Slashdot Mirror
Spambot Poisoner
halfelven writes: "Sugarplum, the anti-spambot fighting machine, is out! Quoting from their website: Sugarplum is an automated spam-poisoner. Its purpose is to feed realistic and enticing, but totally useless data to wandering spam-bots such as EmailSiphon, Cherry Picker, etc. The idea is to so contaminate spammers' databases as to require that they be discarded, or at least that all data retrieved from your site (including actual email addresses) be removed." I've seen this sort of thing before, but I just figured it's a fun thing to chat about on a holiday. It would be cool to put this on Slashdot some time: I bet I'm not the only Slashdot reader whose email address has been slurped.
The fraction of invalid data that this is going to put in the databases is unlikely to warrant the spam trawlers bothering to do anything about it.
Do they even bother checking anyway? Don't they just trawl millions of things-that-look-like-email addresses, and sell them on CDs to the ****s that send the spams?
There's still bound to be far more valid email addresses than false ones trawled, anyway.
I've been doing it with junk snail mail for years. I save up the junk mail that contains postage paid envelopes, go thru it to make sure my name/address/bar code info, etc is not in it. Then swap the info among several different senders and pitch it in the mail. Surely the folks trying to sell me vacation condos need info on panty hose that don't run. And I know the credit card companies are thrilled to get info on how to avoid bankruptsy. It even helps the postal service earn more bucks.
If you're not on somebody's shit list, you're not doing anything worthwhile.....
Um....maybe it's just me, but I haven't noticed any slow down from this type of refiling system, meant to filter unwanted spam. All I've noticed is an adaptation wherein the spam is more personal and harder to detect, thus making it more likely that I'll read one of these ridiculous suckers. Enough with the anti-spam....let's just spread the word that spamming causes impotence - that oughtta work.
P 2 P___H U M O R
great comedy company.
Hotmail has finally limited it's number of blocked addresses and Yahoo will likely do the same thing soon. You got Wine to work with Outlook? oh right, Win9X/2K/etc. :{)
2's not surprising -- the site's very new, and most of the big block were from testing (friendly spammers?)
who's moderating the meta-moderators?
If you do this.. not only will you fool spambots, but you will fool *humans* as well!!
Personally, I always remove nospam from emails I'm trying to send... how would I know yours is genuine?
Andre060
You're obviously not paying attention. It was just explained how spammers may compile a list of valid addresses and you reply saying your address was sold? No it wasn't.
I highly doubt any reputable ISP, especially one the size of SW Bell, would ever sell the addresses of their user base.
--
Turn on, log in, burn out...
Thanks for the attention, all. The freshmeat posting was quite managable, but slashdot's is more than the 128kbit outbound can handle. Asymmetric DSL sucks in a substantial number of ways.
aqua
(sugarplum's slashdotted author)
Fascinating idea. Tell me though, what does invisible text sound like?
Is it also invisible in lynx?
Ahh - My eye!
The doctor said I'm not supposed to get Slashdot in it!
So the spambot can be programmed not to be trapped forever. BUT, if you have Wpoison generate links to Wpoison'ed pages on other domains, that could make life harder for the spammers. Given a large enough network of participating websites, said spambot might never figure out it has been fooled once it first took the bait.
It just might work.
Ahh - My eye!
The doctor said I'm not supposed to get Slashdot in it!
Hey! They sent him their phone number in an email message addressed specifically to him. Is he supposed to keep them waiting by the phone? That would be cruel.
FWIW, there are patches available for qmail such that after a configurable number of RCPTs, the smtpd turns into a tarpit (starts deliberately slowing down the connection unto unusability). It wouldn't be difficult to adapt that to count only bad RCPTs, or similar. That, or issue transient failures after a smallish number of RCPTs, so legitimate MTAs will try again in a bit. Stateful comparisons would help quite a bit too (if >75% of usernames requested are in /usr/dict/words, you're probably the target of a dict attack).
From the Teergrubing FAQ:
E-Mail is sent using SMTP. For this purpose a TCP/IP connection to the MX host of the recipient is established. Usually a computer is able to hold about 65500 TCP/IP
connections from/to a certain port. But in most cases it's a lot less due to limited resources.
If it is possible to hold a mail connection open (i.e. several hours), the productivity of the UBE sending equipment is dramatically reduced. SMTP offers continuation lines to hold a connection open without running into timeouts.
Only likely to work if you can force massive rfc 974 complience. Otherwise it's just another reason for spammers to prefer to use a third party (including ISP provided) relay.
The idea sounds good, but I do not see a $60-per-year option as a valid option...
It still is cheaper to click BlockAddres in your Yahoo! account or make a rule in your Outlook
Imagine the past, remember the future - Carlos Fuentes
Maybe when the hapless admin is paged at 2 am she can stop their server from acting as an open relay.
Doubt it would stop ISP's providing their own third party relays. with some ISP business models there is little difference between the ISP machine and an open relay anyway.
This used to work when there were auto reply spam email. I had made a list of auto reply spam emails, it was about 40 addresses. When I received spam mail with an autoreply, I would send an email with the list of auto reply spam as the address and the return address of the original spammer. Spammer would auto reply to auto reply spammer. I took down many servers before they got wise. Received many angry emails also.
The spammers try to filter out invalid addresses, so all you need is a real address that seems to be invalid.
