Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fighting Spam on the Home Front

Posted by timothy on from the just-post-their-whereabouts-like-child-molesters' dept.

Saint Aardvark writes: "Something interesting from the SecurityFocus Honeypot mailing list: a couple of honeypots for spammers. This message has a link to a how-to page for setting up a Sendmail honeypot to trap spammers, and the status page for a honeypot in Moscow that's trapped spam meant for >1.7 million recipients. The author mentions using a honeypot in conjunction with the Distributed Checksum Clearinghouse -- this seems like a great way identify both spammers and their messages."

And C-Moan writes: "Wireless spam volume is likely to increase in the coming years. But smart use of spam-fighting measures can go a long way toward eliminating the problem. This article provides info about the latest crop of e-mail filters and enhanced mail client options, as well as two roll-your-own programming platforms that could help keep your in-boxes spam free."

13 of 300 comments (clear)

  1. If you don't drop the TCP SYN, you're dead. by Anonymous Coward · · Score: 5, Interesting

    I run a fourth level .ca domain. It gets so much spam that the only solution for me was to put in firewall rules. TCP port 25 is open for my 5 friends, and a few mailing lists. For everyone else, it's closed.

    I've got a longer rant on my web page, but I won't post it here, as the machine will die.

    Suffix it to say that I can't afford 500k+ spams a day. The SMTP 'HELO', 'MAIL FROM', and 'RCPT TO' traffic for spam was getting to a gigabyte of
    traffic every few days.

    rbl doesn't work. The spammers that hit me aren't listed on it. 'teergrube' doesn't work. I can't afford the bandwidth or the CPU time to maintain millions of open connections.

    When you get spam, if you do ANYTHING other than
    drop the TCP SYN packet, you've lost.

  2. vipul's razor!!!1` by notsoanonymouscoward · · Score: 5, Interesting

    This sounds alot like vipul's razor a fellow checksum'ing spam catcher. In addition to being free and open source, I think vipul's has been around longer than these other guys. They also use honeypots to catch lots of spam, but I believe not so much in the relay dept.

    --
    I ate my sig.
  3. Spam only has a political/legislative solution by GSloop · · Score: 5, Interesting

    I've come to the realization that the solution to spam is political/legislative.

    I use SpamAssassin and it blocks virtually all spam, but that doesn't really solve the problem. Most users can't use spam assassin, or other good spam blocking system. Spamcop is good too, but that's now $3/month. Why should I be forced to pay to haul the spam, and $3/month not to see it?

    The solution as I see it is this. We need legislation that allows for damages from the beneficiary of the spam. Almost all of the spam I get comes from SMTP servers in China and Eastern Europe. Good luck getting these people shutdown. Or, it comes from an open relay. Again, it's useless to attack the unwitting/stupid party, although it might have some effect here. But the spam beneficiary almost certainly has a bank account in your country, or some bank funds transfer mechanism. If they want to do lots of business with the US or other countries, there's going to be somefinancial presence there. So, we now have money...just tap into that money, by making the beneficiary of spam a civil tort, and spam just gets more expensive to promote.

    When the demand for spam drops, because it's too expensive, then the demand for the out of country spam services drops, and eventually, most spam stops.

    There would need to be some way to keep companies from being "set-up" as spam beneficiaries, but I think that shouldn't be too hard of a problem to solve. (Who's going to pay a spammer to "set-up" someone else, when the risk could be quite high if you get caught?)

    Anyway, I'm starting to print out the most scummy spams, Porn etc (Esp pictures) and I'm going to mail them to my Congressmen and Senators. I don't know that they care, but I can pretty much guarantee they're going to get sick of getting such sicko stuff in the mail. Perhaps they'll actually do something. I've even pondered sending it all to every congressman and every senator, but that's a bit costly!

    Well, do your damage...

    Cheers!

    1. Re:Spam only has a political/legislative solution by jazman_777 · · Score: 5, Funny
      I've come to the realization that the solution to spam is political/legislative.


      I've come to the realization that the solution to spam is vigilante justice. That's how my emotions are, anyway.

      --
      Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  4. Re:Fight Spam by Zach+Garner · · Score: 5, Informative

    uce@ftc.gov is for this purpose.

    UCE = Unsolicited Commercial E-Mail FTC = Federal Trade Commission

    If you send it to someone like your congressman, YOU are spamming. If you do it often enough, I'm sure they will have a word or two with your ISP.

    If someone sends you a letter filled with anthrax, forwarding it to the president will not make things better...

  5. Teergrube by quigonn · · Score: 5, Informative
    What can be generally interesting when fighting spam is
    1. razor (I recently posted a message about it on /.)
    2. A "teergrube". This is german for "tar pit". In the ice age, animals like mammoths trapped into them, today the spammers shall trap into them. Lutz Donnerhacke wrote an interesing FAQ about it, you can get it from here (english, of course). IMHO every ISP should run such a teergrube on his SMTP host.
    --
    A monkey is doing the real work for me.
  6. Wireless spam in Finland by Anonymous Coward · · Score: 5, Interesting
    Short-messaging (SMS) is enormously popular in Europe. Here in Finland, the porn spammers begun to capitalise on the popularity by sending "call this number to get your cock sucked by beautiful ladies" kind of SMS spam to arbitrary listed numbers including underage kids' cellphones.

