What are they Thinking?
I just don’t get spammers… What are they thinking? Today I received over 2000+ spams of virtually the same email to the same email address box! The only thing they did to change the spam emails was change the sender the information once in a while. What are the odds that if I don’t open an email entitled “Extra!!!” from “see bucky” after 10-20 exact same emails that I’ll open it from “nydia avrom”, or from “benoite lizbeth”, and so on. For over 2000+ spam emails in one day (less than 10 hours actually)!
I just don’t get it. What are they thinking? What a waste of my time and their time. First they waste a lot of bandwidth, cpu cycles, etc., but they also force me to sift through a barrage of this garbage. Why? How can it possible be effective? After seeing 100 or so, it was pretty obvious what was going on.
I can’t wait until someone finds a good solution to this problem. SpamBayes, an open source software that was suggested to me in a previous article is really helping, but I’ll tell you, I’m opening up more and more to the idea of a small toll on emails. Even something as simple as 1 cent per email would be worth it. For most people, that’s under $10/year, which is worth it. That’s also cheaper than buying software to deal with this issue, not counting the time lost! And for spammers who send millions of emails, that’s a real good economic dissentive!
· November 14th, 2006 · 11:09 pm · Permalink
Why are you still using outlook? Maybe you should switch to Gmail or something? You can even use outlook with Gmail. All of my spam goes straight to the spam folder. Atleast 2k a week worth of them.
· November 14th, 2006 · 11:48 pm · Permalink
Hi Barry
Unfortunately not everyone can switch to Gmail, etc. I’m actually the founder of a company called LandlordMax and therefore it’s very important that I have an email with the LandlordMax.com domain. It doesn’t look nearly as professional having an email coming from gmail, etc., than from your domain.
As well, you have to remember that gmail is not entirely private. If you look at the agreement when you sign up, they have the right to parse your data and use it…
But lastly, even Gmail is not perfect at picking out all the spam. There can be a lot of false negatives, which is where a non-spam email is intercepted as a spam email. If it was a personal account, I could live with these mistakes, but being the founder of a company, many of the emails I receive are critical, and their loss could result in substantial monetary losses! So it’s important that I manually scan all the spam emails for false positives.
If you’re interested, I recently wrote an article asking for possible solutions to this problem. Many people wrote some really good tips. If you want, you’re more than welcome to check it out here.
· November 15th, 2006 · 6:18 am · Permalink
My totally unqualified guess is that the spammers have contracts specifying how many emails they will send. If they only have 1 address and the contract says to send 100 emails, that 1 address gets them all. Of course the numbers are probably more like 500,000 addresses and 5,000,000 emails.
· November 15th, 2006 · 1:39 pm · Permalink
That’s really unfortunate receiving that much spam.
Just a quick note on Gmail. Google offers a hosted Gmail service, which they now call “Google Apps for your Domain”. For email, you can have up to 25 (or even more) email accounts at 2GB each, with your own domain. I’ve been using it for several months now and it works great. You need to sign up for the service, which is free, and point your MX records to Google’s DNS, but after that you’re good to go. I think it’s a good option for the mISV.
· November 15th, 2006 · 9:32 pm · Permalink
Hi Andy,
I don’t know if it’s that simple. My thinking is that spammers probably aren’t the most ethical group to start, so they’re probably selling the products (either themselves or through affiliates) as the margins would be much higher… Of course I could be wrong, I’m not a part of that industry either 🙂
· November 15th, 2006 · 9:35 pm · Permalink
Hi Carmen,
Yes, that’s an option. However when it comes to confidentiality one thing you need to realize is that Google owns the data, not you. This means that they can legally parse your data, analyze it, etc. As a smaller software vendor, even though it’s unlikely they will use it, it’s still not a risk I’m willing to take.
As well, remember that it is a free service. There’s nothing to prevent them from discontinuing their Gmail offering. Again, it’s not likely to happen, but it’s not worth the risk.
And yes, it’s an unfortunately large amount of spam. Combine my personal spam with the amounts of spam we get for LandlordMax through technical support and it quickly adds up!!!
· November 15th, 2006 · 10:12 pm · Permalink
A toll on emails wouldn’t work… Spammers are moving to botnets, so it wouldn’t be the spammers picking up the tab for sending spam, it’d be the people infected with their malware…
· November 16th, 2006 · 8:37 am · Permalink
I run a postfix mail server and these 3 things stopped almost all my incoming spam:
1. installed “postgrey” – It uses greylisting, meaning that when another server tries to deliver mail, my mail server will respond with “try again later”. Real mail servers will attempt redelivery but spammers never bother.
2. tightened up the rules for header_checks and body_checks – Things like eliminating mail from places like .kr, .ru, or mail that has obvious virus signatures.
3. turned on smtpd_helo_required, and smtpd_helo_restrictions – proper mail servers always send a real address with the HELO command, and spammers almost always send garbage (or the name of your server). It’s an easy place to reject mail.
I never even bothered to install spamassassin, or any kind of filtering. These steps worked for me.
Good luck!
· November 16th, 2006 · 10:25 am · Permalink
> If you look at the agreement when you sign up, they have the right to parse your data and use it…
At least they have a policy which states explicitly what they can do with your data when it’s on your server. Most mail service providers (ie. SMTP and POP that comes with hosting accounts) don’t offer any such restrictions.
> So it’s important that I manually scan all the spam emails for false positives.
What would be stopping you doing this in GMail?
> However when it comes to confidentiality one thing you need to realize is that Google owns the data, not you
This is simply not true at all:
“Google does not claim any ownership in any of the content, including any text, data, information, images, photographs, music, sound, video, or other material, that you upload, transmit or store in your Gmail account. We will not use any of your content for any purpose except to provide you with the Service.”
This is from section nine of https://www.google.com/mail/help/terms_of_use.html
> As well, remember that it is a free service. There’s nothing to prevent them from discontinuing their Gmail offering.
There’s nothing to prevent your ISP going bust either.
· November 16th, 2006 · 12:16 pm · Permalink
Presumably the spammer wasn’t expecting so many e-mails to get through your spam filter.
· November 16th, 2006 · 10:46 pm · Permalink
Hi Rob,
I suspect you may be right when you consider the usage of bots that’s already becoming more and more prevalent… Perhaps we need to look at a better protocol, where you can’t spoof an email address… At least this way it would make spam filters a lot more accurate
· November 16th, 2006 · 10:47 pm · Permalink
Hi bhousel,
You know what I find most interesting about your comment? You’re a perfect example of just big this issue is, and how there’s no perfect solution. Everyone has different solutions depending on how big their problem is, but there is not one ideal solution!
· November 16th, 2006 · 10:52 pm · Permalink
Hi Rob,
1. Yes, that’s a great thing! I couldn’t agree more.
2. Nothing. I was just trying to point out that it wouldn’t really solve my problem… I’d still be stuck going through all the junk folder anyways 🙂
3. You’re right, I apologize. I could have sworn I read something to the effect that Google can use the information within your email for search purposes, etc. when it initially started… Either way, it’s no longer there, so you’re absolutely right!
4. Exactly. But if my ISV goes bust than I probably don’t need to receive my emails either from that domain 😉
· November 16th, 2006 · 10:53 pm · Permalink
Hi Dave,
It’s possible. I’ve also been noticing a trend these days where many of the spams emails contain nothing but random texts (for example extracts from books, etc.). I’m guessing this is to un-train some of the Bayesian filters out there. Who knows…
· November 17th, 2006 · 12:49 pm · Permalink
Unless as Steph mentioned its for untraining filters, I can’t understand why I get so many spams that are either blank or just totally random garbage. Absolutely no purpose.