Slashdot Mirror
Christmas Spam Level Skyrocketing
dbolger writes: "ZDNet has this brief, but interesting article about how the amount of spam we recieve in our inboxes has increased 650% since this time last year. Nice to know that that anti-spam legislation passed a while back is having an effect (not)." For PINE users, just remember the magic spell: "m s r f a."
How does this compare against the overall growth of the internet, though?
The growth in the number of people connecting to the net should be much higher....
The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
Main menu
Setup
Rules
Filters
Add
But this doesn't work unless you know what to look for in spam...and none are alike
Mutilate Spam Right Fucking Away.
"Quoting famous computer scientists out of context is the root of all evil (or at least most of it) in programming." - K
I use a yahoo address for my email, and have it forward to my local server's mailbox. Yahoo adds a header "X-Rocket-Spam" to mail tagged as spam, and I use procmail to filter these out. While their spam detection still works pretty well, ever since the economy went to shits their filtering has progressively gotten worse. I suspect that they are letting certain spam slip for a fee. It used to catch everything, but now I get at least 10 messages a day getting through.
LS
There is a fine line between being a cultivated citizen and being someone else's crop. - A. J. Patrick Liszkie
Too bad my Pine 3.95 (the version on our university system) doesn't have an "r" command in setup. It apparently lets you set up "rules" for filtering, according to the Pine FAQ.
"This message is composed of 100% recycled electrons."
I was laid off from a marketing/"branding"/ad firm in July, b/c they just weren't getting the web development business they once had. Banner ad rates have plummeted, and we are being assaulted by ever-more-maddening varieties of web ads (huge banners, popunders, clickthroughs, and now "shoshkeles"!?). Sites feel they have to give advertisers more for their money, simply in order to bring in the same revenue as during the dot-com boom.
When will this madness stop? Users may flee sites that harass them too strongly. Then again, the general level of advertising in our environment has been slowly but steadily increasing for decades. I doubt this trend will stop anytime soon.
its the command to add a filter:
(M) ain menu
(S) etup
(R) ules
(F) ilters
(A) dd
-- free as in swatantryam - not soujanyam.
So apart from the specific key combination it has nothing at all to do with pine, right?
...). It certainly isn't the most effective way, but ... well, at least I learn some regular expressions ;-)
And IMHO filtering in the MUA is the most low-level spam-prevention possibility. There are several fine anti-spam systems out there.
'though I myself don't use them, yet. I make a sport out of finding a rule that catches the spam that reaches my inbox and is sensible enough not to filter any other mail (just recently I got a problem, that I couldn't receive mail from any student of a specifiy university, 'cause they got [a-z]@university-domain and I filtered on [a-z]*[0-9]{3,}@.*
Get your own back from SPAMMERS! Click the link and follow through to each of the SPAMMER's advertisments you wish to 'pay back' for their fine services. The cost to the SPAMMERS per click is displayed next to each advertisment. Only one click per day per person per advertisement is counted... http://www.overture.com/d/search/?type=home&Keywor ds=bulk+email
Looked at the headline and thought "Hmmm, I haven't gotten that much more spam...". Spam seems to be a bit of a misnomer here. Sure, there is some increase in holiday advertising and such, but spam (i.e. unsolicited e-mail) isn't what they are really complaining about here.
In the body of the article, they describe how jokes, animations, and greeting cards are clogging the system. Well, duh! Ask the USPS. They get clogged with lots of this stuff at this time of year; they're called Christmas cards.
This isn't really spam per se. It generally comes from people you know, even if you only hear from them once a year. Somehow the mailman and my mailbox cope with the onslaught every year. If your corporate infrastructure can't handle it, well what will you do if there is a legitimate boost in business traffic?
I guess these people will just crack the whip on corporate use policies again. Fat lot of good that seems to do.
All this trumpeting about %650 increased spam is an alarmist waste. (Not that I really want any more of the tons of weight-loss pills; credit fixing programs; appeals from Nigerian humanitarian organizations looking for my bank account number, promising free money for my help.)
Sig?
Sigue Sigue Sputnik!!!
Pine has rule-based filters to block out SPAM. However the Help page recommend you to do the filtering between SPAM arrived at your mailbox. But not everyone has that kind of control over all their mail are stored or organised. And also you need to know what kind of rules are best for blocking SPAM, eg checking the To: and Subject: fields, what regexp to use, etc.
/.ers, post your most successful spam filter rules here (All mail clients welcome).
Here is a suggestion: As a Xmas gift to your fellow
Ho HO HOLD (the SPAM)!
Codeala - Just another mindless drone
I don't get all that much Spam from my email. but I am getting tons of spam from ICQ lately.
At least there are programs to block spam from your mail box, you can't do that on ICQ. Seems like they generate a new ICQ for each messenge so you can't ban them all.
kawai
Whenever I see that icon I always think of a piggy bank so I think the topic has something to do with money.
