Inkwell: Authors and Artists

    
David wrote:

>There's a growing number of younger people who think that getting a
>free ipod (or even a copy of Girls Gone Wild) is a perfectly
>acceptable trade for some extra spam.  I'm not sure why that is --
>possibly because they treat e-mail addresses as disposable?

Could be. Plus, a lot of under-20s are relying on instant messaging as
their primary online communication tool. Email is just for registering
for web site access, freebies, etc.

>That does bring up another (devil's advocate) question that's central
>to any debate about spam: Is it really that big of a deal?  

As the author of a book about the spam problem, I'd love to be able to
say it ranks right up there with global warming and AIDS. But
obviously junk email is not anywhere near those issues.

Junk email is tantamount to digital pollution. It's a by-product of
selfish Internet industrialists who abuse a shared resource. If it's
not in your backyard, you may not care too much about spam problem. But
in some hot spots, it actually threatens peoples' ability to
communicate. 

>What is there that's so offensive about spam that would cause people
>to spend so much time tracking down spammers? 

Perhaps because it's a business typically built on fraud, theft of
resources, and trespass? And because the products advertised are often
offensive, illegal, or at least unwanted by many recipients? :)

It's hard for some people to understand the bitterness between
spammers and anti-spammers. Much of it stems from the fact that many
spam opponents have their roots in system administration. (Hence the
newsgroup that's become the online homeplace of many anti-spammers:
news.ADMIN.net-abuse.email.) For some of these folks, dealing with spam
has become a major (and distasteful) part of their jobs. They seem to
set the tone for lots of other anti-spammers, even relatively
non-techie newbies like Shiksaa.
  

    
John wrote:

>given the effacacy of my current spam filter, a free iPod might be
>worth it....

What filter are you using? There's really no reason today why a filter
shouldn't be catching 99% of spam, with very few false positives.
  

    
I think he meant it's working well, so there would likely be no
fallout to signing up for a freebie.
  

    
Dan wrote:

>Among other idiocies, several people are saying that shiksaa should
>sue you because you used her in the book without paying her. 

Yeah, there's an unfortunate tendency in newsgroups in general and
Nanae in particular for some participants to voice strong opinions on
subjects they know nothing about. :)

Some Nanae-ites apparently feel that journalists in the past have
painted them as kooks or vigilantes. I think they see themselves as
gallantly defending Shiksaa against what they assume is an unfair
trashing by moi. (If they ever read the book, they'll be surprised to
learn that she's the heroine and that the work of anti-spammers is
generally celebrated.)

>What's the reaction been like from you perspective, both from
>spammers, antis, and everyone else, for that matter? 

The spammers profiled in Spam Kings seem to feel that I was pretty
fair and accurate in presenting their stories. (I did get a few
complaints from spammers that too much of the story was dedicated to
the "antis.")

The readers I was most concerned about were those who don't have a
strong allegiance to either side. Would they get swept up in the story
and care about the parallel lives of Hawke and Shiksaa? I've gotten
some pretty nice feedback from that group, and that's been satisfying.
  

    
Lots of nice reviews on Amazon too, save for one illiterate guy, and
one guy who said he liked it, but gave only one star.

>Yeah, there's an unfortunate tendency in newsgroups in general and
Nanae in particular for some participants to voice strong opinions on
subjects they know nothing about.

No way! Really? ;)
  

    
>That does bring up another (devil's advocate) question that's central
>to any debate about spam: Is it really that big of a deal? 

I guess I've gotten used to the gray mail, and can live with doing the
delete button dance.  The junk mail filter in Entourage is very
effective (much moreso, I'm afraid, than spam assassin).  

However, what disturbs me is the murkiness of fictitious return
addresses, and the fear that my own mailbox is being clandestinely used
to pass on spam.

So, are any anti spam strategies targetting senders who don't use true
email addresses?  It would seem this would be a reliable means of
separating wanted from unwanted email.

And, (exposing my naivite)  it true that spammers can slip into an
unprotected online computer and use it to send out multitude spam
without the user knowing?
  

    
>So, are any anti spam strategies targetting senders who don't use
>true email addresses?  It would seem this would be a reliable means >
>of separating wanted from unwanted email.

mossman, good point. Fwiw, the CAN-SPAM law forbids "spoofing" the
return address and requires a true, working from line. On the technical
side, there are efforts underway to establish an email authentication
standard (such as Sender ID, Domain Keys, and SPF) that checks to see
whether the sender of a message truly is who he or she claims to be. 

But those standards efforts have bogged down due to technical,
political, and legal problems. In the meantime, some ISPs and others
are going ahead and using the technology (e.g., AOL is using SPF) as
part of their algorithm for identifying spam.

>it true that spammers can slip into an
>unprotected online computer and use it to send out multitude spam
>without the user knowing?

