Christmas Spam Level Skyrocketing

dbolger writes: "ZDNet has this brief, but interesting article about how the amount of spam we recieve in our inboxes has increased 650% since this time last year. Nice to know that that anti-spam legislation passed a while back is having an effect (not)." For PINE users, just remember the magic spell: "m s r f a."

right....

[dr_labrat]

How does this compare against the overall growth of the internet, though?

The growth in the number of people connecting to the net should be much higher....

Re:msrfa?

[KarmaPolice]

Main menu
Setup
Rules
Filters
Add

But this doesn't work unless you know what to look for in spam...and none are alike

Re:pine

[carpe_noctem]

Mutilate Spam Right Fucking Away.

Yahoo Spam filters

[LS]

I use a yahoo address for my email, and have it forward to my local server's mailbox. Yahoo adds a header "X-Rocket-Spam" to mail tagged as spam, and I use procmail to filter these out. While their spam detection still works pretty well, ever since the economy went to shits their filtering has progressively gotten worse. I suspect that they are letting certain spam slip for a fee. It used to catch everything, but now I get at least 10 messages a day getting through.

LS

Re:Yahoo Spam filters

[PigleT]

You could look into _spamassassin_(.taint.org) and _razor_(.sourceforge.net) as well, btw.
I'm now using those, finding spams semi- heuristically and reporting SHA1 hashes to razor servers, with much happiness.

Re:Yahoo Spam filters

[Legion303]

Ironically enough, I cut down my spam by about 70% by sending everything with "@yahoo.com" in the headers to my spam directory. Not one false positive to date.

-Legion

Both sites and advertisers are desperate

[Artifice_Eternity]

I was laid off from a marketing/"branding"/ad firm in July, b/c they just weren't getting the web development business they once had. Banner ad rates have plummeted, and we are being assaulted by ever-more-maddening varieties of web ads (huge banners, popunders, clickthroughs, and now "shoshkeles"!?). Sites feel they have to give advertisers more for their money, simply in order to bring in the same revenue as during the dot-com boom.

When will this madness stop? Users may flee sites that harass them too strongly. Then again, the general level of advertising in our environment has been slowly but steadily increasing for decades. I doubt this trend will stop anytime soon.

Want to incur a LARGE cost on spammers?

[vandan]

Get your own back from SPAMMERS! Click the link and follow through to each of the SPAMMER's advertisments you wish to 'pay back' for their fine services. The cost to the SPAMMERS per click is displayed next to each advertisment. Only one click per day per person per advertisement is counted... http://www.overture.com/d/search/?type=home&Keywor ds=bulk+email

Re:Want to incur a LARGE cost on spammers?

And here's my spamhurt.php file.

<?php
error_reporting(E_ALL);
set_time_limit(0);

$agents = array("Mozilla/4.75 [en] (X11; U; Linux 2.2.16 i686)",
"Mozilla/4.74 [en] (X11; U; Linux 2.2.10 i686)",
"Mozilla/4.72 [en] (X11; U; Linux 2.2.12 i686)",
"Mozilla/4.73 [en] (X11; U; Linux 2.2.14 i686)",
"Mozilla/4.77 [en] (X11; U; Linux 2.4.3 i686)",
"Mozilla/5.0 (X11; U; Linux 2.2.16 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.2.14 i686; en-US; 0.7) Gecko/20010105",
"Mozilla/5.0 (X11; U; Linux 2.4.3 i686; en-US; 0.6) Gecko/20001206",
"Mozilla/4.51 [en] (WinNT; U)",
"Mozilla/4.72 [en] (WinNT; U)",
"Mozilla/4.74 [en] (WinNT; U)",
"Mozilla/4.08 [en] (WinNT; U)",
"Mozilla/5.0 (Windows; U; Win95; en-US; rv:0.8.1+) Gecko/20010426");

srand((double)microtime() * 1000000);
shuffle($agents);
$agentCount = sizeof($agents) - 1;

function HTTPGet($url)
{
global $agents, $agentCount;
if(!($fp = fsockopen("www.overture.com", 80))) return FALSE;
fwrite($fp, "GET $url HTTP/1.0\r\nHost: www.overture.com\r\nUser-Agent: " . $agents[mt_rand(0, $agentCount)] . "\r\n\r\n");
$html = fread($fp, 100000);
fclose($fp);
return $html;
}

mt_srand((double)microtime() * 1000000);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+email"), $urls);
preg_match_all("/<a href=(.*xargs.* ?)>/U", HTTPGet("/d/search/?Keywords=bulk+mail"), $urls2);
$urls = array_merge($urls[1], $urls2[1]);
shuffle($urls);
$linkCount = sizeof($urls) - 1;

while(TRUE)
{
$html = HTTPGet($urls[mt_rand(0, $linkCount)]);
if(strstr($html, "HTTP/1.1 302")) echo preg_replace("/^.*Location: http:\\/\\/(.*?\\r\\n).*$/s", "\\1", $html);
}
?></A></A>

Spam or junk?

