Slashdot Mirror
Tracking Spam to the Source
cygnusx writes: "MSNBC is carrying a Wall Street Journal article on one reporter's attempts to track the spam she receives to the source. Armed with a few Hotmail and Yahoo accounts, reporter Stacy Forster actually responded to most of the barrage of spam she began to receive after a week or so. Not quite the best investigative jounalism ever seen, but still a good glimpse (or so I thought) at those who send us those unloved missives about "exciting business opportunities" and "millions of $$$ waiting"."
There's a good article on spamcop.net in time this week. They do seem a little slower lately.
A beowulf cluster of these reporters to put a stop to all the spam!
It's all coming from Monty Python and their Vikings.
Duh.
When I signed up for their ADSL service, I used a very odd username which I haven't used before, nor have I ever seen. I checked my email a day (after the account was made, not after I got DSL) later and guess what? Two email from Bellsouth, one from some porn company. I posted my findings to DSL reports, and got fired from my tech support job at Bellsouth DSL for that.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
turn on "enable-bounce-cmd" in your prefs. Open the spam, hit "B", tippity-tap out the source e-mail address (or flex your gpm muscles if you're so inclined), and off it goes back to the sender; alternately, do your best to fudge a mailer daemon bounce. When they get the message, 9 times out of 10, they stop sending. Failing that, just redirect known bad domains (I do this with Yahoo and Hotmail because I don't know anybody who uses those accounts) into a spam folder; check it occasionally to make sure the signal-to-noise ratio is non-zero.
:)
It's not worth getting all hot and bothered over some "INCREDIBLE MONEY MAKING OPPORTUNITY" someone felt like telling you about.
On another note, check out somethingawful's pranks section under spam for Lowtax's take on the whole thing.
Want Linux games? HERE.
junkbuster blocked 15 images from loading in that one article.
---
Oregon
The popunder for the "World's Largest Casino." (NOT)
Ceci n'est pas une sig.
The article says the FTC recommends that you forward all of your spam to uce@ftc.gov. I know I will be doing so from now on...
D'oh!
Games Workshop Petition
I expect msnbc.com can handle the load.
-1 redundant all round.
One spammer interviewed in the article says he sends out about 15,000 spam messages a day and gets 10-15 new customers out of that. So I guess the message about spam we send to these people is that's it's worth it.
It feels like we're kinda stuck - it's annoying and stupid, but spam is here to stay. That 1/1000 is a good enough target for these businesses, and e-mail addresses are so cheap to get they might as well go for it. The only thing I can think of is being extra careful to NEVER look into an e-mail that even looks like spam - don't go to the website, don't buy the product, even if it could be interesting.
I once asked a telemarketer if he hated his life, he said he did. I thought it was kinda funny that he admitted it straight out - it was proof that the underbelly world of cheap advertising is evil.
spacefem.com
... was to install Spambouncer, which is a large set of procmail filters.
/dev/null in the case it filters something it shouldn't.
Before installing it, I got ~20 spam messages a day. Now I get at most 1-2 a week. Spambouncer does come with very restrictive default settings, though. For example, you must specify if you want to receive email from free web mail services like Yahoo and Hotmail, otherwise it'll filter those out.
It also logs everything it does and has the option of sending blocked email to a file instead of
In my case the only inconvenience was it blocked legitimate email from Amazon.com and eBay -- these are filled with disclaimers and have HTML, which Spambouncer doesn't like to see. In any case, it's easy to mark those domains as safe and start receiving their email again.
...from the same source. Sure, there may be several (ie millions) of people that make these wonderful worthwhile e-mails, but they are part of the same entity I like to call "space wasters". What we need to do is band together, perhaps form some sort of "anti-spam" group, and eradicate the space wasters forever! Mwa ha ha ha! JOIN ME! Oh, and you can prevent your inbox from being cramed with that crap by just filtering out the words "free" "offer" "you've won" etc.
Anyone else received an unsolicited email inviting them to participate in a Harris Poll for Microsoft ? Sort of a "how are we doing" type of thing ?
It took a little guts, but after 2nd and 3rd thoughts I reported it via spamcop.
Not sure if I'll take the poll anyway. I think it sucks that MS has me on their list. Maybe they scraped microsoft.public.???.
I run eMailTrackerPro on my spam and send em a nice image of the location to theyre ISP and them.
. ht ml
http://www.visualware.com/emailtrackerpro/index
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
Software like TMDA implements this. When a mail comes from an known source, an automatic confirmation mail is sent by the script. If the sender acknowledges, his address will be added to the 'whitelist'. No more confirmation will be needed.
This is extremely efficient, and it basically reduces the SPAM actually delivered to your mailbox to zero.
Just don't forget to manually add mailing-lists you're subscribed to, to the 'whitelist'.
{{.sig}}
I want to know about one more part of the story.
She says she signed up a Yahoo account, bought one book from Borders.com and promptly received spam thereafter.
Sooooo.... if Borders _and_ Yahoo both say they there's no way the e-mail could have been sent out by either of them -- (and if the reporter is completely accurate about her sequence of events) -- how did the company get her e-mail address?
Either someone's lying, is mistaken, or her e-mail address was "created" through some sort of bruteforce e-mail address creation application.
Cheers,
Mike...
If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
The FTC encourages consumers to forward unsolicited commercial spam to uce@ftc.gov.
Guess I have someone else than abuse.net to forward unsolicited spam to now..
www.spam.com , very tasty :)
----- Whats wrong with this picture? http://www.revoh.org:1234/whatswrong
I think we should have a server feature that is configurable from the client. The client would be able to tell the server that if a message has certain characteristics, the server should respond to the sender in the same way it would respond if the address didn't exist at all.
Any message that your client would filter into the trash, your client should be able to tell the server to bounce.
Perhaps we could also use the "plus convention" to allow users to effectively manage their own email address(es). Many servers are set up so that if my assigned email address is fred@foo.com, then fred+[anystring]@foo.com is still sent to fred. Tell your friends to address you as fred+friend@foo.com, and then have your client sort the "+friend" messages into a friends folder.
Why not be able to create a list of valid plus extensions in your client, which would then post them to the server? Why not be able to create your own rule for messages that arrive with no extension? You could instruct your client to instruct the server to accept them or to bounce them back to the sender as simply nonexistent addresses.
You could create an extension in your client and specify an expiration date. Your client informs the server. Then you post your email address publicly, a Usenet question perhaps, and your server would accept responses until the date you specify, and then bounce everything thereafter as spam.
With so many addresses expiring quickly and users able to get their servers to hide their non-expiring addresses from mail with certain characteristics, the spammers databases would become much less usable.
"Those who have never entered upon scientific pursuits know not a tithe of the poetry by which they are surrounded."
...the reporter could have gotten more info if she didn't keep telling these people that she is a reporter?!?!
How's this for investigative journalism?
