Christmas Spam Level Skyrocketing

dbolger writes: "ZDNet has this brief, but interesting article about how the amount of spam we recieve in our inboxes has increased 650% since this time last year. Nice to know that that anti-spam legislation passed a while back is having an effect (not)." For PINE users, just remember the magic spell: "m s r f a."

msrfa?

[ard]

Can you please enlighten a mutt-lover what this "magic spell" does in pine?

Re:msrfa?

[KarmaPolice]

Main menu
Setup
Rules
Filters
Add

But this doesn't work unless you know what to look for in spam...and none are alike

Re:msrfa?

(M)ain (S)etup (R)ules (F)ilter (A)dd Although I just use procmail...

Re:msrfa?

[nekkid]

Doesn't work in pine4.05, but it does in 4.40. Dunno when it started working.

(M) ain menu
(S) etup
(R) ules
(F) ilters
(A) dd

And then you fill out a filter pattern.

Re:msrfa?

[Rentar]

So apart from the specific key combination it has nothing at all to do with pine, right?

And IMHO filtering in the MUA is the most low-level spam-prevention possibility. There are several fine anti-spam systems out there.

'though I myself don't use them, yet. I make a sport out of finding a rule that catches the spam that reaches my inbox and is sensible enough not to filter any other mail (just recently I got a problem, that I couldn't receive mail from any student of a specifiy university, 'cause they got [a-z]@university-domain and I filtered on [a-z]*[0-9]{3,}@.* ...). It certainly isn't the most effective way, but ... well, at least I learn some regular expressions ;-)

Re:msrfa?

[Matthew+Bafford]

> I filtered on [a-z]*[0-9]{3,}@.* ...).

You do realize that this blocks out more valid email addresses than just the example [a-z]@domain you gave, correct?

For example, *@domain is a perfectly valid email address, as is fred&barney@domain.

--Matthew

Re:msrfa?

[Rentar]

> I filtered on [a-z]*[0-9]{3,}@.* ...).
> You do realize that this blocks out more valid email addresses than just the example [a-z]@domain you gave, correct?
well ... everything that comes from [a-z]*[0-9]{3,}@.* will be moved to my "probably spam" folder, which I got trough once a week and delete. It is not ment to catch valid e-mail-addresses, but computer-generated accounts like somelamename1234@yahoo.com or spammer0815@hotmail.com. Noone I know uses an e-mail-address that matches this regexp (apart from said students, for whom I now have an extra "this-is-not-spam"-rule).

Re:msrfa?

[RobertFisher]

You want to find the part of the e-mail that mutates the least from spam to spam.

In almost all cases, it is easiest to filter from the recipient's domain name. Their username and hostname is easily changed, but the domain name is somewhat less variable, in my experience. Any respectable company would simply not allow enormous volumes of bulk spam to be sent out under its auspices for very long.

Once you hit "msfrfa", edit the "From Pattern" to be the domain name of the spammer. Then, under "Filter Action" hit "delete". Hit "E"xit, then agree to changes. The whole process takes only about 10 seconds.

So my filtering list includes...

gamblehog.com
postmastergeneral.com
realspecialoffers.com
optinrealbig.com
...
and so on.

The good news is that once you include the most aggregious offenders, your spam influx goes WAY down. With less than a 100 spam sites on my list, I get less than one spam a day in an e-mail account that used to receive one to two orders of magnitude more. You're then in a position where a few seconds of daily maintenance (to add to your existing list) is enough to keep you virtually spam free. Most of the spam I reveive now originates from yahoo.com, aol.com, or msn.com e-mail accounts. I'm not willing to filter out those domains, however, as a few people I know actually have accounts there. However, you rarely get repeat e-mails from those offenders -- the company takes care of them internally, it seems.

I imagine someone out there has already done this, and has released a comprehensives Pine filter list. Does anyone know if this is the case?

Bob

Re:msrfa?

[amuro98]

I think filters were added to Pine in 4.10 or so.

Again, I just use procmail.

Re:msrfa?

[i_m_sane]

My school forces us to have a
[firstinital][last5lettersoflastname][number]
user id

Magic Pine Spell?

What does M S R F A exactly do?

right....

[dr_labrat]

How does this compare against the overall growth of the internet, though?

The growth in the number of people connecting to the net should be much higher....

Re:right....

[MLC2012]

It's a simple equation...

The cheaper PC parts get, the more new users.
The more new net users (AOLers?), the more spam.

I recall reading something on news.admin.net-abuse.email a while ago about a company that provided webhosting to businesses, and something like 95% of their new customers spammed. I'd imagine that rate could be applied to new members of online services a la AOL, Prodigy, et al, and probably half that rate for new net users connecting via actual ISPs.

Re:right....

[DCowern]

I seriously doubt the internet has 6.5 times the number of users it had a year ago. In fact, the UCLA report mentioned on Slashdot yesterday shows that internet usage by Americans grew by 66.9%.

Assuming the rest of the world's internet growth mirrors that of the U.S. (which I assure you it hasn't), the amount of spam being sent is growing 10x faster than the number of new users coming online.

Re:right....

Just stop and think about this for a second before racing for a 1st post. Did the Internet grow to 6.5 times the size in 1 year? Does it seem reasonable? Or maybe you're confused about what a 650% year-over-year growth rate implies? (since you said The growth in the number of people connecting to the net should be much higher).

Now, moderators, bitchslap the karma-whoring parent back into the -1 territory it so obviously deserves. On behalf of /. readers everywhere, thank you.

pine

[Marcus+Brody]

i dont use pine.
what is this cryptic m s r f a ?

or is it some obvious joke i have missed?

Re:pine

[carpe_noctem]

Mutilate Spam Right Fucking Away.

Re:pine

[Phork]

its the command to add a filter:

(M) ain menu
(S) etup
(R) ules
(F) ilters
(A) dd

m s r f a

doesn't do anything in pine, m isn't even a command... guess i missed the joke o.o

Yahoo Spam filters

[LS]

I use a yahoo address for my email, and have it forward to my local server's mailbox. Yahoo adds a header "X-Rocket-Spam" to mail tagged as spam, and I use procmail to filter these out. While their spam detection still works pretty well, ever since the economy went to shits their filtering has progressively gotten worse. I suspect that they are letting certain spam slip for a fee. It used to catch everything, but now I get at least 10 messages a day getting through.

LS

Re:Yahoo Spam filters

[Arsewiper]

I think the spammers have found a way around the Yahoo filter. Hotmail recently added a filter which worked fine for a week or two but now I get three or four a day getting through to the inbox.

Re:Yahoo Spam filters

[PigleT]

You could look into _spamassassin_(.taint.org) and _razor_(.sourceforge.net) as well, btw.
I'm now using those, finding spams semi- heuristically and reporting SHA1 hashes to razor servers, with much happiness.

Re:Yahoo Spam filters

[Malc]

I filter my Yahoo mail based on the header X-YahooFilterdBulk. It catches about 90% of the spam. I've gone from 20+ spams a day to a couple a week.

Re:Yahoo Spam filters

[Legion303]

Ironically enough, I cut down my spam by about 70% by sending everything with "@yahoo.com" in the headers to my spam directory. Not one false positive to date.

-Legion

Re:Yahoo Spam filters

[theancient2]

Hotmail's filter (on the second-highest level) has never worked that well for me. I get messages that have 20 addresses in the To: line, all beginning with the same 4 characters (so it's obviously going to thousands of Hotmail accounts), and an invalid return address such as udp@degree_programs. Even funnier is that I can't add @degree_programs to my filter, because that's an invalid address.

My best weapon has been procmail. I use the scoring feature, where certain phrases are assigned a weight, and anything passing a certain threshold gets saved to a junk mailbox.

For example:
3 points: Certain punctuation, such as $ and !
10 points: remove, money, credit
20 points: opportunity, cash flow
30 points: insurance premium, no obligation
40 points: pyramid scheme, not spam, viagara
60 points: add inches, free.* (video|info)
80 points: commercial email bill section 301, apology as a responsible e.?mailer
20 points: [0-9]@(hotmail|yahoo).com
-100 points: To: my address
-50 points: use of my name or certain login IDs (to prevent false positives, all of which seem to be order confirmations.)

Whenever a spam gets through (i.e. usually whenever someone comes up with something new to sell), I add another phrase, weighted appropriately. Virtually nothing gets through.

I thought spam checking would be easy for a big provider like Hotmail, because they can red-flag every message that's sent to more than one recipient for further inspection. But I've found that a custom solution works best.

no r...

[Lish]

Too bad my Pine 3.95 (the version on our university system) doesn't have an "r" command in setup. It apparently lets you set up "rules" for filtering, according to the Pine FAQ.

Re: no r...

[Black+Parrot]

No r? Since this is a Christmas thread, your subject should have been No l.

Both sites and advertisers are desperate

[Artifice_Eternity]

I was laid off from a marketing/"branding"/ad firm in July, b/c they just weren't getting the web development business they once had. Banner ad rates have plummeted, and we are being assaulted by ever-more-maddening varieties of web ads (huge banners, popunders, clickthroughs, and now "shoshkeles"!?). Sites feel they have to give advertisers more for their money, simply in order to bring in the same revenue as during the dot-com boom.

When will this madness stop? Users may flee sites that harass them too strongly. Then again, the general level of advertising in our environment has been slowly but steadily increasing for decades. I doubt this trend will stop anytime soon.

Re:Both sites and advertisers are desperate

[SCHecklerX]

Just wait till the day we have satellites in the sky blinking obnoxious ads at us as we try to look at the stars.

Re:Both sites and advertisers are desperate

[shaper]

Just wait till the day we have satellites in the sky blinking obnoxious ads at us as we try to look at the stars.

Remember the Heinlein story, I think it was "The Man Who Sold the Moon", where the guy got funding for a moon mission by working with soft drink companies about putting great big product logos on the surface of the moon.

shudder...

Re:Both sites and advertisers are desperate

I expect it will stop getting worse when they get to level of that futurama episode where they just take over your brain for 30 seconds.

Re:Both sites and advertisers are desperate

[Darby]

Remember the Heinlein story, I think it was "The Man Who Sold the Moon"

It was.

where the guy got funding for a moon mission by working with soft drink companies about putting great big product logos on the surface of the moon.

He was actually smart enough to know that it would be a bad idea. He sold them not on the idea of putting their logo on the moon, but on the threat that their competitors would.
He would have never really done it because he would have become the most hated man in the world.

Re:Holiday spam

[blibbleblobble]

It's good to see in the article that something is being done about it though - I'm sure we've all thought about the idea of a list of spammers/suspicious emails, but it seems that such a database is actually in serious use.

Keep up the good work.

Want to incur a LARGE cost on spammers?

[vandan]

Get your own back from SPAMMERS! Click the link and follow through to each of the SPAMMER's advertisments you wish to 'pay back' for their fine services. The cost to the SPAMMERS per click is displayed next to each advertisment. Only one click per day per person per advertisement is counted... http://www.overture.com/d/search/?type=home&Keywor ds=bulk+email

Re:Want to incur a LARGE cost on spammers?

And here's my spamhurt.php file.

<?php
error_reporting(E_ALL);
set_time_limit(0);

$agents = array("Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686)",
"Mozilla/4.74 [en] (X11; U; Linux 2.2.10 i686)",
"Mozilla/4.72 [en] (X11; U; Linux 2.2.12 i686)",
"Mozilla/4.73 [en] (X11; U; Linux 2.2.14 i686)",
"Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)",
"Mozilla/5.0 (X11; U; Linux 2.2.16 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.2.14 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.4.3 i686; en-US; 0.6) Gecko/20001206",
"Mozilla/4.51 [en] (WinNT; U)",
"Mozilla/4.72 [en] (WinNT; U)",
"Mozilla/4.74 [en] (WinNT; U)",
"Mozilla/4.08 [en] (WinNT; U)",
"Mozilla/5.0 (Windows; U; Win95; en-US; rv:0.8.1+) Gecko/20010426");

srand((double)microtime() * 1000000);
shuffle($agents);
$agentCount = sizeof($agents) - 1;

function HTTPGet($url)
{
global $agents, $agentCount;
if(!($fp = fsockopen("www.overture.com", 80))) return FALSE;
fwrite($fp, "GET $url HTTP/1.0\r\nHost: www.overture.com\r\nUser-Agent: " . $agents[mt_rand(0, $agentCount)] . "\r\n\r\n");
$html = fread($fp, 100000);
fclose($fp);
return $html;
}

mt_srand((double)microtime() * 1000000);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+email"), $urls);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+mail"), $urls2);
$urls = array_merge($urls[1], $urls2[1]);
shuffle($urls);
$linkCount = sizeof($urls) - 1;

while(TRUE)
{
$html = HTTPGet($urls[mt_rand(0, $linkCount)]);
if(strstr($html, "HTTP/1.1 302")) echo preg_replace("/^.*Location: http:\\/\\/(.*?\\r\\n).*$/s", "\\1", $html);
}
?></A></A>

Re:Want to incur a LARGE cost on spammers?

Add this to your daily cron:

wget -r -l 1 -U "Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; DigExt)" -q -O /dev/null "http://www.overture.com/?type=home&Keywords=bulk+ email"

Yes, I'm sure there are more refined ways of doing this, but hey, this is quick and easy and the extra few links hit won't be noticed if you schedule for out of hours running.

Re:Want to incur a LARGE cost on spammers?

There's no space char after the ? or the +

Prior to installing it in cron, you should check that it's doing its thang correctly by running it from the CL (in a temporary directory to ease crud clearup) without the -q and -O options.

Re:Want to incur a LARGE cost on spammers?

[recursiv]

What makes you think it's per click? You fools! It's a one time fee!

Re:Want to incur a LARGE cost on spammers?

There has to be some legit purpose for contacting the advertiser (e.g., to tell them you want off their list, to obtain information needed for trade, etc.), not simply to run up their bill. If they can prove to a judge that you participated in or organized a fraud like that, you will pay through the nose (their initial spamming of you is legally another matter, perhaps worth $0.0001 on countersuit).

