Christmas Spam Level Skyrocketing

dbolger writes: "ZDNet has this brief, but interesting article about how the amount of spam we recieve in our inboxes has increased 650% since this time last year. Nice to know that that anti-spam legislation passed a while back is having an effect (not)." For PINE users, just remember the magic spell: "m s r f a."

Both sites and advertisers are desperate

[Artifice_Eternity]

I was laid off from a marketing/"branding"/ad firm in July, b/c they just weren't getting the web development business they once had. Banner ad rates have plummeted, and we are being assaulted by ever-more-maddening varieties of web ads (huge banners, popunders, clickthroughs, and now "shoshkeles"!?). Sites feel they have to give advertisers more for their money, simply in order to bring in the same revenue as during the dot-com boom.

When will this madness stop? Users may flee sites that harass them too strongly. Then again, the general level of advertising in our environment has been slowly but steadily increasing for decades. I doubt this trend will stop anytime soon.

Re:right....

[MLC2012]

It's a simple equation...

The cheaper PC parts get, the more new users.
The more new net users (AOLers?), the more spam.

I recall reading something on news.admin.net-abuse.email a while ago about a company that provided webhosting to businesses, and something like 95% of their new customers spammed. I'd imagine that rate could be applied to new members of online services a la AOL, Prodigy, et al, and probably half that rate for new net users connecting via actual ISPs.

Want to incur a LARGE cost on spammers?

[vandan]

Get your own back from SPAMMERS! Click the link and follow through to each of the SPAMMER's advertisments you wish to 'pay back' for their fine services. The cost to the SPAMMERS per click is displayed next to each advertisment. Only one click per day per person per advertisement is counted... http://www.overture.com/d/search/?type=home&Keywor ds=bulk+email

Re:Want to incur a LARGE cost on spammers?

And here's my spamhurt.php file.

<?php
error_reporting(E_ALL);
set_time_limit(0);

$agents = array("Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686)",
"Mozilla/4.74 [en] (X11; U; Linux 2.2.10 i686)",
"Mozilla/4.72 [en] (X11; U; Linux 2.2.12 i686)",
"Mozilla/4.73 [en] (X11; U; Linux 2.2.14 i686)",
"Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)",
"Mozilla/5.0 (X11; U; Linux 2.2.16 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.2.14 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.4.3 i686; en-US; 0.6) Gecko/20001206",
"Mozilla/4.51 [en] (WinNT; U)",
"Mozilla/4.72 [en] (WinNT; U)",
"Mozilla/4.74 [en] (WinNT; U)",
"Mozilla/4.08 [en] (WinNT; U)",
"Mozilla/5.0 (Windows; U; Win95; en-US; rv:0.8.1+) Gecko/20010426");

srand((double)microtime() * 1000000);
shuffle($agents);
$agentCount = sizeof($agents) - 1;

function HTTPGet($url)
{
global $agents, $agentCount;
if(!($fp = fsockopen("www.overture.com", 80))) return FALSE;
fwrite($fp, "GET $url HTTP/1.0\r\nHost: www.overture.com\r\nUser-Agent: " . $agents[mt_rand(0, $agentCount)] . "\r\n\r\n");
$html = fread($fp, 100000);
fclose($fp);
return $html;
}

mt_srand((double)microtime() * 1000000);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+email"), $urls);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+mail"), $urls2);
$urls = array_merge($urls[1], $urls2[1]);
shuffle($urls);
$linkCount = sizeof($urls) - 1;

while(TRUE)
{
$html = HTTPGet($urls[mt_rand(0, $linkCount)]);
if(strstr($html, "HTTP/1.1 302")) echo preg_replace("/^.*Location: http:\\/\\/(.*?\\r\\n).*$/s", "\\1", $html);
}
?></A></A>

Filters: Pine and elsewher

[Codeala]

Pine has rule-based filters to block out SPAM. However the Help page recommend you to do the filtering between SPAM arrived at your mailbox. But not everyone has that kind of control over all their mail are stored or organised. And also you need to know what kind of rules are best for blocking SPAM, eg checking the To: and Subject: fields, what regexp to use, etc.

