Slashdot Mirror
Collateral Damage in the Spam War
MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry.
" I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.
A number of spam filters and spam blocking agents will mark a message as SPAM if it is only Bcc'd or CC'd. If you're going to Bcc -- at least make sure you have 1 To recipient else you may end up in the SPAM Folder.
I've been using spambouncer for quite a long time and I've found that it catches more spam than Spam Assassin does.
As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.
I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:
* ^Content-type: text/html
* ! html; charset=
* ! from hotmail
| ${FORMAIL} -A"X-Spammers: text/html only message"
Your Milage May Vary
Do you Gentoo!?
If you'll trace the messages 99.9% of the time it's not from the return address (which is usually hotmail or yahoo). So simply blocking yahoo and hotmail seems kind of wasteful. Simply look at the black lists of open relays. They are the problem.
I think the "peer pressure" idea is becoming a bit of a "dinosaur" from the days of the mom-and-pop ISP. In the past, except for AOL, you didn't really have many large ISPs that kept on large numbers of spamming users.
The small ISPs would be pretty responsive to complaints, or if they weren't - they'd feel the pain of getting blacklisted, and would usually give in and kick off their problem users.
Nowdays, with most customers on one of a handfull of giant ISPs, it's no longer effective or realistic to ban the whole ISP. (EG. With the number of customers Earthlink has, can you really expect them to always keep *every* user with an open-relay off of their network? Even if they hired whole teams of people just to perform that one task, new people with open-relays would subscribe faster than they could discover them. Hence, Earthlink would almost always be on a blacklist.)
This is essential if you want to report spam to the sender's ISP. Otherwise, you report addresses being abused by spammers. It's also a useful filtering tool; an e-mail with inconsistent headers is probably spam.
My e-mail address was recently harvested by a spammer. I started getting SPAM from the listed domains but the only problem was the mail didn't show up as from yahoo, hotmail or mail in my mail log. Turns out the spammer was forging the return address and sending through an open relay. So I learned about how to set up sendmail to filter incoming mail through the Open Relay Database (ORDB). That particular spam problem has now disappeared. It helps when you run your own mail server but if I can figure this out in less than a day then a paid sysadmin at an ISP, company or school should also be able to do it.
You can find out more about the ORDB here and this site has very simple instructions for setting up sendmail to use the ORDB filter. Sendmail.org has quite a bit of additional stuff you can do to filter SPAM and still let legitimate e-mail through. ORDB also has solutions for people who don't run their own mail server and just connect someplace with a mail client to get their mail.
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
after filtering the Content-Type: for ks_c_5601-1987
(upper and lower case) I havnt recieved an asian spam mail, given that I used to get 20+ asian spam a day this helps a lot. In Outlook you cant(I think) filter on specific headers, but filtring on all Headers should do.
my $0.02
Before the earthlink "merger of equals", Mindspring had Harry. Harry absolutely rocked the abuse department. He worked together with the other admins (helped he was a Senior Admin in skill level) and they'd think up all kinds of interesting ways to "abuse" spammers. We'd catch them pretty fast if they were spamming from our network. One of my favorites was sending +++ATH0 in a formatted ping packet to their modem to disconnect them, sending thousands of spam messages back to their email client depending on what they used. Their port would be disconnected quickly. I think we had a 3 strikes and you are an ex-customer rule. Jan also rocked the news servers. I'm not sure how earthlink is handling things now post merger. I didn't hang around. :) At the time, were were number 2 in the world, and fighting spam very well. The "SPAMINATOR" product was very much loved by customers. I heard through the grapevine that it's basically a joke now, and doesn't work.
The most important thing any republican needs to know.
When I was in university and making web pages and stuff, I used to get tonnes of spam. When I posted to newsgroups I got tonnes of spam. However, these days, I just have two addresses... one for personal email, and the other for work email, and I rarely ever get spammed.
My personal email address is a yahoo account, and work email is provided from the company I work for. I give out my email addresses to friends and lots of contacts from work (and it's printed on my business cards).