[spamkabuki]

Looked at the headline and thought "Hmmm, I haven't gotten that much more spam...". Spam seems to be a bit of a misnomer here. Sure, there is some increase in holiday advertising and such, but spam (i.e. unsolicited e-mail) isn't what they are really complaining about here.

In the body of the article, they describe how jokes, animations, and greeting cards are clogging the system. Well, duh! Ask the USPS. They get clogged with lots of this stuff at this time of year; they're called Christmas cards.

This isn't really spam per se. It generally comes from people you know, even if you only hear from them once a year. Somehow the mailman and my mailbox cope with the onslaught every year. If your corporate infrastructure can't handle it, well what will you do if there is a legitimate boost in business traffic?

I guess these people will just crack the whip on corporate use policies again. Fat lot of good that seems to do.

All this trumpeting about %650 increased spam is an alarmist waste. (Not that I really want any more of the tons of weight-loss pills; credit fixing programs; appeals from Nigerian humanitarian organizations looking for my bank account number, promising free money for my help.)

Really?

[Ogerman]

That's funny. I receive at most one or two SPAMs per month. (The handful that slip through onto the Debian mailing lists don't really count.) Maybe people are just becoming more stupid in how they give out their addresses. Oh yeah.. and then there are HTML tags that 'phone home,' supported by many popular mail clients. Of course, we can all thank MS for Hotmail: an endless supply of throw-away mail accounts.

For those who care to reduce spam and other online (and offline) annoyances, see Junkbusters web site, also home to the free (GPL) filtering proxy by the same name.

Re:Really?

[Electrum]

Oh yeah.. and then there are HTML tags that 'phone home,'

Is that true? I always thought this was some sort of urban legend. I find it somewhat hard to believe.

Sure, it's quite easy to do. Most images that load in HTML email are coming from a remote server. All you have to do is make the image come from a CGI, and tack the person's email address onto the image URL. The downside to this is that you have to send a custom email for each recipient, but half the time you do that anyway. It's a great way to see if the email is actually opened.

Roll your own filter

[WyldOne]

I wrote one in TCL recently - still alpha testing it. Pre-screens e-mail in my pop3 account _before_ I d/l it with fetchmail. Mostly based on a hueristic approch. EG spam rules:

• If more than 50% of characters in subject are upper case = shouting.
  
• If the Subject has a random number or nonsense string at the end.
  
• If e-mail has no 'from', 'to' or 'subject' line
  
• If e-mail is not addressed to me
  
• Certain percentage of spam words (make, money,loan,etc)
  
• Certain spam phrases
  
• luzer list
  

Exceptions:
list of trusted sites/people.
Things specificly sent just to me.

It was amazing just what it did filter - I went from 10 spams a day to 1 a week. (mostly due to timing issue of spam pre-filter to fetchmail d/l)
It whacked almost 300+ spams from my 'public' e-mail account in one go. I also have it log the from/Subject - just in case)

Private Spam

[Hougaard]

The only thing I hate more than the professional spam are emails from "friends" (non-geeks) that need to inform me of that latest virus, chainmail or that there is a new update that I should download. People are simply CC'ing their entire address-book whenever they receive something that looks interesting, and thereby creating spam :-(

And don't get me started on stupid christmas chain mails !!

Re:the rest of the world...

[MS]

The rest of the world (= non-us) accounts for about 67% of all internet users, and is growing more rapidly, as there is more room for new users. The US is reaching saturation.

Despite more than 2/3 of the Internet-users beeing non-us-citizens, 90% of all spam originates in the US. This is most likely due to permissive legislature in the US. In Italy for example collecting (e-mail)addresses and other personal data is illegal, unless you have written permission from the user, or you have a business realationship (italian law #675/96, aka privacy law).

IMHO, stopping the increasing number of spam-mails is only possible with legislature forcing opt-in methods for advertisers and huge fines for those who don't conform.

