-R-US send him offers of teen rape videos*, a mortgage offer, a credit card application and life insurance for his dead spouse.
(*Yes, sadly there is such Spam!)
This scenario, or elements of it - and the related UCE Spam - happen every day. As the level of Spam continues to rise exponentially so the likelihood of a bloody massacre at the home or offices of a Spammer becomes reality. Perhaps you'll remember you read it here first, perhaps there are countless sites echoing the same thought, but in the end, will any of us be surprised ? More likely we'll brief a sigh of relief at the hope of a tad less Spam for a week and hold the forlorn hope it makes governements worldwide sit up, cease the retorhic and compromised laws and actually DO something about it.

Already 'Spamrage' is an accepted term and indeed Sophos (and others) have this report about Charles T Booher, 44, who was arrested on 20 November 2003 in one of the first reported cases of 'spam rage'.

Quoting the above article:
"Booher is alleged to have threatened to send the company a "package full of Anthrax spores", and to torture employees with a power drill and ice pick. According to prosecutors, Booher said that unless he was removed from the company's email list, he would hunt down and castrate their employees."
There is also a link to the FBI report on the case evidence. His threats were impressively inventive in a homicidal way and definitely would have made news if he'd carried even of of them out. Only a matter of time before his frustrated threats become anothers reality.



November 2003

[Δ]


Sheesh, it's almost getting to be a full time job blocking and reporting Spam. As fast as I stop them more crawl from under their rocks. I'm reconfiguring things now. The lot goes straight to the FTC. I'm working on a way to automatically report them to the originating ISP too. If anyone has ideas in this field, do tell...


Spamotomy
Spamotomy is an interesting site to visit. Lots of news items and links to 149 (or more) anti-spam related products, a number of which are reviewed.
Here's a few facts quoted from the home page:
Spam will cost businesses an average of $874 per employee in 2003 (Nuclear Research)
The average email user will recieve 3,900 unwanted messages a day by 2007 (Jupiter Research)



According to Computer Business Review the "Spam Plague is Infecting Major ISPs".
The gist is that even major carriers in countries as far apart as Canada and Australia have been brought down on their knees. This includes names likes BigPond, Sympatico, Telstra and Bell Canada. The main offender appears to have been the Swen virus which turns affected computers into open email relays, for use by spammers.

In my opinion the sooner the US government (and others) start giving backhanders1 instead of taking them2 the sooner this nightmare problem will go away.   1(a good slapping) vs 2(bribes and other "incentatives")


The way I see it, the solution is simple. A simple but unconditional 'cease and desist' to all the major offenders - and to the companies that feed them. One strike and you're out. No smarmy claims about 'freedom of speech' while the forcefeeding the world stolen, fake and unwanted junk at our cost. Instant, on the spot, seizure of ALL properties and assets. Never mind all this, well, we'll sent it from another country, or It was someone faking our addresses. Honest. We just never noticed 50 million emails a day going out through our banks of rank mounts, day in day out. Leave us alone while we try and sue our ISP for cutting us off for abusing them too…

No really. Technology is a just way to slow the tide - at the victims cost. Contradictory and wishy-washy legislation is little more than sabre rattling.
Nope. *FLEX*
What's needed is a score or even ten score of seriously high profile cases where an EXAMPLE is made. High profile to the extent that globally the current alleged Michael Jackson scandal is a mere byline in the sports section of the Sacramento News. The sort of example that the advertisers pay such punitive fines that the major shareholders come screaming for blood. The sort of example that says to Spammers, "Go ahead punk, make my day." And the first no-mark that bobs his head up to try and fill the vacuum is facing the legal equivalent of staring cross-eyed down the barrel of a twelve-bore...

For a country that went seriously gung-ho in Iraq to make an example of Sadam and his regime, President Bush is doing a ruddy good job of turning a blind eye on his own doorstep to the regime of Spammers terrorising the rest of world whenever we reach for our mailbox, hmmmm! Legislation my...

*Checks email for the nth time of the day - after blocking a further 30 domains earlier: 16 more spam, 8 messages... *
Sent in the damned marines and have done!



Again from CBR Online (Sept 03),
we have this report of Spammers using DoS attacks to illegally take down sites that try to fight them, forcing more of RBL operators to throw in the towel.

