Slashdot Mirror
Anti-Spammers Wage E-War
ncstockguy writes "To its credit the Hartford Courant followed up with a second article this time from the perspective of an anti-spammer." The first story was about the life and times of a spam king.
← Back to Stories (view on slashdot.org)
From the article:
"They are every fly-by-night artist that ever wanted to place a tiny little ad in the newspaper and get away with it," Frederick said. "I have yet to see one legitimate product advertised in an e-mail that I didn't ask for."
Never thought about it before until now, but I don't recall ever having ever seen one either...
Until this war against spammers is won, I will continue to use Mailwasher.
Sign me up for the war, want revenge for this, feel free to advise.
A feeling of having made the same mistake before: Deja Foobar
Yes, most ISPs terms say that you can't send spam. That's not enough. The terms should mandate a fee of $1 for every email address you send to if it is determined you sent spam. That way, if they want to send out spam their credit card would automatically get charged. Make the spammers pay for sending out their junk.
to stop spammers.
I have an account I purchased from spamcop.net. I never used the email address onything (i've never even checked it) and it's bounsing spam every day.
Spammers hack systems to get accounts, they harvest them, they buy them (illegally) from state agencies. These people are scum and I consider it my right, duty and priviledge to take them out whenever and wherever I can find them.
I am in the process of building a snort utility specifically designed to track down the home IPs of spammers (in the US at first).
I won't go into details on what I plan to do when I get some, but rest assured it will be neither pretty nor legal.
My $0.02 will always be worth more than your â0.02, so
Spamassassin
Okay, so that's more like 6 words, but still it's great. A guy I work with turned me onto it and I love it. And adding a `spamassassin -r` in my procmailrc for known_spam gives me the feeling that I'm actually doing my part in preventing SPAM.
Click here or here.
I don't even know why spammers bother. Does anyone really fall for 'Have a bigger penis in 3 days' or 'Lose 50 pounds in 23.2 seconds' or any of the other common spams? I mean come on. I would not mind, actually I would WELCOME email advertising if it was only for things that I could use. I like working on cars, computers etc.. so if I were to recieve advertising based on those things,that actually came from a trackable source, with a reliable way of removing oneself from the list, I actually might be HAPPY about it, since I could find out about new products and places with good prices on them. Mass-email marketing COULD work, if anyone could actually trust the vendors, but of course we all know that we can't. I'd like to see legitimate vendors joining us in the anti-spam war, it could only be a positive for them. As it stands now, if I even WANT a product, I won't buy it if it comes as spam. Take the x-10 camera for example. I'd love one of those. I could think of 1000 things to do with it, and that doesnt even include the sneaky, spying on the 18yr old girl next door type ones. But guess what? I'll never, ever do business with them because of their aggressive, intrusive advertising methods.
Don't Tread on Me
Anyone remember his anti-spam campaign against one Bernard Shifman?
Shifman Is A Moron Spammer
Schwartzman's anti-spam page
This article made me think of a slightly modified version of the question asked in the article yesterday about The True Story of Website Results: If you could press a button and kill a spammer on the other side of the world, would you do it? And would you even need to be paid the million dollars?
I tend to agree that we probably don't need new laws. Laws already exist that can cover alot of the Internet sewage.
I think a set of bylaws should have been set forth quite some time ago. Bylaws to ban things such as spamming, massive pop-ups, etc. These bylawas could be set forth by a governing body(IETF maybe). If someone/something violated these bylaws then appropriate action could be taken.(account termination, blacklist, etc)
The Internet should be self regulating in itself and laws should be left for crimes in general regardless of the methods used to commit them.
just my 2 cents
Keep the Classic Slashdot.
All an ISP has to do is inform their customers that any e-mailings of over 50 addresses will be reviewed and placed on hold for the customer to acknowledge that it is indeed their e-mail going out. After it is acknowledged, if it is an advertisement or spam, that e-mail will cost 1 or 2 cents for each address it's being sent to.
Unfortunately, this doesn't address the torrent of spam from China, nor the Nigerean Millions waiting for a bank acount spam, But at least it would be a start.
_ _ _ Go for the eyes Boo! GO FOR THE EYES!
I used to work in the industry, and while we'd never send mail on the 80-million-a-day scale that some of these guys do, we'd certainly send half-a-million in a given day, to broadly scattered email addresses. We always made a specific point of keeping the email small (under 1K) and it was *very* clear who the source of the message was (never luv384j6@h0tmail.com).