Yes, there are a number of computer worms and viruses currently in the
wild that turn Microsoft Windows PCs into spam-sending "zombies." The
majority of spam is now being sent through such infected computers. As
a counter-measure, some ISPs have been blocking the data channel (port
25) used by these zombies to send mail. 

If you're on a Mac, it's extremely unlikely that your computer could
be commandeered by spammers in this way. :)
  

    
I'm afraid I haven't read your book yet, but my question has to do
with the Nigerian dictator's fortune spam.  Do you deal with this?

When I first saw this scam over junk fax broadcasting, I was struck by
all of the assumptions about American culture that these spammers were
making.  They understood enough of our underlying values and attitudes
so that they could make a pitch and get enough takers.  

How much does the spamming enterprise make use of culture and what
parts to they focus on?
  

    
David Wilson wrote:

>My question has to do with the Nigerian dictator's fortune spam.  Do
>you deal with this?

Sorry, no, I don't.  It's certainly an interesting (and yet annoying)
genre of spam! But the people behind it don't really qualify for "spam
king" status. (None are listed on the Spamhaus list of the biggest spam
operations, etc.)

>How much does the spamming enterprise make use of culture and what
>parts to they focus on?

I don't think there's anything too profound about spammers'
understanding of the consumer psyche. They sell whatever people are
willing to buy via this medium. (See our earlier discussion about
furtive shopping and porn, pills, etc.) 

The most successful spammers are opportunistic. Case in point: right
after 9-11, spammers were pumping out messages advertising gas masks,
cell-phone boosters, and anthrax test kits. When U.S. troops marched
into Baghdad, Scott Richter broadcast millions of spams for the Iraqi
Most Wanted playing cards. When the FDA announced an impending ban on
Ephedra, Davis Hawke started sending out cell-phone spam touting a diet
pill containing Ephedra ...
  

    
It is interesting how spam goes in waves. In the Well's <media.> 
conference there's a topic where people sometimes post annoying or amusing 
spam. And we all noticed together when there was a sudden recent upsurge 
in Rolex spam. No one had seen much Rolex spam before that, and all of a 
sudden everyone was getting a dozen of these a day. 

Do you know why spam would go in waves like that, not really related to 
outside events such as 9/11, but a sudden increase in specific offerings?
  

    
I think, but am not sure, that there is essentially just one Rolex
peddler. The spams, though, come from dozens or hundreds of different
spammers under the supplier's "affiliate" system. Many, many de facto
spammers hide behind their affiliates, Pontious Pilot-like. 
  

    
>there was a sudden recent upsurge in Rolex spam. No one had seen much
>Rolex spam before that, and all of >a sudden everyone was getting a
>dozen of these a day. Do you know why spam would go in waves like
>that, not really related to outside events such as 9/11, but a sudden
>increase in specific offerings?

Jnfr, a few months back I asked Louisiana spammer Ron Scelson about
the Rolex spams. (Scelson is in "Spam Kings," and he spammed Rolexes a
while back.) He told me that it's a seaonal thang, a pre-Xmas push from
spammers not unlike what brick-and-mortar retailers would do. 

Then again, some of these waves may be caused by the manufacturers who
supply spammers. Hawke's 2003 barrage of penis-enhancement pill spams
started when a contract manufacturer in Kansas told him it had come up
with a new idea for packaging herbal Viagra as penis fertilizer. :) 
When that market slowed down, Hawke switched (ironically) to hand-held
lie detectors, because he discovered a company that was wholesaling
them for cheap.
  

    
>I think, but am not sure, that there is essentially just one Rolex
>peddler. The spams, though, come from dozens or hundreds of different
>spammers under the supplier's "affiliate" system. 

Dan, I know of at least two big Rolex spam operations, but your point
is correct: spammers like to farm out the work to affiliates. As I
describe in the book, Hawke had scores of people signed up as
affiliates. He agreed to pay them about a 40% commission for every
order of penis-pills they sent his way.

I recently reported on my experience undercover as a Rolex spam
affiliate: http://www.salon.com/tech/feature/2004/12/14/spam/
  

    
I remember that article now that you mention it. That was pretty 
interesting. 

So it's much like an "ordinary" retailer in the sense that they come 
across a quantity of a cheap product, or they are hitting a particular 
marketing opportunity, but instead of using what most of us would consider 
acceptable channels, they use spam. And of course, a lot of what they are 
selling are scam products or just not worth the money...
  

    
Brian, you didn't get much into pornospam in the book. Was this a
conscious decision on your part, or did you try to get some of them to
talk to you? There is the infamous Whittaker Communications/US Wives
outfit, there is the "pussycash" guy in San Diego, and the one I think
is the biggest of them all, Webfinity/Dynamic Pipe. 
  