Only if they are delivering their own mail. If they are using a relay they probably arn't going to care, since someone else will be getting the error messages
When submitting a form, I usually give my email as theirs. For example, I've signed up RealPlayer to send as many 'product updates' as possible to support@real.com. I hope they like it. Or, I use the one mailhost garunteed never to point to a real machine, example.com.
Then there's anything@spamcheck.bizland.com, where I can change 'anything' to the name of the site I'm giving it to (see my slashdot email), and later filter all mail coming to that address if it starts getting spammed.
--
The speed of poisoning depends on what poison you use...
I tend to think a spammer with an address database containing root@localhost, postmaster@localhost, abuse@localhost, root@localhost.localdomain, , abuse@localhost.localdomain, root@[127.0.0.1], postmaster@[127.0.0.1], abuse@[127.0.0.1], and uce@ftc.gov wouldn't have too much fun before being kicked by his ISP.
Unfortunately, many spambots are probably intelligent enough to filter out the common variants of these...
This message is provided under the terms outlined at http://www.bero.org/terms.html
try variations of that name at various domains
uh. this is true, i've seen myself having multiple new e-mail addresses - of course they were only relayed through these odd servers but still... i'd like to nuke all spammers, as everybody else, but there's very little we can do right now. anyway, i didn't read the Sugarplum website but i'm heading there next..
ound the message used repetitively over and over still nothing grows silen
http://www.spamgourmet.com -- while surfing, you can invent limited-use email adddresses whenever you want them. Any mail sent to such an address after its limit has been reached becomes nothing more than a statistic...
who's moderating the meta-moderators?
Blow the spammers away by stopping their tools:
From the Teergrubing FAQ:
E-Mail is sent using SMTP. For this purpose a TCP/IP connection to the MX host of the recipient is established. Usually a computer is able to hold about 65500 TCP/IP connections from/to a certain port. But in most cases it's a lot less due to limited resources.
If it is possible to hold a mail connection open (i.e. several hours), the productivity of the UBE sending equipment is dramatically reduced. SMTP offers continuation lines to hold a connection open without running into timeouts.
A teergrube is a modified MTA (mail transport agent) able to do this to specified senders.
Read the full story in the Teergrubing FAQ:
RFC1925
I may be paranoid, but how do we know that you're not an evil spammer trawling for our email addresses? Invite us to your site and the next thing we know we have half a ton of the rubish in our inboxes
I think except the approach mentioned in another posting to use several of my own subdomains to delay a spammer (30 MX x 30 A x 70 sec), there are the following legitimate targets to use as spam targets in your web pages:
I habitually call them up late at night and play my stereo onto their answering machines... For an hour or so. It's not a harrassing call, because they asked you to call them... OTOH, very few of them use 800 numbers any more :-))
An engineer who ran for Congress. http://herbrobinson.us
The problem is, spammers will sign up about 50 accounts, many times using fake credit info, names and phone numbers. They do this on online signup pages for ISPs, usually the little mom and pop ones that don't do the immediate credit checks. They do this on Fri nights mostly. This way they have around till mon or tues before the accounts start getting whacked, problem is, in those few days, they can send millions of messages.
Problem here is the business model of allowing access before verification. But if this is what the "big boys" do then the mom & pops have to do the same to stay in business at all.
I usually use a@b.c, garanteed to go nowhere. But if the website requesting the adress is a little paranoid, he can check the live validity of the server during the process, obliging to give a valid mail host.
That reminds me... I recently set up a Hotmail account for the sole purpose of getting spam: I have never used it for anything except to send mail to a few places that have spammed me, replacing getrich@spammer.com (or whatever it was) with delete@spammer.com.
Interesting experiment, although I have to admit to being a bit disappointed -- I haven't received any spam yet!
Sadly, I get plenty of it sent to my real email address thanks to a misconfigured mailing list I'm on.
You're a suburbanite.
Using a your domain as a return address for spam strikes me as terribly unfair. It's a shame there are no existing laws to put folks who do that in jail.
I used to own "boy.com" many years ago and gave up the domain for similar reasons. There would be a ton of email forged with that as the return address. The last straw was possibly illegal porno being posted to USENET with "boy.com" as the hosting site (forged, of course.) Back then--in 1995-1996--I decided to get rid of it because I thought it may be impossible to convince authorities that we had nothing to do with those postings.
Sugarplum is an interesting idea but a better one is to use the spammers techniques against them. Turn their strengths into weaknesses.
A spammer looks for email addresses, and sugarplum goes some way to taking advantage of that fact by giving them crap addresses. Unfortunately it's fairly simple to check the validity of the domains and accounts.
A better solution is to give spammers valid email addresses which are aliased to a spamtrap account; This is a system account who's sole job is to receive spam. You then know that anyone who sends mail to this account is a spammer.
You now have information about who the spammers are and can use this information to block spam from real accounts.
This is all described on the Spamido web page along with some procmail recipes which can be used to implement it.
Deleted
I'd love to mirror interesting sites like this, but my ISP is a small consumer-owned coop with a single T1 serving ~100 customers. which leads me to the following question:
How hard would it to be for slashdot.org to provide a load-balancing mirror service? I'm thinking of a simple round-robin url-redirection to mirrors of potentially slashdotted sites.
