REVIEW: "Inside the Spam Cartel", Spammer-X

Discussion in 'Computer Security' started by Rob Slade, doting grandpa of Ryan and Trevor, Feb 28, 2005.

  1. BKINSPCA.RVW 20041224

    "Inside the Spam Cartel", Spammer-X, 2004, 1-932266-86-0,
    %A Spammer-X
    %C 800 Hingham Street, Rockland, MA 02370
    %D 2004
    %G 1-932266-86-0
    %I Syngress Media, Inc.
    %O U$49.95/C$72.95 781-681-5151 fax: 781-681-3585
    %O tl a rl 1 tc 2 ta 2 tv 1 wq 2
    %P 413 p.
    %T "Inside the Spam Cartel: Trade Secrets from the Dark Side"

    Chapter one is supposed to be a bio of Spammer-X, and gives us the
    stereotypical blackhat life story. A business model of using spam to
    generate referrals to porn sites is presented in chapter two. Rough
    ideas of spamming techniques are outlined in chapter three, although
    it is rather short on details. (What details are given are quite
    suspect: SOCKS is not a mail server, but a type of circuit-level proxy
    firewall.) Chapter four lists various means of harvesting addresses,
    but concentrates on a) buying them, and b) random address
    verification. (Which doesn't provide much help to users in terms of
    suggestions for avoiding getting on spam lists.) Advertising tricks
    are balanced against some anti-blacklisting tips in chapter five.
    Interestingly, there is some talk of botnets, but not the SMTP (Simple
    Mail Transfer Protocol server) carrying viruses. (More technical
    goofs: Rich Text Format is hardly a Microsoft only technology.)
    Chapter six looks at various means of payment over the Internet which,
    for those of paranoid mindset, has some possibly useful points to make
    about dangers of different forms of online commerce.

    Chapter seven starts to present some information that may have some
    general value, as it reviews various types of spam filtering (and
    filter evasion) techniques. A more advanced examination is in chapter
    eight. Scams are listed in chapter nine, with a concentration on
    phishing and 419/advance fee frauds. The author is rather careless
    with the facts: phishing is initially described as any type of scam
    (although the text later contradicts itself by redefining the term as
    related only to banks), Nigeria does have a law against advance fee
    fraud, and it's Lagos, not Logos. Chapter ten runs through the
    provisions of the US CAN-SPAM act, and notes how spam can be legal.
    The material on the analysis of spam, in chapter eleven, initially has
    some helpful tips, but the later parts of the chapter grow vague.

    In chapter twelve, Spammer-X points out that the estimated costs of
    spam are wildly inflated, but his own numbers are biased very low, not
    counting the costs of maintaining filters, the loss of messages,
    difficulties in contacting people, spam to mailing lists, and even the
    problem of bounced messages which is raised in the following chapter.
    The statistics of spam listed in chapter thirteen are generally of
    little use. The most interesting data, on yearly trends, is
    incorrectly described in the text (switching the numbers for virus and
    spam) and says that spam is down over the Christmas period, which is
    not supported by the numbers themselves. (This is rather ironic: I
    reviewed the book over Christmas, and can attest to the fact that
    there was no drop in the numbers of spam on my accounts.)

    Chapter fourteen makes some rather far-fetched predictions about the
    future of spam. The questions in chapter fifteen's FAQ (Frequently
    Asked Questions list) seem to be simply random rather than
    significant. Spammer-X closes, in chapter sixteen, by telling us that
    he has given us an unbiased look at spam, and that spam is good.

    The promotional blurb on the cover implies that you may hate
    Spammer-X, but still need to know what he says. It also states that
    this is a "Must Read" for security professionals and law enforcement
    personnel. Forget it. The notes on anti-blacklisting tips and
    techniques for harvesting email, at least those given in the book, are
    going to be of very little help in either avoiding spam, or in
    tracking down the perpetrators. It may, of course, be that not all
    spamming techniques are provided here, and that knowledge of some of
    them would help system administrators or those who want to track down
    spammers--but that still means the text is of extremely limited
    usefulness. The title is also rather misleading: the author (if,
    indeed, there is a single author and not a committee) presents us with
    one particular look at spamming activity. If there is a spam cartel
    "he" is definitely not in it. The work has some points of interest,
    but it isn't going to help anybody very much. (Including,
    fortunately, potential spammers.)

    copyright Robert M. Slade, 2004 BKINSPCA.RVW 20041224


    ============= for back issues:
    [Base URL] site
    or mirror
    CISSP refs: [Base URL]mnbksccd.htm
    Security Dict.: [Base URL]secgloss.htm
    Book reviews: [Base URL]mnbk.htm
    Review mailing list: send mail to
    Rob Slade, doting grandpa of Ryan and Trevor, Feb 28, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.