3
1
Is ignoring spam a bad thing?
I mean, if you just get the email and ignore it, then you've basically confirmed that your email exists -- there wasn't any mail delivery failure notice to the spammer, so obviously you received the email.
Isn't that enough to make you get more spam? Is it better to send a delivery failure notice, and if so, how would you make it look legitimate?
user541686
Posted 2011-04-16T23:26:57.280
Reputation: 21 330
7
You assume that spammers actually care about replies. There is no reason to think they do. The only thing that counts is the number of clicks on the website they advertise. If there are a million more or less undeliverable message is irrelevant. This would drastically change only if sending an email would cost but a fraction of a cent.
Ingo
Posted 2011-04-16T23:26:57.280
Reputation: 214
I would assume that they would rather send emails to valid addresses, right? So the goal here is to make your address look invalid. – user541686 – 2011-04-16T23:38:11.297
You have to look at it from an economic point of view: Sending 1 million more emails does not cost more than not doing so. The return per email is tiny - only a couple of apparenty uneducated hmmmm persons in a million do click on an spam link - even fewer do actually buy something there. Therefore, a spammer must send out as much as possible - you can't waste time checking individual answers. Hence, often, the reply adress or the from adress are not existant or reachable anyway. – Ingo – 2011-04-16T23:50:41.043
@Ingo: Just so I can get a feel for numbers, how many emails do you think a spammer can send in, say, a single minute? – user541686 – 2011-04-16T23:51:50.817
2I doubt rather strongly that the average spammer even knows a given address exists. He has a database of them somewhere, which his software looks at in order to send the mail, and that's it. In fact, I would be surprised if the MAIL FROM: address were not entirely forged. So he likely wouldn't receive any reply either. (specifically targeted scams would be an exeption to this, of course, but they probably don't make up a large percentage of total spam.) – user55325 – 2011-04-16T23:58:49.437
3
The Rustock botnet was capable of sending an average of 192 spam messages per minute from a single infected machine. The entire botnet consisted of 150,000 to 2.400,000 machines. See http://en.wikipedia.org/wiki/Rustock_botnet.
– Wayne Johnston – 2011-04-17T00:13:34.967@Mehrdad -do you mean 1 eMail or 1 adress? I can send an email to hundreds of persons with one go. Then again, the trend seems to be to personalize, i.e. the spammer software guesses your name and puts it in the subject, etc. – Ingo – 2011-04-17T00:19:14.837
@Ingo: So if we say that you can send ~200 emails per minute, then your estimate that "a million more or less undeliverable messages is irrelevant" is quite off... I think if the spammer could do the same task in an hour by only using valid emails (instead of 83 hours), he'd rather do it, don't you think? – user541686 – 2011-04-17T00:23:00.167
@Mehrad: 192 spam/minute per infected host. Multiply that by the low estimate for number of hosts in that botnet (150k), and you'll see that 1M bad addresses is peanuts. – Mat – 2011-04-17T00:37:38.883
As @Wayne pointed out you must rather think of 100,000 x 200 eMails per minute. But lets assume we have only 10.000 sending clients - this are still 2 Million Mails per Minute. That is, filtering out 1 Million really undeliverable addresses would save you 1/2 minute. But how to do that? If it were that easy, every decent mail program would offer the possibility to send something that looks like a sendmail undeliverable notification by default. It's not the case. Because there is really no one to read there. – Ingo – 2011-04-17T00:44:20.237
@Math, @Ingo: Ah, the "per host" thing makes sense, for the big spammers anyway. But what about spammers that obviously aren't spamming too many people, but who fished out your email from somewhere without your knowledge? E.g. I got an email from a legitimate construction company who illegitimately got my email (I'd never even heard of them before)... there's no "opt-out" or anything, but it's clear they're sending the email manually. I'm just wondering whether I should reply to people like these or not, since they'll probably read it if I do, but I don't want to make myself get more emails. – user541686 – 2011-04-17T01:26:24.043
4
Responding to spam provides some level of validation to the spammer that they are dealing with a valid eMail address, so not responding is actually better.
