Slashdot Mirror
Tracking Spam to the Source
cygnusx writes: "MSNBC is carrying a Wall Street Journal article on one reporter's attempts to track the spam she receives to the source. Armed with a few Hotmail and Yahoo accounts, reporter Stacy Forster actually responded to most of the barrage of spam she began to receive after a week or so. Not quite the best investigative jounalism ever seen, but still a good glimpse (or so I thought) at those who send us those unloved missives about "exciting business opportunities" and "millions of $$$ waiting"."
When I signed up for their ADSL service, I used a very odd username which I haven't used before, nor have I ever seen. I checked my email a day (after the account was made, not after I got DSL) later and guess what? Two email from Bellsouth, one from some porn company. I posted my findings to DSL reports, and got fired from my tech support job at Bellsouth DSL for that.
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
Bloody hell, is there any way to filter out all posts with the phrase "beowulf cluster of these"? I'd even give up my Jon Katz filter if I could turn off these mindless attempts at humor. "All your base" died months ago, why the hell is this still popular?
Taco, Hemos, anyone, is there some way to stop seeing these damn things?
You're just jealous 'cuz the voices talk to *me*
turn on "enable-bounce-cmd" in your prefs. Open the spam, hit "B", tippity-tap out the source e-mail address (or flex your gpm muscles if you're so inclined), and off it goes back to the sender; alternately, do your best to fudge a mailer daemon bounce. When they get the message, 9 times out of 10, they stop sending. Failing that, just redirect known bad domains (I do this with Yahoo and Hotmail because I don't know anybody who uses those accounts) into a spam folder; check it occasionally to make sure the signal-to-noise ratio is non-zero.
:)
It's not worth getting all hot and bothered over some "INCREDIBLE MONEY MAKING OPPORTUNITY" someone felt like telling you about.
On another note, check out somethingawful's pranks section under spam for Lowtax's take on the whole thing.
Want Linux games? HERE.
junkbuster blocked 15 images from loading in that one article.
---
Oregon
The article says the FTC recommends that you forward all of your spam to uce@ftc.gov. I know I will be doing so from now on...
One spammer interviewed in the article says he sends out about 15,000 spam messages a day and gets 10-15 new customers out of that. So I guess the message about spam we send to these people is that's it's worth it.
It feels like we're kinda stuck - it's annoying and stupid, but spam is here to stay. That 1/1000 is a good enough target for these businesses, and e-mail addresses are so cheap to get they might as well go for it. The only thing I can think of is being extra careful to NEVER look into an e-mail that even looks like spam - don't go to the website, don't buy the product, even if it could be interesting.
I once asked a telemarketer if he hated his life, he said he did. I thought it was kinda funny that he admitted it straight out - it was proof that the underbelly world of cheap advertising is evil.
spacefem.com
... was to install Spambouncer, which is a large set of procmail filters.
/dev/null in the case it filters something it shouldn't.
Before installing it, I got ~20 spam messages a day. Now I get at most 1-2 a week. Spambouncer does come with very restrictive default settings, though. For example, you must specify if you want to receive email from free web mail services like Yahoo and Hotmail, otherwise it'll filter those out.
It also logs everything it does and has the option of sending blocked email to a file instead of
In my case the only inconvenience was it blocked legitimate email from Amazon.com and eBay -- these are filled with disclaimers and have HTML, which Spambouncer doesn't like to see. In any case, it's easy to mark those domains as safe and start receiving their email again.
Software like TMDA implements this. When a mail comes from an known source, an automatic confirmation mail is sent by the script. If the sender acknowledges, his address will be added to the 'whitelist'. No more confirmation will be needed.
This is extremely efficient, and it basically reduces the SPAM actually delivered to your mailbox to zero.
Just don't forget to manually add mailing-lists you're subscribed to, to the 'whitelist'.
{{.sig}}
I want to know about one more part of the story.
She says she signed up a Yahoo account, bought one book from Borders.com and promptly received spam thereafter.
Sooooo.... if Borders _and_ Yahoo both say they there's no way the e-mail could have been sent out by either of them -- (and if the reporter is completely accurate about her sequence of events) -- how did the company get her e-mail address?
Either someone's lying, is mistaken, or her e-mail address was "created" through some sort of bruteforce e-mail address creation application.
Cheers,
Mike...
If Nalgene water bottles are outlawed, only outlaws will have Nalgene water bottles.
I think we should have a server feature that is configurable from the client. The client would be able to tell the server that if a message has certain characteristics, the server should respond to the sender in the same way it would respond if the address didn't exist at all.
Any message that your client would filter into the trash, your client should be able to tell the server to bounce.
Perhaps we could also use the "plus convention" to allow users to effectively manage their own email address(es). Many servers are set up so that if my assigned email address is fred@foo.com, then fred+[anystring]@foo.com is still sent to fred. Tell your friends to address you as fred+friend@foo.com, and then have your client sort the "+friend" messages into a friends folder.
Why not be able to create a list of valid plus extensions in your client, which would then post them to the server? Why not be able to create your own rule for messages that arrive with no extension? You could instruct your client to instruct the server to accept them or to bounce them back to the sender as simply nonexistent addresses.