Re:Want to incur a LARGE cost on spammers?

[jrockway]

You're wrong: click one of the prices and you'll see this:

Advertisers pay for actual visitors.

The "cost to advertiser" is the amount an Overture advertiser chooses to pay each time a customer clicks that advertiser's listing in our search results.

This makes Overture's Pay-For-Performance(TM) advertising the most cost-effective way for advertisers to promote their products, services and information to 75% of the Internet.

Would you like Overture to help you reach the most targeted customers?

The prices have been going up all day today, too :)
8 dollars a click times 10000 slashdotters! YOW!!!

Re:Want to incur a LARGE cost on spammers?

If people really want to make this effective they should buy one of the bulk email programs and then "Spam" this link to 10,000,000 addresses.

Re:Want to incur a LARGE cost on spammers?

[vandan]

Dude you are some sort of legend.
I've seen scripts like the one above, but yours just takes the cake...

Bullshit Article

[the_furies]

The article is practically spam itself. It states that "junk email" is up 650%, then neglects to define what "junk email" might be (evidently they mean any non-work related email, the fascists)! A fucking penis enlargement device message is more informative.

Speaking of junk, here's the gayest email chain-letter ever. Enjoy.

Re:Bullshit Article

[Mister+Gribbley]

Mmm. Cut spam by up to 650% just by filtering out non-work addresses?

Re: Christmas spam

[blibbleblobble]

Even given peoples' moans about outlook express, it is possible to do some very effective filtering.
I have filters for <<snowhite, casino, "i send you this file..." and the spanish equivalent, xxx, the inverted question mark, and the yen symbol>>.

Granted, this mailbox gets nowhere near the amount of crap thrown at it as does my yahoo account, but those filters do tend to delete most of it quite well.

<too much of>
Anyone want a list of opt-in email addresses for $30?

• awhite@yahoo.com
• bwhite@yahoo.com
• cwhite@yahoo.com

</too much of>

Spam or junk?

[spamkabuki]

Looked at the headline and thought "Hmmm, I haven't gotten that much more spam...". Spam seems to be a bit of a misnomer here. Sure, there is some increase in holiday advertising and such, but spam (i.e. unsolicited e-mail) isn't what they are really complaining about here.

In the body of the article, they describe how jokes, animations, and greeting cards are clogging the system. Well, duh! Ask the USPS. They get clogged with lots of this stuff at this time of year; they're called Christmas cards.

This isn't really spam per se. It generally comes from people you know, even if you only hear from them once a year. Somehow the mailman and my mailbox cope with the onslaught every year. If your corporate infrastructure can't handle it, well what will you do if there is a legitimate boost in business traffic?

I guess these people will just crack the whip on corporate use policies again. Fat lot of good that seems to do.

All this trumpeting about %650 increased spam is an alarmist waste. (Not that I really want any more of the tons of weight-loss pills; credit fixing programs; appeals from Nigerian humanitarian organizations looking for my bank account number, promising free money for my help.)

Re:Spam or junk?

[cperciva]

appeals from Nigerian humanitarian organizations looking for my bank account number, promising free money for my help

You get those emails from humanitarian organizations? I always get those emails from some relative of a deceased dictator or general.

Maybe these emails are more targetted than we think...

Re:Spam or junk?

[fishebulb]

very good point, its not actually spam that increased that much, although that did too, its "junk" email that the reciever doesnt care about.

Ive been using an opt in filtering rule set up in evolution,
all is checked for addresses in my address book, i have different rules for my work accoutn personal and school. Any mail that doesnt match a known address is tossed into an unsorted folder. Its pretty effective, except that evolution doesnt bother to remove known addressed emails from the unsorted, it makes a copy of it and puts it in the right folder, but it still is unsorted.

Re:Spam or junk?

[Matt]

The article mentioned one of the holiday bandwidth hogs: the "Elf Bowling Game".

One of the last times I remember running Windoze on my machine was to try that out. Last year!

Linux forever.

Re:Spam or junk?

[0xA]

In the body of the article, they describe how jokes, animations, and greeting cards are clogging the system.

Jebuz, tell me about it. My birthday is this week and my mother has taken it upon her self to send me about ten of these greeting cards a day. I am of course, an ungrateful little bastard and all but I just can't friggin stand this. I apreciate the thought but it is really helping to drop the signal to noise ratio in my inbox.

I must find a way to stop this without hurting her feelings or adding her to my killfile. Anybody got some DDOS bots I can borrow?

New spam not about christmas

[imrdkl]

It's mostly about 9/11, sadly.

Filters: Pine and elsewher

[Codeala]

Pine has rule-based filters to block out SPAM. However the Help page recommend you to do the filtering between SPAM arrived at your mailbox. But not everyone has that kind of control over all their mail are stored or organised. And also you need to know what kind of rules are best for blocking SPAM, eg checking the To: and Subject: fields, what regexp to use, etc.

Here is a suggestion: As a Xmas gift to your fellow /.ers, post your most successful spam filter rules here (All mail clients welcome).

Ho HO HOLD (the SPAM)!

Re:Filters: Pine and elsewher

[Mwongozi]

I find a very effective spam filter is to simply filter out any e-mail that doesn't have your address in the TO: or CC: fields. It's very rare to see a spam that's correctly addressed in this way.

Of course, you'll have to create exception rules for any mailing lists you're on, but it works really well.

Re:Filters: Pine and elsewher

[Geoff]

I find a very effective spam filter is to simply filter out any e-mail that doesn't have your address in the TO: or CC: fields. It's very rare to see a spam that's correctly addressed in this way.

I use this "algorithm," and in general, it's a good one. But it's getting worse. I'm getting more and more junk email that does have my address in the To: header. The spammers are starting to figure out that this is a commonly-used filter, methinks.

Speaking of SPAM

[kawaichan]

I don't get all that much Spam from my email. but I am getting tons of spam from ICQ lately.

At least there are programs to block spam from your mail box, you can't do that on ICQ. Seems like they generate a new ICQ for each messenge so you can't ban them all.

Re:Speaking of SPAM

[kylegordon]

Yes, but under the preferences options you can deselect the option of allowing others to see when you are online. This allows your friends to see you online, but stops your ICQ homepage from displaying a status image.

It works for me anyway.

Re:Speaking of SPAM

[x] Do not accept messages from users not on my contact list.

Nearly all the clones support that, too.

Re:Speaking of SPAM

[mosschops]

Fortunately you can block the ICQ spam...

Under the Security and Privacy entry on the main ICQ menu, there's an option to only accept messages from people on your contact list. To be sure, also tell it not to accept e-mail express or pager messages, as they're generally abused too.

The newer ICQ 2001b gives finer grained control over this, so you can accept regular messages but ignore URLs, etc.

With the rise in ICQIS bot usage for ICQ spam, setting these is almost a must now :-(

Re:Speaking of SPAM

[TeVi]

If you use the original ICQ 2001b program (not a clone), this will help:

Main -> Security & Privacy Permissions
Select 'communication events', and then set everything in the right pane on yellow (only users on my contact lists)

Now you can only receive messages, files, etc from people on your list. Since I did this, I don't receive any spam via ICQ anymore.

Re:Speaking of SPAM

[Canadria]

The main problem with ICQIS and similar products is that they work. I work in sales at my company and traditionally, 1 out of 100 people contacted buy from you. If you change that to one in 1000 to reflect spam measure or so on, think about this.

Lets say your ICQIS bot sends outs 30000 messages in one day. That means you have 30 sales a day per bot.

I know an organization using this and the numbers work. It sucks but as long as it works, companies will do it. Its great that 99% of us block it, but because 1% doesn't it will keep happening.

[OT]Stupid Topic Icon

[Tachys]

Whenever I see that icon I always think of a piggy bank so I think the topic has something to do with money.

For a topic icon for spam, can't you have a mailbox stuffed with mail?

Re:[OT]Stupid Topic Icon

[dbolger]

AFAIK the icon used to be a can of Hormel SPAM, but the folks at Slashdot changed it when Hormel asked them politely. A nice change from the way some other groups have treated our favourite website.

Re:[OT]Stupid Topic Icon

[Tachys]

I am aware of this. I didn't like the Hormel SPAM icon either.

Re:[OT]Stupid Topic Icon

[Snard]

I would actually prefer a group of vikings in a diner having breakfast, but that would obviously be a bit difficult to convey in an icon.

- Mike

Really?

[Ogerman]

That's funny. I receive at most one or two SPAMs per month. (The handful that slip through onto the Debian mailing lists don't really count.) Maybe people are just becoming more stupid in how they give out their addresses. Oh yeah.. and then there are HTML tags that 'phone home,' supported by many popular mail clients. Of course, we can all thank MS for Hotmail: an endless supply of throw-away mail accounts.

For those who care to reduce spam and other online (and offline) annoyances, see Junkbusters web site, also home to the free (GPL) filtering proxy by the same name.

Re:Really?

[joonasl]

I've the same experience also. I used to get a lot of spam few months ago, but it was sent through the SMTP server of some poor company who had not realised to protect their server. I sent an email to a manager in the company and in few days the spam stopped. Now I only get the 1 - 2 spams per week again.

Re:Really?

[QuickFox]

Oh yeah.. and then there are HTML tags that 'phone home,'

Is that true? I always thought this was some sort of urban legend. I find it somewhat hard to believe.

Give a man a fish and he eats for one day. Teach him how to fish, and though he'll eat for a lifetime, he'll call you a miser for not giving him your fish.

Re:Really?

Definately true. I've never seen it used by a spammer, but there is at least one page out there that allows you to punch in an email address, it'll send you a message that has such a construct, and it includes a link to his (filtered) http logs which will show the email/IP addresses of the people who looked at the message in a mailreader that fetches remote images in the last eight or so hours.

Re:Really?

[Electrum]

Oh yeah.. and then there are HTML tags that 'phone home,'

Is that true? I always thought this was some sort of urban legend. I find it somewhat hard to believe.

Sure, it's quite easy to do. Most images that load in HTML email are coming from a remote server. All you have to do is make the image come from a CGI, and tack the person's email address onto the image URL. The downside to this is that you have to send a custom email for each recipient, but half the time you do that anyway. It's a great way to see if the email is actually opened.

Re:Really?

[Ogerman]

Is that true? I always thought this was some sort of urban legend. I find it somewhat hard to believe.

Nope, it's quite true and quite easy with many popular mail clients that allow loading of external references from the net. Ever get an e-mail that caused the download of anything (pictures, website, etc.) after it was viewed? If so, your mail client is suseptible. All a spammer has to do is include some sort of ID number generated at the time of sending in the external HTML reference and as soon as his server gets the request, he knows that your address is valid. Then your name gets added to the gold list of valid e-mails and sold to some other spammer. Granted, this is not done as much in practice as it could be, but the possibility definitely exists and you should check how your mail client handles external links.

Re:Really?

[QuickFox]

Oh, now I see. I was imagining something much worse. I thought you just visited some page somewhere on the Web and your browser revealed your mail address to the site's server. I sure hope that isn't possible with any browser.

Yes, what you describe is simple enough to do. It's surprising then that spammers don't do it often. Perhaps many of them don't know how. Probably many of them use ready-made programs to produce the spam, and these programs simply haven't caught up yet.

Sooner or later it'll hit us. Ugghh!

Give a man a fish and he eats for one day. Teach him how to fish, and though he'll eat for a lifetime, he'll call you a miser for not giving him your fish.

Re:Really?

[alcmena]

Many spammers are already stealing service by using third party mail servers. It is a lot easier to do that than it is to set up a web script. Once you have a web site up, it is a whole lot easier to trace you and have your ISP pull the plug on you.

Re:Really?

That's funny. I receive at most one or two SPAMs per month. (The handful that slip through onto the Debian mailing lists don't really count.) Maybe people are just becoming more stupid in how they give out their addresses.

So, do you think it's fair and good that you should have to hide like this?

Re:Really?

[sqlrob]

Oh, now I see. I was imagining something much worse. I thought you just visited some page somewhere on the Web and your browser revealed your mail address to the site's server. I sure hope that isn't possible with any browser.

That's possible too. The HTTP standard does have header for the users e-mail address. I'm not sure if any browsers actually fill it in though.

Re:Really?

[jerrytcow]

It doesn't even need to be that sophisticated. All the spammer needs to do is link to a .gif that is only loaded in the email. Then check to server logs to see which email is most effective at getting people to open it.

Re:Really?

[Jburkholder]

Was true for me as well until AT&T moved us Mediaone customers in Chicago to @home in October.

I started getting an ungodly amount of spam (University Degree program, in particular). I thought it was really odd since my @home address was virtually unused. When we went to attbi last week, the spam stopped. Someone working for @home must have been selling new addresses or something.

Re:Really?

[inquisitor]

I sure hope that isn't possible with any browser.

One word. JavaScript. Pity really.

Here are the main current Evil Spammer Tricks (TM):

• Open relays are more prominent than ever, especially in .cn and .tw where no-one can read English and no-one can nuke (or even just fix their goddamn SMI-SVR4 boxen: Sendmail relayed up to 8.9.x, not so long ago). These are sometimes combined with:
• SOCKS4/SOCKS5 proxies. Anonymity assured. HipCrime's newsagent group-bombing software posts through SOCKS proxies now, so he is effectively untraceable. Bastard. At least with @home out for the count (they had a *lot* of WinGates and AnalogX stuff lying around), we might have some hope.
• Having leased lines/colo from UU.net, C&W, Verio and other people who don't nuke (that's pretty much all of tier 1.) These take forever to get rid of, and are the most annoying.
• And there's always the problem of mainsleaze - "legitimate" companies spamming. I've been spammed by Terra Lycos recently to a email address I gave NeoPlanet (who never spammed me) about a year ago, RealNetworks spammed me so often I now have them firewalled (IP blocks on request), and eBay are well known for resetting preferences and other little schemes. As such, I try to use alternatives (eg. Google.) But there's not much I can do to get an ISP hosting a $bn company to follow their TOS in this case...