Ciao,
ms

MandrakeSecure

[Mandrias]

Mandrake Linux has recently opened a new site called MandrakeSecure which is focused on securing a mandrake box.

A recent article posted on MandrakeForum talks about ways to handle SPAM using postfix and qmail. Maybe this can be useful to the larger slashdot crowd?

Not news - an advert (or press release)

[ukryule]

This "news" report comes straight from a press release.

So, a company selling email filtering software say that email filtering is ever so important? What they actually said was:

"Our database of holiday-related email messages and attachments has grown 650 percent since last Christmas,"

But their job is to build up a database of junk, so it's not really surprising - it's just saying that their database is up to date (or that their database was very out-of-date last year).

SpamAssassin works great

[cyrilc]

I've just tried SpamAssassin this WE and it works great :

• higly configurable Spam Scoring Filter according to predefined rules (each set of rules adds some pts as it matches, and it is "declared" spam when the result is highter than a specified value)
• can rely on RBLs
• is able to report spam to Vipul's Razor (distributed, collaborative, spam detection and filtering network)
• personal black and white lists
• can be tuned for particular filtering (changing scores etc.)
• can be used for a whole domain/network

...the best thing is that you don't have to perpetually update black lists of well know spammers
it is just based on content detection of spams (subject in CAPITALS; lots of exclamation marks, sp sammer X-Mailer etc.)

and it really works well

Spam will kill the internet

[ab315]

I don't need statistics to tell me that the level of spam is going up, the number of messages I get from hot-n-horny teenage vixens wanting me to look at their webcam tells me that. And this is to a unique business email address which is used on my business web-page only and has never been posted to usenet.

What surprises me is how the major players who stand to benefit from universal internet use have ignored the threat of spam to the internet as a whole.

To the ordinary user receiving a daily mailbox of sexually-explicit advertising is a major turn-off. I know several ordinary people who just stopped using email because of this sort of thing, and just use their cellphones to make calls and leave voicemail instead. No telephone company would survive for a second if its voicemail customers got bombarded by the same sort of sexually-explicit advertising that internet users get by email.

Spam filtering is not a viable solution for average non-technical users. The industry needs to clean up its act or it will suffer major consequences.

If the present trends continue it would not surprise me if email actually drops out of mainstream existence and is only used by a geek subculture, being replaced by other messaging solutions that provide a safe environment.

Re:Spam will kill the internet

[Halo1]

Yeah, just read this: http://www.clifto.com/8345.html. This guy calculates, using publicly available numbers about the amount of businesses in the USA, that even if only 1% of all *US* companies sends you only 1 message a month, you end up with 8345 ads *PER DAY* in your mail box.

So even if they'd send you only one per year, you'd still get on average about 695 ads per day. So people, instead of JHD (Just Hit Delete), please try to find the time to figure out where the spam was sent from and where the spamvertized sites are hosted and report the spammers or they things may become very ugly...

Jonas

Re:Not from AOL, though...

[tRoll+with+Butter]

I'd venture to say the majority of mail you get from @aol.com never really originated from there (the spammers used a fake reply-to address). How do I know this? Because AOL has installed software similar to Slashdot's lameness filter that catches spammers and QUICKLY terminates their account. (AOL members can read about this at Keyword: Rate Limiting.) AOL used to have a really bad problem with child porn and warez, a quick visit into a few empty private rooms reveals this is no longer the case. If you exceed the preset number of outgoing e-mails in a given amount of time, *poof* your AOL account does a disappearing act right before your eyes.

So WHY are you getting e-mails with a forged @aol.com reply-to? It's simple! Many spammers simply believe that AOLers are more trusting of familiar-looking e-mail addresses, so they want their spam to appear as if it came from another member of the service. Ironically, inter-service e-mail on AOL has NO @ address on it!

Next time you see spam from @aol.com, check the originating server in the headers, you might be surprised.

The Profit in Spam

It doesn't help that companies like verio and level 3 are about to go under. There anything for a buck last grasp is making them spam friendly. I recently busted a site on verio http://128.242.238.85/ that was operating openly as a spam source. Verio didn't care.

I emailed 100 verio customers in that net block to explain to them how they would be blackholed and what that meant. They took down the site.

You can set up the very software spammers use to poach email addresses from sites in the same net block.

I fight fire with extreme fire. The only spammers I go after since you can rile people up on it, porn spammers, they don't care if they are sending to a kid or an adult, most of them even have pedophile or zoophile crap. Grab a name from the isp, any name. Contact them on the phone and tell them of the spam and give them 24 hours to have the site removed. If not, you are going to call everyone with their last name in the city the isp is located and let them know they are all for helping pedophiles etc. Does your mom know you send porn to minors?