You could create an extension in your client and specify an expiration date. Your client informs the server. Then you post your email address publicly, a Usenet question perhaps, and your server would accept responses until the date you specify, and then bounce everything thereafter as spam.
With so many addresses expiring quickly and users able to get their servers to hide their non-expiring addresses from mail with certain characteristics, the spammers databases would become much less usable.
"Those who have never entered upon scientific pursuits know not a tithe of the poetry by which they are surrounded."
...the reporter could have gotten more info if she didn't keep telling these people that she is a reporter?!?!
How's this for investigative journalism?
1. Locate Spammers
2. Call and explain to spammers that you are a reporter
3. Determine if spammer has hung up
4. If step 3 is yes, call spammer back and leave message
5. Repeat
Sig: What Happened To The Censorware Project (censorware.org)
This is probably old news, but its just a thought.
What if it were required by law that every company must track WHERE and WHEN they obtained any e-mail address that they send bulk messages to. If you requested to be removed from their list "recursively" the offending company would have to notify its provider. Each company would have to notify any company they bought the address from that you want your information kept PRIVATE. The recursive notification would only go UP the chain. I'd love if it they had to notify everyone they sold it to as well, but this might not be practical. Each provider would send you a message as they removed you from their list. Each company would have to keep your e-mail address on a black list for a period of time you specify (such as "until hell freezes over") and not send you further mesasges until that time elapses.
You would have as evidence the date/time you were removed and would have grounds for damages in the event that someone repurchased your address from a provider or they didn't remove you.
Until then, I'll just continue to give my email address out as myname_companyimgivingitto@mydomain.com
So far, 99% of the spam is coming from myname_usenet@mydomain.com, which is about to be automatically filtered and deleted.
You mean line Wpoison?
A year or two ago I came to the conclusion that you cannot stop all the spammers using filters. You can use any filtering program you want, but either you going to loose some e-mail or some spam will get though (or both). You can use fake e-mail addresses but many sites now-days check by sending you a confirmation e-mail that requires you to do something with information you get in the e-mail. But what you CAN do is control how they get your e-mail address in the first place.
/dev/null's email coming into that account.
;-).
Here is my easy method to track the bastard that sold your address. All you need is your own domain and control over the e-mail server - as many of my fellow geeks do.
Using my domain - I created an account for dealing with spam. I then created an alias which will put all e-mails without a specific mailbox into that account. (for example - the qmail/vmailmgr allows you to create "+" alias as such catch-all address)
Now comes the fun part- every time I need to use my e-mail in public - I make up an e-mail address that makes it easy to figure out where I used it. To make sure I do not create a real mailbox with same name - I use a specific prefix (like ns- for no spam) to make all of those e-mail addresses stand out (example - when signing up for e-bay, I sign up with ns-ebay@mydomain.com. Now when that spam arrives I can find out which e-mail address it is destined to - and which place it came from.
The last part of this comes after a while. Eventually some addresses start getting too much spam and you seem to end up where you started. No problem. I create a new alias that bounces or
If I find that I gave out an address to a trustworthy source, I can even create an alias to go to my main mailbox.
Of course, if you go to a source that is guaranteed to leak your address to spammers, no point to even bother with all this - that's what the free webmail accounts are for
The interesting part of all this is that to my own surprise I find that most sites are pretty good at keeping your privacy when you sign up. So far the biggest culprits were postings on USENET (well, duh!) and ebay - but e-bay were all from massmailings by people I bought from and they were good at removing my address when asked to.
Hope this helps.
-Em
RelevantElephants: A Somatic WebComic...
I use procmail to filter out email from anyone not in my address book to a different account. That way I can check the spam account once a day, and won't be bothered the rest of the time.
.*myisp.com
.*networksolutions.com
.*otherimportantdomains
I export the email addresses in my address book to a file which I FTP to my server. Here is the procmail recipe I use on the server:
-------
SHELL=/bin/sh
FROM=`formail -rzxTo:`
:0
* ! $FROM ??
* ! $FROM ??
* ! $FROM ??
* $ ! ? cat emaillist.txt | fgrep -iqs "$FROM"
! spam@account.com
----
You could do what I do -- go into your prefs and mark all 'funny' comments as -6. It sounds extreme, and at first I felt like I was missing something by not having funny comments. But then every time I turned it off, I could just feel brain cells dying.
YMMV, though.
If you have your own domain name, simply use abuse@yourdomainnamehere.com as your primary e-mail address and you'll never be spammed. After 3 years I am still waiting for my first spam
There's a column in today's Washington Post on spam:
I arrive at my office, uncap my coffee, unwrap my bagel, open my e-mail and face the first searing public policy question of the day: "Do you want to watch teens make their first porn video?"
It's called "The Great American Spam Attack", by Ellen Goodman.
However, such programs generate incredible amounts of traffic - the money generated far exceeds the bad publicity and attention the occasionally poorly targeted email generates.
Sorry this is long -- please bear with me.
