The Scum Behind the Spam
February 2, 2004 8:58 PM   Subscribe

Bastard. Utter, utter, utter bastard!
posted by dg at 9:24 PM on February 2, 2004

And many spammers -- including Scott Richter -- are convicted felons ... making them ideally suited to criticize the behavior of others.
posted by pmurray63 at 11:03 PM on February 2, 2004

Can we offer a bounty for both his street and email address?

just kidding...
posted by clevershark at 11:05 PM on February 2, 2004

Only if you give him the chance to opt out. Afterward.
posted by stet at 11:16 PM on February 2, 2004

For some reason, I have this pleasing image of John Goodman outside of his house smashing his sports car with a tire iron and screaming "Do you see this Scott?!? Do you see this?!? This is what you get when you f**k a stranger in the a*s!"
posted by moonbiter at 11:51 PM on February 2, 2004

man, who cares at all? spammers and anti-spammers are equally obnoxious. i can't wait until microsoft outlook 15's artificial intelligence engine makes both of them go away.
posted by kjh at 11:57 PM on February 2, 2004

Scott Richter
1333 w 120th Ave suite 101
Westminster CO 80234

Srich10195@AOL.COM

303-550-9828

According to Spamhaus, anyway.

On preview: Who cares? I care. I block between five and six hundred spam emails a day to my primary address. I don't know how many hundreds (thousands) more are blocked for other users on my server. Spammers clog the resources that I pay for, terribly inconvenience my users, hide behind Reply-to addresses at my domain - costing me both the time and effort to block the resulting bounces, and the goodwill of others who now think that I am the spammer.... and so on, and so on. What, pray tell, do anti-spammers do that is even a hundredth as obnoxious as that?

I sincerely hope that it's just too late for my sarcasm detectors to fire properly.
posted by majcher at 12:10 AM on February 3, 2004

kjh, thunderbird's bayesian filter does that right now. Why wait for MS to catch up?
posted by skallas at 12:11 AM on February 3, 2004

(Yes, I realize that the above contact information is probably grossly out of date. Still, blood, blood, blood.)
posted by majcher at 12:12 AM on February 3, 2004

kjh: I now work for a large ISP. More than half the mail going through our servers is spam. Sure, it can be discarded, but we have to receive it before we throw it away, if we are not to move to a whitelist-only model. Provisioning double capacity because we are trapped into Scott Richter's business model really, really hurts, in a measurable, dents-the-bottom-line-way. If ISPs can't make the pain go away technically or legislatively, they will eventually charge their customers, because they still have to carry and deliver the swill, even if you are personally immune. At that point, you will care, because ISPs will charge you monthly to reflect overheads, or ISPs will charge for delivery of individual mail. (My opinion, not my employers' but it makes sense.)

Of course, it's even worse for non ISPs who run mail servers. At least we make a profit on our users - their mailboxes are pure cost centres.

If anti-spammers are obnoxious (and I disagree that say, Steve Linford or Paul Vixie are as obnoious as Scott Richter or Sanford Wallace) it is only because spammers cost us a great deal of money through pure theft of service, and that makes us upset.
posted by i_am_joe's_spleen at 12:33 AM on February 3, 2004

i'm just so sick of it. i'd hate to throw away my domain and get another because i have so much spam coming in... but...

i hate having my time and space taken away from me.
posted by jennanemone at 2:01 AM on February 3, 2004

Filtering is all well and good, and please feel free to make liberal use of it at the MTA as well as at the MUA level like most end users will eventually do. But please don't think that just because your shiny new mail client does filtering, the world's spam problems are solved. The problem of spam is not that you receive it or have to filter it -- that's just an annoying side effect -- it's that the spam is sent in the first place. The crime takes place before the message ever gets to you. Never forget this. Technical measures will do a certain amount to mitigate the spam problem, but they will not end it.

Only bleeding heads mounted on spikes at the gate will prevent spam.
posted by majick at 2:39 AM on February 3, 2004

Only bleeding heads mounted on spikes at the gate will prevent spam.
I'm ready - you choose the gate, I'll bring the spikes. The fact that fully 90% of mail our company receives is spam means that around 40% of our monthly bandwidth bill goes straight down the toilet.

