Domain: paganini.net
Stories and comments across the archive that link to paganini.net.
Comments · 21
-
Re:Fixed list of sites
I just had an idea.
I have my own personal mail server, and I use Active Spam Killer to filter my email. (It's a challenge-response system)
Anyway, I have a cron job that deletes unconfirmed messages over 2 weeks old that were not replied to. What if it extracted all "img src=" URLs from the emails with a REGEX before deleting them, and then auto-generated a Spam Vampire page that anybody could download?
What if your mail provider did this for you? (though, they probably WOULDN'T want to do this because it would drive up their costs, too) -
Re:What?
I've got to disagree with you on the whole C/R thing.
Probably since I employ it (ASK, http://www.paganini.net/ask/) behind some bayesian filters (ASSP, http://assp.sourceforge.net/). Considering that my domain receives thousands of UCE/UBE each day, I have no choice but to take militant actions.
ASSP automatically whitelists everyone I mail to, and sets the TTL to 90 days. So any reply is going to be automatically accepted by ASSP.
ASK on the other hand is set that if my "key" (in this case, my PGP Key ID) appears anywhere in a message to me, it blindly accepts it.
Considering that my PGP key appears in every one of my messages, as part of my signature, this isn't usually a problem.
The problem lies in the fact that certain CRM applications like Kana, etc., insist on changing the from-line for each message they send out, and don't include the original message in the reply. How the hell am I supposed to know which address to whitelist when it comes from something like: ?
I consider THAT to be a broken CRM.
Simply closing a ticket without working on it shows poor customer service on your part, and you're not helping your company much by doing so.
How many potential customers have been told by your customers that your company/ service sucks because tech support or customer service was unresponsive? -
Why not...
Why doesn't every ISP just use ASK (Active Spam Killer)? Its idea is pretty good, and I think it'll block 99% of spam. If else, because if you send 50000 spam mails, you get 50000 spam mails back to you (and many spammers have un-existant email addresses).
Mr. ISP Admin, if you're reading this, try it out and see if it doesn.t work.
;-) -
Re:Opt-in for all email...
A better system is to make the sender do the optin. When you send someone running such a system an email, you get an automated reply saying you're not on the approved list yet, and to reply to get added to it (so your mail only goes through to the inbox if you reply). Any spammers that reply you can still manually add to a blacklist. Although, to be honest, I doubt spammers would reply automatically, because they would be paying the bandwidth for receiving all the confirmation mails, and as a result spam would become uneconomical.
For an example implementation, take a look at ASK.
Note that you would need to reply only once to from then on be able to send mail normally to a person running this, so it wouldn't add large barriers to email traffic, while at the same time dramatically cutting spam volumes.
One catch here is that mailing lists would need to be added to the whitelist manually. But on the other hand, mailing lists are dying anyway in the wake of the rss revolution. -
Active Spam Killer
How the heck could Active Spam Killer be left out? I used to get about 150 spams a day and now I get ZERO. No false positives, no false negatives.
It is an autoresponder that checks the sender against a whitelist and a blacklist. If a new e-mail is in neither, then it bounces back an e-mail asking for a confirmation that the sender is a human. Simple! -
Re:Another bad Slashdot analogy
This is all well and good, but some of us have e-mail addresses hanging about from before spam was a problem. Once you're on a list, you stay there, and your address propogates to lots of other lists too. I for one don't want to change my e-mail address - too many people know it and it has too much inherent value.
I'm currently using an active automatic whitelisting program (ASK) which seems to have stopped the vast flood in its tracks. You really need your own mailserver to run it, though (although you can do this on your Linux DSL/cable firewall box). -
Forget RBLs - active whitelisting is the future.
It's simple - when a mail comes in you send an e-mail back to the sender with a cookie in the subject line. That e-mail requests they send you a confirmation e-mail to get onto your whitelist, which also causes the original e-mail they sent you to be de-queued and delivered.
If you feed your inbox/archives into your whitelist, 99% of people who e-mail you won't even notice the system is running.
I used to get about 200 spams a day. I tried RBLs, I tried spamassassin. None of it worked reliably - RBLs were only catching about 20% of my spam and spammers now get around spamassassin by looking at the rules when they craft e-mails. False positives were also a problem - sure, it's quicker filtering suspected spam into a spam folder for batch-checking, but it's still a serious hassle with >80 dubious borderline spams a day, and tens slipping straight through the spamassassin/RBL net into your inbox.