For a topic icon for spam, can't you have a mailbox stuffed with mail?
That's funny. I receive at most one or two SPAMs per month. (The handful that slip through onto the Debian mailing lists don't really count.) Maybe people are just becoming more stupid in how they give out their addresses. Oh yeah.. and then there are HTML tags that 'phone home,' supported by many popular mail clients. Of course, we can all thank MS for Hotmail: an endless supply of throw-away mail accounts.
For those who care to reduce spam and other online (and offline) annoyances, see Junkbusters web site, also home to the free (GPL) filtering proxy by the same name.
Exceptions:
list of trusted sites/people.
Things specificly sent just to me.
It was amazing just what it did filter - I went from 10 spams a day to 1 a week. (mostly due to timing issue of spam pre-filter to fetchmail d/l)
It whacked almost 300+ spams from my 'public' e-mail account in one go. I also have it log the from/Subject - just in case)
make Linux, not Microsoft. sin(beast) = -0.809016994374947424102293417182819
The only thing I hate more than the professional spam are emails from "friends" (non-geeks) that need to inform me of that latest virus, chainmail or that there is a new update that I should download. People are simply CC'ing their entire address-book whenever they receive something that looks interesting, and thereby creating spam :-(
And don't get me started on stupid christmas chain mails !!
Despite more than 2/3 of the Internet-users beeing non-us-citizens, 90% of all spam originates in the US. This is most likely due to permissive legislature in the US. In Italy for example collecting (e-mail)addresses and other personal data is illegal, unless you have written permission from the user, or you have a business realationship (italian law #675/96, aka privacy law).
IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.
Ciao,
ms
Mandrake Linux has recently opened a new site called MandrakeSecure which is focused on securing a mandrake box.
A recent article posted on MandrakeForum talks about ways to handle SPAM using postfix and qmail. Maybe this can be useful to the larger slashdot crowd?
Use the Z-modem protocol between Information Superhighway routers to compress the plaintext. ~LordOfYourPants
Then deletes them on the pop3 server before downloading the actual body.
So, a company selling email filtering software say that email filtering is ever so important? What they actually said was:But their job is to build up a database of junk, so it's not really surprising - it's just saying that their database is up to date (or that their database was very out-of-date last year).
I get SPam, but it says something like,
"This is not Spam, I'm emailing to let you know that for only 4.99$..."
I've just tried SpamAssassin this WE and it works great :
...the best thing is that you don't have to perpetually update black lists of well know spammers
it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)
and it really works well
What surprises me is how the major players who stand to benefit from universal internet use have ignored the threat of spam to the internet as a whole.
To the ordinary user receiving a daily mailbox of sexually-explicit advertising is a major turn-off. I know several ordinary people who just stopped using email because of this sort of thing, and just use their cellphones to make calls and leave voicemail instead. No telephone company would survive for a second if its voicemail customers got bombarded by the same sort of sexually-explicit advertising that internet users get by email.
Spam filtering is not a viable solution for average non-technical users. The industry needs to clean up its act or it will suffer major consequences.
If the present trends continue it would not surprise me if email actually drops out of mainstream existence and is only used by a geek subculture, being replaced by other messaging solutions that provide a safe environment.
I already found the way to remove 90% of my spam. I just send mail from the following domains to a temp folder:
aol.com
excite.com (dead now, probably a good thing)
hotmail.com
lycos.com
mail.com
safe-mail.net
yahoo.co.uk
yahoo.com
I have a special list of people that are explicitly allowed. I expect to see more filters like this in the future, especially for domains that are known offenders.
Hammer of Truth
No, we don't have an open relay. We have everything properly configured and don't allow relaying. But some %'&$"#!-spammer decided that using michael@ourdomain.de in the "From:" line would be a good idea when sending out spam.
I get several hundred emails per day, either automated replies that tell my, that "your message to iojrf323@yahoo.com could not be delivered" or angry users that accuse us of spamming.
I try to contact the admins of the abused systems and enter their servers into an open-relay list, but that hasn't slowed down the rate of incoming emails.
Any ideas?
I'd venture to say the majority of mail you get from @aol.com never really originated from there (the spammers used a fake reply-to address). How do I know this? Because AOL has installed software similar to Slashdot's lameness filter that catches spammers and QUICKLY terminates their account. (AOL members can read about this at Keyword: Rate Limiting.) AOL used to have a really bad problem with child porn and warez, a quick visit into a few empty private rooms reveals this is no longer the case. If you exceed the preset number of outgoing e-mails in a given amount of time, *poof* your AOL account does a disappearing act right before your eyes.