The mail itself invited the recipient to sign up as a mystery shopper, which would give them the opportunity to get paid to evaluate services in their local neighborhood.
Unfortunately, in a world of snake-oil salesmen, we took a lot of grief for the approach, even though it still paid for us to do it. Because the offered product (which was really a part time job offer) was legitimate, we never attempted to disguise the identity of the source. Bounced mails were automatically flushed from the database. Removal requests were honored. The advertising business was tracable. (Our address, phone number, president's name and industry association registration was on the first web page link in the message.) But because of all the charlatans out there, we were taken to be just one more instance of spam -- which in some sense we were, but with at most a tiny fraction of the rudeness which permeates the practice.
People will say that spam is the same as junk snail mail, but it's not. "Legitimate" junk snail mailers will happily bear the cost of sending their messages, knowing that they are advertising a legitimate product or service. Spammers push that expense off on the people receiving their message.
To further the theft of services concept, an overwhelming majority of spam is sent through open or unsecured mail relays. This means that people who have no legal right to use those services are using them, much like someone who splices into an apartments building's cable tv system to get free cable. And as I always point out in my spam complaints, there's always this little gem:
-----
Darwin is an evolutionary OS...
--
Apple hardware still too expensive for you? How about a raffle ticket?
Come to the University of Mars! Classes starting soon!
Several ISPs, such as Verio, UUNET, Qwest, etc. host many spammers, and are willfully ignorant WRT the activities of the spammers - they do a fine Sgt. Schultz "I know NOTHING, NOTHING" when confronted with the evidence.
First, I suggest EVERYBODY use Spamcop or a similar reporting service when the get SPAM (disclaimer - I am in no way associated with SC other than using their free reporting service).
Second, if you get a spam from a server hosted by one of these ISPs, you use www.bitch-list.net to turn the crapflood back on the ISP - make it cost them more in support calls than the spammer is paying them.
Third, if any of you HAVE servers hosted by these ISPs and you ever get shut down for TOS violations, you sue the ISP, claiming discrimination - "They didn't TOS these spammers, why are the TOSing me?"
Make it cost the ISPs more to host the spammers than the spammers pay, and they will drop the spammers. Remember, both Verio and Worldcom/UUNET are hurting for money right now - pink contracts must look pretty good to them ("See, the spammers will pay DOUBLE for bandwidth!"). Turn the pink contracts into red ink, and they will cease.
www.eFax.com are spammers
The First rule in fighting spam is never ever respond to the spammers emails. You are just giving him an opportunity to realize that its a valid email address.
And just putting a "remove and unsubscribe" to your email reply doesnt "swamp" his inbox. If you really wanted to do that, send the biggest dll in your system folder, or that little virus you came upon.
But then again, since these scum hijack valid email accounts, all you might end up doing is spamming some poor yahoo/hotmail account holder.
Rapid Nirvana
Few spam mails have valid return addresses. By autoresponding you are likely not getting mail back to the spammer and simply increasing the amount of (essentially useless) mail that gets sent through the system.
An interesting thought came to me as to why I hate spam so much. It isn't just because there is too much spam, or it is annoying, or etc..
It's because they never, ever have sold a product that doesn't look like a scam, or porn to me. Every single spam I have gotten in my 7+ years on the internet has been for penis enlargers, aphrodisiacs, etc. It's like the snake-oil dealers of old have found a new home on the internet.
If I got coupons to the stores I frequent (or are in my area), or just adverts for legitimate, registered, good companies about products I might consider. It wouldn't bother me as much. But it's the fact that the spam I receive is pure, unadulterated, useless crap which explains why I hate spam so much, and don't feel too bad about junk mail I receive by post.
Just my thoughts on the issue.
~ kjrose
Because they fool around with the headers, that "remove and unsubscribe" email you sent goes nowhere. Unless of course your script is digging down into the body for the "real" email - but then in the spam I get it's mostly phone numbers "A Degree in 1 Day!" etc.
I'm surprised you haven't noticed the bounces in your inbox "User Doesn't Exist" etc.
Nice try, wish it worked for more than a small percentage of spam, but it won't. It may even _increase_ the amount of spam you get, as it verifies your address is "live".
> "People are going out there and
> tracking it back down to the source,"
> Mozena said. "Without that constant
> fight, things would be a lot, lot,
> lot worse."
