13th November 2013
All sane people agree that spam is a blight of the internet, be it email spam or comments spam or forum spam or any other form of unsolicited, blatant, shameless, out-of-context advertising. Multiple spam-fighting and spam-stopping systems are being developed.
With automated spam, automated spam-fighting systems might be the only choice. Sending rightfully angry emails to ISPs to notify about their customers violating service agreements is probably a waste of effort (something tells me most of these complaints end up in the trash folder, or even in the… spam folder). However, I get a feeling that some spam is not automated – it appears to have been actually prepared and sent by a human. (Alternatively, spammers behind those spams simply have better software.) Anyway, some spams seem to contain valid contact data of the advertized entity – like an email.
The resulting idea is very simple and was probably already implemented somewhere by someone: simply publish online contact emails of the entities which, apparently, had chosen spam as the primary means of advertising. These emails will be sooner or later harvested by spammers, added to spam databases, and will start getting progressively more spam.
There are a few drawbacks to this approach:
- knowing spam-collection points enables “black PR”-like mass-mailings in the name of one’s competitor, double-hurting the innocents; I do not see a clear method of preventing this, other than by concealing spam collection methods;
- human intelligence is required to identify if the contained email truly belongs to the advertised entity; this is fairly time-consuming, especially when scaled up; a possible solution (with its own problems) would be to build an online gateway for submitting curated spam samples, thus distributing the workload to all the participating volunteers;
- the next logical step is actually harvesting and then publishing all the emails from the advertised website;
- the biggest drawback, however, is low efficiency of this approach; increasing spam percentage will only be a mild nuisance, which isn’t likely to propagate high enough to affect spam-deciders; also, indirectly spamming someone’s mailbox will result in the loss of time, which could have been otherwise used for facebook and other important activities
What do you think? Should such a method be used?
Below I provide a few sample records from real spam comments, which had true-looking emails. I’m including some extra meta-data. Ideally, this should be stored in some kind of a database.
Submitted on 2013/11/13 at 15:23 GMT
Author : Виктор (IP: 22.214.171.124 , 37-110-134-95.pool.ukrtel.net)
E-mail : email@example.com
E-mail : firstname.lastname@example.org
E-mail : email@example.com
Submitted on 2013/11/26 at 8:53 GMT
Author : Виктор (IP: 126.96.36.199 , 235-146-134-95.pool.ukrtel.net)
E-mail : firstname.lastname@example.org
E-mail : email@example.com
Submitted on 2013/11/28 at 7:24 GMT
Author : Виктор (IP: 188.8.131.52 , 155-117-134-95.pool.ukrtel.net)
E-mail : firstname.lastname@example.org
E-mail : email@example.com
E-mail : firstname.lastname@example.org
E-mail : email@example.com
There’s definitely a need for a public database, API keys, and quorum algorithms…