Slashdot Mirror
Spam Increases Make Things Tough For Companies
dosten sent us a link to a story running
on Cnet about the spam epidemic. My favorite stat is that by 2006, we'll be getting 1400 spam
a year. Of course, I already get that every week. Talks about
foreign spam relays, block lists, and so on. Decent piece explaining
a huge problem that's only getting worse.
The biggest offender for me? Resume bots. I post my resume to see if people are hiring, and I get 12 messages a day from OTHER resume posting sites trying to get me to go there and post again.
If they're smart enough to grab my email addy, why can't they harvest my resume too and leave me alone?
-skip
The Chinese government ignored SPAM problems, until enough people blacklisted China and then they took notice.
Maybe we should forward all the spam that we receive to congress, with a little note attached. Maybe they would take notice, then.
Fight Spammers!
The 1400 number is a bit sketchy; I think to assume that SPAM will continue to grow at a current rate for four years is more than a bit unreasonable.
On the contrary, I think one of two things will happen:
1. SPAM will explode long before 2006 - the number of messages will grow to such an extent that a political solution will become unavoidable. In effect, the SPAMers will SPAM themselves out of existence - but not without paralyzing the net for some time.
2. SPAM click rates will continue to fall, and bandwidth costs will soar, so eventually the point will be reached that most SPAM will no longer be viable economically- this may be some time away, but I think it is certainly a possibility.
Even if costs increase, something tells me that 1) is far more likely to occur than 2)..... But the most likely thing to happen will be that I move to a address-book-only-accepted mailbox setup... Sigh.....
Malda, you idiot, the article says 1400 spams a YEAR, not a DAY. I figured this out within 5 seconds of reading the article. How much do you get paid for this??
I get a lot of Spam and I am thinking about keeping every piece of Spam that I receive for a whole year, just to see how much I end up with.
Has anyone else does something like this?
I recently sent a reply to a spam I recieved demanding $110 for my troubles. Maybe if everyone starts taking legal action against spammers, they'll get a clue, and stop bombarding us with this junk.
First "My favorite stat is that by 2006, we'll be getting 1400 spam a day." You KNOW that's not going to happen, and define we?? This is a very POOR appeal to statistics! Like you said, you get that in a week. So how many do I get in a week? Probably 2 pieces of spam, TOTAL. I definitely don't average one a day. Why? I don't know, I have a few email addresses, I just don't do stupid things with them! It's also why I barely get any junkmail in the real mail system!
Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!
Here is, what I believe to be, a better approach to fighting SPAM: Tagged Message Delivery Agent(TMDA)
--It's Pimptastic!--
Internet researcher Jupiter Media Metrix estimates that consumers will receive about 206 billion junk e-mailings in 2006--an average of 1,400 per person, compared with about 700 per person this year.
Still, that's only about 4/day which seems very conservative to me.
Consolidate your bills into one lower payment. Save thousands and your credit too! Debt consolidation professionals negotiate with your creditors to help you save money, lower your payments, & avoid bankruptcy. We have helped thousands & perhaps we can do the same for you! Not another loan. Just simple honest help.
Click Now!!! http://www.Get-Debt-Free.org
You received this email because you signed up at www.winaflatscreentv.com or with one of our approved third party marketing partners. To unsubscribe see below instructions. The products and/or services advertised in this email are the sole responsibility of the advertiser.
Certainly every man at his best state is but vapor
Spam was an epidemic since the Internet went commercial. And complaining about something thats as inevitable as death and taxes is not only poinless but also a waste of bandwidth...
I hate spam as much as the next guy, but I ask you are these articles that beat the issue to death really needed?
Find your lawmakers home emails - city council, county council, city prosecuting attorney,state reps, governor, state attorney general, federal delegations ...
And change your settings to "reply to" the spamsters that send you spam with their info.
They'll fix it fast if it affects them. That's why we have some of our state's laws about credit reports - it directly affected my senator's daughter (he's retired from the senate now).
Nothing like making it personal.
[note - I am not advising you do this - just pointing out what will happen if some people did this - caveat emptor]
-
--- Will in Seattle - What are you doing to fight the War?
As to China's complaints about corporate blocks, I'd suggest that if it were "landfill" or "waste" that was being dumped across their borders, I doubt the response would be much different -- block that border. At least ipchains is less painful than an AK-47.
-jhon
I noticed a massive increase in the amount of spam that I was getting. Fortunately I am running my own FreeBSD server for mail and I simply updated access lists for the frequent offenders. That blocked some, but I was still getting a great deal of mail coming in.
Finally I was told that I can identify countries by their IP block. Now that I block Korea, Russia and other countries I am not back down to my normal daily allowance of 2 pieces of spam a day.
I also have a spam blocking strategy others may want to use. Since I run my own domain I create an alias for every website which wants me to register. For example, here I have an alias for slashdot@offwhite.net which is posted along with my comments. I also have one for cdnow.com@offwhite.net, cnn.com@offwhite.net, etc. When I sign up for a newsletter or post comments I will know where the incoming spam originated. Unfortunately I found that my slashdot alias was the culprit for much of the mail. Spammers are obviously scraping this site.
After I put my spam blocking lists in place, in addition to the normal RBL features you can do with spam I am block tons of mail for me and all the users on my server. And in a single day the daily report that FreeBSD sends out shows that I blocked 111 pieces of mail just for my offwhite.net domain.
Perhaps eventually I can release some of these offending domains from my access/blocking list, but for now I am simply returning an obscure message that the user was not found. It is my hope that they simply remove my name from their lists. One can only hope.
Brennan Stehling - http://brennan.offwhite.net/blog/
He is the guardian of roughly 45,000 employees' e-mail in-boxes, protecting against unsolicited commercial messages that are nearly doubling in number every five months--and costing an estimated $1 per piece in lost productivity.
This is the real cost of spam, sifting through tons of junk to find the authentic business e-mails, dleteing them and such.
It doesn't seem like much, especially to a small company, but to a large one it could be a problem. Using the example, even if each user got just one spam a day, that's $45,000 in lost productivity.
I am the evil aardvark!
I have a hard time believing spam will proliferate to those levels. People would have to be responding and transacting money to make it worthwhile for spammers to increase acitivity.
.25 cal pistol in the back alley of a Hong Kong business...pap pap! Now that's an open relay.
If exploitable channels decrease, forcing the costs to spammers to increase, and revenue decreases, that should put an end to spamming. it should not encourage more smpamming.
I say we should push for legalized assassinations on spammers. A silenced
over here[cr.yp.to] it's explained what can IM2000 do for solving the spam problem.. or at least to make us live better.
I'm not the right person to explain it here, and djb does it better there. Go check it out..
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
Convince congress that spammers are hardened terrorists determined to destroy the technological infrastructure of the US. (This may requre a few million in kickbacks of course)
Before you know it, spammers will be being nuked out of existence!
As others have pointed out, this is 1400 a year, not per day. Malda needs to learn to read.
Secondly, I find the figure of $1 per spam to be kind of ludicrous. It takes me about 5 seconds to recognize a piece of mail is spam and delete it. 5 seconds of my time isn't worth $1. And the 10k it took the mail server to store the message and fraction of a penny in bandwidth aren't worth a dollar either.
If corporate anti-spam offices are costing that much, then they're wasting their money. Let employees delete their own spam messages. It's really not that hard. It wastes maybe 5 minutes per week of my time. Is it annoying? Absolutely. Is it an "epidemic"? I don't think so.
I hate spam as much as the next guy, but a sense of perspective is important. The technology to filter spam is rapidly advancing, and ISP's often *do* respond to complaints. Once Asia gets with the program, I'd expect this problem to subside somewhat.
(Disclaimer: not directly relevant, but I thought I'd share.) My email address is scannable from Usenet posts made when I was young and foolish, so there is no hope of it not being available to spammers. But, since using Spamcop, my spam levels decreased, and today at 9 AM MST, for the first time in years I checked my mail and it was spam free. I'm starting to suspect that spammers now keep lists of email addresses of people who are vigilant in reporting spam, and deleting them from their lists. (My hope is, that the CDs in which my email address resides, are now considered "no good," not just my address.) So, there is hope.
