Domain: adyx.co.uk
Stories and comments across the archive that link to adyx.co.uk.
Comments · 10
-
Re:Spam - More than a nuisance
Virtual Hosting is what I use, and I give everybody a slightly different version of my e-mail address. I make no attempt to disguise it, either; I gave my address to you for your use, not so you could pass it on to all and sundry. If you have a virtual mail host and a web site, then try SpamJavelin for disposable address generation. It adds trace digits to your e-mail address when it is displayed, which give you the time, date and IP address through which it was harvested. If your ADSL is stable enough that you dare to point an MX record into your home (or you work for an ISP), you could even go one further and create entire disposable subdomains.
I think wider adoption of SMTP authentication would make a dent in the spam problem. Sendmail isn't the easiest piece of software in the world to configure, but it manages auth quite well once it's set up. Suppose some big ISP such as Wanadoo decided to insist one day that SMTP mail originating from non-SMTP-auth servers would not be welcome on their POP3 servers?
I have the right to run an SMTP server; but at the end of the day, nobody is obliged to take any notice of what comes out of it. It's their inbox, not mine. I have the right to run BIND, but my name records won't automatically be picked up by the outside world.
Maybe we need the various NICs of the world -- or some nwe, analogous National authorities -- to thrash out a set of rules for getting a server listed as being OK to accept mail from? The only alternative is going to be to create closed, private networks; but such a system would likely be highly fragmentated. -
Re:Don't put your email address online
My e-mail address came out as "undefinedundefinedundefinedundefinedundefined" in Konqueror. I guess you can't get much more obfuscated than that!
Anyway, not every client has JavaScript enabled. That's why I wrote something server-side: SpamJavelin - it puts trace digits into your virtually-hosted {anything_you_like_before_the_at_sign@mypatch.myis p.co.uk} e-mail address to indicate where and when it was picked up. You then know the IP address used by whoever found your email address {and the time of day, in case it was a dynamically-assigned one} and can take action against them for violations of your T&Cs {"Spam is charged at $2000 per byte"} or just block anything being sent to that address.
I am becoming more and more convinced, however, that the best way to avoid spam is to avoid e-mail. I find that I can contact my colleagues on the other side of the office simply by speaking a little louder. -
Re:I've always thought
Nothing, really. The way virtual hosting works, anything you use before the at sign will work. A simple regex match in a procmail recipe will weed out anything that doesn't conform to the style, of course, but that would break the main purpose of VH. The purpose of SpamJavelin 1.2 is to make harvested e-mail addresses useless.
Conceivably, a spammer could delete the trace digits or change them. But they aren't going to know what is a virtually-hosted address without looking {and I could always register a domain name so it would have fewer levels in it and so not even look obviously virtually-hosted}, and they don't look at the addresses they harvest ..... they just burn them onto CDs and sell them to other spammers.
Another idea would be actually to get a number of domain names, just for the purpose of being spam sinks ..... and point them at a machine which accepts SMTP, but does nothing with it {maybe always relay one message back to the sender just so it'll look like an open relay}. Or ..... maybe I could have a script that responds to every single piece of spam, and gives them bogus credit card numbers {begin with a 4 [for Visa / Delta] or a 5 [for MC / Switch / Maestro], put any 14 random digits, calculate the 16th digit using a widely-known algorithm, and it will pass any rudimentary plausibility check} and addresses. Then the spammers will be too busy sorting out bogus enquiries from genuine ones ..... Talk about a dose of one's own medicine! -
Re:I've always thought
I've set something similar up. I have an email account using virtual hosting, so I wrote a little PHP script that generates unique e-mail addresses based on the date, time and remote IP address. If a spam-merchant harvests one of these addresses, I can simply put in a procmail recipe that will catch it and erase it. It means I get one spam per harvesting, but it stops anybody from selling them on. And if anyone claims I opted-in to a list, then this will show they are lying through their arsehole.
I'm planning on adding some really nasty {from the spammer's point of view} enhancements for v2.0. Basically adding some mailto links that a spam-harvester will see but a human reader won't ..... -
Re:Art Spam
No, it doesn't stop spam altogether. I can't think of any way for a machine to do that -- it's essentially a human being's job.
