Sunday, April 30, 2006

Ryan Pitylak's community outreach

I know several people on the internet are following this site, and I'd really like to hear from you. Post any question you have in the comments section of this post and I'll answer them. The spam industry is talked about by people on the anti-spamming side, but this is the first place I know where people can talk to someone who used to be on the side that sent the email. I look forward to your comments. :) Please utilize this anti-spam blog.

12 comments:

JoeC said...

What is your take on the idea that forwarding chain/hoax emails is a good way to provide spammers with a long collection of valid addresses to spam? Is this frequent, doesn't happen, or somewhere in between?

Ryan Pitylak said...

There are a few initial comments that I have about this first.

1) We never did that, so I can't tell you from direct experience, but my thought would be that it would be a good list of people to email because they are inherently people who are not that careful about where they place their email address.

2) The value of the email address would probably be small because you only have the email address. Now, if the consumer supplied more data, then it would be worth more.

3) I would expect that this is an irregular way to receive information. Typically people get your email addresses through non-email-related mechanisms, such as offers on the web.

JoeC said...

I wouldn't expect it to be a very common way to collect addresses, web scraping or just random names is simpler, but my point is that it seems a likely way to provide you and all your friend's addresses to a spammer. Because I have a good spam filter, chain/hoax stuff like this sometimes annoy me more than actual spam. It is relatively easy to filter >90% of spam, but how to you filter stupid mail from friends?

Some of these chain mails do provide more information, such as the name that goes along with the sender. But I agree not all do, especially AOL users.

But are names that important to most spammers? They clearly would be very benificial, but I get tons of spam that just uses my email address as my name, even in lower case most of the time, such as "Hi joe..." or runs my name together as it is in my other addresses, still in lower case since that is they way I write my address usually.

The better the information, the more likely the recipient would read the spam, but getting that info is apparently not a high priority for many spammers.

Addresses scraped from websites would unlikely have the person's name anyway (right?), so why would addresses collected through chain mails be any less effective?

I admit I am not that into fighting email spam, I mostly just deal with filtering it on my computer. My antispam fight is against web spam. And that leads to my next question. What seperates email spammers from web spammers (comment spam, wiki spam, referrer spam, etc.)? It seems to me that few spammers do both email spam and web spam. Am I wrong? Were you ever into web spam?

CMS Blog Master said...

Hello Ryan,

I received your comments via email on my blog concerning "Spam Blocking on a Country Level" and much of what you said is true.

It would be problematic for large companies but a majority of businesses are small to medium size and have a well defined scope for their marketing and sales efforts. Country-centric blocking would eliminate a large portion of their spam.

Relaying through "proxy servers" will be an issue but the USA accounts for 40% to 45% of spam, leaving a large chunk of the rest of the world that can be filtered on a country-centric basis.

Besides, I suppose I could look at country filtering from a non-USA view. If my business is in Eurpoe and only does business in Europe, I could block the USA.

Of course I'm biased since my company developed XE-Filter but I believe it fills a hole that currently exists in email filtering products.

Ryan Pitylak said...

JoeChongq:

You are absolutely right. Wiki Spam, Comment Spam, Referral Spam, is all spam just the same. Any technological gap in spam filtering technology will be exploited by spammers. I remember when IRC used to be the best way to spam. This new change in the landscape of spam is starting to sound very much like the IRC spamming days.

As for being spammed by your friends, obviously there is nothing you can do about that. If people build awareness in the media that this information ends up in the hands of spammers, then that is one way to handle the problem. Otherwise people will just learn the hard way.

Now on to your point about the value of spam email addresses that also come with additional information; it's huge. The value increases by at least double. The price for the records does as well, but if you're trying to send email more legitimately, sending email without full information (i.e. full name & address) then you are more likely to get canceled from your internet service provider. For this reason, a lot of companies that can afford the more expensive records will pay for them. However, at the end of the day, the value of the record isn't worth that much more than the cost to acquire those records. More importantly however, is that any spammer who wants to spam from the United States is going to have a hard time doing so without this full information. ISPs need to look out for records that contain this full information and they need to realize that full information does not mean "not-spam".

Ryan Pitylak said...

CMS:

You are biased, but so am I. I think about the big ISPs because that's what I am most concerned about because this is where most of the spammable email addresses reside. Your tool is great for end-users, I agree, and will probably cut down on a lot of spam for those users. I, in theory, endorse your product for the use by end-users.

Ryan Pitylak said...

JoeChongq: Also, no, we never did webspam.

JoeC said...

If you are willing to explain it, why did you get out of spamming?

Ryan Pitylak said...

JoeChongq:

No problem. I am also writing some things that are a bit more formal that will be published, but in short:

I decided that I couldn't justify sending out email anymore, even though we removed everyone who asked to be removed, and even though we tried to follow the letter of the law very carefully. My position moved from justification to ethical considerations. So, instead of the law creating the boundries for me to stay within, I decided that the boundries I would stay within were such that I would need to be serving the community. See my personal blog ryanpitylak.blogspot.com for my talk about this and about my connection to Working For Good. I truely believe, now, that business can be for the greater good, and the business of sending email is really a net negative at the end of the day. It is a net negative because it costs the end-user time, it costs the administrators of the email servers time, and it costs the corporations who lose productivity time money.

So, the main point here is that I feel strongly that whatever business you're in should promote the greater good, and that without that component, the industry is not worth being a part of.

JoeC said...

Thanks for the answer. I admit I am a bit skeptical of a reformed spammer sharing his insider info. But you do appear to be legitimatly reformed.

Another questions for you then. I know you said Brightmail is good, and I agree, luckily much of my mail is filtered through that service. But what kinds of free spam filters are spammers most thwarted/annoyed by? Bayesian like SpamBayes, POPFile, etc. Rule based like SpamAssasin? Or something else?

Ryan Pitylak said...

JoeChongq:

I agree: sharing insider info is tough because I don't want to help other people who are trying to learn how to spam. I'm having to be very careful about what I say and how I say it. Obviously, I have to leave a lot of important details out of the blog.

As for the brightmail filter: I would recommend one of the automated filtering technologies that you can implement. SpamCop is a good example. SpamCop (at least a few years ago) could be easily avoided by the more legitimate email marketers, but it stopped a lot of the really bad stuff. Also, if you have the proper access to your mail server, spamhaus creates a great product as well. You want a product that has an active community where people are constantly contributing. This will block ip ranges that are contributing to spam. A basic Bayesian filter is always nice too, but I don't know what product to recommend here. I assume they do all about the same thing. The problem for me with Bayesian filters at the client-level (like outlook's client spam filter) is that it blocks a lot of legitimate email.

Ryan Pitylak said...

Jack,

Your idea is interesting, but I think you should focus on the upstream of the internet connection of the spammer (as opposed to the employer of the spammer).

You'll have more success there. Also, you'd have to create software that would be an add-in to email softwares (like outlook) for this feature to work. I would think that a possible solution would be to send a notification to each upstream provider each time someone asks to be removed from the mailing. This way, the upstream provider could look for the same person asking to be removed several times, and therefore identify spammers who are not removing people. Also, a benefit would be that it would notify the upstream of an expected spammer if a lot of unsubscribes came in over a short time period (because a legitimate company probably would not get so many unsubscribes unless it was consistent with the amoung of mail being delivered).

Solutions like this are probably difficult to implement. The closest thing I've seen in the past is a program made by SpamCop that allows the user to complain to the upstream of the person who sent out the email. I think that software is an effective approach to solving this problem.