If these people were turning up at your front door uninvited and trying to sell you (and your children - kids get all those messages, too, don't forget) penis enlargement pills or teenage pornography (especially if the first thing you saw when you opened the door was a free sample of said pornography flashing in your face), there would be an outrage no matter how much proof they had that you previously agreed to their visits and the visits of their partners partners partners by not clearing the check box down in the bottom corner of a screen when you signed up for something totally unrelated. I am all for the concept of "buyer beware" and taking responsibility for not paying attention to what you are doing, but the spam situation has got way out of hand in the last year or so and I would guess that it costs businesses a similar amount as viruses do. It certainly costs us a lot more, yet all we hear in the media is about how MyDoom is the worst thing to hit computers since December 1999.
posted by dg at 4:02 AM on February 3, 2004

So, spam works, right? I mean, if it didn't, it would stop, right? So there are enough slack-jawed mini-dicked smegma-coated fallopian miscalculations out there to provide a return on investment. Who are these people? I don't know any of these people. Does anyone know any of these people?

Do we need these people? Can we kill these people?
posted by Opus Dark at 4:27 AM on February 3, 2004

> to provide a return on investment

Aha - but the investment is so small. Sending mail is free, remember? It takes very little by way of responders to recoup the costs, I assume.
posted by thijsk at 4:36 AM on February 3, 2004

40,000 decks are cards sold through SPAM. Forget Scott Richter, we need to get that list of people and go knock some sense into them.
posted by benjh at 4:48 AM on February 3, 2004

Do we need these people? Can we kill these people?
No, we don't. No, we can't. But imagine how much stronger the gene pool would be without them.

Imagine if Hitch Hiker's Guide to the Galaxy was being written now - instead of telephone sanitisers, it would be spam merchants being sent off to forge a new world.
posted by dg at 4:54 AM on February 3, 2004

The only way to have the spammers stop is to make spam expensive for the spammers.

Because right now, the cost of sending out the spam is less than the money they make.

Instead of a typical challenge response - put up a 'click thru contract' that generates disposable addresses.
Make the contract wording and pricing worth your time...its your EULA.

If you start dragging the spammer's customers (Banks that want to offer morgages) into court, they will quickly roll over on the spammer. Not to mention go "Gee, is this worth this" and think hard about NOT doing business with a spammer?

The wet dream part of this is to have this 'cookie cutter' across the nation. Tee Hee, DOS via legal system. How many spammers can afford to defend themselfs in 'every' county courthouse across the USA?

A side benefit - if a spammer later DOSes you (and they will due to the court case) and you manage to track 'em down you'll have over $5,000 in damages. Now that is a federal hack'n law violation. How many DA's wouldn't sign up for "I sent a spammer to the slammer" to be added to the resume?

Worst case - Some poor Windows owning smuck will get sued because of a viral backdoor thus testing in court the idea if a user doesn't secure his/her box, are they liable?
posted by rough ashlar at 4:57 AM on February 3, 2004

Bob, the Door to Door Spammer
posted by grabbingsand at 5:52 AM on February 3, 2004

I recently set up a filter in my e-mail application (Apple's Mail, though I'm not intending this post as "Windows sucks! Macs are better!" flamebait) that looks at incoming mail to see if the sender is someone in my address book or someone in my cache of people I've previously written (I guess Mail keeps track of that kind of thing... not sure if other e-mail applications do). If the message doesn't conform to one or the other of those criteria (and most of the time it's both) then the message gets thrown into my Junk folder and I can ignore it. It makes Mail's built-in junk mail filter almost obsolete.

I get maybe 20 or 30 spam messages per day. It's surprising to read the comments from people who receive hundreds a day.
posted by emelenjr at 5:55 AM on February 3, 2004

"I didn't know anything about computers," he says now. "All I knew was how to log into AOL. That's still about all I can do."