What SpamJavelin does do, is make illegally-harvested addresses effectively worthless for resale.
If I didn't know spam harvesters would just pretend to be MSIE, then I'd put in some code to make it serve up different flavours of page depending on the variable $HTTP_USER_AGENT. Actually, that's not a bad idea for the NYT.
[note: you'll have to imagine the mustang signs and question marks - Slashdot isn't keen on < type codes.]
<? if (eregi("googlebot", $HTTP_USER_AGENT)) { include("google_special_page.htm"); }
else { include("normal_page.htm"); }; ?>
Problem solved, innit? Googlebot gets a special page to index {with all links modified to point to the registration page}, everybody else gets the real links, nobody knows the difference because it's all handled server-side, and everybody is happy. Can I patent this now? ;-) -
Re:Art Spam
To find out where spam is coming from, get an e-mail account with Virtual Hosting. This is where you get an entire subdomain {or a domain if you pay for it} to yourself, and your e-mail address is in the form anything@mysubdomain.myisp.co.uk. Then you just need to give a different prefix for each site you visit -- e.g. nyt_resp@mysubdomain.myisp.co.uk, and so on.
If you want to put your e-mail address on your web site, use this to automagically mung your address. -
Been there, done that
I wrote something which I called SpamJavelin which does pretty much the same thing. It's not as short as the example {it runs to 17 lines not including the tags}, but it does give you a simple function to call and mung any old e-mail address.
Still, it's nice to see other people having similar ideas ..... I say go for it. Every website should have one! -
Spammers are Brain Dead
Spam merchants are brain-dead. Look carefully at my e-mail address {once you've sussed out the auto-munging that Slashdot has thoughtfully provided} and see what you notice about it. Then explain why I keep getting advertisements for products that are only available, or only work, in the USA. Like cable descramblers
..... British cable TV is digital, for crying out loud .....
Spear the spam-merchants with this! It won't stop it altogether, but at least it'll give you evidence as to who is harvesting your address and how widely it is circulating. -
Enforceability
In this country, and probably many others, software cannot legally be patented. I am not an expert, but I would guess that this means software patents granted in other countries are not enforceable in the UK - and therefore no offence would be committed using "patent-violating" software here.
Governments should, if they don't already, have the power to annul any patent, and that power should be exercised against abusers of the system.
Meanwhile, if your ISP offers virtual hosting, you can always use disposable addresses. (well - at least until the spam merchants twig onto that). This is my attempt at disposable addressing.
So whose patent does this violate? -
Re:Failing to tick the box. Not all spam unsolicit
Unfortunately the last person to use the number before me (A Mr. Brown) seems to have signed up to everything in the universe, given them his phone number and not ticked the "Oh God, please do not phone me" box on them all.
So now I get lots of calls that go like this:
spammer: is that mr. brown?
me: no. This has not been mr. brown's number for at least 3 years.
spammer: well, i wonder if you might be interested anyway. we're doing a promotion on gym membership...
me: please remove my number from your database and do not call it again.
So you see, the problem is that the phone number was "tainted" by this Mr. Brown; now all these calls are not technically "unsolicited", because he signed up and gave permission for them to call him. ..... and THAT's why Megan's Law is a BAD idea.
Coming back to topic, yes, Britain is in the EU, but there isn't an EU-wide police force so member states still have to make their own laws. Um, that wasn't the topic either.
How enforceable is any new law going to be? At one extreme, if the spammers are outside the EU in a country where spamming is not illegal, then they could never be brought to trial as there would be no grounds for extradition. At the other extreme, if a partner dumps you, will you be sent to prison for e-mailing them to find out what is going on? [movie plot developing.....]
Phone numbers do get re-used; it's unavoidable. So do IP addresses, but e-mail addresses are (fairly) unique. Well, this is my own attempt at a way of making e-mail addresses *completely* unique when displayed on a Web page - thereby preventing harvesting of addresses from websites.
It doesn't stop you getting the first spam sent to a particular unique address, but it does stop spammers from selling addresses on because you can just set procmail recipes on your POP3 host to block known harvested addresses to which no legitimate user is ever going to send mail.