Does anti-spamming really work? The administrators and users of SpamCop, SpamAssassin, etc. should back off for one 24-hour period. Let the spam roll in. If it truly would be a "lot, lot, lot worse" without spam-fighters, the happy fallout will be that thousands of indifferent users who respond to spam with "JHD" (Just Hit Delete) will see how bad it's become. Maybe they'll join the spam-fighting ranks, or at least demand a solution.
-- This
Due to the massive abuse, e-mail may simply become a thing of the past. I am gradulaly moving to a web form and dropping e-mail. To write me, visit my page and fill in the online form. I'll soon no longer have an inbox.
As inconvienient as that is, it fixes most of the problems of the e-mail system. Mostly it will not accept any bulk mail from anybody.
The truth shall set you free!
Unfortunately I can't afford to be quite so idealistic. I've had people call/mail me that are offering services that I someday want to use. I wouldn't have internet accesses if I went by that motto since the cable company, the phone company and Sprint (they do wirless internet here) have called me to try and sell me stuff. Unlike SPAM, I find that people are actually offering me (or at least are companies that have offerings) something that I want. I don't think I've ever bought from a sales call, but I've bought form companies that make them.
However I find SPAM very different from telemarketing/bulk mailing for several reasons:
1) The telemarketers/mailers are 99.9% of the time legit bussinesses offering legit products. When Cox calls to sell my high speed internet access, they aren't playing around, they can and will make good if I want. When I get a book of coupons in the mail, I can really go and use those for the products on them. SPAM is fradulant so often it's not even funny.
2) Also, with classic methods, the sender pays. The company calling me is paying for the long distance time, the mailer pays postage. It doesn't cost me anything other than wasted time (and there is plenty of stuff that does that). SPAM costs me money, which makes me angry.
3) However BY FAR the most imporant reason in my mind is that when you ask a telemarketer/bulk mailer to quit, THEY WILL. Since they are real, legit bussinesses and DON'T want to get sued, they'll obey they laws and stop contacting you if you tell them they have to. When a telemarketer calls you, ask to be placed on their do not call list, they have to maintain one and you can sue tehm if tehy call you again (unless you buy something from you, then you have a bussiness relationship so they can contact you if they like). Also a lot of companies get your address from teh credit reporting beuarues. SO call up Equifax and ask them to stop giving it out. They'll tell you what you need to do (submit a request in writing I think) and then they will, and pass it along to the other two.
It really is the unrelenting, fradulant nature of many spammers that gets me. For the longest time I got a ton of spam from a place that wanted to allow my bussiness to acept credit cards. Well the thing is I don't HAVE a bussiness, and I already have service to accept cerdit cards anyhow. No matter, these assholes spammed me 2-6 times PER DAY. And of course they didn't say who they were or anything, just asked you to e-mail them (to a yahoo address) with a name and phone number to call.
Stuff like that really pissess me off, I eventually had to resort to a technical solution to make them stop. However when AT&T long distance was pestering me (about 1 call every 2 weeks) I just told them to put me on a DNC list and I've never heard form them since.
Why not fax them blank pieces of paper. They can re-use the paper, so the cost is reduced to virtually nothing other than the cost of the time on the phone line.
Still probably illegal; but I doubt you'd suffer any real consequences even if they prosecuted.
Hot Damn! It's the Soggy Bottom Boys!
I've started to have a much more aggravating problem -- spammers using the email address of an old account of mine for the From: of their spam! I know because undeliverable mails are being returned to me. Is it just me, or is this a new low even by spammer standards?
I'm in the middle of dredging through the headers trying to figure out what the company ultimately responsible is, but even if I manage to find out, I'm not sure what to do with the information. I want blood.
Any suggestions?
don't think it's a problem? just try joining your local chamber of commerce and see how much junk mail you'll receive every day! Even if you quit, it keeps coming in. My house is a mess.
I can't believe it's not lard!
Let's take a secomd and evaluate our "Mr. Roth," and determine if he is adding or subtracting value from the network.
.*@.*aol.com".
Martin Roth aka lumbercartel@hotmail.com
Martin Roth aims to solve the spam problem by educating spammers about proper e-mail marketing practices. But to educate them, he first has to find them.
Well, that sounds like a plan.
With practiced ease, Roth launches software tools with names such as "SpamCop," "SpamKiller" and "Sam Spade." These, along with multiple online accounts, help Roth comb through the junk e-mail pile for clues to the spammers' identity.
It's embarassing to use these tools because of the raw number of false positives they generate. Of course, for click and drool "d00dz, d3l3t3 yur spammer NOW!" people like Roth, that's a-ok. Of course, let's note that he belongs to a group that calls itself "Spam Wranglers Action Team," which by naming itself something stupid has demonstrated idocy.
