Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tracking Spam to the Source

Posted by michael on from the hunt-the-wumpus dept.

cygnusx writes: "MSNBC is carrying a Wall Street Journal article on one reporter's attempts to track the spam she receives to the source. Armed with a few Hotmail and Yahoo accounts, reporter Stacy Forster actually responded to most of the barrage of spam she began to receive after a week or so. Not quite the best investigative jounalism ever seen, but still a good glimpse (or so I thought) at those who send us those unloved missives about "exciting business opportunities" and "millions of $$$ waiting"."

7 of 356 comments (clear)

  1. Recommendation by doorbot.com · · Score: 5, Informative

    The article says the FTC recommends that you forward all of your spam to uce@ftc.gov. I know I will be doing so from now on...

  2. My solution to stop spam... by Flavio · · Score: 5, Informative

    ... was to install Spambouncer, which is a large set of procmail filters.

    Before installing it, I got ~20 spam messages a day. Now I get at most 1-2 a week. Spambouncer does come with very restrictive default settings, though. For example, you must specify if you want to receive email from free web mail services like Yahoo and Hotmail, otherwise it'll filter those out.

    It also logs everything it does and has the option of sending blocked email to a file instead of /dev/null in the case it filters something it shouldn't.

    In my case the only inconvenience was it blocked legitimate email from Amazon.com and eBay -- these are filled with disclaimers and have HTML, which Spambouncer doesn't like to see. In any case, it's easy to mark those domains as safe and start receiving their email again.

  3. Re:maybe if we stop answering it... by oregon · · Score: 5, Informative

    NEVER look into an e-mail that even looks like spam

    Absolutely, these HTML mails are dangerous with their 1x1 gifs with a custom URL so "they" know you've read the message.

    I check the source and add the urls to junkbuster's list. If the filters don't get the mail, then the images still don't get requested.

    --

    ---
    Oregon
  4. How to track who sold yours email to spammers by Em+Ellel · · Score: 5, Informative

    A year or two ago I came to the conclusion that you cannot stop all the spammers using filters. You can use any filtering program you want, but either you going to loose some e-mail or some spam will get though (or both). You can use fake e-mail addresses but many sites now-days check by sending you a confirmation e-mail that requires you to do something with information you get in the e-mail. But what you CAN do is control how they get your e-mail address in the first place.

    Here is my easy method to track the bastard that sold your address. All you need is your own domain and control over the e-mail server - as many of my fellow geeks do.

    Using my domain - I created an account for dealing with spam. I then created an alias which will put all e-mails without a specific mailbox into that account. (for example - the qmail/vmailmgr allows you to create "+" alias as such catch-all address)

    Now comes the fun part- every time I need to use my e-mail in public - I make up an e-mail address that makes it easy to figure out where I used it. To make sure I do not create a real mailbox with same name - I use a specific prefix (like ns- for no spam) to make all of those e-mail addresses stand out (example - when signing up for e-bay, I sign up with ns-ebay@mydomain.com. Now when that spam arrives I can find out which e-mail address it is destined to - and which place it came from.

    The last part of this comes after a while. Eventually some addresses start getting too much spam and you seem to end up where you started. No problem. I create a new alias that bounces or /dev/null's email coming into that account.

    If I find that I gave out an address to a trustworthy source, I can even create an alias to go to my main mailbox.

    Of course, if you go to a source that is guaranteed to leak your address to spammers, no point to even bother with all this - that's what the free webmail accounts are for ;-).

    The interesting part of all this is that to my own surprise I find that most sites are pretty good at keeping your privacy when you sign up. So far the biggest culprits were postings on USENET (well, duh!) and ebay - but e-bay were all from massmailings by people I bought from and they were good at removing my address when asked to.

    Hope this helps.

    -Em

    --
    RelevantElephants: A Somatic WebComic...
  5. A simple solution by Anonymous Coward · · Score: 5, Informative

    If you have your own domain name, simply use abuse@yourdomainnamehere.com as your primary e-mail address and you'll never be spammed. After 3 years I am still waiting for my first spam

  6. Re:Just use PINE and... by walt-sjc · · Score: 5, Informative

    Bouncing spam after it's in your inbox is useless. Since most spam is forged, all this will do for you is get you another email from "Yahoo" (or whoever the spammer used as a forged address) claiming the user is unknown.

    Spam has to be bounced at the SMTP server level before reception is complete to be effective at all, and even at this point it's usually pointless as the spammer is probably just bouncing off some random open relay in China. All this will do is fill up the clueless administrators mailbox of the relay in china with bounce messages. Maybe this will cause them to close their open relay, but with hundreds of thousands more open relays to choose from, it does little good in the overall picture.

    Spammers have found another method too. Relay through some lammer's poorly-configured wingate or squid proxy.

    Use spamcop, bounce messages, write nasty notes all you want, but you will not make a dent in the spam problem.

    The only thing you can do that might have ANY impact at all would be to complain to your congressmen that they need to outlaw spam. Once laws are in place we can sue the pants off these assholes, and maybe even get them some jail time.

    What scares me more than the "make money quick" or "loose 150 lbs in 10 minutes" spams are the pseudo-legit type used by businesses.

    Think about that... If only 1% of american businesses decided to use spam, and they only sent one spam email a year to 1% of the population,
    that's still thousands of messages A week per person!

    With all the filters I have setup, I block about 600 spam attempts per day to my server, another 50 or so a day get filtered into a spam folder automatically, and about 2 or so a day get all the way through to my main inbox folder. This is on an email address I've had for 7 years, so just about every spammer seems to hit it.

    Considering that I only get about 100 legit emails a day (including several mailing lists) I'd say the problem is WAY out of hand. With the levels of spam increasing about 10% per month, my guess is that we have about a year left before email is completely saturated with spam making it impossible to communicate.

    So Please, do as I have and write a physical letter (no emails, they just junk those) to your congress critters (or what ever government officials you have in your country that pass laws) to ban spam.

  7. More mainstream media on spam by Floyd+Turbo · · Score: 5, Informative

    There's a column in today's Washington Post on spam:

    I arrive at my office, uncap my coffee, unwrap my bagel, open my e-mail and face the first searing public policy question of the day: "Do you want to watch teens make their first porn video?"

    It's called "The Great American Spam Attack", by Ellen Goodman.