1. Locate Spammers
2. Call and explain to spammers that you are a reporter
3. Determine if spammer has hung up
4. If step 3 is yes, call spammer back and leave message
5. Repeat
At the current rate of spam increasing everyones mail accounts will be made unusable with in the next 2 year or less.
So people should just bounce all html mail. What ever mail client that you use. As almost all porn mails require to download images from somewhere or try run some Javascript.
Report spam to ISP concerned and ask politely your ISPs to start implement RBL lists.
If people do not stand up a shoud we dont want this junk, email will die.
RIP 2002 Email accounts the world over.
Then when the spammer emails to it, track them down, file a large lawsuit for copyright infringment, tresspass to chattel, computer tresspass and fraud.
Bankrupt a few spammers, others may think twice before spamming
Fight Spammers!
say, procmail+spamassassin
"SpamAssassin is a mail filter which attempts to identify spam using text analysis and several internet-based realtime blacklists."
In short, it analysis incoming mails and throw spam away.
Of course, that's not something a layman could setup, even though I found it easy.
Sig: What Happened To The Censorware Project (censorware.org)
I've been sending SPAM to abuse/postmaster/uce@ftc.gov for months, but most ISPs will just terminate the account if they even bother.
We should be encouraging hackers to point their skills towards a noble goal: shutting down SPAMMER websites. SPAMMER's would take notice when their sites were hacked and redirected to Spamcop. And ISPs would really start to check accounts if their service became a transport for DDOS attacks against a SPAMMER.
Come on hackers it's easy. Create a hotmail account and post just once to USENET. I'm still getting SPAM 4 years after posting 1 message to USENET with a real address. Do something positive to the Internet community for a change. Get to work hacking those jerks' sites!
...if only the spam I recieved was actually targetted to me. I dont want or need viagra/work/a degree/porn adverts, they are by default wasted money. If on the other hand I'd get cheap hardware/palmpilot/cool tech toys/gadget adds, I would probably be a little poorer :)
If she's really hanging on Slashdot then I love her too.
...ummmmm now that I see her picture I don't think I love her anymore.
Select Message->Bounce to Sender, or Option-Command-B if you do this often...
She uses hotmail w/html.
I've been thinking about this...
Facts:
The only way to stop spammers is to make spamming unprofitable.
Their profit depends upon harvesting usable email lists, so there's a chance some idiot will buy something after reading their garbage.
Solution(?):
Dilute their mailing lists with so much garbage they'll only actually send out one or two emails to real addresses for every X thousand mails sent to fake addresses.
Method idea:
What if I put together a quick CGI to generate pages with fake text (just paragraphs full of random picks from a dictionary + punctuation) plus randomly created email addresses. Then linked to the chain of 1000's of fake pages from one of the real pages of my sites? What if I allowed anyone to use this tool for their own sites, to generate 1000's more, or made an online tool to generate pages and email them on to people to upload for their websites?
Anyone think this is a good idea? Obviously it's a trivial piece of scripting, but I think if major sites used something like this, it would seriously piss off a lot of these lowlifes...
Code, Hardware, stuff like that.
This is probably old news, but its just a thought.
What if it were required by law that every company must track WHERE and WHEN they obtained any e-mail address that they send bulk messages to. If you requested to be removed from their list "recursively" the offending company would have to notify its provider. Each company would have to notify any company they bought the address from that you want your information kept PRIVATE. The recursive notification would only go UP the chain. I'd love if it they had to notify everyone they sold it to as well, but this might not be practical. Each provider would send you a message as they removed you from their list. Each company would have to keep your e-mail address on a black list for a period of time you specify (such as "until hell freezes over") and not send you further mesasges until that time elapses.
You would have as evidence the date/time you were removed and would have grounds for damages in the event that someone repurchased your address from a provider or they didn't remove you.
Until then, I'll just continue to give my email address out as myname_companyimgivingitto@mydomain.com
So far, 99% of the spam is coming from myname_usenet@mydomain.com, which is about to be automatically filtered and deleted.
We need laws that allow us to sue people if they don't stop spamming us - such as with the "take my off your caller list" idea with telemarketers - since some of my spam has no "remove" at the bottom :/
:D
At least I can dream
paul
My dad was complaining bitterly about the volume of spam he was getting as a result of signing up to get a online greeting card (no I don't remember which site) since he's on a dialup account with fixed number of free hours each month. Downloading and deleting the spam effectively ate into his hours. A quick installation of Mailwasher (which serves to send messages back marking it as undeliverable) served to quiet him afterwards since he now feels like he's doing something to stop it.
What I think I might want to check is to see if it can't also directly forward the original email to that ftc mail address...
And who's going to complain when a few spammers website are shut down?
NOBODY!!!
-Jon Katz
A year or two ago I came to the conclusion that you cannot stop all the spammers using filters. You can use any filtering program you want, but either you going to loose some e-mail or some spam will get though (or both). You can use fake e-mail addresses but many sites now-days check by sending you a confirmation e-mail that requires you to do something with information you get in the e-mail. But what you CAN do is control how they get your e-mail address in the first place.
/dev/null's email coming into that account.
;-).
Here is my easy method to track the bastard that sold your address. All you need is your own domain and control over the e-mail server - as many of my fellow geeks do.
Using my domain - I created an account for dealing with spam. I then created an alias which will put all e-mails without a specific mailbox into that account. (for example - the qmail/vmailmgr allows you to create "+" alias as such catch-all address)
Now comes the fun part- every time I need to use my e-mail in public - I make up an e-mail address that makes it easy to figure out where I used it. To make sure I do not create a real mailbox with same name - I use a specific prefix (like ns- for no spam) to make all of those e-mail addresses stand out (example - when signing up for e-bay, I sign up with ns-ebay@mydomain.com. Now when that spam arrives I can find out which e-mail address it is destined to - and which place it came from.
The last part of this comes after a while. Eventually some addresses start getting too much spam and you seem to end up where you started. No problem. I create a new alias that bounces or
If I find that I gave out an address to a trustworthy source, I can even create an alias to go to my main mailbox.
Of course, if you go to a source that is guaranteed to leak your address to spammers, no point to even bother with all this - that's what the free webmail accounts are for
The interesting part of all this is that to my own surprise I find that most sites are pretty good at keeping your privacy when you sign up. So far the biggest culprits were postings on USENET (well, duh!) and ebay - but e-bay were all from massmailings by people I bought from and they were good at removing my address when asked to.
Hope this helps.
-Em
RelevantElephants: A Somatic WebComic...
I use procmail to filter out email from anyone not in my address book to a different account. That way I can check the spam account once a day, and won't be bothered the rest of the time.
.*myisp.com
.*networksolutions.com
.*otherimportantdomains
I export the email addresses in my address book to a file which I FTP to my server. Here is the procmail recipe I use on the server:
-------
SHELL=/bin/sh
FROM=`formail -rzxTo:`
:0
* ! $FROM ??
* ! $FROM ??
* ! $FROM ??