If you want to actually do something about spam, there are many options that range right up to being a full-fledged spam-fighter running SMTP [mail server] honeypots and DNS-based blacklists. To get started, I highly recommend that you read these two documents:
How to deal with spam positively and professionally (passive and active techniques)
http://www.lumbercartel.ca/library/tips.pl
The Rules of Spam
http://www.lumbercartel.ca/glossary/rulesofspam.pl
The biggest problem with spam is that spammers are completely ignoring your "natural right to consent" when they use your resources to foist their scams on all their innocent victims. Who pays for these resources, including internet access, electricity, equipment (including the extra wear-and-tear that spam causes), stress, and so on? If it isn't you, then it's whomever's home you're living in (and that makes them victims too).
At any rate, spam is theft because it depends on theft-of-service (unlike postal mail where postage must be paid in advance) -- if they had your consent to include you in their eMail list, then it wouldn't be theft because it wouldn't be spam.
Randolf Richardson
Posted 2011-04-16T23:26:57.280
Reputation: 14 002
1@Randolph: Your answer does not actually answer my question about the lack of delivery failure notification... – user541686 – 2011-04-17T01:20:16.717
@Mehrdad: Delivery failure notifications are typically ignored by spammers if they're generated at the SMTP Envelope stage -- the three-digit 5yz (500-599) error code that indicates an permanent failure has no effect on them because they will just try again in the future under the assumption that it may eventually work. If your mail server is generating a bounce back to them, then they'll just consider it to be confirmation that they're dealing with a valid account (but this bounce-generation approach is frowned upon because it tends to amplify spam). – Randolf Richardson – 2011-04-17T01:49:31.137
@Mehrdad: So, in short, either have your mail server respond with a 5yz code or just drop the connection altogether because these two methods will consume far less bandwidth. If your mail server can keep the socket open for a long time, that can slow down the spammer's "spamrun" a little bit. – Randolf Richardson – 2011-04-17T01:51:05.753
@Randolph: I'm confused... if they get a delivery failure, why would that tell them that my account is valid? Is this assuming that they don't inspect the contents of the reply? – user541686 – 2011-04-17T01:53:53.240
@Mehrdad: They don't have time to inspect delivery failure notices, but keep in mind that most spammers use "spamware" which is software that acts like a mail server and simply reveals to the spammer statistics about the number of 4yz and 5yz codes they receive (along with other overall information) -- for millions of stolen eMail addresses, they don't have the time to inspect every non-delivery notice (let alone a few dozen), plus they probably don't care anyway. – Randolf Richardson – 2011-04-17T02:53:44.403
@Randolf, +1 though I don't agree with "SPAM is theft". You can't put an SMTP server out there who accepts connections and requests from whomever - and then claim that use of this service constitutes theft, just because the way some people use it does not please you. – Ingo – 2011-04-17T09:36:46.177
@Ingo: Thanks for sharing your perspective, and for the +1. The way I see it is that my equipment is my private property for which I pay for (including the bandwidth that is consumed). My intention is for certain types of usage which does not include receiving spam, being hit by DoS attacks, etc. I know of only a handful of systems set up specifically to receive spam (one of which feeds DNS-based blacklists). With your property, people should respect your rules, and if that includes "no spam," then they should certainly respect that too, regardless of how you define it. =) – Randolf Richardson – 2011-04-18T07:12:07.127
@Randolf I agree with you fully with regard to the private property thing. Yet, we face the regrettable fact that IP protocols like SMTP simply don't give us as much control as we want. Hence, while the behaviour of the SAPMmer is disgusting and immoral and whatever, it's not strictly criminal (note that this judgement is independent of jurisdiction that prohibits sending SPAM, but we know that these laws are merely "tigers without teeth", as we say in germany.) – Ingo – 2011-04-18T08:47:05.160
@Ingo: My home has a front door with a doorbell, and the protocol for speaking with me involves standing near the front door and pressing the button to ring the bell. This protocol is wide open, yet if someone abuses it I can have that person removed forcefully with the help of local police (with escalation for future attempts if needed). I believe it should be the same with spammers, and in this case I can justify calling it "theft" since I never agreed to be on their eMail list; they consume my resources without my consent. Tools like blacklists are my enforcement. – Randolf Richardson – 2011-04-18T09:01:33.540
What makes you think that spammers get email addresses from "brute force" or something similar? They get email addresses from leaked/sold email databases. – apoorv020 – 2011-04-23T16:57:38.010
@apoorv020: They do the latter of course, but if bobsmith@gmail.com is a valid email, then it would make lots of sense to try bobsmith@yahoo.com, bobsmith1@gmail.com, etc. – user541686 – 2011-04-23T19:17:19.307