Speculation on Spam - Tactical perspective

[tw]

How did they get your e-mail address? A most common way was to troll newgroups. Another was to troll Whois sites for web masters e-mail addresses. Master databases that connected real names and addresses to e-mail addresses was another. Breaking into POP or SMTP servers was an early and aggressive tactic. Even worse, legitamate companies would sell their lists of e-mail addresses. Those were the early methods.

Spammers don't include valid e-mail return addresses. Best to not have the public know where spam comes from. Therefore they don't know which e-mail has invalid addresses. How to verify good addresses?

One trick was to include a hyperlink said to remove you from the their mailing list. In reality, you are only telling the spammer that your e-mail address indeed connects to a real person.

Viruses are a common method of stealing addresses. Many of those viruses really don't attack your system. Instead they send every e-mail address in your address book to a computer in Zambia or St Petersburg. However not all addresses are accurate. A spamming list with more valid addresses can be sold at greater profit. Therefore some method must be made available to confirm valid addresses. After all, some are getting so many spam e-mails that they must change addresses frequently.

I have some e-mail POPs that have never been used except to communicate with companies. Others that have only been used for inter-personal e-mail. And still spammers have found all those addresses. In one case, a friend sent me and 30 other friends some e-mail. One of those other e-mail boxes had 30 valid e-mail addresses for any virus to find and retransmit to an Israeli or Nigerian server.

Another trick may be to send spam mail with graphics. For example, every e-mail includes a request to download a graphic on your mail display. Simply embed a code number in each graphic URL that is unique to the original e-mail address. Every time you open a spam letter, the letter requests a *.GIF file from their server AND tells them whose e-mail requested the graphic. Now they know your e-mail address is good without putting a valid return e-mail address on their spam. You have confirmed that your e-mail address is valid.

Stifle this technique by going off-line before opening e-mail. Then the e-mail GIF URL does not connect to their server - does not confirm the existence of a real person at that address.

Just some speculation on how spam has become more prolific and why you ain't seen nothing yet. 50 or 100 spams per day are not unreasonable IF we are not empowered to make a spammer's livelyhood difficult. They don't have the right to send us advertisments on media they did not pay for. They have the right of free speech. But they also have responsiblity to pay for the media used to exercise that right. Free speech is a right but does not mean on anyone else's media. Owning the media is where rights meet responsiblity. We should have the right to hold others to their responsiblities - so that they don't violate our rights of privacy and peace. Laws still don't protect our rights against spam on media we pay for.