Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

RE: Spam and "following the money"

  • From: Christopher Bird
  • Date: Wed Jun 18 07:52:02 2003

Joe makes some excellent points. I have started to use the Spamcop
service to help get abuse reported through the right channels. I suspect
that it doesn't actually shut many people down, but it does help
increase awareness of open proxies and other misbehaviors.
When medical spam comes in (offering a service that I may or may not
need - I leave those to your imaginations), I will often forward to the
State Attorney General under the following argument.
If I need the item being offered then the mechanism by which they have
notified me is not one that I have specifically opted in to as required
by HIPAA. If I don't need it then it is purely SPAM and contravenes
those laws.
I have only just started this approach, but I quite like it. My early
morning session with SpamCop provides quite cathartic!

> Subject: Spam and "following the money"
> Hi,
> Whenever the topic of spam comes up, the suggest always arises that
> "follow the money" to track the spammers. Sometimes, it is true, that
> be useful, but it takes a rather naive approach to the spammer's
> model.
> In many cases, spammers don't actually need to *deliver a product or
> service*
> to the person they are spamvertising to make money from sending spam.
> Some spammers make their money via banner advertising revenues: if
> can
> get you to visit one of their pages (even an "unsubscribe" page), they
> get "hits" for some advertising program and make money from you.
> Or consider pump-and-dump stock tout spam... no direct product or
> needs to be delivered to a spammee for the spammer to make money,
> he can use spam to run the stock price up and the SEC doesn't jump on
> traders
> with unusual purchase and sale patterns.
> In some cases, the spammer's scheme is outright fraud: one of the
> that penis enlargement spam (or spam for Viagra or other
> purchase products) is so common is that spammers are counting on
> being too embarassed to admit that they (a) fell for a scam, and (b)
> they were dumb enough to send cash to some PO Box in Romania, and (c)
> they needed the particular product that was being spamvertised in the
> first place.
> Likewise spam for pay-per-view cable descramblers/theft of service
> and other illegal/semi-illegal products: if your pay-per-view theft of
> service
> cable descrambler provider fails to deliver a functioning
> device for your use, who are you going to complain to, the police?
> It is also worth noting that in many cases people are providing their
> name,
> credit credit number, and expiration date to some random server hosted
> somewhere in China, hmm, whaddya think, any possibility of fraud
> place? I could make fifty bucks selling some fake human growth
hormone, or
> thousands charging stuff on a steady stream of live credit card
> If
> I had to point at the most common way to make money from spam these
> I'd bet on credit card fishing...
> But even routine credit card fraud pails in comparison to the costs
> associated with trying to regain your financial identity after it has
> completely co-opted following provision of complete financial details
> some "mortgage referral specialist..."
> And then there are the pr0n "dialer" dudes, who offer "free" access to
> their pr0n site, you "just" need to use their special software (which
> calls
> a 900 number somewhere in the Caribean for $15.00/minute, and/or sends
> more
> spam for them).
> Lastly, there are plenty of spam service providers who make money from
> selling email addresses, selling spam software, selling spam hosting
> services,
> you name it... in fact, some of the largest American carriers are
> *perfectly*
> willing to provide connectivity for spamvertised web sites so long as
> spam doesn't actually get sent from that connectivity (and with
> of
> thousands of open proxies out there, well, there's no need for a
> to
> be that gauche!)
> If you want to stop spam, take the time to see where spamvertised web
> sites
> are being hosted, and who's providing transit for those hosts. I've
> doing
> this for a while now, and I can *definitely* see some pretty obvious
> patterns.
> I guess those transpacific OC3s and OC12s for "strategic" customers
> are just too lucrative to risk jeopardizing with trifles like
> terms of service...
> Regards,
> Joe

Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.