|
|
|
|
|
|
|
|
|
|
 |
 |
|||
|
 |
|
|
|
The Top 10
Spam Myths |
|
|
|
By Rich Kulawiec, an independent Unix/Linux/Internet/open-source consultant (Published Jan.26, 2004) In an attempt to quash some of the nonsense, FUD, and profiteering: Myth 1: It's hard to track down spammers. It's hard to track down SOME spammers SOME of the time. Most of them are easy to find, and in fact locating them is as simple as searching Google (especially the Google archives of Usenet) or the Spamhaus ROKSO, because other people have already done it. Myth 2: It's hard to stop incoming spam. It's hard to stop ALL incoming [mail] spam, but it's not hard
to stop a lot of it just by using Of course, people who are peddling ineffective, overpriced, closed-source packages will tell you otherwise. Remember: their profits depend on getting you to believe it. Myth 3: It's hard to stop outgoing spam. ISPs (and others) can. All they have to do is read their own abuse
mailboxes and take action on what they find, because the rest of
the Internet will do most of their job for them for So it's not that they can't: they simply don't want to because either (a) they don't want to spend the money or (b) the payoffs from the spammers (to look the other way) are too good to pass up. Myth 4: Reputable companies don't spam. Actually, a number of them do. Others hire spammers to do it for them. I'd put the list here but I'd probably get sued by some corporate bullies. Besides, it's pretty easy to just go back to Google, type in the name of a company followed by "spam" and read what you find. Start here: http://groups.google.com/groups?safe=off&group=news.admin.net-abuse.email Myth 5: Spam doesn't cost anything. It's costing every North American ISP user an estimated $3/month in fees. It's costing ISPs, corporations, universities and everyone else enormous amounts in bandwidth, server cycles, and disk space. It's costing huge amounts in lost time and productivity and mistakes. It's costing credibility, reliability and trust. It's darn close to costing us "use of email", period. Myth 6: Opt-out is a solution to spam. This has been so thoroughly discredited so many times that I almost didn't mention it. I just list it here because its presence (as a serious suggestion) is useful as a barometer of just how clueless any particular author is. Myth 7: Spam is just junk mail. Spammers are now writing and releasing spamming viruses as well
as worms designed to hijack end-user systems and turn them into
spamplifiers. They're conducting denial-of-service Myth 8: Anti-spam laws will make things better. Anti-spam laws will never apply globally: spam is a global problem. Anti-spam laws will be rarely and selectively enforced: it's not exactly a priority for underfunded, understaffed, undertrained and overworked agencies. Anti-spam laws, no matter how well they are written, cannot possibly be revised quickly enough to keep pace with new forms of spam and new spammer tactics. "Anti-spam" laws will be written by those with the deepest pockets, e.g. the pro-spam lobby. This is how we got CAN-SPAM in the US. Myth 9: Spam is inevitable. There was a time when spammers didn't operate in the open -- and that was because doing so meant prompt termination from whichever ISP they were using. It was unthinkable that anyone would allow a spammer to continue using their network once their presence was known. What changed? Greed. ISPs see complaints about their pet spammers as requests to shut down a paying customer, so they stonewall, delay, obfuscate, ignore, and sometimes outright lie in order to avoid doing what they should. Which suggests that one avenue that may be worthwhile pursuing is making spam cost ISPs more than they gain by it. The SPEWS DNSBL appears to be trying this tactic, and in some cases, it appears to be working, as some obviously pro-spam ISPs have grudgingly cleaned up once it's become clear how much it will cost them. Myth 10: There's more than one solution to spam. There are a lot of techniques (of varying effectiveness) for treating the symptoms of spam: use of firewalls to block port 135 spam, use of DNSBLs to block SMTP spam, use of cancelbots to deal with Usenet spam, and so on. But all of these are merely symptomatic treatment: they diminish the collective pain, but don't address its underlying cause. That cause is the spammers themselves. And as we have seen over and over and over again, the ONLY solution to that is removing spammers from the Internet. Nothing else has ever worked. Nothing else ever will. This is not to say that symptomatic treatment is a bad thing: most of it isn't (with some notable exceptions). But "making the patient feel better" is not the same as curing the disease. So while we're all busy working on dealing with the symptoms, let's not lose sight of the need to get the ISPs who are harboring their pet spammers -- often in clear violation of their own TOS/AUP, (google for "pink contract") -- to dump them. For further reading: Spamhaus: http://www.spamhaus.org/ Spamhaus Register of Known Spam Operations ("ROKSO"):http://www.spamhaus.org/rokso/ Clueless Mailers Spamdemic Research Center: http://cluelessmailers.org/ The Story of "Nadine" -- a Tale of Mailing Lists: http://www.honet.com/Nadine/ Why don't spam blocking lists block only the spammers? http://www.clifto.com/itemize.html Thank Spammers: http://www.linxnet.com/misc/spam/thank_spammers.html Usenet newsgroup news.admin.net-abuse.email ("nanae"): AbuseNet: http://spam.abuse.net/ SpamFAQ: http://www.spamfaq.net/ SpamLaws: http://www.spamlaws.com/ SPEWS: http://www.spews.org/ SueSpammers: http://www.suespammers.org/ Rich Kulawiec is an independent Unix/Linux/Internet/open-source
consultant whose anti-spam tool of choice is the Sears Craftsman
16-pound sledgehammer; he can found at rsk@firemountain.net
|
|
|
