[SC-Help] Re: methods used...

[Mike Easter]

Jeff G. wrote:
> Following is a quote from a knowledgable fellow from another ng -
> whats wrong with this theory, if anything, aside from the fact that
> most folks don't have the time with just 30-40 spams per day?
> I mean, come on, in a week or two??

The 'fundamentals' of notifying the spamvertiser provider are based on
the concept that a whitehat provider doesn't want the client to be
spamming;  and when you report to the provider of the spamvertiser, the
provider will shut down the website.  Then, ostensibly the dejected
spammer will give up spamming forever and go away.

> Its simple
>>> Get spam.
>>> Go to website in spam
>>>       To see if it exists
>>>           Do a traceroute to the site to see who hosts it
>>>               Report the site to the host

This is a description of a rather foolish way to go about finding who
the provider for the website is, because you can make that determination
without actually opening the spam and letting it exercise your browser
to take you to the site.  You can determine the link in the spam without
opening it, you can use some tool such as SamSpade's GET function or web
based similars so that you determine the true location of the spamsite
if it has been redirected from the 'original' as in appears in the raw
unopened spam.

Spamcop does the 'straightforward' ones for you, but it doesn't
determine anything but the simplest of redirectors in which the
redirection is built into the original link, such as a yahoo redirector.

But, the overall point remains --  'report the site to the host'.

>>> do the same for any website in the spam that provides images (may
>>> not be the same host)
>>> and the same for any 'sign off' website in the spam (again, may not
>>> be the same host)

Theoretically images may be hosted on another site.  Spamcop's reporting
doesn't report to the providers of images.  Theoretically the remove may
be hosted at another site.  The business about notifying for a remove is
a subject which I personally consider of some controversy.  We will
temporarily skip past the controversy and say that spamcop's reporting
does routinely report to the provider of a remove site.

>>> The host will close the site, costing the spammer money (most
>>> webhosts dont refund monies when closed for cause)

This part is sadly rarely, almost never, true.  If it were true more
often than rarely, the reporting would be doing a lot more good than it
is actually doing.  What generally happens when you report the
spamvertiser to the provider/host whether you do it by spamcop or
manually is absolutely nothing.

>>> he may open new sites, if he spams for them, you close them as well.

That's the whole idea behind the reporting which we wish would work that
way.

>>> You can do this with programs that come with your computer system,
>>> or you can employ such as Visual Route or NeoTrace that combine them

The business about how you go about determining who/how to notify,
whether you use spamcop or whether you use other tools or whether you
use spamcop and many other tools is part of what we talk about around
here.

>>> It wont be automatic, you may have to do this for a week or two
>>> before seeing results.  Within a month, generally, you will start
>>> to see reductions in spam, keep it up, and in 3 months you will
>>> usually see a quite massive reduction in spam. Keep it up and in 6
>>> months or so, you (or that account) will be virtually spam free.
>>> It wont stop it completely, but it will reduce it to a level far
>>> more manageable. I.e. 200 spam per day down to 3 or 4 per week (and
>>> if you continue to do it, even that will in time come down)

Blahblahblah.  That all sounds nice, except for the part about the
providers you are notifying not being whitehat, but distinctly blackhat
and unresponsive.

-- 
Mike Easter
kibitzer, not SC admin