ISLANDDOG.KYChristopher Soehnlein
ISLANDDOG.KYChristopher Soehnlein
09 Jun 2015

Spam for Breakfast

Anybody who owns an e-mail account has probably encountered SPAM. It’s annoying (to say the least) and sooner or later, it tends to be disruptive. Some might think that with all the advancement in technology today, this phenomenon is, or should be, dying down. Sadly, despite the best efforts of system administrators, software engineers, and ISP’s, that is not the case. As a matter of fact, it will just get worse before it can get better. The main reason SPAM exists is because it PAYS. It’s a “numbers” game really.

Imagine yourself as a Spammer. Let’s pretend that you are sending out an e-mail advertising Brand-X. If the person who receives it responds positively and buys JUST ONE item from your list, you stand to make a $1.00. Now imagine sending that message out to a million people. Of course, not all of those recipients will be buying. And, the majority of your messages will get caught in Spam Traps and whatever automated protections there might be against SPAM.

But what happens if only 1% of those one million recipients do respond and buy your product? You stand to make a cool $10,000 – In ONE DAY!.

And what did it cost you? Practically nothing. It doesn’t make a difference in cost to send a message to one person or to 100-million people. It’s not like you are paying for postage here. And there really is nothing that stops you from sending the same message again the next day – tweaked, of course, to deceive the Spam Traps better or to make it more attractive to recipients. Ten-thousand dollars a day. How long will it take you to make $10,000 in a real job? Now you see the attraction? That is really what we are up against here. Spamming is a low-cost high-return business model for those willing to take the moral plunge. And there is no shortage for those types of people.

Here are some numbers that show how bad it is getting (Facts from Wikipedia).

1978 – An e-mail spam is sent to 600 addresses.
1994 – First large-scale spam sent to 6000 newsgroups, reaching millions of people.
2005 – (June) 30 billion per day
2006 – (June) 55 billion per day
2006 – (December) 85 billion per day
2007 – (February) 90 billion per day  

Ninety-billion messages A DAY! To give you an idea of how much that is, the United States Postal Office handled 90-billion pieces of First-Class Mail for the whole year of 1990. Now let’s do some math — at a 1% positive result valued at a dollar each, that is 900-million dollars a day that spammers are potentially making! Even at a 10,000-to-1 ratio (.01% Return) 9-million dollars a day is still nothing to sneeze at. Especially when you multiply that by 365 . . . 

So far, I’m only talking about Spammers who are actually selling a product. There are lots of types of spammers. Some SELL (viagra ads ring a bell?), someDECEIVE (I’m sure you’ve gotten those “Hot” Stock tips that are really “Pump and Dump” Operations) , And some just outright STEAL (You really SHOULD know about those Nigerian-Scam type e-mails). Some of these guys go straight for the jugular and try to milk you for everything you’ve got. They are not stopping at a dollar a victim. 

I used the word “Victim” for a reason — no mistake there. What these guys do is rationally criminal though not necessarily “Illegal”. Laws against this type of activity are slow in the making and difficult to implement. While it may not cost spammers much to operate, the results of their actions are definitely costing everyone else. In your time alone, each message you delete is a few seconds of YOUR time that the spammer has wasted. Time that you will never get back. It is also time that neither your employers nor your children benefit from. On the administrative level, each Spam Attack is costing system administrators and programmers hours of implementing solutions or updating machines. Each SPAM message eats up Internet bandwidth, CPU time, and hard-disk space. Who pays for all of that? We all do.

Even at one-second per message, that’s 25-million HOURS of wasted manpower around the world. Now remember, this is all happening in one day. The math I use here is purely deductive and overly simplified. It might take less time for some people to delete SPAM messages, or more time for others. Newer Anti SPAM Servers will eat those messages faster than older Mail servers, etc. But either way you look at it, valuable time and resources are still being wasted. The only people who benefit from it are Spammers, and they do not shoulder any part of those expenses.

And what do we get in return? As as we get better in filtering SPAM, and as people get smarter about it, the less positive results the Spammer will be seeing. But, guess how they will deal with that downward trend? Right! — by producing more SPAM.  That’s the reward we will get for our trouble. More work. It’s a numbers game, remember? Perhaps one day, we will get so good at this that psychologists and rocket scientists would be needed to help Spammers effectively deliver their SPAM. Or maybe the ISP’s will decide that maintaining the fight against SPAM is costing them too much and that they now need to charge for people to send and receive e-mail messages (just like the cell-phone companies). Then and only then will we see drastic reduction in SPAM. And only because it would cost them too much money to be effective. Now they would have to really work and invest — just like real legitimate businesses.

Scary thought, no? Imagine having to pay per message you send out. But, freedom abused equals freedom lost. In this case, it is the few that are jeopardizing the freedom of the many.

What can we do about it?

We need to do two things.

A. We need to increase the Spammers cost of doing business, and

B. We need to lower their return on investment.

How do we do that?

Tip No. 1. Make sure that you implement some sort of “automated” protection for your computer.

AntiSpam software is not enough. You would need to have a firewall and at least some sort of AntiVirus software and AntiSpyware as well. Why? Because these guys are becoming one and the same. Viruses, Trojan Horses and Spyware are becoming the primary tools for a Spammer to infiltrate your computer and render it as a “slave”. As a slave, your computer becomes a resource for them to do with as they please. This “Farm” of slaves (called a botnet) could be commanded to send out spam messages or viruses. Basically to recruit even more slaves.

