PDA

View Full Version : The Spammers Have Won



tofu
2007-Mar-16, 03:11 PM
Maybe that sounds a little pessimistic, but wait until you hear this. There is a company out there that is offering an API for solving CAPTCHAs. As a quick background for those who don't already know, CAPTCHA is a puzzle that's easy for a human to solve but difficult for a machine to solve. You've seen this before when you've registered for some website and they showed you a picture with a few random letters and asked you to type the letters into a text box.

You cannot put a guest book or otherwise anonymous comment box on the Internet without an automated spammer coming along and filling it with spam. For a while though, that problem seemed to have a workable solution in the form of CAPTCHA.

But here's what I saw today:

http://www.captchasolver.com/

It works like this, if you are a spammer you buy their API and use it in your spamming software. When your spamming software runs into a CAPTCHA, it sends the CAPTCHA to this company and they forward it to a human being, who solves it. The solution is sent back to your spamming software, and you continue to spam.

The company needs to have a lot of humans sitting at computers - but here's the genius of this, if you sign up with them as a solver then when you have time and feel like it, you start the software and they send you a few CAPTCHAs to solve. I don't know how much they pay you for each solution. If it so happens that a lot of humans are available, then the lag time for the spammers will be short. But if fewer humans happen to available, it only means that the lag time will increase, but the system still works.

So basically, no CAPTCHA is now a safeguard against en-mass spamming. Expect to see a lot more spam on web forms, on places like IMDB, on news sites that allow comments with stories, on youtube, etc.

GDwarf
2007-Mar-16, 03:17 PM
Oh, it's much worse then that. Most spam bots can solve CAPTCHAs by themselves, in fact, most of them are better at figuring out what those things say then humans are.

The reality is that spammers are far ahead of any countermeasures that can be thought up. Essentially the defenders are spending their time perfecting chain mail while the (top) spammers are putting the finishing touches on their ICBMs.

farmerjumperdon
2007-Mar-16, 03:39 PM
But isn't this just the next step in the ongoing battle between hacking and securing?

I mean, does anybody really think either side will ever permanently defeat the other?

Where there is sufficient financial incentive, people will find a way.

Was it W.C. Fields who said "Love makes the world go around, . . . and I love money."

tofu
2007-Mar-16, 03:40 PM
Most spam bots can solve CAPTCHAs by themselves

Yes, it's true that some bots use OCR. So, a machine can solve this:
http://www.maj.com/gallery/tofu/babb/weakcaptcha.jpg

But keep in there are really good CAPTCHAs out there that no software can solve. As an example, take a look at this:

http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix

or this

http://research.microsoft.com/asirra/

I promise you, there is no spambot out there than can solve that. No way. Not without a human.

tofu
2007-Mar-16, 03:43 PM
But isn't this just the next step in the ongoing battle between hacking and securing?

yes. Actually, after I posted this it occured to me that it might be fun to sign up for their service and then use a bot to send random (presumably wrong) solutions and see if they would still pay me. It seems like you could sign up thousands of bot solvers and completely swamp them.

tdvance
2007-Mar-16, 04:35 PM
The number of words in the first case, and the number of possible well-known species in the second case are small enough for an exhaustive attack to work.

Todd



Yes, it's true that some bots use OCR. So, a machine can solve this:
http://www.maj.com/gallery/tofu/babb/weakcaptcha.jpg

But keep in there are really good CAPTCHAs out there that no software can solve. As an example, take a look at this:

http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix

or this

http://research.microsoft.com/asirra/

I promise you, there is no spambot out there than can solve that. No way. Not without a human.

Musashi
2007-Mar-16, 04:38 PM
Is there a way to limit the attempts one gets at cracking it?

tofu
2007-Mar-16, 04:51 PM
The number of words in the first case, and the number of possible well-known species in the second case are small enough for an exhaustive attack to work.

Todd

no, I'm sorry. You don't understand. The CAPTCHA shows you six animals and asks you to pick three that are cats. You get exactly 1 guess. If you guess wrong you are shown six DIFFERENT animals.

The "exhastive attack" (more commonly called brute force) will not work. After giving you, say three attempts, I will simply block your IP.

Moose
2007-Mar-16, 05:01 PM
Should be, Mak. If a single IP gets three wrong in a row, you set that IP on a banned list. You either review that list afterwards or not.

