Ask Dr Stupid: Subject: SPAM
Received: from flatus.studio42.com (10.1.42.10) by studio42.com with
ESMTP (Eudora Internet Mail Server 3.2.10) for <Dr. Stupid>;
Mon, 12 Jan 2009 11:09:15 -0800
Received: from flatus.studio42.com (flatus [127.0.0.1])
by flatus.studio42.com (8.12.5/8.12.5) with ESMTP id n0CJ3Vu2007157
for <Dr. Stupid>; Mon, 12 Jan 2009 11:03:31 -0800
Received: (from apache@localhost) by flatus.studio42.com (8.12.5/8.12.5/Submit)
id n0CJ3Uww007155; Mon, 12 Jan 2009 11:03:30 -0800
Date: Mon, 12 Jan 2009 11:03:30 -0800
Received: from [188.8.131.52]
by www.studio42.com (NMS FormMail 3.14c1) with HTTP;
Mon, 12 Jan 2009 19:03:30 GMT (script-name /cgi-bin/stupidformtomail.pl)
X-Mailer: NMS FormMail 3.14c1
From: email@example.com (Howard)
Below is the result of your feedback form. It was submitted by
Howard (firstname.lastname@example.org) on Monday, January 12, 2009 at 11:03:30
Form-ID: Dr. Stupid Form
Message: Why do the moronic spammers, that invade my privacy 20-30 times a day,
use stupid names and idiotic spelling? Are they so mentally challenged that
they believe these e-mails will not be the first to be trashed?
Thanks in anticipation, Howard Wilson.
HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
That's a lot of words coming from a Yahoo.co.uk user. Dr. Stupid's research has shown that Yahoo does not take a firm anti-spam position. If you disagree with this, then please take a look at this page that highlights spams from 2008 that involve Yahoo in some way, shape or form.
To see some of Studio42's position on spam, please see the Studio42 web site dedicated exclusively to stopping spam.
Spammers are truly the sewage and nuclear waste of the internet. They feel that it is their right to market and "email blast", over the rights of the users who generally speaking do not want this garbge put into their inboxes. The United States, while trying to be a leader in anti-spam legislation, simply does not understand the problem. Part of the problem is that the lawmakers are shielded from the spams by their staff. In many caes, the lawmakers are totally unaware that there even is a spam problem. But, most spammers and their spamware and spambots are smart enough to not send trash to anything that ends in a .gov address so as to avoid some problems.
One of the biggest disasters was the bill submitted by Senator Murkowski. In this bill, it said that it was OK to spam if you included contact information and a way to opt-out. Spammers quickly made their spam SB1618 compliant by putting in this information, although often times it was fast. The main purpose was to get people to "opt-out" of future messages. Such opt-out practices have long been known to be a method of harvesting fresh and live addresses to be re-used and sold for future spamming runs.
Now, there is a law on the books that pretty much gives spammers a one-shot to spam you, provided that they are appearing to be compliant with the law. But, assuming there are a million of these "home based businesses", and each one gets to send you a single spam, well, that's a lot of email over the course of even a lifetime. These spams also expect you to opt-out, which as stated before, only serves to confirm a live address to be included on future spamming runs.
Here's how opt-out often works. The spammer either asks you to respond or more often hit a link on a web site to have your address removed. What is really happening is that they are harvesting these addresses. These harvested addresses are more valuable because they are confirmed valid addresses since a recipient would need to have received the message in order to visit the site to opt-out. So, even if the spam run fails, they can often get a few thousand idiots to "opt-out" and help add value to the next incarnation of the spamming list.
Why is spam such a problem? There are many reasons. Unlike postage, email is very cheap, almsot to the point of free. With nearly no overhead, spammers have only their account to lose, and any gains they get more than compensate for those losses. For example, using current postage fees as of January 2009 of 42-cents per stamp for first class postage, a 419'er would have to spend approximately $4.20 plus additional fees(since it's most likely being sent from over-seas) to annoy at least 10 people with this illegal money advance scam. Thanks to the internet, for roughly the same $4.20 in access fees, they could send 20-million of the same thing and still have money left over to buy bullets to kill any suckers who do end up tryig to take it all the way.