So if I want to volunteer a mirror of a site referenced in an interesting slashdot thread I could submit it to slashdot.org with a maximum HPM ceiling so that my ISP wouldn't get bombed with excessive traffic.
This is nothing fancier than the typical web-farm distributed processing. I would be happy to offer *limited* bandwidth to mirror a site with relevant content. I just don't want to slashdot my own coop .
==============
(this post was spell-checked by OmniWeb - all grammatical errors are mine)
Well 0.24 gbp a year isn't really that bad.
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
I use Bizland.com mail forwarding. It works the same way as the first poster's idea, but with a free subdomain. If I remember correctly, with Sneakemail you have to log onto their site every time an address gets spammed and delete/change the account. This way, all you have to do is add it to your filters, which seems to be more convenient to me.
--
These hosts generally don't read robots.txt, instead they start at www.yourdomain.com and follow all the links from there. Some of them are even stupid enough ti visit the same page multiple times if that page is reference from multiple pages on your site.
Probably the worst thing about these rogue web robots is that there is no way to identify and block them without having a daemon monitor the access logs in real time looking for this activity and adding the appropriate Deny rule to the config once a host is identified.
I pity dev@null.org, my personal choice of 'fake' e-mail address... :)
Nokia has started spamming me over SMS
(pager service) after I bought one of
their mobile phones.
The bummer is that I can't easily change
my mobile phone #.
I tried: calling them up and yelling, but
that hasn't helped. I also called my GSM network
provider, to ask them a) to block the spammers acces to their network. and b) enable me to disable SMS services.
Since Nokia is presumably a big business partner
of the network provider, I'm not holding my breath.
Ideas anyone?
I do the exact same thing with a free subdomain from Bizland.com.
--
It's a nice idea, but 95% of spammers are just harvesting From fields in newsgroups (and some morons harvest message-id too), since they can get that /extremely/ easily. They don't normally download the articles - too much work - so they wouldn't see your .sig
I notice one of the fake email addresses they have in the sample output is one @yahoo.com. Surely, this isn't really a _fake_ email address, as it's pointing to a valid mailserver? (Thus causing yahoo.com to be clogged up when the next round of spam discharge is fired.)
And you've got to feel sorry for sweetp@dash.com!
From having a look at the sample output page on the website, I'm wondering if by using the email addresses of "known spammers", they're leaving themselves open to legal reprisals.
Anyway, a large part of the problem with spammers is that they randomly send spam to as many addresses as possible at a certain site, knowing that at places like hotmail, they're likely to hit valid accounts a fair proportion of the time. There's not a lot you can do about this kind of attack - it doesn't require a database of names to succeed.
So the solution is: Get yourself a valid email address with "nospam" or the like in it - The spammers will do the work for you and exclude you from their lists.
That's something like reverse psychology for the spambots, isn't it?
Of course, if I were a spambot author, I'd include all sorts of regex's to de-mangle the most common forms of address mangling. With that in mind, I reason that the best course of action is to just mangle your address to the point that it doesn't look like one.
As an example, you may note that *my* slashdot email address has the @ and . enclosed in both braces and spaces. Any human would be able to demangle it to a vaild address, but spambots don't even see it. As an added bonus, the humans who email me don't have to decide which words of the address to delete, lessening the margin of error.
On my website on my website ( www.vans-colina.com ) .
Feel free to take a look at the random, and sometimes quite funny email addresses it generates.
Official GOD FAQ.
Google cache link since this poor server cant handle the load, Very interesting software, But I feel nothing can beat using the MAPS RBL and other MAPS resources. Havnt had my mailserver spammed since!
Linux: Because a PC is a terrible thing to waste.
James Brents
That's an awesome idea. I commend you on your creativity.
Flavio
Well, this also has been posted many times...
Sneakemail.com does all that for you without all that hassle.
Sneakemail is to spam filters what an ounce of prevention is to a pound of cure.
I would like to see a "cooked" spammer list and software package that is indistinguishable from
a real one. The difference would be either a nasty email (what else?) virus or every so often
it would also send a threatening letter to some elected official, like president@whitehouse.gov
Not only will the spammer get some immediate "results", but will likely end up on one of THOSE lists.
You know, the lists THEY keep... I bet they never, ever take a name off those lists, too.
A dingo ate my sig...
I really think that spamming should be punished severely. We should cut their hairless balls off and make those bastards pay.
while (myMessages.hasMoreElements())
{
Message message = (Message)myMessages.nextElement();
if (isSpam(message))
System.out.println("I will cut your balls off, " + message.getPersonalAddress());
}
http://dtum.livejournal.com
Gave me an idea: Why not set up a hole load of domains that resolves to 127.0.0.1 (Or, if that can be done in teh DNS protocol, I don't know the details of it (Sorry, I'm a luser): resolving to the requester)? They may be subdomains of "real" domains, and with just random names, so that they are hard to distinguish from real ones, and then poisoning the spambot with randomstring@random.spam.poison.domain?
--The knowledge that you are an idiot, is what distinguishes you from one.
I got some spam this morning offering me an account with an ISP. They claimed they never shut down accounts due to spam complaints and they are also selling 'bulk e-mail software'.
It's somewhere in the US, as you need to phone a 1-845 number (or reply to an excite.com address) to apply.