Here is a suggestion: As a Xmas gift to your fellow /.ers, post your most successful spam filter rules here (All mail clients welcome).

Ho HO HOLD (the SPAM)!

Speaking of SPAM

[kawaichan]

I don't get all that much Spam from my email. but I am getting tons of spam from ICQ lately.

At least there are programs to block spam from your mail box, you can't do that on ICQ. Seems like they generate a new ICQ for each messenge so you can't ban them all.

Really?

[Ogerman]

That's funny. I receive at most one or two SPAMs per month. (The handful that slip through onto the Debian mailing lists don't really count.) Maybe people are just becoming more stupid in how they give out their addresses. Oh yeah.. and then there are HTML tags that 'phone home,' supported by many popular mail clients. Of course, we can all thank MS for Hotmail: an endless supply of throw-away mail accounts.

For those who care to reduce spam and other online (and offline) annoyances, see Junkbusters web site, also home to the free (GPL) filtering proxy by the same name.

Re:the rest of the world...

[MS]

The rest of the world (= non-us) accounts for about 67% of all internet users, and is growing more rapidly, as there is more room for new users. The US is reaching saturation.

Despite more than 2/3 of the Internet-users beeing non-us-citizens, 90% of all spam originates in the US. This is most likely due to permissive legislature in the US. In Italy for example collecting (e-mail)addresses and other personal data is illegal, unless you have written permission from the user, or you have a business realationship (italian law #675/96, aka privacy law).

IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.

Ciao,
ms

MandrakeSecure

[Mandrias]

Mandrake Linux has recently opened a new site called MandrakeSecure which is focused on securing a mandrake box.

A recent article posted on MandrakeForum talks about ways to handle SPAM using postfix and qmail. Maybe this can be useful to the larger slashdot crowd?

What I really hate is non-spam!

[Beowulf_Boy]

I get SPam, but it says something like,
"This is not Spam, I'm emailing to let you know that for only 4.99$..."

Help me! They are using our Email!

[toolbar]

No, we don't have an open relay. We have everything properly configured and don't allow relaying. But some %'&$"#!-spammer decided that using michael@ourdomain.de in the "From:" line would be a good idea when sending out spam.

I get several hundred emails per day, either automated replies that tell my, that "your message to iojrf323@yahoo.com could not be delivered" or angry users that accuse us of spamming.

I try to contact the admins of the abused systems and enter their servers into an open-relay list, but that hasn't slowed down the rate of incoming emails.

Any ideas?

The Profit in Spam

It doesn't help that companies like verio and level 3 are about to go under. There anything for a buck last grasp is making them spam friendly. I recently busted a site on verio http://128.242.238.85/ that was operating openly as a spam source. Verio didn't care.

I emailed 100 verio customers in that net block to explain to them how they would be blackholed and what that meant. They took down the site.

You can set up the very software spammers use to poach email addresses from sites in the same net block.

I fight fire with extreme fire. The only spammers I go after since you can rile people up on it, porn spammers, they don't care if they are sending to a kid or an adult, most of them even have pedophile or zoophile crap. Grab a name from the isp, any name. Contact them on the phone and tell them of the spam and give them 24 hours to have the site removed. If not, you are going to call everyone with their last name in the city the isp is located and let them know they are all for helping pedophiles etc. Does your mom know you send porn to minors?

It is very effective. Use infoseek or similar service, look for business by the ISP. Call the deli downstairs, the church in the neighborhood, then let the person at the ISP know who you talked to.

I am not posting my name since spammers have put me on their lists, they post my name as a spammer in newsgroups. They suck.

I have a job where filtering mail could mean not getting a clients mail, so it is not an option.

