Fighting Spam on the Home Front

Saint Aardvark writes: "Something interesting from the SecurityFocus Honeypot mailing list: a couple of honeypots for spammers. This message has a link to a how-to page for setting up a Sendmail honeypot to trap spammers, and the status page for a honeypot in Moscow that's trapped spam meant for >1.7 million recipients. The author mentions using a honeypot in conjunction with the Distributed Checksum Clearinghouse -- this seems like a great way identify both spammers and their messages."

And C-Moan writes: "Wireless spam volume is likely to increase in the coming years. But smart use of spam-fighting measures can go a long way toward eliminating the problem. This article provides info about the latest crop of e-mail filters and enhanced mail client options, as well as two roll-your-own programming platforms that could help keep your in-boxes spam free."

If you don't drop the TCP SYN, you're dead.

I run a fourth level .ca domain. It gets so much spam that the only solution for me was to put in firewall rules. TCP port 25 is open for my 5 friends, and a few mailing lists. For everyone else, it's closed.

I've got a longer rant on my web page, but I won't post it here, as the machine will die.

Suffix it to say that I can't afford 500k+ spams a day. The SMTP 'HELO', 'MAIL FROM', and 'RCPT TO' traffic for spam was getting to a gigabyte of
traffic every few days.

rbl doesn't work. The spammers that hit me aren't listed on it. 'teergrube' doesn't work. I can't afford the bandwidth or the CPU time to maintain millions of open connections.

When you get spam, if you do ANYTHING other than
drop the TCP SYN packet, you've lost.

spider traps

[Alien54]

I recall a number of scripts meant to trap spidering harvesters by generating endless pages of bogus content, with bogus addresses.

I wonder how useful they would be in a honey pot setup, if you had the bandwidth to spare.

Delays with the sendmail-bd

[greyguppy]

I like the idea with sendmail -bd, not delivering any mail, but surely spammers will simply assume that an "open" relay that takes 2 days to deliver their test message is being moderated as such by somebody running a honeypot. Unless you can identify, and forward spam tests as quickly as if the mailserver was running properly, then the spammers will soon catch on.

vipul's razor!!!1`

[notsoanonymouscoward]

This sounds alot like vipul's razor a fellow checksum'ing spam catcher. In addition to being free and open source, I think vipul's has been around longer than these other guys. They also use honeypots to catch lots of spam, but I believe not so much in the relay dept.

Spam only has a political/legislative solution

[GSloop]

I've come to the realization that the solution to spam is political/legislative.

I use SpamAssassin and it blocks virtually all spam, but that doesn't really solve the problem. Most users can't use spam assassin, or other good spam blocking system. Spamcop is good too, but that's now $3/month. Why should I be forced to pay to haul the spam, and $3/month not to see it?

The solution as I see it is this. We need legislation that allows for damages from the beneficiary of the spam. Almost all of the spam I get comes from SMTP servers in China and Eastern Europe. Good luck getting these people shutdown. Or, it comes from an open relay. Again, it's useless to attack the unwitting/stupid party, although it might have some effect here. But the spam beneficiary almost certainly has a bank account in your country, or some bank funds transfer mechanism. If they want to do lots of business with the US or other countries, there's going to be somefinancial presence there. So, we now have money...just tap into that money, by making the beneficiary of spam a civil tort, and spam just gets more expensive to promote.

When the demand for spam drops, because it's too expensive, then the demand for the out of country spam services drops, and eventually, most spam stops.

There would need to be some way to keep companies from being "set-up" as spam beneficiaries, but I think that shouldn't be too hard of a problem to solve. (Who's going to pay a spammer to "set-up" someone else, when the risk could be quite high if you get caught?)

Anyway, I'm starting to print out the most scummy spams, Porn etc (Esp pictures) and I'm going to mail them to my Congressmen and Senators. I don't know that they care, but I can pretty much guarantee they're going to get sick of getting such sicko stuff in the mail. Perhaps they'll actually do something. I've even pondered sending it all to every congressman and every senator, but that's a bit costly!

Well, do your damage...

Cheers!

Wireless spam in Finland

Short-messaging (SMS) is enormously popular in Europe. Here in Finland, the porn spammers begun to capitalise on the popularity by sending "call this number to get your cock sucked by beautiful ladies" kind of SMS spam to arbitrary listed numbers including underage kids' cellphones.

This kind of spam exists no more. How? It was made illegal practically overnight and that shut the bastards down.

The spam problem is a political problem. Until there is enough political will in your governments to crack down on the spammers HARD, the spam problem will be getting worse and worse.

Want to stop span?

Get 1000 /.ers to setup a web page on a simple box they already have or on a free web server... in fact, setup hundreds of pages. Embed in the page every political email address you can find as well as a honeypot one you setup. Set the honeypot one up to forward to the political addresses as well (all of them).

After senator what's his face gets spammed by 10000+ p04n addresses a day for weeks on end he might take notice.

Anyone ever...

[digitalsushi]

anyone ever responded to a spam pretending to be interested in the product? I get about a 20% turnaround on "serious inquiries". If I am using a real email address and look like a real customer, and they arent even writing back to me... they must be spamming several times what they could "legitimately" handle.