Can ISP's really do this - I'd have thought they would get shut down pretty quick if they did.
His one actually generates addresses at subdomains of cooperating domains. These subdomains have special qualities - they typically have 30 MXs, and each MX host has 30 As. Every single one of the As will go to a host that doesn't exist, but is on a routable network. Given the timeout for opening TCP connections of 70 seconds, you can keep a spammer (or their third party relay) busy for 30 * 30 * 70 seconds, for a total of 63,000 seconds, or 17.5 hours.
I think Ron even has instructions on how to set one of these up.
Don't just pollute their database - make them (and the the queues at 3rd party relays who won't close up) spin their wheels for a day or so per address they scrape.
One thing that answers my first concern (the ability to make a screenshot) seems to be answered by the spammer's like of PC Anywhere. I thought of BO... but thought that installing the server would be unlikely at sudden notice. A misconfigured PC Anywhere session, though, would be usefull and fortunate for the attacker indeed!
Does anyone get spam on root@ mail adr.?
It seems to me that most spammers are afraid of spamming those, with good reason. heh.
--------
Perhaps with a .sig - just changed it. But on another thought, maybe I should let everyone guess ;-)
--
set your maillink to this. :-)
--------
As do I - sergente.slashdot@survivalnet.org.
I almost always know where the spammer got my email adress - of course sometimes they get my email from whois db's around.
while upgrading sendmail, I had somehow allowed the world to realy :-(
A spamer hit my box and out of 23 messages only 6 were valid.
OK, sorry to respond to my own post, but DaSonic suggested a simpler solution in this post - linking to the google cache of a site rather than the actual url. As long as Google doesn't object to such links, maybe slashdot could reference the cached links rather than the originals as the primary link (listing the original for historical purposes). =========== (this post was spell-checked by OmniWeb - all grammatical errors are mine)
it would be nice if the isps that are fighting spam would share caller id info. Since many isps are simply virtual isps, it would make sense for who ever is running the digital ras to keep track of spamers and they numbers they dialed into. If they were clever the spamer would never even know this is how they are being tracked and radius can warn the staff about a recently dialed in spamer.
From what I've seen, they love sales@ and webmaster@. I get email for those and I've never used them with my domain.
I know there are spam reporting systems. Do any of those alert ISPs of the contact addresses contained in spam? So when a spammer uses mail or Web addresses as contact points for victims, that information will quickly be pointed out to the affected ISPs?
The Wpoison web generator creates web pages with fake email addresses, and links to itself so a spam web crawler will be trapped within generated pages. Obviously a spam web crawler can be programmed to not be forever trapped, but Wpoison at least provides a trap for the unwary crawler.
Tell me what makes you so afraid
Of all those people you say you hate
Okay, I have posted 2 previous posts here about how they operate. Now for why they will continue to operate and how they do not get caught.
A typical spammer will have a CD of millions of addresses, verified or not, it makes no difference. Then the spammer will go out and find an old mail server, the ones that report the "helo whatever" statement as the sender and does not check, older versions of sendmail do this, but most old mail servers do as well. Easiest place to find them, colleges, third world countries, old corperate machines that have not been updated in years. Japan has a huge no of them.
Spam away, the spammer will live a little longer as the mail server will never report his actual IP, so most abuse departments will disregard the complaints and junp them, unless the mail server in question (which will always get reported by the recieving mail server) is hosted by the provider you complained to.
I know I seem somewhat radical here, but I spent over a year dealing with spammers and UCE, and the fact that I kept seeing the same people reapearing (you can tell by the spam itself), at different ISP's, and even under different user names at same ISP's with diff credit info leads me to believe that unless their is a law, nothing will change.
ps, most companies will not bother going after spammers who defraud them by using invalid credit card no's unless their is a huge amount of money involved, and spammers know this too.
I came, I conquered, I coredumped
The only problem with using your own domain for all email is that given your domain, people can find out where you live. I would like to stay anonymous when giving an address to most websites thank you.
Spammers are now running dictionary attacks against SMTP servers. A spammer will connect to mail.example.com and try a large (if not exaustive) list of possible usernames. If the mail server gives an 'OK' message the address is added to the spammers list; if it gets a 'user unknown' it discards it and goes on to the next. There was a piece of spamware that had the ISP that I admined hardcoded into it's searches.
No replies made to AC posts. Please log in.
Second, I use the address as an identifier in my addresses. At mp3.com it's mp3@world-domination.net, at yahoo it's yahoo@world-domination.net.
You just poisened your own method by posting those email addresses on slashdot. If a spambot finds them here, you'll think mp3.com sold or yahoo your e-mail address.
And yes spambots visit slashdot!! (so this program might be something they should use.)
personally I always use root@127.0.0.1 when forced to register with a site I dont want spam from.
Ha! I do this all the time. I know, two wrongs don't make a right, but it makes me feel good. :-) I use my work phone. I'll usually call their machine, which it invariably is, and I'll leave the message stating my intent: I intend to call this number over and over again until I am tired of calling it due to the spam in my inbox. I do not tell them my address.
:-)
I don't know what ANI is though. Guess I better look that up.
John
-= Why can't I add 'Anonymous Coward' to my list of Foes? =-
that won't work. The US postoffice disposes of things like bricks attached to postage paid envelopes. Remember the junk mailers are the friends of the post office which is why their return junk mail cost them less than your letter to a friend.