* $ ! ? cat emaillist.txt | fgrep -iqs "$FROM"
! spam@account.com
----
I followed the link to the story, and got an idiotic popup spam for some online casino.
Isn't that what it's for? My email program has access to my mail server, on the mail port. That's it.
Kjella
Live today, because you never know what tomorrow brings
People say things "off the record" all the time.
If reports print things without unveiling the fact that they're a reporter, it's mostly just unethical journalism, which can actually get you in trouble - because since you didn't announce that you were doing an interview, you don't have legal proof that the guy said everything (and agrees with eveyrthing) he said. If that stuff is bad stuff, he can sue you for libel.
If you have your own domain name, simply use abuse@yourdomainnamehere.com as your primary e-mail address and you'll never be spammed. After 3 years I am still waiting for my first spam
Once I got a spam from someone claiming to be my cousin Jimmy. He said that he had found a place that would host our web site for free. My plan was to find the sender and arrange a meeting and when it wasn't the real "Jimmy" to freak out and ask WHAT HAVE YOU DONE WITH JIMMY?!?!?! I sent "Jimmy" an email saying it was good to hear from him, and that I sometimes still felt guilty about what we did to that guy up at the lake (fiction). My message to Jimmy just bounced, which made me wonder what the heck the reason was for this spam. I was prepared to send them real $$$ just to have my little joke.
I am sure it is a great story. But it just shows up BLANK to my Opera 5.11 browser. Its just not worth starting up IE.
mmm hmm
I simply use an email client that will render the contents in text-only mode.
On linux I use Evolution (setting Message Display to "Show Email Source") and on Windows I use Agent (or FreeAgent).
Agent is a bit more polished in that it displays an icon in place of the HTML that you can click to launch you favorite browser.
High Times has confirmed: *BSD is dying
Yet another crippling bombshell hit the beleaguered *BSD community when recently High Times confirmed that *BSD accounts for less than a fraction of 1 percent of all servers. Coming on the heels of the latest HighTimes survey which plainly states that *BSD has lost more market share, this news serves to reinforce what we've known all along. *BSD is collapsing in complete disarray, as further exemplified by failing dead last [HighTimes.com] in the recent HighTimes comprehensive networking test.
All major surveys show that *BSD has steadily declined in market share. *BSD is very sick and its long term survival prospects are very dim. If *BSD is to survive at all it will be among OS hobbyist dabblers. *BSD continues to decay. Nothing short of a miracle could save it at this point in time. For all practical purposes, *BSD is dead.
Fact: Linux sucks dead donkey cock.
Only homosexuals use linux.
Furthermore,slashdot is for sickos.
While most filtering programs and package mentioned here are for the individual user, or one that has their own mail server, what would you suggest for ISPs to use?
Its not possible to do the 'deny all, allow from a list' at the root level as you have no idea what customers will want to allow.
RBL helps some of course, but not much.
Subject filters help abit too but only for words you Know will be in spam, and sometimes it needs to be multiple words which means a spammer can rearange the subject and it will still get past.
The ISP I work for has been in business for about 7 years now under the same domain name, and has been dictonary scanned/spammed so even when adding a new account chances are someone has been sending spam to that address for alot time before it existed.
Blocking spam by the relay server used is not possible. I get over 500 spams a day to the normal administration addresses (staff hostmaster postmaster etc) and generally 475 of them are different servers. It would not be possible to filter them all, and even so the chances of the relay server being used a second time appears very low.
Most of the 'server-wide' filter programs are designed to try and not block ligit email.
Unfortunatly this means it blocks very little spam in the process.
Would anyone know of any solutions we havent thought of?
There's a column in today's Washington Post on spam:
I arrive at my office, uncap my coffee, unwrap my bagel, open my e-mail and face the first searing public policy question of the day: "Do you want to watch teens make their first porn video?"
It's called "The Great American Spam Attack", by Ellen Goodman.
This is the first, and likely last, time I will write a "MOD THE PARENT UP" post. But damn, it's funny. Anything to throw in a media reference that *isn't* borrowed from the Simpsons.
Evolution doesn't load external images in HTML mail by default. You have to ask it to if you want, one by one (View -> Display Message -> Load Images)
However, such programs generate incredible amounts of traffic - the money generated far exceeds the bad publicity and attention the occasionally poorly targeted email generates.
Man what a sucking link. You get the MSNBC main page and good luck in finding the WSJ article.
Try searching for "spam" however and it's at top of the list.
C'mon troops. You usually post better links than this!
Sorry this is long -- please bear with me.
We need to realize or accept these things:
1. We absolutely cannot directly control the behavior of all the spammers. No law is going to stop all of them from sending spam. No law enforcement agency is going to search all of them out and prosecute all of them. No punitive action (legal or otherwise) by a group of users is going to dissuade all of them. And if we don't stop all of them, there will still be spam in our mailboxes. We can safely give up on this kind of thing.
2. The problem with spam is not that they send it, but that we receive it and it's in our faces when we want to read our real email, and it's annoying to have to deal with it. So we need to stop worrying about the sending of the spam. We have to handle it at the receiving end (our end).
3. The spammers are will continue to be motivated to send spam because it works often enough to be profitable for them.
4. Inbound mail filtering on addresses or message content will never go far enough. Some spam (new junk from new sources) will continue to get through, and the spammers will be encouraged enough to continue.
Solving the problem means making a couple of changes -- one fundamental (about the way we think about email) and one sweeping (across as many email systems as possible):
1. The fundamental part -- we must change the way we think about accepting email from unidentified senders. It is the acceptance of mail from unverified sources that allows spam to work at all.
2. The sweeping-change part -- we need to implement (or lobby for) verified-sender mail delivery systems everywhere, and get it to be the default delivery mechanism for new accounts. These are the kind of systems (like TMDA) that use whitelists to allow mail to be delivered, with all other inbound mail (except the blacklist) gets an auto-response with a code - the sender is asked to reply to the auto-response in order to get their original mail delivered. Responders are added to the whitelist. People will get used to the verification process -- it isn't terribly burdensome.
Anyway, if no response comes back in X days, the message may be discarded, optionally adding the sender's address to a blacklist.
This kind of delivery system stops spam because of the very nature of spam -- the sender never looks at replies to his spam. Think about it.
It isn't necessary to use TMDA -- it's just one example of this kind of system. I ended up writing my own system with scripts and procmail. I'm down from 30-40 spams per day to zero, and my email is usable again.
If we do this across the board and make it the default condition for new accounts, spam will stop working for those who use it. When the response rate drops to zero, they'll quit spending money on it.
This does not address the issue of the cost of receiving the spam (for those who pay by the byte), but if we can make it all dry up and go away by making it stop working, that problem would solve itself.
Disclaimer: this is all opinion, of course. Your mileage may vary.
TyZone
Someone at the LA Times did something similar to this in the middle of last year. It's a much more amusing article. At least I think so.