So long as you disallow multiple guesses for the same CAPTCHA, and recycle the puzzle every time from a large list (or better yet, a "use once and discard" generator with true randomization (atmospheric noise) to prevent pattern cracks), it should prevent successful cracks that don't involve actually solving the puzzle. The pet one should be pretty good, but I gotta say it false-spotted me as a bot 'cause it gave me a bunch of pictures that were just bad enough I couldn't identify the critter in it. (A dark critter on a dark background with dark lighting. I'm not that good at punching through contrast issues.)

Fazor
2007-Mar-16, 05:22 PM
I would think a time limit to answer would help fight this captchasolver thing (depending on how quickly captchasolverettes respond). But as was said, it's an ongoing always evolving battle. one new security measure = one new way arround = one new security measure = one new way arround etc. etc.

[edit] On one of those "ironic" type notes, this isn't necessarly a bad thing. Keeps the bad side in business, but also the "good guys". how many techies would be out of jobs if people suddenly stopped spamming and writing viruses and such?

Moose
2007-Mar-16, 05:46 PM
I would think a time limit to answer would help fight this captchasolver thing (depending on how quickly captchasolverettes respond). But as was said, it's an ongoing always evolving battle. one new security measure = one new way arround = one new security measure = one new way arround etc. etc.

It'll always necessarily be faster than a human can do it, or it'll end up being more economical to pay an impoverished human to do it.

If anything, you want to block the one that's too quick to solve it. Of course, the spammers will simply slow down their software, but then it becomes a teergrube, and that's not really a bad thing either.


[edit] On one of those "ironic" type notes, this isn't necessarly a bad thing. Keeps the bad side in business, but also the "good guys". how many techies would be out of jobs if people suddenly stopped spamming and writing viruses and such?

I can't speak for everyone, but I've got better things to do than to chase spammers all day and/or reduce our productivity to keep them from eliminating it. I would imagine I'm not the only prog to feel the same way.

DyerWolf
2007-Mar-16, 05:47 PM
yes. Actually, after I posted this it occured to me that it might be fun to sign up for their service and then use a bot to send random (presumably wrong) solutions and see if they would still pay me. It seems like you could sign up thousands of bot solvers and completely swamp them.


Ironic and funny - but if you did that, these would be just the type of *NOBLE FELLOWS* who have an attorney sitting around to sue you for breach of contract.

Moose
2007-Mar-16, 05:56 PM
It's worse than that, DyerWolf (you'll want to edit that language, btw), you could possibly be setting yourself up for criminal computer fraud (across state lines) charges. It's something that's in the Secret Service's jurisdiction and they take it pretty seriously. At least they did in the 80s.

Fazor
2007-Mar-16, 05:57 PM
I can't speak for everyone, but I've got better things to do than to chase spammers all day and/or reduce our productivity to keep them from eliminating it. I would imagine I'm not the only prog to feel the same way.

No, but I have a feeling you'd feel differently if your boss came to you and said "sorry, the work-load is down and we don't need as many of you guys anymore. Door's that way."

(im not saying this would be the case in *your* particular situation, because i don't know what that is.)

Moose
2007-Mar-16, 06:12 PM
No, but I have a feeling you'd feel differently if your boss came to you and said "sorry, the work-load is down and we don't need as many of you guys anymore. Door's that way."

To be honest, that would be a relief, comparatively. See, I added "Oh, BTW, we failed to make payroll, so you're out 10K (USD), lolz" to my career highlights replay tape in 2001.

*shrug* And it's not like that was my first random layoff, either. Sad to say, but it's part of the territory. Maybe if the malware peddlers all DedIAF (metaphorically speaking, of course), more of us could do something billable and productive instead and maybe, just maybe (though I'm cynic enough to doubt it) management would start to see progs as assets rather than liabilities in their myopic worldview. Maybe they'd make payroll a bit more often.

Fazor
2007-Mar-16, 06:19 PM
Well, that's no fun. If it helps my industry is quite similar. Anyway I was just reaching for a silver lining in the whole thing, as if I ever met a malware programmer or spammer i'd *probably* spend the next few days in county lockup awaiting my assault hearing.

Swift
2007-Mar-16, 06:21 PM
<snip>
But keep in there are really good CAPTCHAs out there that no software can solve. As an example, take a look at this:

http://gs264.sp.cs.cmu.edu/cgi-bin/esp-pix

I promise you, there is no spambot out there than can solve that. No way. Not without a human.
I guess I'm a spambot, because I couldn't solve some of these. It is four pictures and you are supposed to select what is the common theme. Many of them I could get, but some I wasn't sure and my guess didn't match those on the drop down list.