It is very effective. Use infoseek or similar service, look for business by the ISP. Call the deli downstairs, the church in the neighborhood, then let the person at the ISP know who you talked to.

I am not posting my name since spammers have put me on their lists, they post my name as a spammer in newsgroups. They suck.

I have a job where filtering mail could mean not getting a clients mail, so it is not an option.

If everyone just took one piece of spam, traced it to the source or the host. Attacked that host, with legal threats. Do not make anything up, do not lie. When you call their biggest advertiser to explain how they support pedophiles, be clear, it is because they refuse to take action against pedophiles hosted on their site. That they allow one of their customers to send unsolicted porn to minors. Be very clear. And be very clear your group is about to announce who is helping these scums, since their company is an advertiser or client of the isp, you are going to list them. Don't like it? get another isp or get the isp to stop.

Shame is a great motivator. Use it. If we do not stand up to this crap, we are going to see legislation coming in, they are going to be heavy handed, they are going to snoop. Take back your box.

Do more than report a spammer today, those days are over. Attack,threaten and shame a host today.

Santa Says To Spammer ...

[resistant]

I send you this coal in your stocking in order to have your grimace. No thanks, bye.

What if YOUR e-mail address is used to spam?

[AYeomans]

My Yahoo mailbox has just filled with bounce messages, as a spammer forged my email address as From: and Reply-to:. I only saw a few hundred bounces before the inbox filled.

At least I gor a copy of the original message, so could trace the sender's IP address and their obfuscated web site address.

I dropped a note to abuse@ISP, who seems to have removed the spammer's web site now. Otherwise I might have asked the Slashdot community to test the spammer's offer (:-)

But what to do about reputational damage? Or going onto known spammer lists?

Filtering helps spammers

[Charles+Dodgeson]

ab315 says

Spam filtering is not a viable solution for average non-technical users

Spam filtering is actually a bad idea. Spam filtering actually makes life easier for the spammers. I have a short note discussing this. Among other things, it says

Attempting content filtering to detect and junk incoming spam is counter productive. Filtering like that only makes things easier for spammers. The spammer's ideal email list would include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the vast majority of people who "just hit delete". If automatic filtering means that those inclined to complain about the spam don't see the spam, then filtering actually helps the spammer.

I wonder if the increase in the use of filters is related to the increase in spam.

Re:What legislation?

[quonsar]

What, pratel, is the anti-spam legislation that has been passed in the US?

what, pray tell, is "pratel"?

I've been spam free for 3 years now.

[SCHecklerX]

Here's how I did it:

1. Run my own mail server
2. Disable expn (especially if you run mailing lists as aliases for somebody!!!) and vrfy.
3. Make an alias for every service that requires a mail address
4. write procmail filters that only allow mail to the above aliases if they are from the service you signed up for. If they spam you themselves, just remove the alias (I get a lot of third party spam from slashdot, believe it or not)
5. Forward mail from the account on my ISP to my real mail server
6. Delete everything that was forwarded by my ISP unless it came from the ISP themselves, or from the dyndns service (who obviously need a server other than your own to contact you through)
7. Filter other specific spams as needed in .procmailrc (stuff with no from address, stuff with no '@' in the address unless it came from your own domain, etc)

I hadn't been forwarding my ISP mail to my account for awhile. I was AMAZED at the amount of crap that came into it when I decided to check it the other day! SHEESH! 60+ mails a day on that account, ALL SPAM. MOSTLY PORNO. This on an account that I have NEVER used, let alone advertised! Of course the lack of security of the ISP probably didn't help (default web pages as the user's account id, for example)!

Re:I've been spam free for 3 years now.

[SCHecklerX]

expn = expand in sendmail. Basically, if it is enabled, somebody can telnet to your mail server on port 25 and if you have an alias that is a list of email addresses, they will get the entire list of addresses back (ie, on my mail server, they would 'expn mtb' and learn about 60 email addresses!).

Disabling expn and vrfy on sendmail is common security practice. On my Redhat 7.0 box, they were ENABLED by default. Not good.

Damn the spam and full speed ahead!

[bigbennie]

The reason a lot of geeks receive SPAM is the same reason I do ... registration of a domain. A live email address on a domain registrar is excuse to have every cheap SPAM cannon leveled at you.

