North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Spam and "following the money"
Joe makes some excellent points. I have started to use the Spamcop service to help get abuse reported through the right channels. I suspect that it doesn't actually shut many people down, but it does help increase awareness of open proxies and other misbehaviors. When medical spam comes in (offering a service that I may or may not need - I leave those to your imaginations), I will often forward to the State Attorney General under the following argument. If I need the item being offered then the mechanism by which they have notified me is not one that I have specifically opted in to as required by HIPAA. If I don't need it then it is purely SPAM and contravenes those laws. I have only just started this approach, but I quite like it. My early morning session with SpamCop provides quite cathartic! Chris <snip> > Subject: Spam and "following the money" > > > Hi, > > Whenever the topic of spam comes up, the suggest always arises that people > "follow the money" to track the spammers. Sometimes, it is true, that will > be useful, but it takes a rather naive approach to the spammer's business > model. > > In many cases, spammers don't actually need to *deliver a product or > service* > to the person they are spamvertising to make money from sending spam. > > Some spammers make their money via banner advertising revenues: if they > can > get you to visit one of their pages (even an "unsubscribe" page), they can > get "hits" for some advertising program and make money from you. > > Or consider pump-and-dump stock tout spam... no direct product or service > needs to be delivered to a spammee for the spammer to make money, assuming > he can use spam to run the stock price up and the SEC doesn't jump on > traders > with unusual purchase and sale patterns. > > In some cases, the spammer's scheme is outright fraud: one of the reasons > that penis enlargement spam (or spam for Viagra or other "embarassing"-to- > purchase products) is so common is that spammers are counting on people > being too embarassed to admit that they (a) fell for a scam, and (b) that > they were dumb enough to send cash to some PO Box in Romania, and (c) that > they needed the particular product that was being spamvertised in the > first place. > > Likewise spam for pay-per-view cable descramblers/theft of service devices > and other illegal/semi-illegal products: if your pay-per-view theft of > service > cable descrambler provider fails to deliver a functioning theft-of-service > device for your use, who are you going to complain to, the police? > > It is also worth noting that in many cases people are providing their > name, > credit credit number, and expiration date to some random server hosted > somewhere in China, hmm, whaddya think, any possibility of fraud taking > place? I could make fifty bucks selling some fake human growth hormone, or > thousands charging stuff on a steady stream of live credit card numbers. > If > I had to point at the most common way to make money from spam these days, > I'd bet on credit card fishing... > > But even routine credit card fraud pails in comparison to the costs > associated with trying to regain your financial identity after it has been > completely co-opted following provision of complete financial details to > some "mortgage referral specialist..." > > And then there are the pr0n "dialer" dudes, who offer "free" access to > their pr0n site, you "just" need to use their special software (which > calls > a 900 number somewhere in the Caribean for $15.00/minute, and/or sends > more > spam for them). > > Lastly, there are plenty of spam service providers who make money from > selling email addresses, selling spam software, selling spam hosting > services, > you name it... in fact, some of the largest American carriers are > *perfectly* > willing to provide connectivity for spamvertised web sites so long as the > spam doesn't actually get sent from that connectivity (and with hundreds > of > thousands of open proxies out there, well, there's no need for a spammer > to > be that gauche!) > > If you want to stop spam, take the time to see where spamvertised web > sites > are being hosted, and who's providing transit for those hosts. I've been > doing > this for a while now, and I can *definitely* see some pretty obvious > patterns. > > I guess those transpacific OC3s and OC12s for "strategic" customers > are just too lucrative to risk jeopardizing with trifles like enforcing > terms of service... > > Regards, > > Joe
|