Tip No. 2. DO NOT GIVE OUT YOUR E-MAIL Address to just anyone.

Protect it like you would your cell-phone number. Spammers need to “Harvest” e-mail addresses. The less people know it, the less likely it is for spammers to find you.

That includes posting your e-mail address in a chatroom, IRC, MySpace account or any publicly viewable web page. Spammers run “Spambots” that constantly search the web for these things. If you must post your address out in the open web, consider doing it as an image. An image file will foil most “spambot” search technology since it is not machine readable. By the way, do you see all those spam e-mails that you get with image attachments? Spammers are using this same technique to fool AntiSpam technology — There is no reason you couldn’t use it to protect yourself.

Some spammers utilize “Dictionary” or “Brute-Force” type attacks. A “Dictionary” attack is where they send messages using a list of names that they think might exist – such as common first or last names, employment positions, etc…

Examples:(webmaster@yourdomain.com, sales@whateverdomain.com,adam@popularisp.com).

When selecting an e-mail address, go for a less common variation. Better yet, get several for disposable use later.

Brute Force” is when they computer generate addresses using characters sequentially (a@isp.com, b@isp.com…aa@isp.com, ab@isp.com) — This is slow and kludgy, but it will get to your exact e-mail address eventually.

Actually, both types of attacks are not very precise and result in the spammers getting back “bounced” message replies, but it is with these replies that Spammers build their address lists. By process of elimination, any message that they send out that does not have a returning “Bounced” reply back is assumed to be “active”. This is called a Directory Harvest Attack or (DHA).

Of course, if they send out too many messages at the same time, the sending address and server that they used basically gets “mail bombed” (Imagine getting a couple of million replies from mail servers saying that the address you are trying to reach does not exist . . .) This causes something similar to a self-inflicted DOS (Denial Of Service) attack — But what do they care? They’re not using their OWN computers — remember? They’ll just send the next batch with another “spoofed” senders address using fresh “slaves” from the farm.

Doing the above two tips lowers the possibility of spammers finding your e-mail address. But there is another way that they could use to get it — Which leads us to the third point.

Tip No. 3. Be very careful when forwarding messages.

Remember those messages that promise you money if you send it out to your friends? You forwarded it to everyone in your address book but you didn’t see a cent!  In the back of your mind, you knew that it wasn’t real. No harm in trying, right? Wrong!

Same goes for those chain letters that “carrot and stick” you into forwarding it to at least 10 people or something horrible will happen to you.

Or those heart-wrenching pleas for help, some healthy tip, some scary “fact,” or even that noble cause.

They should all be treated with suspicion.

Check them out first before taking any action. A simple Google search using the subject line would suffice. You’ll find that most of them ARE BOGUS. If they are bogus, just delete the message — don’t even reply to it. Be especially suspicious of messages that asks you to include the original sender when you forward it (If you are my friend, you will send this back to me!). Or the ones that have links to a webpage that asks you to fill in some information.

Basically, treat your friends e-mail addresses the same way you would treat yours. If you do forward such a message and that sender was a spammer, you have just sent that spammer your entire CC list of valid addresses. This process is called “Harvesting.” Spammers like this type more because it requires less work for them (You would be doing most of the work for them) and the catch is usually the best quality — the addresses are valid and current, and even the carefull people or the ones with fresh e-mail addresses get exposed. The spammer could also learn about new active domains this way. Fresh targets for a DHA.

If you must forward (after you’ve checked it out of course), consider forwarding as a BCC instead of the CC. The Blank Carbon Copy field is invisible to the recipient of the message — that would deny the spammers access to your friends’ names (they would have yours though!).

Tip No. 4. Never buy anything that comes from a Spammer.

If they could stoop so low as to SPAM you, could you really trust them with your credit card? If, after all the filtering and traps that your admins have setup, a Spam message still gets to you, make sure that it will not count as a positive for the spammer. We need to lower their return on investment, remember? Do not buy, do not subscribe, don’t do anything that’ll make them think your e-mail is a valid address. I used to go to the trouble of faking a “bounce” back message to spammers – easily done with Eudora’s autoreply and templates, but I wouldn’t recommend that for everyone. Just play it safe and delete the message. I too am fighting the temptation to reply back with an invoice for the time and resources that they wasted.

While these tips do not guarantee that you’ll be SPAM free, it should help. The reason why I went at lengths to explain the process was so that you’ll be ready even if Spammers change tactics and use variations of the above-described attacks.

Hopefully, as you understand more of what is happening, you’ll recognize the variations. Phishing, Spamming, and other fraudulent activities are on the rise. Let not make ourselves helpless victims.

Perhaps when they have no one else to fool, they’ll stop abusing the freedoms that the Internet offers us.

P.S. Forward this article to all your friends! Help STOP SPAM by educating people!

WAIT! I WAS Just Kidding! I wanted to make sure you were paying attention – This is how Spammers use “Social Engineering” to get other people to do the work for them. I wouldn’t put it past Spammers to use this article to harvest e-mail addresses.

If you do send this article as a message, remember to use the BCC field.

This article is copyright of Allan Albert and was created exclusively for mabuhayradio.com by pro2call.com. If you wish to use it, please provide a link back to those sites.

 

Tech Tips Comments Off on Spam for Breakfast