The spamming community has their own set of problems that they must contend with in order to keep sending out bulk e-mails.
Anonymous whois infoEdit
All ICANN-accredited registrars must provide valid whois information to the registry of the [TLD] of a domain. This poses some problems to the spammer: using their real data may get them arrested, using false information will get their domain suspended.
New spammers may use random registration strings (ex. a name such as "hjdfidyugdk"), though such domains do not last long before being suspended (either automatically or after a complaint). The more seasoned spammers, having learned this, use several different means to hide their real identity when registering a domain:
- whois identity theft
- authentic-looking whois address
- whois proxy (paying someone to use their information)
In addition to the above, they may use obfuscated whois data via a whois privacy company or service.
Spammers prefer to use anonymous corporations to back their operations for various reasons:
- CAN-SPAM Act compliance
- more difficult for filing lawsuits
- tax benefits
Conventional credit card payments can trace a payment operation to a particular person, which is undesirable from a spammer's perspective. As spammers may have a fair amount of capital, payment is an issue of anonymity.
To pay for services such as domain name registration in such as way as to remain anonymous, spammers frequently choose:
- payment by proxy (paying someone to pay someone to make the purchase)
- online banking (egold, paypal, etc.)
- anonymous credit cards
- stolen or fake credit cards
- payment in cash
- Western Union
To increase anonymity, mixtures of the above can be used, as can "cleaning" the money. For example, a stolen credit card can be used to credit an online credit account with fake information, which in turn may be used to make the purchase or to hire the services of a proxy. _________________
Some may try to place orders using fictitious credit card information. Fake credit card detection is rather simple, however, making this type of operation impractical.
Because complaints will usually bring down any domain name, spammers try to achieve what they call "bullet-proof" (BP) hosting or domain name registration.
Domain name registrationEdit
Choosing a registrarEdit
Reactivity to complaintsEdit
A major concern for spammers is having their domain names suspended by their registrar. When a domain is registered with a registrar that does not react to complaints, by suspending a domain when it is in violation of their own contract and/or one that is used for criminal activity, the domain is called a 'BP domain', or bullet-proof domain.
A list of how responsive (or un-responsive) registrars are in shutting down deviant domains may be found in the URIBL Abused/Abusive Registrar List.
Domains may be purchased for as little as 6.50 USD for gTLDs depending on the registrar. Some spammers will use a spammer reseller service, purchasing 'BP domains' from another. These domains can cost around 16 USD if purchased in bulk.
One method involves redirections. Conscious that URLs appearing in spam can be collected and blacklisted on blocklists, also blacklisted on web site reputation services, these spammers will instead resort to "redirection". They generate thousands of short lived domains which are used to redirect to the "target" site, one which never appears in spam. These thousands of sites generally reside one one or a few IP addresses. They contain a simple redirection to the target site, such as:
HTTP/1.1 302 Found Server: Apache/2.2.15 (CentOS) X-Powered-By: PHP/5.3.3 Location: http://ddw.bigmedsstore.com Content-Length: 0
Here the redirection would land on the hidden target, bigmedsstore.com.
Another method for preventing complaints is to hide the actual address of the website from the everyday user using Frames or other such URL obfuscation techniques. Here you can see how one company does that.
This technique, while useful for the general public is ineffective however, due to the ease with which a spamtracker can see what is really occurring.
Name server registrationEdit
Certain spammers are switching from centralized privately-owned nameservers to public anonymous nameservers. One such example is the Cheap Software & OEM Cds operation which lately appears to rely heavily upon those servers.
DNSPOD.NET was one such service that allowed spammers to have free access to a bullet-proof nameserver that can be set up in seconds with totally fake registration information. To follow a discussion of this topic, visit the KS Forum.
- Atomic Email Sender 4
- Dark Mailer
- List Sorcerer
- Yoshi proxy mailer
Issues: Hitting specific free e-mail addresses, technical support, CAN-SPAM compliance (only applicable to bulk mailers within the United States),
Mailing methods and techniquesEdit
- Via proxies
- Direct mailing
- Internal Mailer
- Via relays
- Proxy Lock
Inter-spammer disputes and areas of concernEdit
Spammers constantly fight amongst themselves. They may dedicate entire discussions to arguing over an issue of no consequence, ending in no concrete action or resolution other than maintaining the status-quo. (see: An Introduction to the Social Psychology of Insults in Organizations)
It would seem, therefore, that the sociological purpose of such in-fighting within the spammer community is to establish the levels of dominance within the group, thus maintaining its stability.
The cyclic nature of such disputes followed by periods of fairly coherent discussion seems to support this claim.
Some common subjects of discontent for spammers are:
- non-payment or late payment for services rendered (Spammer services)
- attacks on integrity or identity (Spammer brand name)
Spammers cannot take advantage of the judicial or arbitration system to resolve disputes as their activity is of questionable legality. Consequently, as with other organized crime groups, spammers rely on violence and/or intimidation.
Domain name management issuesEdit
Pages in category "Spammer issues"
The following 9 pages are in this category, out of 9 total.