In <200405271521(_dot_)14472(_at_)linuxrulz>
spf(_at_)misc(_dot_)lka(_dot_)org(_dot_)lu writes:
begin Thursday 27 May 2004 14:11, ernst(_at_)baschny(_dot_)de quote:
It's cheaper to send 1.000.000 emails out to "anyone" and expect that 1%
click on the link than to carefully find and select 10.000 interested
persons where probably 10% will click on the link. This selection is too
expensive and not needed yet (since the burden to send 1.000.000 emails is
so low).
However, what they're confronted with is a situation where 0.1% of
their audience is annoyed so much about spam that we're ready to
spend significant amounts of time to fight spam (by developping tools
and protocols to stop them).
If the spammers would have been smart, they would have *negatively*
selected us, so that much less of us would get spam.
I think we're over-generalizing spammers... You need to consider three
separate groups, with very different agendas;
1) spam-software writers. These folks sell their "spam-4-u" software bundles
dirt cheap, with CDs full of "millions and millions" of (potential) email
addresses. The lists I've seen are practically "thrown in" with the soft-
ware, and we all know bigger numbers look better on the ads. "25 Million
email addresses" sells much better than "1 million email addresses" -
quality of the addresses not withstanding (considering their market).
These folks likely operate on the same business model as M$ does... They
SELL software (and upgrades). As new anti-spam techniques come out, their
"customers" need to buy new software from them. These folks BENEFIT from
most anti-spam efforts; like anti-virus writers, their customers must
continue to pay to remain viable.
THESE folks are the "smart spammers" - though I doubt many of them actually
DO much spamming.
2) A small group of professional spam-service providers. These are the folks
employing smart programmers and likely the ones behind the viruses that
convert end-user systems into zombie spam-systems. The ones behind the
voracious mortgage spams, generic viagra, stock quotes, and some porn ads.
THESE are the folks who will feel the impact of anti-spam measures, and
the only ones we can hope to deter by making "professional spamming" more
"expensive" (in financial or legal terms). These folks are smart, and they
have significant financial resources behind them. They market like pros,
and often trick unsuspecting customers into spamming by claiming all
their email addresses are "opt-in" addresses. Fax.com was famous for this
ploy in the junk-fax world.
3) Most actual "spammers" are NOT all that smart. Most reputable/smart people/
organizations nowadays know the negative ramifications of spamming. Aside
from the few organized criminals (identity theft/phishers/etc), the bulk
of the "spamming for a particular company or service" spam senders paid
their $99 for a spam "bulk email advertising package" and fired it off
-likely not knowing or understanding the backlash they'll encounter.
The repeat offenders - based on the stories of those getting arrested -
are career criminals (or borderline criminals), and I don't recall hearing
of a single one that wrote their own software. Some buy the CDs full of
email addresses to load into their $99 spamware packages; some buy the
"deluxe" spamware that trolls newsgroups and/or websites for more "current"
email addresses. "chickenboners" in this group often have little to lose,
and typically not enough assets to make legal actions worthwhile. These
folks will continue to be a nuisance, and are not likely to go away.
Making the phishing schemes more difficult (which SPF et al will hopefully
accomplish) will make take away an easy tool from the career criminals
though I'm sure the spamware tools will adapt quickly to utilize non-
compliant domains, or other tricks we haven't thought of yet. Even one
spam run per each of the millions of non-SPF controlled domains is a LOT
of junk, and will keep spammers going for several years... Enough time to
find other holes.
"Know your enemy" ;-)
-Chris Bartram