Spamnonomics 2017

[Spamnophobic]

Recently I made an interesting discovery about "my" spam. It has lead me to some new ideas.

My system essentially consists of using disposable addresses (see Sneakemail for the principle). Once too much spam comes in on a given address, it goes into my spam management system. This consists of two phases.

Phase I: intensive reporting
As I award a new address to each person/firm/activity (PFA), I can easily see which of these has been responsible, inadvertently or otherwise, for passing on the address to criminals a.k.a. spammers. From then on I report every such spam via SpamCop, sending copies of the report with appropriate messages to the PFA to whom the address was awarded, alerting them to the breach of confidentiality. This I continue to do for as long as I feel like, but certainly until I am sure that the PFA has got the message. Sometimes it leads to interesting exchanges.

Phase II: the bitbucket
Once I deem the reporting period described in Phase I for a given address to have expired, I set my system to completely /dev/null (delete) any further mail sent to this address unread. Before making this change I usually send the PFA concerned a new e-mail address, on the strict understanding that they will now be more careful with it (which they usually are), or set in place other new measures as appropriate.

This limits the spam received considerably, makes it manageable, but thanks to SpamCop gives me a way of fighting back at the same time. It has served me very well over the years.

Recently I took a new step.

Out of curiosity, about 3 months ago, I removed one of my first, old, bit-bucketing measures. At the centre of this was an address that in its heyday was sending me 10-15 spam per day. To my surprise I have only received 1 spam to this address in 3 months! This has given me food for thought about what may be behind it. Why should a spammer ever drop an address?

Well, first of all of course there is listwashing. However, since the move to Phase II meant that these spam were no longer being reported, there would have been no further incentive from this point on for the spammer to listwash my address. I have now formulated an hypothesis - and it is only that - about how this may come about.

When spamming started, "certain individuals" discovered that using open relays etc., and a bit of SMTP scripting, they could send a mass e-mail to as many addresses as they had, for free. Cue spammers' Eldorado. Response in the arms race was limiting open relays (open proxies, etc. etc.). Spammers' response: enlist hackers to recruit compromised machines to botnets, and continue as before. Response: combat botnets (somewhat succesful, but "snowshoe" techniques etc. still give spammers "bandwidth"). Frankly I've rather lost track of the current state of the art in the arms race, but my general impression is that while we've no way won the war yet, for spammers the law of diminishing returns is perhaps finally setting in.

As spam has become a more and more widely recognised problem, more and more countermeasures have come into place. These days every free mail account even, comes with a spam filter of sorts, for instance. But everywhere more and varied countermeasures can be seen (not least SpamCop!), none of which stop spam, but all of which are gradually pushing up the cost per spam sent. Where once the sky was the limit, now the return in terms of dollar earned or sucker found per unit cost of spam sent is slowly, but inexorably increasing.

We as fighters against spam and criminality have one great advantage over spammers/criminals which we should never forget. We work together, whereas spammers/criminals have to fight against each other. You can see evidence of this for instance where spammers sell each other lists of "100% valid e-mail addresses" but sometimes carefully include known SpamCop reporters in them, so simultaneously sabotaging the efforts of their competitors, a little. It's like the ecosystem of parasites vs. symbionts in the biological world (I once posted on this, hyperlink is http://forum.spamcop.net/topic/9935-resolved%C2%A0multiple-hosts-for-the-same-spamvertised-site/#comment-68121).

At the same time Boris the Botnet Renter isn't getting any cheaper either. So any spammer with even half a thought for their business model, will eventually have to look at their lists, and try to figure out some way of sorting out their highest value addresses from others, with a view to perhaps limiting their spew volume. This is what I believe is happening, slowly.

Well, your mileage may and will of course vary. I freely admit that it's quite a sweeping conclusion to reach on the basis of one spammable e-mail address which seems to have gone out of fashion. It may have been on CDs or DVDs which have since oxidised away, and never made it on to little Alexei's database. But his administrator will be charging him more and more to use the database, or using his bandwidth more productively, fixing elections for instance. Anyway, as I said it's just an hypothesis.

These are just my thoughts, and I don't really have the resources to do more forensic analysis. Like most people, I'm just trying to get by and to manage "my" spam as intelligently as I can.

[Spamnophobic]

On ‎04‎/‎02‎/‎2017 at 7:27 PM, Spamnophobic said:

"... return in terms of dollar earned or sucker found per unit cost of spam sent is slowly, but inexorably increasing. ..."

Sorry I mean the return is decreasing (or the cost is increasing).