In the report, "Ronald Guilmette, operator of the unsecured proxies list RBL at Monkeys.com, said yesterday he has discontinued the service, lamenting the lack of support he received from network operators and law enforcement."

Other dirty - and illegal - tricks Spammers did to him included sending millions of obscene messages giving his home address and phone number to unsubscribe.


The 10 Biggest Spam Myths
Interesting reading. I'm not wholly sure I agree with all the points in the article, but it does punch home a fact reasons why legislation isn't working at present, nor unlikely to in the reasonable future.


VNUNet: All Party Internet Group publishes recommendations for US senate
Interesting if brief article, saying what I've thought all along. We (meaning governments) all need to be singing off the same hymn sheet, so to speak. We have the British waste of rhetoric, the EU going for opt-in and the US going for opt-out. Blah! As the article rightly says, the spammers will have a field day with all the loopholes. We need 'one law to rule them all' - and a ruddy great stick. Hang 'em high, says I.

Oh yes, all these laws have Spammers quaking in their ($1,000 bill lined) boots. Not!

In June just gone I reported That's nearly 1,300 unwarranted messages in just 18 days,

I went five or six days without email whilst upgrading everything. The result - despite heavy blocking at the mail server - 1,473 Spam got through as opposed to 328 regular messages and newsletters. The generally accepted value is that 50% of all email is Spam. I'm experiencing closer to 500%, a figure that is growing almost weekly. I'm hardly a typical user given I subscribe to around 30-40 technical newsletters a day, but even so something has to give when I need three lines of Spam filters to check my email...

Look at those figures again - that's over a threefold increase in the number of Spam I get - in under 5 months. At a rough estimate, including uncounted blocks, I estimate Spam outnumbers regular mail up to 10:1   Indeed typically I will find in excess of 30:1 which is patently insane.

Incidentally, the mail the following morning yielded 140 Spam, 38 regular mail and 29 more sites to block. Sites like ourvalues.com, online-value.com, valuevalet.com, mybestvalue.com etc etc. Soon as I sit down and work out how to blanket block %value% , %freebie% and %offer% the level of junk with fall to a tenth it's current level. Idiots... Grrrr!

According to all the experts, just 200 greedy and unscrupulous Americans (responsible for 90% of all Spam) are bringing the Internet to it's knees while the US government sits back and makes useless noises about the problem, despite knowing where these b's live. But hey, as long as they pay their taxes, who gives a monkey...



October 2003

[Δ]


CBR Online and The Register have news on a new US senate bill - the 'CAN-Spam Act' - that outlaws most spam. It received a 97-0 vote endorsement by the Senate!

The bill would require truthful return addresses and email headers, notification the email is advertising, and inclusion of a postal address. Additionally, Spammers using address harvesting or dictionary attacks get triple damages, (capped at $3m in civil cases). Similarly, practices, such as spoofing your IP address in spam, hacking a computer to send spam from it, using open relays to send deceptive spam, and falsifying header information will be classed as a criminal offence.

Apparently, a complimentary measure must be passed by the House of Representatives for it to become law, but this is a no-brainer.



September 2003

[Δ]


In June just gone I was blocking around 75 Spam a day.
Now, despite aggressive filtering, I am blocking around 200 a day - every day, and the vast majority has faked addresses. The US government REALLY needs to stop pussy footing it with these guys and take punitive action that will deter them ever ever doing it again.

While the politicians - half of which I am cynical enough to expect are on back-handers - dither whether we should opt-in or opt-out of these schemes - they seriously missing the point. Anyone that stupid is either corrupt or doesn't belong in office...

Opt-in
*Twitch* I don't thinks there's a list out they I haven't 'opted-in' to. I do get a lot of techical newsletters, most if not all from reputable companies and I make a point of ticking boxes that say, no, you can't give my details to your "partners", not a chance. As I've said before, to my knowledge we're only used our children's email for the likes of BBC children's competition's and offers. WHAP. Adult Spam for my six year old daughter. I suspect my wife forgot the "no partners" box. *Bites back a tirade*

Opt-out
Hmmm. I am heading towards 75,000 Spam a year (and counting), none of which I opted-in for. What on earth makes politicians think they will honour any opt-out. As a neighbour pointed out. He was getting a few Spam a week and "opted-out" Now gets hundreds a week...