We need to realize or accept these things:
1. We absolutely cannot directly control the behavior of all the spammers. No law is going to stop all of them from sending spam. No law enforcement agency is going to search all of them out and prosecute all of them. No punitive action (legal or otherwise) by a group of users is going to dissuade all of them. And if we don't stop all of them, there will still be spam in our mailboxes. We can safely give up on this kind of thing.
2. The problem with spam is not that they send it, but that we receive it and it's in our faces when we want to read our real email, and it's annoying to have to deal with it. So we need to stop worrying about the sending of the spam. We have to handle it at the receiving end (our end).
3. The spammers are will continue to be motivated to send spam because it works often enough to be profitable for them.
4. Inbound mail filtering on addresses or message content will never go far enough. Some spam (new junk from new sources) will continue to get through, and the spammers will be encouraged enough to continue.
Solving the problem means making a couple of changes -- one fundamental (about the way we think about email) and one sweeping (across as many email systems as possible):
1. The fundamental part -- we must change the way we think about accepting email from unidentified senders. It is the acceptance of mail from unverified sources that allows spam to work at all.
2. The sweeping-change part -- we need to implement (or lobby for) verified-sender mail delivery systems everywhere, and get it to be the default delivery mechanism for new accounts. These are the kind of systems (like TMDA) that use whitelists to allow mail to be delivered, with all other inbound mail (except the blacklist) gets an auto-response with a code - the sender is asked to reply to the auto-response in order to get their original mail delivered. Responders are added to the whitelist. People will get used to the verification process -- it isn't terribly burdensome.
Anyway, if no response comes back in X days, the message may be discarded, optionally adding the sender's address to a blacklist.
This kind of delivery system stops spam because of the very nature of spam -- the sender never looks at replies to his spam. Think about it.
It isn't necessary to use TMDA -- it's just one example of this kind of system. I ended up writing my own system with scripts and procmail. I'm down from 30-40 spams per day to zero, and my email is usable again.
If we do this across the board and make it the default condition for new accounts, spam will stop working for those who use it. When the response rate drops to zero, they'll quit spending money on it.
This does not address the issue of the cost of receiving the spam (for those who pay by the byte), but if we can make it all dry up and go away by making it stop working, that problem would solve itself.
Disclaimer: this is all opinion, of course. Your mileage may vary.
TyZone
Lets take all of our spams on a daily basis and put 'em into a large database for analysis, and output cool statistics. Would Larry Ellison like to help with this one?
Then parhaps, the FTC/FBI could use the data as a tool for investigation in order to link paterns in the database to their respective spamlords.
Skiers and Riders -- http://www.snowjournal.com
The least you can do is cost the spammer their account. Depending on the spams contents I...
Traceroute the last reliable IP of the sending email address. Know your mail gateways and take the IP address it received the mail from, traceroute it and report to abuse@[someisp].[ext]. If seems unreputable, cc their isp.
Visit the web page. Do it. This is to find out if there's a redirect in place. http://[somefreewebhost].com/[directory] redirects to http://[scumballspammer].com/ . Traceroute and report the site it redirected you to to the appropriate ISP. Least it will do is annoy the sysadmin, and we know how sysadmins can be. Best case is they lose their site, any money put toward it, and pay a penalty fee.
If the web page sends you somewhere to order, visit it, traceroute it, and report. (Same reasons as above.)
In the case of javascript encoded html, it's easy to rewrite. Look for the document.write( xxx ); statement and change it to document.write( "<form><textarea>" + xxx + "</textarea>" ); . Repeat as necessary. Follow steps above.
Normally, spammers use bogus return addresses, right?
So how about this: every time my computer receives an email, it initiates a connection to the sender and tries to send a reply message. If the sender's server accepts the email address, close the connection (i.e. cancel the message before it's finished). If the server rejects the email address, you know the return address is invalid, so you can throw away the message (or filter it into a different box).
Of course, spammers might start to make the return addresses random (but valid) return addresses at yahoo, etc. - but that will just get Yahoo very, very mad, and they'll track down and sue the spammers.
Probably never gonna happen, but I've never heard that particular idea before...
Notice the hotmail account guys who was tricked by the MSN Messanger setup talking about "We never gave our mails, not even using it but when we checked not to get it suspended , we figured there are 100 spams!"?
A guy/gal using Hotmail gets heavily advertised to use and install MSN Messanger and some does it just to have a online mail checker for hotmail.
Now the freaky part begins... http://news.com.com/2100-1001-833154.html
Yes... With a not-so-advanced 133t jscript tactics, they can harvest your mail AND the mails of others unless they use a nickname. I don't see any reason like 90% of people would change their know Hotmail adresses to nicknames.
More interestingly CNET reporter tries to say (I congratulated him for breaking that story btw) "It is not so serious". YES it is serious!
For months I was telling my friends I am not using MSN messanger because I believe spammers/harvesters found a way to get my MSN signon name and spamming me. They called me paranoid, anti-ms but recent days they admitted "We don't know how too but there must be a way and we are getting spams"
Can anyone tell me how that glitch isn't serious?
http://www.yelm.freeserve.co.uk/spamido/
Government of the people, by corporate executives, for corporate profits.