After a reporter started to investigate Spam occurrence and the link to a few US based hosting companies and provides he was able to shut down the operation in co-operation with other backbone providers. The result is a significant drop in worldwide spam occurrence since then.
For mail servers I administrate I was able to shut down 2 of 3 SpamAssassin instances due to no work for them to do. Let’s hope this will stay this way for a while.
I think everybody allready knows: StudiVZ the popular german student network is selling the contact information of it’s users to other companies.
A funny example hit me last week. When I opened my e-mail I got a limited invitation to a new service / obviously spam. When I checked the disclaimer I found that the startup is located in Leipzig, Germany where my father is advocate 
I forwarded the mail to him and he checked it. It seems that the guy who founded the startup is alumnii of Handelshochschule Leipzig a production facility for highly qualified management personel (a lot of internet startups originated there e.g. Spreadshirts). From contacts within HHL I heard that all the contact information aquired by this new startup originted from StudiVZ.
My father informed me that it is german law that you have to protect yout email address. So if you sign up at a social network and wondering that you get strange invitations it’s your fault and there is nothing what you can to about it but modify you spamfilter.
I think in this grey area there is a lot of work to be done for personal privacy. Politicians are talking about storing your connection data (Vorratsdatenspeicherung) to find Terrorists. But I think the protection of individual privacy is more important that to hunt a ghost.
When I couldn’t sleep last night I had to think about my new mailserver installation and the load of measurements I’ve undertaken to prevent my customers getting spam or to allow anybody to relay spam through my server. Then I realized that there might be the chance of a new method how good spam-filter techniques could be used as a spam drone.
Get the situation: I’m John the bad spammer and want to deliver my mails to a lot of boxes around the world. I connect to a mailserver and deliver all my mails with a faked envelope. The to address has to contain an mailinglist or something like that which bounces emails for people who are not listed and the return address should be the person where the spam has to go. The mailserver (when configured to comply with RFC) should send the bounce directly to the person who should recieve the spam. This is only working if the spamfilter like spamassassin doesn’t act after the SMTP dialog has finished.
I didn’t try it but it could be exploited at some point. Due to the fact that there are many hosts who doesn’t send bounces anymore (in Germany some of the government servers has bounces off) or has the spamfilter integrated in the smtp dialog which scans the mail while delivering it shouldn’t be a big problem. But it could…