I'm on a dialup (can't get DSL or cable where I live, or even bloody ISDN), and I pay per minute. So each spam I get, it costs me: especially in the case of 800K multimedia extravaganzas, which I have recieved in the past and act as a sort of mini-mailbomb. *This* is why it annoys me: even filtering means the damage is done.

Re:Really?

[QuickFox]

I sure hope that isn't possible with any browser. -- One word. JavaScript. Pity really.

JavaScript can't find the e-mail address unless you type it in or the site server already has it. There isn't any browser variable that makes the e-mail address automatically available to JavaScript.

*This* is why it annoys me: even filtering means the damage is done.

Mail clients should fetch only the header and then, if the sender is blocked, delete the message from the server without fetching it. Why don't they do it this way?

Give a man a fish and he eats for one day. Teach him how to fish, and though he'll eat for a lifetime, he'll call you a miser for not giving him your fish.

Re:Really?

[bwhaley]

Of course, we can all thank MS for Hotmail: an endless supply of throw-away mail accounts.

Leave it to slashdotters to point everything at Microsoft. We all know that Microsoft didn't even start hotmail. What's more, hotmail wasn't the first one of these services! There are many others; geocities, yahoo, iwon... the list goes on and on. Don't place the blame where it doesn't belong.

Re:Really?

I thought you just visited some page somewhere on the Web and your browser revealed your mail address to the site's server.

There's been various bugs in both IE and Netscape over the years which will allow your e-mail address to be revealed to the server. Probably a good idea to leave the IE "My Profile" feature blank.

Re:Really?

[inquisitor]

If you're running filters on stuff like Reply-To, or X-Mailer, or weird MIME headers readable only by Lookout Express (for filtering out Sircam and company, which take up *lots* of mailbox space; I use Pegasus), you have to do that sort of thing.

Then, of course, there's the content: stuff like "protected under S.1618 passed by the..." ("Murk" disclaimer; law never passed) or "to opt out, send a message marked REMOVE to..." or "**AS SEEN ON TV**!" (esp. with "five reports" or "Dave Rhodes") are all ideal spam filters.

I don't filter, because every spammer I see just uses a different Yahoo! (non-existant) junk mailbox each time. Filtration is useless. Action isn't.

Re:Really?

[jonestor]

Which is exactly why we should be using text based readers that don't accept html.

Who needs an HTML or RTF e-mail anyway?

Re:Really?

[SectoidRandom]

It all depends on what you do, and what kind of email address you have.

If you want to see some spam go setup a Hotmail account, and without giving it to _anyone_ watch the spam start flowing!

Personally i have noticed a huge increase on my main accounts. I never _ever_ give out my main email's only my @hotmail accounts (which incidently recieve >100 / day) but still in the past month even I have noticed spam in my main work email from 1-2 / day to 5-6 / day! Im going to use spamcop from now..

Unfortunatly my address has obviously been sold off too many spammers it would seem, unfortunatly years ago i did use my work account (for a short time) in InterNIC records.

All we can do about it is, support the likes of mailabuse.org, spamcop.net, and complain! I believe some form of legislation is needed, at least that would minimize the number of legitimate companies spamming. The non-legit spammers (the other 80%) we'll just have to keep fighting online.

Roll your own filter

[WyldOne]

I wrote one in TCL recently - still alpha testing it. Pre-screens e-mail in my pop3 account _before_ I d/l it with fetchmail. Mostly based on a hueristic approch. EG spam rules:

• If more than 50% of characters in subject are upper case = shouting.
  
• If the Subject has a random number or nonsense string at the end.
  
• If e-mail has no 'from', 'to' or 'subject' line
  
• If e-mail is not addressed to me
  
• Certain percentage of spam words (make, money,loan,etc)
  
• Certain spam phrases
  
• luzer list
  

Exceptions:
list of trusted sites/people.
Things specificly sent just to me.

It was amazing just what it did filter - I went from 10 spams a day to 1 a week. (mostly due to timing issue of spam pre-filter to fetchmail d/l)
It whacked almost 300+ spams from my 'public' e-mail account in one go. I also have it log the from/Subject - just in case)

Re:Roll your own filter

that should be:
upper case == shouting

maybe that'll bump you into beta testing

Re:Roll your own filter

[jakew]

I'm absolutely fascinated. How did you manage to code the test for a random number?

Re:Roll your own filter

This is very similar to my own rules especially with regard to Spam phrases. Although Spam has lately begun to crack even that wall of filters and I'm seriously thinking about blocking ALL email except from trusted sources.

Of course, that means I have to keep my address book up-to-date!

Re:Roll your own filter

SPAFI

Implements this set of hueristics + some more rules (weird Message-ID, for example). It works pretty well for myself and some of my friends.

SPAFI is free and runs on Windows.

Re:Roll your own filter

[Our+Man+In+Redmond]

What's the best way to determine whether there's a random number or nonsense string at the end? I can see sending a string of characters through ispell, but numbers would seem to be another matter.

I have pretty good success with looking for nine or more continuous spaces, by the way.

Re:Roll your own filter

[WyldOne]

I simply noticed a pattern with a lot of spams. A lot had a random sequence of characters mostly numbeic at the end of a spitload of space.

Tcl has some regular expression pattern matching. I coded a test to look for a few spaces (more than 2) and a string at the end of a subject line. I then grabbed the string and attempted a string to numeric conversion. If all digits - spam. Then on those strings that used a character sequence. I checked to see if it contained any vowels. No vowels - spam. I did not go so far as to run a check against a dictionary but ...

Re:Roll your own filter

[WyldOne]

I have no 'best' way yet. It's still not 100%. But I do a regexp for spaces (more than 2) some charsacterss at the end of subject line.

Then I take the stirng see if all digits (spam) And then do a quick check to see if any vowels. If no vowels - spam. If mixed digits/alpha - spam.If any character was non-alphanumeric - spam.

I suppose I could use ispell, but I wanted fast

Private Spam

[Hougaard]

The only thing I hate more than the professional spam are emails from "friends" (non-geeks) that need to inform me of that latest virus, chainmail or that there is a new update that I should download. People are simply CC'ing their entire address-book whenever they receive something that looks interesting, and thereby creating spam :-(

And don't get me started on stupid christmas chain mails !!

Re:Private Spam

[dgb2n]

But if you forward it to 30 friends, the email system will automatically forward you your $30 gift certificate.

Ugh ...

Re:Private Spam

Please forward this post to 30 AOL email accounts and you will receive 30 dead spammers served on your doorstep tomorrow morning.

Re:Private Spam

[statusbar]

Sounds like you need to choose your 'friends' better! Or train them....

--jeff

Re:Private Spam

[CvD]

Yeah, and if you forward it to at least 10 people, you'll get a cool movie! It's really worth it!

Yeah, right...

Re:the rest of the world...

[MS]

The rest of the world (= non-us) accounts for about 67% of all internet users, and is growing more rapidly, as there is more room for new users. The US is reaching saturation.

Despite more than 2/3 of the Internet-users beeing non-us-citizens, 90% of all spam originates in the US. This is most likely due to permissive legislature in the US. In Italy for example collecting (e-mail)addresses and other personal data is illegal, unless you have written permission from the user, or you have a business realationship (italian law #675/96, aka privacy law).

IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.

Ciao,
ms

mailx / nail equivalent

Well, actually a better replacement, as it may lead to them getting shut down, as opposed to merely filtering them out.

R
^U
abuse@
(hit enter a few times)
Spammer. Kill.
---
~m
.

Just be sure to use your head and only mail abuse at the domain that matters, rather than everything they happen to forge into the headers.

Bonus points for blocking the network(s) involved when abuse bounces because they are spam-friendly. More bonus points if your blocklist causes them to no longer reach LOTS of people, as opposed to just yourself.

Re:mailx / nail equivalent

[Mister+Gribbley]

Only (?) problem with that is that if you don't check the headers you'll probably end up complaining at the wrong address - some of the spammers have been known to use the addresses of people who've complained at them in the past as sender/reply-to on the next bucketload of spam they send out. Hopefully the admin checking the abuse address would be clueful enough to check, but it'd save their time if you look.

MandrakeSecure

[Mandrias]

Mandrake Linux has recently opened a new site called MandrakeSecure which is focused on securing a mandrake box.

A recent article posted on MandrakeForum talks about ways to handle SPAM using postfix and qmail. Maybe this can be useful to the larger slashdot crowd?

mailfilter

[havana9]

mailfilter is a nice antispam tool useful for all of us who can connect only up to 31200 bps with a v.90. Before downloading mail it checks the headers against a certain number of regular expression, making a good job to find spam-like messages.
Then deletes them on the pop3 server before downloading the actual body.

Not news - an advert (or press release)

[ukryule]

This "news" report comes straight from a press release.

So, a company selling email filtering software say that email filtering is ever so important? What they actually said was:

"Our database of holiday-related email messages and attachments has grown 650 percent since last Christmas,"

But their job is to build up a database of junk, so it's not really surprising - it's just saying that their database is up to date (or that their database was very out-of-date last year).

deleting mail without reading it

Does anyone know how to delete mail in Netscape 6.2 without first opening it?

Re:deleting mail without reading it

In the subject window, select the messages by using the mouse and shift key for a block or the mouse and ctrl key for specific messages, then hit the delete key.

This will move the messages to trash where you can empty it.

What I really hate is non-spam!

[Beowulf_Boy]

I get SPam, but it says something like,
"This is not Spam, I'm emailing to let you know that for only 4.99$..."

SpamAssassin works great

[cyrilc]

I've just tried SpamAssassin this WE and it works great :

• higly configurable Spam Scoring Filter according to predefined rules (each set of rules adds some pts as it matches, and it is "declared" spam when the result is highter than a specified value)
• can rely on RBLs
• is able to report spam to Vipul's Razor (distributed, collaborative, spam detection and filtering network)
• personal black and white lists
• can be tuned for particular filtering (changing scores etc.)
• can be used for a whole domain/network

...the best thing is that you don't have to perpetually update black lists of well know spammers
it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)

and it really works well

MSRFA

[tunah]

Man, Spam's Really Fucking Annoying?

More, Seasonal Rubbish Filling Accounts?

Making, Slashdot Readers Feel Angry?

Re:MSRFA

[Unknown+Bovine+Group]

Many Slashdot Readers Finding Acronyms.

Spam will kill the internet

[ab315]

I don't need statistics to tell me that the level of spam is going up, the number of messages I get from hot-n-horny teenage vixens wanting me to look at their webcam tells me that. And this is to a unique business email address which is used on my business web-page only and has never been posted to usenet.

What surprises me is how the major players who stand to benefit from universal internet use have ignored the threat of spam to the internet as a whole.

To the ordinary user receiving a daily mailbox of sexually-explicit advertising is a major turn-off. I know several ordinary people who just stopped using email because of this sort of thing, and just use their cellphones to make calls and leave voicemail instead. No telephone company would survive for a second if its voicemail customers got bombarded by the same sort of sexually-explicit advertising that internet users get by email.

Spam filtering is not a viable solution for average non-technical users. The industry needs to clean up its act or it will suffer major consequences.

If the present trends continue it would not surprise me if email actually drops out of mainstream existence and is only used by a geek subculture, being replaced by other messaging solutions that provide a safe environment.

Re:Spam will kill the internet

[Halo1]

Yeah, just read this: http://www.clifto.com/8345.html. This guy calculates, using publicly available numbers about the amount of businesses in the USA, that even if only 1% of all *US* companies sends you only 1 message a month, you end up with 8345 ads *PER DAY* in your mail box.

So even if they'd send you only one per year, you'd still get on average about 695 ads per day. So people, instead of JHD (Just Hit Delete), please try to find the time to figure out where the spam was sent from and where the spamvertized sites are hosted and report the spammers or they things may become very ugly...

Jonas

Re:Spam will kill the internet

[Lord+Jester]

Halo1 wrote:

even if only 1% of all *US* companies sends you only 1 message a month, you end up with 8345 ads *PER DAY* in your mail box

Now just imagine having many addresses (20+) that forward to the same mailbox. *shudder*

Re:Spam will kill the internet

[eudas]

i always track spammers down to ip's over in china and taiwan, where nobody gives a flying rat's ass if they host spammers or not. it's a haven for spam imo...

eudas

Re:Spam will kill the internet

[Luminous+Coward]

So people, instead of JHD (Just Hit Delete), please try to find the time to figure out where the spam was sent from and where the spamvertized sites are hosted and report the spammers or things may become very ugly...

It's not always easy to extract useful information from a message's header, especially when the spammers intentionally go out of their way to obfuscate it.

Spamcop automates the process with fairly good results.

Forgot one!

[tunah]

Make Spam Run Far Away!

I hate to say it but...

[smack_attack]

I already found the way to remove 90% of my spam. I just send mail from the following domains to a temp folder:

aol.com
excite.com (dead now, probably a good thing)
hotmail.com
lycos.com
mail.com
safe-mail.net
yahoo.co.uk
yahoo.com

I have a special list of people that are explicitly allowed. I expect to see more filters like this in the future, especially for domains that are known offenders.

Help me! They are using our Email!

[toolbar]

No, we don't have an open relay. We have everything properly configured and don't allow relaying. But some %'&$"#!-spammer decided that using michael@ourdomain.de in the "From:" line would be a good idea when sending out spam.

I get several hundred emails per day, either automated replies that tell my, that "your message to iojrf323@yahoo.com could not be delivered" or angry users that accuse us of spamming.

I try to contact the admins of the abused systems and enter their servers into an open-relay list, but that hasn't slowed down the rate of incoming emails.

Any ideas?

Re:Help me! They are using our Email!

[MadMorf]

Report them to their ISP or their upstream provider.

It's worked for me in the past...