So WHY are you getting e-mails with a forged @aol.com reply-to? It's simple! Many spammers simply believe that AOLers are more trusting of familiar-looking e-mail addresses, so they want their spam to appear as if it came from another member of the service. Ironically, inter-service e-mail on AOL has NO @ address on it!
Next time you see spam from @aol.com, check the originating server in the headers, you might be surprised.
---
Siggy, siggy, siggy, can't you see? Sometimes your puns just irritate me.
It doesn't help that companies like verio and level 3 are about to go under. There anything for a buck last grasp is making them spam friendly. I recently busted a site on verio http://128.242.238.85/ that was operating openly as a spam source. Verio didn't care.
I emailed 100 verio customers in that net block to explain to them how they would be blackholed and what that meant. They took down the site.
You can set up the very software spammers use to poach email addresses from sites in the same net block.
I fight fire with extreme fire. The only spammers I go after since you can rile people up on it, porn spammers, they don't care if they are sending to a kid or an adult, most of them even have pedophile or zoophile crap. Grab a name from the isp, any name. Contact them on the phone and tell them of the spam and give them 24 hours to have the site removed. If not, you are going to call everyone with their last name in the city the isp is located and let them know they are all for helping pedophiles etc. Does your mom know you send porn to minors?
It is very effective. Use infoseek or similar service, look for business by the ISP. Call the deli downstairs, the church in the neighborhood, then let the person at the ISP know who you talked to.
I am not posting my name since spammers have put me on their lists, they post my name as a spammer in newsgroups. They suck.
I have a job where filtering mail could mean not getting a clients mail, so it is not an option.
If everyone just took one piece of spam, traced it to the source or the host. Attacked that host, with legal threats. Do not make anything up, do not lie. When you call their biggest advertiser to explain how they support pedophiles, be clear, it is because they refuse to take action against pedophiles hosted on their site. That they allow one of their customers to send unsolicted porn to minors. Be very clear. And be very clear your group is about to announce who is helping these scums, since their company is an advertiser or client of the isp, you are going to list them. Don't like it? get another isp or get the isp to stop.
Shame is a great motivator. Use it. If we do not stand up to this crap, we are going to see legislation coming in, they are going to be heavy handed, they are going to snoop. Take back your box.
Do more than report a spammer today, those days are over. Attack,threaten and shame a host today.
I worked as a Postmaster at a Federal Gov't agency a couple of years ago.
While I was there we did several things to try and determine what kinds of messages were entering our system.
One of the things we did was to queue all incoming messages for a short period so could have a chance to look at them.
What we determined was that over 95% of all the messages we received that were larger than 1 Meg were CRAP of some sort, and definitely NOT business related.
We also tracked the number of messages per day going through the system for several months and found that just before Thanksgiving our numbers would triple and stay that way until Valentines Day...
Goofy, Geeky Gifts and More!
Hey you, Jim Peterson!!! Do you like Christmas!!! Then check out our barely legal Ho Ho Hoes!!!!
Also play our new game: Find the bad-girl coal!!!
------
Let me give you the lowdown
Ever since Bigfoot.com started tanking, they were selling email addresses to SPAMmers. 99% of my SPAM comes to that address, which used to be my primary. Now almost anything going there goes to the bitbucket. 90% of the email I send on a daily basis consists of "user unknown" bounce messages generated via my filters (love that feature in kmail).
What, pratel, is the anti-spam legislation that has been passed in the US?
Spamlaws.com still susscintly leaves the state of current federal spam legislation at 3 words: Enacted legislation: None
--You will rephrase your request for me to go to hell. Goto statements are not acceptable programming constructs
I send you this coal in your stocking in order to have your grimace. No thanks, bye.
A truly excellent pizza parlor is a delight unto the heavens. Treasure the sauce and the toppings!
My Yahoo mailbox has just filled with bounce messages, as a spammer forged my email address as From: and Reply-to:. I only saw a few hundred bounces before the inbox filled.
At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.
I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)
But what to do about reputational damage? Or going onto known spammer lists?
Andrew Yeomans
I wonder if the increase in the use of filters is related to the increase in spam.
Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
I'm enjoying it while it lasts.
I'm a leaf on the wind. Watch how I soar.
I have both a Hotmail account and a Yahoo account.
The Hotmail account averages 10 to 20 pieces of Spam per day.
The Yahoo account averages 2 Spams per day.
The funny thing is I don't use the Hotmail account address for anything, I use the Yahoo account for virtually everything.
So. My theory is that Hotmail/MSN allows/encourages spammers to fill their users mailboxes with crap!
There are 2 possible reasons:
1 - Hotmail/MSN actually sells their user lists to spammers.
2 - Hotmail/MSN drives up revenues by selling larger mailboxes to people who get more Spam.
Goofy, Geeky Gifts and More!