But others, such as spam messages that appear to have been sent by an Internet newcomer, may present a better opportunity. A rookie spammer may fail to disguise headers and return addresses, create an amateurish sales pitch or promote a common multilevel marketing scheme.
So, go after new spammers because it's easy? Well, I guess they are easier to convince to change their ways, but if he really wanted to stop spam he'd be going after the mega-houses.
"Here's a guy maybe you can educate," Roth said, pointing to one such message among the scores before him.
What kind of education do you think this guy is going to get?
With that information in hand, Roth then reports the abuse and asks that the spammer be cut off. Many Internet providers will comply, since the sending of spam is usually prohibited by their own user policies. Providers that don't comply could face the prospect of being added to the blacklist of companies that support spamming.
Oh, that's some quality education there, sir.
As he speaks, Roth's computer erupts with the sound of gunfire once more. Roth
smiles broadly.
"Got another one," he said.
And that, my friends, is why these people do it. Because they enjoy the feeling of power that cutting people off the net gives them. They are like petty IRC dictators, typing "/kill
Martin Roth is doing nothing to help the spam problem, and he is a poor choice of people to profile. Martin Roth is yet anoter Maryanne Kehoe
I'm the best IRC client ever.
At the very least, they pass on their info to the various blacklist sites, when then add the spammers to the reverse dns lookup lists. I run a personal email server that checks any incoming connection with ordb.org and relays.osirusoft.com . Believe me, those two lists right there stop ALL of my spam. I havent seen a spam msg on my personal mail server in months.
Lawyers, MBA's, RIAA? A jedi fears not these things!
Don't just delete it. Everybody deletes it and it does no one any good. LART it (read: report)! If you take a few minutes to look into the headers of the spam you'll find a wealth of information. Was the message sent through an open relay, was the message sent through a vulnerable formmail.cgi, was it a proxy, where the message actually originated from (usually but not always), etc.. Looking into the body of the message usually gives you links to the people that advertised through the spammers. LART everyone and send a copy to uce@ftc.gov. Report the open relays to the various DNS blacklist maintainers. Report repeat offenders to their upstream. Report the stock scams to the SEC. Report the penis enlargement pills to the FDA. Report the Nigerian Money scams to the Secret Service. Don't through the message away. Take a few minutes and do something with it. At the very least forward it to the FTC's dropbox. At the very least.
How much would you pay to be able to instantly kill a spammer, anywhere in the world?
How much if you could subject them to torture first?
How much if you could force the other spammers to watch?
A colleague and I agreed that if we were to take money out of our 401(k)'s to hire a contract killer for sapmmers, that the withdrawal should be tax-deductable. Possibly even listed as a charitable donation.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
There is also software out that makes it trivial to "spam" a web form, that is, to constantly call the CGI with random input, flooding the message store with bogus data.
My answer to spam?
Use GPG, and only email encrypted with your public key. If someday you start getting encrypted spam (never happened yet, encryption takes CPU resources), there is a more draconing step-
Only accept mail that is crytographically 'signed' by people in your personal keyring, or from somebody who has had their public key signed by somebody in your keyring.
This restricts incoming email to 'friends', and 'friends of friends'. It is spam-proof.
It also ensures that your Aunt Millie in Oklahoma who only uses WebTV will never be able to send you another email. This could be a good thing, depending on how annoying Millie is.
I do not deploy Linux. Ever.
Get your own domain 'sugrshack.org', and set up an MX record for 'lists.sugrshack.org' pointing to some static-IP Unix-like machine where you can set up a virtual SMTP domain (e.g. Qmail).
When you visit ZDNet and subscribe to their mailing list, you subscribe as 'zdnet@lists.sugrshack.org'. When a mailing list starts selling your address and refusing to honor unsubscribe requests, you simply stop accepting email for the one address 'zdnet@lists.sugrshack.org', and the problem is solved.
There are a few complications to this approach. The biggest hassle I have is that I do need to post to several lists that restrict posting to 'members only', which means I need to adjust the 'From' address on outgoing messages to reflect the address with which I subscribed.
I don't have to worry about forgetting what address I used when subscribing, as Qmail will included a 'Delivered-To:' header for each message received to a virtualhost/alias.
Another drawback is that I get even more spam than before (identical spam runs addressed to each of many aliases). However, spam sent to 'expired' aliases is easily filtered out and discarded.