We are trying to cling to a system not designed with spammers in mind.
Instead of trying to make it illegal to send spam [which is not going to stop it anyways] why not just invent whole new protocols?
Primarily I'd add a hashcash payment system. Where in order for you to send me a message [that I would eventually see] you *must* do some work [e.g. find an N-bit collision].
The idea is simple and if implemented correctly will be a huge deterrent to sending spam. Specially if it takes you 2 seconds or so to prepare the email!
I think as a project I will implement a trivial version of this over TCP. In reality though it would be nice to see real professionals tackle something like this.
Face it SMTP is outdated and wholly inappropriate!
Tom
Someday, I'll have a real sig.
The easiest way to avoid most spam is to use disposable email addresses - open an account with Hotmail or Yahoo, etc. and use that as your "sign-up"/"service" email. Use your personal/work email just for that - work and personal correspondence. I rarely, if ever, get spam in my personal accounts.
The effect will hopefully be twofold:
1. You don't get spam where you don't want it.
2. Choke Hotmail & Yahoo with spam, turning it into a corporate nuisance. Then they might move to actually blocking it - say by blacklisting mail servers. After all, there's nothing like a little corporate sponsorship to get the job done in the U.S.
Ah, how I long for the good old days when you could just set a cron job that would mail a spammer a core dump every 10 minutes.
I have to wonder, though, instead of just blocking server, if someone might not develop software that would email back to the orginator of the message (that is, the retailer who created the spam or had it created) and make it very clear that you will not buy his product simply because he spammed you. (Are you listening, SonicBlue? I ain't buying squat from y'all!) Maybe that would get the point across.
Of course, there are always the bozos that break any cartel and loosers that will answer spams with subjects like "View my webcam!!"
"Love is a familiar; Love is a devil: there is no evil angel but Love." --William Shakespeare ('Love's Labors Lost')
spammassassin will catch 99% of your spam. Due to the massivley non-brilliant decision to write it in perl, its a resource hog. But it does the job.
Yup - i'm drowning in spam like the rest of us.... a 'typical' day is somewhere around 80 mails. Weekends are much worse....
BUT.......
There are MANY big name commercial companies that are spamming. They aren't stupid enough to spam themselves, they subcontract it to some other weasel who gets click-thru fees for the referrals that their spam generates.
My two biggest offenders are NetFlix and 1-800-Flowers.
Every piece of spam i get associated with a 'legit' company i make sure to forward to every address I can find on their web site, and make it very clear that I will NEVER do business with them as long as they maintain the practice.... and will discourage anybody who will listen to me to do the same.
It won't stop everything. I still get tons of 'Cum Guzzling Co-Ed's', 'Increase your Penis Size', 'Viagra without a prescription', and 'REPAIR YOUR CREDIT NOW' mail, but every little bit helps....
BOYCOTT NETFLIX
BOYCOTT NETFLIX
BOYCOTT NETFLIX
BOYCOTT NETFLIX
BOYCOTT NETFLIX
BOYCOTT NETFLIX
BOYCOTT NETFLIX
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
Before, when it was just the individual that was getting bombarded by offers of barely legal pr0n and penis enhancers, Big Brother (the govt) didn't really seem to care. Sure, a few states have instituted laws.. but honestly, how effective has the "ADV" required by CA law been, if at all?
Finally, we're seeing reliable, solid information from big companies on how much these bits of unwanted flotsam are costing in actual dollars. This is exactly what it takes to get the Govt. to stand up and take notice. The big guys have the money, power, and voice to get the message heard and force action.
Unfortunately, even once laws are in place, I don't see much of a decrease in spam. The senders are getting smarter and smarter, the harvesting techniques are getting better, and their obfuscated headers and relays make them damned hard to track. Add in the fact that a lot of this stuff is across international boundaries, which makes local laws difficult if not impossible to enforce, so even if you can track down the offender, you end up with an incredibly difficult case to litigate.
I can see the same thing happening in this situation that has happened with online casinos: when things get unfriendly, they'll simply move their base of operation to a country that doesn't much care what they do as long as they're spending money. And with the right set up, it doesn't matter if they're spamming from NYC or Antartica... their damned message will still get through to cost you time and headaches.
Moral indignation is jealousy with a halo - H. G. Wells
When I use Yahoo Instant Messenger and a new user tries to contact me I have to OK that new user. Why can't email be the same way?
Sure it may not actually be the same email that we know today, but if the Jabber system was extended to support mail which is stored persistently, then it would be possible to actually check your mail in that way. And if a new sender wants to communicate with you, you could OK their messages. Over time the people who need to contact you on a regular basis would have the ability to get right into your inbox. The rest will have to sit in a sort of limbo.
I would also suggest that you could put in an access list to allow in domains that you trust, such as myschool.edu, mywork.com, etc.
Such a system would not work easily within the SMTP protocol, but why do we need to stick to SMTP. Why not migrate to a new method which takes into account the way spammers make their money.
Brennan Stehling - http://brennan.offwhite.net/blog/
This has been mentioned before (but I'm too lazy to search for the artcile), but blacklists aren't the answer. As inconvenient as it sounds, whitelists are the way to go. If your e-mail address isn't on the whitelist, your message doesn't get delivered. When a message is received that isn't on the whitelist, an automated message is sent to the sender informing them that they can be added to the whitelist by replying to this e-mail with a provided hash/password. Once they reply to the notification e-mail, they are whitelisted and their original message is delivered. Anyone who wanted to maintain a whitelist could do so, those who didn't want to bother with it could deal with the spam.
I admit i didn't read the article, so i don't have something to say about it.
However.
I have this thought: So far we've talked about numerous ways to fight spam: do this, do that, don't do the other thing... but we (the people that hate spam) have yet to find a way to really get rid of spam from the root.
I'm all ears. And i think it is safe to say, we all are.
Looking for people to chat about multicopters, coding, music. skype: gtsiros
So... (NLP stuff aside) is this why secretaries will never become obsolete no matter how advanced technology gets? (this isn't entirely true, i guess, but then you step into AI land which isn't what i'm talking about)
Maybe the spammers should focus on only AOL addresses since their members seem to like daily solicitation, and leave the rest of us alone!
Maybe we should enlarge the spammers penises. There is a variety of heavy machinery that could be used to result in a much larger (but paper thin) penis. Or perhaps we should shove bottle after bottle of their "herbal Viagra" down their throats until they are unable click the 'send' button.
'sigh' [deletes another batch of spam]
Starsucks
One thing that has always ticked me off is the notion of the "corporate citizen". Corporations are legal entities created by an act of Congress. Corporations are not citizens, they do not vote, and often times corporations don't pay taxes. Corporations are not mentioned ANYWHERE in the Constitution and therefore corporations DO NOT HAVE A RIGHT TO FREE SPEECH!
:-)
If Congress weren't a complete fraud Congress would acknowledge the fact that corporations are not citizens, and the fact that corporations have no right of free speech, and Congress would shut these spammers down ASAP. But I am too hopeful, Congress is a complete fraud, designed to suck up to Israel and big mega corporations, and therefore Congress continues to do nothing about this exceedingly annoying problem...
Boy that was therapeutic, I feel much better now...
--Richard
I have started using a-s-k to block spam, and have been pretty happy with it. Have not received spam in weeks.
http://sourceforge.net/projects/a-s-k/
http://www.paganini.net/ask
It helps if you run your own mail server, I do.
Three months ago I changed my email address. I told all my friends and created a new email address for them. Then, for every site I registered with, I used a slightly different address. I created a few generic addresses as well, for online shopping or one-time stuff.
So far, only places I actually visited have sent me spam, but now it's easy enough to cut them off.
And the mail is not annoying, I don't mind getting a buy.com sale email, because I buy from them.
It's a simple solution, and it works well.
Far fetched? Maybe.
Fight Spammers!
As the number of email addresses grow, so does the spammer's lists. Also, it doesn't take any more effort for them to click and send 4 million spams as it does for them to send 40 million. It's still just one click to a harvested list, and they never have to see or pay for the damage and headaches they cause.