It's funny how ICQ made all these features such as WWPager and EmailExpress which are designed to make you available to people without ICQ.. then when they start getting abused by spammers, ICQ will even tell you not to accept these services. They should either support these services (which means actively preventing spam, not just telling you to filter them) or discontinue them..
I hadn't been forwarding my ISP mail to my account for awhile. I was AMAZED at the amount of crap that came into it when I decided to check it the other day! SHEESH! 60+ mails a day on that account, ALL SPAM. MOSTLY PORNO. This on an account that I have NEVER used, let alone advertised! Of course the lack of security of the ISP probably didn't help (default web pages as the user's account id, for example)!
The reason a lot of geeks receive SPAM is the same reason I do ... registration of a domain. A live email address on a domain registrar is excuse to have every cheap SPAM cannon leveled at you.
Also, folks seem a bit confused. THERE IS NO NATIONAL SPAM LEGISLATION. It never passed. Not at all. The reason a lot of spammers want to say they are in compliance with opt-out legislation is that it legitimizes their existance. Let's not forget that SPAM is STEALING. You pay for the junk mail that shows up.
Check it out here...
> I filtered on [a-z]*[0-9]{3,}@.* ...).
... everything that comes from [a-z]*[0-9]{3,}@.* will be moved to my "probably spam" folder, which I got trough once a week and delete. It is not ment to catch valid e-mail-addresses, but computer-generated accounts like somelamename1234@yahoo.com or spammer0815@hotmail.com. Noone I know uses an e-mail-address that matches this regexp (apart from said students, for whom I now have an extra "this-is-not-spam"-rule).
> You do realize that this blocks out more valid email addresses than just the example [a-z]@domain you gave, correct?
well
And the phone numbers you should call, or the PO-Boxes you should send the money to, or the incredibbly trustworthy companies you should invest in are located in _______ (insert correct answer here).
Also, look for "send to 10 people" and that will get most chain letters. "make $$$" will get several hundred a week. "to be removed" will get a lot, but be careful as it will also get most legit mailing lists too.
I set these filters and then waited for SPAM to get through. If one did I would look at it and try to determine if there was anything unique that wouldn't be in normal correspondence. My SPAM count is still high, but only about 1 a month gets in.
"Da ist ein Technölüst in mein Unterpanten!"
>obnoxious ads at us as we try to look at the stars.
*shrug*
just don't learn morse code, and you'll be fine . . .
;)
hawk
Spamcop takes the headers and fires off Abuse messages to every domain it finds in the trace of the spam.
The results? Well, I check my email and my wife's, and we used to get roughly identicle spams .. After using SpamCop for maybe 2 weeks, my spam count dropped off the map, while her email still gets hit.
I'd say I've gone from 20 spam/day to 1 spam/day.
It's kinda spooky. Don't know why it worked for me.
When all you have is a hammer, everything looks like a skull.
It just seems like if every state had laws against spam it would end.
I'm not talking about spam from valid companies, I'm talking about the spam with forged headers and invalid return email addresses.
I know that usually the less government involvement the better, but why not let the government put a stop to this for us?
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
I filter spam based off of numerous DNS blacklists. I also have an extensive list of spamming domains and spam supporting providers that I blacklist. Last week I rejected 95,837 pieces of mail from just one of my servers that I deemed to be spam. If people didn't report that spam to the maintainers of the DNS blacklists, I would have to rely on my own access lists to reject spam. This colaborative effort really works.
You want to find the part of the e-mail that mutates the least from spam to spam.
In almost all cases, it is easiest to filter from the recipient's domain name. Their username and hostname is easily changed, but the domain name is somewhat less variable, in my experience. Any respectable company would simply not allow enormous volumes of bulk spam to be sent out under its auspices for very long.
Once you hit "msfrfa", edit the "From Pattern" to be the domain name of the spammer. Then, under "Filter Action" hit "delete". Hit "E"xit, then agree to changes. The whole process takes only about 10 seconds.
So my filtering list includes...
gamblehog.com
postmastergeneral.com
realspecialoffers.com
optinrealbig.com
...
and so on.
The good news is that once you include the most aggregious offenders, your spam influx goes WAY down. With less than a 100 spam sites on my list, I get less than one spam a day in an e-mail account that used to receive one to two orders of magnitude more. You're then in a position where a few seconds of daily maintenance (to add to your existing list) is enough to keep you virtually spam free. Most of the spam I reveive now originates from yahoo.com, aol.com, or msn.com e-mail accounts. I'm not willing to filter out those domains, however, as a few people I know actually have accounts there. However, you rarely get repeat e-mails from those offenders -- the company takes care of them internally, it seems.
I imagine someone out there has already done this, and has released a comprehensives Pine filter list. Does anyone know if this is the case?
Bob
Science, like Nature, must also be tamed, with a view turned towards its preservation.