Happily for those of you running your own mail servers (or sitting on a *nix box which delivers mail locally via procmail), you can get a program which will do this for you for free. It's called Active Spam Killer, it's written in Python, and you can get it here. -
RBLs are not effective at all.
RBLs are ineffective at blocking spam and have a farily large rate of false positives. My provider imposes an RBL on me. I don't see a week without a friend or relative complaining that my "email system is broken".
The funny part is that when you check the domain itself, it's not relaying third party emails anymore. It all depends on the sender's sysadmin to remove his/her IP block from a gazillion RBL providers.
For an interesting comparison of a few methods, look at this paper. Clearly, RBLs are not the way to go. -
Re:I want one simple thing
I'd like to see someone start offering an email service that flat out doesn't accept anything but what the user says can come in.
How do you know in advance everyone who you're interested in hearing from? Sent any resume's out? Used Dice/Monster/etc? Use Ebay or the like for anything? True, throwaway addresses could be used but I'd much prefer a "permanent" address.
After reading about it here, I believe a challenge/response whitelist is the way to go, Active Spam killer [paganini.net/ask] knocked my spam count from 150+ / day to 6 in three months. -
Re:Spammers Sue Anti-Spam Groups
So what would it take to file a class action suit on behalf of all users and ISPs? There have to be a large number of users who've missed important mail because it was buried in spam, or who've had to change the email address to get away from it, with the time lost to get everyone they care about switched. And as a small ISP, for the first time in 18 years, I'm in need of upgrading my system for performance reasons, because of the load spamassassin is putting on it dealing with all the f***ing spam it gets. Not to mention a domain that expired because the renewal notice got filtered and the time spent installing mechanisms to cope with it. I think I alone could argue for about $15K in actual damages, and I'm small potatoes. I just last night installed Active Spam Killer and I'm going to start migrating to it so that anyone who wants to send me mail that I don't know has to ask first. This is the world these assholes are making for us.
-
Active Spam Killer
This has probably been posted before, butI think a fantastic little tool is the Active Spam Killer. I'm using 2.3 beta 3 which is very stable and worthwhile.
Basically it requires a once-off confirmation from any non-whitelisted and non-blacklisted user who sends you something. I haven't gotten one spam since I installed it. It's impossible to loose a real email and it's dead easy to install. -
Whitelisting is the answer
This whole spammers versus spamblockers has proven to be a destructive arms race.
Many legitimate machines and users - even whole ISPs - unfairly end up on blacklists, while the spammers just find another way through.
The spamblocker tools and their heuristics get smarter, but don't forget that spammers keep up with these tools and constantly find new ways around them.
I was using Razor and SpamAssassin for months. Formidable combination - networked blocklists plus pattern matching. Gave me a bit of peace. Very few false negatives. But in the last month, I've seen a whole new generation of spam coming through that the filters don't even touch.
Peace has finally come from a package called Active Spam Killer, a package which works from a white list, and provides a convenient way for new correspondents to get themselves onto the whitelist.
There are other whitelist-based packages, such as TMDA, but ASK is simple and painless to set up.
Result?
Spams to my mailbox have gone from 40 a day to zero. -
Re:Definitely not new
Yes, not at all!
I can think of Active Spam Killer (ASK), TMDA and Qconfirm (QMail Only).
I personally use ASK and it works well. TMDA also works very well but requires complete control of your mailserver to install. Qconfirm is Qmail only .
All these are absolutely free. -
Re:the Author's version of the article
For what it's worth, there's another antispam technique that might merit some of your consideration. The technique is effective because spammers want anonymity. They want to continue to use fake return addresses. And that can be exploited. I use one such system called TMDA. As a consequence, I'm not afraid to advertise my email address on slashdot (for example).
TMDA isn't really an antispam system, per se. It's an automated whitelist management system, with a bunch of really useful extra features thrown in for the heck of it. But at its heart, TMDA forces you to have a real working email address in order to get into my mailbox. Now of course, spammers might choose to respond by using real return email addresses. Personally, I think that would be a very positive development. In the mean time, it's a pretty effective technique.
TMDA has some competition, too. Active Spam Killer does similar things, although I haven't used it. -
Re:Treating the symptoms, not the problem...
TMDA is cool, but if you don't have control over your mail server, you're a55'd out. Try Active Spam Killer, which you can use like procmail, or even in conjunction with procmail.
-
Active Spam Killer / TMDA not mentioned
It's interesting to see that the talks focused on heuristics exclusively. The main problem with all of these techniques is that they may classify legitimate email as spam as well.
