
Spam is back - KabuseCha
https://theoutline.com/post/2498/spam-is-back
======
PakG1
Ironically, the problem of spam has created another weird problem. I'm not
sure what's the right kind of thing to describe them, so I'll call them the
ambulance chasers of the email world. But that doesn't sound right. Some kind
of leech, patent troll, and mafia rolled into one?

Last week, one of my organization's user email accounts was hacked. It started
getting used to send out spam. We caught it pretty quickly and updated the
password so that the spammers couldn't use it anymore. But it was too late, we
got listed on several spam blacklists. As such, all emails from our mail
server started going into recipient mailbox spam folders. OK, we just get
ourselves off of the spam blacklists, right?

Most of the spam blacklists gave us one of two options. First option was to
manually request removal, some of them required sending an email to confirm
what had happened and why we're confident the problem didn't exist anymore.
Easy. Second option was to wait as their service monitored our email services
to confirm if we were still sending out spam. If after a few days they
confirmed that the spammy behaviour had stopped, we'd be automatically removed
from their blacklist. Annoying wait, but reasonable methodology.

Then the annoying ones. One spam blacklist would not remove us for a week,
though we could expedite the process by paying them $106 USD. Otherwise, we
have a week of going into people's spam folders. It's a friggin racket. Dare I
say even extortion? The other annoying spam blacklist said that we could not
get removed from their list because we were on several other spam blacklists,
including the blacklists that required us to wait a few days for them to
monitor our email behaviour, AND the spam blacklist that wanted us to wait a
week if we didn't pay $106 USD. So we're on one spam blacklist for a week due
to not willing to pay extortion fees, and on the other spam blacklist for a
week because they're too meta to develop their own spam blacklisting
mechanisms and just follow what other blacklists are doing. The meta blacklist
annoys me more than the extortioner. Why are they checking whether we're on
other spam blacklists? They should be depending purely on their own capability
to identify spammers, not the capability of other organizations. Why do they
even exist? There's no value added by being meta here.

It really annoys me.

~~~
kijin
Just like DDoS attacks are forcing websites to hide behind a small number of
major services like Cloudflare, spam is forcing email users to consolidate
into a small number of well-known platforms like Gmail and Outlook. It's just
too much hassle otherwise.

But unlike in the case of a website using Cloudflare's DDoS protection to fend
off attacks, someone who gives up running their own mail server and signs up
for Gmail isn't doing so in order to get any direct benefit from Gmail's spam
filter. (Open-source spam filters have gotten good enough that they often do
just as good a job as Gmail, if not better.) It's almost entirely because of
the insane hassle of dealing with third-party blacklists as you said. Google
and Microsoft should give them a medal or something.

Many of the blacklist operators are highly moralistic, too. You'd think they
were on some sort of holy crusade against the ultimate evil. Of course you are
partly at fault for e.g. not enforcing strict password policies on your users,
but a small percentage of users are going to get hacked no matter what. I wish
the blacklists would redirect at least 10% of their moral outrage at the
danger of centralization that they're so willingly facilitating.

~~~
pers0n
For many on shared hosting with Cpanel, spamassasin isn’t good enough, I don’t
want to even deal with spam, much of it needs to just go to a black hole

~~~
kijin
That's an issue with shared hosting and cPanel. Most of those servers are
configured so terribly that they'll probably mark their own outgoing email as
spam if they set up their spam filter any stricter.

I don't like black holes, they're impossible to debug when something goes
wrong. All email should be either rejected at the SMTP level or delivered to a
mailbox (even if it's the spam folder) so there's a clear indication of what
happened to it.

------
chrismorgan
That constantly animated squiggly line is surprisingly annoying.

Please: do not animate things like that. Animation can be good when triggered
by user interactions, to signify state transitions, but simple gratuitous
animations can be quite annoying.

~~~
toomim
I liked it.

------
petercooper
On the flipside, junk calls provide more opportunities to deploy "Lenny":
[https://www.reddit.com/r/itslenny/](https://www.reddit.com/r/itslenny/)

~~~
Sniffnoy
I've never once been able to successfully deploy Lenny (or other equivalents
such as the Jolly Roger Telephone Company) against a spam call. The calls are
always from a recording, not a person, and after I put them through to Lenny
(which is an annoyingly long process on an Android phone -- press add call,
unlock phone, select Lenny, hit "call", wait, hit "merge", then mute myself)
they always just hang up pretty quickly. Anyone have any idea if there's some
way I could be using it better? Press a key to get through to a person, maybe,
and then deploy Lenny?

~~~
roganp
This. I get a bunch of robo calls that appear to be for no purpose - there is
no way to get a human on the other end of the phone (they just disconnect when
you express interest in what they are selling). It's almost like the call
itself is a scam, but not on me - like the call centers that offer this
service are getting paid to make the call and not the conversion, so they dial
my number and play a recording but have no facility to do more than that.
Super frustrating.

~~~
rwbcxrz
They could also be checking to see if a human answers so they can sell your
number or target you later.

------
chrisz42
You know why spam is back? Because it works! I didn't get my head around this
until late when I started my own company. Mass contacting people is one of the
easiest and successful ways. Of course, if you have the time and resources to
do targeted marketing it's better, but what happens when you don't and you are
an engineer who sees one or two opportunities to mass contact people?

