Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spambot Poisoner

Posted by CmdrTaco on from the have-a-great-thanksgiving dept.

halfelven writes: "Sugarplum, the anti-spambot fighting machine, is out! Quoting from their website: Sugarplum is an automated spam-poisoner. Its purpose is to feed realistic and enticing, but totally useless data to wandering spam-bots such as EmailSiphon, Cherry Picker, etc. The idea is to so contaminate spammers' databases as to require that they be discarded, or at least that all data retrieved from your site (including actual email addresses) be removed." I've seen this sort of thing before, but I just figured it's a fun thing to chat about on a holiday. It would be cool to put this on Slashdot some time: I bet I'm not the only Slashdot reader whose email address has been slurped.

11 of 187 comments (clear)

  1. Teergrube by geirt · · Score: 5

    Blow the spammers away by stopping their tools:

    From the Teergrubing FAQ:

    E-Mail is sent using SMTP. For this purpose a TCP/IP connection to the MX host of the recipient is established. Usually a computer is able to hold about 65500 TCP/IP connections from/to a certain port. But in most cases it's a lot less due to limited resources.

    If it is possible to hold a mail connection open (i.e. several hours), the productivity of the UBE sending equipment is dramatically reduced. SMTP offers continuation lines to hold a connection open without running into timeouts.

    A teergrube is a modified MTA (mail transport agent) able to do this to specified senders.

    Read the full story in the Teergrubing FAQ:

    --

    RFC1925
  2. Valid email addresses... by darylp · · Score: 4

    I notice one of the fake email addresses they have in the sample output is one @yahoo.com. Surely, this isn't really a _fake_ email address, as it's pointing to a valid mailserver? (Thus causing yahoo.com to be clogged up when the next round of spam discharge is fired.)

    And you've got to feel sorry for sweetp@dash.com!

    1. Re:Valid email addresses... by Howie · · Score: 5

      Indeed, like the number of people that assume that thingy@thingy.com doesn't go somewhere when entering 'fake' details for registration - I get all those, thanks.

      (there are a few amusing upsides - I've recieved other people's (paid for) passwords for, uh, 'premium content', before now)

      A neat spamtrap I saw somewhere was a sentence halfway down someones page that just said: "Whatever you do don't mail me at pink-and-wobbly@asdkjlwelkj.com, because then I'll know you're just an address-harvester, and blacklist your IP until the end of time", just before their normal contact details.

      --
      "don't fall into the fallacy of believing that Perl can solve social problems. Maybe Perl 6 can, but that's a ways off"
  3. Domain poisoning? by redhog · · Score: 4

    Gave me an idea: Why not set up a hole load of domains that resolves to 127.0.0.1 (Or, if that can be done in teh DNS protocol, I don't know the details of it (Sorry, I'm a luser): resolving to the requester)? They may be subdomains of "real" domains, and with just random names, so that they are hard to distinguish from real ones, and then poisoning the spambot with randomstring@random.spam.poison.domain?

    --
    --The knowledge that you are an idiot, is what distinguishes you from one.
  4. There are much better, older tools for this by TekPolitik · · Score: 5
    The granddaddy of these was by Ron Guilmette (aka RFG). He probably still has it downloadable from www.monkeys.com.

    His one actually generates addresses at subdomains of cooperating domains. These subdomains have special qualities - they typically have 30 MXs, and each MX host has 30 As. Every single one of the As will go to a host that doesn't exist, but is on a routable network. Given the timeout for opening TCP connections of 70 seconds, you can keep a spammer (or their third party relay) busy for 30 * 30 * 70 seconds, for a total of 63,000 seconds, or 17.5 hours.

    I think Ron even has instructions on how to set one of these up.

    Don't just pollute their database - make them (and the the queues at 3rd party relays who won't close up) spin their wheels for a day or so per address they scrape.

  5. Re:Spammers cheat, this will not work by pjrc · · Score: 5
    Thus wrote "bleh-of-the-huns":
    ...so whether he has a db of 1000000 real addresses, or 1000000 addresses that are crap without 20 real addresses by luck, he does not care.

    Nowadays, there are an awful lot of people who are working to fight spam, which makes is quite a bit harder for a spammer. With cool services like Spam Cop (you copy-n-paste the spam w/ headers, and they track the spammer and stop that account, often within minutes), anyone can easily contribute to getting whatever account a spammer is abusing shut down as rapidly as possible.