Since two months, I've been using the Active Spam Killer (ASK) now, and this has been mostly successful. In short: If a person writes me an email, they will have to confirm the mail, unless they are on my whitelist or the email contains a magic key (which is included in my sig and will thus be included in a reply). Confirmation also places a person on the whitelist, automatically. Since most spammers forge the From: address, they are not able to confirm their mail, even if they wanted... -> Pretty much no spam (dropped from approx. 20-30 spam-messages per day to 1-3 per week). Sure, if you order a book at amazon, their computer might not confirm. Thus I look into the confirmation queue from time to time whether anything in there is legitimate. Thus far it has not yet occurred that a person would not confirm his/her email, by the way. ASK is well documented, written in python and easy to setup.
There is another similar system (which I haven't checked out): TMDA.
I am wondering why big corporations, universities, ISPs are not providing such a (preconfigured) system as an option in their email packages ... -
Re:One word..
... Posting anonymously because I don't fee like logging in right now...
I use a piece of software called ASK, which is similar to TDMA, but in my opinion has more features and is easier to maintain.
In any event, ASK automatically takes care of the whitelisting for me. I am liberated with ASK, it's because of ASK that I don't care WHO gets my Email address.
The reason? If ASK doesn't know you, it simply asks (pun intended) for you to confirm your Email address.
It's fast, simple, and sweet. Plus, once you're confirmed, you stay confirmed (until I manually remove you).
But unfortunately, this is what Email has become, and will become more and more as the years progress.
I receive over 75 pieces of UCE every day, but not one piece makes its way into my Inbox. A cron job I wrote automatically deletes messages which are queuing up when they are 7 days old.
There are no filters, filters can be broken, and there's no need for filtering. Whether you're my 3rd cousin, twice removed, telling me of a family reunion, or Spamford Wallace pitching Viagara or penis enlargements, ASK doesn't care. If it doesn't know you, you get confirmed.
But, if you know my "secret passphrase", you can include that in the message and ASK will automatically accept your message and kindly deliver it. Which, comes in real handy if you use a lot of different Email addresses and need to contact me.
So, whitelisting isn't necessary losing the battle against spammers. If it's done properly, it provides new amunition to those who are actively fighting it.
------------------
George Ellenburg -
Re:Why is this good?
SPAM is a symptom of the "frictionless society" that BillG paid a ghost writer to write about in his landmark work (2nd revision) "The Road Ahead". (1st revision didn't mention the Internet)
So... Introduce friction into email. A "default deny, whitelist accept" would work nicely. This is being done by IM programs such as ICQ, Ymessenger and AIM, and many people use these as much as email to stay in touch!
There's a project called ASK (Active Spam Killer) that does this, as well. Basically, if somebody sends you an email, they get a bounce back requiring them to reply.
Spammers won't reply, friends will. Once friend has replied, all further email from him/her gets through unhindered.
It works perfect - 100% no spam, and no "false positives". But sometimes people don't understand that they just need to press "reply" and "send".
Laws won't fix spammers. Poorly applied bandaids like MAPS or RBL or SPEWS or whatever are very innefective, and do just as much to frustrate a valid provider as block SPAM to any noticable degree.
To fix email, you have to fix the POP/SMTP protocol itself to include authentication! -
Any Opensource-anti-spam solution available?
The idea could be simple. Mail that arrives gets checked with a whitelist, a blacklist and a spamlist.
The whitelist:
People send A email to you, they get a email back to "REPLY" on that mail to get the mail sent to you and to be added to the whitelist. If they do not send this reply within 2 weeks the mail gets deposited to a "trash account" or gets a "X-list: not authorized" in it's header to be filtered to oblivion.
The blacklist:
Very simple, people on the blacklist get sent to /dev/null.
The spamlist:
These are the addresses being added automatically by the administrator. These emails get sent to /dev/null. The list could be interchangable (alike MAPS, RBL, ...)
Is there any PERL or Script available? I saw some for Python (Anti Spam Blocker (ASK) though I would like it to be in Perl or C. -
Re:Technical / Social solution please
I was receiving an average of 15 spam mails A DAY! It was extremely annoying. I wrote myself a tool to authenticate (i.e. send an email back) to everyone that sends me an email and is unknown to me. The system is working pretty fine (after a lot of changes and refinements). If you want to check it, go to http://www.paganini.net/ask.
This solution is far from being perfect, but is being an acceptable workaround for my problem.
I hope it helps in any way. -
Use a search engine instead of wasting our time