    
>You didn't get much into pornospam in the book. Was this a
>conscious decision on your part, or did you try to get some of them
to
>talk to you?

Dan, sounds like you really know your pr0n spammers! ;-)

It wasn't really a conscious decision. I guess I organized the book
primarily around the stories of Hawke and Shiksaa. If either had
encounters with major porn spammers, then that might have convinced me
to work them into the narrative. On the other hand, I wouldn't have
wanted to drop any of the spammers who are in there. Maybe I'll add
porn kings to Spam Kings II. (Just kidding.)
  

    
Do the porn spammers use any different techniques from "regular"
spammers?  Obviously the e-mails are more generally offensive (I'll
never forget the stunned and bewildered look on my mother-in-law's face
after she got her first hardcore porn spam), but are they any
different otherwise?


Dropping back a little earlier in the discussion, it seems like laws
and spam filters and so forth are only barely keeping up with the flood
of spam -- if not losing ground.  

Do you think the war on spam is winnable?  And (as a twist) do you
think the tactics the anti-spam fighters use are helping or hurting the
cause overall?
  

    
I wrote about a pornospammer,hence my particular knowledge. And for
some reason, they bother me more than the others. I'm no shrinking
violet, but I still don't like getting lowbrow messages from guys
hawking ASSES RAMMED WITH GIANT COCKS in my inbox.
  

    
Bad enough that I get them, but I sure don't want my grade-school
daughter getting them. I'm willing to let her browse uncensored in the
grownup section of the public library, but not this. I have wondered,
though, about porn ads, how many of them are actually selling a product
as opposed to just harvesting credit card numbers. I was quite
surprised, reading Spam King, at how much actual product is shipped
(whatever the quality of that product might be)
  

    
Betsy, your hunch is right ... porn spam is sometimes designed simply
to harvest credit card numbers. In other cases, the advertised porn
sites will indeed deliver the goods, but they will also secretly try to
infect visitors' computers with malicious software (keyloggers,
autodialers, spyware, etc.) using vulnerabilities in Microsoft's
Internet Explorer.  

Yeah, successful spammers can move a lot of product when they're on a
roll. At one point, Hawke's company was spending a couple thousand
dollars each month on shipping.
  

    
It's funny that just a few years ago, it was assumed that very few
spammers actually made any money. I remember really savvy people saying
that spam may not last, or would at least dwindle to acceptable
levels, because it would become generally known that there was no money
in it.
  

    
Dan, I was among the people who suspected that the only money was
being made in selling spam software, mailing lists, etc., and that it
was a kind of Ponzi scheme that would implode over time.

My eyes were opened in 2003 when I stumbled across order logs at one
of Hawke's penis-pill sites, and saw that people from all walks of life
were placing orders totalling hundreds of thousands of dollars. I
wrote about it for Wired News:

http://www.wired.com/news/business/0,1367,59907,00.html
  

    
"No one in this world has ever lost money by underestimating the
intelligence of the great masses of the plain people. Nor has anyone ever
lost public office thereby. "

- H. L. Mencken 
  

    
David asked:

>Do the porn spammers use any different techniques from "regular"
spammers? <

Hmm. Well, their subject lines tend to be a little more direct. I see
a lot of pill spammers trying to "social engineer" recipients with
phony subject lines, such as "Schedule change" or  "Urgent update." The
porno guys often make it quite clear in the subject line that it's
porn spam. Then again, few porn spammers are complying with the federal
"brown wrapper" rule requiring them to label their spams with the
phrase "Sexually-Explicit."

>Do you think the war on spam is winnable?< 

I believe that, for individual users, the spam war is quite winnable.
Get a good spam filter and you can reduce spam to a nuisance level. But
I have my doubts about whether spam is going to stop being the
majority of all email traffic anytime soon. As we've discussed earlier,
there's a population of people willing to do business with spammers.
And some of them are actually responding to spam AFTER it's been
filtered into their spam folders!

>do you think the tactics the anti-spam fighters use are helping or
hurting the cause overall?<

With an estimated 5 trillion spam messages having been sent in 2004, I
don't see how any anti-spam tactics could actually make things worse!
:)

I take that back ... it's arguable that a certain federal "anti-spam"
law has actually made the problem worse by making it legal to spam
someone as long as you give them an option to unsubscribe from future
mailings.  
  

    
I'll note that I've reduced my own spam level to nuisance (with the
help of the WELL which has excellent and sophisticated spam filtering,
with customizable opt-in and opt-out, plug plug) BUT I've had to be
very vigilant against false positives.

Many sites apply spam filtering to all user email without user
control, and the result is that email is becoming less reliable, as
valid email disappears into "black holes". As an email administrator I
understand why we've had to abandon sending bounce messages (which can
spread viruses) or answering postmaster mail (because large sites can
get gigabytes daily) but it hurts to see email reliability degrading.