I do not deploy Linux. Ever.
For what values of sense are we talking about? Take a look at GoogleGroups search of news.admin.net-abuse.sightings, and let me know how to your legitimate mystery shopper offer from all the others: URL from Hell Quite a lot of it, isn't there?
One line blog. I hear that they're called Twitters now.
Yep, I told it to filter EVERYTHING except my address book and my "safe list", and spam still gets through.
I guess that the coders didn't quite understand the concept of:
if (!find(address_book_list,address) && !find(safe_list,address))
message_is_spam();
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
"I'm a sucker and I'm confirming that this address is valid and read. Now you can spam the hell out of me and sell my address to all your buddies.". No reason to beat around the bush. Be direct about it. This is what you're doing after all.
Copy their original spam message into WordPerfect (I said this was many years ago), set the page length to 1/8 inch, and hold down the "Page break" (Ctrl-Enter?) to ensure that each line of the message was on a seperate tiny page.
Save and send via faxmodem...
Buzz, Click! CHOP!
Buzz, Click! CHOP!
(repeat x 200 lines of spam).
Voila, pre-shredded fax. Also handy when you need some confetti in a hurry.
I do not deploy Linux. Ever.
Did a Google search for "spamjamr", an anti-spammer group or individual listed in the story and was directed to an Angelfire member site. Of course Angelfire member sites contain the one thing that rivals spam in annoyance levels -- multiple pop-up windows.
I'm surprised that no one mentioned sneakemail. I've been using it for almost a year now, and I've gotten only two spam messages, at addresses I used posting to usenet. I simply deleted those email addresses; no more spam.
Didn't slashdot have a story a while back about a study on how to get on SPAM mailing lists? I believe they found that posting on usenet was the worst.
Sneakemail is still free, but they are now asking for donations.
I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
Instead of going after the spammers how about going after the people paying them to advertise their crapola? Make the merchant legally liable for the spam. They have to give you some sort way of contacting them unlike the spammers.
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
The article talks about a SPAM Swat team ; and the concept of that is absolutely rediculous. When it takes teams of people to shut down spammers, the Spammers have won. That might work for the time it takes to do the article - but it is not a 'sustainable' activity. These SPAM swat teams aren't going to exist forever.
What needs to happen is the Email protocol needs to be re-written. It was originally developed in RFC822 to be an open standard that could take on many forms and purposes.
Today, we know how Email is used intricately, and the protocol can easily be re-written to *ENSURE* Spammers do not have the ability to automate spamming.
My company is re-writing the protocol over the next year or so ; and our changes will made available to the world.
Ace
Try SpamAssassin (www.spamassassin.org) - it's very easy to set up and requires very little configuration, and most importantly is very accurate, only occasionally letting spam through or mis-classifying real email. I just whitelisted a few email addresses and added a couple of rules to get rid of particularly annoying spam. I also got it to prefix a long '**** SPAM *****' prefix to the subject lines so I don't even have to read the tedious spam subjects.
It can even look at the Received headers so you can distinguish between email that is genuinely from yahoo.com etc, vs email that is using a forged From header saying @yahoo.com. I use this to add extra spam points to email received from an old email box that gets almost nothing but spam.
Nearly 200 different non-existant usernames in my various domains are being spammed, many on a continuing basis. These are usernames that have never existed, and never accepted delivery of mail, so they are definitely not confirmed opt-in's for anything. It just shows how far spammers will go, and how they never clean up their lists (as if that would help real people).
now we need to go OSS in diesel cars
Microsoft's hotmail setup with their new paid subscriptions for 10MB storage is brilliant. Normally users' 2 MB gets filled up with spam really fast and they can't block it off. Their legit messages don't get through and they either pay for more storage or leave the service disgruntled.
This is brilliant because MSFT is forcing the non-subscribers who are a financial burden to leave the service and and making a profit from everyone else who is stupid enough to pay for a 10 MB webmail account. (Hint: 20 MB webmail with IMAP4 + 20 MB hosting at www.graffiti.net - warning, they hav many popups!) This way, MSFT's non-working anti-spam features are actually making hotmail service less expensive for them to run.
There is also software out that makes it trivial to "spam" a web form
.net killer app of the future. Spoofed mail will be impossible, confirmed ID required for membership, user must be logged in to send mail to other members, stiff EULA with heavy penalties etc. That is probably the mail system of the future.
