Slashdot Mirror
Everything About Spam And More
konsept writes: "a quick overview of the problem of unwanted, unsolicited e-mail, a growing threat to the usefulness of the Internet. In most cases this will appear as unwanted commercial e-mail - junk e-mail advertising. In a few cases, users of the Net are unfortunate enough to receive unsolicited religious, racial or sexual messages, a somewhat more serious matter."
Somewhat of an entry level piece, but a lot of great advice and coverage of the major relevant legislation on the subject.
In fact, they do. Just go to their webpage, fill out your validation email, and a URL will be sent to your email. Bookmark this URL -- you can come back to it anytime in the future, and it's just one click away. The URL takes you directly to the spamcop submission form that you can paste fresh spam in.
---
mikre he sophia he tou Mikrosophou.
While spoofing mail at the TCP/IP layer has become trivial, catching the actual spammers is near to impossible. Brightmail has come up with one of the best solutions I've seen so far. They claim 80%+ spam filtering.
I believe in hitting the spammers where it hurts. I got one the other day where someone was trying to sell me land in some other country and wanted me to fax my bank particulars so they could get me a 'good' deal on the land. That guy got black faxes all day long. Doesn't take long to run a fax out of toner :)
I've gone all out in trying to eliminate spam over the years, and amazingly, it seems to be working!
Don't misunderstand--spam hasn't dissappeared, and it probably never will. Too many losers think they'll make money at it, or can at least convince other people that they can. However, the business model just doesn't work, and education has been a big part of the reason for that.
Right now I get two or three bits o' spam a week, across all of my email addresses. That's down significantly from the 15-20 per DAY that I used to get.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
try korean spam.. at least US spam is readable.
85% of all spam I get is US only
5-10% is in korean/japanese/chinese (probably not)
which I can't read, being very, very dutch.
just to bug them I ask them for clarification. In dutch
once in a while I get spam that could, in theory, actually do business with me. usually this is either about search-engine registration, or come to us to spam people.
and what REALLY bugs me:
call 1-800-bastardspammerremoveme (toll-free)
HELLO! THAT DOESN"T FUCKING WORK FOR INTERNATIONAL PHONECALLS!
//rdj
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
It's odd that you mention this, I just spoke with the developer of spamcop, Julian Haight, about this exact issue two days ago. I was irritated that spamcop sent so many complaint messages to our abuse account. However, after listening to Julian's reasoning, it is very understandable why spamcop does this. It's really simple. It sends a message for each complaint filed, same thing that happens when non-spamcop complaints are filed with an ISP. He pointed out that many ISPs will not respond to complaints until a certain number are filed, that some ISPs save all complaints, and that it probably wasn't good to just discard the complaints. To top it off, there is even an email address that will automatically close out spamcop issues, so a relatively simple procmail recipe will allow sysadmins to only receive one message (the first report) per spam incident. With that last item in mind, there are really no valid complaints that can be made about spamcop from a sysadmin standpoint.
badtz-maru
I suggest doing whatever necessary (assuming you're serious enough to be using your own domains for these websites) to do whatever necessary to associate the email with the domains- knowing that you'll get very heavy spam from this, including mis-addressed domain email and dictionary attacks. I do. But I can't reasonably be expected to give up my use of normal contact information (I'm chrisj@airwindows.com if you are in Vermont and need to do some studio recording or digital/mp3 mastering- yes that's not a misnomer, I'm using a special hack of LAME that allows me to set ambience levels dynamically, not currently available from the normal sources. Yes I will share- if asked. It's easy- pass in ATH masking level as an arg)
See, there's another reason why I might want normal contact information- some of the people working on LAME might stumble across this someday and want to know what I was doing. If I'm giving contact information that goes with my domain it will follow me if I have to change hosting. If I'm giving out some third party address it is always at risk of being rendered permanently useless. That's too high a cost- and if it's over spammers, the fault is not mine! I refuse to give up and assume there will never be at least _some_ way of dealing with spammers. Wait until Senators and Congressmen and Judges are getting so buried in spam that they cannot use their emails, wait until _they_ do the calculations and figure out that they will end up spending a year of their life just dealing with email spam by the time they die. _Then_ maybe we'll see it treated as the crime it is, akin to junk faxing.