Chuck
2007-Mar-17, 12:47 AM
The spammers are a problem because the system if poorly designed. Using email, posting in forums, and signing guest books is all free after paying the cost of Internet access. Any time something is offered for free, someone is going to take advantage of it.

One way to reduce spam would be for charge a tiny amount for the use of all of these services. If someone wants to post somewhere or send an email it would cost a fraction of a penny. If such things cost ten for a penny it would be insignificant for most people, but a spammer who needs to send out large numbers of messages would have to pay $1,000 per million. Individuals could set daily limits for themselves in case their computers are hijacked, so little spam would get out that way. Bank accounts would have to be set up to handle the micropayments but that would be a lot less bother than handling mountains of spam.

If that's too much to pay for posting in a forum then the owner could allow free posting but charge a small registration free to join with the understanding that the account would be canceled with no refund if the user violates any of the board rules, including spamming. If that's too much for email then the recipient could keep a white list of people who are allowed to send for free. A sender would pay to send one message asking to be put on the list and would be taken off the list for spamming. I doubt that anyone signs so many guest books that a small fee would be a problem.

The end result would be most Internet users paying nothing most of the time. Only the spammers would pay any significant amounts of money. If spam were not greatly reduced, raise the price until it is.

tdvance
2007-Mar-17, 07:53 PM
no, I'm sorry. You don't understand. The CAPTCHA shows you six animals and asks you to pick three that are cats. You get exactly 1 guess. If you guess wrong you are shown six DIFFERENT animals.

The "exhastive attack" (more commonly called brute force) will not work. After giving you, say three attempts, I will simply block your IP.

I still say exhaustion will work--just guess randomly each time--ok, might not truely be exhaustion, but will work on average, with just as many trials. Remember spammers change IPs pretty fast. Trust me, I understand!

tdvance
2007-Mar-17, 08:02 PM
The spammers are a problem because the system if poorly designed. Using email, posting in forums, and signing guest books is all free after paying the cost of Internet access. Any time something is offered for free, someone is going to take advantage of it....


sounds like the Heinlein plan--from one of his novels, you call--you deposit $100.00. If the receiver of the call thinks your call is worthwhile, the $100.00 is refunded.

Something similar would work with e-mail, subscriptsions, etc. if some standards are agreed on.

To send mail, you deposit 1 cent. The receiver has the option of refunding the penny or keeping it.

Spammers will lose big. People who get spammed a lot might actually make a decent living :) "ordinary people" will gain a penny or lose a penny, now and then, and perhaps delete former friends from their addressbook if they lose too many pennies to them, but mostly will come out close enough to neutral for it not to matter. the "Penny" rule should be flexible--after all, it costs more than a penny for a telemarketer to call someone--so, people who really hate spam or don't really want "legit" e-mails can up their prices to mail them!

This system is better than a law that tries to define "spam", which spammers find loopholes for or, if too open-ended, occaisionally a legit e-mail might land in the definition.

Todd

Moose
2007-Mar-17, 09:27 PM
I still say exhaustion will work--just guess randomly each time--ok, might not truely be exhaustion, but will work on average, with just as many trials. Remember spammers change IPs pretty fast. Trust me, I understand!

They'll run out pretty fast, too. If you brute-force attack something and get that IP banned (perhaps even only for a month) every third attempt with, say, a one minute delay before you can attempt again with that IP, how many IPs and time do you have to burn in order to get into a single message board to spam?

More than is economical. You'll be right back to them hiring third world sweatshop employees to solve your CAPTCHAs. And if it does get effectively reduced to that, suddenly the "Internet Death Penalty" and common ban lists become entirely viable again.

Moose
2007-Mar-17, 09:38 PM
To send mail, you deposit 1 cent. The receiver has the option of refunding the penny or keeping it.

Would it surprise you to know that with about a minute's preparation (and knowing only your email address), I can send you an email that looks like it came from yourself? With a half-an-hour, I could do one that couldn't be traced back to me without a great deal of effort. With s'kiddie toys and a bit of time to set them up, I could do one that couldn't be traced back to me at all.

To end such a mechanism on a world scale, I would simply write a script to forge a few hundred thousand emails from you to me, for one cent each and have a script keep the pennies each time. Or better yet, hijack multiple accounts and frame an innocent using that method. Better yet, hijack a few zombie networks (it's been done) and frame all the script kiddies.

Todd, why do you think the spam problem still exists after all this time? That somehow the will wasn't there to end it? Technical solutions won't work to solve this.