3 0.story
http://www.latimes.com/technology/la-000037171jun
In every article I've read about the issue of spam, the author unfailingly feels the need to provide numerous examples of what kind of spam they have received. I find this so tiresom that I tend to skip half the article... skimming almost as quickly as when cleaning the spam out of my inbox.
Please, we don't need examples - we all know what spam is!
CONGRATULATIONS! You are the next person to recieve 2 FREE ROUNDTRIP AIRLINE TICKETS
And I know for sure that the source of this was msnbc!
I know they have to display ads to make the wheel spin, but I'd prefer ads on the main page, instead of in popups.
A popup requires intervention(you click the X, or whatever, to not make it clutter up your screen),
as do SPAM(you press <delete>, to not make it clutter up your mailbox).
Anyone see the similarities here?
When making web pages, I like to make people's emails on the page a a small .png file instead of text with no mailto: link. This prevents that these programs can pick it up.
It also prevents that blind people using a speech reader can pick it up, which may be a violation of your jurisdiction's disability code.
Will I retire or break 10K?
Lets take all of our spams on a daily basis and put 'em into a large database for analysis, and output cool statistics. Would Larry Ellison like to help with this one?
Then parhaps, the FTC/FBI could use the data as a tool for investigation in order to link paterns in the database to their respective spamlords.
Skiers and Riders -- http://www.snowjournal.com
The idea is to set you free to surf/sign up at will and make it easier to not get spam than it is to get spam.
on those not-so-rare occasions when the spammer is really sending from an ISP (usually hotmail in my experience) and not just forging the return-to address, to immediately forward the message with headers to the abuse@isp.com address.
Some of the Brazilian ISPs notify me when the user's account has been disactivated, which really makes my day. One down, a squillion to go!
this article kicked the article that made the front page's ass.
You just got DSL didn't you?
They want to make sure you still want and need it after awhile.
"The only thing you can do that might have ANY impact at all would be to complain to your congressmen that they need to outlaw spam. Once laws are in place we can sue the pants off these assholes, and maybe even get them some jail time."
Even if you COULD enforce US laws on dodgy spammers, the effect would be much like the war on drugs - lots of "criminals" would be hanging out in prison learning about other ways to screw people (haw haw), and the 'market' they left behind would be open to more business.
_My_ solution is technical. Modify the mail protocols to provide accountability. Require a cryptographically verifiable return path, and refuse to accept mail without one. When you recieve mail you don't want which has a valid return path, contact the origin and persue normal anti-solicitation paths, or block them. Most spammers can't risk being tracked down because what they do is already illegal with or without the internet. Legitimate business don't want bad blood from angry non-customers and will cooperate fully, probably only sending unwanted mail by complete accident.
Also, instead of sending the whole spam, send a "please pick up this message from my server" note (Idea stolen from http://cr.yp.to/im2000.html). This means the spammers can't fill ISP mail spools and it means they have to have a server up to serve out the messages. This solves a LOT of problems, such as those associated with normal mailing lists.
Laws add bloat. We've got too many laws already. Let's fix these security problems at the source.
I've been working on a click-through agreement, let me know what you think (I am not a lawyer):
Unsolicited Commercial Email (UCE, spam) Agreement
Section 1: Applicability
1.1 By harvesting (gathering, collecting, etc.), transmitting data to, or selling any [YOURDOMAINHERE] email address you (or an individual acting for an organization) acknowledge and agree to be bound by the terms of this agreement.
1.2 An example of an [YOURDOMAINHERE] email address, user mailbox or account is uce-agree@[YOURDOMAINHERE] or the computer readable equivalent thereof.
Section 2: Allowed Use of [YOURDOMAINHERE] Email Addresses
2.1 Allowed transmission of electronic mail ("email") to this site is limited to the following:
2.1.1 Specific user election:
2.1.1.1 The user will accept mail for which the user has knowingly and intentionally given permission to be sent.
2.1.1.2 If there is any doubt the sender or originater of email sent to an account at [YOURDOMAINHERE] will be assumed to be in the wrong and therefore subject to the compensation portion of this agreement.
2.1.1.3 Official communication from the immediate provider of network services (ISP) to [YOURDOMAINHERE] will be accepted.
Section 3: Prohibited Use of [YOURDOMAINHERE] Email Addresses
3.1 Harvesting (gathering) of [YOURDOMAINHERE] addresses with intent to sell:
3.1.1 It is prohibited to gather by programmatic means (web spider, etc.) any [YOURDOMAINHERE] email address with the intention of selling the address to a possible spammer.
3.1.2 It is prohibited to gather by hand (non-automated means) any [YOURDOMAINHERE] email address with the intention of selling the address to a possible spammer.
3.2 Harvesting (gathering) of [YOURDOMAINHERE] addresses with intent to spam:
3.2.1 It is prohibited to gather by programmatic means (web spider, etc.) any [YOURDOMAINHERE] email address with the intention of transmitting spam to the address.
3.2.2 It is prohibited to gather by hand (manual) any [YOURDOMAINHERE] email address with the intention of transmitting spam to the address.
3.3 Transmission of Unsolicited Commercial Email, also known as UCE or spam:
3.3.1 It is prohibited to send spam to any address or account at [YOURDOMAINHERE].
3.4 Unspecified use not described here:
3.4.1 It is prohibited to transmit data to a mailbox at [YOURDOMAINHERE] without the mailbox owner's implicit consent.
Section 4: Compensation for Prohibited Use
4.1 Establishment of a fee, fine, or compensation structure shall not be construed as permission for use.
4.2 Compensation shall be set at a rate of $50,000.00 (Jan. 20, 2002 dollars, adjusted for inflation) per unit (defined in section 4 paragraph 3) or 1000% of your revenues, whichever is larger.
4.3 A unit shall be measured in commonly accepted computing standards as a pixel for images and an 8 bit byte for text or code. Vector based images will be measured by their code.
Section 5: Indemnification and Warranty
5.1 The owners of this site and the email addresses therein shall not be held liable for any consequences of this agreement.
5.2 This agreement may not be used against (to the detriment or punishment of) any owner of this site and/or email addresses within.
Section 6: Acceptance of Agreement
6.1 By sending a message to the address uce-agree@[YOURDOMAINHERE] you agree to accept and be bound by the terms of this agreement. All sections of this agreement will apply in full force to all messages received by uce-agree@[YOURDOMAINHERE].
6.2 Publication of the acceptance address uce-agree@[YOURDOMAINHERE] does not constitute permission to send UCE or spam to the address uce-agree@[YOURDOMAINHERE].
6.3 This address may only be published with this agreement. If you publish or resell an [YOURDOMAINHERE] address without this agreement you may be liable for the fees generated by anyone misusing [YOURDOMAINHERE] mailboxes.
Section 7: Termination
7.1 The agreement will remain effective until terminated. The agreement may be terminated without notice only by the owners of the email addresses at [YOURDOMAINHERE].