I am currently webmaster where I work, and I do fairly regularly get shitmail at the webmaster@ address.
I've ended up relying on 3 different solutions, each with different strengths.
- Trusted correspondents get my direct MindSpring (now, sigh, Earthlink owned) address. MindSpring has decent ISP spam filtering.
- I pay a pittance every year for my spamcop redirector, and I use my spamcop address for non-trusted correspondents. SpamCop does very aggressive ISP level filtering; rejected correspondents get a SpamCop reply with an embedded URL. Correspondents can click the URL to send the message and bypass the filters. Unfortunately this step is too much for many users, and vendors have trouble with it to (security fears probably). If SpamCop had more subtle filtering options I would use only that address (and willingly pay more). SpamCop does use a form of positive filtering -- if you manually accept email from the SpamCop held box the sender is added to an "accepted" list.
- On the client side I do a mixture of positive and negative filtering. Obvious spam goes directly to a spam box, addresses that do not match my accepted list go to a lesser garbage box.
Ultimately the solution is likely either signed email or adding finer filtering controls to SpamCop and integrate SpamCop type services with ISPs. At the moment though, netizens have not been willing to pay a premium for ISP-level spam filtering solutions and spam filtering has not figured in ISP rankings (to my knowledge).John Faughnan
John Faughnan
jfaughnan@spamcop.net
I do see 12 DEM per year pretty reasonable...
I have been using it for a few years now and have never upgraded it (or even looked to see if it was upgraded!) The thing is running here.
It does catch the spammers! I have seen spam harvesters sit there for days just going through page after page after page. And of course I just let it.
However, make sure you have your robots.txt set up properly. I made a goof in the original one I had set up and ended up doing quite a number on Web Crawler. With some help from their tech support staff I got that fixed pretty fast.
There is a third party module for the Roxen webserver that's called the Email Address Cloaking Device.. I use it, and it works very well..
Before any content is served, it checks the User Agent; if it's a bot, it translates any MAILTO: links in the HTML into gibberish.. it eliminates the need to "spam-proof" your MAILTO: links.. (The only thing I'm worried about is spammers altering their bots to ID themselves as Mozilla, or something similar..)
personally, I'd be inclined to use something like lightgreen on palegreen1 :-).
I definitely like the idea. I guess that the next thing would be to put invisible (to human readers) links to poison pages on my main web pages. That and generating aliases to localhost.bcgreen.com, to point email adddresses at.
`ø,,ø`ø,,ø!
Free Software: Like love, it grows best when given away.
Nowadays, there are an awful lot of people who are working to fight spam, which makes is quite a bit harder for a spammer. With cool services like Spam Cop (you copy-n-paste the spam w/ headers, and they track the spammer and stop that account, often within minutes), anyone can easily contribute to getting whatever account a spammer is abusing shut down as rapidly as possible.
It works. I've tried spamcop several times, and every time the result was that someone had already beat me to it and the ISP had already shut down the account that was being abused. The spammer wasn't caught, but they were delayed and their job was made harder.
This forces spammers to work harder, so the cost of sending a message is not zero. An an example, take a look at the material a hacker stole from spammer Premier Marketing, Inc. It's clear that they had to use multiple people and a never-ending supply of stolen dialup accounts. They went to a lot of trouble to compile a giant list of know anti-spam activists who used services like Spam Cop (or read the headers themselves and called ISPs), so that their stolen dialups would hold out a little longer.
It's easy to just throw your hands up in the air and accept spam as a fact of life. It's easy to feel like spammers are unstoppable. The truth is that these anti-spam countermeasures do make things harder for spammers. They increase the cost, from virtually nothing, to something. Admittedly, not much, but it doesn't take much to make some of the really lame-ass scams these folks spew unprofitable.
There's also hope for the world in the kick-ass efforts of Paul F. Pete Wellborn III, the lawyer who's taken down a couple big-time spammers, most recently that annoying printer supplies guy!
So don't give up. Even if you just press delete without a second though, don't discourage others. There is hope. A lot of people are working against spam, and as more things like this come on-line, the cost and risk of sending spam will continue to slowly rise. A very Good Thing!
PJRC: Electronic Projects, 8051 Microcontroller Tools
Bill - aka taniwha
--
Bill - aka taniwha
--
Leave others their otherness. -- Aratak
I only saw one reply that hinted at this, but sugarplum is basically doing a dictionary attack for the spammers. It's going to end up putting a lot of legitimate addresses in their databases.
According to the terms of agteements, they cannot use this the information from the board for spam.
There there is a statutory amount for copyright violation, why not use that against the list providers?
Fight Spammers!
Doesn't work. :( I do that - but 99% of the spam I get, is sent to the e-mail address I used to register the domain.
copkiller.org is my domain. Try to find out where I live.
The registrar only reports the info you give them.
-Legion
It is too bad there is no way to poison the sender of the spam. Spammers will evolve beyond this, they always do.
On my Christmas Wish List, I want Santa to bring me something that doesn't exist. Something that's a great idea, but not actually possible. Ya know, like world peace, honest politicians or stable Microsoft products.
I want an e-mail client that will automatically detect spam and e-mail virus hoaxes - with 100% accuracy, so I don't lose real messages - and without any intervention on my part, smurf the sender.