Another reason is that in some areas of the world, they protect criminals. Some business sites sell prescription medications illegally, or at least via illegal methods according to United States laws. The criminal laws in your country may vary. If the spammer continues to pay their web hosting bill, some companies will simply refuse to take the site down. This is what is called "bullet proof hosting". Spammers love this as they know for a relatively cheap price, their site is rock solid and not going to go anywhere for quite some time. This lets them find various methods to spam. Many overseas service providers offer such bullet proof hosting. A very notable country that loves criminal sites is China. But China is certainly not alone. There are many companies in the United States who have problems with spammers, or rather they don't seem to have a problem putting spammers on their networks and letting them live long abusive lives through their facilities.
Along with spammer web sites, domain registration has become a commodity type service. When Network Solutions was the only game in town, their price of $35 per domain per year was honestly a rather affordable price to pay for anyone who wanted a domain. However, to spammers, this is quite a cost, mainly because some spammers will register hundreds or thousands of domain names. Regardless of the economy of scale, even the inexpensive domains that can be registered via companies like GoDaddy, after a while this starts to get expensive. Let's assume that GoDaddy charges $10/domain, and at 10 domains, that is $100. And, what is nice is that GoDaddy doesn't offer refunds. If a spammer gets their domain cancelled due to abuse, the spammer loses their money and the domain. This practice requires a domain registrar to be anti-spam, have a hardline position on spam and enforce that policy. Fortunately, GoDaddy behaves this way.
Another issue is policy enforcement. Many if not most ISP's put together AUP(Acceptable Usage Policy) and or TOS(Terms Of Service) documents that are of an anti-abuse and anti-spam nature. The issue comes to enforcing such policies. Most of the service providers do not actively enforce their policies and as such, spammers can exists for months or even years sending millions of spams per day before the ISP finally takes action against their abusive customers. This pertains not only to ISPs who provide connectivity, but also to service providers. An ISP(Internet Service Provider) is typically a company who provides access to the internet as one of their service offerings. An ISP may provide this access via multiple methods, ranging from dial-up, broadband, wireless, PVC and other permanent circuit types that can include copper and fiber technologies. ISPs may also offer other services, such as e-commerce, web site hosting, web site design, server co-location and many other services. A service provider typically only offers various services that do not include provided connectivity access to the internet for clients, but offers such services as web site hosting, co-location and other such services. Neither are excluded in this scenario. There are many companies, both of the ISP and service provider types, who do not actively enforce policy.
One major issue that people need to take into consideration is themselves. This becomes more true for broadband users, especially those who are rather ignorant. What most users fail to realize is that there are people and computers out there looking for machines to exploit. Once a system is located, it is attacked and bad software is installed onto it. This software is often used to create "botnets", or machines that spammers can use/abuse to send spam, often without the knowledge of the computer owner. The reason this happens to broadband users more than any other type of users is for two reasons: speed and direct connectivity. Let's address the direct connectivity concern first. Using broadband as the example, most cable and ADSL providers will either provide a modem to access the appropriate type of broadband connectivity. Even though the term modem is innaccurate since we're not modulating/demodulating per say and the term modem is more of an analog term, the term modem has become the standard jargon for not only modems that use dial-up technology, but the boxes that convert that data from the cable box into an ethernet connection to a computer or network. Likewise, an ADSL modem connects to your phone line and listens for that ADSL signalling to present it to your computer or network via ethernet. But this response isn't about merely a Layer 1 to Layer 2 conversion. The point is that many users plug right into that cable or ADSL modem. By doing this simple act, you immediately become a target for attack. Why is this? Your computer has no protection. I know, you're going to say "I'm using Windows Firewall" or 'Norton Firewall" or whatever. The bottom line is that due to how Windows is made, none of those products work worth a damn. If you want to protect yourself, for a little bit more money as that useless firewall software, you can get yourself a broadband router. This router may require some configuration, but then all the attackers will be stopped at that router. In addition to protecting your computers and data, you can now also share that connection. Please do take into consideration that if you choose to add wireless to your network, you do need to secure that or you're providing free access to your network to anyone around you and you can be attacked via that entry point as well. In addition to using a broadband router, all internet users should have Norton AntiVirus installed. I know that Norton AntiVIrus has anti-spyware installed, but it sucks. Get the free download of Spybot Search & Destroy and install that and update and run it weekly. In addition, the latest version of the anti-virus software needs to be purchased annually. I know people still using Norton AntiVirus 2002, and complaining how it doesn't help them anymore. Well, it's 7 years out of date, Symantec said they aren't supporting it anymore, and honestly, it's time to move on.