The funny part is that since Earthlink spams their own customers (I've got several "Please get DSL now!" and a couple of "Get a digital camera free if you buy $PRODUCT from us" mails from them), Spaminator - at least at one point - filtered that out too :-)
That said, ISPs spamming their own customers is more of a customer support issue, rather than a spam issue - Earthlink owns the mail server on which my mail resides, and if they want to load it up with their own spam and alienate me as a customer, they have a right to do so.
Now, uu.net, on the other hand... or rather, their non-port-25-blocked reseller. Fuck uu.net with a wire brush. When Worldcom defaults on its bonds, I'm gonna be first in line to buy a uu.net RADIUS server at ten cents on the dollar, just for the pleasure of smashing it to bits with a wooden mallet.
If you look at the stats, you'll see that uu.net is the single largest source of dialup spammers on the planet, by a factor of ten.
That's right - 90% of the dialup spam comes from one ISP.
I don't give a damn how many rogue resellers they have - uu.net has refused to disclose the identities of these resellers since 1997.
IMNSHO, uu.net is culpable. They are nothing more than a spam support service, and deserve to have their netblocks filtered, BGPd, and otherwise obliterated. Turn spew-spew.net into the world's biggest LAN, and the world will be a better place.
But back to Spaminator -- the reason I don't use it is because I know how to read headers. And for every one of us who knows how to read headers and files abuse reports for every spam, several dozen dialup moles can be whacked per month.
Filters are an OK solution for deleting spam. But I much prefer to delete the spammer.
Entirely correct.
And the article also appears to suggest mailbombing as a form of retaliation, which is bad juju for two reasons:
- First - it's abuse. We're the good guys, goddamnit!
- Second - friendly fire. Are you really mailbombing the spammer, or are you mailbombing some poor sucker with his mail address forged in the From: field?
Just read the Received: lines, find the origin of the spam, and launch LARTs to the upstream providers.Yes. Documented in news.admin.net-abuse.email and searchable through Dejanews.
If that's not scary enough, networksolutions.com - yes, the fsckers that used to own the whois database - has been documented numerous times as spamming based on the contents of that database.
As for mail rules - yeah, I autobounce anything with any uu.net IP address in any Received: line to abuse@uu.net. Doesn't really slow down the amount of spam I get from spewnet, but I haven't had a single false positive in four years.
>
> And this is more serious than commercial email
Well-said. Spam is not about content. Never has been. Never will be.
I don't care if you're spamming h0t t33n g1rlz or discounted airline tickets to my favorite destination (Hi, Travelocity! I still remember when you spammed me through mainsleaze spamhaus m0.net! You haven't gotten any business from me ever since, have you?). You spamma my account, I pounda you ballz flat widda wooden mallet.
Mr. Bun: Morning. Waitress: Morning. Mr. Bun: Well, what you got? Slashdot Waitress: Well, there's egg and Cowboy Neal; egg, sausage and bacon; Linux and spam; egg, Windows NT and spam; egg, Bill Gates, Linux and spam....(Vikings start singing in background). Vikings: Spam, spam, spam, spam, lovely spam, lovely spam. Mrs. Bun: Have you got anything without spam? Waitress: Well, there's spam, egg, science articles, Red Hat Linux and spam. That's not got much spam in it. Mrs. Bun: I don't want any spam! Waitress: Ech! Mrs. Bun: What do you mean ech! I don't like spam! Mr. Bun: Shh dear, don't cause a fuss. I'll have your spam. I love it. I'm having spam, spam, spam, spam, spam, spam, spam, Windows 2000, spam, spam, spam and spam.
Podej mi tento talir s koblihama....
unfortunatly even when you spend the time to find where the email might have come from they spend just as much time hiding the actual data or ignoring your requests for it to stop.
.02
In only one instance, EVER, have I been contacted back about the unsolicited email, and that was the only time it ceased.
Just my worthless
Okay, I'll take this opportunity to plug my own site -- The War on Spam. I try to keep up with the latest news and tools related to spam. I'll be adding the Death to Spam site after it's done being /.ed.