Because, Dear Santa, I wish to be able to post my e-mail address with impunity, for all to see.
Fire and Meat. Yummy.
Burris
Except for cases where bots troll the WHOIS database, my inbox stays pretty clean.
Get Veiled
You're right about the Google cache being (somewhat) outdated, and the load from URNs outside of the original HTML page are a legitimate consideration. Maybe my previous idea of mirror "load balancing" is a better solution after all. Slashdot.org will have to take the initiative here...
=============
(this post was spell-checked by OmniWeb - all grammatical errors are mine)
Don't forget, your average spammer is desperate for the low margin of sales he can hope to achive. Thus, many of the spams I have recieved often contain 1-800-xxx-xxxx numbers for contacting them. Remember, with an 800 number, the reciever of the call is charged money for each incoming call to it.
A friend of mine runs a script which intermittently dials the numbers in the evening when he's asleep and not otherwise using his line. Vindictive, evil, yet somehow it seems just.
---
man sig
---
the pen is mightier then the sword. the sword is mightier then the court. the court is mightier then the pen.
It's about numbers. If a spammer sends out 10 million spams asking for $10, and 0.01% of the recipients are sufficiently naive to reply, he has made $1,000. If the spammer is just looking for credit card numbers to defraud, all it takes is one bone-dumb idiot out of millions of recipients to send theirs in. The odds look pretty good for the spammer.
Unless you can get politician's email addresses that don't end in .gov, there is no point. Even a spammer isn't dumb enough to spam .gov addresses. After all, that's what got junk fax in deep shit. And if the politicos have other addresses, they are a closely guarded secret.
.gov that you could supply to the spammers that would forward all the spam to everyone in congress.
.gov if you aren't in gov't? If ordinary people used .gov addresses, the spammers would have a harder time figuring out who they can shit on with impunity.
However, it might be worthwhile to set up a bunch of forwarding addresses that don't end in
Another thought -- is it possible to get an email address that ends in
Concealed Handgun License Courses in Plano, Texas
There are several spambot poisoning programs out there, but spam continues. The reason is simple; spamming doesn't cost anything. The only ways to make any dent in the spamming will have to involve ways of making it cost something.
There is at least one fellow who may have found a way to do something effective.
Check out the email address on this post. It is a real, non-munged email address. After you have admired it a few seconds, then go to http://www.suespammers.org, and get your very own free Washington-state based email account from a guy who is hoping to make a living suing the bastards.
Concealed Handgun License Courses in Plano, Texas
Stephen
The trouble I have with all these schemes is that it causes lots of extra work for the root servers of the DNS. By forging bogus addresses in invalid domains and offering those addresses to harvesters, you're guaranteeing that people using these lists will cause tons of root server queries. If the addresses are at valid domains like hotmail, you're burdening hotmail with the effort of looking up these (maybe) bogus users.
I just munge my address, adopting the form: mailto:foo%2bdomain%2etld , which all the browsers I tested understood just fine. So far, so good. A nice bit of poison that I like: postmaster@[127.0.0.1] and postmaster@localhost.
Wouldn't that make them merely the thieves of the techno world?
I hate spam too, but let's maintain some perspective...
I'm sick and tired of search engines, classifieds, etc that have been so SPAMMED that they are useless. About time someone devised a way to make their own SPAM databases just as useless.
SPAM does not work as a marketing tool. You can't sell things to people you piss off.
=== The price of freedom is eternal vigilance
I have some email addresses on my web site that are there solely for EmailSiphon to find.
Any message that goes to these addresses gets its sender blocked automatically by my procmail scripts.
Also, I scan the inboxes to find messages in real accounts that are substantially the same as the spamcatcher messages. Those, too, are deleted. (I've also posted the spamcatcher address on Usenet.) The downside to this is that it takes a while to detect this. If I pick up my mail too soon, a spam may get through because the compare script hasn't run yet.
This gets rid of about 90% of my spam.
1-800-206-3934 ex. 5858
***1-800-224-5988****
On checking the headers, I saw that my email address was contained in every message (in other words, no aliases or other things that merely resolved to my address). These guys deliberately spammed me multiple times.
That's fine, though, because I collect 1-800 spam numbers. It would be a real tragedy if they were called repeatedly from a worldwide audience who hates spam, wouldn't it?
Don't use your home phone. ANI will bite you on the ass if you do.
-Legion
You need to make sure that these fake addresses couldn't possibly disturb real people.
I own a domain that's one-letter off from the #1 site on the web. I find that people make this one letter change to avoid getting spam, and the email goes to me! I get thousands of emails a day to this account from people who do this.
I'd be careful that the fake email addresses don't annoy real people. Use fake TLDs.
Too bad there isn't a way to make an e-mail address that crashes a spambot. It would be nice to have the spammers have to work a bit harder to get addresses at all. Of course poisoning is nice, but I'll bet it's about as effective as arsenic, and just as slow. :)
Still, it's great to see a means of getting the spammers to spam each other. If only the same thing could be done for junk snail-mail.
Has someone changed your configs?
What intrigued me was the use of dos attacks. If dos is "a bad thing", can it be (morally / legally) used in self defence? Would not setting up a web server with such a feature mean your account will be terminated real soon?