Small claims civil cases is the best bet to end this. Fax spam is all but extinct because of it. $500 per fax, $1500 if it can be proven deliberate.
Do this enough and it gets pushed overseas into rogue-nation style pockets. Then the various blacklists and in the worst case, the Internet Death Penalty, comes into play.

tdvance
2007-Mar-17, 10:08 PM
I've received e-mails supposedly "from myself" but no, you can tell the difference!!!! And why would you need a whole minute? :)

but it's sending the e-mail that costs a penny, not having one sent in your name--your ISP could be the clearing house (and you would need a good password!). Can you send yourself a postage stamp from me by mailing a letter to yourself with my return address? Not without breaking into my house and stealing postage stamps or the equivalent.

I did say everyone would need to agree to a standard--sending your penny to the recipient's ISP. Your ISP would also reject mail that didn't come prepaid. A hacker could still take someone's computer and charge them a bit of money. putting, say $100.00 on escrow with the ISP and having outgoing mail stopped if it runs out is a way to limit that.

Moose
2007-Mar-17, 10:45 PM
but it's sending the e-mail that costs a penny, not having one sent in your name--your ISP could be the clearing house (and you would need a good password!).

1) To make that work, you're talking about rebuilding the internet from scratch. That, I'm afraid, isn't going to happen. People have been proposing similar "secure email" schemes since the early 90s and the very first relay-rape.

2) There are at least three places in email transmission one can attack in order to make your ISP believe (or the recipient) believe your IP address sent the mail and that you've agreed to be charged that penny.

And that doesn't include trojan horses. Have you ran a virus checker lately? Do you let internet explorer or outlook through your egress-control firewall at any time? Do you open attachments your friends send you? If you've answered yes to any of these questions, you've "just" been billed a few million dollars in pennies, untracably. If it's done correctly, you'll be left with no evidence whatsoever to counter your ISP's logs.

Anytime and anywhere you inject money into the equation, you've blown a new attack point wide open and given the bad guys ample incentive to abuse it. It's why spam's so attractive as it is. Email by its nature does indeed cost something: to receive it. The term for the overall problem is cost-shifting. The problem is well understood, and it's not solvable by technical means.

Moose
2007-Mar-17, 10:53 PM
Forgot to mention:


And why would you need a whole minute? :)

Because my email client is currently rigged to make email from my machine look like it's originating from my domain through a "server" that doesn't exist. The goal is to recieve email through my domain to a server that (still) doesn't exist. My ISP ran out of sensible 8-character usernames a long time ago, and I won't compete with the rest of Canada for a bad username.

Undoing what I did would account for at least 20 seconds of that minute.

Chuck
2007-Mar-17, 11:11 PM
The current email system isn't designed for micropayemnts but it could be fixed. My bank would have a public encryption key which anyone could use to send them messages that only they could decrypt. When I sent an email, the message's return address, time stamp, my bank account number, my bank account's password, and delivery fee offer would be encrypted and sent along with the message. When the message arrived at its destination, if my payment offer is enough to pay for delivery then the encrypted information would be sent to my bank where it would be decrypted which proves my identity since it contains my bank account password. My account would then be charged the delivery fee and the recipient's ISP would be instructed to deliver the message.

Someone hacking into my computer could use my mail system and I'd be charged for the messages, but I could set a daily limit of 100 messages or some such number. When I reached my limit, my ISP would inform me and I'd know that my computer had been hacked and could do something about it. At 1&#162; each I'd be charged $1.00 for the hundred messages sent.

Chuck
2007-Mar-17, 11:50 PM
It would require more Internet traffic as ISPs communicated with banks, but in actual practice it wouldn't be used for most messages. Most people communicate with their friends or business associates most of the time so they'd have each other whitelisted. When I ordered online merchandise, my browser software would whitelist the company for me so they could send me confirming emails. Those messages would go through for free. It's mostly spammers who would be affected by this.

A hacker could send messages from my computer to people on my whitelist, figuring they'd have me whitelisted as well. Some spam would get through, but someone would soon inform me that I'm sending spam so I could put a stop to it.

ZaphodBeeblebrox
2007-Mar-18, 03:48 AM
Would it surprise you to know that with about a minute's preparation (and knowing only your email address), I can send you an email that looks like it came from yourself? With a half-an-hour, I could do one that couldn't be traced back to me without a great deal of effort. With s'kiddie toys and a bit of time to set them up, I could do one that couldn't be traced back to me at all.