Re:Help me! They are using our Email!

[ColMstrd]

I had a similar problem last week. Some spammer was claiming to be me. I got about 800 returned mails/24 hrs :-(

I'm more concerned about the effect of the ones that do get through on my reputation.

Contacted my ISP (Demon) who said there was nothing much they could do.

I set up filtering, so it hasn't affected my work too much, but it is an annoying waste of resources.

Fortunately the storm appears to have abated for now, or I would have to devote some of my copious free time to researching a more durable fix.

Re:Help me! They are using our Email!

[Jucius+Maximus]

This may be like stating the obvious but you could try filtering out the subject text "could not be delivered." That should take care of the bounce messages.

And as to the angry admins and such, (again I am stating the obvious, you have probably done this) try putting some notice up on your homepage about it. When reverse tracing spam, I always look at the homepage on the suggested domain first.

Re:Help me! They are using our Email!

[inkydoo]

If you are in the US of A, there is legal precedent that such forging of From: headers is damaging to the forged domain. You might want to look at The flowers.com case for more info.

Essentially they argued that they had to spend time dealing with complaints and calculated the cost of that lost time. They didn't even argue for damage to their reputation, which I think could have lead to an even bigger penalty.

bonus bologna

Seems like the big guys send MoSt of the spam I get. the best MuSt be the ones (you/we KNOW who you are) who try to plant dozens of cookIEs on your PC.

Plus, you can get all that virotic infactdead inportaiNT bugwear (hog gonads?) m$emaul.

Makes me wonder, whois the REAL .commIEs here?

Best way to fight back.

[AtomicBomb]

Provide that your internet account gives unlimited download, you can "support" the spammer this way:
wget -r -l2 -i spammer.lst -O /dev/null &> /dev/null
Better still, set that up as a cron job. (Remember, you are *not* DOS the site, you just want to get a fresh copy of the "useful" info into the proxy each hour. I would imagine some guys refresh their slashdot title at a similar rate :-)

Say, you can pull 1MB from each sucker per hour. It converts to 720 MB per month. I can imagine most of them operate their dodge site with a cheap account (sth like 2GB upload per month as basic option, paid extra $$$ for extra data). The above command really packs some punch.

Re:Best way to fight back.

[chaos421]

sounds like fun... however, a massive attack needs to be formulated.

here's an idea... would this work? set up a service somewhere so people could submit e-mail addys and ip addresses from spammers. then we could all block those individuals. perhaps this is already done... and perhaps it won't work.

your thoughts...

Re:Best way to fight back.

[amuro98]

here's an idea... would this work? set up a service somewhere so people could submit e-mail addys and ip addresses from spammers. then we could all block those individuals. perhaps this is already done... and perhaps it won't work.

Already done. Check out MAPS and SPEWS.

These systems are primarily designed to be used at a server or router level. However with a bit of work, you can integrate them into procmail.

Imminent Death of the Net predicted!

[Blind+Demiurge+Ialda]

Live from /.

User ab315 predicts that UBE will destroy the net's appeal to non-technical users. News at 11.

Re:Imminent Death of the Net predicted!

[ab315]

What I saying is that companies have spent a lot of money to do business online but they've ended up opened their stores in the seediest part of town with hookers and con-men hanging around their front-doors and hassling their customers.

It's bad business for major e-commerce companies not to invest in an industry consortium to get legislation to make spam illegal, starting with sexually-explicit spam.

The whole industry is suffering from these spammers in my opinion, what we can see today is that the internet is not the good place to do business that it might have been -- the 'brand image' is severely tarnished and the longer it goes on the more difficult it is going to be to recover from that.

Re:Imminent Death of the Net predicted!

[Blind+Demiurge+Ialda]

Personally, I'm hoping that the spam will persuade corporations to desist from trying to further commercialize the Internet. If the spammers and X10 pop-up/-unders tarnish the commercial internet badly enough, then perhaps it will die its well-earned death. Sites like Amazon.com are one thing; they provide a damned useful service. But who the hell wants nike.com?

Oh please

[olman]

Not another one.

Ok, so you never shop online and you never need Flash web pages, right?

Some of us do. I have Yahoo filter everything out that's not addressed to me and there's steady trickle of 2-5 SPAM/day to the trash. God knows how much to the spamcop account I actually give out.

My yahoo address used to be fairly spam-free, but then this one PBEM ladder put my email address visible in their website among list of tournament participants .. And there's been spam ever since. Hooray for spider-bots.

Re:Oh please

[amuro98]

By default, I leave java and javascript off in my browser. If I go to a site that needs these AND I trust that site, I'll turn them on. But when I'm done with that site, they get turned off again.

IMHO, I wish I could turn flash *off* without turning javascript off since I really hate flash animated banner ads...

spam is bad

it look like your ugly grandmother nude running in a supermodel contest

Weighted rules

[SgtChaireBourne]

I hope naively to see less spam in the near future. Until then I have used rules similar to those, but weighted slightly to avoid false positives.

To get the first set of rules I saved up a few hundred spam and then found clusters with similar characteristics. Then I ran saved messages from lists and known people to tune the rules further. Some spammers now make small changes to the text so that matching based on long strings verbatim will not work. A dynamic spam filter would be a good AI / machine learning project.

Some people (Cancelmoose) on Usenet used to check cross-postings to detect spam. Perhaps a similar effect can be achieved by monitoring key routes / mail servers to detect multiple messages and label them as potential spam, maybe an RBL-style service.

Re:Weighted rules

[WyldOne]

The other great one to do is a reverse domain lookup/ping test on the sender. However; this has a relativly high cost associated with it to do every time. Maybe as a last resort. I have not implemented that yet.

Most spammers are such loosers that they bounce/steath themselves.

Re:Not from AOL, though...

[tRoll+with+Butter]

I'd venture to say the majority of mail you get from @aol.com never really originated from there (the spammers used a fake reply-to address). How do I know this? Because AOL has installed software similar to Slashdot's lameness filter that catches spammers and QUICKLY terminates their account. (AOL members can read about this at Keyword: Rate Limiting.) AOL used to have a really bad problem with child porn and warez, a quick visit into a few empty private rooms reveals this is no longer the case. If you exceed the preset number of outgoing e-mails in a given amount of time, *poof* your AOL account does a disappearing act right before your eyes.

So WHY are you getting e-mails with a forged @aol.com reply-to? It's simple! Many spammers simply believe that AOLers are more trusting of familiar-looking e-mail addresses, so they want their spam to appear as if it came from another member of the service. Ironically, inter-service e-mail on AOL has NO @ address on it!

Next time you see spam from @aol.com, check the originating server in the headers, you might be surprised.

The Profit in Spam

It doesn't help that companies like verio and level 3 are about to go under. There anything for a buck last grasp is making them spam friendly. I recently busted a site on verio http://128.242.238.85/ that was operating openly as a spam source. Verio didn't care.

I emailed 100 verio customers in that net block to explain to them how they would be blackholed and what that meant. They took down the site.

You can set up the very software spammers use to poach email addresses from sites in the same net block.

I fight fire with extreme fire. The only spammers I go after since you can rile people up on it, porn spammers, they don't care if they are sending to a kid or an adult, most of them even have pedophile or zoophile crap. Grab a name from the isp, any name. Contact them on the phone and tell them of the spam and give them 24 hours to have the site removed. If not, you are going to call everyone with their last name in the city the isp is located and let them know they are all for helping pedophiles etc. Does your mom know you send porn to minors?

It is very effective. Use infoseek or similar service, look for business by the ISP. Call the deli downstairs, the church in the neighborhood, then let the person at the ISP know who you talked to.

I am not posting my name since spammers have put me on their lists, they post my name as a spammer in newsgroups. They suck.

I have a job where filtering mail could mean not getting a clients mail, so it is not an option.

If everyone just took one piece of spam, traced it to the source or the host. Attacked that host, with legal threats. Do not make anything up, do not lie. When you call their biggest advertiser to explain how they support pedophiles, be clear, it is because they refuse to take action against pedophiles hosted on their site. That they allow one of their customers to send unsolicted porn to minors. Be very clear. And be very clear your group is about to announce who is helping these scums, since their company is an advertiser or client of the isp, you are going to list them. Don't like it? get another isp or get the isp to stop.

Shame is a great motivator. Use it. If we do not stand up to this crap, we are going to see legislation coming in, they are going to be heavy handed, they are going to snoop. Take back your box.

Do more than report a spammer today, those days are over. Attack,threaten and shame a host today.

Re:The Profit in Spam

Yeah and if the spammer lives in New York and has co-located a box in Lansing, you're harassing alot of people in Lansing's phone book for nothing. --And when you get caught by your phone company's fraud-detection batch job, you're busted...not the spammer.

Re:The Profit in Spam

What in the hell are you talking about? Shame the ISP, shame them. Who cares where the spammer lives, it is the ISP you are after. You aren't going to change a spammer, but you can change an ISPs acceptance of a spamme.

And why would my phone company 'catch me'? What for? For expressing my displeasure? fraud-detection batch job? What in the hell are you talking about? Are you a spammer and don't like this because you know this works? Or are you a 15 year old with some fantasy verison of how the world works?

Spam Study

[MadMorf]

I worked as a Postmaster at a Federal Gov't agency a couple of years ago.

While I was there we did several things to try and determine what kinds of messages were entering our system.

One of the things we did was to queue all incoming messages for a short period so could have a chance to look at them.

What we determined was that over 95% of all the messages we received that were larger than 1 Meg were CRAP of some sort, and definitely NOT business related.

We also tracked the number of messages per day going through the system for several months and found that just before Thanksgiving our numbers would triple and stay that way until Valentines Day...

Re:Spam Study

[ahodgson]

That sounds about right. I worked for an E-mail outsourcing company and our mail load would triple around Christmas.

The message volume didn't go up that much, but the average size per message went through the roof. Stupid animated elfs getting splatted, and reindeers and crap, and people mailing each other holiday pictures.

Hey!

[glowingspleen]

Hey you, Jim Peterson!!! Do you like Christmas!!! Then check out our barely legal Ho Ho Hoes!!!!

Also play our new game: Find the bad-girl coal!!!

I dunno about 650%, but mine's way up

[barzok]

Ever since Bigfoot.com started tanking, they were selling email addresses to SPAMmers. 99% of my SPAM comes to that address, which used to be my primary. Now almost anything going there goes to the bitbucket. 90% of the email I send on a daily basis consists of "user unknown" bounce messages generated via my filters (love that feature in kmail).

What legislation?

[Misch]

What, pratel, is the anti-spam legislation that has been passed in the US?

Spamlaws.com still susscintly leaves the state of current federal spam legislation at 3 words: Enacted legislation: None

Re:What legislation?

[quonsar]

What, pratel, is the anti-spam legislation that has been passed in the US?

what, pray tell, is "pratel"?

We need to stop spam ourselves.

[AlphaBrav]

Or at least do what we can:

By US Code Title 47, Sc. 227(a)(2)(B), a computer/modem/printer meets the definition of a telephone fax machine.
By Sec. 227(b)(1)(C), it is unlawful to send any unsolicited advertisement to such equipment.
By Sec. 227(b)(3)(C), a violation of the aforementioned Section is punishable by action to recover actual monetary loss, or $500.00, whichever is greater, for each violation.

At $500 a pop (usually can tack on court costs as well), you'd think people would be more willing to file suits in small claims court.

Re:We need to stop spam ourselves.

[13013dobbs]

You might want to check that law. IANAL, but the spammer has to call you for that law to apply.

Re:We need to stop spam ourselves.

And how do you in NYC sue in small claims someone who might be in Nevada? Or the spam is from chicago, but the product being hawked is in CA, and the web site serving the pages is in Texas?

Santa Claus getting high-tech?

[inerte]

I guess to apply for a job with Santa this year, being a short green elf is not enough anymore... You have to add to your resume: computer Skills, email management, spread sheets and word processor...

Hey, maybe in the future kids will believe gifts come from a network administrator with strange and obscure skills on Unix... ooops, in that a lot of people already do :-)

Am I not loved?

[Mr.roboto]

Havn't recieved a single piece of spam in a week, nobody loves me :(

Santa Says To Spammer ...

[resistant]

I send you this coal in your stocking in order to have your grimace. No thanks, bye.

What if YOUR e-mail address is used to spam?

[AYeomans]

My Yahoo mailbox has just filled with bounce messages, as a spammer forged my email address as From: and Reply-to:. I only saw a few hundred bounces before the inbox filled.

At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.

I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)

But what to do about reputational damage? Or going onto known spammer lists?

Re:What if YOUR e-mail address is used to spam?

This happened to me too. I immediately reported it through spamcop.net. About 50 "delivery failed" reports are now in my inbox, but no flames or complaints yet. I really hope the spammer gets shut down ASAP!

Re:What if YOUR e-mail address is used to spam?

[herbierobinson]

If the spammer has money, you can sue for reputation damage. This probably only works if the e-mail address spelled out your real name. There also may not be much money to collect when you win... It would seem like it would at least be worth taking the process far enough to get the real identity of the spammer.

It's pretty unlikely that you would go onto know spammer lists. The return address on spam is forged so often that it pretty much gets ignored these days...

Re:What if YOUR e-mail address is used to spam?

Spamcop really works. The spammer now has got his account closed and he also got a $500 fee for system abuse from his ISP.

hrm.

[TheHawke]

I keep a tight rein on my usenet as well as my surfing, and currently i only get about 5 spams a month. Not bad for a 6 year vet of the 'net, and 4 of those with the same ISP AND the same email account. Whenever i get a spam, i go hunting, and oftentimes that bags the spammer a killed account or a RBL listing. One Maillist here recently got put on my ISP's blacklist for their lack of enforcement of their own rules (mindhshare.com and pm0.net was the spammer). Their backbone, Verio, has been informed of their actions several hundered times and spewed too, with little or no effect. If Verio did not have multihoming capability, I would have asked Sprintnet to pull their plug and let them stew in the dark until they shut the jokers off.