7.2 If an owner of an email address at [YOURDOMAINHERE] fails to enforce the prohibitions in this agreement it shall not be construed as termination of liability of the sender for violations.
Section 8: Publication of this Agreement
8.1 This agreement will be published at http://[YOURDOMAINHERE]/legal/uce-agree.html .
8.2 This version of the agreement is 200201200001 (for January 20th, 2002 12:01 am).
Section 9: Superceding Agreement
9.1 This agreement may be superceded by a new agreement at any time without written notification when published at the address in section 8, paragraph 1.
9.2 You agree to check and be bound by the agreement published at the address in section 8, paragraph 1 when performing any activity that may be covered under this agreement. It is up to you to be familiar with the latest terms.
Section 10: Controlling Laws and Jurisdiction
10.1 By acceptance of this agreement you agree to be bound by the laws of the State of Michigan and agree that any legal action against you will take place in a location convenient to the owner of the [YOURDOMAINHERE] email address.
Section 11: Intent
11.1 The intent of the agreement shall be considered more important than the phrasing so that if any loopholes exist they shall be considered closed by intent.
Section 12: Legal Agreement
12.1 This constitutes the whole of the agreement between the author and you. If any part of the agreement is weakened or rendered null it shall be construed in a manner consistent with applicable law to reflect, as nearly as possible, the original intentions of the author, and shall not weaken or nullify any other part of the agreement.
We had a problem, we allowed people to send you an sms email to your phone at phonenumber@company.com. Normal service, people wanted to get email'ed alerts for stocks, messages from the wife/gf etc. To fight spam we put up message que that checks to see if the sender is sending over 10 emails to different accounts. It filters out most spam. We did have to tweak settings for people who do dispatch services to employees.
The other method we did, we added a random 5 digit number to a persons phone number. So if your phone number was 2025551212 it would be 2025551212-01234. This blocked all brute force spam techniques. The customer knew what thier subscriber id was, and it was safe from prying eyes.
Im tired of spam, using the same email address for over 6 years, my daily spam count is over 100. Spam and tele-marketers are the worst.
-
The worst thing about Europe is that you can't go out in the middle of the night and get a Slurpee. - Tellis Frank
The least you can do is cost the spammer their account. Depending on the spams contents I...
Traceroute the last reliable IP of the sending email address. Know your mail gateways and take the IP address it received the mail from, traceroute it and report to abuse@[someisp].[ext]. If seems unreputable, cc their isp.
Visit the web page. Do it. This is to find out if there's a redirect in place. http://[somefreewebhost].com/[directory] redirects to http://[scumballspammer].com/ . Traceroute and report the site it redirected you to to the appropriate ISP. Least it will do is annoy the sysadmin, and we know how sysadmins can be. Best case is they lose their site, any money put toward it, and pay a penalty fee.
If the web page sends you somewhere to order, visit it, traceroute it, and report. (Same reasons as above.)
In the case of javascript encoded html, it's easy to rewrite. Look for the document.write( xxx ); statement and change it to document.write( "<form><textarea>" + xxx + "</textarea>" ); . Repeat as necessary. Follow steps above.
I wrote something vaguely similar a while back. A lawyer friend of mine tells me the contract won't work, since there is no "consideration" involved.
Schwab
Editor, A1-AAA AmeriCaptions
What is "consideration"?
Web sites have terms of use, so it seems to me this could work. I do plan to run it past a lawyer at some point, but haven't gotten to it yet.
although you have resigned yourself to a life of celibacy, some people would enjoy the benefits of having a foot-long pecker.
It's working for you because at the moment your solution is "unique". If it becomes standardazied, nothing will prevent "innovative" spammer to create/buy an autoresponder that will whitelist their spam...
Normally, spammers use bogus return addresses, right?
So how about this: every time my computer receives an email, it initiates a connection to the sender and tries to send a reply message. If the sender's server accepts the email address, close the connection (i.e. cancel the message before it's finished). If the server rejects the email address, you know the return address is invalid, so you can throw away the message (or filter it into a different box).
Of course, spammers might start to make the return addresses random (but valid) return addresses at yahoo, etc. - but that will just get Yahoo very, very mad, and they'll track down and sue the spammers.
Probably never gonna happen, but I've never heard that particular idea before...
Not the only one...
I receive over 20 e-mails a day from my
"Cox@Home" address, sad-- I have never
used it (except to retrieve from POP3
server) -- never told anybody what it
was -- ever! Cox said: "...your cable
modem tells people..." ?!?!? Obviously
this guy was an idiot. When talking to
a Cox.net Tech, he said it didn't suprise
him. I set up my new e-mail under Cox's
Highspeed Network on 22-JAN-02 and on
23-JAN-02 I got my first spam...
Unbelievable. Thanks!
Actually here's a question. How come spammers don't end up spamming their bretheren?
Problem is getting one of those. Especially on dial-up. Not to mention the "can't run a server" that's quite common out there.
Round them all up and gas them with cyanide. A dead spammer can't fill anyones inbox.
A bit extreme and hard to do, but considering that america is the number one producer of serial killers I'm suprized an anti-spam unibomber hasn't shown up yet.
If this keeps up a jury might even go easy on a person that hunted down and killed spammers. My non-techie sister recently had to stop using hotmail because of all the spam.
The internet is a public forum, and a form of publishing, so LIBEL very much applies. But if it is true, then it ain't libel.
Right here on /., millions of people read dozens of hard-hitting stories by "A. Coward" every week!
So, next time I get one of those sleazeball "call us, leave your number, we'll call you back" solicitations, I'm going to call them back, get a live human on the telephone, explain that I'm an investigative reporter, and start asking questions. Then I'll come here and report what they say.
Any other reporters here?
Seriously, I find that the words "Please place me on your do not call list" have a wonderful chilling effect on those pesky people who call me on the phone but can't pronounce my name right.
I've actually done this for a few university lists. Every once in awhile some jerk would mail every list at the university something that would generate lots of responses by people who would cc everyone.
The system was fairly simple. Any mail to a list had to have a prefix in the subject, say SGA: for the Student Goverenment Association. The filter would then strip the prefix and send the message out to the list. Messages that didn't have the prefix were bounced back with instructions to add the prefix and a list of topics those subscribing to the list were interested. It's still working to this day.
Fortunately I've been lucky in that all the addresses I've used only one became a spam collector and that was after I no longer had a use for it. Otherwise I would seriously consider installing the perl scripts on my own account.
As the subject says, I hate spam just as much as the next guy, but I feel rather helpless when it comes to solving the spam problem. I once go to frustrated with spam in my inbox I actually replyed to one of the messages, left a phone number and waited for a call back. Guy calls, I talk to him, he says he did not send the spam, he only pays $15 bucks a hit. I ask him to give me the name/number of the guy who gave him my info. He gives me the name and phone number of the fuck who sent me the spam.
;). Fucker. I hate spammers.
Ok, we have the dudes home phone number and name, we find his home address, then do some more research, find the bastard's business name and like 8 different phone numbers belonging to him. Buhahaha.
