Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fighting Spam on the Home Front

Posted by timothy on from the just-post-their-whereabouts-like-child-molesters' dept.

Saint Aardvark writes: "Something interesting from the SecurityFocus Honeypot mailing list: a couple of honeypots for spammers. This message has a link to a how-to page for setting up a Sendmail honeypot to trap spammers, and the status page for a honeypot in Moscow that's trapped spam meant for >1.7 million recipients. The author mentions using a honeypot in conjunction with the Distributed Checksum Clearinghouse -- this seems like a great way identify both spammers and their messages."

And C-Moan writes: "Wireless spam volume is likely to increase in the coming years. But smart use of spam-fighting measures can go a long way toward eliminating the problem. This article provides info about the latest crop of e-mail filters and enhanced mail client options, as well as two roll-your-own programming platforms that could help keep your in-boxes spam free."

9 of 300 comments (clear)

  1. What am I missing? by Carmody · · Score: 3, Insightful

    I read the article, and it seems to be based on this.

    (1) Spammer sends bunch of stuff to someone who is throwing it away, unread

    (2) ? ? ?

    (3) Spammer is discouraged from sending spam

    In other words, I understand that that spammer THINKS his spam is reaching endusers, when, in actuality, it is not. But I don't understand how that discourages or harms the spammer in any way.

    --
    God is real unless declared integer
    1. Re:What am I missing? by GeorgeH · · Score: 5, Insightful

      (2) Spammer sees .01% response rate drop to .0000001% response rate (finding open relays, spidering email addresses, etc). Looks at books and sees that he spent 10 hours getting everything together to spam. Additionally, he spends 30 hours dealing with people who call pretending to be interested, keep him on the line, and then say that their credit card number is "spammers suck." So he spent 40 hours and only sold one widget, that he gets a $5 profit on. Realizes that he could have made more money working 40 hours at Mcdonalds, and there are nicer customers to boot.

      The reason people spam is the cost is low. Increase the cost of doing business and they will reevaluate.

      --
      Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
    2. Re:What am I missing? by Carmody · · Score: 3, Insightful

      (2) Spammer sees .01% response rate drop to .0000001% response rate (finding open relays, spidering email addresses, etc)

      This is an interesting answer. If the spammer is looking at response RATES, that answers my question, because the honeypot will decrease the apparent response rate. But wouldn't a spammer be looking at the response TOTALS? In other words, "I spend $1,000 to send a spam, and I got $10,000 in orders, so I made 10x my investment." The response total will not change if there are honeypots or not, because the spam would be blocked by the ISP who set up the honeypot in either case.

      Your argument works if the time investment (the 40 hours you detailed) goes up as the response rate goes down. I don't believe it does that - whether or not a honeypot is set up, the spammer still sends out the same quantity of spam.

      Do you agree with me, or am I still being thick?

      --
      God is real unless declared integer
  2. most effective by TheSHAD0W · · Score: 5, Insightful

    The most effective solution for fighting spam is NOT legal; it is also not honeypots, or open server bans. It's community action.

    Did you receive a spam directing you to a website? Good. Surf there. Reload. Reload a few hundred times. 800 number? Call it and complain. When they hang up on you, call back.

    Multiply this by even a small fraction of the people the company sent spam to and swamp their lines and slashdot their servers. They won't be making any sales, and any earnings they do make won't come close to paying their bandwidth or phone bills.

  3. Re:What's funny is... by Binestar · · Score: 5, Insightful

    2) at times HTML emails contain images located on a server. This allows them to track if a message has been read and which message.

    This is exactly that, most HTML e-mail messages you get contain an image. Alot of those images are formatted in such a way like:

    img src="http://www.spammersite.com/spampic.jpg?you@yo urisp.com"

    So the image display's, and they now have a list of e-mail addresses of people who looked at the message.

    So now you don't even have to click anything, they know you are looking at the message just by your mail client opening the picture.

    --
    Do you Gentoo!?
  4. Hmmm by NiftyNews · · Score: 4, Insightful

    This isn't flamebait, but what is the point of doing all of this?

    So now the spammers have a lot of worthless addresses. Well let's think about that for a minute. Spam is built around a theory that next-to-no-one will reply anyway, so that doesn't matter much. Spammers also rarely pay for their own bandwidth, choosing instead to spoof unsecure machines to do their dirtywork. So in the long run, you only end up giving them more worthless addresses that creates more wasted bandwidth, neither of which really harms the people you are attempting to target.

    --
    ------
    Today's Top Deals
  5. The solution is not legislative! by warpSpeed · · Score: 3, Insightful

    We do not need more laws "protecting" us! What we really need is a easy to use universal email crypto standard where everyone will sign thier email. Any mail not signed is immediatly suspect. Any keys you do not recognize are suspect.

    Standard crypto would serve us much better then any new law (set of laws) and the possible abusive applications of said law(s). We would surly end up with all sorts of lawful and awful unintended consequences as a result af anything that is generated by any government.

    ~Sean

  6. Cratered or overloaded dropboxes by ShaunC · · Score: 3, Insightful

    I've occasionally replied to spam posing as a potential customer, usually when I want to know who's really behind a particular spam. I don't hear back from humans very often, either. I doubt it's that the spammer (or his client) doesn't want our "business." In most cases I think it can probably be explained by one of the following,

    a) Spammer sent spam, checked for replies for awhile, then abandoned that dropbox for a fresh one. By the time I replied to his spam, he was no longer checking on that box.

    b) Spammer sent spam, and because everything under the sun was in tune, someone with a clue was reading abuse@ and nuked his dropbox.

    c) Spammer sent spam, got mailbombed with thousands of junk letters and didn't bother to clean the dropbox out. Both Hotmail and Yahoo - from my experience, anyway - will spool new messages for you even when you exceed your storage quota. Those messages won't show in your inbox until you delete some of the existing drek, but they don't bounce either; we could be sending order inquiries to a "full" dropbox that's never cleared.

    Of course, we can always dream about

    d) Spammer sent spam, was visited by a few guys with baseball bats, and was rendered physically unable to reply to our solicitations!

    Shaun

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  7. Re:spider traps, Elcomsoft and SPAM by cyberformer · · Score: 3, Insightful
    Dmitry didn't write the spam software. He simply worked for the company part-time, doing something entirely unrelated.

    It isn't really fair to blame interns who happen to work for [insert name of evil corporation] for the company's possibly unethical behaviour. I doubt that many people here agree with everything their employer's does. (I know I disagree with my employer's decision not to promote me and give me a big fat pay rise...)