If dos attacks in self defence are okay (morally, if not legally), then what about using them in protest against something we don't like (the attempt to down etoys server at specific times rings a bell). Clamping down on this line of development would be a tad iron fisted, but allowing it to progress unhindered could lead to anarchy.
But then again, the real world isn't that much clearer. 60 odd days ago the UK saw "peaceful fuel protests" that brought the country to a halt, yet a farmer who shot a burglar in self defense was convicted and imprisoned.
(Personally I'm all for fuel protests and anything that means a full tank of fuel is less than 50 pounds - that's about US$80).
Karma makes sense. It makes a lot more sense if you add reincarnation.
There are other more effective ways of screwing spammers. Like this for example:
b e.en.html
http://www.iks-jena.de/mitarb/lutz/usenet/teergru
I am not the AC above, and I am agnostic on whether this tale is true (but interested to know.) (OK, so technically if I was agnostic I'd believe it was impossible to know.)
Quattuor res in hoc mundo sanctae sunt: libri, liberi, libertas et liberalitas.
The site looks interesting. But as the AC pointed out, the ability to get a screen capture via a sudden-notice attack on a Windows box (Win9x? WinNT?) seems very unlikely. There's reason to be skeptical.
500 Quatloos to the first person who bigfoots every email on Capitol Hill!
In a related story, the IRS has recently ruled that the cost of Windows upgrades can NOT be deducted as a gambling loss.
Q. When will spammers desist?
A. Once *all* refrain from many *any* purchases electronically.
-
It's an obvious solution; too bad there are too many fools-with-credit-cards out there.
"Convenience" is the downfall of much of this society, and now it's infested the Internet as well.
To try it, run lynx -useragent=EmailSiphon http://ibgwww.colorado.edu/
It is really funny to see some poor spambot spend an hour or two thinking it has hit some really rich website.
any mirror ?
Thanks
OverLord
bob@bob.com
to
bob@SPAM.bob.com
It seems to me that as the programs advance, they probably pick up on some of this stuff, no?
"I say consider this day seized!" -Hobbes
"Tomorrow we'll seize the day and throttle it!" -Calvin
How does that work then? What happens when the registrar needs to send you (snail) mail?
The spammers try to filter out invalid addresses, so all you need is a real address that seems to be invalid.
I discovered this by accident: I wanted to track which companies give my email address out, so I created a subdomain with throw-away addresses: "nospam.sig11.net", and gave out unique identifiers for the username. (See my email in the header - it is a valid address - do not remove "nospam".)
But the funny thing is: I never received any spam to these addresses. (And for the other addresses I see about 5-10 spam mails a day rejected by my spam filters...) It seems the address gets sorted out because of the "nospam" part.
So the solution is: Get yourself a valid email address with "nospam" or the like in it - The spammers will do the work for you and exclude you from their lists.
--
This thing should work due to the combination of multiple spam-evasion techniques. Spamming is like recycling cans or telemarketing in that the profit margine is very narrow, and the tiniest variables can upset that margin.
Spammers designed ways of gleaning email addresses from websurfers in order to avoid having to pay for verified email addresses; without a way of verifying the addresses they collect, spammers will have to switch back to paid lists gained from registrations, etc.
In this case, the need for verification will create that extra step for spammers, making it cheaper not to use the lists at all. Is anyone aware of a cheap and easy way, other than just emailing the person, to verify a valid yet false address?
The only way I can think of for spammers to evade Sugarplum would be the establishment of intermediate businesses to vet email lists gathered by spammers.
Goat sex free since 2001
Spammers are a type of thief. It's that simple really. It's the online equivalent of if people could steal your car while you weren't using it, and return it when they are done with it but without paying for gas. They can make a big fuss about how they aren't stealing your car but they're using it and wearing it out without paying for any of it, and whether or not you also can use it is not relevant.
The law doesn't let people steal your car just in case they plan to return it before you need it again. It forbids people from stealing your car in general terms because the stealing is taking place without your permission or consent. By the same token, spamming is use of your internet resources (from ISP right down to use of your inbox and 'mail visual scan' for important stuff) without your permission or consent- the resources being used are all YOURS, not the spammers. They have no right to use 'em, any more than they have a right to steal your car temporarily and use the gas up.
There is also no legitimate argument that their use of your resources is doing you some kind of informational favor. You would be just as able to access that information if you went to their website on your own- you don't owe them the attention, just for existing. I guess that's the bottom line really- spammers behave like attention is a right, calling it free speech and basically insisting they must be allowed to _seize_ the attention of anybody in the world. Attention is a privilege, not a right. Free speech laws never considered the situation of a person with a megaphone loud enough to yell at every single person that exists- free speech is based on an assumption that the speech is going to be somewhat localised, and that if you are somewhere else or not paying attention you won't hear it.
In a weird way stalking laws seem oddly applicable. If you continually follow a person berating them you may well be legally forced to stop as your demanding of their attention is considered a sort of assault. Spammers are, effectively, 'stalking' millions of people at a time. No-contact laws might be a good idea- if no-contact to specific individuals is too much like 'opt out' or too unrealistic, perhaps what's needed is 'no bulkmail/email at all' laws for a digital version of no-contact. The former would be a legal acceptance that spamming is a form of harassment, and a block against that person doing it again for any reason through any means- and the latter would be a recourse if the spammer refused to stop harassing.
