Slashdot Mirror
Collateral Damage in the Spam War
MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry.
" I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.
The only people I got spam from was from the e-mail address I used to register domain names with through netsol.
I dumped that address (100 spams a day).
What I've done is registered a domain name (say fatgeeks.com) and when I have to use my e-mail address at a website, I'll append the website to the user name, such as:
dada_slashdot@fatgeeks.com
or
dada_msn@fatgeeks.com
When spam appears, I kill off that user name (very easy to do in any POP3 e-mail program) and then go to the website that sold my address and yell.
This helps track websites that "lie" about reselling your e-mail address.
No spam. No collateral damage.
but I still have to ban domains like yahoo.com
Does anybody else find it funny that this article is from yahoo.com?
I've found that once I stopped checking my email, I stopped getting spam.
Now, why haven't I heard from my girlfriend while she's been away at school.
Have you hugged your Karma Whore today?
A number of spam filters and spam blocking agents will mark a message as SPAM if it is only Bcc'd or CC'd. If you're going to Bcc -- at least make sure you have 1 To recipient else you may end up in the SPAM Folder.
I've been using spambouncer for quite a long time and I've found that it catches more spam than Spam Assassin does.
As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.
I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:
* ^Content-type: text/html
* ! html; charset=
* ! from hotmail
| ${FORMAIL} -A"X-Spammers: text/html only message"
Your Milage May Vary
Do you Gentoo!?
Since the Klez virus can be sent as if it was from your email address even when it has not come from your computer, is it possible that you could get put on a antiSPAM list because someone else has got the Klez virus?
The company I work with is switching our hosting away from Earthlink for that reason. We send mail from our domain but its reverse lookup is earthlink.net...Some of our clients deny mail from them as they have open mail relays. Bad for us Karl
I once, after installing, needed to raise a concern to the author, djb. I e-mailed him, and instantly recieved an automatic response.
The automatic reply stated that djb recieves an enourmous amount of mail, spam, and technical support inquiries. If I really wanted to e-mail him, the letter went on, I would have to reply to the automatic reply and copy in a 12 digit code which the automatic reply included.
I did that, and then recieved a 2nd automatic reply, stating that the code I entered was correct, and that djb would recieve my mail.
I imagine that a mail system setup in that regard would be the most potent weapon a mail server could utilize against spam!
The mail server could keep a database of known senders who entered the code correctly, and thereafter automatically accept their 'friendly' e-mail.
I forsee a potential abuses for this though. Annoying "spam bots" could learn to decipher the first automatic reply containing the code and then automatically send the spam, and contain the code which will allow the mail server to recieve the mail.
I would ask that if anyone knows how to install/administer the add on to qmail which performs this to please let me know! I recieve a tonne of spam, and becuase I get everything sent to the domain 'dmarien.com', I'll sometimes get upwards of 100/day.
Also, if anyone has a qmail server setup in this manner please let me know how satisfied they are with it's performance, and whether they get complaints -- and even if spam get's through -- i'd love to know.
Thanks!
dmarien
Q. How can the Chinese authorities get around the fact that the Great Firewall of China is doomed to be imperfect?
A. Get all westerners to ban .cn as spam. Then Chinese dissidents will be unable to communicate with the outside world.
I think the "peer pressure" idea is becoming a bit of a "dinosaur" from the days of the mom-and-pop ISP. In the past, except for AOL, you didn't really have many large ISPs that kept on large numbers of spamming users.
The small ISPs would be pretty responsive to complaints, or if they weren't - they'd feel the pain of getting blacklisted, and would usually give in and kick off their problem users.
Nowdays, with most customers on one of a handfull of giant ISPs, it's no longer effective or realistic to ban the whole ISP. (EG. With the number of customers Earthlink has, can you really expect them to always keep *every* user with an open-relay off of their network? Even if they hired whole teams of people just to perform that one task, new people with open-relays would subscribe faster than they could discover them. Hence, Earthlink would almost always be on a blacklist.)
This is essential if you want to report spam to the sender's ISP. Otherwise, you report addresses being abused by spammers. It's also a useful filtering tool; an e-mail with inconsistent headers is probably spam.
I get a ton of junk mail. Who doesn't? It usually gets tossed, unopened. Every now and then, I've tossed non-junk mail, as it looked like junk mail. It would be interesting to measure this "cost" of junk-mail.
