Slashdot Mirror

"Running mail at home is a waste of my time. It can be done, but you get nothing but hassle out of it..."

• Mail clients are filtered through my firewall: I blackhole bogons for example, and certain abusive networks.
• RBLs of my choice: There are good RBLs and bad RBLs. I like the ORDB list, DSBL list, the Spamhaus SBL and XBL lists, the SORBS DUL list, and the Spamcop blocking list.
• Greylisting: This is effective for eliminating the remaining spam that makes it through your SMTP-time filters.
• Challenge-response: Yeah, I know... love 'em or hate 'em. TMDA has been useful to me in the past, though I'm not sure I'm going to keep it much longer.
• One-time email addresses: If you maintain your own server and domain, then you can have as many email addresses as you want. Expire them on your schedule, or perform special processing for mail received at those addresses.
• Forget about artificial mail-size limits: My ISP's email accounts cut off attachments at something like 2MB. So much for that camping video my friend wanted to send me. My personal mail server is much more forgiving.
• Flexible and secure access: My mail clients use POP3 and IMAP inside the firewall, and IMAP via SSH port-forwarding from the outside.

and bounce others with a message asking you to do something difficult to automate, eg pointing to a web page where they can type in a message, maybe with a captcha.

MSN/Hotmail is well known for ignoring abuse complaints. I get a huge quantity of spam originating from Hotmail's servers, mostly 419 scams. More than half the time I report it it gets sent back because "it doesn't reference a hotmail user." All mails travel through hotmail servers, if you report spam to the MSN address they actually frequently reject the mail because they run a content filter which detects it as spam! See this discussion for more info. I ended up finding an address that got me a live person once, and after some bitching they took care of one account. I ended up writing a letter to the FTC (these aren't just spam emails, they're scams) expressing my concern with the lax attitude towards the abuse of hotmail's own system.

Sorry Bill, if you want to be tough on spam, start with your own company. It doesn't seem to care about the rest of the internet. If Hotmail cleans up its act, I'll start believing your sincerity in the fight against spam.

I get less spam now than I used to, but I assume that is because my ISP filters a lot of it.

I report all of it to SpamCop.

Here are a few things that might help:

http://gmail.google.com/ (webmail with a reasonably good spam filter)
http://spamassassin.apache.org/ (good spam filter for non-web email)
http://bogofilter.sf.net/ (another good spam filter for non-web email)
http://spamcop.net/ (free anti-spam service)
http://spambob.net/ (free receive-only/forwarding/black hole email addresses)

It's not the 20 services the GP promised, of course, but it might help, although experience shows that those who complain the most about spam are also the ones who aren't willing to actually try anything to make it stop, so I'm not sure your cousin will find this useful (your description of a "12-year old airhead" certainly doesn't inspire confidence).

Ever head of the many great realtime blackhole lists?

http://www.spamcop.net/bl.shtml
http://dnsbl.njabl.org/
http://ordb.org/

No need to roll your own. There is even one designed to list dynamic IPs (http://www.dnsbl.nl.sorbs.net/).

If people with brains set abuse policy at ISPs, they would not have to monitor or go looking for infected machines. http://www.spamcop.net/ notifies hundreds of ISPs daily that machines in their network are spam bombing the world, and most (especially the big ones, like Comcast and Roadunner), do not do squat about it.

Policy should be: "If your machine sends spam, even without your knowledge, you WILL be disconnected."

Same policy should apply to virus-infected machines, but the big ISPs just do not give a flying fig. Every time some clueless user's machinme starts sending me viruses, I report it to the source ISP. Smaller companies usually take action and at least notify the customer. But when it is a big ISP, the virues come daily (sometimes multiple times daily) for weeks on end. The real pisser is the source IP address is always the same, so identifying the infected machine is not diffucult, they just won't do it.

Non-compliant spam now requires felonies. Multiple felonies. Not just CAN-SPAM violations, but forgery, viruses, theft of service, money laundering, and other clear crimes. Those are things that law enforcement understands.

