Slashdot Mirror
Tracking Spam to the Source
cygnusx writes: "MSNBC is carrying a Wall Street Journal article on one reporter's attempts to track the spam she receives to the source. Armed with a few Hotmail and Yahoo accounts, reporter Stacy Forster actually responded to most of the barrage of spam she began to receive after a week or so. Not quite the best investigative jounalism ever seen, but still a good glimpse (or so I thought) at those who send us those unloved missives about "exciting business opportunities" and "millions of $$$ waiting"."
The popunder for the "World's Largest Casino." (NOT)
Ceci n'est pas une sig.
I bet that works great when the source address is spoofed.
This message brought to you by the Council of People Who Are Sick of Seeing More People.
One spammer interviewed in the article says he sends out about 15,000 spam messages a day and gets 10-15 new customers out of that. So I guess the message about spam we send to these people is that's it's worth it.
It feels like we're kinda stuck - it's annoying and stupid, but spam is here to stay. That 1/1000 is a good enough target for these businesses, and e-mail addresses are so cheap to get they might as well go for it. The only thing I can think of is being extra careful to NEVER look into an e-mail that even looks like spam - don't go to the website, don't buy the product, even if it could be interesting.
I once asked a telemarketer if he hated his life, he said he did. I thought it was kinda funny that he admitted it straight out - it was proof that the underbelly world of cheap advertising is evil.
spacefem.com
Did you contact an attorney about suing for wrongful termination? Can you provide a link to your post?
Another proud carrier of the $rtbl flag
And laws aren't that cut and dried, and various states and localities have laws to protect workers from this and similar kind of capriciousness. In fact, some companies unknowingly tie their own hands with internal policies allowing grievances, etc. An attorney can help exhaust those options--a legal aid attorney can help a wrongly (legally or morally) terminated worker in this kind of situation at least cost their former employer some time and money, and maybe even obtain some severance in return for a promise not to sue. And if that doesn't work, he can always puruse an Office Space type remedy :).
Another proud carrier of the $rtbl flag
IIRC, whistle-blowers get some protections, but only if the issue is with employee or public safety. This just sounds like a sign that they're a bad place to work with/for. Unfortunatly, it's impossible to NOT deal with BellSouth in some way (even with CLEC phone service: It's still BellSOuth's wirecenter and wires) in the States they service/scam. But at least they TRY to work with CLEC's, unlike Verizon, which just pays the FCC fines for non-compliance every time.
When a mail comes from an known source, an automatic confirmation mail is sent by the script.
That should have read "from an unknown source"
Have you ever checked how much legitimate e-mail you loose?
Monkey sense
Sorry this is long -- please bear with me.
We need to realize or accept these things:
1. We absolutely cannot directly control the behavior of all the spammers. No law is going to stop all of them from sending spam. No law enforcement agency is going to search all of them out and prosecute all of them. No punitive action (legal or otherwise) by a group of users is going to dissuade all of them. And if we don't stop all of them, there will still be spam in our mailboxes. We can safely give up on this kind of thing.
2. The problem with spam is not that they send it, but that we receive it and it's in our faces when we want to read our real email, and it's annoying to have to deal with it. So we need to stop worrying about the sending of the spam. We have to handle it at the receiving end (our end).
3. The spammers are will continue to be motivated to send spam because it works often enough to be profitable for them.
4. Inbound mail filtering on addresses or message content will never go far enough. Some spam (new junk from new sources) will continue to get through, and the spammers will be encouraged enough to continue.
Solving the problem means making a couple of changes -- one fundamental (about the way we think about email) and one sweeping (across as many email systems as possible):
1. The fundamental part -- we must change the way we think about accepting email from unidentified senders. It is the acceptance of mail from unverified sources that allows spam to work at all.