Somehow that didn't surprise me at all.
posted by mr_crash_davis at 6:31 AM on February 3, 2004

It's surprising to read the comments from people who receive hundreds a day.

recently i abandoned several longtime and intuitive email addresses hoping that 6 months or a year of bounces will get them off some lists. at the time i did this, i was receiving (downloading AFTER filtering) upwards of 2-300 a day. mind you, this is AFTER my filters deleted probably 3/4 of them from the server without my ever downloading them.
posted by quonsar at 8:04 AM on February 3, 2004

As we all know, one serious problem with spam is that the recipient pays, the sender doesn't (and is often using hijacked mailservers). If sending is made expensive enough, that might discourage them.

I've seen two approaches to this: Filters that fight back and spam throttling.

Filters that fight back take the simple premise that spam will contain a URL, and if everybody who receives that URL actually fetches it, say, 10 times, the bandwidth charges will bankrupt the spammer. It's essentially a DDOS against spammers (who themselves should be regarded as perpetrating an ongoing DDOS against all of us). Admittedly, this can be gamed if the spammer maliciously puts "honest" URLs in there or commandeers zombie PCs to use as servers, but it's a start.

Spam throttling allows the spam to pass, but analyzes each incoming message as it passes for spamminess. Spammy messages have the connection speed slowed to a t r i c k l e, so that pumping thousands of messages through the mailserver takes forever.

I just read about another technique that blocks fire-and-forget spammers: if incoming mail is sent from an unknown source, the receiving server responds "unavailable--try again later." Honest senders will. Spammers often don't bother re-queueing in this case.
posted by adamrice at 8:08 AM on February 3, 2004

Three years ago, I killed an email address at one of my domains. Last week I re-enabled it. The very same day I got spam to it. I couldn't believeit. After 3 years of bounce-backs these people still don't delete them.
posted by dobbs at 9:36 AM on February 3, 2004

After 3 years of bounce-backs these people still don't delete them.

That's because spammers don't get the bounce-backs. Whoever owns the email address they put in the "reply-to" field does. They don't care if 95% of the mail they send out is going to dead or non-existent boxes. From what I've seen, some spammers send out their crap to auto-generated addresses, using some list of common email account names paired with known domain names, the result of which is a few emails going to actual accounts, the rest being "returned" as undeliverable.
posted by deadcowdan at 10:06 AM on February 3, 2004

it does seem to me that the solution is legal rather than technical. Given the tiny numbers of people involved (200 people quoted in that article).

I think this comes down to political will. To put it in perspective, illegal peer-to-peer music downloading has to be a lot harder to stop because so many people are involved.

The solution: lobby government.
posted by johnny novak at 11:16 AM on February 3, 2004

ISPs and/or regulators/DA's should be prosecuting spammers with the same vigor the RIAA applies in its pursuit of file sharers.

And spammers attempting to circumvent spam filters ("V.1.@.G.r.A" etc.) should be prosecuted under the DMCA.
posted by kurumi at 11:35 AM on February 3, 2004

So wait, this piece of shit gets a nice big interview to crow about being a rich spammer?

And he can't be found and prosecuted for the next five years on all of his unwanted crap mailings?

The reason spam continues to exist is because we don't do much to the ones we do catch. Jack up the legal end, make it cost them money to send out 14 million emails and the buggers will go get real jobs.

Kurumi, they should also be sued by Pfizer and the other companies who's trademarked products they are trying to sell under different names.
posted by fenriq at 12:29 PM on February 3, 2004

Gad, I can still remember the first few spam messages I got back in the day - emailing back to each one, "Take me off your goddamn list!"

I was so naive then.
posted by gottabefunky at 2:00 PM on February 3, 2004

The solution: lobby government.
And this will help fight spammers whose businesses are registered/servers located on Grand Cayman...how?

And spammers attempting to circumvent spam filters ("V.1.@.G.r.A" etc.) should be prosecuted under the DMCA.
Are you kidding? I don't like anything that tends to legitimate the DMCA.

kurumi, they should also be sued by Pfizer and the other companies who's trademarked products they are trying to sell under different names.
But that's not at all what they're doing.
posted by adamgreenfield at 2:00 PM on February 3, 2004

If the message doesn't conform to one or the other of those criteria (and most of the time it's both) then the message gets thrown into my Junk folder and I can ignore it.

