Executive Summary: IT'S THE CRIME, STUPID!
I think these discussions are entirely missing the meat (heh) of the
spam problem.
The problem is, to paraphrase Crazy Eddie*:
How do they do it? volume! Volume!! VOLUME!!!
And how do spammers achieve volume?
crimes! Crimes!! CRIMES!!!
I have filters set up for many specific spams, typically on URLs in
the body text, going thru World (not my personal mailbox, the entire
system.)
I will see the same exact spam sent from dozens and sometimes hundreds
of different IP addresses in a day.
The spammers do not own those machines.
The machines are generally in dial-up, DSL, or cable modem pools and
appear to have been hijacked by viruses or similar, though not
exclusively.
This is already illegal.
Fraud and illegality are a spammers' stock in trade.
That means they do not sell advertising.
They do not sell e-mail marketing services.
What they sell their customers is CRIME.
They'll use 150 computers illegally to send out your spam. Their
customers aren't so inclined. So better to pay the spammer a few
bucks.
It's similar to the old organized crime waste-dumping where you'd pay
some guys a few bucks in cash and they'd take your toxic waste away in
a truck and dump it on the side of the highway or some other place in
the middle of the night.
You could drive your own toxic waste to someplace out of the way and
just dump it, but you don't have the inherent criminality; you don't
consider 12 months in a medium-security lock-up every few years a cost
of doing business. So you pay these guys and don't ask too many
questions where your waste is going or how they dispose of it so
cheaply.
THEY weren't in the toxic waste removal business.
And spammers aren't in the email marketing business.
They are both selling CRIME.
Fraud and illegallity are the only thing which makes it possible for
spammers to be the problem they are.
If the fraud and illegality which allows spammers to exploit untold
thousands if not millions of others' computers were stopped (or even
just seriously reduced) spam would not be much of a problem.
If spammers had to own the machines and not steal resources wantonly:
a) They couldn't afford enough machines to be much of a nuisance any
more than those guys in waste-management could pay to have your
toxic waste properly disposed of. The criminality is essential to
their business model.
b) They couldn't afford the bandwidth and connectivity.
c) We'd all know where it was coming from even if they could manage
to set it up so we'd just block it anyhow.
If Ralsky (e.g.) truly had rackloads of machines pumping multiple T3's
or better we'd just block the IPs and it'd be over. If they hijacked
ip blocks that'd be discovered quickly and be responded to also.
But he and other spammers don't work that way.
They jump between hundreds and hundreds of compromised computers.
Ok, what to do isn't easy or obvious, BUT THAT'S ALL we really have to
do and these guys are out of business, for all intents and purposes.
Would you ever see another spam? Yes. Your kid brother downstairs with
the hand-me-down Apple-][ could spam you, c'mon, get serious.
Would we see millions upon millions of spams being sent out all over
the internet which we can't block?
No, almost certainly not.
Would we see dictionary attacks and similar mind-boggling bulk
attacks?
No, almost certainly not. Rather simple filters/firewalls would catch
them and shut them off because they wouldn't be hopping around between
hundrds of compromised machines with seemingly random IP addresses.
Just to demonstrate, attached below are the 141 different IP addresses
used between midnight and about 5PM *TODAY* (i.e., 17 hours) seen by
ONE server here for the same peace4earth.com spam (online pharmacy no
prescription necessary etc.)
All these machines have spewed the same exact spam message today:
144.136.188.26
148.223.188.163
166.114.107.98
168.126.169.195
194.149.108.140
194.222.2.132
195.146.157.49
195.226.230.200
195.38.105.32
195.77.209.5
210.103.209.187
210.107.38.24
210.18.122.10
210.196.88.115
210.49.252.134
210.49.35.166
210.7.84.103
210.83.219.132
212.142.189.146
212.150.88.36
213.134.0.8
213.178.69.82
213.229.7.76
213.245.66.166
213.76.139.210
213.8.90.124
213.96.78.12
213.96.98.101
213.97.182.231
216.104.197.157
217.10.248.122
217.107.128.90
217.133.25.4
217.159.17.146
217.218.89.149
217.219.166.6
217.37.65.89
218.106.244.2
218.135.142.155
218.152.51.197
218.234.135.162
218.242.115.80
218.253.129.63
218.253.168.99
218.253.33.71
218.64.148.222
218.64.151.147
218.64.211.22
218.64.86.38
219.145.195.104
219.232.25.221
219.241.175.134
219.241.3.45
220.120.60.4
220.121.152.206
220.125.152.91
220.168.130.74
220.40.224.29
220.70.167.99
220.72.211.120
220.83.131.175
220.84.110.82
220.86.180.223
220.87.245.28
220.92.247.7
61.10.43.85
61.10.76.27
61.100.215.253
61.11.76.122
61.15.141.194
61.15.196.157
61.16.132.39
61.16.133.19
61.16.150.6
61.161.97.202
61.171.149.58
61.18.156.192
61.18.50.198
61.184.37.171
61.187.68.2
61.236.107.10
61.238.167.165
61.243.63.3
61.26.188.189
61.32.66.204
61.39.4.196
61.42.67.233
61.42.84.83
61.43.149.135
61.43.153.231
61.52.63.153
61.53.202.109
61.66.104.251
61.70.123.156
61.74.2.189
61.78.159.172
61.96.154.84
61.97.43.233
62.117.78.235
62.121.12.28
62.141.70.94
62.143.165.76
62.193.75.114
62.253.113.94
62.32.38.22
62.43.121.103
62.43.121.46
62.56.179.147
62.57.109.183
64.187.38.68
66.130.203.126
80.132.60.153
80.179.64.8
80.198.62.112
80.232.222.8
80.26.113.36
80.32.12.234
80.32.126.242
80.32.141.144
80.33.100.178
80.33.215.46
80.33.62.168
80.35.160.47
80.35.73.190
80.35.82.133
80.36.157.166
80.4.4.110
80.50.134.132
80.55.178.34
80.56.116.171
80.59.244.197
80.83.39.243
81.102.213.101
81.130.202.75
81.202.22.228
81.202.96.77
81.203.72.212
81.218.30.231
81.220.66.251
81.66.157.15
81.98.93.221
Executive Conclusion: It's the CRIME, STUPID!
* Crazy Eddie was a colorful character who owned a small chain of
small appliance stores in the NY/NJ area. His ads were generally him
running frenetically between items for sale laid out on a table in one
of his stores yelling and screaming product names and prices at the
camera and finishing up with one or both of "OUR PRICES ARE INSANE!"
and "HOW DO WE DO IT? VOLUME! VOLUME!! VOLUME!!!"
--
-Barry Shein
Software Tool & Die | bzs(_at_)TheWorld(_dot_)com |
http://www.TheWorld.com
Purveyors to the Trade | Voice: 617-739-0202 | Login: 617-739-WRLD
The World | Public Access Internet | Since 1989 *oo*
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg