Other Ways to Fry Spam
April 24, 2000
The Chickenboners and the Lumber Cartel are waging a war over your email box. "Chickenboners" is the less-than-loving nickname bestowed upon spammers by anti-spam activists, says Spamcop's Julian Haight. It refers to "those trailer-trash people that transmit spam from free AOL accounts to make enough money for their next bucket of KFC," Haight said.
The spammers -- no shrinking violets, obviously -- refer to the anti-spammers as the "Lumber Cartel."
"They call us that because they say we would rather kill trees to advertise, than let people use the 'miracle of the Internet,'" Haight said.
A good deal of spam these days comes from "professionals" who offer new-to-the-Net businesses the opportunity to "advertise to a million people for $1,000."
That doesn't sound much different than direct snail mail advertising, and it's certainly cheaper. So the business pays the spammer, and gets a mailbox full of complaints in return.
Spammers are also into pyramid scams. The participants never make any money, but they pay the spammer on top of the heap for spamware, lists of email addresses, or spam bulk-mailing services through a "safe" email account.
"I don't really blame the spammers," says Haight. "They are like mosquitoes in a swamp. If there is water to breed in and people from whom to suck blood, they will survive. I blame the folks who keep the swamp nice and lush ... these few networks are where most spam originates."
How to stop it? Spam-fighters say the best action for individuals is to identify the source of the spam. Then contact the abuse desk at the Internet service provider where the spammer has an account and ask them to terminate the service.
But spammers are onto this technique and typically supply false email addresses or ISP information in their mailings.
There are ways to cut through the lies and find out where any piece of mail originates. But running a whois or traceroute search that digs below the surface information requires more effort than many spam recipients care to invest.
But there are other tools.
Haight started Spamcop -- a Web-based tracking and spam-stopping service, which Haight says gets 2 million hits a month -- because he wanted a way to quickly file complaints about all the spam he was getting.
Another piece of anti-spam ammo is SamSpade, created by UltraDNS architect Steve Atkins.
Atkins used to maintain the FAQ for the alt.stagecraft newsgroup –- and since porn spammers tend to harvest a lot of addresses from the alt.s* newsgroups, he received a lot of spam. So he put together a few cgi scripts on his website to make it easy to track where spam is really coming from. His site now gets about 2.5 million hits a month.
Haight and Atkins both believe that Internet email systems are too naпve, automatically trusting that anyone and everyone is sending legitimate email.
Both foresee a time when people who want to send email will need to use unique ID -- a sort of email license -- to identify themselves.
Once each person is given this ID, then mail administrators would be able to maintain a database of email offenders.
"A secure, authenticated, abuse-resistant electronic mail infrastructure is quite feasible, and in the longer term is the only answer to the problem of email abuse," says Atkins.
Content-based filtering schemes don't work because, as Haight points out, they do unnecessary damage to the mail system by prohibiting whole classes of innocent email.
For example, Hotmail and Yahoo email have recently added bulk mail blockers which trash not only spam, but any email which is delivered in bulk -- including solicited bulk mail from mailing lists. If you don't care about mailing list traffic, this is an excellent filter.
Haight also says that people should ask their service providers to use the Open Relay Behavior-Modification System (ORBS), Dialup User List (DUL), and Realtime Blackhole List (RBL) blocking lists to prevent spam.
"Using these lists can prevent some legitimate email from getting through, but overall they are a good thing," Haight said. "Not only do they prevent spam from reaching your inbox, they also serve to convince would-be senders of legitimate email to help influence the 'rogue' ISP.
"Lots of 'why is my mail bouncing?' questions can really help convince an administrator it's time to get around to fixing that open relay or banning those persistent spammers."
Haight said RBL "is a wonderful club to use on any ISP that refuses to do anything about spam originating from their service."
RBL returns to the sender all mail that originates from a black-holed ISP.
"It is not pretty, but sometimes it's the only way to make them see the light. Basically, if they refuse to deal with spammers living on their network, we refuse to deal with them cutting off their mail servers from the 30-40 percent of mail servers who participate in the RBL."
Michelle Finley, Wired News