2. The sweeping-change part -- we need to implement (or lobby for) verified-sender mail delivery systems everywhere, and get it to be the default delivery mechanism for new accounts. These are the kind of systems (like TMDA) that use whitelists to allow mail to be delivered, with all other inbound mail (except the blacklist) gets an auto-response with a code - the sender is asked to reply to the auto-response in order to get their original mail delivered. Responders are added to the whitelist. People will get used to the verification process -- it isn't terribly burdensome.
Anyway, if no response comes back in X days, the message may be discarded, optionally adding the sender's address to a blacklist.
This kind of delivery system stops spam because of the very nature of spam -- the sender never looks at replies to his spam. Think about it.
It isn't necessary to use TMDA -- it's just one example of this kind of system. I ended up writing my own system with scripts and procmail. I'm down from 30-40 spams per day to zero, and my email is usable again.
If we do this across the board and make it the default condition for new accounts, spam will stop working for those who use it. When the response rate drops to zero, they'll quit spending money on it.
This does not address the issue of the cost of receiving the spam (for those who pay by the byte), but if we can make it all dry up and go away by making it stop working, that problem would solve itself.
Disclaimer: this is all opinion, of course. Your mileage may vary.
TyZone
Lets take all of our spams on a daily basis and put 'em into a large database for analysis, and output cool statistics. Would Larry Ellison like to help with this one?
Then parhaps, the FTC/FBI could use the data as a tool for investigation in order to link paterns in the database to their respective spamlords.
Skiers and Riders -- http://www.snowjournal.com
The least you can do is cost the spammer their account. Depending on the spams contents I...
Traceroute the last reliable IP of the sending email address. Know your mail gateways and take the IP address it received the mail from, traceroute it and report to abuse@[someisp].[ext]. If seems unreputable, cc their isp.
Visit the web page. Do it. This is to find out if there's a redirect in place. http://[somefreewebhost].com/[directory] redirects to http://[scumballspammer].com/ . Traceroute and report the site it redirected you to to the appropriate ISP. Least it will do is annoy the sysadmin, and we know how sysadmins can be. Best case is they lose their site, any money put toward it, and pay a penalty fee.
If the web page sends you somewhere to order, visit it, traceroute it, and report. (Same reasons as above.)
In the case of javascript encoded html, it's easy to rewrite. Look for the document.write( xxx ); statement and change it to document.write( "<form><textarea>" + xxx + "</textarea>" ); . Repeat as necessary. Follow steps above.
And what happens if you are receiving an email from someone who has the same rules applied to their server?
Have a look at "man hosts.allow" and read the section under "booby traps" referring to infinite finger loops
Of course, spammers might start to make the return addresses random (but valid) return addresses at yahoo, etc.
You mean like spammers do already?
What about the following? This assumes that only yahoo.com sends out addresses with yahoo.com as the _envelope_ address (as opposed to having yahoo.com as the from/sender fields, which anyone should be able to do to set return addresses. In the latter case, but the envelope address should be your isp address in this case.)
...Welcome to server.isp.com. This mail service is brought to you today by the random number "rand_num" and the letter Q.
1) HELO Yahoo.com (date) (date-key+rand)
2) MAIL FROM: (user@yahoo.com)
(check_mail rule:
a)is date correct?
b)do we have yahoo.com's current (not expired) public mailkey?
b-1) No? query dns record type "MK" for yahoo.com)
c) Does record MK exist?
c-1) Yes. Is f(date-key, "yahoo.com", date, rand_num) = key?
c-1-1) yes? - accept.
c-1-2) No - reject.
c-2)Domain not verified, accept for backward compatiblty (current situation)
I think the above could be useful, as most solutions I've seen rely on the network effect of everyone switching over, and getting people to reject all non-verified address. however, the above would allow even one isp to change over (by adding a dns record) to say, "we've changed over, if you getunverified email "from" us, it's not - reject it. Result? Zero forged emails from isp, isp rep goes up. Other ISP's get interested. Keys can be expired periodicly where "key expiry time" < "time to crack key"
Comments? Is this currently possible with esmtp?
Exigo spamos et dona ferentes