The problem is no one in power wants to admit that spam is getting to critical mass. Right now we're in an arms race as better blocking methods come up and better ways to run around those blocks are formed. The only sure way not to get spammed right now is to try to keep your email address private, but even that's failing as spambots get smarter about guessing valid addresses and databases of valid addresses get built. I even get spammed occassionally at work, and I've NEVER released that address to anyone.
Until someone (read major corporation) comes up and says "Hey, this is a problem that's costing us money" the situation is just going to get worse. The spamming situation is reaching a point where it cannot be controlled without intervention via legislation. I'm not a big fan of governement control, but this is the sort of thing that should be looked at heavily...not whether Billy downloaded a copy of Britney Spear's latest single.
Electronic Frontier Foundation for online civil rights information
Lets face it, its time to get rid of SMTP. A spam-free protocol shouldn't be too hard to design (maybe someone already did?).
And this goes beyond just making rules or blocking all spam - after all, I do want to know about the $120 round trip ticket offers for Myrtle Beach or the discounted digicam at ThinkGeek.
The AI can work the same way Tivo does in being sensitive to the kind of email you prefer to get and maybe even smart enough to unsubscribe you from lists that you don't want to belong to or to reply to emails in your place.
Give it a voice recognition program and it can be your phone receptionist, too.
Counter Spam Measure: Negative Feedback.
Imagine if all or some very large contingent of email clients allowed you to
"retaliate" against spam messages. Highlight message, select "negative feedback"
option, a daemon is spun that traces back as far as possible the route of the
message and barrages it some fashion. By pings maybe? By directed replies? Imagine
it does this in some scheduled fashion so as to minimize the impact on your local
network. As 1 million disparate sources converge upon the last traceable source of
the route of the offending spammer, some network somewhere will start to feel the
load. Like the spokes of a wheel converging on the hub, the retaliation traffic will
thicken as it closes in on the source. The pain increases. ISPs inundated by
individuals expressing their right to freedom of speech, will feel suddenly inclined
to exercise their right to refuse service to someone.
The "negative feedback" could be dosed in a coordinated fashion if there were some
P2P means of establishing how many individuals had received a particular spam. If a
spammer hits only a hundred people, the dose of retaliatory traffic would have to be
increased to be felt. If the spam hit a million, it would require only a modest
retaliation to utterly swamp the source.
Just thinking out loud. Could this be made to work? No one's free speech is
curtailed, spam is dealt a serious blow.
fight fire with fire.
If the RIAA succeeds in shutting down Internet broadcasting by charging outrageous licensing fees, we will at least have plenty of spam to take its place.
Spamradio
My sister was wondering why I never replied to her emails that she's been sending for the last few months. I never saw them. I have blocks for all Yahoo, AOL, Earthlink, & MSN addresses, as well as others.
:^)
So I unblocked yahoo, and have received a message from her so I know the 'unblock' is working. I also received 5 spams, 3 within the first hour, so I have also verified that the block was working well too.
Now I just have to redo the block, letting hers through.
Or maybe follow the advice others have said, forward all the spam to my congress-critters. Can't stand most of them anyway, so it should be fun.
As the anti-spam vigilantes have become more shrill, more dogmatic, more draconian, and have moved into causing "collateral damage" to sites whose only crime is being neighbors of a spam sewer, the spam continues to increase.
I submit that DNSBL and public blacklists are a failure. They have not done anything substantial to stem the tide of junk email, as this article shows.
In fact, from what I can tell, the spammers use the various DNSBL, especially the ones that list open relays, in order to locate their next set of victim relays. They could not care less that a relative handful of fanatics who use the DNSBL as intended will not be seeing their message. In fact, they are probably happy to ensure that their message will not be seen by those who are most likely to report them and try to get their activities shut down.
Edith Keeler Must Die
All you did was increase your spam. Years ago I started getting some spam and I replied with remove emails. Guess what. Then I got lots of spam. Now when I get spam I just hit d and forget it. Guess what now. I hardly get any spam at all.
This reminds me of a quote from the recent article regarding Simpsons math references:
ian.
ian
That's not a lot, by a friggin longshot. I know Taco is in a unique situation, where people would put him on a list for paybacks or vendettas or whatever form of agression they are taking for not having their story accepted. Me, in a position where I really, really try to keep spam out of my inbox by only giving it to places I deem worthy, and removing myself from lists where I believe that will do me any good, I still get about 15 a day. Filtering out 90% helps, which might make it to 1400 spams a year that reach my inbox. But whoever is doing this study must really know how to repevent the uncolicited crap away If 4 a day is too much for them to handle.
Th
Well, it's fun seeing the "yum, this spam is fresh" message either way.
Read my sig if you like, but I'll never see yours, thanks to Discussions, Viewing, Disable sigs...
Taco, you get that spam because people put in your email address when signing up for things where the email address is unimportant. Also, putting in your email address for lots of gay porn will get you lots of spam
The $1/spam is the average cost of the spam due to costs for analyzing and following up on customer complaints - that costs money in the form of having to employ people for the sole purpose of fighting spam.
Leveling up builds character.
No. No. No. What I mean is many contituents, each sending their 200 spams a day to their congressperson. Ie. Do select all text, reply, change the reply address to the congressperson's address (instead of the spammers), add a note at the top saying, "Here is another spam that I got. Please pass a law outlawing spamm."
Fight Spammers!
It's a joke people...and it is on topic....
Lighten up
It's perfect for registering online or leaving a temporary contact address. I've used it almost exclusively for one of my accounts, and I get virtually no spam on that account. It's a lifesaver.
I can highly, HIGHLY recommend that you sign up with them. You'll thank me later.
Mr. Ska
Back when e-mail was invented, say, in 1623 (I'm too lazy to do actual research), people used it as a basis of instant communication between two or more parties.
(Some people used it as a basis of communication between only one party; however, these people were usually either the types who needed to write themselves little sticky notes, or they had disassociative identity disorder.)
Considering how small the 'Internet' was back during the days of the first e-mail (I use quotes because, again, I've not done my research; and I'm uncertain whether e-mail or the 'net itself came first), e-mail was developed with a very open set of rules:
I create a server.
I set up a few accounts.
I open a port to allow for e-mails to be sent to me.
People connect to my computer, write me a message, and then magically disappear.
In time, relaying was invented, and was implemented such that the existing mail servers could be used as relay points -- I send an e-mail from my computer, it gets bounced around until it reaches its recipient.
Thus, the entire idea of e-mail.
I hate to say it, but... This world of e-mail is greatly polluted. I'm not talking about Gulf of Mexico polluted -- this is pre-1972 Lake Erie polluted.
So... Why not re-invent the wheel? We've been so concerned with building filtering applications, and layers upon layers over the basic SNMP protocol that we've forgotten that no matter how many bridges we build, we're still going to be able to look down and see the same polluted water.
With this in mind, I call for a new type of e-mail service to be offered by various providers. One that explicitly denies old protocol e-mails. Something akin to Internet2, but for the public masses. Built-in encryption, a prerequisite (as well as several mechanisms) to determine that not only is the sender valid, but the router its sent from is uncompromised.
While this won't solve all the problems associated with spam, it'll certainly alleviate them. With a protocol designed from the ground up to disallow things such as anonymous e-mails or misrepresented e-mail addresses; as well as several other measures which would make for not only for a secure, but unpolluted e-mail atmosphere, we can abandon the current system which has become so polluted with the waste, filth, and garbage known as 'spam'.
Thank you.
Fight Spammers!
Here's a good starting point for cutting down on your spam: Add "offers" and "deals" to whatever you use for e-mail filtering (in the client, procmail, etc.). Doing this eliminated 90% of the spam I get, and considering I get around 10-15 spam messages per hour in just one of my e-mail accounts, that's not a bad start.
Mozilla's a nice operating system, but it needs a better browser.
With one company in particular (name withheld to prevent slander suit) I signed up to receive regular email "newsletters" from them but canceled my subscription over a year ago. Then recently they started sending me the newsletters again. I went to the website but I can't log in because my account no longer exists. I even tried entering my email address (the one they are sending the newsletters to) on the "forgot you password" page but it says that there is no account for that email address. I've also sent an email to tech support explaining the problem but haven't gotten a response.
So is there any chance that future anti-spam laws might protect me from buggy mailing list software and poor tech support?