Revisiting the broadband discussed above is the next logical place to look. As shown, many people just plug right into that broadband modem and are often attacked within minutes. As a result, there are millions of machies bogged down with unauthorized software doing evil things with their computer without the owner's knowledge and especially without their consent. The scary thing is that this isn't just limited to installing some sort of spam spewing software package. They can even use your machine to host a web site, or do dirty DNS(domain name service) without your knowledge. Since the nature of these illicit software packages is to help hide the spammer, the idiot broadband user loses their account while the spammer goes undetected. Isn't this the sign of a reputable business you would want to buy from?
On an equally frustrating level for computer operators are those running non-secured machines, especially those machines where the operator assumes the machine is secured, but really isn't. This is often the case in small companies and groups who have purchased a small block of IP addresses for their organization, and then often go ahead and install a web server and a mail server, which may or may not be the same machine. There are computers looking for just these sort of machines to also attack and exploit for their own purposes, same as with the previously mentioned broadband examples. This is not limited to just small operations being attacked. There are some sizable ISP's and service providers being attacked in the same manner but on their main servers as well.
Now we get to the bad spelling. Why do spammers have such bad spelling? The reason is rather simple. If some spammer is selling Viagra or Cialis, which as you've no doubt discoverd, are rather popular things to spam for, using the correct spelling would make the logical choice. Spammers have learned that people don't want this emailed to them, and it's to the point where "intelligent software" can filter and block mail that contain certain words. The server here isn't quite as intelligent as it does need manual intervention to help broaden what it looks for, but does a reasonably good job as it sits at the moment. By spamming things bad, the filters don't see the trigger items and therefore the spam passes along. It gets to the point of how stupid are spammers going to get to get past filters, because the filters usually can't proactively predict what they are going to have to deal with.
Why are the emails and subjects so screwed up? Well, spammers lose their accounts like crazy, so why bother getting attached to anything? Spam it until it gets nuked, get another and start over. Subject being a "red flag"? Change it. Certain works getting their stuff blocked? Mispell it.
Dr. Stupid must also pass along some advice for you. As clever as you think you are, deleting the spam isn't going to solve your problem. Spammers don't see things that way. They see either "bad email because it's bouncing", "safe mark because they don't complain" or "complainer who gets us in trouble". You are a safe mark, because you don't complain but the email gets delivered. Where is their motivation to remove you from their lists? There's no cost involved to them to send it to you, and hence no motivation to remove you from their lists. So, if you like being a victim, then by all means, just trash it and never complain and watch your problem grow right before your eyes to the point where your email becomes 100% useless.
Dr. Stupid is not the system administrator, but knows firsthand that on most days, there are about 40 pages of "email log" showing blocks and other errors, almost entirely related to spam being prevented from being delivered. Back in 2000, this would be maybe 100 entries per day on a heavy day. Now, there are typically 500 or more errors per half hour, every half hour, every single day. Since most spammers seem to operate during the sleeping hours of most people local to where Studio42 is located, the network administrator has chosen to shut off the mail server at night. This serves two purposes: it saves power and any legitimate mail sent via legitimate servers, will simply wait and try to re-deliver later. This nightly practice saves Studio42 from receiving a great amount of spam. Even so, the 2008 numbers came very close to 700 spams getting through the front lines of protection.
So, if your philosophy is to trash it, then trash it and be a safe mark. You're a spammer's best friend because you'll eat whatever trash they pump into you and won't complain. Or, you can learn to read headers and learn how to combat spam. But, Dr. Stupid can see you're a Yahoo user, and obviously reading headers is not going to be something you can bother yourself to learn. Dr. Stupid assumes that this document has been a waste of time.
Disclaimer: Dr. Stupid is not a licensed medical practioner. Studio42 is not responsible for any advise given on this web site.