So at 3am that night, I call the dudes home. Wake his sorry ass up and begin to yell. He admits he was the spammer, and appologizes. Fuck him. I yell some more... I threaten to post his phone number / home address all over the place... to scare him I even told him the names of his children and where they went to school
Day two.
I post each of his phone numbers in a personal ad on tons of different sites.
Day four.
I call his business line in the middle of business hours and ask to speak to Mr. X. Mr. X. gets on the line, says hello, and then I ask him how he likes the calls he has been getting, I laugh and hang up.
I get bored, and post his phone number, on tons of boards and then list his business email addresses (his employees addresses, and his) on every porno mailing list I can find.... then proceed to post those addresses on usenet.
day six, I was bored, and off class... so I decide to drop Mr. X. a line. I asked him if he was still spamming, he hung up on me. Buhaha. Man I felt so good I called him right back and just laughed at him, and told him spam was bad. What a Fucker.
-----
On a side note, at the time I did this I lived in a dorm. I made all calls to Mr. X. through the phone in the lobby, I did not want to get sued for harassment.
-----
If I ever see someone spaming... I mean actually see them, I will kick the shit out of them... I know my solution will never fully work, but hell if all of us, who are fed up with spammers, were to track the fucks down and introduce them to Mr. Baseball bat the world would have a whole lot less spam... or maybe just a whole lot of busted up crooks.
DEATH TO SPAMERS!
I don't know why she says mail-order diplomas are worthless. My cousin landed a great job as a financial analyst at an energy trading company called Enron with just such a diploma.
Table-ized A.I.
i *know* this is stupid, but one particular spammer really pissed me off... he sent me around 20 copies of the same email over the course of 3 days. so, i dived into my cache of magazines and grabbed those those "information request" cards... you know, the ones that have like 50 checkboxes asking you what things you want more information about? i also took some "free trial subscription" cards. i filled out the address that the spammer provided on about 30 of those cards. it took me around an hour or so, and i've spent my time in better ways, but i hope that the jerk got flooded with snail mail spam. :-)
I used "+friend" as an example, but you can see that, in essence, it's a password. For that reason, people could make it as easy or as convoluted as they like, so there would be billions of possibilities per email address.
Lets just take the case where they use a 10,000 word dictionary containing the most common words in the most common languages plus the most common names (given names and surnames) plus the most populous place names.
Even that system could be fooled by just using "+bluebanana" or the like. But let's suppose it were used anyway to catch as many as it could.
A 20 million name spam database (typical) times 1000 tries, lets say, before they get a hit, means they'd have to send 20 BILLION messages just to recover the number of working addresses they currently have.
If you want to talk about cost, NO ISP is going to let you send 1000 times as many emails for the same price. Whatever it costs you is likely to be way more than the return you can expect from the one in a million response rate (1/1000 estimated further reduced by a factor of 1000 or more).
And if spammers reach you eventually, you just resort to ever more obscure plus extensions, and for your highest priority people, immediate family for example, you just rotate them as often as necessary.
If we had this system, someone could build an analog of "spread spectrum" among participating clusters of friendly clients, where they coordinate the switches in email address extensions amongst themselves without human intervention, using long random sequences that humans wouldn't even need to remember.
"Those who have never entered upon scientific pursuits know not a tithe of the poetry by which they are surrounded."
I just filter on the To: line. If my email address is not on the To: line, it goes in the deleted folder. I check the deleted folder and see if there's anything I missed, 999 out of 1000 I don't. If I know it's from someone, I'll filter that prior to the above filter. Work's pretty well.
The only difference between the accounts is that the one she divulged to Borders received more spam; therefore Borders sold her address
You're missing part of it.
She says "I created email accounts on hotmail and yahoo, and used one to order from borders.com"
Then she says yahoo and borders don't sell email addresses. (Hotmail is conspicuously absent from this statement.)
What she didn't say is WHICH email service she used for this account. Dollars to donuts it was hotmail.
I assume that hotmail is hacked daily, just to harvest the email addresses.
I think you can create a hotmail account, do NOTHING with it, come back in a week, and read your spam.
Mail Audit Article
Set the mail server up so it only accepts email messages whose contents begin with this sentence:
All other messages will be bounced automatically with the instructions how to get your messages accepted.
I intend to implement just this scheme.
Marko
'consideration' means that both parties have to give something to the other party for the contract to be valid.
So a 'contract' which says the I will give you a car isn't a valid contract, and can't be enforced by you should I decide not to give you the car after all. But a contract which says I will sell you a car for $X is valid (assuming everything else is valid).
Whether X is adequate consideration depends on local laws and the courts. E.g. $5 for a new ferrari may be enough to make the contract valid, it may not.
Whether any of this applies to the clickthrough thing above, I don't know.
---
Oregon
The idea could be simple. Mail that arrives gets checked with a whitelist, a blacklist and a spamlist.
/dev/null.
/dev/null. The list could be interchangable (alike MAPS, RBL, ...)
The whitelist:
People send A email to you, they get a email back to "REPLY" on that mail to get the mail sent to you and to be added to the whitelist. If they do not send this reply within 2 weeks the mail gets deposited to a "trash account" or gets a "X-list: not authorized" in it's header to be filtered to oblivion.
The blacklist:
Very simple, people on the blacklist get sent to
The spamlist:
These are the addresses being added automatically by the administrator. These emails get sent to
Is there any PERL or Script available? I saw some for Python (Anti Spam Blocker (ASK) though I would like it to be in Perl or C.
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
I've had the same email address for almost 10 years. I post on newsgroups a lot, and my email address is all over my website, which itself has been around a long time. So naturally, I get a lot of spam- probably 50-100 messages a day, *after* running some simple filters. SO WHAT! I just delete it. It takes less than a minute. Then I get on with reading the legit stuff, which takes about two hours.
What *does* bother me are the reams and piles of junk mail that appear in my snail-mail box every day. It makes me sick thinking all the trees that have to die to create this stuff.
Whenever I have to give my adress to a website where I think there is even the slightest possibility that a spammer could get my e-mail address I merely give them a dummy spam account I have set up. I never get any spam in my normal mailbox and just hop over to the spam box every once in a while and look for any legit messages.
I stole this Sig
Notice the hotmail account guys who was tricked by the MSN Messanger setup talking about "We never gave our mails, not even using it but when we checked not to get it suspended , we figured there are 100 spams!"?
A guy/gal using Hotmail gets heavily advertised to use and install MSN Messanger and some does it just to have a online mail checker for hotmail.
Now the freaky part begins... http://news.com.com/2100-1001-833154.html
Yes... With a not-so-advanced 133t jscript tactics, they can harvest your mail AND the mails of others unless they use a nickname. I don't see any reason like 90% of people would change their know Hotmail adresses to nicknames.
More interestingly CNET reporter tries to say (I congratulated him for breaking that story btw) "It is not so serious". YES it is serious!