Fortunately my current public form is members only. Membership is free. You apply and receive your password by e-mail. That eliminates false headers & bulk mail. That is why I use it. As a member for over a year, I have yet to receive my first Unsolicited Commercial E-mail through the system. It works for me. The noise floor is low enough a filter is not needed. Unfortunately I must also keep a regular box for attachments. It's highly filtered and kept hidden and off lists as much as possible. Most spammers don't take the time to get membership into small private mail systems. Verification of identity is a requirement that most spammers do not get.
Somehow I see this being the new Microsoft
The truth shall set you free!
I received an unsolicited email, alerting me to broken links on my website. Two weeks later, I received another one. Two weeks after that, I received a third, along with an ad for the service, which would continue to so-update me in the future.
Although it is against my principles to buy from spammers, I did, in fact, subscribe to the service and have been happy with it. Now that my spam has gotten out of control (I wasn't getting very much at the time, years ago, and wasn't as aware of the issues involved) I regret having given them my money.
But I have to admit that I am happy with their service
God is real unless declared integer
I don't seem to get much spam at all. Maybe it's because I use a couple or three web-based e-mail systems that filter already for me, maybe it's because I don't publicize my e-mail address much, maybe it's because I'm just lucky. I don't know.
/dev/null by way of abuse@, which I've done four or five times now. :)
That said, the spammers I hate the most are the clueless morons like your average Primericatroids, who hang out on job boards, cull e-mails from posted resumes, and send "contacts" trying to solicit me into their multi-level marketing Ponzi schemes. Most of these people are just clever enough to un-spamproof an e-mail address, but not clever enough NOT to use Hotmail/et al accounts. I get a real evil(?) thrill out of sending those twits trolling for suckers to
I'm not a geek, I'm just a clever script.
There is a possible solution to spam - it would take time, but...
We change the RFPs for email transport (yes, I know they are among the oldest out there), so that they require some sort of crypto key before a message gets forwarded/delivered. If the key does not match the domain, it's not accepted
Details would still have to be worked out, but I think the answer is going to be to get rid of mail transport as we know it
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
Use Spamcop. It has a nice little window where you can paste the message source. If you select show details, you'll see everything you need to know as well as who spamcop will contact about the spam. It was well worth the subscription cost just to get an email address I could forward spam to and have it automated.
"Fighting the underpants gnomes since 1998!" "Bruce Schneier knows the state of schroedinger's cat"
SpamFaq
One line blog. I hear that they're called Twitters now.
Its a royal pita, but try 1-800-555-1212 and ask for the authority for the 800 # in question. ie ATT, MCI, etc.
Then you have to contact them, and ask for their legal departement and ask where do you send a subpoena to get all the necessary info to sue their customer. This usually rattles the low level individual who takes the call and gets you bumped up into management.
Next, take a field trip to someplace with a lot of pay phones, and start calling those 800 numbers. If you have to sit around an airport for a couple of hours before your flight - well start racking up charges on those 800 lines.
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
Perhaps 10 years ago, you could have done it, and no one would have complained too much, but times have changed. All the creeps have pissed in the pot and poisoned the well.
The other problem with "legitimate" offers like that is that they don't scale up. What I mean by that is if 10 businesses send me an offer in a year, no big deal. What if 100,000 do it? What if small businesses around the world do it? Even if they all had a valid remove, I'd still be opting out all day long.
And some even with a valid remove, don't keep a "do not email" list, they only remove my record. Then, when they get another "millions" CD and merge it, I'm back on the list.
My mailbox, my property, my rules.
One line blog. I hear that they're called Twitters now.
The current answer, while tough, seems to work: Block the spammer's IP, and complain to his ISP. If the ISP takes no action or hops the spam to a new address, block a /24 (256 IPs) of the ISP regardless of which customers of the ISP is using them. If the ISP continues to ignore complains, expand the list. Rinse, Repeat.
If ISPs are given the choice of having either spammers or legit customers, either way, you won't get any more spam from that ISP. The collateral damage isn't pretty, but the block-lists aren't the ones using honest customers as human shields. Spam-friendly ISP will either have to reform or provide intranet service.
Pin-point blocking has been tried for years. Frequently the ISP would just shift the spammers around. This isn't the happy-fun Internet any more, and spammers helped make it that way.
One line blog. I hear that they're called Twitters now.
If you're not interpreting the Received lines and the info in the body of the spam, you're only adding to the problem.
One line blog. I hear that they're called Twitters now.
No worries. And when your customers start calling because a lot of their email is blocked by people who got tired of waiting for you to fix your problem?