Re:hrm.

pm0.net is sending me a pile of unwanted email to my hotmail account. I tried sending the "remove" from the list option but I think it just got worse. I ended up selecting the highest available spam filter from hotmail (after going through the stages -low - medium -high ) and I still get spam through it.

Any way to turn off pm0.net?

Filtering helps spammers

[Charles+Dodgeson]

ab315 says

Spam filtering is not a viable solution for average non-technical users

Spam filtering is actually a bad idea. Spam filtering actually makes life easier for the spammers. I have a short note discussing this. Among other things, it says

Attempting content filtering to detect and junk incoming spam is counter productive. Filtering like that only makes things easier for spammers. The spammer's ideal email list would include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the vast majority of people who "just hit delete". If automatic filtering means that those inclined to complain about the spam don't see the spam, then filtering actually helps the spammer.

I wonder if the increase in the use of filters is related to the increase in spam.

Re:Filtering helps spammers

[node3667]

Filtering is good.

Filtering is good because when you come back from vacation, you have the very personnal email (the one you want to read first) in your "personnal" folder.

Filtering and detection is good because we can easily answer to that spam (mail-abuse, spamcop...)

In short, filtering is good but is not everything ! action should take place !

Re:Filtering helps spammers

[MrFredBloggs]

That note doesnt actually explain why deleting spam makes things easier for spammers - it just keeps repeating that it does.

Re: Christmas spam

LookOut Express is pretty cool. It has the built in scripting ability to send spam as well. No need to program it. Just start receiving emails and it will automagically program itself to bulk email all of your friends!

Re:the rest of the world...

IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.

Problem is it's harder than hell to track those that aren't conforming. By the time they spam the hell out of you, the account they used is long gone.

You're obviously a weirdo!

[jabber01]

I mean, how could you have access to the Internet and NOT read a.b.p.e.* ???

AT&T Broadband Baby!

[bgarcia]

Ever since AT&T switched all of us from @Home to their new network, I haven't gotten a single spam, whereas I used to get over 20 a day.

I'm enjoying it while it lasts.

What about ICQ spam?

I don't know if this is just me or if there really is a pattern going on. But I for one have been receiving a LOT more icq spam in the past few weeks.

Every morning when I check my messages I have about 10 spams waiting for me and there are more coming in during the day. It used to be mostly/only icq pager events, so I disabled those. But right now just about every type of icq message is getting used.

ICQ is simply getting rather annoying to use but then again all the people I want to talk to use it. It's not like I could just ask everyone to switch to something else (not to mention I have no doubts that other messaging services are or will be just as bad).

So has anyone been experiencing this problem? And if so, have you been able to correct the situation? I would like to know how people are dealing with this.

Thanks
WarDancer AKA TooLazyToCreateAnAccount

Re:the rest of the world...

[finial]

Whether or not 90% of spam originates in the US (remembering, of course, that 74% of all statistics are made up), almost all of the spam I get is through open relays in CHINA.

Re:the rest of the world...

That's a bunch of crap. Most of the spam in my inbox (80-90%) comes from open port 25s in China.

Re:the rest of the world...

90% of my spam is from china.

Hotmail vs Yahoo

[MadMorf]

I have both a Hotmail account and a Yahoo account.

The Hotmail account averages 10 to 20 pieces of Spam per day.

The Yahoo account averages 2 Spams per day.

The funny thing is I don't use the Hotmail account address for anything, I use the Yahoo account for virtually everything.

So. My theory is that Hotmail/MSN allows/encourages spammers to fill their users mailboxes with crap!
There are 2 possible reasons:
1 - Hotmail/MSN actually sells their user lists to spammers.
2 - Hotmail/MSN drives up revenues by selling larger mailboxes to people who get more Spam.

Re:Hotmail vs Yahoo

I think Hotmail/MSN's just targetted because they're one of the largest email domains, and have a large percentage of suckers to send them money (2nd only to AOL). Spammers seem to send dictionary attacks to *@hotmail.com addresses and then record the ones that don't bounce.

I wouldn't be surprised if MS sold their user lists either.

Re:Hotmail vs Yahoo

[MadMorf]

Hotmail has a large user base.

And so does Yahoo...

So, why does it appear that Yahoo doesn't have this problem...

More effective Spam-Filtering?

Funny

[CaptainSuperBoy]

It's funny how ICQ made all these features such as WWPager and EmailExpress which are designed to make you available to people without ICQ.. then when they start getting abused by spammers, ICQ will even tell you not to accept these services. They should either support these services (which means actively preventing spam, not just telling you to filter them) or discontinue them..

Re:Not from AOL, though...

[CoolVibe]

Well, the approach of the parent works. As long as their From: header or Reply-to: header is set to those domains, it filters them out. It filters most spam away from me too. Not many of my friends/aquaintences use those services, and the ones that do are in a allow list.

Oh, you are right though, I don't get much AOL spam, but I filter them out anyway. I get sick of AOL people that mail me if I can teach then how to hack their hotmail box/friends aol account/neighbours website. Funny thing is I never advertise such skills on my website, nor do I condone them. But I still get those mails, so filtered they are indeed... (I got sick of putting 'em in their place as well, safest best is just ignoring such people).

Re:the rest of the world...

[RStar23]

Most the spam I get comes through open relays in China, Korea and Japan. A fair amount can be tied back to somename.ru domains and a certain chunk of the crap comes from somename.it.

Rich
Friends don't let friends spam

I've been spam free for 3 years now.

[SCHecklerX]

Here's how I did it:

1. Run my own mail server
2. Disable expn (especially if you run mailing lists as aliases for somebody!!!) and vrfy.
3. Make an alias for every service that requires a mail address
4. write procmail filters that only allow mail to the above aliases if they are from the service you signed up for. If they spam you themselves, just remove the alias (I get a lot of third party spam from slashdot, believe it or not)
5. Forward mail from the account on my ISP to my real mail server
6. Delete everything that was forwarded by my ISP unless it came from the ISP themselves, or from the dyndns service (who obviously need a server other than your own to contact you through)
7. Filter other specific spams as needed in .procmailrc (stuff with no from address, stuff with no '@' in the address unless it came from your own domain, etc)

I hadn't been forwarding my ISP mail to my account for awhile. I was AMAZED at the amount of crap that came into it when I decided to check it the other day! SHEESH! 60+ mails a day on that account, ALL SPAM. MOSTLY PORNO. This on an account that I have NEVER used, let alone advertised! Of course the lack of security of the ISP probably didn't help (default web pages as the user's account id, for example)!

Re:I've been spam free for 3 years now.

[chaos421]

okay... newbie sysadmin here... what is expn? so your users have to sign up for services? like make a file with all their friend's e-mail addresses in it or something?

Re:I've been spam free for 3 years now.

[SCHecklerX]

expn = expand in sendmail. Basically, if it is enabled, somebody can telnet to your mail server on port 25 and if you have an alias that is a list of email addresses, they will get the entire list of addresses back (ie, on my mail server, they would 'expn mtb' and learn about 60 email addresses!).

Disabling expn and vrfy on sendmail is common security practice. On my Redhat 7.0 box, they were ENABLED by default. Not good.

Re:I've been spam free for 3 years now.

[chaos421]

ahh... cool. very good tip. all they have to have is the name of your all_users alias.

Re:I've been spam free for 3 years now.

You know, I could fuck with that. But it's a hell of a lot easier to just hit "delete" or make a couple of rules in OE.

To cross a 3' ravine, you fucking linux people would build a god damn suspension bridge. I'll opt for running start and a jump.

Damn the spam and full speed ahead!

[bigbennie]

The reason a lot of geeks receive SPAM is the same reason I do ... registration of a domain. A live email address on a domain registrar is excuse to have every cheap SPAM cannon leveled at you.

Also, folks seem a bit confused. THERE IS NO NATIONAL SPAM LEGISLATION. It never passed. Not at all. The reason a lot of spammers want to say they are in compliance with opt-out legislation is that it legitimizes their existance. Let's not forget that SPAM is STEALING. You pay for the junk mail that shows up.

Check it out here...

Re:Damn the spam and full speed ahead!

[Dr.Dubious+DDQ]

THERE IS NO NATIONAL SPAM LEGISLATION.

After over a month of the same spammer spamming me from prserv.net in Austin, TX, I went to look that up, and you're right.

It appears that the mysterious 's1618' (passed by the 105th senate) that spammers sometimes claim (usually falsely, I find) to be in accordance with, got through the senate 3 years ago, and promptly fell into a House of Representatives committee black hole...

It wouldn't be TOO bad as far as legislation on such matters can go. It appears that is IS 'opt-out', but at least it requires the REAL email, phone, and physical address of the spamming company AND (if different) of the person doing the actual sending of the spam, so at least you can find out who they really are if they are really in compliance...

How much do you want to bet it'll rot and die in the HoR committee, like a bug in a 'roach motel', though....

Re:the rest of the world...

[Rentar]

Most the spam I get comes through open relays in China, Korea and Japan.

And the phone numbers you should call, or the PO-Boxes you should send the money to, or the incredibbly trustworthy companies you should invest in are located in _______ (insert correct answer here).

What to look for...

[TechnoLust]

Actually, there are several things you can look for. If the spam actually complies with the law, there is a section at the bottom that says, "In compliance with..." I can't remember it all and I'm at work, so I can't look at my spam filters (they're at home).

Also, look for "send to 10 people" and that will get most chain letters. "make $$$" will get several hundred a week. "to be removed" will get a lot, but be careful as it will also get most legit mailing lists too.

I set these filters and then waited for SPAM to get through. If one did I would look at it and try to determine if there was anything unique that wouldn't be in normal correspondence. My SPAM count is still high, but only about 1 a month gets in.

Re:What to look for...

[gmack]

Lies lies and more lies heh

There is no law that they happen to be "complying with".

The propossed bill that they keep quoting not pass even if it had it required a valid return address wich they don't happen to supply. It's just a lame attempt at keeping you from taking action.

But yea go ahead and filter anything with that block of text.

Re:What to look for...

[TechnoLust]

Actually there are such laws, maybe not in your neck of the woods, but I don't really know where you live. If you live in Seattle, maybe you should read this. If you had read my post, you would have seen that I was giving examples of how to create a filter list. I noticed that in my personal experience several of the SPAM mails I received had this little line citing some section of some law, I copied it into my list of filters and viola! Bye bye SPAM.

So, yes, I will go ahead and filter that block of text. You can keep your head in the sand and keep reading your SPAM. Next time, before you post, maybe you should do some homework.

I read it on /. it must be true!

Re:What to look for...

[gmack]

Yeah except "some section of some law" happens to be bogus. And they even tend to be vilotaling the proposed law they were quoting.

That was all I really pointed out I have NOTHING against filtering that block of text. Anytime they provide such an easy means of filtering it should be taken advantage of.

I also didn't say there were no laws at all just *that* block of text is a bogus attempt at making people not fight them and Sadly, the trick works .

no big deal

[hawk]

>Just wait till the day we have satellites in the sky blinking
>obnoxious ads at us as we try to look at the stars.

*shrug*

just don't learn morse code, and you'll be fine . . .

;)
hawk

Re:no big deal

I know that was a joke, but it could seriously become a problem in the future. Awhile back a company (Pizza hut?) was planning on putting ads in orbit on ISS or something. The marketing guy answering questions was like "yeah, it'll annoy a lot of people but it's a BRILLIANT marketing idea!". Brilliant way to become the most hated company in the world, IMHO.

Spamcop.net seems to have worked for me..

[ltm]

About a month ago, I started reporting my spam to Spamcop.net .. you sign up for a free account, and every spam you get, you post to their website. (Additionally, there's a utility out there called Spam Deputy that will auto-post selected spams to your Spamcop account from Outlook.)

Spamcop takes the headers and fires off Abuse messages to every domain it finds in the trace of the spam.

The results? Well, I check my email and my wife's, and we used to get roughly identicle spams .. After using SpamCop for maybe 2 weeks, my spam count dropped off the map, while her email still gets hit. I'd say I've gone from 20 spam/day to 1 spam/day.

It's kinda spooky. Don't know why it worked for me.

Re:Spamcop.net seems to have worked for me..

Odd. I started using it a couple weeks ago and it hasn't done a thing. If anything, the number of spams I get has increased.

Re:Spamcop.net seems to have worked for me..

[ltm]

I can't explain it, but there's no doubt for me, it's worked. Give it a few more weeks.

Re:Spamcop.net seems to have worked for me..

Register your email with spamcop.net and receive FREE daily XXX pictures in your email.

Re:Spamcop.net seems to have worked for me..

[Tyrall]

SpamCop is a useful tool, both from a user's and from a system administrator's point of view.

Having used SpamCop from both sides (I work for a national ISP), I can't recommend it enough. The admin gets all of the pertinent information in a single mail, and the user can get feedback as to whether the issue has already been solved.

Julian (the guy who runs the service) is particularly helpful, and open to suggestions.

Re:Spamcop.net seems to have worked for me..

[Animats]

I've been a Spamcop customer for years, and it filters all the E-mail from three domains for me. Until recently, it worked really well, because it used a challenge/response system - any new source of E-mail got a message back asking them to click on a URL in the message to confirm that they'd sent it.

Recently, SpamCop has switched to a "heuristic filter", which is only about 50% effective. It's not a very good filter; it's passed messages from viruses through, and today I got the classic "Nigerian spam". I've been asking the SpamCop people to put the challenge/response system back. If all they can do is a 50% effective filter, I could just as well use one of the Procmail-based solutions.

Re:the rest of the world...

[isomeme]

IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.

Why clutter the books with yet another unenforceable law -- which will probably be so badly written that it illegalizes sending email to your mom -- when there are highly satisfactory technical responses? A good junk-mail filter (down to and including a hand-rolled .procmailrc) is perfectly adequate spam control.

Dose anyone thinks we don't need anti-spam laws?