To end such a mechanism on a world scale, I would simply write a script to forge a few hundred thousand emails from you to me, for one cent each and have a script keep the pennies each time. Or better yet, hijack multiple accounts and frame an innocent using that method. Better yet, hijack a few zombie networks (it's been done) and frame all the script kiddies.

Todd, why do you think the spam problem still exists after all this time? That somehow the will wasn't there to end it? Technical solutions won't work to solve this.

Small claims civil cases is the best bet to end this. Fax spam is all but extinct because of it. $500 per fax, $1500 if it can be proven deliberate.
Do this enough and it gets pushed overseas into rogue-nation style pockets. Then the various blacklists and in the worst case, the Internet Death Penalty, comes into play.
Moose, I Thiink you Have The Riight of it ...

Heck, I STIILL Even Get Fax Spam but Only at Work, Somethiing in The Rulings Allows for Commericial Exploitation, If There's Even a Slight Chance Another Business Miight Be Able to Make Use of The Service ...

So, I'm Intrigued, What's Thiis Internet Death Penalty of Whiich you Speak?

HenrikOlsen
2007-Mar-18, 07:58 AM
I know one Danish ISP started blocking incoming mail by country, probably based on the calculation that losing the one customer per 10000 who actually needs to receive mail from *** is better than the other 9999 receiving all the spam sent though machines there.

Filtering was based on ip ranges assigned to that country, not on dns or anything in the actual mail.

RalofTyr
2007-Mar-18, 08:34 AM
In Soviet Russia, the Spammers spam you.

Moose
2007-Mar-18, 11:28 AM
So, I'm Intrigued, What's Thiis Internet Death Penalty of Whiich you Speak?

It's a form of blacklist where a large number of routers decline to pass along packets coming from a target range. When enough backbones and routers do this, you can become effectively cut off from the internet, even if you still have connectivity. It's not something done lightly.

In the late 90s, there was a lesser, much less formal, form of IDP happening quite spontaneously targetting China and large parts of SE asia where the majority of relay-rape spam was coming from. It was enough of a problem that many servers and ISPs started blocking entire countries. It wasn't organized by any stretch, but it was happening.

It's been done formally on Usenet a very rare few times.

To use a BAUT-related analogy, imagine if the mods were somehow all asleep at the switch for an extended period of time, and there was some random newbie who'd become sufficiently obnoxious that just about every member put him/her in their ignore list... Same basic idea.

Chuck
2007-Mar-18, 02:14 PM
Blocking, filtering, and legislation treat the symptoms but not the cause. The cause is the existence of a free service. As long as information is delivered for free there's going to be a problem. The service is really free only for the abuser since everyone ends up paying for it in the form of higher access rates, slower service, and time spent deleting the spam that gets through.

peteshimmon
2007-Mar-18, 02:28 PM
I have wondered if something can be done using
the fact that most people are straightforward
and do not like trouble makers. So we become
our own police. Here on BAUT senior members
signal mods about spam. If their signals could
cause immediate action, spammers would be more
quickly squashed. So some form of voting where
10 established members send a signal might be
quicker than waiting for a mod. Similarly on
the net, if ISPs accept warnings from
customers, action might be taken to isolate
trouble now. There is a firm occupying an old
nuclear bunker in Southern England that fights
denial of service attacks on websites. So some
form of policing is already here!

HenrikOlsen
2007-Mar-19, 06:20 AM
The problem with such a system is that unless you have a way of establishing credentials of the reporting people, it's open to abuse as denial of service.

Moose
2007-Mar-19, 09:46 AM
... And if you have a reliable way of establishing credentials in email, you have the means to tackle the spam problem directly, rather than indirectly through moderator or micropayment schemes.

Chuck
2007-Mar-19, 02:33 PM
Since people would have to be able to come up with credentials in the first place, spammers could always come up with new credentials. You'd also have to have a definition of spam to separate it from legitimate messages. There would always be a gray area between the two. Advertising is a great way to learn about new products so I don't necessarily want all unrequested email to be blocked. With a user defined payment system those problems wouldn't exist. If someone is willing to pay a penny to put email in my mailbox there's a good chance that I'd find it interesting. If not, and I still get too many ads, I can raise my mail reception fee. Someone else who likes advertising could set his fee to zero.

A good system would not stop all advertising. It should stop the flood of duplicate ads that people get every day but not the occasional targeted mailing. A free market system in which owners of a resource, their mailboxes, get to charge advertisers for their use would work best.

01101001
2008-Jan-04, 11:27 PM
(Thread revived for breaking news about email spammers.)