--
Ernest MacDougal Campbell III / NIC Handle: EMC3
Ernest MacDougal Campbell III
geek ramblings
1. The problem doesn't primarily lie with users from smaller isp's, but with the megolith isp's. I deal with at least a couple dozen or so spams from uu.net addresses alone on a daily basis (that's only from the inactive accounts; we have hundreds of users that probably get a dozen spam messages every day). There are a half dozen other fairly large isp's that are just as prolific with generating spam. With the number of abuse messages that some ISP's get (especially uu.net), I can imagine that it may take up to a week or so to properly deal with some accounts.
2. One major problem is the massive number of servers that are used as remailers due to their being misconfigured. (Whether that is an unintentional oversight or a deliberate action is anyone's guess...) Many of the servers that are used as remailers are located not in the US, so most likely they are not going to be as eager to follow laws that are set by the US.
3. Another big problem is that people who don't know much about setting up a server (and all the security factors involved) are allowed to set up a server to run email for their business on a DSL, cable, or other high speed connection. Sometimes these servers are easily hacked, or just used as remailers as they are.
--guru
And this is more serious than commercial email ... why?
Why is a message urging you to moral uprightness within a particular system of mythology (using here the academic definition of mythology, which contains no implied truth value) more offensive than one trying to get you to buy crappy credit cards? The problem is that you've placed religion in a box that says "don't touch!" Well, guess what: not all religions are created equal. There are some serious and substantial differences in religions, and it is not wrong for me to try to show you what I think to be right.
Likewise, racial or sexual messages are a non-issue. I push delete on them just as quickly as the rest. I do, however, find it interesting that you are so warped as to lump religion in with pornography and racism (with no substantiating support.) You do, of course, realize that almost all religious people are extremely opposed to these "sexual and racial" messages you whine about?
What offends me is not religious, racial and sexual messages: it's the kind of misguided pluralism you espouse, where freedom of speech exists so long as it doesn't happen to offend your particular sensibilities.
--
-- Slashdot sucks.
I have a spam filter targeting the TO: only (to hell with the CC: - that's probably spam anyhow) as well, but I also have a set of filters for the targeted emails, based on subject, and a set of filters for those things (like lists I am subscribed to) that I want to get through.
So far it has worked rather well - I just wish I could set these filters up on the ISP side, instead of under Netscape (so that I didn't have to download the email).
One thing I am thinking about trying to do is set up some method (a script or something) to scan through the spam box and route requests to SPAMcop periodically - on an automatic basis (I like SPAMcop, but it is a pain to do everything manually - does anyone know if something like this exists?)...
Worldcom - Generation Duh!
Reason is the Path to God - Anon
This is one area of the Internet that does need a regulatory body to clamp down on these scumbags. And I believe one of the free email address websites even has a "bulk mail" option...
I don't know how to make this work, or if it is even possible. But in the UK, you pay per minute for your internet connection (it's getting better, but slowly though), and these spammers are effectively stealing from me. But it is not in the interests of government to clamp down on it (hey, it's internet advertising, right? We gotta help those dotcom's make some money so we can claim to be "wired" as a nation) and whilst the efforts of RBL and others are welcome, I still get 25+ emails a day of crap I just delete.
Strong data typing is for those with weak minds.
Strong data typing is for those with weak minds.
Clearly /. readers tend to be fairly savvy about spam protecting their email etc. An additional way to prevent SPAM is to directly get the spam accounts closed. The basic way is by extracting from the email header and a few pings/fingers which computer the SPAM actually came from and then getting its owner to shut down the spam account [there is a full acount of how to do this on Happy Hacker]{grrrh its down at the mo though ;o( }.
/. did this then......
It tends to take about 10 mins per account, and can feel hopeless, but remember that there are more spam victims than perpurtrators, and if everybody on
Anyway it beats simply moaning about the phenomenom.
This shows the level of the writer.. and the introduction says that he is modest, and doens't want to tell us about the list of books he has written. Anyway, not really what we expect from /.
-Not a flamebiat.. I'm sure about it.