[Mustang+Matt]

It just seems like if every state had laws against spam it would end.

I'm not talking about spam from valid companies, I'm talking about the spam with forged headers and invalid return email addresses.

I know that usually the less government involvement the better, but why not let the government put a stop to this for us?

Anti-Spam Activism

This is one way to take the offensive to the spammers:

1) Go to your favorite web directory, where sites are paying per clickthrough (like Goto.com)

2) Search on any of these keyword phrases:

email marketing
bulk email marketing
direct email marketing
bulk email marketing campaign
email marketing company
email marketing software
opt in email marketing
targeted email marketing
permission email marketing
marketing email
email marketing services
email marketing tool
optin email marketing
online email marketing
email marketing program
email marketing list
email marketing campaign
free email marketing
bulk email work marketing
email marketing strategy
email marketing solution
permission based email marketing
email marketing uk
marketing email list
target bulk email marketing
email marketing consultant
direct email marketing firm
precision email marketing
bulk email marketing software
marketing bulk email
marketing email service agent
direct marketing email
email marketing 98
email marketing service
targeted bulk email marketing
discount targeted email marketing
email marketing secret closeout
email marketing technology
email marketing consulting
email target marketing
business to business email marketing
html email marketing
opt in email marketing software
global email marketing
marketing via email newsletter and mailing list
email marketing system
email marketing benefit
targeted opt in email direct marketing
viral email marketing
marketing with email
direct email marketing australia
replynet powerful email marketing tool
email marketing arabic
mass email marketing
email lab marketing specialist
email marketing career
email marketing etiquette
marketing phd email list
optinpro opt in email marketing software
email marketing research

3) Start clicking away; some of these companies are paying five and six dollars per clickthrough!

In most cases, Slashdotters would exhaust a lot of marketing capital that these companies have. In a few cases, the company may not have set a cap on their spending, and a few hundred thousand frivilous clickthroughs would bankrupt them.

It's brutal and it's legal.

Re:Anti-Spam Activism

[StJefferson]

Beautiful!!!

I just clicked away about $100 in ill-gotten gains from spammer's accounts.

And here I thought getting their accounts nuked was activism enough!

Re:Anti-Spam Activism

[MrFredBloggs]

Right on! I used to think sites got money when you clicked on the ads, so i avoided clicking, unless i liked the site...then i realised that the more you click, but never actually follow through and buy anything, the more it removes the point of them doing it in the first place. So now i just click like crazy on them! (well, when i`ve temporarily disabled my JunkBuster proxy)

Somethig most forget

[macdaddy]

I'm reading the previous comments and there's something I notice that's disturbing. Most are quick to say how they hate spam and how spam will kill the Internet. Many are even providing information on how to filter spam. But no one has said anything about reporting spam. If there is something going on that you're so adamantly against, why don't you LART it? Doing your own personal filtering or simply ignoring the spam (UCE or UBE) only benefits yourself and only in the short term I might add. If you take a little time to LART messages, you'll not only help get A) spammers booted from their provider, b) spam sites get shut down, and c) companies that use a spammer's services to find a better way to advertise, you'll assistant in decreasing your's and everyone else's future spam. Examine the headers. Learn the signs of an open relay. Check for and report open relays. LART the abuse and postmaster addresses of the owner of the IP, the provider for that netblock, the owners (and sometimes providers) of the spamertised sites in the spam, CC uce@ftc.gov, and CC NANAS (news.admin.net-abuse.sightings) so that there is a record of spam for others to confirm that they aren't the only ones getting a particular spam. Also include the FDA on spams that say things about prescription drugs without and prescription or other FDA-related topics. Also include the US Secret Service on Nigerian Money scams. The SEC also accept reports of stock market scams. There is a plethora of things you should do with the spam you receive. Doing nothing with it is the real crime. I strongly recommend you become a member of news.admin.net-abuse.email and follow the discussions there. There are many spam FAQs floating around. Do you part to help other fight spam.

I filter spam based off of numerous DNS blacklists. I also have an extensive list of spamming domains and spam supporting providers that I blacklist. Last week I rejected 95,837 pieces of mail from just one of my servers that I deemed to be spam. If people didn't report that spam to the maintainers of the DNS blacklists, I would have to rely on my own access lists to reject spam. This colaborative effort really works.

Re:Somethig most forget

[macdaddy]

I also forgot to take the bounces to the LARTs you sent to abuse@ and postmaster@ those domains and report them to ,rfc-ignorant.org. Abuse and postmaster accounts are required to be RFC-compliant. Reporting bounces to those addresses doesn't neccessarily benefit the anti-spam fight directly but it does help some administrators when they try to contact those non-RFC-compliant sites. FYI

Re:Somethig most forget

First of all, several people recommended reporting spam before you did. But more importantly, not everyone has the time, energy, or technical savvy to track down every spammer's ISP and report them. Just because it's your personal crusade doesn't make it mine.

Re:Somethig most forget

[macdaddy]

Then if that's the case, you have no right to complain about receiving spam. It's that simple IMHO.

Do something usefull with your spam!

[IgnorantKnucklehead]

Satirewire.com is running a contest for poetry based upon spam mail.

So get over there, recycle your spam, and maybe... er... win a t-shirt or something.

Hum...

[fulgan]

To me, interviewing someone from a content blocking firm about the problem of mail filter is just like asking a gun shop owner to talk about self-defence: you are bound to get an article full of exclamation point, but little unbiased opinion.

Asking someone responsible for mail servers or spam complains at a large ISP would have proven much more interesting and probably much more accurate.

(maybe there should be some more filtering in the /. inbox, just to avoid unwanted commercial articles ;) )

Comment removed

[account_deleted]

Comment removed based on user account deletion

"professional" marketers and BankOne

[davebob]

A lot of spam I receive are from "legitimate" email marketers - i.e. not "make money fast", but trying to sell/resell real products or services. These are the type that put in these CGI image sources.

Case in point: I got one from "BankOne" which didn't contain any links to a BankOne website, but to a site on the domain of "pm0.com". This kindly email also contained a web bug whose image source was a tagged CGI link.

It was offensive enough to make me call BankOne and tell them to put me on their "do not call" and "do no email" lists.

Re:"professional" marketers and BankOne

[homer_ca]

I've seen "get rich quick" spammers do it too. And you don't even need to encode a user ID. They just put something like- IMG SRC=http://theirserver/getrich.htm?user@domain.com and they can read the read receipts right off the web server logs. MS is so annoying about this too. If you turn off load images in Outlook, it does the same in IE. Just another reason to use a different browser.

Re:prove it

According to NUA, there are 513 million online worldwide, and about 166 million in the US (as of august 2001), which gives 32%. In detail:

• USA: 166 mio (32%)
• Europe: 155 mio (30%)
• Asia/Pacific: 144 mio (28%)
• Latin America: 25 mio (4,8%)
• Canada: 14 mio (2,7%)
• Rest: 9 mio (1,7%)

Every country build its own part and contributed to the growth of the Internet. Remember: the Internet is an interconnection of Networks - each Network operated by an independent party, country, company, person whatever. That's also, why there can't exist a head or owner of the Internet.

It's more like the streets, the railways, the telephone, the postal system... each country contributes for its own part.

Yes, TCP/IP may have been invented in the USA, while the WWW was invented in Europe, the telegraph was invented by an italian and the Diesel-engine by a german... but now we all use the technology, and there is no single "owner".

The Internet is not US-centric and neither should be so

Re:the rest of the world...

[dubl-u]

Why clutter the books with yet another unenforceable law -- which will probably be so badly written that it illegalizes sending email to your mom -- when there are highly satisfactory technical responses? A good junk-mail filter (down to and including a hand-rolled .procmailrc) is perfectly adequate spam control.

You've answered your own question. The number of people competent to hand-roll a procmailrc, let alone install all the other needed anti-spam tools, is a tiny fraction of the total number of email users. And maintaining all of that anti-spam infrastructure to keep up with the latest spammer tricks.

This is a classic arms race, and it's one that the spammers will likely keep winning. Why? Because they care a lot more. A bunch of spam is a time-wasting minor annoyance to you, but their livelihood to them.

Legislation that allows recepients to sue spammers is perfectly enforceable. And even if the legislation only provided criminal penalties, it would still be valuable. For example, the folks from Paetec could have quickly booted the spammers of their network, rather then getting caught up in a multi-year legal battle.

MTA, MDA, or MUA filtering?

[Kevin+DeGraaf]

For [Pine] users, just remember the magic spell: "m s r f a."

Personally, I prefer to keep spam away from my MUA altogether. That's what the MUA (RBL) and MDA (spam rules in Procmail) are for.

Re:MTA, MDA, or MUA filtering?

[fixitnow]

Some spam will inevitably get into the MUA, after all, the end user is the one who has to initially identify spam. Here is my proposal: Run Away. How? There is a new, but improperly implemented (so far) email addressing standard called plus addressing, where your address is like "user+box@host" where the "+box" part is supposed to be ignored yet passed on from the MTAs and MDAs to the MUA. Unfortunately, some ISPs still bounce this kind of addressing as unrecognized, even if "user@host" is a valid email address. If you think of the plus addressing part ("+box") as a personality (in Eudora parliance) then your email address now can be filtered into as many pieces as you need. Now, when I asked a couple of ISPs why my envelope recipient (RCPT TO: part of the SMTP protocol) isn't in any of the headers on a BCC email, I got an answer like "well, if it got to your mailbox, it's for you," but with this new addressing paradigm there remains the question of which me? i.e. which personality does the email belong to? so that argument needs to be thrown out the window. I have read that some ISPs have recompiled their MDAs to include a header like "Envelope-to" or "Delivered-To" or "Envelope-to" or "rcpt-to" (all optionally preceeded with an (X-") but not mine, of course. If my plus address were included in a header like this, I could easily filter all bcc email to personalities I want, and then force the spammers to use it. A really good ISP would allow me to upload a list of plus addresses that were allowed, and block everything else at the RCPT TO stage of the SMTP protocol (it might also provide end users with some Eudora, etc. plug ins to better manage personalities, signatures, addresses and filters as a personal information management (PIM) with one personality per contact.) If the spammers guessed one, I could simply give another one to the person who communicates to that personality, and turn off (or send to bitbucket, or report as spam) all future communications to the compromised personality. Question: what ISPs already provide these headers for bcc'd mail or where do I find out?

Permissive legislature?

[fireboy1919]

Information obtained from the internet is deemed public information, so people are allowed to collect it in the US. However, you can sue for illegal solicitation if someone e-mails you without consent or a business relationship in the US - the greater of $5000 or the product or service advertised is the standard penalty.

Its just really difficult to enforce.

And you saying we're too permissive? What, do you kill spammers in Italy?

Re:Permissive legislature?

[Happy+go+Lucky]

Information obtained from the internet is deemed public information, so people are allowed to collect it in the US. However, you can sue for illegal solicitation if someone e-mails you without consent or a business relationship in the US - the greater of $5000 or the product or service advertised is the standard penalty.

Its just really difficult to enforce.

It's difficult to enforce because it doesn't exist. At least not in the US.

There is a junk fax/telemarketing law at 47 USC 227 which specifies the greater of $500 or actual damages per violation, or the greater of $1500 or actual damages for knowing or willful violation. However, this statute DOES NOT APPLY to email.

The ONLY junk email statutes in the US are state statutes, ALL OF WHICH specify opt-out. That means that they get one free bite at the apple.

Spam...

[Trillian_Angel]

... in a can or a nutshell (if you like nutty spam, thats okay, the men in the white coats won't hurt you.) its become one of those "necessary" evils.
Necessary because we don't think that maybe, just maybe, if we don't use our real email addresses for anything other than say, slashdot and close friends, then we wouldn't have this problem.
What amuses me the most is that I don't get spam.. then again, I don't sign up for anything... now maybe thats our problem right there. Humans like to buy things, sign up for things, prod our noses in business that isn't ours (but we to think is ours)... and of *course* businessmen (and politicians) are going to take advantage of that fact! (They aren't quite as stupid as we'd like to think, or hope, situation dependig.)
So in theory if we never signed up for anything, then the internet would crumble away, vanish, and our spam problems would be solved... and then as all things, the vicious cycle would start again from the beginning.

Re:msrfa for OUTLOOK EXPRESS

[zimm0001]

I have found an excellent way to filter spam using M$ Outlook Express: (only works for POP tho, not IMAP)

tools->message rules->mail
New...
check off 'where the to or cc line contains people'
and also check off 'delete it'
then click on the 'contains people' link, enter your e-mail address for the pop account, click add and then 'options'
select the 'does not contain' option and click ok
give the rule a name like 'kill_all' and click ok
this rule needs to be placed at the top of your message rules to work properly as the list behaves the exact opposite as a routing table. (its M$, what do you expect?)

this will delete any e-mail not specifically addressed to you (as most spam is).
you will need to create message rules for any mailing lists you may be on, but you should have already done that to properly organize them into folders. ;)

since using this method i have not had to read one spam e-mail sent to my pop account.
:)

Possible Spam Prevention Idea, what do you think?

I want to develop a free site for people to login to that will basically allow them to completely eliminate, and trace the orgin of spam. Here are the program specs, what do you think?

Program Title:
SpamRouter

Program Description:
A set of scripts to route mail to the correct destination address, as well as collect statistics
on where the "spam" was sent to, which will provide a direct link to where the address was
provided allowing us to track spammers efficiently, and accurately. Also allowing the user to deactivate the address provided, eliminating spam from that source.

Author:
Nick Hoover
Systems Engineer
720 Studios

Copyright Information:
This document and all of its accompanying scripts are (c) 2001 by 720 Studios
No parts of this program may be redistributed for profit without explicit
written consent of 720 Studios. You may modify this program as you wish, however
no warantee is presented modified, or unmodified. Meaning, use at your own risk.

Detailed Description:
This will be discussed in a single user environment, in future versions however - multiuser
environments will be present to allow the program to have a realistic use in the real world.