One line blog. I hear that they're called Twitters now.
At the government agency where I work, we get thousands of spam messages a day from slimeballs all over the world. Why? Well, another agency posted all our email addresses to the web once, people in the agency are clueless and "punch the monkey", etc. The usual reasons. We installed an anti-spam program from Trend (e-Manager), but it's a string-search program.
;)
Note to newbies at server-based spam-blocking: String-search programs suck. Half the time I got false positives and had users parading outside my cube with pitchforks and torches. The other half of the time it was false negatives and the user received the spam...and then sent it to us. ALL the time, I was updating the list of banned phrases, which is essentially "shutting the barn door behind the horse".
Recently, I've been testing DCC. It operates on checksums, kind of a "word-of-mouth" approach to spam. The theory is that if you have enough DCC servers, keeping a count of the message checksums, then you can block it based on its "bulkiness". I tested my inbox on a CGI demo of it that they have on their server, and it had a 100% accuracy rate.
I'm not going to go into it much further, since you can read the docs, but this is the first day of the test, and so far, I've got a couple thousand hits; 90% of it is spam (I'm updating my whitelist as I write this). There are a couple programs like it (I heard on the Register that they're putting out one like it using a P2P client model), but I think the future of spam-busting is in this.
Gazing at the lewd/fraudulent/ridiculous subject lines cropping up in my DCC logfile, I realize: If the Internet had a body, this part would be the ass. Seeing all of it makes you almost despair for humanity....except for the fact that DCC caught it, and you know people won't have to look at it.
As far as I can see, the more admins get involved in this, the harder it becomes for spam to propagate...and there are a dozen other tricks you can do to cut it down. So what are you waiting for? Join in the fun. There are some problems with this method (the worst being that you need to "whitelist" legitimate bulk mail or it'll get caught), but it's definitely the best approach to killing spam that I've seen yet.
There's no sig like this sig anywhere near this sig, so this must be the sig.
Whitelisting : automated I thought about implementing something along these lines, (upon receiving an email from an unidentified source) just sending a simple message like "I've never received email from you before - please confirm that it's for me by clicking 'reply' to this" (and then maybe something a little bit more detailed about spam at the end - but nothing too complicated to scare off your auntie etc etc )
You could then include either an identifiable header etc which would both automatically add that user to your whitelist and allow the first message through. The only problem is that any of those pesky mailing lists you sign up to, or other automated things (i.e. bank / credit card etc ) wouldn't get through. It wouldn't take long though to put any "maybes" in another folder. Also, by issuing an 'auto reply' you'll probably kill 99.9% of your spam dead, as which spammer ever mailed from a real account ?
Two wrongs may not make a right, but three
If at all possible, don't drop their connection - just slow down to accepting a packet a second.
This ties up the offending mail server, and keeps it from spamming others.
If you don't like this, then configure your server to send back a NAK message ("Spam not allowed" or some such) at one character per TCP packet, one packet a second.
www.eFax.com are spammers
Thanks. That was the basic idea behind my proposal. It got a mixed reaction and, as a result, I never implemented it.
Since then, the spam problem has just gotten worse and little has been done to improve the situation. The biggest difference is that you can no longer expect to get a response from the ISPs telling you what, if anything, was done as a result of you reporting a spammer. And spamvertised web sites often stay up for days or even weeks after the spam is reported -- something that makes the spammers very happy, I'm sure.
While I use the various open-relay databases and report open relays to them, they really don't solve the spam problem. Some small percentage of ISPs and businesses use those services and their users won't get the spam. But the spammers will still send it out, figuring that they will just get a slightly lower delivery percentage. They don't give a rat's ass if they generate bounce messages for 30% of the e-mails that they send.
The situation now seems to be one of trying to increase your defenses rather than taking out the offenders.
P.S. Your English is fine. I wish I was as skilled at a second language.
I have been using SPAMCOP to report SPAM. You can sign up (free) and then start reporting the spam you receive.
Advantage is that you don't have to do all the traceroutes etc yourself; they check the headers, report to appropriate admin accounts, abuse accounts etc.
There is even a tiny 'plugin thing' for MS Outlook that is really nice; plugs all relevant info into an email or to the clipboard.
Highly recommended!
If anyone who I asked to not call me does, I'll sue them. No it's not much money ($20 I think) but that's not the point, the point is it'll get your message across. IT's all small claims court so you don't need a lawyer or anything.
