Comments on: The hard truth about email

By: Mickey Chandler's Spamtacular | Top 10 Posts of 2009

Mickey Chandler's Spamtacular | Top 10 Posts of 2009 — Thu, 31 Dec 2009 16:25:20 +0000

[...] The hard truth about email. This post, which comes in forth on the top 10 list for page views comes in first for the number of comments (and we love comments!). It’s a reminder for senders that the ISPs’ resources are limited and tend to get overloaded during the holiday season. [...]

By: @Annalivia02

@Annalivia02 — Wed, 09 Dec 2009 05:44:16 +0000

You were unclear in your writing, then. I will not put words in your mouth if they are clear on the page. You said "technology leaders" were doing nothing and from where I sit, that's primarily the ISPs. I know the one I work for has developed an amazing array of tech to deal with the problem and we have been considered industry leaders in the anti-spam world for quite some time. You specifically stated exactly nothing, and scolding me like a delinquent child for misreading your misleading and unclear writing does not behoove you. In the future, please write clearly. Pursuant to that – what does "non-probability blocking" mean? and how does one achieve "100 percent guaranteed organization shut down"? If all this data is at the fingertips of the Feds, why arent they using it?

By: Tom Caldwell

Tom Caldwell — Sat, 05 Dec 2009 19:05:02 +0000

@J.D. I was going to quote some numbers from the Guys at Return Path regarding the 7 percent of spam coming from ESP's that give out free accounts however I found out that you might know them. Larry Ellis came over and was my POC. I pinged you off-Spamtacular so we can chat all things processed ham elsewhere and post them here if worthy.

@Annalivia, no I had to prove it can be done, and it is being done, because it is a different approach. Furthermore where did I ever mention that ISP's are doing nothing? I specifically stated the "anti-spam" vendors, NOT ISP's or even ESP's are doing very little to "SPAMMERS", not spam, because you have people behind one and digital electrons in a certain encoding format in another. . BIG DIFFERENCE between people and electrons, right. Let's be honest, read the latest "ISP's EAT YOUR SPAM POST" . It confirms everything to my point. In the future please read the post, and don't put out of context words into my mouth as you wouldn't want me to do that to you. I've worked for two ISP/ESP's and consulted with 4 more in the 500-1 million user range, so I know the environment pretty well.

@Been there done that, *sarcasm coming* yes it isn't technologically easy to mine through billions of e-mails, blacklist all the URLs, use those URLs to track botnets or spam supporting networks, attribute the URL and thousands of others to the same person, host , redirect, click-through target, then capture all of that data and attribute the bots being used to the URL's being sent and who they belong to (business intelligence and data mining with some simple whois and data caputre, even when forged). Nope totally impossible to do that…I mean who'd ever think up such a thing.

All of this is in a forensic database which FBI/DoJ can easily log into and use the spam sample, forensic testimony, screen-shots of the sites with context matched to the malicious message and then a subpoena of course to search the credit card owners premises, their financial records, and who they've been paying for botnet time and spam sale commissions.

I WORKED IN A SPAM RING, THAT'S EXACTLY HOW IT WORKS, even when multiple parties are doing the spamming, botnet harvesting, domain registration, hosting, and laundering the payment methods through another shell company to even make it look legit.

So if you have the data, system to easily match it, and attribute it to a person seamlessly plus your Deputy Assistant Director in IC at FBI can convince Congress to fund going after these people then YES, it can all be done and will be done. However if you ruin the spammers, no one in the industry will want to support you because they thrive on more spam being sent, it's how they're making money. What would happen to police if all crime dropped by 80 percent?

By: Why Does Yahoo Hate Me? | Business Computing World

Why Does Yahoo Hate Me? | Business Computing World — Fri, 04 Dec 2009 12:17:30 +0000

[...] Ford who wrote that fantastic poem from last week, Laura Atkins from Word to the Wise, and Mickey Chandler who is the go-to for all things related to spam law all talk more about this on their own [...]

By: Delivery delays due to congestion – Word to the Wise

Delivery delays due to congestion – Word to the Wise — Wed, 02 Dec 2009 20:49:21 +0000

[...] about everything the ISPs have to consider when making hardware and buildout decisions in his post The hard truth about email on Spamtacular. When, like on cyber Monday, there’s a sharp increase in the volume of email, [...]

By: Mickey Chandler's Spamtacular

Mickey Chandler's Spamtacular — Tue, 01 Dec 2009 23:09:29 +0000

Annalivia Ford from AOL has a response up to a comment made on this blog yesterday. It’s a great read! Go check it [...]

By: Been there done that

Been there done that — Tue, 01 Dec 2009 22:32:45 +0000

Senders can't do anything about botnets except Don't Use Them. Now, there are some fairly large brands that are outsourcing their email acquisition programs far enough that mail advertising their products is sent using botnets. However, if it doesn't go over network I control I can't do a whole lot about it.

Tracking spammers, IDing botnets, IDing command and control, linking real world IDs with bot herders… that's some fairly specialized work. In some cases it requires international law enforcement involvement. The ISPs can't do this because it's often out of their jurisdiction and the costs are extensive. Law enforcement can't always do it for the same reason.

Look, many of the botnets, while infecting US computers, are actually run by criminal gangs in foreign countries responsible for botnets. It's neither easy nor cheap to track them down. It's also not always easy to make them stop just by suing them or arresting them. Look at Al Ralsky, he's lost court cases, he's been convicted of fraud previously, and yet he was still able to spam with impunity for almost 10 years. Same thing with Sanford Wallace. He was one of the first spammers sued by an ISP (ELN, back in the late 90's), and just lost a court case a couple months ago brought by Facebook.

Identifying and suing spammers isn't as effective as you make it sound like it is.

By: Annalivia

Annalivia — Tue, 01 Dec 2009 22:20:50 +0000

@Tom: Nope. Saying it wasn’t a product pitch doesn’t make it not a product pitch. A spammer that says his mail isn’t spam doesn’t magically make it not-spam. You could have made your point without mentioning your product.

Where you get the idea that ISPs are doing nothing about spam, and that they’re doing it because they want to spend money (what money??) on new toys is a puzzlement. It certainly doesn’t jibe with my experience in the industry.

By: J.D. Falk

J.D. Falk — Tue, 01 Dec 2009 20:15:11 +0000

Tom, you're right that email marketers and deliverabilty wonks aren't doing anything about botnets, but they're far from the only players. There's a long list of "primary sources" links along the left side of boxofmeat.net which may provide some helpful information on what the rest of the industry is doing.

By: Tom Caldwell

Tom Caldwell — Tue, 01 Dec 2009 01:58:54 +0000

Al,

If directed towards me, it was a comment and question in regards to high spam levels, lack of focus on spammers causing high spam levels, and I mentioned it wasn't a product pitch or solicitation in the second sentence but can be performed (proving a point then asking why it isn't the focus to solving the problem Mick pointed out).

FYI, I just found this blog/resource, it's great for anti-spammers, e-forensics, and of course marketing consultants, who should also be protected.

I hope that clears up any shameless plug accusations?

Thanks Al/Readers,

Tom