SpamRouter will have three seperate things going on. The key attachment to all of these
scripts will be a flat file (for now, however that may be put into a mySql database eventually
if the need is ever that high) database which will contain the following information:

useremail - the destination email address, which will be in the future used for the user's login
userpass - dummy for now, eventually an encrypted password for multiuser
userid - a generated ID that will be part of the generated keys
totalkeys - total number of keys (described below) generated

This database will contain the primary information for our users. There will be a second
set of databases, which will be generated for each user. These databases will contain
the generated keys, and will have the following information per record:

key - the generated key
origin - the site and or party given the address (this is for tracking)
date - date the key was generated
totals - total number of times the key has been flagged (ie. sent an email)

Each email that is sent to a key will be copied and put into a file named after its
key then followed by its count (ie. the sixth email sent to key X240213sd would be
X240213sd.5 [0-5]) that way we can track messages as well.

Now that you have an entirely confusing description of the data we'll be storing, time to explain
how this thing works.

Here's the life of a SPAM message sent to an address covered by spam router:

User is asked to provide their email address to a website for whatever purpose.
User logs into spamrouter and generates a new key, and enters in the website's URL
and other information so he or she can remember what they gave it for.
User is given a key generated address.
User gives that address to the website, and goes about their business.
IF the website the user gave their address to is a spamming website, and tries
to spam the email address provided, spamrouter becomes a knight in shining armor.

Email is sent to key at spam router such as: x9237823sijd783@spamrouter.org, spam
router receives the email, and copies it into a file for future reference, increments
the count on that particular abusing website in its database, and sends it to the
destination address (we're not trying to block spam [unless the user turns that
key off], just trying to trace it to whom it really came from.) An email is sent to the
destination address alerting them that the email was SPAM and sent from whatever
website the user registered it with. This allows the user to have a real copy
of the email, the information as to whom it came from - so that they can contact
the company, or whomever, and rip them a new one and have absolute proof that it was
from them, furthermore, the user can then turn off that key. Basically, no one will
ever receive your REAL email address (unless you give it to them) which lets you decide
who can contact you, and who can't. The problem with most "filters" is they filter who
it's from, not who it's sent to.

Kind of complicated, and maybe not really all that useful... but I created it for myself
because I want to know WHO is using my address for spam, that way I can get these people
to stop. Furthermore, once I've finished my business with a particular site, I can turn
that key off, basically eliminating spam from that address.

Comment removed

[account_deleted]

Comment removed based on user account deletion

So set your filter to...

[Ungrounded+Lightning]

The spammer's ideal email list would include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the vast majority of people who "just hit delete". If automatic filtering means that those inclined to complain about the spam don't see the spam, then filtering actually helps the spammer.

So set your filter to forward each spam to your congressman. B-) Say, with a nice form-letter about how this showed up in your inbox today and you'd really like the law against unsolicited faxes to be expanded to include spam, with only "opt-in" allowed.

And re-tune it periodically as the congresscritters change their email addresses.

Free service to basically elminate and track spam

[nhoover720]

Hi, I'm thinking about creating a website, and writing the applications to support something like this. Would this be useful to you guys? I know the documentation is sketchy, let me know on any ideas.

I want to develop a free site for people to login to that will basically allow them to completely eliminate, and trace the orgin of spam. Here are the program specs, what do you think?

Program Title:
SpamRouter

Program Description:
A set of scripts to route mail to the correct destination address, as well as collect statistics
on where the "spam" was sent to, which will provide a direct link to where the address was
provided allowing us to track spammers efficiently, and accurately. Also allowing the user to deactivate the address provided, eliminating spam from that source.

Author:
Nick Hoover
Systems Engineer
720 Studios

Copyright Information:
This document and all of its accompanying scripts are (c) 2001 by 720 Studios
No parts of this program may be redistributed for profit without explicit
written consent of 720 Studios. You may modify this program as you wish, however
no warantee is presented modified, or unmodified. Meaning, use at your own risk.

Detailed Description:
This will be discussed in a single user environment, in future versions however - multiuser
environments will be present to allow the program to have a realistic use in the real world.

SpamRouter will have three seperate things going on. The key attachment to all of these
scripts will be a flat file (for now, however that may be put into a mySql database eventually
if the need is ever that high) database which will contain the following information:

useremail - the destination email address, which will be in the future used for the user's login
userpass - dummy for now, eventually an encrypted password for multiuser
userid - a generated ID that will be part of the generated keys
totalkeys - total number of keys (described below) generated

This database will contain the primary information for our users. There will be a second
set of databases, which will be generated for each user. These databases will contain
the generated keys, and will have the following information per record:

key - the generated key
origin - the site and or party given the address (this is for tracking)
date - date the key was generated
totals - total number of times the key has been flagged (ie. sent an email)

Each email that is sent to a key will be copied and put into a file named after its
key then followed by its count (ie. the sixth email sent to key X240213sd would be
X240213sd.5 [0-5]) that way we can track messages as well.

Now that you have an entirely confusing description of the data we'll be storing, time to explain
how this thing works.

Here's the life of a SPAM message sent to an address covered by spam router:

User is asked to provide their email address to a website for whatever purpose.
User logs into spamrouter and generates a new key, and enters in the website's URL
and other information so he or she can remember what they gave it for.
User is given a key generated address.
User gives that address to the website, and goes about their business.
IF the website the user gave their address to is a spamming website, and tries
to spam the email address provided, spamrouter becomes a knight in shining armor.

Email is sent to key at spam router such as: x9237823sijd783@spamrouter.org, spam
router receives the email, and copies it into a file for future reference, increments
the count on that particular abusing website in its database, and sends it to the
destination address (we're not trying to block spam [unless the user turns that
key off], just trying to trace it to whom it really came from.) An email is sent to the
destination address alerting them that the email was SPAM and sent from whatever
website the user registered it with. This allows the user to have a real copy
of the email, the information as to whom it came from - so that they can contact
the company, or whomever, and rip them a new one and have absolute proof that it was
from them, furthermore, the user can then turn off that key. Basically, no one will
ever receive your REAL email address (unless you give it to them) which lets you decide
who can contact you, and who can't. The problem with most "filters" is they filter who
it's from, not who it's sent to.

Kind of complicated, and maybe not really all that useful... but I created it for myself
because I want to know WHO is using my address for spam, that way I can get these people
to stop. Furthermore, once I've finished my business with a particular site, I can turn
that key off, basically eliminating spam from that address.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Here are my ideas....

[Mustang+Matt]

The government simply puts a fine on any company that forges headers. $500/email.

You receive an email with forged headers and you send it off to some complain department. They can then do a reverse lookup on the fax number or 1800 number or the owner of a website.

Federally regulated is fine with me. It will probably speed up the process.

I'm just tired of using spamcop and sending complaints to abuse@*domain*.com and not getting any results. When you try to call the big guys up they simply tell you to email them.

Smaller companies will usually take care of the problems immediately.

Going after the spam sender is usually a useless effort anyway, going after the end product that the spam is trying to sell is not.

How can I address congress and make a proposal to end put something into affect? I've been working with my Missouri State Rep. Carl Bearden for Missouri laws, but we need laws everywhere to make it stop.

It really is costing us money. My company is forced to pay for a full T1 instead of a burstable because of the massive amounts of spam that comes through overnight.

Re:Here are my ideas....

The government simply puts a fine on any company that forges headers. $500/email.

There isn't anything wrong with forging headers. I do it all the time. Instead of using an address of myname@isp-that-might-be-out-of-business-next-week .com, I'll use mynickname@web-based-service.com. My ISP won't let me send out port 25 directly, so I have to send through their SMTP server and forge my address. And they don't have an issue with that.

I agree that using bogus return addresses makes the spam issue much harder to deal with. Forging (which is a poor choice of words!) isn't always a problem.

PINE users

[ryanvm]

For PINE users [...]

Both of them ;-).

who buys form spammers?

I do not get it guys! Do you buy from spammers?! I certainly don't. Ok, ok, I suppose there are enough stupid people to buy and thus make this a lucrative business for spammers. But to me it almost looks like most of the spam is sent out of pure hate. Do they really expect to sell anything after they spam you to death? This is stupid, this is a stupid and obscene business model, clearly there should be legislation to ban this kind of businesses.

The question really is: if this is so clear to us (decent, intelligent, hard working people) why is not to our congressmen?

How to use msrfa?

Any clues on what it looks for in patterns?

Is it something like, to get rid of any spam containing mediatrec, you filter

mediatrec

or do you have to filter

*meditatrec*

?

Re:How to use msrfa?

[amuro98]

There are several things you can look for when filtering spam.

Personally, I use procmail - which will work with whatever mail reader you use, so long as your ISP lets you use it...

This site is a good starting point on learning to use procmail for spam filtering.

As they say, "Procmail is your friend."

html spam filter

I use

as a filter, as only spammers send me web code in e-mail.

Re:msrfa for OUTLOOK EXPRESS

this rule needs to be placed at the top of your message rules to work properly as the list behaves the exact opposite as a routing table. (its M$, what do you expect?)

I would expect each rule to be acted upon, starting from the top one and ending with the bottom one. Is this not what occurs?

despammed

[IanO]

I use despammed.com and I have found their filters to be quite effective in preventing spam. Anytime I sign up for a site that account gets used and if I later trust them I may switch to one of my unblocked accounts.

Ahhh.. I love the smell of spam mail in the evenig

[ here comes a snowball, but your lameness filter just couldn't stand the junk characters ;)) ]

You just got hit by a snow ball.
It's the beginning of a Great Snowball War 2001/2002
The only rule - don't hit the ones you don't like!
Throw at any person you like and...
if you got hit by a snowball, throw one back
and have your revenge!!

--- don't know about you, guys... I like such spam once in a year :) And be sure, M$ will not get spammed this time!

pm0.net

[bwhalen]

I get 8-10 a day from these fools..

Re:pm0.net

[macdaddy]

Yes. They do nothing but spam. I have an extensive list of spamming domains. Another really bad one is Broadwing.net. Bad bad bad. Nothing legti comes from them.

Quick question(s)

[matty]

When I edit the From Pattern field, can I enter more than one domain? Or do I have to have a separate filter for each domain?

If I want to filter out pm0.net, do I just enter that or @pm0.net or *@pm0.net or...... :)

Thanks :)

I know you hate to hear this, but...

[notcarlos]

I recently set my hotmail filter to "exclusive", and I have yet to see anything that I didn't explicitly ask for. The rest is easily flushed out of the Junk Mail folder. Somebody, somewhere, got something right for once. I'm happy.

Prepackaged filter scripts

[yerricde]

The number of people competent to hand-roll a procmailrc, let alone install all the other needed anti-spam tools, is a tiny fraction of the total number of email users. And maintaining all of that anti-spam infrastructure to keep up with the latest spammer tricks.

Then why not throw up a web site containing filter scripts for the popular mail servers (to route received mail to an IMAP folder "junkmail") and MUAs (to label received mail as possibly spam, with a new sort option "order by spam probability") and putting checks for new filter scripts in the weekly software update regimen (server) or downloading them automatically (client)? In fact, I bet several people have already started such projects.

No need for filters!

[Doug+Neal]

I don't like using filters in my mail programs. Blocking "from" addresses doesn't work cos they're always faked and never the same twice. Blocking domains in the "from" addresses blocks out legit emails (they're all from hotmail and yahoo and stuff, millions of potentially genuine emails from there) - basically I don't like letting the system decide what I see and what I don't, because there's always a possibility that it'll keep back a "real" bit of mail.

My favorite techniques, and these have kept me virtually spam-free for years, are:
* Don't post with a valid email address on usenet - be sure to spam-trap it, and never put your real email address in the body of the post either, the spambots look everywhere. This cuts out about 90% of spam.
* Don't give your real email address to websites whose intentions are dubious
* Spamtrap your email address on web pages you publish yourself
* When you do get spammed, take a few minutes to trace it's source and email the ISP. Usually they'll "take steps". i.e. close the account of the customer responsible. Or if it's an open relay, to secure it. Do this often enough, and when the next edition of the Spammer's Special SuperDooperMega Mailing List CD comes out, your email address will be on the blacklist - under "don't spam this address or you'll be shut down"!

This year I must have got about 10 spams in total, that's all...

Hell...

[PlaysWithMatches]

It's gone up by 650% for me in the last month. I get about 20 spam messages an hour, ranging from breast enlargement ads (I'm a guy, btw), to fixing my credit (which is already perfect).

Fortunately, there was an easy solution. I just added Pine filters for these words in the "from" address: deal, offer, bargain, save, money, and winner. That cut it down from ~20 an hour to maybe 3 random e-mails a day that slip through. :P

Suddenly no more spam!

[AaronW]

As a former @Home (now AT&T) broadband user, since my email address changed I am no longer receiving the 30+ daily spams I got with @Home. I had my former @Home address for over 5 years and early on I wasn't as careful as I should have been about protecting it. I now use multiple email addresses, where I use an alternate address for services or postings which have the potential to be picked up by spammers.

I suspect that it's only a matter of time until my new email address becomes another toilet for the spammers to piss in.

Re: To clairify..

[ltm]

Just to clairify, I wasn't talking about using Spamcop.net's own mail services. Indeed, Spamcop provides a service where you can have _them_ filter your mail. I am talking about their free "Abuse Reporting" system. Honest, I haven't had to report spam in 5 days now. It's really odd.

Have you looked at SpamCop?

[Teancum]

Check out SpamCop

This site does a fair bit of what you are suggesting, including e-mail forwarding, spam tracing, generated keys, the database stuff, and more. I would like to get some of the stuff he is doing via GPL'd software (some of it is, BTW), but he does a pretty good job, and even seems to annoy the flagrant spammers a bit.

There is free spam reporting, including an anonymizer to inform the offending ISP that they are being used by spammers. They can reply to the blind e-mail forwarder, but they won't get your address directly.