~~~
amelius
Perhaps we should spam people asking them to ignore spam, until it stops.

------
tyingq
The robocalls I get are so poorly done that I wonder if they even make money.
I tried chatting them up a bit after being transferred to a real person and
they have no sales skills. That's if you can even talk to a real person...the
transfer often fails.

~~~
pavel_lishin
The robocalls are dirt cheap. Even the people aren't that costly. You only
need a few suckers.

~~~
tyingq
Really, though, they don't even try. I played the sucker really hard. They
never got to the part where they ask for money. I think there's a large amount
of amateurs just flushing money down the drain because it's cheap and they
have no idea what they are doing.

------
RyanShook
Spam never went away. I’ve had good success flagging calls using Hiya app.
Most carriers have partnered with Hiya to provide a free version of the app in
the App Store. AT&T’s is called Call Protect.

------
fiatjaf
My life was awful until I started blocking numbers on my phone.

But the "spam is dead" message is totally misleading. Email spam is still
pretty much alive and well. Try running an email server yourself or even
publishing an address handled by Mailgun online.

Or, if you want some laughs, look at
[https://spa.mnesty.com/](https://spa.mnesty.com/)

~~~
emodendroket
Perhaps a better way of stating the thesis is that spam felt like a largely
solved problem.

------
sillysaurus3
Thoughts on nomorobo? Ive been thinking of signing up.

The spam calls are ridiculous. I have to keep do not disturb on 24/7, but some
have caught on that they can call twice in a row to get through.

~~~
bearbearbear
The problem with blocking numbers in bulk is that phone numbers are recycled
all the time.

If you block 500 numbers and then you apply for a job and the person who wants
to call you back about the job just got a new prepaid phone, you might be
blocking their number.

~~~
geraldcombs
If your potential employer is using a burner phone you might have worse
problems than robocalls.

------
microcolonel
Phew, I thought they were talking about email spam coming back. This article
is a bit clickbaity, and sorta tricks you into continuing to read until you
figure out it's talking about social media, telephone, and SMS spam (by giving
examples of people making progress against email spam, talking about email
spam being a thing of the past).

As a small email system operator, I have seen spam fluctuate greatly. In my
case it accounts for around 99% of connections, and 95% of successful
connections (valid reverse dns, working STARTTLS), but today it only accounted
for about 10% of successful connections. Miraculously, I have seen penny stock
spam in 2017.

------
paulie_a
I recently got a call about my student loan debt, which I have zero. The
script these people follow is incredibly terrible. I played along with the
person asking questions, "oh, so which student loan, with what bank?"

"chase?" no, "wells fargo?", no, "bank of america?" no and then the person
hung up on me.

~~~
tonyquart
I think you need to consult this matter to lawyers or law firms. I just read
an article that talks about similar fake debt collectors problem at
[https://www.lemberglaw.com/monitronics-tcpa-lawsuit-
settleme...](https://www.lemberglaw.com/monitronics-tcpa-lawsuit-settlement/).
There are so many complaints about them in these past few weeks. Hope this
helps.

------
King-Aaron
I don't really know if spam ever left, for it to be 'back'.

Though I do want to make a comment on the advertising in this site - I really,
really like it. They're big graphics for those Macallan Rare Cask ads, but
they are designed nicely and aren't "in your face", even though they are
extremely prominent.

I like this.

------
jarnix
There is also a new form of spam in 2017 (and even before), that's the
notifications that we get from apps on our mobile phones. Does every app ask
our permission before pushing notifications (for example at night when you try
to sleep) ?

And every other website asking to push notifications on the desktop ?

And every Messenger bot ?

------
bpicolo
I've been getting spam google calendar invites. It's insanely annoying - no
idea how to stop it.

~~~
Leftium
[https://www.labnol.org/internet/prevent-google-calendar-
spam...](https://www.labnol.org/internet/prevent-google-calendar-spam-
inserting-new-events/2900/)

~~~
bpicolo
Not a great solution tbh. I do want to see events I haven't responded to in
almost all circumstances - colleagues etc

------
milesvp
I'm surprised no one here is talking solutions. The fundamental problem is
someone can connect to me and I have no way to trace it back to an
organization who I can charge/sue.

The first step is to start adopting standards that aren't free either in cost
or in compute. For email, this could be as simple as requiring proof of work
before accepting an email. For private telcos requiring the ability to charge
the company connecting to my number would solve most of these problems too.
I'd love spam if I had the equivalent of an 80's era 976 number.

~~~
tomjen3
The solution is to not allow connections from unknown numbers, that is numbers
which are not in my contacts. You can do other things like add CAPTCHAs, etc
but really if I don't know you, I probably don't want to hear from you, in any
capacity.

------
jftuga
I can't press the space bar to page down on this article. I am using Chrome on
a Macbook.

:-(

------
bearbearbear
This is a longform ad for a book.