Thought not.
There's more factors than just what you do with your email address however. I've noticed (as I'm sure many others have) that Microsoft's Hotmail is notoriously bad for spam. If I didn't know better, I'd say Microsoft distributes their hotmail account names to anyone who comes knocking.
Anyway, I rarely use Hotmail for normal email since the spam rate is so high, but there is an advantage to keeping at least two email accounts -- one for spam-risk accounts (when a company requires your email to download anything) and one personal account that you only give out to your closest and most trusted friends with a repy-to address that's garbled (e.g. meya_temmyadiul.@ysathoo.com => my_email@yahoo.com with 'eatmydust' interlaced). It would probably be sufficent to simply garble the domain (e.g. my_email@hooyay.omcay => yahoo.com, pig-latin style)
...and that's the way the cookie crumbles.
Here's a hint. Don't give spammers your e-mail address in the first place.
Don't give it to shady businesses or websites, don't give it to amateur websites run by people you don't know, don't give it to small or medium sized businesses, don't give it to well known or big online or meat-space companies that have a reputation of being irresponsible in such matters, and don't give it to anyone whose privacy/non-use clauses don't look sincere or aren't backed by anyone you know.
And munge your e-mail address when used on Usenet.
That's it. I haven't gotten ONE SINGLE piece of spam in 4 years. I give my e-mail address to my friends and co-workers, the only people in the world who need it. It's on my website which is hosted from my ADSL line on dyndns.org, and it's never been reaped. It's in my profile at some online-groups and semi-private blog places (my CS clan's web-forum for example), and they've never been reaped.
An ounce of prevention is worth a pound of cure!
All that we need is a honest to goodness education campaign by the ISPs to clue in their lusers.
It does exactly what you are talking about, only you dont need to run your own mail server. They forward to your real address. You can set each alias to allow all, deny all, allow all except specifically blocked (per sender), or block all except specifically allowed (per sender).
So basically I have a slashdot alias, but slashdot@slashdot.org is the only person who can send mail to that alias ;-) All the other emails are put into a "mail-dam" that I periodically check for anything of real value. You can also set it to instantly trash mail from senders you dont allow.
I run ORDB on my mail server as well, and I will soon be blocking all of APNIC, I go several days now with no spam while receiving tons of legitimate email.
On the off chance I get a spam, I immediately report it to spamcop.net
You need to attack spam on many many levels for it to be effective ;-)
Our company uses Big Fish to filter for SPAM and viruses. I get about 80% less SPAM than I did before the service.
The cool thing was, it was really easy for us to setup, we just had to switch our MX record to them. Our mail hits them, they filter it, then deliver it to our mail server.
Check them out!
No way this will ever happen! Ever hear of junk mail (not spam email, real paper junk mail)? Has it become unviable? No. As a matter of fact, it is the most effective form of advertising. As more and more people worldwide use email, targeted spam will become as effective as the direct mail is now.
The spam is green. It is still in its infancy as a marketing medium.
Curb CO2 emissions: Kill yourself today!
Yahoo! and Hotmail both send your spam to a Junk Mail folder (or Bulk Mail) where you can browse it periodically and select from it those addresses you don't want blocked.
I recently ran into this problem of missing wanted email because of my whitelist. I didn't expect it, and when I was questioned about it, sure enough the message was in the to-be-deleted-if-you-don't-rescue-it bin.
Unless you were purposely testing to see if your spam-block worked, you didn't have to shut it off to find your sister's letter.
Just an FYI.
spam spam eggs and spam
...and that's the way the cookie crumbles.
My modest proposal is that we have to make it legal for people and service providers to charge spammers for the traffic they create.
If you can make a profit in hunting down spammers, i bet a lot of people would jump at the chance.
A federal spamm license requiring spammer to register, etc, pay huge taxes to the government, complete with cute little orange tag for the ear.
and allowing people to charge them for the hassle. did I mention tthat yet?
people would get rich off this, hunting down illegal spammers, collecting fees for ISPs, etc.
"It is a greater offense to steal men's labor, than their clothes"
getting burnt, themself, on the same thing.
when my ISP decided to block ALL inbound mail coming from Asia. the spam dropped from 30 a day to FOUR. then under pressure they opened back up and now I am getting 50+ !! :) after all thats what friends do for each other.
*sigh* I hate spammers with a passion. A good friend decided to start spamming from his computer to promote his new business, so I Dos attacked him until he stopped
if you want "No More Hiroshimas" then I say "You First. No More Pearl Harbors."
Spamassassin is great! I've never had large problems with spam (4-5 per week at most), but using Spamassassin, Vipul's Razor and reporting everything to both Razor and SpamCop has drastically reduced the amount of spam I recieve. I still keep a copy of every spam I recieve for statistical purposes (and a highscore list with Spamassassin :-) ), and so far everything has been fully automated using procmail rules and spamassassin.
So far, my spamassassin high score is 25,2 -- and 5 is enough to trigger the spam filters.
Leveling up builds character.
Obviously an automated email verification system won't understand the whitelist notice message and the whole thing will fail miserably.
So you decide to create an address that doesnt block non-whitelisted emails and now that address is vulnerable to spam.
By the way, spamassassin is really really good. . .If you get a chance, try spamassassin.
Thanks for this unsolicited testimonial. Or should I say unsolicited unsolicited testimonial.
Takahashi Rumiko made beats! DON, taku, DON, taku. . .
this is not of topic you mod'ing troll.
gimme a zero but never a neg 1 dork.
just because you cannot use proper english.
Well, let's say your moral compass has been permanently derailed and you are planning to enter the "spamming industry." You can buy CDs with e-mail lists for cheap (I believe it's something in the order of 1 million names for $100). You also would use a program to find open relays and exploit them (why run your own mail server when you can hijack someone else's for less dough). Then you forge your e-mail headers (after all, you don't want to deal with messy details like bouncing e-mails and angry recipients).
Now say you send out a million spam e-mails. Your cost is $100 or so (the cost of the list) and whatever you're using for your Internet connection. That's less than a penny per person. If one hundredth of one percent of those names were to send $5 each, you'd take in $500, or about $400 profit. And that's just from one mailing. You'd ignore any "remove me off this #&*#&@ list" e-mails (actually, with the forged headers you wouldn't see them) and send another round hoping to lure in more suckers.
Now these aren't hard and fast numbers, but you can see how some people are lured into the "easy money." Of course, breaking into people's homes and taking valuables is "easy money" also, but spammers somehow convince themselves that they have a constitutional right to misuse other people's bandwidth and time for their own personal gain.
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
All the SPAM'ers cite freedom of speech. Well, I wanna know what the hell happened to your rights ending where mine begin?
The problem of SPAM on fax machines back in the 80's, due to the fact that paper/toner/etc. cost $$ as well as tying up a business' fax line prompted a law that bans SPAMing fax machines. It was the use of resources and stopping of business that got this law passed.
Well, bandwidth is a resource, and if a major ISP's mail service is unusable for a good chunk of time, that's a stopping of business.
I pay for my bandwidth to run my own server. Using my resources (bandwidth), for a purpose I don't approve of, should be considered theft. It might be different for a dialup user (the end user doesn't pay for bandwidth, they pay a monthly fee for access, the ISP pays for the bandwidth, usually).
I'm so incredibly sick of SPAM! Oh, and by all means, I don't want to limit SPAM to commercial mail. I think any email that is soliciting, be it a campaign contribution, a donation to the kidney fund, or religion oriented ("come join us in fellowship", blah) should be considered SPAM as well.
Although, having said all that, I think that legislation is only part of the problem. I think what we need is a modification to the SMTP protocol itself that makes it easy and lightweight to identify and handle these types of email, and legislation enforcing this.
Something like identifying the message as spam immediately after the HELO or RCPT TO, or perhaps even requiring spam to use another port!
But even that's not enough because you know those direct marketing jackasses will still send it without the proper identifiers.
I'm real close to setting up a system where you have to give me your email address and I have to approve you to send me email or I'll never see it. (with a seperate dump account for registrations for web boards, etc.)
In Texas, I believe it is legal to shoot spammers at night.
From the article:
Ebay? A victim of spam? It is to laugh.