If you want to build a better mousetrap, (or spam trap, as it may be), this is a good resource to use as a benchmark (or talk you out of your project... but don't let that stop you.)

Re:Have you looked at SpamCop?

[nhoover720]

I like SpamCop, but what I like more about mine would be A) the completely open source free nature to it. B) The fact that it would cost nothing. C) It uses a fool proof approach. There is absolutely NO way to evade this method, because each time you sign up at a site (newsgroup, etc.) they each get a unique address, meaning that they can spoof all they want, get as tricky as they want, no matter what - they have to send it to somewhere, and since there will only be one address per website, there's no way they can ever evade it.

What do you think?

Re:the rest of the world...

[spudgun]

sure filters work BUT
here at work we have ADSL - which we pay through the nose for (Telecom NZ have a monopoly on the copper here) we get 600 MB a month and anything above that we pay $0.2 for - so this spam starts costing this busness money.....

Spam is the only marketing method where you pay to get the junkmail.

as an aside
Spammers don't even target their advertising because it's costs them nothing
the number of spams i get asking me to buy an american flag or offer free postage in america ...

I'm never going to act on any spam and if a company spams me I will look elsewhere for the same product if i need it.

spam just doesn't work!

Re:the rest of the world...

[amuro98]

Sorry, but spam is anything but a "minor annoyance."

From the end-user's point of view, spam threatens to make their mailbox unusable. Over the weekend, I got over 100 messages to my personal ISP account. Eighty of them were spam. While my filters caught about half the stuff, my Inbox was littered with 40 spam messages, and 40 legitimate messages. Yuck.

Also, don't forget most ISPs enforce quotas. Get too much mail, and stuff will bounce.

From an ISP point of view, spam is a much more major problem in that they have to store the garbage until their users can take care of it. Wasn't it AOL who claimed that 30% of their network utilization is just spam? You can't deny that this won't have an impact on their costs of operation, which then get passed to their subscribers...

This is why many ISPs have been taking more drastic measures against the ISPs that allow spammers to remain on the internet. Many have begun to instruct their edge routers to drop any packets from "rogue" ISPs. Others have been using managed blacklists like MAPS or SPEWS.

At least if you get listed on one of these blacklists, you have a chance of getting de-listed from the 1000s of routers/servers. As for the personal blacklists....well, let's just say that some ISPs will need to apply for new IP#s if they ever get a clue.

But don't assume for a minute that the spammers are winning. If anything, they're being herded onto the few ISPs that allow their shenanigans...and those ISPs aren't welcome many places on the internet.

Re:the rest of the world...

[nhoover720]

40+40+40 != 100

Re:msrfa for OUTLOOK EXPRESS

[Anonymous+DWord]

IANAOEU, but I'd assume he meant each rule is applied immediately, as opposed to going down a list and taking the last one that applies to any given message, superseding any previous rule.

It is per click

[sideshow]

everytime the link is clicked on the advertiser pays the fee shown below the link. Overature has stuff to make sure you don't spam the link but 10 bucks even once is a huge hit.

Re:the rest of the world...

[Uncle+Gropey]

I find most European laws like this to be overly invasive, but I'm with you on this one. And that goes for telemarketers and junk snail mail too.

Re:Somethi-N-g most forget

[Skapare]

If the operators of the DNS blacklists would operate them properly, maybe more people would use them, and submit spam reports to them. These things include:

• Have a place to submit spam incidents, such as a web form. Then process them to look for patterns.
• Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam.

Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer. If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused. Likewise, if they set up reverse DNS to identify their dynamic customer pool addresses in its own zone, I can block that to prevent the direct spam and some of the home open relays.

Most people hate spam and don't want it coming in. But not everyone is wanting to come out swinging at everything in sight as a result of that. Some of the anti-spammers are on the wrong crusade and not very many people will follow them.

People won't use it.

[Skapare]

People won't use it. As you say, it is complicated, and a lot of hassle to use. Any anti-spam methods must be simple and easy to use, otherwise the "d" key becomes the attractive alternative. And we already know that's not good enough.

Re:People won't use it.

[nhoover720]

But the point is not to have to do much to get it to work, I mean right click maybe, add key, and it's done... seems an easy way to eliminate such a HUGE problem?

24 hours of pinging

[Skapare]

What if every time you get spam from some source, especially a direct delivery from a dialup, DSL, or cable luser, you launch a background process like:

ping -c 86400 ${spammeraddress} &

Of course you're only trying to see when the spammer goes away, right? But if everyone does this ... just for 24 hours after receipt of spam, what do you think will happen?

Re:24 hours of pinging

[_Shad0w_]

You'd get your account terminated by your own ISP for violating their AUP probably.

And rightly so, two wrongs never make a right, not even on the internet.

Re:24 hours of pinging

[Skapare]

Only the smallest ISP would ever notice. And the ISP at the target would have thousands of those to deal with if it got their attention.

Re:the rest of the world...

[amuro98]

Whoops. Typo.

40 spams filtered
40 spams unfiltered
20 legit messages.

Re:Somethi-N-g most forget

[macdaddy]

"Have a place to submit spam incidents, such as a web form. Then process them to look for patterns."

Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.

Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.

Provide separate zones for blocking sources of spam, and blocking web sites and ISPs where spammers might be hosting a web page. Not everyone wants to block the latter; I only want to block the source of spam."

Many DNS blacklist authors do just this. MAPS is a good example. You have the DUL which lists dial-up IPs only. The RSS which lists known && abused open relays. The RBL contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ is a combination of those 3. All 4 of those are their own zones. SPEWS lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com is the home of the RSL. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com is the home of the SBL (Summit Block List), not to be confused with the SBL (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO database", a list of those spammers.

"Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer."

In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.

"If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused."

This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.

Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.

"Some of the anti-spammers are on the wrong crusade and not very many people will follow them."

This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!

Comment removed

[account_deleted]

Comment removed based on user account deletion

distibuted spam detector, or old hat?

what the feasability of a distributed spam detection system that operates as a plugin for email clients, the plug-in does 2 things, firstly it allows clients to tag an incoming email as spam, this causes the plugin to send a profile of the offending mail to a central list, the central list records all offenses and at a predetermined duplication level deems the mail to be spam, in comes part 2, once a mail on the central list is deemed as spam the plugin will add the email profile to its filter and reject emails matching the profile,

theory being that once some people have received the spam others will not have to ?

im in no position to code this, is it feasable, has it been done before, underway, or just a crap idea for some obvious reason I am missing...

comments welcome

Fighting Spammers

[Andreas+Ribbefjord]

Back in the days, in the Amiga BBS (Bulletin Board System, [modem connected] multi user chat and files sharing system) scene viruses was an everyday thing. I must have been infected with some 50 different breeds though the years. There where floppy boot block- and executable file-viruses. Just as irritating as spam.

However, a rumour said a group of Swedish BBS sceners who had gotten to know the identity of a virus programmer (some of them liked to brag) payed him a visit. With baseball bats.

This could perhaps be adopted as a method to fight spammers.

But I can only use pine

I'm locked into pine, so filter syntax for Procmail won't do a thing for me

Re:But I can only use pine

[amuro98]

If your ISP lets you use procmail, you have your mail sent through procmail before Pine (or whatever reader you use) ever sees it.

Re:msrfa for OUTLOOK EXPRESS

[zimm0001]

In my experience filters and routing go down a list and when they find a match, that match is used.
Outlook Express however processes ALL filters reguardless of a previous match.

Thus putting the 'kill_all' as the last filter, would delete ALL incoming mail reguardless of any other filters you may have setup.

By putting the 'kill_all' filter at the top, the other filters still process and will move any special filtered mail to the proper folders and not delete it.

my mother

[ahodgson]

My mother started sending me all that crap. I told her to stop. Then she got all upset - she actually thought she was being helpful.

Her friends send this stuff back and forth all the time.

What a pain.

True.

[Mustang+Matt]

I guess you're right. Technically you are forging headers. I myself do that, I have several domains and they all go out of one smtp server when I send from internally.

What's a better word to describe what I am talking about? Invalid headers? I guess that's more accurate.

UCE exploiting the WTC/Pentagon disasters...

[ReaganBSD]

I just got a piece of UCE titled "Help The 9/11 Survivors". The thing went on to describe a 9/11 charity, and how they needed money to help those widowed/orphaned by the Taliban's cowardly attack on the US.

Normally I hate UCE. However, given the magnitude of what happened on 9/11, my patriotism overwhelmed my good judgement and I clicked on the link.

Suh-prise, suh-prise--'twas a porn site.

Needless to say, I wasted no time in filing an abuse report. That goes to show you just how low spammer scum can sink. Those "Remember me?" or "I sent this info per your request" UCEs are bad enough, but to exploit the first foreign invasion of the US since 1812 is enough to justify forcing such spammers to snort a load of anthrax. No kidding--I really believe that would be a suitable punishment.

Piss on spammers.

Re:Somethi-N-g most forget

[Skapare]

Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.

Your case was not the kind of thing I am targeting. Clearly you need a batch method. But that doesn't mean there shouldn't also be a web form that makes it easy for those with 1 or 2. Surely you didn't mean to exclude web forms just because you'd find them troublesome. Let there be both.

Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.

I don't expect the average Joe to worry about patterns. Let him post the spam as he gets it and the software behind the scenes then looks for patterns in multiple postings and determines when there's a lot of the same spam, and how to recognize it.

Many DNS blacklist authors do just this. MAPS is a good example. You have the DUL which lists dial-up IPs only. The RSS which lists known && abused open relays. The RBL contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ is a combination of those 3. All 4 of those are their own zones.

MAPS is part of the problem. These different zone you describe are still abused. They also list whole ISPs that happen to host web sites that spammers happen to be promoting. And this is a dangerous thing to be doing because it is possible for someone to do spamming that appears to be promoting some site when their intention is to cause it harm through blacklisting. I do not want to be a part of that kind of activity. While I am certainly opposed to web sites that provide spamming software, I won't even go so far as to ban those because I don't want to set the precendent of banning on the basis of content. It's not the content of spam that's the problem, it's the volume.

And then there's the issue that MAPS is commercialized and totally uninterested in providing services to the little guy. I know because I wrote to them 3 times, twice right before they cut off at the end of July 2001, and once after, and got absolutely zero response. They aren't interested. They have been assimilated by the dollar signs.

SPEWS lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints.

And this is also part of the problem, and is why I stopped using SPEWS, in addition to the fact that no feedback mechanisms even exist. If you are looking for a way to get more people on board stopping spammers, SPEWS is NOT it.

Show me a DNS blacklist that has a zone to block ONLY the actual spam sources, and which will NEVER block anything else except in an attempt to actually block a spam source. Blocking a whole ISP is justified for this zone ONLY when they are trying to help a spam source move around to evade blocking. It should NOT have collateral damage unless there is no way to otherwise distinguish between spam being sent and other mail. It should NEVER attempt to block mail from some source that isn't spamming just because the operators of the blacklist are pissed off at the source for some reason, including things like hosting spamware web sites. Things like spamware websites should be in their own zone. That way those who do agree and want to block them can, and those who don't won't have to give up on DNS blacklisting to keep from causing collateral damage.

In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.

When it is clear that the ISP is helping them do that, then it is OK to block the entire network the ISP is using, and if the ISP has moved the spammers over to another network, block that. In such a case, it is the ISP that has become the bad buy by helping spammers. However, if the ISP puts a spammer on a dedicated circuit with a dedicated subnet address space that does not change, then the ISP should absolutely NOT be included in the blacklist zone; only that assigned dedicated network should be. Let the ISP actually act to move the spammer before expanding the target.

This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.

Sure it does. It presents the idea that anti-spammers are well focused on what they are doing and avoids devaluing the blacklisting zone the addresses are in. Of course I know spammers do move on. And if they move on to new address space at the same ISP, then (and NOT before) we have cause against that ISP. I do not want to use a blacklisting zone that includes the ISP before the ISP acts to help spammers.

Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.

Why LART the upstream? Let's assume for a moment that Broadwing is a co-spammer ISP. That justifies them to be blocked. But if you get the upstream to kick them off, now you'll find them pop up again somewhere else. Sure, let the upstream know what's going on. Let them know you blacklisted the address space, since if Broadwing does leave, the address space might be used by someone else, next, and the upstream could (as if they would) let you know about it. Still, the official formality of it is the thing to do.

But don't encourage an ISP to cut off a content spammer that you have successfully blocked. That goes for upstreams of ISPs that are aiding spammers and have to be included. If you've got the spammer cut off for now, don't try to get them to move on any sooner. The sooner they move on, the sooner you get spam from them again and have to send more LARTs and block more addresses. Sure, they won't stay there forever, but let them stay there as long as they will if you have "there" cut off.

"Some of the anti-spammers are on the wrong crusade and not very many people will follow them."

This I have to strongly disagree with.

I happen to think you'll get more people on board, people like me, if the crusade gets better focused, and isn't about trying to stop mail from ISPs that host web sites that are supported by spam, or at least distinguishes zones that let people have a choice. If you want to choose to block more sites than I would block, that's fine. That's your choice and I support your right to do it. What I am trying to encourage is for there to be blacklist zones that a focused on a surgical strike against exactly spam sources and limit collateral damage to whatever cannot be distinguished from the spam. Focus on the volume abuse of the spam, not the message or content in the spam.

One of the reasons I don't want to support anything but blocking the volume spam is because I want to leave the notion of anonymous email open on the internet. If we stoop to blocking anything based on the content, we risk opening up blocking anything else based on content, and de-facto censorship could follow. You can do that if you want, but I don't want to be a part of it and that's because that's what I want. If there are blacklist zones available to block exactly that and no more, I'll use them. If there aren't, I'll have to work out what I can do to block spam without the risks I fear. And I believe there are a lot of people who believe as I do, who hate spam as much as anyone, but aren't going to let that hatred drive them to ruining the internet. You can get them on board if you realize that not everyone agrees with you about everything.