Why clutter the books with yet another unenforceable law -- which will probably be so badly written that it illegalizes sending email to your mom -- when there are highly satisfactory technical responses? A good junk-mail filter (down to and including a hand-rolled .procmailrc) is perfectly adequate spam control.
You've answered your own question. The number of people competent to hand-roll a procmailrc, let alone install all the other needed anti-spam tools, is a tiny fraction of the total number of email users. And maintaining all of that anti-spam infrastructure to keep up with the latest spammer tricks.
This is a classic arms race, and it's one that the spammers will likely keep winning. Why? Because they care a lot more. A bunch of spam is a time-wasting minor annoyance to you, but their livelihood to them.
Legislation that allows recepients to sue spammers is perfectly enforceable. And even if the legislation only provided criminal penalties, it would still be valuable. For example, the folks from Paetec could have quickly booted the spammers of their network, rather then getting caught up in a multi-year legal battle.
Information obtained from the internet is deemed public information, so people are allowed to collect it in the US. However, you can sue for illegal solicitation if someone e-mails you without consent or a business relationship in the US - the greater of $5000 or the product or service advertised is the standard penalty.
Its just really difficult to enforce.
And you saying we're too permissive? What, do you kill spammers in Italy?
Mod me down and I will become more powerful than you can possibly imagine!
I have found an excellent way to filter spam using M$ Outlook Express: (only works for POP tho, not IMAP)
;)
tools->message rules->mail
New...
check off 'where the to or cc line contains people'
and also check off 'delete it'
then click on the 'contains people' link, enter your e-mail address for the pop account, click add and then 'options'
select the 'does not contain' option and click ok
give the rule a name like 'kill_all' and click ok
this rule needs to be placed at the top of your message rules to work properly as the list behaves the exact opposite as a routing table. (its M$, what do you expect?)
this will delete any e-mail not specifically addressed to you (as most spam is).
you will need to create message rules for any mailing lists you may be on, but you should have already done that to properly organize them into folders.
since using this method i have not had to read one spam e-mail sent to my pop account.
:)
Comment removed based on user account deletion
The spammer's ideal email list would include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the vast majority of people who "just hit delete". If automatic filtering means that those inclined to complain about the spam don't see the spam, then filtering actually helps the spammer.
So set your filter to forward each spam to your congressman. B-) Say, with a nice form-letter about how this showed up in your inbox today and you'd really like the law against unsolicited faxes to be expanded to include spam, with only "opt-in" allowed.
And re-tune it periodically as the congresscritters change their email addresses.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
Hi, I'm thinking about creating a website, and writing the applications to support something like this. Would this be useful to you guys? I know the documentation is sketchy, let me know on any ideas.
I want to develop a free site for people to login to that will basically allow them to completely eliminate, and trace the orgin of spam. Here are the program specs, what do you think?
Program Title:
SpamRouter
Program Description:
A set of scripts to route mail to the correct destination address, as well as collect statistics
on where the "spam" was sent to, which will provide a direct link to where the address was
provided allowing us to track spammers efficiently, and accurately. Also allowing the user to deactivate the address provided, eliminating spam from that source.
Author:
Nick Hoover
Systems Engineer
720 Studios
Copyright Information:
This document and all of its accompanying scripts are (c) 2001 by 720 Studios
No parts of this program may be redistributed for profit without explicit
written consent of 720 Studios. You may modify this program as you wish, however
no warantee is presented modified, or unmodified. Meaning, use at your own risk.
Detailed Description:
This will be discussed in a single user environment, in future versions however - multiuser
environments will be present to allow the program to have a realistic use in the real world.
SpamRouter will have three seperate things going on. The key attachment to all of these
scripts will be a flat file (for now, however that may be put into a mySql database eventually
if the need is ever that high) database which will contain the following information:
useremail - the destination email address, which will be in the future used for the user's login
userpass - dummy for now, eventually an encrypted password for multiuser
userid - a generated ID that will be part of the generated keys
totalkeys - total number of keys (described below) generated
This database will contain the primary information for our users. There will be a second
set of databases, which will be generated for each user. These databases will contain
the generated keys, and will have the following information per record:
key - the generated key
origin - the site and or party given the address (this is for tracking)
date - date the key was generated
totals - total number of times the key has been flagged (ie. sent an email)
Each email that is sent to a key will be copied and put into a file named after its
key then followed by its count (ie. the sixth email sent to key X240213sd would be
X240213sd.5 [0-5]) that way we can track messages as well.
Now that you have an entirely confusing description of the data we'll be storing, time to explain
how this thing works.
Here's the life of a SPAM message sent to an address covered by spam router:
User is asked to provide their email address to a website for whatever purpose.
User logs into spamrouter and generates a new key, and enters in the website's URL
and other information so he or she can remember what they gave it for.
User is given a key generated address.
User gives that address to the website, and goes about their business.