This is just one example of the marketing spew Ebay sends to former customers and innocent bystanders... even after you beg them to stop.
Just hit Google Groups for "ebay spam" and sort by relevance. You'll find all the examples you need. Either hundreds of independent observers are forging spam that came right from Ebay's servers, or Ebay is one of the biggest spammers of all.
Which story do you believe?
Is it possible to file a bug against an RFC? If so, I'm going to post to bugtraq about RFC 2821.
Spam is a problem for users. But the problem that users have pales in comparison to the problem that ISPs and other providers have.
Most of the available solutions are catch-up solutions, which, like virus detection software, always arrives too late and is easily defeated (and in any case not the best way to solve the problem).
Anyhoo, why is spam the ultimate DoS? Very simple. Spammer sends 50,000+ emails to 50,000+ addresses using a forged "From: fooXK343@forgedfrom.tld" header. 49,987 of the spam emails bounce, and where to they go? You guessed it, right to fooXK343@forgedfrom.tld. fooXK343@forgedfrom.tld doesn't exist, of course, so the messages get double-bounced to postmaster@forgedfrom.tld.
What can postmaster@forgedfrom.tld do? Very little.
Can he block the incoming connections? No, they are coming from 49,987 different sources, most of which are valid functioning SMTP servers.
Can he contact the admin of the machine or relay where the spam is coming from? Sure, if he magically has 37 hours in his day. But, the relay server is most likely a rooted machine on the other side of the world. Good luck there. Or, the machine belongs to one of the 15 largest ISPs on the planet, in which case he will have to jump through 7 different hoops to talk to the person that can fix the problem. And even if he does get through to that person and the offending dialup account is shut down, the spammer usually has 15 more compromised accounts to choose from and is active on the same ISP within days. Would the large ISP share information so postmaster@forgedfrom.tld can track down the spammer? Doubt it.
Can't postmaster@forgedfrom.tld just send all incoming messages to fooXK343@forgedfrom.tld to the bitbucket? Sure. Will that save his bandwidth and prevent the DoS? Nope.
That's why Spam is the Ultimate DoS. A bug should be filed against RFC 2821. The implications of this type of DoS becoming widespread are serious.
I think SPAM could be limited if our government dedicated more resources to white collar crime and fraud than to other pursuits like the war on drugs.
Most of what passes for SPAM in my mailbox is either prima facie fraudulent products (penis enlargers) and offers (stock "tips") or setups to fraudulent web sites for porn or related items.
If people who did these scams were actually investigated and ultimately jailed with great frequency we would have fewer SPAM messages. They have to be invetigatable because there has to be a way for them to get money from your pocket to theirs.
Also, I think that there'd have to be few convictions. Merely having the FBI/SEC/ATF show up and start doing a serious investigation is enough to scare a lot of people into other lines of fraud.
This wouldn't do anything for offshore scammers, but I have a feeling that the offshore places are going to have to get their shit together or they will start finding lots of the 1st world net blackholed to all of their data.
Does anybody know of any document that describes how the spammers send all their emails and what techniqs they use for spoofing sender adresses etc...
NO, I'm not going to start sending spam.. I just want to learn a little bit more about how the abuse the fine SMTP system..
Evolution of Language Through The Ages: 6000 BC : ungh, grrf, booga 2000 AD : grep, awk, sed
The way to make spam less profitable is to completely ignore it when you get it. What I'm surprised by is that people still actually reply to it. (BTW I don't mean reply as in write back I mean reply as in respond to - ie go to the website or buy the product). Has anyone here ever bought something because of spam - or *cue pantomime boo* ever spammed themselves? (Goes before he starts sounding like Kilroy which for non-UK readers is a daytime talk show).
Video Game cheats, hints a
one possible contributor to the explosion in spam - dying dotcoms looking for a some quick cash in the dying days, selling email addresses, etc. of clients and downloaders. The explosion seems to be timed closely with the dotcom crash. Thoughts?
So, I got to say, I really, really, really hate this auto-reporting
white-list challenging crap. It's goddamned rude to your absolutely
legitimate correspondents.
The problem is that any auto-reply or challenge makes me jump through
some kind of hoop just because *your* spam filters are not smart
enough to tell the difference between my worthwhile mail and some
UCE. Admittedly, the kind of language recognition that would be able
decisively and without fail to detect spam is astronomically hard. But
that still doesn't make it right for *me* to have to pay the price for
their failure or indecision.
It's asinine of you to put the time cost that your spam incurs into
*my* ledger. I have my own damn spam to deal with, and I don't want to
have to pay the price in time and effort for dealing with _your_ spam,
too. *I* didn't write your crummy bubble-headed coarse-grained
filters, did I?
It'd be much, much better for you just to flag suspicious messages and
put them in a slops bucket folder that gets checked and cleared out
once a week. Sure, it's 30 seconds extra work for you to scan the
folder, find my diamond, and whitelist me, but at least *you* are the
one making the effort to keep your own damn inbox free of spam.
Spammers are Bad because they abuse the time, attention, and digital
resources of others without permission. Everyone who sends out "My
filter thinks you're spam so jump through this hoop" messages, are
doing the same damn thing. They are a tinhorn Sanford Wallaces of the
21st Century.
I'm sick of doing the spam-fighting work for lazy bastardos who
consider themselves quite smart for sending out autoreplies. Get over
yourselves! You're not that goddamned important.
~Mr. Bad
P.S. I apologize to anyone who's already seen this rant in one form or
the other. I've sent it out like 6 times this week. Half the time I
get back messages that completely miss the point, saying, "But spam is
really bad!" No shit, sherlock@holmes.com. So is being a rude asshole
to everyone who's writing email to you.
Every time a discussion starts on spam, I see the same two "solutions" to the problem; some sort of vague legal solution (which would be as effective as legislating the weather), or finding technical solutions to make spamming more difficult (which would be, at best, an ongoing and expensive process). I have two rather different suggestions (though one could be viewed as a technical solution).
First solution: Public humiliation. Instead of chasing down the spammers, chase down the bozos who make spamming profitable. If every chowderhead who actually responds to spam (or, for that matter, telemarketers and unsolicited snail-mail) were to be publicly spanked (metaphorically, of course), then maybe spam-related sales would drop enough to slow down this growth. Imagine seeing a a sign on someone's lawn that said,
...and while this might not be as much fun as taking such people out behind the building and beating the crap out of them, it might still make a difference. So long as spammers actually make money from such twits, there will be spam.Plan B is a variation of an old suggestion; charge for e-mail, kind-of. Right now, I have a few-hundred entries of blocked senders, along with the "Spaminator(TM)" service provided by my ISP, and I still get a dozen pieces of spam a day. What if that were turned around? What if I provided my ISP with a list of friends/family addresses, and maybe a few "trusted" sites (like school and/or work) that I would accept mail from without question. Anyone else either coughs up a small charge (perhaps at weighted rates, if there was a way to keep that from being abused) to send me an e-mail or have the e-mail bounced as undeliverable. Online businesses that have legitimate cause to send me e-mail could roll the cost of such e-mail into whatever they charge me (while encouraging me to add them to my "accept" list to reduce future costs) and spammers would see their profit margin disappear.
"I'm a scientist! I don't think, I observe!" - Dr. Clayton Forrester
b) It's clear that a technological filtering solution is probably not the ideal way to go because ultimately, any filtering scheme doesn't address the issue that the SPAM is out there and it's still flooding our networks, regardless if you detect it as a SPAM or not.
The only conclusion is that we really need to fix the problem at it's source. Change the SMTP protocol to include a handshaking/whitelisting layer. Is there a reason why the big mail server makers and mail client makers couldn't get together and work on an extention of the protocol that would make the protocol secure?
To me, this is a no brainer and it's probably the only way to go at this point.
The only way to stop spam is to require that every country in the world that wants to participate on the global 'net has to sign a no-spam treaty. Hell, after all spam I've recieved I'd say that we send all those bloody spammers to china for public execution!
Are the US legislators really so bloody stupid that they actually BELIEVE anyone wants spam? Speak about an IQ lower than your show-size (even if you measure in inches). Apparently they have themselves never been anywhere near a computer connected to the 'net, and is therefore automatically disqualified from even participating in a discussion about this kind of terrorism!