We need IPv6 implimenting now and measures where email is validated to and from. And we need the sort of punitive damages that says the courts take every penny your own and if you run we'll find you anywhere in the world...

*Mutters to himself and goes off for a Valium or whatever it is people use to climb down... Ladders I guess


And California reaffirms my confidence somewhat...
A article in the San Francisco Chronicle entitled California governor signs nation's toughest anti-spam bill gives details of the new law...

California will prohibit Internet advertisers from sending unsolicited e-mails under the toughest law of its kind in the nation, providing for fines up to $1 million.
And the important bit I always thought was needed:
Gov. Gray Davis signed legislation Tuesday that targets not only the firms that package and send spam to consumers, but also the companies whose products and services are being advertised.
The measure covers all unsolicited commercial e-mail sent or received in California and imposes fines of up to $1 million per incident.

Click on the above link to read the full article and some related links.


According to a ZDNet report, China has woken up to the problem of spam e-mail and blocked 127 servers identified as sources of high volumes of unsolicited e-mail.
The more blocking the stuff the merrier I say, especially after one recent and especially bad Spam from the Cook Islands (.CK)


According the The Sydney Morning Herald, Australia has passed new laws banning Spam.
Proposed penalties for spam offenders include:

Needless to say the British law has Spammers quaking in their boots - NOT
What a ruddy waste of space! I say chaps, don't do that, what!
I have nothing but contempt for this pathetic, wishy washy offering

Here's the main points:




Amazon fights back
Amazon.com is determined to crack down on and eliminate email forgeries, also known as 'spoofing,' that affect the company

On Monday, August 25, 2003, Amazon.com filed 11 lawsuits in the United States and Canada against deceptive online marketers who forge email to make it look as though it is from Amazon.com. Through these lawsuits, Amazon.com seeks to restrain these defendants from sending email forgeries falsely labeled as coming from Amazon.com. Amazon.com also seeks punitive damages in order to deter others from similarly fraudulent behavior.
Here's a lists some of the Spammers they are seeking millions in punitive damages from.

Way to go Amazon!
Maybe IBM, Microsoft etc etc etc will follow the same action again other con artists and unscrupulous 'marketeers'


Spammer's days in court
Also on the payback front, The Register reports that Dutch mass spammer Martijn Bevelander will have to appear before a federal judge.. Along with associates his (allegedly) illegal spam operation used deceptively bland subject lines, false return addresses and empty 'reply-to' links to expose internet users, including children, to 'inapropriate' material.


Another Register report mentions Earthlink getting $16.4 million damages and permanent relief against a notorious spammer - Howard Carmack - aka The Buffalo Spammer - who sent out than 825 million illegal emails in under a year. Apparently Carmack and accomplices "used stolen credit cards, identity theft, banking fraud and other illegal activities to fraudulently purchase Internet accounts and send out unsolicited, commercial emails".
Needless to say this upstanding pillar of the community did a runner and Earthlink probably won't see a penny of it.



August 2003

[Δ]


*COUGH* !
We took the kids away for a long weekend and when we got back we went for our "fix" and downloaded the email.
And we downloaded the email
Then I reset the spam filtering software because it hung
And we downloaded the email
Then I reset the spam filtering software because it hung

After an hour or so of this I gave up and checked the server, because my workstation is rock solid.
Then I deleted enough Spam to allow the filtering software to work. It wasn't hung, it was choking to death on the shear value of bounced messages, messages I never send...
My wife was gob-smacked. In just three days we had at least 3,500 emails. It wasn't helped by some no-mark called Arletha faking our email for a sending - With apologies to the Whitehouse and everyone else, it wasn't us !!!

This is really getting out of hand when it takes over two hours just to get the email down - and that's less the vast majority from all the domains automatically deleted.
*Mutter*
Blah! The git's also registed themselves (thus us) for a baptist newsletter, and another for a Yahoo digital darkroom newsletter!

