Justin Mason [01.15.07 05:34 AM]

Recent stock spam, in particular, looks like it's extremely profitable -- check Joe Stewart's recent dissection of a stock spamming incident:

'So, at close on Friday Dec 15, the stock is at $0.0011. Suddenly, the Rustock botnet begins spewing out the spam shown above. All weekend it churns away, sending millions of emails. Monday morning, Dec 18, sees the stock immediately rise to $0.0019 a share, then all the way to $0.0025 a share, as some recipients of the spam begin to purchase the stock. A far cry from the spammer′s target of $0.02 a share, but lets see how much that adds up to. If the spammer sells his shares early on Monday, when the stock has peaked, those 11,532,726 shares could be worth nearly $29,000, leaving the spammer with a cool $20K profit for one weekend. I wonder if the spams touting Viagra and Rolexes have ever made that much profit so quickly for the spammers with so little effort and almost zero overhead. It's little wonder why stock spam is taking over.'

http://www.secureworks.com/researchcenter/weblog.html#Rustock

BTW, the situation with botnets is entirely unprecendented. IMO we may now be in big trouble, with spammers and criminals operating more CPU power and bandwidth than any other non-governmental body...

  AntiSpamB [01.15.07 05:45 AM]

Slowing down the packets is good approach as technical solution of problem.

However, it seems that whole anti-spam industry tries to struggle with effect but not the cause. While the real cause of spam is the people's thoughtless desires and lack of info about, for example, phentermine side effects.

So people is attacked by spam which offers things they want (or think they need it), but nobody (ok, very few of sources) can provide important info about reality which stays behind, for example, the advertised pills.

I think it is the question of right propaganda to cut the ground from the under spammers feets.

  Trent [01.15.07 07:06 AM]

A great book on SPAM is "Inside the Spam Cartel: Trade Secrets From The Dark Side." The author does a good job of explaining the economics of spam, and the profile of typical spammers. I was surprised at how little money the spammers make in some cases. Based on the way Spammer X (the author) describes it, spamming really isn't worth quitting your day job for.

  NatC [01.15.07 07:12 AM]

My assumption was that spammers are using ghost machines (infected machines from regular internet users) in order to send their mails. In that effect slowing down servers does not sound that efficient?

  John Dowdell [01.15.07 08:45 AM]

The botnet and zombie comments are on-target.

Criminal gangs now "own" large networks of consumer machines. Aside from contagious infection and attacks on unupdated systems, they get them through voluntary malware and warez installations.

Gangs rent out these machines for cash. During downtime the price can be low... doesn't cost the spammer much to just send an instruction to his horde.

If ISPs and trunks inspected their *outgoing* traffic, and cut off consumers whose machines are infected, then the pollution of the network would fall.

  Dancho Danchev [01.15.07 08:52 AM]

I like the perspective and decided to comment in here. It's basic human psychology from my point of view, and considering that spammers are humans too, whether low lifes or not is another topic, it's the "Busyness vs Business" factor of productivity. Sending couple of million spam messages is cheaper then a kids' menu at McDonalds, but how come? Economies of scale when it comes to botnets, sending spam is no longer as sophisticated as it was years ago when spammers had to scan the Internet for wrongly configured email servers relaying messages from anyone sending them. Now they have the end user's insecure habits, thus if you're infected with malware, there's a slight chance the spam you, or your friends are receiving may be coming from you.

Let's discuss a spammer's business model, given his costs are lowered to minimum by renting or actually owning hundreds of thousands malware-infected PCs, even if 10 people out of 1 million spam messages got tricked into - it's a deal, that's the problem. Their desperate business model flooding everyone's mailboxes to finally come up with couple of people who through they're making a deal. Trouble is, these primitive and totally outdated business models slow down everyone's email service, perhaps a good moment to point on how IM communications emerged given the increasing delays of email communication. Even worse, your legitimate email may get blocked as a spam one, and in an important situation this could cause you a lot of trouble.

To sum up my thoughts, the experienced Internet users are not the target of today's spam, the novice Internet users are, and believe it or not Internet is still a fancy tool in many countries. And with Internet Service Providers in the perfect position to stop spam emails going out of their network, but lacking the incentives to do so, check your mailbox on Monday morning, or keep an eye on the detected spam messages. While half the world is busines implementing ridiculous data retention practices, no one is bothering to force Internet Service Providers to block the spam going out of their networks, and trust me, they can do so without endangering anyone's privacy.

  Ken Simpson [01.15.07 08:54 AM]

NatC: You're right that the vast majority of spam is sent through zombies (what you refer to as "ghost machines"). If we knew where all the zombies were and could block them, then there wouldn't be a spam problem. The trouble is, we don't.. Zombies pop up an last any from a few minutes to a few hours, but never very long. By the time a zombie is detected and blocked, it has already done a lot of damage.

Traffic Shaping helps sites deal with the traffic coming from senders they've never seen before -- senders likely to be zombies.

  Trent [01.15.07 09:07 AM]

Most of this conversation has been centered on email spam. As an email user, spam is an annoyance. However, as a webmaster, spam is absolutely infuriating.



Here is what web masters have to deal with:



COMMENT SPAM : This is when spammers leave their junk in the comment section of your blog. The goal here is to trick Google. Google ranks pages highly if lots of other websites link to them. Therefore, spammers have found that they can quickly improve their Google rankings by posting links to their site in other people's blogs.