The funny thing is that the whois on the domain was recently modified. I did do some tracking to them and it pointed to somewhere in S. Korea.
Anyway, the problem is to try to enforce "Colorado State Law" in South Korea. Not possible.
There has to be an enforceable international law to make any difference. Otherwise it's useless.
No other country can enforce their own laws anywhere else. (Unless they are Human Rights Laws)
But they can enforce trade agreements, possibly where both benefit.
One of the worst offenders I've found of what one might call "arguably legitimate" spam are those websites calling themselves "fun pages" or "joke pages". All you need is a someone with a big email list and good intentions when they click on the "Send this to your friends" button.
The email you receive does indeed have a link to a page that you may or may not find humorous, but it also automatically signs you up to receive a constant stream of emails from that site and possibly other affiliates.
Most of the time you have the option to unsubscribe with a link, but where's the option to not subscribe in the first place?? (I know, I know...don't click on the link!) Currently I have one of those stupid spams arriving every day and have requested to unsubscribe multiple times, but it never works.
These sites seem to be trying very hard to avoid being labeled as spammers by playing off the gullibility of people who frequent the pages, find something humorous and want to share with their friends and family.
It gets even stickier when the mail sent from that site arrives in your whitelist-protected mailbox because it was sent on your friend's behalf.
grrrrr...must kill fun pages
...and that's the way the cookie crumbles.
Read it again. You will see he says 1400 a year is what the article states, but that he himself gets 1400 a week. Not a day. Where'd that come from?
I'll bet you'd like to suck my hairy balls. I'll give you a plus 5 if you get all the smegma off them. Can't you see that I love you, you fucking son of a bitch cutie?
I wish I could find the email that a friend of mine at my ISP sent me a while back (irony at its best).
Basically he has some software that parses emails and assigns it a 'spam value'. That is, it searches for various patterns, and cumulatively adds up the 'weights' for each pattern that matches. Because there are common threads throughout spam, and because a typical spam contains many identifiable factors, this software makes it possible to filter on patterns that you don't want to just filter outright (eg. HTML emails, or mail that contains porn-related swear words).
Can anyone remember the name of this software? I'm not familiar enough with unix administration to remember exactly what it's called or the gory implementation details.
Using our regexp recipes, regexp sender blacklists, and Vipul's Razor, we block 95% of spam. We get about 220 spam per day, which is not bad at all considering we have 2000 email accounts.
I hope to make my software (SpamJammer) and its web interface available under the GPL or LGPL soon.
I have found spam is mostly predictable and can be blocked with little effort. It is more of a problem for the average home user who has not the expertise to install a full fledge mail filtering system between their pop3 provider and Outlook Express.
I would like to create a cheap mail service for people to be able to receive spam free mail and guaranteed porn free mail for a 'kids' account. If someone has servers and bandwidth, I have technical expertise to make it happen if we can establish some kind of partnership. You can email me below.
Fox
lds0062@cdc.net
These guys set up a fun little system: incoming spam is stripped down to plain text, fed into a text-to-speech program, and then set to music. They broadcast 24 hours a day, and I've got to say that it becomes kind of hynotic...
I think it also has great business potential; spammers could use the stream as the hold music for their phone systems -- when people call up to complain about having been added to a "permission based" list without doing anything, they have to listen to spam while they wait.
Just a joke... =)
* * *
It is a dada story -- it has no moral.
I dont know if this is true or not. When I get some spam email at the bottom is has a button that says something like "click to remove". It takes you to a webpage to enter your email address and click a REMOVE button. I heard a rumor that if you do that your email address gets sold and/or forwarded to other spammers. I guess what I'm trying to say is should one just ignore these spam emails or is it safe to keep doing the "click to remove" thing??
I can tell what I did - and it's not a half hour job :-( But what else to do?
.o)
I put every reliably looking blackhole list into my config (only hesitated with the one, which even keeps yahoo out - for now - they are learning IMO). The lists which are availabe (through zone-transfers or as files) even get loaded into our nameserver, so that we are not depending on their server to be up and reachable day and night. relays.osirusoft.com for example is checked on an hourly base for new files. Believe it or not, the named-process is using 130 MB memory for the blackhole lists.
Then I set up a good visible, established email-address (you know with posting to lists etc) to bypass the blocking rules.
And every spam-sender (of course only the last hop is reliable) who comes through is entered into our private block lists (if it's not yet in the other RBLs).
Results?
Per month about 50 spams are received by this single email-address and 5 new senders added. So ten percent come through - the first time.
By 2006 I assume the whole uu.net block will be in it.
I've only had Spamassassin going a couple weeks, but I've been very pleased so far.
My e-mail address is 7 years old, so I must be on nearly every spam list in existence. Without filters I'd get at least 10 spam messages a day. Spamassassin tags over 90% of it.
The only false-positives so far have been stupid auto notification crap from a final four pool website. It's not as if I really missed those anyway.
It would be nice to have two-level selection, so that e-mails that score over 10 (for example) get automatically deleted. E-mail that scores over 5 merely gets a warning attached.
Maybe I'll have a look at the code this weekend... It's not as if I have a date. :-)
You will be given the choice as to whether you want reply's to have ads in them or not. How you use your 1000 emails is up to you!
Good idea, huh?
You know what?
The Campaign for Real Mail is working on a solution to the spam problem based on HashCash and PGP. Once the technique is perfected, the idea is to build the utilities to make it ubiquitous. Details can be found at http://www.camram.org/.
So stop whinging about spam and start stopping it.
Yours truly,
Mr. X
...spiced ham...
My experience is it, that this reply buttons are good for nothing. You read "enjoy eternal life" or the like and receive new spam from the same sender within a day.
.o)
After 10 times eternal life I had enough good karma accumulated for this life and gave up.
I was young and stupid, and years ago I used my real, work address on Usenet. I answered a lot of newbie questions, so I wanted to make it easier for them to reply. Back then, I got 2 or 3 pieces of SPAM an hour, so didn't seem to cause much damage.
Now I get that in an hour. I got a big spike when Google brought back old posts. We have Netscape Messenger Service as our mail server. I usually use IMAP, though there is a web interface I sometimes am stuck with. Is there a way of filtering this account? Supposedly you can do server based filters in some clients, but our NMS doesn't seem to support this. I'm on a W2K box, so i'm not sure if fetchmail is an option.
Setup a Linux/BSD box running Sendmail/Qmail on a connection with a static ip. Block ALL of .co.kr, all of co.* *.co.*, and all of yahoo, all of hotmail, and all domains that are mail.com, mail.ru, *mail*. And all of China.
:)
2nd Setup a procmail filter that will allow ONLY the poeple/domains in which you want to allow. And require others to enter a keyword, or password in the subject in order for them to send you mail. Make an autoreplay that says "Enter your assigned password in the subject line". Make the Procmail filter accept the mail if it has "Re:" in the subject, so you can send to who you want.
--------------------------
Is this a sig?
--------------------------
Fight Spammers!
The short answer - NO. Don't use them. If you recieve mail you're sure you didn't opt in to, you can't trust their remove link, so don't even try. Go to SpamCop and report the crap. The best way to remove yourself from a spam list is to shut the fsckers down.
Cheers,
Backov
In the law there is no overlap between theft and copyright infringement whatsoever.
1. Never sign up for a pr0n site.
2. Do not post your primary address to a public forum.
3. Don't piss people off.
If you are getting 40 spams a day, you are doing something stupid.
Conformity is the jailer of freedom and enemy of growth. -JFK
I think it would be interesting to start a standard whereby ISP spam filters and client filters work together. They could do this by having the ISP spam filter to add message headers that indicate the progress it has made. The client filter could then continue taking advantage of the work accomplished by the ISP filter.
I am convinced there is a technological solution to spam. If we are ever able to do even the most basic tasks with artificial intelligence, we ought to be able to use AI to filter spam. Imagine, AI that is advanced to the point that a chess playing computer can beat the world champion human player, yet AI can't yet effectively filter spam. (!) Using AI to filter spam can't be rocket science. Every spam message asks you to do something. It shouldn't be hard to distinguish between "use your credit card to order" and "Aunt Sarah will be visiting next week".