Remember, there aren't that many spammers. ROKSO says that 200 spammers are responsible for 80% of spam. That's not very many from a law enforcement perspective.

MessageLabs says that spam peaked last year. At peak, 60% of all E-mail was spam. It's down below 50% now. However, it doesn't seem to have decreased since Ralsky was taken down last month.

I am a spamcop user and for 3 months I noticed some stuff.

1) The legit businesses, e.g. Real.com, Allume.com or any company with a valid record does NOT spam. Its basically a lie.

2)Far East ISP's, especially China,Taiwan are kind of "allowing" zombied machines.

Not paranoia at all. A much more valid, checked realtime spam stats is at:
http://www.spamcop.net/spamstats.shtml

As a spamcop mail customer one thing bugs me is. People, especially newbies learned that service and they use bogus spamcop.net addresses when they sign up a legit service like product updates from Allume Systems (Stuffit etc). Result: As a customer of them I can't use my IMAP mail and have to use Yahoo.com as spamcop is simply rejected.

Less than a fifth by my cursory glance, with the majority of the remainder being US and Russian hosts. But I am surprised that there were even that many; as I said, doing business in China is not all that easy. I'd suspect that these hosting companies aren't quite legal in China. (whether they crack down on them is another story!!).

Well... that is just lovely... calling me a liar and a racist when you don't even know me at all.

Well, I'd say I was fairly polite, I merely said "can you please provide examples", and explained why I thought it wasn't the case. The racist observation was more to the general feel of the thread, where many folk were pretty much stating that ALL spam comes from China, which is compete bullshit. All my spam is priced in dollar signs, I don't know about yours! Should I block US ranges for incoming mail? I'd lose contact with many friends, but it would stop most of my spam.

Can you please back that statement up with a few examples? I'm having a hard time figuring out how capitalist scams are taking place in a communist country that isn't all that favourable to foreign business. IIRC you need government approval to do business in China as a foreigner. Which Chinese banks are transfering the profits back to the US? Which hosting companies are doing this?

I suspect that this "china is to blame for all our woes" is simply just plain racism. It is slashdot after all...

Well... that is just lovely... calling me a liar and a racist when you don't even know me at all. And what is even worse is that your comment suggested that I am just making things up when it is you that is making things up out of thin air.

Since you asked for examples, I'll just point you to
http://www.spamcop.net/w3m?action=inprogress;type= www which lists all the spamvertised sites which were recently submitted to spamcop. Just have a look and see how many are China based at any given time.

I run a personal mail server and am getting hit with up to 100,000 bounces per day because some spam gang decided they like my domain (might be due to the fact that I also report *all* spam I receive through Spamcop.

Fortunately they use random sender account names and don't hit my account and my server easily blocks the bounces, but this could be a disaster if they instead chose valid account names.

Long Answer: The concern is the misdirected bounce. By default and in accordance with the RFC, qmail bounces messages it accepts then later decides it can't deliver back to the sender. Spammers use false return addresses, so you end up bouncing spam back to innocent third parties. When used with naive spam-filtering techniques, this can be a problem i.e. qmail accepts the message, but a spam filter rejects it, and it is bounced. Here's what SpamCop.net has to say about it:

Qmail: Qmail is one popular mail exchanger which suffers from this problem by default. If you use qmail, please apply a patch: spamcontrol or qmail-ldap.

There is also an experimental patch for qmail which allows you to send bounces, but isolate them on a different IP address (so that spamcop can block them without blocking other mail): Richard Lyons BOUNCEQUEUE patch

PZInternet.com reports chkuser is a very good qmail patch to avoid misdirected bounces - very easy to install too! http://www.interazioni.it/opensource/chkuser/

For users of qmail-toasters, check out the simscan patch

All Major mail servers should block South Korea until their government takes action to following:

http://www.spamcop.net/w3m?action=inprogress

Its dynamic statistic. Kornet and Hananet.