Also, folks seem a bit confused. THERE IS NO NATIONAL SPAM LEGISLATION. It never passed. Not at all. The reason a lot of spammers want to say they are in compliance with opt-out legislation is that it legitimizes their existance. Let's not forget that SPAM is STEALING. You pay for the junk mail that shows up.

Check it out here...

Spamcop.net seems to have worked for me..

[ltm]

About a month ago, I started reporting my spam to Spamcop.net .. you sign up for a free account, and every spam you get, you post to their website. (Additionally, there's a utility out there called Spam Deputy that will auto-post selected spams to your Spamcop account from Outlook.)

Spamcop takes the headers and fires off Abuse messages to every domain it finds in the trace of the spam.

The results? Well, I check my email and my wife's, and we used to get roughly identicle spams .. After using SpamCop for maybe 2 weeks, my spam count dropped off the map, while her email still gets hit. I'd say I've gone from 20 spam/day to 1 spam/day.

It's kinda spooky. Don't know why it worked for me.

Re:Spamcop.net seems to have worked for me..

[Tyrall]

SpamCop is a useful tool, both from a user's and from a system administrator's point of view.

Having used SpamCop from both sides (I work for a national ISP), I can't recommend it enough. The admin gets all of the pertinent information in a single mail, and the user can get feedback as to whether the issue has already been solved.

Julian (the guy who runs the service) is particularly helpful, and open to suggestions.

Re:What to look for...

[gmack]

Lies lies and more lies heh

There is no law that they happen to be "complying with".

The propossed bill that they keep quoting not pass even if it had it required a valid return address wich they don't happen to supply. It's just a lame attempt at keeping you from taking action.

But yea go ahead and filter anything with that block of text.

Somethig most forget

[macdaddy]

I'm reading the previous comments and there's something I notice that's disturbing. Most are quick to say how they hate spam and how spam will kill the Internet. Many are even providing information on how to filter spam. But no one has said anything about reporting spam. If there is something going on that you're so adamantly against, why don't you LART it? Doing your own personal filtering or simply ignoring the spam (UCE or UBE) only benefits yourself and only in the short term I might add. If you take a little time to LART messages, you'll not only help get A) spammers booted from their provider, b) spam sites get shut down, and c) companies that use a spammer's services to find a better way to advertise, you'll assistant in decreasing your's and everyone else's future spam. Examine the headers. Learn the signs of an open relay. Check for and report open relays. LART the abuse and postmaster addresses of the owner of the IP, the provider for that netblock, the owners (and sometimes providers) of the spamertised sites in the spam, CC uce@ftc.gov, and CC NANAS (news.admin.net-abuse.sightings) so that there is a record of spam for others to confirm that they aren't the only ones getting a particular spam. Also include the FDA on spams that say things about prescription drugs without and prescription or other FDA-related topics. Also include the US Secret Service on Nigerian Money scams. The SEC also accept reports of stock market scams. There is a plethora of things you should do with the spam you receive. Doing nothing with it is the real crime. I strongly recommend you become a member of news.admin.net-abuse.email and follow the discussions there. There are many spam FAQs floating around. Do you part to help other fight spam.

I filter spam based off of numerous DNS blacklists. I also have an extensive list of spamming domains and spam supporting providers that I blacklist. Last week I rejected 95,837 pieces of mail from just one of my servers that I deemed to be spam. If people didn't report that spam to the maintainers of the DNS blacklists, I would have to rely on my own access lists to reject spam. This colaborative effort really works.

So set your filter to...

[Ungrounded+Lightning]

The spammer's ideal email list would include every email address on the planet with the exception of those who are inclined to take action against spam. The spammer doesn't mind the vast majority of people who "just hit delete". If automatic filtering means that those inclined to complain about the spam don't see the spam, then filtering actually helps the spammer.

So set your filter to forward each spam to your congressman. B-) Say, with a nice form-letter about how this showed up in your inbox today and you'd really like the law against unsolicited faxes to be expanded to include spam, with only "opt-in" allowed.

And re-tune it periodically as the congresscritters change their email addresses.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Hell...

[PlaysWithMatches]

It's gone up by 650% for me in the last month. I get about 20 spam messages an hour, ranging from breast enlargement ads (I'm a guy, btw), to fixing my credit (which is already perfect).

Fortunately, there was an easy solution. I just added Pine filters for these words in the "from" address: deal, offer, bargain, save, money, and winner. That cut it down from ~20 an hour to maybe 3 random e-mails a day that slip through. :P