What you are doing is similar to efforts to reduce the mosquito population by releasing large numbers of sterile individuals - by distracting the fertile individuals they reduce the overall population next generation (the same approach is being used for moths, cats, etc.)
It only works when either a) the individuals involve only breed (spam) once, or b) when the number of sterile individuals is a large fraction of the population.
I don't deny the use of honeypots, spamtraps, etc. in catching the spammers, but since spammers don't meet criterion a) (they spam multiple times), you will reduce the overall spam count only if the number of bogus relays is close to the number of fake relays. Otherwise, a spammer will simply send his spewage through multiple relays.
Now, IF the ISPs would use this information to terminate spammers immediately, then you WOULD satisfy criterion a) - a spammer would spam once, then be terminated.
However, this is ALSO true if ISPs would heed spam reports in general. Specifically, if ISPs would simply set up appropriate liasons with Spamcop, they would get the effect of your honeypots (the IDs of the spammers) in a fashion that the spammers could not simply avoid - to stretch my analogy, the hosts the mosquitos feed upon would become poisonous.
I'm glad you feel you are having some degree of success. I don't deny you are having some impact on the system, probably more than I have by reporting spam, LARTing Verio every chance I get, and encouraging others to do the same in public fora like this. However, just as releasing five sterile mosquitos will not have much effect on the disease-ridden little bloodsuckers, I doubt a few honeypot relays will have any effect on the disease-ridden little bloodsuckers.
www.eFax.com are spammers
If you really, really can't find a vendor other than one who has junk-marketed you, then at least you should try to hide that.
If a junk call gives you the idea to get a service, then spend a week or two calling around to make sure you've found the best deal. Then call them and order. This bends their stats to make junk marketing look less effective.
And to get them to stop bothering you, consider signing up with Private Citizen and something like Privacy Manager. Between the two of them, I get one junk call about every three months now.
There's and idea I've had about this; maybe y'all can help me work out the kinks. The basic theory is that the Internet allows you to aggregate a lotta little bits of effort or money and come up with an impressive whole, right?
So we open a web site in Tonga or Kazakhstan. Say spam-killer.to or kill-spammers.kz. Anybody can come and contribute money via credit card towards the offing of known spammers. The big spammers would quickly attract large bounties, which would attract high-quality heavies. Whoever gets the spammer gets the bounty. The main problem: when a spammer gets offed, what do we do if there are multiple claimants? You sure don't want to pay the wrong guy; you'd have a skilled murder mad at you.
Or maybe it would be cheaper to just club together and buy some congressmen; thanks to the crash, congressmen should be even cheaper than Nasdaq index funds.
(For the record: Yes, this is a joke; I don't think spammers should get more than 3-5 in a federal pen for the first offense. The bit about bribing congressmen is also a joke. As are, now that I think about it, said congressmen.)
That is a bit too little time to ascert the quality of a product.
I feel your pain though and will have a look.
IANAL but write like a drunk one.
(This assumes that you actually do work for a tier 1 provider, and aren't just trolling. [Hope it's not Worldcom/MCI/UUNET!] *sniff*sniff*, you've posted to nanae before, I recognize that scent.)
"Most of our customers understand that the blacklists are not well run and the info with in them are inaccurate. They call the ISP that is blocking them and explain the situation and those ISP either whitelist them or stop using the black list."
Pull the other one, it's got Bell on it.
One line blog. I hear that they're called Twitters now.
Umm, who's this "you all" that you're talking to? Do you imagine that all of nanae is part of an organized conspiracy or something? (On Usenet?!) Three words: shiny side out. (Mumble, abuse desk Kooks, mumble... :^) (Yes, you did use tinya, points.) I'm a member of the ARSCC [wdne] too.
Completely blocking a tier 1 all at once would be irresponsible, and would cause people who trust the block-lists they use, not to trust them. You should instead expect [ians] to be nibbled to death by ducks. A /24 here, a /16 there, soon or later it adds up to spare change.
Personally, do you like having spammers as long-term clients? Do you see spam as a problem to be blown off as the province of kooks or a long term threat that, alas, is low on the priority ladder?
Source for quote "The stakes are high for aggressive marketers eager to break through the clutter. Companies will blitz consumers with more than 430 billion e-mail advertisements this year. By 2006, that figure is expected to reach more than 960 billion. It is, by any standard, a lot of spam." All that and a bag of chips!
Eh, this has probably gone far enough in Slashdot. If you want to take it further, have your spamtrap email my spamtrap.
One line blog. I hear that they're called Twitters now.