Creative Loafing Charlotte

Menu Search

News & Views » Cover

Damn Spam!

A descent into a world of organ enlargements, toner cartridges, con men and spam fighters

by

comment
INTERNET ENFORCERS: Dr. Paul Judge, chief technical officer at CipherTrust, a network security firm, heads up the company's crack spam-fighting force.

Page 2 of 5

What is surprising -- and depressing -- is the fact that C.P. Direct raked in at least $74 million in sales in the two years before it was shut down. US Customs officials estimate that as many as 500,000 under-endowed men had responded to the company's ads.

It should shock only the gullible that, no matter what its specific, guaranteed effects were supposed to be, every herbal product the company sold was made from exactly the same combination of worthless ingredients.

While pills are the most common penis-enlargement product touted through spam, they are far from your only opportunity to flush money down the crapper.

There's likely e-mail on its way to you right now that will link to websites where you can shop for such atrocities as the "BIB Hanger," which, according to the spiel, "takes the discomfort out of hanging heavy weights from the penis." Darn, and Father's Day has already passed.

Then there's the Dr. Joel Kaplan Penis Pump, which comes in a basic hand-pump model for $100 on up to the $600 flagship set-up that presumably lights you a cigarette after each workout.

If you need help deciding which PE scam may be right for you, you'll want to consult www.penisenlargementmagazine.com -- sort of a cut-rate, dick-obsessed J.D. Powers -- which claims its reviewers exhaustively test and rate each system.

How'd They Find Me?
A common question among the spammed is, "How did they get my e-mail address?" Ah, that was the easy part.

One of the many possibilities is that the spammer unleashed an "e-mail harvesting" program that trawls the Internet to find corporate e-mail directories, "blogs and newsgroups, capturing any string of characters with an "@" in the middle.

Addresses can also be generated from scratch using a "dictionary attack," a program that pairs up common names with the bigger Internet domains in hopes of hitting a few live targets. Examples: jsmith@aol.com, ksmith@aol.com, lsmith@aol.com, and so on.

If the spammer really wants to reach people whose addresses might not otherwise appear online, he'll employ an "alphabet attack," an astoundingly inefficient approach that creates countless addresses by lumping together random sequences of letters and numbers. Examples: ahkdy1@msn.com, ahkdy2@msn.com, ad infinitum.

But, more likely, he'll simply buy a CD-ROM containing millions of e-mail addresses from some other sleazeball who's already done all the work, says EarthLink attorney Wellborn.

In fact, the spam industry was jump-started in earnest by the bursting of the dot-com bubble, as many failed companies were ordered to sell off their customer e-mail lists as part of their bankruptcy settlements.

There are literally hundreds of online vendors selling address lists, as well as bulk mailing software and "how-to" starter kits for wannabe spammers. Wellborn is currently looking into avenues for suing these spam-enablers.

Once a would-be bulk-mailer has his computer, his spamware and his Internet connection in place, then the real challenge begins: the high-stakes cat-and-mouse game with the ISPs.

There are thousands of ISPs scattered across the globe -- and nearly all of them have an "acceptable use policy" that prohibits unsolicited bulk e-mail. So, if a spammer is dumb enough to send out messages with a return address of his own hotmail.com account, he'll find his service switched off before he can say, "HERBAL VIAGRA."

To avoid being identified as spammers, they'll scour the Net to find unprotected mail servers -- known as "open relays" -- that can be hijacked into sending out spam for them. It's not uncommon for a particularly stinky piece of spam to have bounced between half-a-dozen open relays and as many continents on its way to your inbox.

A true guerilla spammer will nearly always insert a false return e-mail address in the "from" line of any bulk mail he sends. Called "spoofing," it's another method for hiding his identity from ISPs. Just as important, it's a way to avoid the inconvenience of dealing with the hundreds of thousands of undeliverable e-mails that would otherwise be bounced back to his server.

But fooling the ISP is only part of the struggle. Any prolific spammer also must contend with the growing anti-spam community, which includes dozens of websites, newsgroups and individual hackers who have been known to reroute bulk e-mail back to the spammer's address or even post the e-merchant's home telephone number online in retaliation to being spammed.

A spammer knows he's hit the big time when he earns his own listing in Spamhaus, a London-based online anti-spam clearinghouse that maintains one of the more authoritative "black lists" of confirmed spam-senders.

Winding up on a black list can make it very difficult for an e-marketer to find an ISP that will touch him. Although independent, Spamhaus has become powerful enough within Internet circles to threaten some of the smaller ISPs with black listing unless they drop their spamming customers.

Full text

Tags


© 2024 Creative Loafing Charlotte

Switch to Desktop
Back To Top