And to be honest, we're not really talking about much energy involved here. The harvesting software probably took an afternoon to write and then maybe another day to test and debug. After that, the harvester just picks a target area and lets it run. It's a gravy job with the computer doing all the hard work.

The harvesting software probably took an afternoon to write and then maybe another day to test and debug.

Wow, that's amazing to me!

Most of the tools (subroutines and modules) needed to do this already exist and are available free for the taking at places like CPAN.org. There are usually valid uses for most of the pieces, so lots of development and testing have already been done. Creating a harvesting program like this mostly involves picking the right pieces you want and pasting them together into a script that points them in the direction you want them to go. I'm sure the "bad guys" have archives of the nastier bits that upstanding places like CPAN.org wouldn't touch.

Spammers, virus writers, and their ilk do not work in a vacuum. They collaborate and use the tools already made by others.

Want more bad news? Call for Qwest telephone support after 9:00 p.m. and you'll get a bunch of people in Manila or Borneo. Both are well known for information harvesting, and the US government is essentially powerless. So, not only are US Corporations taking jobs out of the US, but they're employing people in places that are known for information scamming, IP piracy, and other electronic crimes. Would someone seriously doubt that some of Qwest's employees aren't taking info home for their brother, cousin, uncle, son, daughter, or other relative if it means income to them?

Can someone explain the economics of this?
Even if it costs next to nothing to send 1M emails unless someone buys something as a result there's no $s going into the top of the pyramid to finance the whole thing.
Bob.

Bob, the thing is that people are responding to the SPAM and they are purchasing what is being sold. How many purchases does a spammer get if they have a response of 1/10 of 1% on an email of 1 million?

--Scott

Well I certainly understand that you only need a very low hit rate to cover costs, I just find it hard to believe that anyone would actually BUY something advertised in this way. Maybe I just underestimate human stupidity.
Bob.

Maybe I just underestimate human stupidity.

C'mon, Bob! Wouldn't you really like to have a bigger......



home mortgage?

Most of the people actually sending the spam don't care whether purchases are made or not. They only have to convince some sucker who wants to sell something to fork over money for sending the spam out. As long as they can keep convincing someone else that it will work, they keep getting more clients. So perhaps the really stoopid people here are those who hire spammers to advertise for them. What those folks need to do is wise up and understand that they are equally responsible and punishable for whatever laws the spammers break.

You wouldn't believe the excuses i've heard. Talk about stupidity ...

"The promised it was an opt-in only list." ... ummmm, how can anyone promise that 370 million people opted in to hear about your new golf tees?

"We bought an opt-in list." ... there is no such thing as a puchased opt-in list. If the people didn't opt in with you directly, they didn't opt in with you at all.

"There was a virus on one of our office computers sending out the emails." ... strange, it seems the only emails that virus was sending out were advertising *your* services and products.

"We have proof that you signed up for our 'family' porn site. Here's the record of your IP address with the date and time." ... the IP address was for an AOL dialup account in Montana (interestingly enough within a few miles of the porn company). My office account is on INOC.net in NY. This excuse was rapidly followed with, "Then you must have hacked into that computer in Montana." I suggested that they contact the FBI to have them investigate the incident, and that i would volunteer all records, evidence, and emails i had relating to the it. I received a very fast apology and never heard from them again. Their website was offline two days later.

"If you're being bothered by the 20 to 25 porn advertisements we send out daily then you should have better spam filtering software." ... no, we shouldn't *have* to have any filtering software at all.

"We aren't selling you anything, we're merely informing you of products we have available. That makes this email non-commercial and therefore excempt from various spam laws." ... spam is defined by conSent, not conTent. If i didn't ask for the emails, it's still spam.

"C'mon, we're advertising our computer services. It's not like we're trying to sell you drugs or enlargement aids." ... nevertheless, they were still flooding my inbox with dozens of unwanted and unrequested emails daily.

"Our affiliate did it." ... tough. If they are affiliated with you, you are responsible for their actions. They spam because you pay them to.

"Thank you for your removal request. It will take approximately 8 months to process your request, during which time you may continue to receive our twice-daily newsletters." ... Believe it or not, this was from microsoft.com. Oooohh, i had fun reaming one of their executives out over the phone on this one.

"Our first-amendment rights allow us to send you these emails. If you refuse them or block us from sending them you are breaking federal law." ... no. The first amendment guarantees freedom from government intervention when making political comments in a public forum. Your spam is commercial, not political. Even if your statements are political, my email inbox on my email server is my private property, not public. Your rights to your speach end at the borders to my personal domain. That's in the constitution too.

Yeah, call me jaded by spam. I've heard and seen it all now.

You really hit the nail on the head with thisone.

"Most of the people actually sending the spam don't care whether purchases are made or not. They only have to convince some sucker who wants to sell something to fork over money for sending the spam out."

Sonds just like the bottom line from the California Gold Rush of 1849. The only people who really got rich were the merchants selling the picks, shovels and pans.
Very, very few miners ever made any money.

Steve

"Our first-amendment rights allow us to send you these emails. If you refuse them or block us from sending them you are breaking federal law." ... no. The first amendment guarantees freedom from government intervention when making political comments in a public forum. Your spam is commercial, not political. Even if your statements are political, my email inbox on my email server is my private property, not public. Your rights to your speach end at the borders to my personal domain. That's in the constitution too.

You got it! That's exactly why I joined Blue Security.

Good analogy, Steve!

The question boils down to an “Opt-in” versus an “Opt-out” approach. Should the public be required to “Opt-out” whenever an unwanted message is received? Or, should the public “Opt-in” before any information can be sent?

Businesses (political lobbyists and contributors) favor "Opt-out" while the public favors "Opt-in. Although people want “Opt-in”, the industry is moving very strongly in the direction of “Opt-out” policies because there is no national law effectively preventing this from happening. It is clear the online industry is moving away from public opinion on privacy because it is in their best interest.

There are 12 million U.S. Businesses. If each company sent only
one advertisement per year we would still receive more than
32,000 advertisements per day.

While numerous spam e-mail bills have been introduced for legislative approval during the last few years, no effective Federal laws have been passed.

The European Union has largely adopted "Opt-in". The US it appears will not embrace it and rather favor "Opt-out". The reason should be obvious given what appears to be the government's priorities.

John

Actually the USA does have a federal law, the CAN-SPAM Act of 2003, which legalizes opt-out under some very lax conditions. Sadly, even though there are mountains of proof of voilations of this law we have yet to see anyone prosecuted under it. Even worse, this law superceded many stronger state anti-spam laws. Fortunately, states discovered that they could enact new tougher laws without violating the CAN-SPAM Act. Oklahoma in particular has been agressively prosecuting under their own state law and winning a few big victories.

Robert Soloway, one of the 5 largest spammers in the world, just lost a case by default judgement to the tune of over $10,000,000 and now has a permanent injuction from ever sending commercial email again. Rumor has it he's fled to a remote island somewhere to hide. Hurray! Hopefully by the end of the year we'll see some action against Alan Ralsky, the #1 spammer, who is responsible for most of the mortgage spam and a very large portion of pill and "enhancement" spams.

Many states have passed some form of control but it is clear that a Federal strategy needs to be addressed. Federal legislation to date is weak.

What has made this even more urgent in very recent years is the alarming IDENTITY THEFT component of spam. Yet this STILL doesn't seem to get the government to act in the interest of the public when they are faced with weighing business interest with public interest. American business lobbyists don't want "Opt-in" so it is highly unlikely we will see "Opt-in" legislation enacted unless they water it down so much it can be easily violated.

John