Didn't help that we got send over 500 examples of the SoBig virus this month either. *mutter*




Corrupt politicians to have their Spam and eat it - to force feed it to us?
I've read a number of articles like the following link before but it took this for it to sink in. Apparently the US is going for the opt-out clause. If they do that I for one am closing my e-mail down. The laughable 'opt-out' as it is now is a way to tells the beggers you are daft enough to reply to Spam. Making it law means they can legally send a trillion Spams a day, it's your problem to make them stop. If some senators aren't taking hefty backhanders I'll show my MMMmffff.
*Gerroff, lemme say mmmfff*
This vnunet article on Spam laws is without my nonesense and deep seated but sadly correct view of mankind.   Pretty much you would be talking about an almost overnight tenfold increase in junk email...


CBR reported that Gates Talks Up Computational Challenge to Spam
Apparently Microsoft is experimenting with 'computational challenge technology' - a method of making sending very large quantities of email uneconomically processor-intensive. The idea is to add a cost to email that affects spammers while remaining fairly unnoticeable to regular email users. That of course means a new version of Windows and assumes Spammers will use it and not use Unix or 'legacy' Windows...

Anyway, the idea is that unless a sender is known and white-listed, the mail recipient makes the sender's computer perform a fairly complex calculation before accepting the mail. As more emails are sent, more processing power is required. Notwithstanding spoofing and other dirty tricks, given the number of jumps a message needs to make I'm not sure how this would work myself.

The second thing is an interesting variant of what I favour, billing senders. A direct financial burden to the sender in the form of a monetary guarantee that the email is genuine. A non-white-listed sender would be asked to pay a fee to have his email seen by the end user.

Gates told USA Today that Microsoft is "in the process of implementing that". He concluded that "the combination of white list, authentication, computational proof, monetary proof and certain kinds of legislation" are needed.

I'll go with that!


On an unrelated newsbyte (sorry, I forgot the link) a US politician, the first Jewish American to run for President has turned to a 'respectable mass mailing company' (ye' right!) to send a message Vote for me, I'm against Spam - to about a million odd Americans, and no doubt a million others outside the States who can't vote but had opted-in anyway. Daft begger!



June 2003

[Δ]

26th June 2003



VNU has another update.
According to the article the (OECD) has launched a new initiative encouraging its 30 member states, including the UK, Japan and the US, to collaborate on action against spammers., urging countries to improve international co-operation between consumer watchdogs and to work with industry to garner input and support. It makes for heavy reading, but look for their documents entitled:
'OECD Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders.'


Meanwhile in the UK, the DTI has concluded consultations on implementing the European Commission's Privacy and Electronic Communications Directive, which comes into force on 31 October. Under the directive UK businesses will have to get customers to opt in to receive marketing emails, rather than to opt out of receiving them.


Not that I trust them to honestly get your e-mail, but every bit helps. Apparently Mike Pullen, of law firm DLA, added that a lot of legitimate firms would respect the opt-in rule, but to stop other spammers the penalties would have to be severe. The article goes on The Information Commission currently only has the power to issue a stop notice. It needs to be able to get firms to wipe their databases, and adds As for illegal spammers, the only way to stop them is with massive fines and the threat of jail.

At least it's heading in the right direction, but it's down to trust. Given what I've seen and by hard earnt view of human nature I know that these 'legimate firms' aren't always bothered where they get the data from and have even less morals when it comes to selling on these valuable lists. Just because I'm biased and cynical it doesn't been I'm wrong. That said I wholly applaud any and all moves that reduce Spam.



21st June 2003

[Δ]


Looks like someone was listening to me after all! Oh Ok, hardly a coincidence given the nature of Spam but congress has just voted unconditionally to outlaw it. The full news article at VNU lists the measures passed and promises harsher ones to follow under the new 'Can-Spam' law and the 'Criminal Spam Act', at the same time giving greater authority to the ISP's and to the FTC who now have greater powers to track down offenders, including those "who operate across international borders".
WooHoo as Mr Simpson would say.

Here's the breakdown for posterity:

They will be able to sue spammers:
    Who use software to harvest email addresses
    Who forge who forge or spoof email headers
    Who do not allow recipients to unsubscribe.


Violators could face up to one year in prison and fines of up to $1m.
If, as expected, the Criminal Spam Act is passed, a first offence under the Criminal Spam Act would be punishable by up to three years in prison. But those who repeatedly send spam could face imprisonment for up to five years and fines of up to $25,000 a day. I presume this on top of fines Smiley Smile!