If everyone just took one piece of spam, traced it to the source or the host. Attacked that host, with legal threats. Do not make anything up, do not lie. When you call their biggest advertiser to explain how they support pedophiles, be clear, it is because they refuse to take action against pedophiles hosted on their site. That they allow one of their customers to send unsolicted porn to minors. Be very clear. And be very clear your group is about to announce who is helping these scums, since their company is an advertiser or client of the isp, you are going to list them. Don't like it? get another isp or get the isp to stop.

Shame is a great motivator. Use it. If we do not stand up to this crap, we are going to see legislation coming in, they are going to be heavy handed, they are going to snoop. Take back your box.

Do more than report a spammer today, those days are over. Attack,threaten and shame a host today.

What if YOUR e-mail address is used to spam?

[AYeomans]

My Yahoo mailbox has just filled with bounce messages, as a spammer forged my email address as From: and Reply-to:. I only saw a few hundred bounces before the inbox filled.

At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.

I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)

But what to do about reputational damage? Or going onto known spammer lists?

What about ICQ spam?

I don't know if this is just me or if there really is a pattern going on. But I for one have been receiving a LOT more icq spam in the past few weeks.

Every morning when I check my messages I have about 10 spams waiting for me and there are more coming in during the day. It used to be mostly/only icq pager events, so I disabled those. But right now just about every type of icq message is getting used.

ICQ is simply getting rather annoying to use but then again all the people I want to talk to use it. It's not like I could just ask everyone to switch to something else (not to mention I have no doubts that other messaging services are or will be just as bad).

So has anyone been experiencing this problem? And if so, have you been able to correct the situation? I would like to know how people are dealing with this.

Thanks
WarDancer AKA TooLazyToCreateAnAccount

What to look for...

[TechnoLust]

Actually, there are several things you can look for. If the spam actually complies with the law, there is a section at the bottom that says, "In compliance with..." I can't remember it all and I'm at work, so I can't look at my spam filters (they're at home).

Also, look for "send to 10 people" and that will get most chain letters. "make $$$" will get several hundred a week. "to be removed" will get a lot, but be careful as it will also get most legit mailing lists too.

I set these filters and then waited for SPAM to get through. If one did I would look at it and try to determine if there was anything unique that wouldn't be in normal correspondence. My SPAM count is still high, but only about 1 a month gets in.

Spamcop.net seems to have worked for me..

[ltm]

About a month ago, I started reporting my spam to Spamcop.net .. you sign up for a free account, and every spam you get, you post to their website. (Additionally, there's a utility out there called Spam Deputy that will auto-post selected spams to your Spamcop account from Outlook.)

Spamcop takes the headers and fires off Abuse messages to every domain it finds in the trace of the spam.

The results? Well, I check my email and my wife's, and we used to get roughly identicle spams .. After using SpamCop for maybe 2 weeks, my spam count dropped off the map, while her email still gets hit. I'd say I've gone from 20 spam/day to 1 spam/day.

It's kinda spooky. Don't know why it worked for me.

Re:msrfa for OUTLOOK EXPRESS

[zimm0001]

I have found an excellent way to filter spam using M$ Outlook Express: (only works for POP tho, not IMAP)

tools->message rules->mail
New...
check off 'where the to or cc line contains people'
and also check off 'delete it'
then click on the 'contains people' link, enter your e-mail address for the pop account, click add and then 'options'
select the 'does not contain' option and click ok
give the rule a name like 'kill_all' and click ok
this rule needs to be placed at the top of your message rules to work properly as the list behaves the exact opposite as a routing table. (its M$, what do you expect?)

this will delete any e-mail not specifically addressed to you (as most spam is).
you will need to create message rules for any mailing lists you may be on, but you should have already done that to properly organize them into folders. ;)

since using this method i have not had to read one spam e-mail sent to my pop account.
:)

despammed

[IanO]

I use despammed.com and I have found their filters to be quite effective in preventing spam. Anytime I sign up for a site that account gets used and if I later trust them I may switch to one of my unblocked accounts.