Government action is: Mail servers, servers are SHUT DOWN until businesses PROVE they are legit/non spammer business, servers patched, force ISP buy whatever security service needed, price not asked.

As a spam reporting guy, believe me when I say it. Those ISP's are in a point of S. Korea congress/parliament whatever hearing. Its in "police" level of spamming and ignorance.

I may easily say the Korean giants as Samsung etc may be effected. I got Korea IP space blocked for instance.

Florida? Hope you never see Korean chars in your inbox.

PS: I will shoot the first guy telling poor Koreans can't manage their servers or doesn't know english etc. If you can't manage, you don't "BE" on Internet and effect its stability, peace!

Are you sure ?

64.233.184.203 not listed in bl.spamcop.net

AOL is listed on SpamCop too. http://www.spamcop.net/w3m?action=checkblock&ip=20 5.188.157.37

Surely you're not claiming you have an alternative to spam which involves still having an email account.

How about having an e-mail account, looking for the following criteria:

• a valid PGP signature,
• a sender in your address book, or
• a keyword in the subject (e.g. my e-mail address is tepples@spamcop.net?subject=[slashdot]),

and filtering messages that do not match at least one? In my experience, no spammer has ever PGP-signed a message, correctly forged a family member's from address, or used the keyword of a legit mailing list that I get.

This blocks 99% of foreign spam. Sue Mosher wrote about other effective methods for killing spam in Outlook.

Some are well maintained, and even automatically maintained. spamhaus and spamcop come to mind. One of the less desirable ones that comes to mind is SORBS, where if they list you in one category you've got to donate $50 to charity, per message, to be delisted. You're an ISP providing smtp to your customers, and you're listed again? Tough.

Presumably applications have to be parallelized to take advantage of it, playing solitaire on windows98 probably doesnt count.

--
BUy Y0r c1Al1S Fr0m spamcop.net for LOW LOW R4t35!!

"What's needed is a program that automates that."

It's called http://www.spamcop.net/

A huge amount of work has gone into making Spamcop avoid common problems, decode weird URLs, etc.

Spamcop Mail offers lots of country-based blacklists that you can choose from, plus other options.

But, I give up. I cannot convince someone who can't see beyond their own nose. Instead, I'll make this perfectly clear. I don't send spam, but if I ever get DDoSed by any of these holier-than-thou anti-spam vigilantes, I will do all I can to see the full force of the law fall upon them. You'd be no better than a script kiddie, and subject to the same punishment as far as I'm concerned.

Vigilante justice soils the good name of the anti-spam groups out there that are working hard to help the world control the spam problem. Attacking spammers with DDoS only changes them from being a criminal into being a victim, and we do not want that.

My understanding is that if you could close down the spamvertised sites, spam would largely be restricted to phishing attacks. If I didn't believe this, I probably wouldn't bother using spamcop!

Just for the record, address munging and fake addresses are not the answer. Reporting spam is.

It is all fine and dandy to ignore volume when you are running a 200 user ISP, but when you get up to 50000 users with over a million messages a day it becomes slightly important.

Joe-jobbing seems to be highly overrated. There never seem to be any real cases cited, only hand-wringing by people who have not been joe-jobbed but who seem more concerned with hypothetical joe-jobbing of unnamed, unknown others that no one can point to than with the stark, ugly reality that significant and increasing levels of Internet bandwidth are being eaten up by the billions of spam and worm/virus messages being propagated daily, not to mention the millions of person hours lost to weeding through and disposing of spam and disinfecting machines.

That's the reality. Your joe-jobbing fears are entirely speculative and not taken seriously by anyone familiar with the protocols and programming involved in designing and implementing something like the Lycos screen saver.

Despite our "corporate software standards" I run Firefox as my default browser.

However, I have not found that I can replace Outlook 2003 with TB in an Exchange 2003 environment.

I'm sure that Microsoft puts less effort into IMAP workings than they do integrating their client.

http://www.spamcop.net/

Yes, I know some postmasters hate it, Korea just doesn't care and China directly ignores them...