By my calculations I currently get over 3000 spams in a year. Thank goodness I have filters to block some of this and earthlinks spaminator.... I think every ISP/mail service should have a spaminator...
Only 'flamers' flame!
This is half the reason why mlknowle's reason #2 (above) is irrelevant. The revenue that comes from spamvertising your product or service is already pretty close to zero - what matters is the revenue that comes from selling spamming services to idiots. There is a never-ending supply of people who want to believe that they can get rich quick, and spam service providers tell these people exactly what they want to hear.
The other half of the reason mlknowle's point #2 is irrelevant is that sending spam is cheap. If it takes one hour to send three bigillion messages and it costs $20 for a throwaway dialup account, and your scam costs victims $5 to participate, you only need six returns to make $10 per hour at it. Response percentages might drop, but the number of messages sent will probably increase just as quickly, if not more quickly.
This is not a problem that will take care of itself. There's too much positive feedback going on. Blacklists are RBLs help, but they're just a band-aid measure, the spammers are undeterred. The spam problem will be solved only via significant negative feedback, in the form of civil suits or (ideally) public beheadings.
Build stuff. Stuff that walks, stuff that rolls, whatever.
Yep thats right, I get an average of 60 spam messages a day. So I think their estimates are aright on if not a little low.
Sick of stupidity? http://www.patentlystupid.com
Active Spam Killer
"Active Spam Killer (ASK) protects your email account against spam by confirming the sender's email address before actual delivery takes place. The confirmation happens by means of a "confirmation message" that is automatically sent to all "unknown" users. Once the sender replies to that message (a simple reply will do), future emails from that person will be delivered immediately. You can also specify (regexp) addresses to be immediately accepted, rejected (with a nastygram) or ignored. The package also includes a utility to scan your old mailboxes and generate a list of emails to be accepted automatically."
This should cut down your spam down to zero.
Phillip.
I own a lot of domains and when if you use contact information such as you personal email address for a domain contact you will suddenly see a large increase in spam due to harvesters of whois information.
Also if you have you domain hosted with a company that allows you email forwarding, DO NOT set up a star records (*) forwarding rule as many spammers bank on the fact that people use these and I see tons of mail daily to 12341..Etc..@whatever.com If you set up star forwarding rules you will get a lot more..
One way I have managed to figure out who is selling information (and have complained about it) is to set up email forwarding rules when doing things like site registrations etc.. with the company name I am registering for @mydomain and then it is easy to spot who is selling your info, and it is easy to turn off as well.
- tired email admin.. sick of spam..
anime+manga together at last.. in real time.
I think we're going about this all wrong, why should industry the military and government care that much about SPAM if it isn't a problem for them too?
Maybe we should be sharing the spam with those who have the power to stop it, or those who's voices will be heard.
We should be putting these people's email address on lists which constantly send offers for penis enlargement. So much so that it interferes with thier work and they start asking for people's heads.
"Communism is like having one [local] phone company " - Lenny Bruce
If they think it's OK to abuse a resource, they must think it's OK to get abused as well, right?
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
Just curious...but when did the first ever email SPAM occur? I typically receive about 20 per day on my main account. My hotmail and yahoo accounts are overrun with SPAM.
Not much we can do about it Iguess, but we can try.
Bob
Then setting procmail to put stuff without an explicit To: line with my e-mail on it into a separate mailbox gets most of what gets by Razor, although that box needs to be checked occassionally, since there are legitimate e-mails that end up there. The other stuff is easy to report to Razor through a key assignment in mutt.
If enough people are using Razor, especially with honey-pot type mailboxes feeding reports directly to it, it should only get better.
___
"with their freedom lost all virtue lose" - Milton
It's easy, but you need to have the ability to create an arbitrary number of email addresses. If you manage your own domain, or at least have the ability to create and destroy email addresses in your domain, you can virtually eliminate spam.
Here's my recipe. I have no worries explaining this in public, because there's nothing the spammers can do to get around it. For every Internet service you use, every mailing list you subscribe to, every online retailer you buy from, you create a unique email address (for example, my PayPal email address is "paypal@mydomain.com"). In essence, you have a different "email channel" for every source which might potentially be used to send you email. As soon as you receive a single spam on any email address, you delete it. You'll never get spam for that address again, and if you really want you can create a new one for whatever site it was used for (e.g. if you get spammed on "paypal@mydomain.com" you can create a "paypal2@mydomain.com" and change your email address with PayPal; or you can just stop using PayPal). Simple so far.
Where it gets trickier is your more "permanent" email addresses, but the problem is solvable. I have a main email address I've used for 10 years, and of course spammers have gotten a hold of that address many times over. I don't want to destroy that address, since all my friends and colleagues know it and expect it to exist. Notifying them all each time I cancelled it would become quite burdensome for all of us. To deal with this, I have created a tool which is executed by procmail that checks each incoming message to my permanent address to ensure that the sender is valid. I have a fairly small list of known valid senders which are allowed to send me email, and those go right through to my mailbox. Not only does the tool check the sender, but it optionally checks the "Received" header in the mail to ensure it's coming from the expected mail server (in case a spammer tries to pose as someone on my OK list - paranoid, true, but I like paranoia).
This solves all problems except one - how do people I don't expect to send mail to me actually reach me? My tool also has a "disallow" list of mail servers, and any mail originating from one of those servers will be tossed in the trash. Mail from an unexpected sender whose server is not in the disallow list will get a response from my procmail tool with a special subject line in it. They are instructed to reply, and my mail tool will then accept their message on a one-time basis after scanning the subject line for the secret magic key. If I like the person, I'll add them to my "allowed" list so they never have to go through the two-step process again.
What if a spammer figures out my scheme and makes a spam tool that auto-replies, you ask? For that to work, he would have had to use a real return address, which they never do. But if he did, I would then know who he was and be able to block further mail and pursue him, if desired. So far that's never happened. Even if it started to happen frequently, I have plans for an upgrade to my tool which would randomly vary the required method of reply in a way that was impossible to perform programmatically. No need for this so far.
I realize that most of this can be done with procmail alone, but there are some aspects of it that are ugly or impossible to do with just procmail. It's integrated with sendmail to a small extent, as well, which requires a separate tool as well (future extensions for other mailers should be fairly easy).
Maybe when this is all finished I'll make it publically available. Would anyone out there find it useful?
1400 a week? You gotta be pretty fucking lazy to be getting that much. In this day and age you should have either a separate spam account at hotmail, or you should learn how mail filters work! I used to get about 200 a day, then I unsubscribed to a whole bunch and turn on some filters and BLAM! Down to 5 mails a day.
My solution: All email from amazon.com is automatically deleted.
Microsoft started sending me some newsletter I never requested about five years ago. The newsletter states that I can stop the mailings by visiting a certain page on MS's site. I visit the page, and it asks me to log in. Since I've never signed up for anything, I can't log in and can't get them to stop sending the mail.
My solution: All email from microsoft.com is automatically deleted.
About 50% of the spam I get is received from outblaze.com servers. Some of it is from legitimate companies I know I have given my email address to, some is from legitimate companies I know I never gave my email address to, and the majority is from your typical "enlarge your penis/fire your boss" spammers.
Outblaze's front page actually has a link to a statement that effectively says, "we're not spammers, we're victims just like you. Our customers are legitimate businesses who send you useful information you want to read." Bull. I have received thousands of emails from outblaze (that I have read), and not one of them was solicited or of interest to me.
My solution: All email with outblaze.com in the "received" headers is automatically deleted.
Unfortunately it was bounced as spam by their whitelisting procedures!
So no business deal.
Sent from my ASR33 using ASCII
The spam figures amaze me, i work as an IT manager and post on many newsgroups, i have hotmail address and i spend about 12 hours a day on line yet my spam haul is about 4-5 emails a day across 6 accounts ! Yes i post to usenet and i post to support forums and i use my hotmail .