Note that a lot of the instructions given in the "death to spam" document can be consolidated and handed off to services like spamcop, which will do all the tracking down stuff for you and just tell you which address to send abuse complaints to. Very handy.
What if ISPs would put a clause in the contract saying (in legal verbiage),
As I've said before, "Follow the money"
www.eFax.com are spammers
I've been online since 1994, my very first email address is still active. I get some spam on all of my accounts but never so much that it gets annoying.
.nospamplease extension to it.
My impression is that trying to get rid of spam actually requires more energy than accepting the occasional viagra advertisement in your inbox. Somehow the people complaining about spam invariably are techie types. Normal users don't seem to care much.
However here's some free advice:
- get a yahoo/hotmail/whatever address and use it whenever you are required to leave your email address.
- when leaving your real address on a public site add a
- use filters to get rid of annoying content
These are the only anti spam measures I take and they seem to work fine for me. It doesn't stop everything, but the remaining spam is nothing but a minor annoyance.
Jilles
Why bother going to so much effort to deal with spam. Bookmark your page at spamcop.net, and let them do the work for you. And never, never, reply directly.
Spam that says something along the lines of "If you're under 18, delete this message. Otherwise click on this link http://xxx.xxx.xxx/tracking-number=xxx for a xxxxxxxxxxx time". I don't like receiving it, but I will just spamcop it and delete it. I'd be really really bothered if I had children. I really really don't want them get email like this. I don't particularly want to censor my future 7-yr olds email...
Check out www.onename.com and www.xns.org for the solution to spam. I've posted this comment many times, and most people don't seem to see it as it's usually on a topic not visible from the main slashdot page (nice design there, Slashdot).
I've also had it rejected as a Slashdot topic. I guess only articles COMPLAINING about spam, as opposed to SOLVING IT get posted.
I'm no longer really in the mood to write up a complete explanation of how it's going to work, but trust me (I used to work for the company), the end of spam is nigh.
The article says:
I thought the rule was, "Never answer spam. Answering only serves to validate the spammers database."
Defecation occurs.
Rob/VA/Whoever: Can't you have some sort of macro set up so that when you post the weekly Spam/Napster/Microsoft story, it automatically posts all the standard replies?
It would save everybody discussing whether my house is like your mailserver, or your gun rack, and whether musicians make money again and again. I expect with the geek-minutes saved in not posting the same long rants over and over, it would be possible to have another really really good X IRC client (with skins, perhaps), or another clock [ae]pplet.
"don't fall into the fallacy of believing that Perl can solve social problems. Maybe Perl 6 can, but that's a ways off"
I've also got a collection of reviews about spam filters, Procmail filtering advice, and Windows anti-spam software.
Richy C.
Oh wait, I already have 50 karma, nevermind.
sig:
sig:
See the "..for smart people" banners Wired runs here? Look elsewhere guys.
Just a thought: How are "unsolicited religious, racial or sexual messages, a somewhat more serious matter" than junk advertising? Fundamentally, what makes this kind of junk communication any "worse" than that kind of junk communication? Oh, that's right... things like religious, racial and sexual messages attack a person's beliefs, but advertisements don't do that, right? Junk email is just a product of an over-zealous businessman, right? (Yaaay capitalism)
Think about it.
Instead of using a free Hotmail account, try out Sneakemail!
It's a cool and simple way to create disposable email-addresses and avoid spam.
Whenever you need to give away a working email-address, you just create a new sneakemail-address, which you use instead. All mail from these sneakemail addresses will be sent to your real email-address, but if you recieve spam on one of the sneakemail addresses - you'll know *where* the spammer got your address from!
Example: You give out an email-address to Amazon.com (and *only* to Amazon.com - you should only give out each sneakemail-address once!) and a few weeks later you recieve spam on that address. Because Amazon.com was the only peolpe aware of that email-address, you can be certain that it was them which either sent you spam, or has given your addres out to others!
If this doesn't make any sense to you, go read the tutorial on the sneakemail site - they are much better written.
Greetings Joergen
WTF?, I read this months ago, its not news, its just a page on a web site, it could have been there for years. Maybe
Sneakemail is to spam filters what an ounce of prevention is to a pound of cure.