At least you do something legit and may have an effect. I saw lots of reports saying "ISP already took action" on lots of reports I send.

Well, getting 400 mails (four hundred) on my Yahoo Plus/week, I took a decision. I only report spams in my native language to Spamcop. Being in scene for too long, I know 98% of TR ISP's actually take action against them since I know their admins.

IMHO the thing must be done is, take care of all abuse reports, ESPECIALLY non geek users abuse reports (via spamcop) and take action. Action maybe blocking access of that account to net.

Spamcop's power comes from something else. It auto investigates the REFERENCED URL and its host. While those assholes use worms, zombies to send mail, unfortunately LOTS of people click on spam links so they must use a first class hosting provider generally.

First class hosting provider, especially on scam mail takes care of report since they don't want to get trouble with Citibank, FBI etc.

While you generally see ISP postmasters doesn't care about spamming customer, hosting provider takes care of spammer assholes "business"(!).

Taste of revenge ;)

Spam this:

ajb@spamcop.net

I figure anyone who spams SpamCop deserves what they get.

Spam this:

ajb@spamcop.net

I figure anyone who spams SpamCop deserves what they get.

Actually, email does kinda work that way. In fact, http://www.spamcop.net/ is starting to do this. It tracks back from known servers until it finds an unlikely server, and now knows at least one open relay for spam to use - if we can get the relays closed, then we'll know where the spam really originated from.

Except the more agressive (and popular) anti-spam organizations do take a "shoot first, ask questions later" policy.

No, they don't. Most, like SpamCop list the origin of the spam. Not the spamvertized website, but the IP address of the sending mail server. The place where the spam is actually coming from, whether or not it's a joe-job.

One of the few blacklists that lists web addresses (well, their respective IP addys) is SPEWS, which generally lists only after persistent spamming has been ignored by the hosting ISP. That's hardly "shoot first, ask questions later."

When I submit my daily dose of spam to Spamcop, I can see that 90% of all websites referred to by spam mails are hosted in China and Brazil, and I don't think either country will do a similar move anytime soon.

It is already common practice for spammers to use bullet-proof hosts (which is even mentioned in TFA).

So I don't think this move will change anything as far as spam goes, but the potential for abuse (see some of the previous comments) will increase, given that most sites hosted by UK ISPS are legitimate.

And once again I've left out an important point... It's not my site. I can't change anything about it. It's a quick and dirty page thrown up by a SpamCop user for his use and anyone else who wants to run it. He created it and announced it in the SpamCop forums but it was never meant for the general public, hence the quick-and-dirtiness and total lack of documentation. I should have made that clearer, mea culpa. He seems like a nice guy, so if you'd like to go here and drop him a line then he'd probably be happy to take any suggestions you have.
> Remember, I think like a Mac user
Hmm... I have to buy a Powerbook for school. Does that mean I should start stomping and shouting now to get in practice? ;)

a cursory scan of spambot reporting shows this is crap sampling

However, there is another domain which has had banner ads for its services. After getting a particularly bad spam attack (around 30k/day to random addresses @ that domain from the same spammer), I spoke with the owner about killing wildcard handling and instead only handling the ones being used.

Btw, three months later, that spammer is *still* being hosted by CW/Savvis. http://www.sheckmedia.com/ is the site of the spam domain owner, but the spamming subnnets, 64.70.43.0/24 and 216.39.64.0/24 are different than the website. Anyway, talk about bulletproof hosting...

After setting up individual boxes for that domain, I decided to direct the rest into a file just to see what kind of crap comes through. For the month of June, there were over 107000 emails. For the month of July there have been 41969 so far. The July numbers are probably a bit lower because I recently added njabl.org blocking (w/o dialup blacklisting) with rbldns. During both months, spamhaus.org's lists and spamcop.net's lists were in use.

So, it's not really a matter of whether or not you handle wildcard addresses, but whether the spammers to decide to use dictionary attacks on your domain.

I used cnnsi@mydomain. cnnsi sold it and now I get several hundred spam a day there.