The thing is i ONLY ever give out my hotmail address when subscribing for something, I never use my personal address at all unless i know and trust the person or org. Hotmail get a lot of abuse on this site i know, and i suspect most of you havent used it in a long time - its now a very good mail system and the spam blocks work very well, you see it once you block it and you dont see it again (the only ones that dont work for this are the degree mill people who run dictionary attacks against hotmail addys from throwaway accounts; but as its one a week im not too bothered.
I dont join any open discussion newsgroups with my real addresses, i use my hotmail or more often my bigfoot auto forwarder (had it for over 6 years) and get the mail forwarded to me, i can then manage it a bit better.
So i dont understand the 30-40 emails a day, that to me is simply someone who doesnt understand how to protect themselves and uses their email everywhere.
I dont subscribe to any porn sites (have you ever heard of newsgroups btw ? they are free you know) and i would never do so using my personal email - thats just stupid, as is posting to usenet with it.
Your mail client can no doubt filter spam (i use the dreaded and horrible outlook (never had a virus from it but maybe its just my systems) and it has very effective spam filters in XP) or set up some rules to handle it - mine just gets deleted immediately (dumped to tghe deleted items)
If you're getting 40 spams a day you've been careless with your email addy and youre reaping the price.
Its something i expect an AOL newbie to do not a software developer.
I refuse to argue with Anonymous Cowards - if you want a discussion get an account....
Internet Mail 2000
Dan Bernstein has some information about this project on his page. Part of the problem is persuading the entire net to scrap their existing mail infrastructure, something I think is likely to happen soon after the first honest politician gets elected.
People are never as simple as their stereotypes. This applies equally to Christians, Muslims, and Emacs-lovers.
I don't know where they get the figure of 1400 spams per year, because honestly I didn't read the article. But there are over 12 million companies in the United States alone. If a mere one tenth of one percent of them sent you one email per year, you would get over 1000 msgs per month.
Does anybody think this idea might work?
How about we put in an RFC for e-mail passwords. I give out the e-mail password to anyone who I would like to get e-mail from; any e-mail that arrives without my e-mail password is discarded at the server.
--Richard
While I was still in school I did just this. I set up a few filters that would put their email on hold for 3 days (or something) unless they sent another mail with a password. If noone responded within 3 days the email wouldn't reach me.
You wouldnt believe how many ppl mailed me back telling me I was an insensitive bastard and a lot of other things.
I applied this policy to everyone (even mailinglists I'm afraid) but since this was a one time mailing, unless they didnt send the pwd and got put on the white-list, I figured ppl wouldnt mind.
Anyhow, spam mails dissapeared during my little experiment, unfortunatly so did a few email-friends.
.haeger
Be a manager: Hattrick
You are not entitled to your opinion. You are entitled to your informed opinion. -- Harlan Ellison
If you want a quick efficient Spam/Virus blocking program in C that can .forward or .qmail file for Sendmail/Qmail or postfix try
be put in a
the Blackhole. It works well, light load on servers, and does many
types of blocking.
http://the.groovy.org/blackhole.shtml
I use *hack, cough* Microsoft Outlook *gag* as my email client, and it has simple filtering features that can make it work like TMDA or a whitelist.
What you can do:
1. Set a rule to recognize and mark senders who are in your address book. Stop processing after this rule.
2. Set a second rule to divert everything else to a folder.
3. If you want, then set rules to delete known spam offenders. For example, I delete all emails whose subject line includes a certain number of spaces in them.
Review your holding pen periodically to rescue the legit messages and flush the rest. To grant privileges to a new sender, just add them to your address book (2 keystrokes on my system).
1400 per year is only 4 per day. That is an order of magnitude less than the amount of spam I get right now.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
OTOH, that you consider it such explains a great deal.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
the slashdot community is rather advanced, seeing the internet under more experienced eyes than most. most of us already get more that that 1400spam/yr (4spam/day) mark (i'm at twice that).
...we already see this today, but usually the guesses are wrong; for example, i just deleted a message to Harry from Molly about enlarging my cock. i am not Harry, i don't know a Molly, and i'm large enough already.
what do we do when we find spam? we don't fall for the advertisement, we report the spam, and we revise our filters so that we don't see that message again. by 2006, people less tech-saavy will have adopted these practices too (and we can probably double or triple the 1400 rate).
if laws and isps don't help, people will get so fed up and spams will get so numerous that they will undo themselves; people will simply stop listening, and it won't be profitable to spam.
another possibility is (if things get really out of hand) that spammers will have enough information about victims to target them masquerading as friends, including real name and interest of the victim in a suggestion-like spam.
Use my userscript to add story images to Slashdot. There's no going back.
I think it was Alan Ralsky who bragged about that figure per spam run. I remember reading an interview with one of the more persistent spammers who reported a 1-to-100,000 sell rate, but at 10,000,000 spams that's still a hundred sells.
If you google around, you'll find some web sites where anti-spammers (called "anti"s in spammer jargon) post their insight into the spammers world and psyches. One of the best is the venerable Behind Enemy Lines -- Premier Services Exposed" website.
Lots of info on how they communicate, harvest AOL accounts (that's now dated info, they have devised other techniques for their spam runs), and share the loot. A Must Read!
For documentation on organized spamming, there are two repositories with the dull date: SPEWS and spamhaus.
Spam is reaching the epidemic proportion that I now with increasing frequency receive the same spam on the same address several times, spaced a week apart...
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
That 1,400 number may not be surprising to anyone who's been on the net for a while, but you also got to look at the balancing act that kept it that low so far.
Of the spam you receive, chances are that about a third is from spam outfits that spam from their own IP space, and about two thirds is real sleazy stuff sent through compromised servers around the world. Little if any is from companies you want (or need) to do business with.
Those two are not my main concern. The first category can (and eventually will) be blocked by IP address, and the second category will be battled in leaps and bounds by new block list initiatives.
Why is the first category being blocked? Simple: as ISPs get complaints from their customers, an increasing number is going to block them on their customers behalf, with no loss other than the spam messages.
The big thing that most people tend to forget is that the Real Big Firms have not really started spamming you, because of concerns over customer acceptance. If those concerns were to get less, then the real spam barrage starts.
Ever complained to your bank about the leaflets they insist on inserting in your monthly statements? If you expand this to the brave new world of cyberspace, it means you will not have much of a chance to stop the flood without losing your bank statements.
Fear is the only thing that keeps the thing from exploding beyond the current upward slope, and *that*'s why keeping up the pressure is so important.
Look at what happens if a company is near failure these days. In total desperation, an increasing number of them turns to spamming (hint: Google for Enron's involvement in spam).
Bert Driehuis -- All I asked was a friggin' rotatin' chair. Throw me a bone here, people.
When you have shell-access at your ISP (or have your own *nix-mailserver), see my procmailrc.txt about how to set aside spam (and other bulk-mail) by using procmail . It doesn't call any extra shell-processes, so it must be quite efficient.
.
The check on the X-ISP-SPAM-Warning: -header(that is added by my ISP)doesn't catch much. There is more than just spammers in the coded IP-ranges, for example M$ Security Bulletins are set aside as well: I read those once every few days by ssh -ing to my ISP's servers and using mutt
Of course this doesn't solve much. But it does win back some of my time and other limited resources. It's war out there.
So major corporations are having to devote significant resources to filtering (and apropos another comment, it doesn't really matter if this is done centrally or is left to individual recipients to do - it costs the business in each case)?
Good. It's already clear that in many developed countries they've got more lobbying influence than us mere voters. Let them use it for something useful for a change.
'cause we use spambouncer...
Be bold. Open pornographic spam. Print the most egregious offenses. Type a letter to your congressperson. Mail the letter with offensive spam. Repeat until good legislation is passed. This is a quality of life issue, a hindrance to business issue. Use your congressperson's love for "the children" to attack the spammers. Spammers ARE peddling porn (and business scams) to children at an alarming rate, and regardless of your feelings about free speech, this is aking to violation (at least for the youngest e-mail users) of innocence. Explain to your congressperson that you are for first amendment rights where people may search for adult material, but that receiving such unsolicited material is utterly unacceptable.
the Brightmail statistic that spam has doubled since September begs the question of what was happening then. spamgourmet gave admittedly far from scientific stats showing a marked *drop* in September, probably due to the attacks of the 11th. I wonder if Brightmail could say that spam has doubled since last August...