For months I was telling my friends I am not using MSN messanger because I believe spammers/harvesters found a way to get my MSN signon name and spamming me. They called me paranoid, anti-ms but recent days they admitted "We don't know how too but there must be a way and we are getting spams"
Can anyone tell me how that glitch isn't serious?
Here in Denmark we don't allow spam, nor in EU, great you think, but we get it as much as the next country.
problem offcource is that we get spam from all over the world, I have some chinese barstard spamming me over and over again, and I can't really go to the police and report it, even when I get danish spam, they are so polite as to tell us, the message is send outside of the EU
Don't bother responding to uce@ftc.gov or the spam net admin!!!
Use the NEW IMPROVED E-ANTISPAM POWERUSER MEGASERVICE!!
MAKE MONEY AND SEX WHILE YOU REPORT SPAM!!
First 20 customers get a FREE DATE with COWBOY NEIL
Anti-spam now, but DON'T SEND ANY MONEY
We'll BILL YOU
I have to say that I've been regularly using a Yahoo account for nearly five years at the same address, and I get very little spam through it (far less than my usual ISPs/work addresses). The spam I do get is usually as a result of something identifiable that I've done with the address. Plus the bulk mail folder system used by Yahoo is very efficient. And Yahoo's abuse team seem to be pretty good the half dozen or so times I've reported Yahoo-based spam to them ... now, my girlfriend's Hotmail account, that's a spam-magnet.
http://www.yelm.freeserve.co.uk/spamido/
Government of the people, by corporate executives, for corporate profits.
Todd
-- !todd erases a red dot! I steal music on the internet.
This point has been made before, but needs to be reiterated, where did the spammer get the e-mail address from? Remember the author said that she only used the e-mail address to buy a book from borders. Did borders, yahoo or hotmail(especially hotmail) violate their own privacy policies? If we look at common SPAM sources such as pm0.net, flowgo et al you will find that they violate their own privacy policies all the time. Published policies state that you will be removed from any list (try it sometime, good luck) the truth is a lot different. Perhaps the spammers used a dictionary attack.
Those of us in the trenches are seeing more and more of this. A spammer picks a domain and then starts sending mail to that domain, starting at 11111@foo.com working their way up to zzzzzzzzzz@foo.com. They usually bounce it off from an open relay or the originating source is from China. (Jesus I get crap loads of viruses from china, spam from china and network probes every f**king day from China, just aWTF is up with that?) So my mail server has to handle thousands of bounces. Add to that the return address is often faked. The bounce then bounces, adding more load to my server, and load to the innocent victims server (like all the faked addresses from domains like AMERICA.COM or CNN.COM) If the IP is in a common RBL I at least have a small chance of catching it. I've taken to blocking the IP that contacts my mail server with any double bounce for a period of 4 hours. This alone has reduced server load by several percent.
Almost every on-line policy I have ever seen has the little line added that says "We reserve the right to change this without noticve, and without informing you" in effect. I wonder if borders, yahoo or hotmail changed their policy and just didn't inform us.
I say the only way to get spammers back its to make them pay. If they give you an 800 number, call up and give them some information "Hello, recording device, this is Jack Meoff at 6969 killspam lane, yes I'd like some information on your service, my number is (Give non 800 number from other spam). IF enough people do that then it will be cost prohibitive for them. Keep talking until recorder hangs up (more expensive, make the use 800 numbers not profitable and real phone numbers can be easier to track, at least in the US)
Here is a little fantasy from someone that has to defend against these morons. Nothing like getting 50,000 e-mails to a domain that only has 2k accounts on it. My favorite solution, of course, I'm not endorsing this or suggesting you do it, but with a real phone number and a real address a baseball bat and 2 friends is the best answer to the spam solution.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
This is definately a "good enough" style filter, and not intended to catch every theoretical variation of spam and good (but spam-like) messages. I find that it is rarely wrong (2 misrouted messages in 4 years).
Here is a summary of my filters, in order of execution;
Mark OK and move to a non-Spam folder:
Move to Spam folder:
Move to Likely Spam folder:
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
"1. If directly to or from me/known person/known list."
Notes:
This catches the rare case where a stranger replies to a message where my address is masked but that is directed to someone I know. This does not catch the case where all addresses are masked (this has happened once).
In all examples, "To" means cc, bc, or to.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Only a SPAMMER would think that 3 is overated for this!
Look at spammimic.com. If I'm the only one left who sends such messages, I'll be doomed.
I have some ideas, but I'm not sure if they are any good, but it seems that one of the largest problems with spam is fake email addresses, If PGP was used to sign outgoing emails, and PGP keys were given out by email domains, and easily accessable, for example publickeys.hotmail.com, then the only problem with this is that a lot more bandwith would be required to send public keys back and forth, but if you cache known public keys, emails with unkown public keys could be filtered to another mail box and verified, so, fake emails would be easy to spot, the signature would be un-verifiable, and email addresses that send out spain would be easier for large email domains to block, I don't know, these are just some ideas, maybe they arn't any good, but, adopting encryption and signatures wouldn't be a bad idea,
I suppose if the people who normally respond to spam often read MSNBC or the Wall Street Journal, this article might enlighten someone. But I doubt that's the case.
As noted by many posters - spam is almost always unreplyable; given this, would it be possible for the mailers of the world (sendmail, et all) to verify reply-to addresses when mail is recieved? This would pose the possibility that the reply-to would be the next poor soul on the mail list so...
The mailer would need to check the reverse-DNS of the incoming connection and the reply-to field to see if they went to the same ip address or domain at the very least, then verify the user name/mailbox sending the mail.
Obviously, this is an issue which would modify/bend RFC 821/822 so not something to be done lightly. However, as with some of the other tools, the mail could be silently foldered or deleted or the subject pre-pended for mail clients to filter on.
Being in Vermont, I am working on getting lawmakers here to expand the OPT-IN rules and have them apply to more then just the insurance and banking industries. Lets stop all the spam we can!
But the techique works. Every time they send a mail, they provide information about themselves, that info can be used to identify and bounce spam to real addresses.
I use From: because it's simple and gets most of the spam, other information from the headers can also be pulled out by formail and used to identify incoming spam. Reply-To: for instance may also be useful.
Government of the people, by corporate executives, for corporate profits.
Government is unlikley to do anything serious about spam because the issue is outside of their comprehensive ability and more importantly, the money is on the side of spammers with such lobbyists as the Direct Marketing Association. As long as spam remains a consumer issue and not a well funded campaign championed by lobbyists, you can expect it to be a long time before there is any legislative solution.
However, imagine this.... Some plantiff's lawyer looking for the next well funded target to suck dry realizes that a lot of people get sexually explicit spam at work, i.e. "increase ejaclautions by 600%!" (I guess the scientists have been hard at work; just a few months ago they could only acheive a 581% increase.) Employees who have to read through and delete this spam are faced with a sexually harrasing workplace environment every day.