Are you sure they sold it, or were you merely a target of a dictionary attack (the dictionary being domains)? Same will go for amtrack@. All a spammer has to do is decide it's a significant enough domain to add to a dictionary and, BAM, you're getting spam there without any kind of TOS violation on Amtrack's part. Common word domains like amazon@ have long been dinged, and it is foolish to blame the company for your own poorly thought out system.

If you really want to use a catch-all to track who sells your address, you have to use a hash or something else that you keep entirely secret and is not easy to guess, like c66915c4ff6a27e5f3aac08f58130ba9 for . . . guess who! :-) Otherwise you're just adding to the abuse that the spammers are dishing out to you.

My own experience with a catch-all is that you're safe until you're hit by a dictionary attack, and then it never stops. I have domains with next to no traffic and a catch-all is fine, but in the last year I've had two of them get hit by dictionary attacks and after that each domain gets an increasing stream of spam attempts, currently around 1000/day. That's bad enough that I shut off the catch-all for the one I don't really use it with. The other one keeps SpamCop full.

Well Microsoft does get to pay Hotmail's bandwith bills, email storage costs, and employ people to deal with abuse reports? Don't forget that they also get to deal with all the spam that is undeliverable, bounced, or dropped by user's filters etc. Per individual spam, Microsoft may well be paying less than a recipient, but there is definitely a very real price tag attached.

Unfortunately however, under CAN-SPAM, only ISPs and not end-users can use the legislation to go after spammers through the courts. As the owner and operator of Hotmail that would naturally include Microsoft. Of course, the statement that the actions has "netted them $54 million" means the courts have awarded them that much, they will actually see far less of it than that.

It would certainly be nice if Microsoft (and others in a similar position) would make at least a token contribution to the anti-spam groups out there. Spamhaus operates almost entirely on contibutions and sponsorships, Spamcop has a legal defence fund, Spam Assassin is now under the auspices of the Apache Foundation... the list goes on.

Keep your antivirus up-to-date. Outlook won't give you any problems. If you're particularly worried, get an antivirus/anti-spam solution like SpamCOP

• spamhaus
• dnsrbl
• ordb
• opm
• njabl
• maps
• 5/10
• spamcop

"DICK JONES!! I SPAM FOR DICK JONES!!!"

SpamCop will take care of figuring out the origin and reporting spam for you.

Once an actual human person has read and acted on the mail, they should be able to mark it "official business" and/or move the email into an "official business" folder which does get kept as required.

german t-online has something like that, too. they change the from: adress of any outgoing mail to the official customer adress, unless you use a different smtp server which you have to pay for.

Absolutely. Comcast is the leading source of spam for a lot of people and has been for a long, long time. It's time they finally promised to do something about it.

Personally, if it were my universtiry, I would prefer they started to use a RTBL. The fact of the matter is, if the likely spam isn't sorted out first, I have to try to discern the stuff entirely by hand. And although I can easily pick out Viagra ads, I have relatives and the occasional acquaintence who send mail that looks awfully like spam. Didn't want to type a subject. Used "hello" as the subject. Didn't configure their mail client properly, so their "replyto" looks crazy. Without some initialy spam filtering, I would miss at least some of these -- in fact, I'd probably miss more mail with no filtering than with a judicious blackhole in front of me.

Love or hate SPEWS and other kinder, gentler RTBLs, they're better than the present choice. It would certainly reduce the load of these email servers to where it could be more easily handled. And, if nothing else, they couldbe used to prioritize mail. Use Spam Assassin or something else to do some initial tag and filter so that mail coming from Asian IPs or originating from mail servers on cable/ADSL networks gets put into the "slow" processing queue while everything else gets sent down the faster pipe.

</spouting with little to no knowledge>

• The forums and news servers are pretty open
• Easy news on how to develop circumventation for the latest filter techniques
• Annoying the anti-spammers

The SpamCop we are talking about here is not spamcop.com (which this /. article links to), it is spamcop.net.

Hmm, what idiot provides this guys bandwidth?