    It works. I've tried spamcop several times, and every time the result was that someone had already beat me to it and the ISP had already shut down the account that was being abused. The spammer wasn't caught, but they were delayed and their job was made harder.

    This forces spammers to work harder, so the cost of sending a message is not zero. An an example, take a look at the material a hacker stole from spammer Premier Marketing, Inc. It's clear that they had to use multiple people and a never-ending supply of stolen dialup accounts. They went to a lot of trouble to compile a giant list of know anti-spam activists who used services like Spam Cop (or read the headers themselves and called ISPs), so that their stolen dialups would hold out a little longer.

    It's easy to just throw your hands up in the air and accept spam as a fact of life. It's easy to feel like spammers are unstoppable. The truth is that these anti-spam countermeasures do make things harder for spammers. They increase the cost, from virtually nothing, to something. Admittedly, not much, but it doesn't take much to make some of the really lame-ass scams these folks spew unprofitable.

    There's also hope for the world in the kick-ass efforts of Paul F. Pete Wellborn III, the lawyer who's taken down a couple big-time spammers, most recently that annoying printer supplies guy!

    So don't give up. Even if you just press delete without a second though, don't discourage others. There is hope. A lot of people are working against spam, and as more things like this come on-line, the cost and risk of sending spam will continue to slowly rise. A very Good Thing!

    --
    PJRC: Electronic Projects, 8051 Microcontroller Tools
  6. Get automatically sorted out by ee23 · · Score: 5

    The spammers try to filter out invalid addresses, so all you need is a real address that seems to be invalid.

    I discovered this by accident: I wanted to track which companies give my email address out, so I created a subdomain with throw-away addresses: "nospam.sig11.net", and gave out unique identifiers for the username. (See my email in the header - it is a valid address - do not remove "nospam".)

    But the funny thing is: I never received any spam to these addresses. (And for the other addresses I see about 5-10 spam mails a day rejected by my spam filters...) It seems the address gets sorted out because of the "nospam" part.

    So the solution is: Get yourself a valid email address with "nospam" or the like in it - The spammers will do the work for you and exclude you from their lists.

    --
    -- .sig deleted
  7. Happy Thanksgiving, You've Been Slashdotted! by Seumas · · Score: 4
    Aw, man. How cruel. Post a link to this (apparently) small-time site on a day when everyone in the country has the day off and is surfing Slashdot, while his ISP is probably minimally (if at all) staffed to respond to problems -- and get him slashdotted.

    That's the holiday spirit alright... ;)
    ---
    seumas.com

  8. politicians' email addresses by Peter+Koren · · Score: 5

    Would it be possible to seed the spambots with the email addresses of politicians who support pro spam policies/laws. It would be wonderful to subject them to the same crap they shove at us.

    --
    rm -rf microsoft*
  9. Anti-Spam technique by truelight · · Score: 4

    Well, even though his has been posted many times, I cant see any hurt in porting it again, to remind everyone.

    1. First - get a domain

    2. Second, get hosting company that offers a default-mail-redirect. (i.e. If someone mails a message to jsahjfhjdkdsueue@yourdomain.com the server automatically forwards it to you@yourdomain.com

    3. Now, when you enter you email-addy in a signup form somewhere, enter the name of the company as your adress (i.e. amazon@yourdomain.com, yahoo@yourdomain.com)

    4. Now, everytime someone sends you spam, you can simply block them in your E-mail filter PLUS that your see what comany has been flithy enough to sell your adress!

    It might not be perfect, but it's damn good.

  10. Spammers cheat, this will not work by bleh-of-the-huns · · Score: 4

    When a spammer makes his spam run, he uses stolen resources. He hijacks a mail server, and forges the from address, and the reply to address, so whether he has a db of 1000000 real addresses, or 1000000 addresses that are crap without 20 real addresses by luck, he does not care. Because the address he forged will be the recipient of the bounce back messages.

    Spammers don't follow the rules, all the crap they spout in emails about this bill and that bill making this legal are complete bullshit.

    Spammers are the murderers and rapists of the techno world, they steal resources of other peoples networks, and the traffic they generate is enough to drop small networks and mail servers.

    --
    I came, I conquered, I coredumped