Here's hoping these spammers lose and lose big:

US Department of Justice: Alan Ralsky, Ten Others, Indicted in International Illegal Spamming and Stock Fraud Scheme (http://www.usdoj.gov/opa/pr/2008/January/08_crm_003.html)


U.S. Attorney Stephen J. Murphy said, "Today's charges seek to knock out one of the largest illegal spamming and fraud operations in the country, an international scheme to make money by manipulating stock prices through illegal spam e-mail promotions. I commend the excellent investigative work of the FBI, Postal Inspection Service, and the IRS-Criminal Investigation Division. I also wish to recognize the significant support and expertise provided by the Computer Crime and Intellectual Property Section of the Criminal Division of the Department of Justice."

The charges arose after a three-year investigation — led by agents from the Federal Bureau of Investigation, with assistance from the U.S. Postal Inspection Service and the Internal Revenue Service — revealed a sophisticated and extensive spamming operation that, as alleged in the indictment, largely focused on running a stock “pump and dump” scheme, whereby the defendants sent spam touting thinly traded Chinese penny stocks, drove up their stock price, and reaped profits by selling the stock at artificially inflated prices. According to the indictment, the defendants used various illegal methods in order to maximize the amount of spam that evaded spam- blocking devices and tricked recipients into opening, and acting on, the advertisements in the spam. These included using falsified “headers” in the email messages, using proxy computers to relay the spam, using falsely registered domain names to send the spam, as well as making misrepresentations in the advertising content of some of the underlying email messages.

Maybe I'll comment out my hand-crafted procmail pump-and-dump fllters and see if there's any further activity, or if it all was due to these clods.

MentalAvenger
2008-Jan-05, 12:15 AM
IMO, anyone who sends spam messages should be fined $10,000 and 1 year in prison for each separate instance. No appeal, no mercy.

Neverfly
2008-Jan-05, 01:27 AM
IMO, anyone who sends spam messages should be fined $10,000 and 1 year in prison for each separate instance. No appeal, no mercy.

Kinda mad are ya?:p

Actually, anyone can send spam. Oftentimes spam is sent out from hijacked emails. The owner of the email is unaware that it being used for sending spam.

And, yes, I think that would count as cruel and unusual punishment.

My spam filters are set and I rarely get any spam.

Chuck
2008-Jan-05, 01:34 AM
Removing a big spammer makes spamming more profitable for others. He'll be replaced soon enough.

MentalAvenger
2008-Jan-05, 03:28 AM
Actually, I thought I was being rather lenient. If there was a significant penalty for knowingly using spam, perhaps we could control it. Spam is useless unless it identifies the person benefiting from it. Remove the market, and the source should dry up.

I also advocate stricter laws for those who write or knowingly spread computer viruses. Upon proof and conviction, the perpetrator should be put into an isolation cell, injected with a deadly virus, and their painful demise broadcast live.

Neverfly
2008-Jan-05, 03:51 AM
ummm.. no comment:whistle:


I will, however, point out that you also would need to target ALL advertising, commercials, billboards and anything else that tries to get your attention in order to sell, scam or remove funds from your wallet.

MentalAvenger
2008-Jan-05, 08:12 AM
Not really. Alternate targets would be cold-calling (telemarketing), door-to-door salesmen, etc. IMO, advertising mediums such as billboards, tv commercials, radio commercials, etc. are quite valid.

Neverfly
2008-Jan-05, 08:33 AM
Not really. Alternate targets would be cold-calling (telemarketing), door-to-door salesmen, etc. IMO, advertising mediums such as billboards, tv commercials, radio commercials, etc. are quite valid.

So you are differentiating between passive and intrusive advertising:think:

Ok, I can go along with that.:)

toejam
2008-Jan-05, 04:37 PM
My spam filters are set and I rarely get any spam.


Yes. My email filters allow about 1 message in 20 or 25 through. I never get spam, and am not aware of having missed any email from places that I want to receive email from.

Gillianren
2008-Jan-05, 08:06 PM
My spam filter is set on "exclusive," so if I don't have your e-mail address in my address book, it goes into my spam folder. I skim the contents regularly, but I no longer have to worry about failing to delete one before I read my wanted messages and being bothered by a message offering me a pill I can't possibly need.

ravens_cry
2008-Jan-05, 08:20 PM
I have encountered a quite simple but beutiful way spammers got past my spam blocker. One, they sent a LONG legitimate looking email, gushing about some family trip or the other. And on the bottom, there was the spam. I had to grin at that one.