IF the website the user gave their address to is a spamming website, and tries
to spam the email address provided, spamrouter becomes a knight in shining armor.
Email is sent to key at spam router such as: x9237823sijd783@spamrouter.org, spam
router receives the email, and copies it into a file for future reference, increments
the count on that particular abusing website in its database, and sends it to the
destination address (we're not trying to block spam [unless the user turns that
key off], just trying to trace it to whom it really came from.) An email is sent to the
destination address alerting them that the email was SPAM and sent from whatever
website the user registered it with. This allows the user to have a real copy
of the email, the information as to whom it came from - so that they can contact
the company, or whomever, and rip them a new one and have absolute proof that it was
from them, furthermore, the user can then turn off that key. Basically, no one will
ever receive your REAL email address (unless you give it to them) which lets you decide
who can contact you, and who can't. The problem with most "filters" is they filter who
it's from, not who it's sent to.
Kind of complicated, and maybe not really all that useful... but I created it for myself
because I want to know WHO is using my address for spam, that way I can get these people
to stop. Furthermore, once I've finished my business with a particular site, I can turn
that key off, basically eliminating spam from that address.
Comment removed based on user account deletion
The government simply puts a fine on any company that forges headers. $500/email.
You receive an email with forged headers and you send it off to some complain department. They can then do a reverse lookup on the fax number or 1800 number or the owner of a website.
Federally regulated is fine with me. It will probably speed up the process.
I'm just tired of using spamcop and sending complaints to abuse@*domain*.com and not getting any results. When you try to call the big guys up they simply tell you to email them.
Smaller companies will usually take care of the problems immediately.
Going after the spam sender is usually a useless effort anyway, going after the end product that the spam is trying to sell is not.
How can I address congress and make a proposal to end put something into affect? I've been working with my Missouri State Rep. Carl Bearden for Missouri laws, but we need laws everywhere to make it stop.
It really is costing us money. My company is forced to pay for a full T1 instead of a burstable because of the massive amounts of spam that comes through overnight.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
For PINE users [...]
;-).
Both of them
I use despammed.com and I have found their filters to be quite effective in preventing spam. Anytime I sign up for a site that account gets used and if I later trust them I may switch to one of my unblocked accounts.
------
Objects in Mirror are Losing!
Yes. They do nothing but spam. I have an extensive list of spamming domains. Another really bad one is Broadwing.net. Bad bad bad. Nothing legti comes from them.
Fortunately, there was an easy solution. I just added Pine filters for these words in the "from" address: deal, offer, bargain, save, money, and winner. That cut it down from ~20 an hour to maybe 3 random e-mails a day that slip through. :P
Mozilla's a nice operating system, but it needs a better browser.
As a former @Home (now AT&T) broadband user, since my email address changed I am no longer receiving the 30+ daily spams I got with @Home. I had my former @Home address for over 5 years and early on I wasn't as careful as I should have been about protecting it. I now use multiple email addresses, where I use an alternate address for services or postings which have the potential to be picked up by spammers.
I suspect that it's only a matter of time until my new email address becomes another toilet for the spammers to piss in.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Check out SpamCop
This site does a fair bit of what you are suggesting, including e-mail forwarding, spam tracing, generated keys, the database stuff, and more. I would like to get some of the stuff he is doing via GPL'd software (some of it is, BTW), but he does a pretty good job, and even seems to annoy the flagrant spammers a bit.
There is free spam reporting, including an anonymizer to inform the offending ISP that they are being used by spammers. They can reply to the blind e-mail forwarder, but they won't get your address directly.
If you want to build a better mousetrap, (or spam trap, as it may be), this is a good resource to use as a benchmark (or talk you out of your project... but don't let that stop you.)
IANAOEU, but I'd assume he meant each rule is applied immediately, as opposed to going down a list and taking the last one that applies to any given message, superseding any previous rule.
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
If the operators of the DNS blacklists would operate them properly, maybe more people would use them, and submit spam reports to them. These things include:
Some anti-spammers are on a crusade to maximize collateral damage. I am not. I won't block a whole ISP because of a spammer unless that ISP is making it difficult to isolate and focus on the spammer. If they corner the spammer operation to a specific static subnet, I'll gladly block that, and I'd want to use a DNS blacklist that is equally focused. Likewise, if they set up reverse DNS to identify their dynamic customer pool addresses in its own zone, I can block that to prevent the direct spam and some of the home open relays.