I had lunch today with a gentleman who is contact point for in-school volunteers. As such, he can't really whitelist (new volunteers would never get in touch with him via email) and his Email is on public view on half-a-dozen websites. He says he gets between 1000 and 2000 spam messages per week, sometimes more. He's actually considering abandoning volunteer work he loves, and that he's very good at, because of the massive volume of spam he gets on a day-to-day basis.

The solution has to be legislative.
posted by anastasiav at 2:41 PM on February 3, 2004

I don't know about all of this - I've had the same Yahoo address for five years (different from the hotmail acct I use w/ this account) and only give it out when I'm buying something online (from a place like Amazon) or to somebody I trust and never post it online - I get maybe 30 unsolicited messages a day (all of which are caught by Yahoo's spam filter). My work email, which I never give out to anybody but for work (and have had for four years)? Maybe three or four unsolicited messages a day.

I think that people who get thousands of messages a day aren't being very careful with their email addresses. In the same way that you don't post your phone number all over the place, you have to be careful w/ your email address.
posted by drobot at 2:52 PM on February 3, 2004

drobot: Try running a website and providing people with a way to contact you via email. You will be amazed at how popular you suddenly become.
posted by moonbiter at 2:57 PM on February 3, 2004

drobot: Have you considered that the difference might be filtering at the transport agent level? I know that Yahoo!, at least, does some pretty serious filtering of everything coming into their system, and it's possible that the ISP used by your employer does so as well. I only get 10-15 spams/week, even though my address is everywhere. This is because my email account is on a network with some seriously anti-spam sysadmins, and they go out of their way to filter out the cruft coming into the system before it gets to users.
posted by mr_roboto at 3:04 PM on February 3, 2004

moonbiter: My experience has been that just owning a domain name is enough. I haven't ever had any of my email addresses on my web site, and yet I get spam in the 100s every day to addresses that don't even technically exist on my domain. In fact, I have never used any of my addresses other than two Yahoo ones for signing up for buying anything on the internet, and all my my ISP addresses get a ton of spam as well.

I have pretty much given up on using email at all.
posted by Orb at 3:09 PM on February 3, 2004

H.0.W 2 G.e.T 0.U.T 0.F J.A.i.L !!!
posted by sgt.serenity at 5:07 PM on February 3, 2004

The solution is not legislative - unless someone can come up with a way to legislate across country borders, there is nothing to stop companies from locating servers in any number of countries that don't give a flying fuck about spam.

The solution is not to kill off the idiots who buy from spammers, no matter how attractive that may seem at times.

The solution has to be technical and, as I see it, the only place this can be achieved is at the ISP and web hosting companies level. I feel for the ISPs and web hosts, as they have born a large portion of the cost of spam so far in bandwidth and general resources theft, but they are the one common point where most people get their mail through. Large companies who operate their own servers would be able to implement the same solution, of course.

I have no idea what the solution actually is, but whitelisting is certainly not it - if, like many businesses, you get a lot of new contacts via e-mail, you cannot afford to cut off potential customers by making them jump through hoops to get to you (the same applies to systems that force you to verfiy yourself by replying to an auto-generated message). If you advertise your company via a web site, you need to have your e-mail address on the site and spammers can get that just as easily as customers, no matter what sneaky tricks you try. Even if you do not have your e-mail address anywhere, it seems, having a domain makes you a target. I have recently started getting hundreds of bounce-backs with the original message coming from all sorts of non-existent addresses at a domain I own.

In the same way that you don't post your phone number all over the place, you have to be careful w/ your email address.
Actually, if you are marketing a business, you do post your phone number and your e-mail address and your web site all over the place. That is kind of the point of marketing, after all.
posted by dg at 6:55 PM on February 3, 2004

Let's learn to link to the permanent versions of things shall we? That way, when people like myself look at stories a day or two later, it's still the same story. sheesh

Mr. Spam Man
posted by mikhail at 10:40 AM on February 5, 2004