The plantiff's lawyers can sue based upon the fact that the corporations in question are knowledgeable about these harrassing emails, but are not doing enough to prevent them. Now of course, I don't know what the law is here, but I'm sure that some bottom feeding lawyer can bleed at least one, if not several, decent sized settlements out of a few corporations. This would suddenly send quite a few corporations who have a well resourced lobbying ability to start addressing the spam issue. Since they have money to spend and campaigns to contribute to, government should finaly start listening seriously.
The problem is that the corporations would be primarily concerned with reducing their liability, and not reducing the volume of spam recieved. However two messages would be heard fairly loudly in government and the public at large. The first being that despite what the Direct Marketing Assocaiation and others like them say, Spam is mostly people pushing pornography and trying to rip off unsuspecting, clueless consumers. It is not a legitiamte marketing device which is used by legitimate and intelligent businesses, because the reality is that spam annoys real customers. Second, is that the cost of spam (which is born not by the spammer but by the recipient) is not only the cost of bandwidth and resources, but potentially much greater. If the recipients of spam become civily liable for the spammer's message, people will begin to panic. Combined with a consumer led movement, you might see some real progess in government on this issue.
http://razor.sourceforge.net/
It should fit right in with Spamido: http://www.yelm.freeserve.co.uk/spamido/
Government of the people, by corporate executives, for corporate profits.
... is I no longer receive spam. my new account at shaw.ca is spam-free (so far). good riddance @home. i know, i know, wait about 5 minutes and there'll be plenty of spam to my new account. But my point is that shaw appears to keep its accounts private.
I don't know exactly how this will unfold, but I'm fairly sure that the answer lies in this direction (whitelists, etc) rather than in legislation or cyber-attacks.
Regards,
TyZone
{hmmmm} Then I wonder what the web site contract is based on. Obviously Fox is deluded into thinking it has something of value that they're going to allow you to use, but what do you give them?
In my mind this (and this) simply state that said storage space and network traffic are my property or rental and that their spam is theft, trespass, and vandalism.
I wonder how much the personal satisfaction of terminating the business of a spammer for the benefit of users everywhere would be valued at?
Some good ideas to think about, thanks.
This guide offers all sorts of good info on stopping unwanted mail, e-mail, and phone calls.
It would make filtering so much easier. Your ISP could do it for you, on request.
That plus a law with $10k/infraction fine with half to spammee, and half for enforcement investigator funding.
Ok, soften that a little. Allow "[UCE]" in place of "[SPAM]".
I've had my Canadian ADSL account for nearly 3 years how, and I have never EVER received even one single spam!
Here's little hint:
The secret is to not give your e-mail address to the spammers IN THE FIRST PLACE!!!
Sorry for the yelling, but it's just so basic!
Don't give your primary e-mail to shady characters or joe-blow websites, or small businesses business or even big businesses like mp3.com that engage in UCE. Don't post to newsgroups without munging your e-mail address. Even basic munging works wonders.
Putting your e-mail addy on a private webpage may or may not be ok. I've had mine on my personal homepages for years, and no spam. Others report the opposite. And of course if you've got a "common" email address, like joe@somethingorother.com, or if you're ISP/e-mail provider is a compromised/spamhause, you're screwed. But 90% of people shouldn't have a problem. Am I the only person with a brain?
(Too bad I didn't read Slashdot on Saturday, I could have saved a ton of you some hassle.)
For those that are unaware of how Sneakemail works it's related to one time email addresses, and routing the mail to your 'real' address.
Admitedlly a hassle, but if you use a unique alias for each web registration, etc... it is quite simple to determine which one was responsible for the UCE and delete the alias.
I use several Yahoo accounts and my spam rate has been non-existent since I started using it. it seems to work well.
Not really. You don't need to run your own mail server to be able to operate a domain of your own -- there are lots of companies out there that are willing to host email for you, and it shouldn't cost too much, either. So you could register, say, myfavouritedomain.com with somebody and this company (often even the domain registrars offer services like this) could be set to send mail to <anything>@myfavouritedomain.com to myrealaddress@dialup-isp.net . Or perhaps they only permit five POP3 mailboxes if they're cheap, but that doesn't stop you calling one of them "abuse" and then polling it from your dialup account.
Something similar works fine for me; I use a dialup ISP and have a couple of vanity domains, one of which is my primary email domain for making up tracked email addresses and the like.
Great idea. I'll have my spam filter look for these web bugs and use them to also detect spam.
And if it also blocks bugged email from companies with which I have a relationship, well...they didn't ask me if they can have their mail have a hidden Message Read ability. And I have seen mail from some trusted companies which did that.
Actually, anyone could start this.
Offer access to a mail server/remailing service where you charge per message -- perhaps with some low number of free msgs each month.
Also provide examples of procmail and other filter incantations to allow recipients and mail admins to accept mail which goes through your system as probably not being spam.
Basically, you're just providing a trusted mail service. The level of trust depends upon the implementation -- you could just have the cost-per-message as a spam deterrent, or have customers who you mark as CONFIRMED because they have somehow proven to you who they are and are using cryptographic tools to prove that they are the ones who sent the message.
Great idea.
Do a search for WebPoison to find an implementation of it.
Create some email accounts which are never used, and use them to detect spammers.
Particularly set up filters to detect consecutive mail to "a@example.com", "b@example.com" or "Aaron@example.com", "Abraham@example.com".
Block the IPs which are doing that, so those IPs can not even get to your customers. Contact the ISP who owns those IPs.
You live in Oregon, in the 110th and SE Stark area?! As a resident of Eugene, I'd have to say you must live in Portland. Only a PDX resident would be so brash as to write off the possibility that there are other cities in Oregon. First you steal our area code, now you've stolen the whole state!
Geez - you only make up half the population up there...
NOTE: I'm just joshin'...
Culture is more than commerce
Come again? This doesn't make any sense at all. If there were 1,000 messages per week per person, then that's 52,000 messages per year per person. Since each spamming company only sends one email per year to 1% of the population, then to achieve this level of coverage, you need to have 100 times that many companies sending spam. So now we have 5,200,000 companies per person sending spam. And that's only the spammers! Only 1% of companies are spammers, which means that there are a whopping 520,000,000 U.S. companies per person!
Now, I don't know about you, but I don't even have one company, much less 520 million of them, so I think that your math is a little bit off here...
-Joe
It was an oversite I neglected to include the small town in the Northwest part of the state where I used to live. Sorry. Actualy I grew up in Redmond and I no longer live in Oregon. I moved to a lower tax state. It's funny to hear the revenue problems the state has while being one of the higher taxed states. Maybe they want to tax like California and not like Idaho or Washington.
The truth shall set you free!
One great thing to do for all those places that "require" you to enter an email address, yet insist they won't email you anything if you click all the appropriate checkboxes is to put root@saidcompany.com as your email.
If they break their promise, they're only hurting themselves :)
Magius_AR