If Kevin Mitnick can be forbidden to work in the computer industry just for being a troublemaker, why can't unrepentant spammers be forbidden to use email for any reason? There's always postal mail, the phone, and face to face contact- ALL of which already are covered legally against harassment situations.
That's the holiday spirit alright... ;)
---
seumas.com
Would it be possible to seed the spambots with the email addresses of politicians who support pro spam policies/laws. It would be wonderful to subject them to the same crap they shove at us.
rm -rf microsoft*
Reminds me of that TNG episode where they found a way to make the Borg examine a picture that constinued forever.
Hmm.. wouldn't that be interesting, have the feeder continuosly feed it email addresses and never stop. It's a better way to fight, don't resist, just give them exactly what they want, and lot's of it, until they stop it by themselves.
Have you read my journal today?
Well, even though his has been posted many times, I cant see any hurt in porting it again, to remind everyone.
1. First - get a domain
2. Second, get hosting company that offers a default-mail-redirect. (i.e. If someone mails a message to jsahjfhjdkdsueue@yourdomain.com the server automatically forwards it to you@yourdomain.com
3. Now, when you enter you email-addy in a signup form somewhere, enter the name of the company as your adress (i.e. amazon@yourdomain.com, yahoo@yourdomain.com)
4. Now, everytime someone sends you spam, you can simply block them in your E-mail filter PLUS that your see what comany has been flithy enough to sell your adress!
It might not be perfect, but it's damn good.
As currently designed, sugarplum won't work for a simple reason: it expects the spam crawlers to identify themselves. (It looks for User-Agent headers such as Cherrypicker, etc.). The spammers will lose no time in figuring out that they just have to identify themselves as Alta Vista.
Hmm, well after reading a bunch of comments it would seem that there are plenty of anti-spam options out there, just not enough people using them. How do we convince a significant user base to use them, enough so that the spammers start feeling it big time?
BTW, in some cases I think it is fair to give away a valid e-mail address. If the company for example is providing me with a decent free service or software, I feel inclined to at least give them an occasionally-used yahoo or hotmail address of mine -- if they sell it, well, I did get their free product, so I can deal with it. OTOH, if I'm just checking out some web game/diversion for a major corpo, then I'll definitely supply them with a fake address.
The problem is that if that is widely deployed, the spammers will change the USER AGENT line to some approximation of a common web browser. And then, all the sudden, you won't be able to tell the address collector from the web browser.
Which ruins that technique.
BTW -- That sort of stuff has been around for at least a year, probably more.
Gentoo Sucks
There has been a CGI script called wpoison that has been around since 1997 which feeds spambots articial e-mail addresses.
From what it seems, the only two things this does that wpoison doesn't, is spams spammers and crashes the spammer's machine with denial of service attacks.
Having spammers spam other spammers seems okay, but attacking spammers with denial of service attacks? Sorry, but it my opinion, performing denial of service attacks on people you don't like makes you almost as bad as a spammer.
Aside from all that, if CmdrTaco hasn't noticed, this is Slashdot, not Freshmeat.
Sorry, the URL for wpoison is http://www.monkeys.com/wpoison/.
I ensure that my signature on newsgroup postings contains the email addresses of those who have spammed my spamtrap account. Note that I never use the reply-to addresses as more often than not these are directed at fairly innocent ISPs/whatever, but actually visit the websites mentioned (stripping any referrer-type ids) and grab as many webmaster@ and support@'s as possible. Not much of an effort in the big scheme of things, but if we all did it...? Hey, I have a lot of time on my hands - what can I say?
Quoted from the SugarPlum site :
"and, optionally, the activation of firewalling or launch of denial-of-service attacks intended to crash the spambot's machine"
IANAL, but last I heard, "denial-of-service" was a wonderful way to get sued, especially in this day and age where words have more weight than actions. This brings up the eternal problem of the criminal suing the innocent in order to gain fame. Definitely not a good idea when spam is involved.
-Billco, Fnarg.com
Could just be one of those programs that downloads entire webpages for offline viewing.
I left last year...
When a spammer makes his spam run, he uses stolen resources. He hijacks a mail server, and forges the from address, and the reply to address, so whether he has a db of 1000000 real addresses, or 1000000 addresses that are crap without 20 real addresses by luck, he does not care. Because the address he forged will be the recipient of the bounce back messages.
Spammers don't follow the rules, all the crap they spout in emails about this bill and that bill making this legal are complete bullshit.
Spammers are the murderers and rapists of the techno world, they steal resources of other peoples networks, and the traffic they generate is enough to drop small networks and mail servers.
I came, I conquered, I coredumped
Anybody have a mirror up yet?
I have two methods that I personally use. Since I own my domain and recieve all e-mail sent there, I can be anything@world-domination.net. So the first technique is to choose mail addresses that get rejected by spambots, webmaster@world-domination.net, support@world-domination.net, etc., or in the case of slashdot, root, for the l33tness factor.
Second, I use the address as an identifier in my addresses. At mp3.com it's mp3@world-domination.net, at yahoo it's yahoo@world-domination.net. Then if I start getting spammed at one of those addresses, I know which site's fault it is, and I can change my address at that site and block all future mail to that address.
I admit this solution isn't for everyone, but it works great for me.
---- "A programmer is a person who solves a problem you didn't know you had in a way you don't understand."