    This kind of spam exists no more. How? It was made illegal practically overnight and that shut the bastards down.

    The spam problem is a political problem. Until there is enough political will in your governments to crack down on the spammers HARD, the spam problem will be getting worse and worse.

  7. most effective by TheSHAD0W · · Score: 5, Insightful

    The most effective solution for fighting spam is NOT legal; it is also not honeypots, or open server bans. It's community action.

    Did you receive a spam directing you to a website? Good. Surf there. Reload. Reload a few hundred times. 800 number? Call it and complain. When they hang up on you, call back.

    Multiply this by even a small fraction of the people the company sent spam to and swamp their lines and slashdot their servers. They won't be making any sales, and any earnings they do make won't come close to paying their bandwidth or phone bills.

  8. Re:What am I missing? by GeorgeH · · Score: 5, Insightful

    (2) Spammer sees .01% response rate drop to .0000001% response rate (finding open relays, spidering email addresses, etc). Looks at books and sees that he spent 10 hours getting everything together to spam. Additionally, he spends 30 hours dealing with people who call pretending to be interested, keep him on the line, and then say that their credit card number is "spammers suck." So he spent 40 hours and only sold one widget, that he gets a $5 profit on. Realizes that he could have made more money working 40 hours at Mcdonalds, and there are nicer customers to boot.

    The reason people spam is the cost is low. Increase the cost of doing business and they will reevaluate.

    --
    Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
  9. Want to stop span? by Anonymous Coward · · Score: 5, Interesting

    Get 1000 /.ers to setup a web page on a simple box they already have or on a free web server... in fact, setup hundreds of pages. Embed in the page every political email address you can find as well as a honeypot one you setup. Set the honeypot one up to forward to the political addresses as well (all of them).

    After senator what's his face gets spammed by 10000+ p04n addresses a day for weeks on end he might take notice.

  10. Anyone ever... by digitalsushi · · Score: 5, Interesting

    anyone ever responded to a spam pretending to be interested in the product? I get about a 20% turnaround on "serious inquiries". If I am using a real email address and look like a real customer, and they arent even writing back to me... they must be spamming several times what they could "legitimately" handle.

    --
    slashdot: where everyone yells sarcastic metaphors to themselves to understand the issue
  11. Re:What's funny is... by Binestar · · Score: 5, Insightful

    2) at times HTML emails contain images located on a server. This allows them to track if a message has been read and which message.

    This is exactly that, most HTML e-mail messages you get contain an image. Alot of those images are formatted in such a way like:

    img src="http://www.spammersite.com/spampic.jpg?you@yo urisp.com"

    So the image display's, and they now have a list of e-mail addresses of people who looked at the message.

    So now you don't even have to click anything, they know you are looking at the message just by your mail client opening the picture.

    --
    Do you Gentoo!?
  12. SpamAssassin! by mr.nicholas · · Score: 5, Informative
    I guess I have to throw in my $0.02 here. Instead of relying on a single services or technique for stopping SPAM, try something heuristic that combines the best of multiple worlds: SpamAssassin, for example.

    It uses a weighted score that derives it's values from a variety of sources including Razor and various Black Hole Lists.

    The type of heuristics are along the lines of:

    SPAM: -------------------- Start SpamAssassin results ----------------------
    SPAM: This mail is probably spam. The original message has been altered
    SPAM: so you can recognise or block similar unwanted mail in future.
    SPAM: See http://spamassassin.org/tag/ for more details.
    SPAM:
    SPAM: Content analysis details: (12.24 hits, 5 required)
    SPAM: Hit! (1 point) From: contains numbers mixed in with letters
    SPAM: Hit! (1.2 points) From: does not include a real name
    SPAM: Hit! (1 point) 'Message-Id' was added by a relay (2)
    SPAM: Hit! (1 point) Subject contains lots of white space
    SPAM: Hit! (1 point) BODY: List removal information
    SPAM: Hit! (1.56 points) Contains phrases frequently found in spam
    SPAM: [score: 26, hits: accept credit, credit cards,]
    SPAM: [fill out, for your, more information, our]
    SPAM: [company, phone number, receive further, remove]
    SPAM: [the, reply this, subject line, thank you, the]
    SPAM: [subject, this email, wish receive, word remove,]
    SPAM: [you for, you like, you wish, your]
    SPAM: [email]
    SPAM: Hit! (1 point) spam-phrase score is over 20
    SPAM: Hit! (1 point) Received via a relay in inputs.orbz.org
    SPAM: [RBL check: found 14.54.162.63.inputs.orbz.org.]
    SPAM: Hit! (2 points) Received via a relay in relays.osirusoft.com
    SPAM: [RBL check: found 6.223.155.212.relays.osirusoft.com., type: 127.0.0.9]
    SPAM: Hit! (1.48 points) Subject contains a unique ID number
    SPAM:
    SPAM: -------------------- End of SpamAssassin results ---------------------