I NEVER do these things:
-post to newsgroups with a real address,
-put my personal address on a website,
-give a real address when filling out surveys, etc. online
-sign up for newsletters
-give my email to anyone who asks over the phone ("Sorry, I don't have a computer, but yes, I'd like to order that CD-ROM drive")
-give my email address to Radio Shack
-enter my personal info into my browser
Basically, I just refuse to allow my email address to proliferate. If I do happen to get spammed, I just don't reply, and it tends to go away, but it's really rare anyway.
Of course, if I ran a website, I'd create a unique email address just for that purpose, and I'd expect to have the sh!t spammed out of it, but at least it would be separate from my real addresses.
"I have never let my schooling interfere with my education." - Mark Twain
Randomly? Yes, that's wrong. However, you can cut that 3X10^12 down to aroung 3X10^6 merely by running a dictionary file filled with common last names and append one or two letters after. How do I know this? My personal email address is mccallclAThotmailDOTcom, and many of the spams I recieve are also addressed to mccallca, mccallcb, mccallcc and so on.
If you fall off a building, go real limp, because maybe you'll look like a dummy and people will be like hey, free dummy
Check out spamgourmet.com. It institutionalizes that idea. Once you're registered you can create self-destructing email accounts, that accept N number of messages. The slick thing is that it creates them on the fly, the first time you send email to it, so after having visited them, you never have to go there again to actually create these accounts.
TMDA takes advantage of this sort of thing. So it does what you're talking about, but it also adds a cryptographic hash onto the extension to verify that you infact were the person who generated the extension. So my equivalant of what you're doing would be:
mark-keyword-slashdot.abc123@hornclan.com
mark-keyword-msn.a1b2c3@hornclan.com
The generation of the hash depends on a secret 140bit key that only I know. Thus I can create these things whenever I want and use them without modification to my mailsetup and be confident that no one else can generate these things that will get into my mailbox.
Other types of addresses that tmda generates:
Anyway, I'm pretty pleased with TMDA, although, as I say in another post, it can impact one's ego.
Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
Killing of all mail from yahoo/hotmail is pretty severe. Many, many people (who might have other legit addresses) maintain yahoo/hotmail addresses for when they're on the road. Many other people who want to keep the same address, regardless of what ISP they're using at the moment also use Yahoo/Hotmail. I recently did a search through a client's newsletter subscription database (to compile a list to send the newsletter out to) and over 50% of the addresses were either yahoo or hotmail domains.
... fine, but that's not SPAM.
I don't see why (with SpamAssassin) you would need to be so draconian. SpamAssassin catches all my spam, regardless of where it originated. If your installation isn't catching what you consider spam, adjust the rules a bit. There's a lot of good documentation on how to do this and it isn't real hard (mine seems to be working fine, out-of-the-box). Now, its very possible that a person would get legit email from yahoo/hotmail addresses that they simply don't *want* to get
Something I've started using more is simple mail aliases. Since I run many MTAs, I've taken one of my own domains and create an alias for a mail recipient for when I need to sign up for something. Let's say I order some X10 stuff. I'll create a quick mail alias called "x10" and point it at my usual mail account. I'll add a comment with a date, maybe a URL, etc.. to it and rebuild my aliases.db. There are 2 upsides to this. 1 is that I can easily make that a real account someday and spamtrap all that junk if needed. It's also garunteed to be accepted on every web form I come across. Occasionally I'll come across a web form that only accept alphanumeric characters (and the @) in the email address. Some webmaster thought he was being security-wise and didn't follow the RFCs. Whoops. No biggie. This method gets you around that little problem. The only real downside is that it takes a couple extra seconds to create that alias and add some comments about it. Oh wait, there's another plus. Some mass mailers strip out the plus notation from email addresses. Giving your address to, say, Citibank or CapitolOne as joeblow+citibank@domain.tld might confuse the person or raise suspicion if you're entering your address in a spamtrap. With the email alias, you can use an acronym, gibberish, or whatever you want for your particular situation.
And to do that they have to use a valid return address, thus ending their SPAM operation quickly (see other threads about this).