In another VNU Spam article Microsoft are also rolling out news measures and working with ISP's in Europe to help stomp it out.



19th June

[Δ]


I watched a documentary on Spam last night which said 90% of all the worlds Spam comes from just 120 Americans, most of whom live in Boca Raton, Florida where sending spam is legal. My wife put it succinctly - now you know where they live 

Tempting as it was I got to thinking. The governement know where these beggers live and they must know that a number of seriously bent politicians are getting rich from backhanders to allow this deluge. Congress should get up off their backside and stomp these parasites into the ground, destroy all the lists and lock the offenders away.

On a related note, Microsoft have gone all legal on fifteen of them, two of whom live in the UK. Go Bill!

I'll also have enough messing about sorting Spam as I'm getting several an hour. I've blocked the insidious Yahoo and added Mailwasher Pro which I'll probably back up with SpamCop probably. Anyway, here's the figures:

Yahoo.com (I blocked Yahoo.ca and all the rest) drummed up 115 spam - 9% of all junk mail.

My Spam breakdown
June 1st to 18th, 2003
Category Number Percentage
Adult 91 7%
Enlargement 76 6%
Finance 216 17%
HGH 69 5%
Offers 465 37%
Scams 185 14%
Singles 31 2%
Viagra 160 12%


My Spam breakdown, consolidated
June 1st to 18th, 2003
Category Number Percentage
Money 401 31%
Offers 534 41%
Adult 358 28%

Graph of above Spam results

Barchart of above Spam results


That's nearly 1,300 unwarranted messages in just 18 days, despite blocking scores of domains!
That's an average of 72 a day or over 26,000 a year, if it stayed at this rate. Given that Spam is doubling and even quadrupling year on year.
Of these 583 where bad enough that I reported them to the FTC and related bodies and one worse...



Update 14th June

[Δ]


Some no-mark is adding my name to optin-ins etc, presumably as "punishment" for my anti-spam pages. How pathetic is that? All they are doing is guaranteeing that I'll dedicate more time and resources to changing the laws. When - when - I get my way there will be a reconning. As you may be aware, this is a family site, my children have free reign on the computers. Or they did until someone send an email to my daughter, which is why I have a bee in my bonnet about Spam. Today, someone sent me email of someone elses children, Asian at a guess, saying come visit my site for more. I'll let the FBI deal with them but suffice to say I am going to get amazingly focused on the global problem of Spam.

Anyway, I'll give you the figures at the end of the month but, bearing in mind I filter agressively at the server, so far over 1,000 spams have got through (around 100 a day) and the breakdown is as follows:


Facts About Spam "In 1999, the average consumer received 40 pieces of spam. By 2005, the total is likely to soar to 1,600." - Jupiter Communications"
I'm not sure if that's a day or a year but given I've get / block an estimated 50,000 a year and that figures rising daily...

For the marketters out there claiming email advertising is valid, is legal, is whatever... Hmmm. These be the same ones lobbying and fighting any changes to the law to make the business respectable? These the same reputable firms from feel the need to hide domains behind front companies? Ah. No, these would be the ones who send out a million messages a day from accounts like Yahoo, Lycos, Hotmail and obscure mail relays in countries like Russian?

What you reckon would happen if I bought a mailing list (5 CDs 535 million addresses only $637.00) and used my own, honest to goodness ackadia address?

Exactly.

Here's my feeling...
I have good tolerance for genuine (targetted) marketing emails from reputable companies with real offers that use their own addresses.
I have zero tolerance for Spam and can, will and do - up to a hundred times a day - report any and all illegal or fraudent Spams...

Faked or no unsubscribe? That's generally illegal. Report it to the FTC or whoever.
Cheap software? That's piracy, Report it to Symantec, Microsoft etc
HGH etc promising miraculous effects - false advertising. I report them too.

You get the basic idea. If someone feels the need to use foreign countries and free email addresses to mail you then they have something to hide. Even if it looks kosher, here's a thought. If I wanted using templates like these I probably could set up a full ecommerce site, domain and credit card processing in an hour or so.

