Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fighting Spam on the Home Front

Posted by timothy on from the just-post-their-whereabouts-like-child-molesters' dept.

Saint Aardvark writes: "Something interesting from the SecurityFocus Honeypot mailing list: a couple of honeypots for spammers. This message has a link to a how-to page for setting up a Sendmail honeypot to trap spammers, and the status page for a honeypot in Moscow that's trapped spam meant for >1.7 million recipients. The author mentions using a honeypot in conjunction with the Distributed Checksum Clearinghouse -- this seems like a great way identify both spammers and their messages."

And C-Moan writes: "Wireless spam volume is likely to increase in the coming years. But smart use of spam-fighting measures can go a long way toward eliminating the problem. This article provides info about the latest crop of e-mail filters and enhanced mail client options, as well as two roll-your-own programming platforms that could help keep your in-boxes spam free."

7 of 300 comments (clear)

  1. Re:Fight Spam by Zach+Garner · · Score: 5, Informative

    uce@ftc.gov is for this purpose.

    UCE = Unsolicited Commercial E-Mail FTC = Federal Trade Commission

    If you send it to someone like your congressman, YOU are spamming. If you do it often enough, I'm sure they will have a word or two with your ISP.

    If someone sends you a letter filled with anthrax, forwarding it to the president will not make things better...

  2. Teergrube by quigonn · · Score: 5, Informative
    What can be generally interesting when fighting spam is
    1. razor (I recently posted a message about it on /.)
    2. A "teergrube". This is german for "tar pit". In the ice age, animals like mammoths trapped into them, today the spammers shall trap into them. Lutz Donnerhacke wrote an interesing FAQ about it, you can get it from here (english, of course). IMHO every ISP should run such a teergrube on his SMTP host.
    --
    A monkey is doing the real work for me.
  3. Re:Fight Spam by Anonymous Coward · · Score: 4, Informative
    PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION ON "Unsolicited Commercial E-Mail"

    On another front, the FTC set up a special electronic mailbox reserved for UCE in order to assess, first hand, emerging trends and developments in UCE. With the assistance of Internet service providers, privacy advocates, and other law enforcers, staff publicized the Commission's UCE mailbox, "uce@ftc.gov," and invited consumers to forward their UCE to it. The UCE mailbox has received more than 2,010,000 forwarded messages to date, including 3,000 to 4,000 new pieces of UCE every day. Staff enters each UCE message into the database; UCE received and entered in the database within the preceding 6 months is searchable. Periodically, staff analyzes the data, identifies trends, and uses its findings to target law enforcement and consumer and business education efforts.

  4. Re:spider traps by Raphael · · Score: 4, Informative
    I recall a number of scripts meant to trap spidering harvesters by generating endless pages of bogus content, with bogus addresses.

    You are probably refering to Sugarplum or Wpoison.

    I wonder how useful they would be in a honey pot setup, if you had the bandwidth to spare.

    They perform two very different purposes: the poisoning scripts mentioned above are designed to fool the robots that harvest e-mail addresses. They slow down the spammers and introduce many invalid addresses in their list, but they cannot completely prevent the spammers from collecting e-mail addresses.

    The fake open relays mentioned in the article are designed to stop the spammers from sending their spam. The spammers think that they have found a nice open SMTP relay and they dump all their spam to it, but in the end nothing is sent to the intended recipients.

    You could of course run both on the same machine, but this is probably not a good idea because the goals of these spam traps is to convince the spammers that they have found a "live one". If there is anything that looks strange on the target site (such as a warning generated by their harvesting robot), it is likely that they would consider this to be a suspicious site and they would not try to use it to relay their spam.

    --
    -Raphaël
  5. Another article about stopping spambots by primetyme · · Score: 4, Informative
    shameless plug

    I posted an article that deals with stopping spambots with common apache tools last week in the apache section of slashdot. hopefully some can find use of it here as well :)

    here's the link directly to the article as well:
    Stopping Spambots II - The Admin Strikes Back

  6. SpamAssassin! by mr.nicholas · · Score: 5, Informative
    I guess I have to throw in my $0.02 here. Instead of relying on a single services or technique for stopping SPAM, try something heuristic that combines the best of multiple worlds: SpamAssassin, for example.

    It uses a weighted score that derives it's values from a variety of sources including Razor and various Black Hole Lists.

    The type of heuristics are along the lines of:

    SPAM: -------------------- Start SpamAssassin results ----------------------
    SPAM: This mail is probably spam. The original message has been altered
    SPAM: so you can recognise or block similar unwanted mail in future.
    SPAM: See http://spamassassin.org/tag/ for more details.
    SPAM:
    SPAM: Content analysis details: (12.24 hits, 5 required)
    SPAM: Hit! (1 point) From: contains numbers mixed in with letters
    SPAM: Hit! (1.2 points) From: does not include a real name
    SPAM: Hit! (1 point) 'Message-Id' was added by a relay (2)
    SPAM: Hit! (1 point) Subject contains lots of white space
    SPAM: Hit! (1 point) BODY: List removal information
    SPAM: Hit! (1.56 points) Contains phrases frequently found in spam
    SPAM: [score: 26, hits: accept credit, credit cards,]
    SPAM: [fill out, for your, more information, our]
    SPAM: [company, phone number, receive further, remove]
    SPAM: [the, reply this, subject line, thank you, the]
    SPAM: [subject, this email, wish receive, word remove,]
    SPAM: [you for, you like, you wish, your]
    SPAM: [email]
    SPAM: Hit! (1 point) spam-phrase score is over 20
    SPAM: Hit! (1 point) Received via a relay in inputs.orbz.org
    SPAM: [RBL check: found 14.54.162.63.inputs.orbz.org.]
    SPAM: Hit! (2 points) Received via a relay in relays.osirusoft.com
    SPAM: [RBL check: found 6.223.155.212.relays.osirusoft.com., type: 127.0.0.9]
    SPAM: Hit! (1.48 points) Subject contains a unique ID number
    SPAM:
    SPAM: -------------------- End of SpamAssassin results ---------------------

  7. Re:Checksumming -- defeatable? by zsmooth · · Score: 4, Informative

    Am I missing something?

    Yes. The DCC page states that they use a 'fuzzy' checksumming algorithm that doesn't just checksum the whole message, and that the algorithm is evolving as spam evolves.