BKINSPCA.RVW 20041224 "Inside the Spam Cartel", Spammer-X, 2004, 1-932266-86-0, U$49.95/C$72.95 %A Spammer-X %C 800 Hingham Street, Rockland, MA 02370 %D 2004 %G 1-932266-86-0 %I Syngress Media, Inc. %O U$49.95/C$72.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1932266860/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1932266860/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1932266860/robsladesin03-20 %O tl a rl 1 tc 2 ta 2 tv 1 wq 2 %P 413 p. %T "Inside the Spam Cartel: Trade Secrets from the Dark Side" Chapter one is supposed to be a bio of Spammer-X, and gives us the stereotypical blackhat life story. A business model of using spam to generate referrals to porn sites is presented in chapter two. Rough ideas of spamming techniques are outlined in chapter three, although it is rather short on details. (What details are given are quite suspect: SOCKS is not a mail server, but a type of circuit-level proxy firewall.) Chapter four lists various means of harvesting addresses, but concentrates on a) buying them, and b) random address verification. (Which doesn't provide much help to users in terms of suggestions for avoiding getting on spam lists.) Advertising tricks are balanced against some anti-blacklisting tips in chapter five. Interestingly, there is some talk of botnets, but not the SMTP (Simple Mail Transfer Protocol server) carrying viruses. (More technical goofs: Rich Text Format is hardly a Microsoft only technology.) Chapter six looks at various means of payment over the Internet which, for those of paranoid mindset, has some possibly useful points to make about dangers of different forms of online commerce. Chapter seven starts to present some information that may have some general value, as it reviews various types of spam filtering (and filter evasion) techniques. A more advanced examination is in chapter eight. Scams are listed in chapter nine, with a concentration on phishing and 419/advance fee frauds. The author is rather careless with the facts: phishing is initially described as any type of scam (although the text later contradicts itself by redefining the term as related only to banks), Nigeria does have a law against advance fee fraud, and it's Lagos, not Logos. Chapter ten runs through the provisions of the US CAN-SPAM act, and notes how spam can be legal. The material on the analysis of spam, in chapter eleven, initially has some helpful tips, but the later parts of the chapter grow vague. In chapter twelve, Spammer-X points out that the estimated costs of spam are wildly inflated, but his own numbers are biased very low, not counting the costs of maintaining filters, the loss of messages, difficulties in contacting people, spam to mailing lists, and even the problem of bounced messages which is raised in the following chapter. The statistics of spam listed in chapter thirteen are generally of little use. The most interesting data, on yearly trends, is incorrectly described in the text (switching the numbers for virus and spam) and says that spam is down over the Christmas period, which is not supported by the numbers themselves. (This is rather ironic: I reviewed the book over Christmas, and can attest to the fact that there was no drop in the numbers of spam on my accounts.) Chapter fourteen makes some rather far-fetched predictions about the future of spam. The questions in chapter fifteen's FAQ (Frequently Asked Questions list) seem to be simply random rather than significant. Spammer-X closes, in chapter sixteen, by telling us that he has given us an unbiased look at spam, and that spam is good. The promotional blurb on the cover implies that you may hate Spammer-X, but still need to know what he says. It also states that this is a "Must Read" for security professionals and law enforcement personnel. Forget it. The notes on anti-blacklisting tips and techniques for harvesting email, at least those given in the book, are going to be of very little help in either avoiding spam, or in tracking down the perpetrators. It may, of course, be that not all spamming techniques are provided here, and that knowledge of some of them would help system administrators or those who want to track down spammers--but that still means the text is of extremely limited usefulness. The title is also rather misleading: the author (if, indeed, there is a single author and not a committee) presents us with one particular look at spamming activity. If there is a spam cartel "he" is definitely not in it. The work has some points of interest, but it isn't going to help anybody very much. (Including, fortunately, potential spammers.) copyright Robert M. Slade, 2004 BKINSPCA.RVW 20041224