Most people hate spam and don't want it coming in. But not everyone is wanting to come out swinging at everything in sight as a result of that. Some of the anti-spammers are on the wrong crusade and not very many people will follow them.
now we need to go OSS in diesel cars
People won't use it. As you say, it is complicated, and a lot of hassle to use. Any anti-spam methods must be simple and easy to use, otherwise the "d" key becomes the attractive alternative. And we already know that's not good enough.
now we need to go OSS in diesel cars
What if every time you get spam from some source, especially a direct delivery from a dialup, DSL, or cable luser, you launch a background process like:
ping -c 86400 ${spammeraddress} &Of course you're only trying to see when the spammer goes away, right? But if everyone does this ... just for 24 hours after receipt of spam, what do you think will happen?
now we need to go OSS in diesel cars
Have you ever tried to run more than a handful of LARTS through a web form? It's a nightmare. I have 1200 pieces of Broadwing.net spam that I need to LART tonight. I don't know how I'd LART all of them via a web form.
Patterns aren't something that the average Joe would pick up on anyhow. Few people noticed that recently more and more spam uses a spoofed From: in the form of BSUser@yourowndomain.tld. If they do want to look for patterns, they could easily view thousands of spam reports in news.admin.net-abuse.sightings. Numerous people post their spam to it.
Many DNS blacklist authors do just this. MAPS is a good example. You have the DUL which lists dial-up IPs only. The RSS which lists known && abused open relays. The RBL contains ISPs that are known to harbor spammers or at least be neutral to their abuse and ignore abuse complaints. The RBL+ is a combination of those 3. All 4 of those are their own zones. SPEWS lists /24's from which spam originates. Occasionally they'll even list a whole provider that harbors spammers or spamware sites, repeated lies to people that mail abuse@, or are known to bit bucket abuse complaints. relays.osirusoft.com hosts many lists. Individual queries can be made to for any of the lists it hosts or you can transfer them all at once in a big zone file. relays.visi.com is the home of the RSL. It only lists open relays that have been abused, like the RSS and relays.osirusoft.com's base DNSbl. blackholes.2mbit.com is the home of the SBL (Summit Block List), not to be confused with the SBL (Spamhaus Block List) which is hosted by osirusoft. The Summit Block List contains abused open relays and hosts that have been directly involved in spamming. The Spamhaus Block List contains "known spammers, spam gangs, or spam support services" and is "by the same team that maintains the ROKSO database", a list of those spammers.
In a small way I agree. I used to feel like you do now. I was very leary about blocking an entire ISP just because of the possibility of lossing legit mail. I quickly came to realize that blocking just a small piece of that ISP that's know to spam wasn't solving the problem. They'd just move elsewhere within that ISP.
This doesn't accomplish anything in the long term and little in the short term. Sure you block some spam from a spammer for a couple of weeks but they'll quickly figure that out and move to another block. If the ISP facilitates their move then they are supporting spammers. It's an all or nothing deal. You can't have your cake and eat it too.
Personally I block entire ISPs myself, in my personal access lists that are independant of group maintainted DNS blacklists, that are known to harbor spammers and ignore complaints. A perfect example of this is Broadwing.net. I have blacklisted every IP they have registered to them. That includes 3 /14's, a /24, and a /28. That's a lot of IPs. I have never seen anything but spam come directly from them. They harbor Alan Ralsky and many other well known spammers. They ignore spam complaints. They simply don't care. Whenever I LART their spam, I also LART their upstreams because I believe someone there will eventually notice. I know that no one at Broadwing will.
This I have to strongly disagree with. I've been involved in protecting my resources from spam for some time now and have implemented many steps to prevent as much spam from entering my system as possible. I reject just under 1400 known spamming domains. I also reject all mail from a number of providers that harbor spammers as well. I utilize all the lists hosted by Osirusoft, relays.visi.com, blackholes.2mbit.com, and I'm in the process of resubscribing to the RSS and DUL. I even do some filtering on message content which has been incredibly successful. Last week I rejected almost 96,000 pieces of spam on one of my servers. That's pretty darn good. Of the 2400 users on this particular server, I've only had complaints from 3. 3 of them couldn't receive mail from a particular person on the 'Net that wsa being filtered by me. 1 was on an osirusoft list. 1 was attempting to send mail through their mailing list that's run by cybercon.com (a known spam supporter) and mail to subscribers on our end was bouncing. The other was a customer of a customer of Broadwing's. After explaining to them that we couldn't selectively allow mail to just them from the affected host and that we'd have to allow all mail to them unfiltered, they decided to suffer from more spam than miss out on their friend's email. One has changed his mind though. The rest seem to love it. The best advice I can say to you is to keep an open mind about these lists and what they do for us. Not every list is meant for all situations. I personally don't want to use the RBL. In the beginning I was leary about SPEWS. The rest I like. Join news.admin.net-abuse.email and keep up with some of the conversations of the anti-spammers that reside there. A plethora of information and insight can be had with them (I'm there too). good luck!
Comment removed based on user account deletion
I guess you're right. Technically you are forging headers. I myself do that, I have several domains and they all go out of one smtp server when I send from internally.