Hollywood-Hair.com
Genuine film stars hair clippings from Hollywoods top salons...."
Jessica Alba (Dark Angel's) fringe $99.99 shopping cart
Michael Jacksons nasal hair $999.99 shopping cart
(shipping extra)

Hmmm. I'm old, cynical and jaded, but I've got this way for a reason. But if I was a crook I could easily make the above work. IF - and it's a big if - I even send out the supposed shearings, it's far more likely that it's come from a cat or come back street barbers floor. Of course, one a week or three after taking $100,000 or even a $1,000,000 I'd be off, a new domain selling Viagra...



June 1st 2003

[Δ]


OK now I'm getting rattled again! I'll put the figures up at the end of the month when I have finished analysing them, but here's a rough estimate on the past few days:

I've already tracked down a few of these dogs and threatened legal action if the stream continues. Just in the past few days I've had over 600 Spam messages. One cretin even included a ruddy great wav file. Are these people living in the real world? You reckon five minutes of your redneck twang is gonna make me drop everything and fly stateside to import your poxy second user pickup? Sheesh! As for the graphic one's, dude there will be a reckoning...

Out of interest, this is an analyst of my deleted bin. Of the 600+ spam only a handful stay in my inbox. A huge number I delete at the mail server, the rest I filter. Pretty much, as soon as I get unwanted mail I block that ISP. It's overkill but enough is enough. I've got my Rambo head on and Arnie's loading the truck with ordnance...

Later this month I'll redesign this page and split it into news, links, articles and blocked lists. The blocked list will be a list of all the worst offenders. Feel free to send me updates to that page and use the info against these low-lifes



May 2003

[Δ]


MSN blocks 2.4bn spam emails a day
Hmmm. the "figure is 80 per cent of all messages to MSN servers" Well I never would have believed that! I bet it's even higher for Yahoo! Fortunately, according to (a) Computer Buyer article MSN, Yahoo and AOL have banded together to "make a four-pronged attack on spam." Basically it involves stopping accounts being auto-created for spam shots, educational guides for its users and new image filters*

*Apparently single pixel images can be embedded in spam mail that, when loaded, confirm to the sender that the recipient's email address is indeed an active one."

Oh, I said four. Far as I can tell, the forth and main one appears to be that they are in alliance with AOL and Yahoo. As far as I am concerned, well, it's a start! My filters delete AOL, MSN etc on sight after spam just from this lazy trio's systems passed 400 a day... Just think, alone, just me, I was looking at up to 200,000 spam messages a year!!!

The biggest problem is Outlook Express to be honest. And yes, there are software filters, server filter and other email packages like Eudora, but what do most folk use? The spam filters Express employs are a waste of space. (I've a tutorial here if you want to try). I'm ruddy positive that if Microsoft made the filters more intuitive and up front global spam would fall overnight. Think I'll send them (another) note to get on with it....

*Ponders the solution*
There are a number of free and commercial spam filters, a number of which are listed at the bottom of the page, but I think we need an updated solution from Microsoft. Not wanting to step on toes but there's a good reason for this - mass market. Gods forbid but most home users and small businesses don't even bother with anti-virus let alone firewalls and certainly won't buy or even try spam filters, but they will use Outlet Express day in, day out. Hmmm.

What's needed is an intergrated, database driven, one click, customisable filter...


That'll do for a start, hmmm.

That's more like it!
As ZDNet have reported under new California laws, Spammers can be fined by the federal government to the tune of $500 a message. Multiply that across the globe please and we'd all have free mailboxes.



Apology to 43plc.com

[Δ]


Time to eat a little humble pie!

Apology and retraction to 43PLC - 43PLC

It appears my wife used my daughters email for something on Flipside (a rather good competition site she uses a lot) and we subsequently recieved an email as part of a campaign.

At the time I had grave concerns about this particular email, but a polite call today (25th Sept 2003) from Ian Lowe set the record straight and I can't apologise enough to Mr Lowe and his company. Showing his professionalism both in contacting me in the first instance and in quickly tracking down the exact details of the post set my mind at rest completely and shows us all that not all direct mailers are bad guys!

For the record, as I've no doubt said in other pages, I respect any legitimate marketing company and happily, even actively, recieve around fifty email and newsletters a day sent via reputable companies like 43PLC.

Kudos to 43PLC for their well run system Smiley Smile!

Paul