TRACKBACK SPAM : Similar to comment Spam, except it uses Trackbacks. Trackbacks are comments that are auto-inserted into your blog when someone else links to your blog post. The idea was that trackbacks would make it easier to follow conversations across various blogs. It never worked out that way.



FORUM POST SPAM : Spammers create fake profiles for forums, and then login and publish junk posts. Once again, the intent is mostly to trick Google.



FORUM MEMBER PROFILE SPAM : Spammers create fake profiles for a forum. Rather than post spam, they just put spam links in their member profiles. This techique is a little more stealthy than straight forum-spamming.



CONTACT FORM SPAM : Embarassingly old-school technique that sends spam to webmasters via a website's "Contact Us!" form. I can't imagine this has ever worked.



REFERRAL LOG SPAM : Another odd one. Webmasters can look in their referral logs and see what other websites have linked to them. Some spammers create temporary links to your site from their spam site, just so they can show up in your log. Like Contact Form Spam, I doubt this is very effective. (People running websites tend to be pretty knowledgeable about spam).



CONTENT SPAM - If you have a website that lets users submit content, spammers will inevitably hit it. Spammers submit junk content to news sites like Digg and Reddit.



My biggest problem is forum spam. It is very time consuming to build an online community AND fight spam simultaneously. On the one hand, you want people to be able to sign up and participate as easily as possible. On the other hand, you need to block spammers. CAPTCHA's are the first line of defense. But CAPTCHAs can be beaten by computers or circumvented by cheap human labor. My current solution is to use CAPTCHAs and admin authorization. In other words, no one's account is activated until I (the admin) activate it. But once again, this causes a delay for the end user.



What is the solution to the spam problem? I don't have a clear cut answer. A lot of the spam I see is from Russia. Perhaps I should block all Russian traffic from making posts? It's a sad option, but one I may have to excercise.

  Randy Stewart [01.15.07 03:23 PM]

While there are a number of solutions out there that are helping slow down spam, there doesn't seem to be any technical solution that eliminates it completely.

Yahoo's "Wisdom of Crowds," model was working for me for a while, but recently, I've been getting a few dozen messages daily that have escaped their filters. Yahoo! also generates a small number of false positives, which in some ways is worse than a large number as I rarely, if ever, go into my Yahoo! spam filter.

I used a combination of Yahoo! filters and the Apple Mail client's filtering to eliminate spam, which worked for a while, but spammers seem to be getting more and more sophisticated. As a result, I'm getting more spam.

A friend of mine founded Boxbe.com to look at the problem differently. The reason why email marketing is so popular is that the cost of email is close to nothing. Raising the price to email me without my consent from zero to even a few pennies eliminates the vast majority of unrequested email.

Boxbe has created a market based solution that eliminates most spammers from the conversation. Boxbe doesn't try to figure out who is a legitimate marketer and who is a spammer but thankfully, most spammers can't pay.

Most legitimate marketers are willing to pay some small amount to guarantee that their messages are received and by people who want to receive them. Boxbe is sending most of that money on to the consumer.

Trent - you make a good point that captchas can be defeated by cheap humor labor. Ultimately, I think this will happen when the stakes are raised a bit higher.

Randy Stewart

randy@boxbe.com

[Disclosure: I am a Product Manager at Boxbe.com]

  Alan [01.15.07 09:59 PM]

Perhaps a better, more permanent solution would be to... "eliminate"... those who send spam.

  Jope [01.16.07 03:44 AM]

"they spend an enormous amount of (...) money"

That's the point: they don't.

They only need a small fraction of recipients to buy whatever they're selling to make a profit. They may not become millionaires, but totally worth it for them.

Where do costs go? To the email recipient in terms of time, but also money if it's a paying account.

Basically, it's as if a phone sales rep made a collect call to sell their stuff, you canpt beat the business model... ;)

  Justin Mason [01.16.07 04:10 AM]

@Randy: there will *never* be a solution that will eliminate spam. Spam is a social problem, and an adversarial problem; each time we create a technical fix, the "other side" will eventually evade it. We just have to keep up.

  Googlisti [01.16.07 11:07 PM]

Here you can find a great map of spammers, called Spamdemic Map.
http://www.cluelessmailers.org/spamdemic/index.html

Enjoy!

  Anonymous [01.22.07 03:03 AM]

@Alan: actually, not that funny. One or more of the botnets which deliver spam are controlled by the russian mafia (per a friend of mine at Yahoo). And he notes that they *have* eliminated competitors in the spam business.

  paul [04.19.07 10:44 AM]

One possible way to eliminate most spam, is if all email servers would list there servers correctly, so that a Reverse DNS lookup would match thier mx record, then all companies could set up their email servers to do a DNS Reverse lookup to verify that the email being recieved is actually from the server that it says it is! If not, it throws the email away! Using this method, you would only get emails from reputable servers, and any spam issues could be directed at the people who are responsible for server!

paul

  gamsik [08.30.07 09:13 AM]

While there are a number of solutions out there that are helping slow down spam, there doesn't seem to be any technical solution that eliminates it completely.
pank

  david [01.24.08 04:40 AM]

Most legitimate marketers are willing to pay some small amount to guarantee that their messages are received and by people who want to receive them. Boxbe is sending most of that money on to the consumer.