Wandering Thoughts archives

The peculiar case of the conference spammers

With most spammers, it's pretty easy to see what they're spamming, that is to say what they expect to get out of their spam; what their product or their scam or their cause is. But sometimes I run into spammers, even persistent spammers, where I can't figure out why they're spamming, what benefit they expect to get out of it.

One such persistent case is what I will call the 'conference spammers', who keep sending us email for various obscure-sounding academic conferences (generally computer science ones), usually taking place in remote corners of the world. Some of these at least claim participation by real scientists, but often they have chairs, organizing committees, and so on composed entirely of people from places or organizations that at least do not sound entirely reputable.

(Note that I am perhaps too twitchy about alleged organizations with obscure names, since serious spammers love to invent them in order to make their spam sound more authoritative.)

However, there is no obvious attempt to extract money from you in the email; no conference paper submission fees (but if accepted, your paper will be listed in these prestigious sounding journal indexes), no fee to reserve your place, no nothing like that. No discussion of money at all, in fact. All of which leaves me pretty mystified about what the actual benefit is. My best guess is that it is a bad attempt to pump up the importance of everything associated with the conference by increasing the attendance.

(Since these are academic conferences, I don't think that anyone is making a profit from the registration fees. I could be wrong.)

Appearances are deceptive in the (anti-)spam world

Courtesy of Slashdot, we learn that Verizon is moving to authenticated email submission so that, to quote the Verizon spokesman:

[...] Verizon will be able to quickly identify spammers, including those using so-called zombie systems, and shut them down.

Sounds great, right? Not really. The problem is that this change shouldn't be giving Verizon anything that they don't already have.

Verizon already has a perfectly good way of quickly identifying their spamming customers, namely the spamming machine's IP address. It's right there in headers, logs, and so on. (If Verizon did not have the ability to map IP addresses back to customers, we would long since have heard of it from the RIAA and the MPAA.)

The most charitable interpretation of Verizon's statement is that Verizon has not been able to give the abuse-handling team access to the tools needed to map spamming IP addresses to customers and then to do something about it, either because they didn't care enough about the problem or because of severe organizational dysfunction. Authenticated email submission will fix this internal issue by giving the abuse people direct access to the information.

The least charitable interpretation is that Verizon is doing what gets called 'blowing smoke'. And why not? After all, it got them reasonably favorable press as 'doing something about spam'. As such, it's a nice prophylactic measure.

(Especially as it will probably also get Verizon a temporary drop in their spam volume, as spammers have to customize their zombie code some more and make it do a little bit more work.)