What's a better word to describe what I am talking about? Invalid headers? I guess that's more accurate.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Your case was not the kind of thing I am targeting. Clearly you need a batch method. But that doesn't mean there shouldn't also be a web form that makes it easy for those with 1 or 2. Surely you didn't mean to exclude web forms just because you'd find them troublesome. Let there be both.
I don't expect the average Joe to worry about patterns. Let him post the spam as he gets it and the software behind the scenes then looks for patterns in multiple postings and determines when there's a lot of the same spam, and how to recognize it.
MAPS is part of the problem. These different zone you describe are still abused. They also list whole ISPs that happen to host web sites that spammers happen to be promoting. And this is a dangerous thing to be doing because it is possible for someone to do spamming that appears to be promoting some site when their intention is to cause it harm through blacklisting. I do not want to be a part of that kind of activity. While I am certainly opposed to web sites that provide spamming software, I won't even go so far as to ban those because I don't want to set the precendent of banning on the basis of content. It's not the content of spam that's the problem, it's the volume.
And then there's the issue that MAPS is commercialized and totally uninterested in providing services to the little guy. I know because I wrote to them 3 times, twice right before they cut off at the end of July 2001, and once after, and got absolutely zero response. They aren't interested. They have been assimilated by the dollar signs.
And this is also part of the problem, and is why I stopped using SPEWS, in addition to the fact that no feedback mechanisms even exist. If you are looking for a way to get more people on board stopping spammers, SPEWS is NOT it.
Show me a DNS blacklist that has a zone to block ONLY the actual spam sources, and which will NEVER block anything else except in an attempt to actually block a spam source. Blocking a whole ISP is justified for this zone ONLY when they are trying to help a spam source move around to evade blocking. It should NOT have collateral damage unless there is no way to otherwise distinguish between spam being sent and other mail. It should NEVER attempt to block mail from some source that isn't spamming just because the operators of the blacklist are pissed off at the source for some reason, including things like hosting spamware web sites. Things like spamware websites should be in their own zone. That way those who do agree and want to block them can, and those who don't won't have to give up on DNS blacklisting to keep from causing collateral damage.
When it is clear that the ISP is helping them do that, then it is OK to block the entire network the ISP is using, and if the ISP has moved the spammers over to another network, block that. In such a case, it is the ISP that has become the bad buy by helping spammers. However, if the ISP puts a spammer on a dedicated circuit with a dedicated subnet address space that does not change, then the ISP should absolutely NOT be included in the blacklist zone; only that assigned dedicated network should be. Let the ISP actually act to move the spammer before expanding the target.
Sure it does. It presents the idea that anti-spammers are well focused on what they are doing and avoids devaluing the blacklisting zone the addresses are in. Of course I know spammers do move on. And if they move on to new address space at the same ISP, then (and NOT before) we have cause against that ISP. I do not want to use a blacklisting zone that includes the ISP before the ISP acts to help spammers.
Why LART the upstream? Let's assume for a moment that Broadwing is a co-spammer ISP. That justifies them to be blocked. But if you get the upstream to kick them off, now you'll find them pop up again somewhere else. Sure, let the upstream know what's going on. Let them know you blacklisted the address space, since if Broadwing does leave, the address space might be used by someone else, next, and the upstream could (as if they would) let you know about it. Still, the official formality of it is the thing to do.
But don't encourage an ISP to cut off a content spammer that you have successfully blocked. That goes for upstreams of ISPs that are aiding spammers and have to be included. If you've got the spammer cut off for now, don't try to get them to move on any sooner. The sooner they move on, the sooner you get spam from them again and have to send more LARTs and block more addresses. Sure, they won't stay there forever, but let them stay there as long as they will if you have "there" cut off.
I happen to think you'll get more people on board, people like me, if the crusade gets better focused, and isn't about trying to stop mail from ISPs that host web sites that are supported by spam, or at least distinguishes zones that let people have a choice. If you want to choose to block more sites than I would block, that's fine. That's your choice and I support your right to do it. What I am trying to encourage is for there to be blacklist zones that a focused on a surgical strike against exactly spam sources and limit collateral damage to whatever cannot be distinguished from the spam. Focus on the volume abuse of the spam, not the message or content in the spam.
One of the reasons I don't want to support anything but blocking the volume spam is because I want to leave the notion of anonymous email open on the internet. If we stoop to blocking anything based on the content, we risk opening up blocking anything else based on content, and de-facto censorship could follow. You can do that if you want, but I don't want to be a part of it and that's because that's what I want. If there are blacklist zones available to block exactly that and no more, I'll use them. If there aren't, I'll have to work out what I can do to block spam without the risks I fear. And I believe there are a lot of people who believe as I do, who hate spam as much as anyone, but aren't going to let that hatred drive them to ruining the internet. You can get them on board if you realize that not everyone agrees with you about everything.
now we need to go OSS in diesel cars