Spam Increases Make Things Tough For Companies

dosten sent us a link to a story running on Cnet about the spam epidemic. My favorite stat is that by 2006, we'll be getting 1400 spam a year. Of course, I already get that every week. Talks about foreign spam relays, block lists, and so on. Decent piece explaining a huge problem that's only getting worse.

Resume bots

[skippy5066]

The biggest offender for me? Resume bots. I post my resume to see if people are hiring, and I get 12 messages a day from OTHER resume posting sites trying to get me to go there and post again.

If they're smart enough to grab my email addy, why can't they harvest my resume too and leave me alone?

-skip

This may be the only way to keep up:

[TheFlu]

Here is, what I believe to be, a better approach to fighting SPAM: Tagged Message Delivery Agent(TMDA)

I block Asia, Russia and other places

[Offwhite98]

I noticed a massive increase in the amount of spam that I was getting. Fortunately I am running my own FreeBSD server for mail and I simply updated access lists for the frequent offenders. That blocked some, but I was still getting a great deal of mail coming in.

Finally I was told that I can identify countries by their IP block. Now that I block Korea, Russia and other countries I am not back down to my normal daily allowance of 2 pieces of spam a day.

I also have a spam blocking strategy others may want to use. Since I run my own domain I create an alias for every website which wants me to register. For example, here I have an alias for slashdot@offwhite.net which is posted along with my comments. I also have one for cdnow.com@offwhite.net, cnn.com@offwhite.net, etc. When I sign up for a newsletter or post comments I will know where the incoming spam originated. Unfortunately I found that my slashdot alias was the culprit for much of the mail. Spammers are obviously scraping this site.

After I put my spam blocking lists in place, in addition to the normal RBL features you can do with spam I am block tons of mail for me and all the users on my server. And in a single day the daily report that FreeBSD sends out shows that I blocked 111 pieces of mail just for my offwhite.net domain.

Perhaps eventually I can release some of these offending domains from my access/blocking list, but for now I am simply returning an obscure message that the user was not found. It is my hope that they simply remove my name from their lists. One can only hope.

Re:spam defense

[reaper20]

I don't think that will fix the problem, except increase the amount of lawyers in the world, and we can be sure that's not good.

I know two wrongs don't make a right, but I would actually respect script kiddies and the like if they targetted spammers instead of everyone. Someone cracking into the spamhouses and creating havoc on their networks, thrashing their servers, and randomly destroying spam programs would make for some good storytelling on slashdot.

I say screw the legal road, they're using 'illegal' and sneaky ways to take over systems - I say we give it right back to them.

Normally if that happens to a sysadmin or friend of mine, I am apologetic - having this happen to spam scumbags, I would cheer from the sideline.

not blacklists, whitelists

[einer]

This has been mentioned before (but I'm too lazy to search for the artcile), but blacklists aren't the answer. As inconvenient as it sounds, whitelists are the way to go. If your e-mail address isn't on the whitelist, your message doesn't get delivered. When a message is received that isn't on the whitelist, an automated message is sent to the sender informing them that they can be added to the whitelist by replying to this e-mail with a provided hash/password. Once they reply to the notification e-mail, they are whitelisted and their original message is delivered. Anyone who wanted to maintain a whitelist could do so, those who didn't want to bother with it could deal with the spam.