I've had a number of people complaining about spam email originating from our server. A quick look at these emails from somebody who knows "a little something" about email shows that the email was an almost guaranteed forgery...the mail servers that relayed the message had nothing to do with us, besides which the user does not exist on our servers and the domain they sent from belongs to developers I know wouldn't fool with this stuff.
And yet, the damage has been done. These users don't trust me as a provider even when I explain how we lock down our server & prevent spam. They don't trust our domains, which means they block the ip -- an ip which may be mapped to 50 or more virtual sites. And all of this because our domain was the root of it all...a simple forgery that no email client really checks for validity because internet mail is designed to bounce anonymously from server to server. I've gotten spam that was "sent" from my own email address...which is silly, because why should I trust a company's services when they try to convince me _I'm_ marketing to myself?
What email needs is a set up like SSL -- a trusted third party to verify the validity of an email from a key generated by the sender when the receiver gets the mail. If the sender proves to be a spammer, the third party drops support...and charges a large fee for breaching a contract. We need this to occur without unwieldy programs (PGP) or user eductation...just some way to get a lock in the corner of a user's screen to let them know for a fact that user X sent message Y, and that if it was unwanted they have a recourse.
This new "Secure mail" could become popular very quickly, as many companies that communicate solely over email could use the security that nobody can send an email as ceo@trustycorp.com without the server's permission. The key is ease...SSL may have its problems (certs kind of expensive, monopoly of cert providers due to reliance on deals with certain monopolistic browsers, slowwww responses) but it has become a mainstay of secure communications for people who understand it (unlike my wife, who despite a BS in chemical anthropology believes that submitting her credit card via SSL over WEP 802.11b means a guy with a ham radio can read her number, so she places orders via cordless phone instead). Mail hasn't significantly changed in ten years...maybe it's time for smail!
Hey freaks: now you're ju
My e-mail address was recently harvested by a spammer. I started getting SPAM from the listed domains but the only problem was the mail didn't show up as from yahoo, hotmail or mail in my mail log. Turns out the spammer was forging the return address and sending through an open relay. So I learned about how to set up sendmail to filter incoming mail through the Open Relay Database (ORDB). That particular spam problem has now disappeared. It helps when you run your own mail server but if I can figure this out in less than a day then a paid sysadmin at an ISP, company or school should also be able to do it.
You can find out more about the ORDB here and this site has very simple instructions for setting up sendmail to use the ORDB filter. Sendmail.org has quite a bit of additional stuff you can do to filter SPAM and still let legitimate e-mail through. ORDB also has solutions for people who don't run their own mail server and just connect someplace with a mail client to get their mail.
They that can give up essential liberty to obtain a little temporary safety deserve neither safety nor liberty.
Ben
(this is similar to a comment I posted to the other recent fax SPAM story. it has been expanded.)
:)
------
I highly recommend using TMDA on your mail server to defeat SPAM. It works by maintaining a whitelist of valid senders. If someone emails you and they are not in the whitelist, then they receive a confirmation request email. They must reply to it in order to be added to the whitelist (at which point, TMDA will deliver their original message, and allow all new ones to pass through). No having to report SPAMs, no worry of maintaining a never ending blacklist. No blocking of entire domains, no having to "sort through the spam periodically". TMDA does it all for you, putting a minor inconvenience on first-time senders.
The end result is that I get no SPAM. Zero, zlich, nada, not one -- with no effort on my part.
I believe there are other packages out there similar to TMDA that you may want to try. Regardless, I'm convinced that a whitelist-centric strategy is the way to beat SPAM.
Note: You still must take into account mailinglists or other situations where you are going to receive mail from an unknown source that won't be able to process the confirm request (such as some online purchase confirmation), and this is where qmail aliases can come in handy. Ie, justin-linux, justin-sears, etc, and just throw them away if you ever get SPAM. TMDA even has some features to help with this, such as hash-generated addresses that self-destruct after a period of time.
Still, for all other purposes you can keep your normal address. No need for SPAM armoring ever again
-Justin
Before the earthlink "merger of equals", Mindspring had Harry. Harry absolutely rocked the abuse department. He worked together with the other admins (helped he was a Senior Admin in skill level) and they'd think up all kinds of interesting ways to "abuse" spammers. We'd catch them pretty fast if they were spamming from our network. One of my favorites was sending +++ATH0 in a formatted ping packet to their modem to disconnect them, sending thousands of spam messages back to their email client depending on what they used. Their port would be disconnected quickly. I think we had a 3 strikes and you are an ex-customer rule. Jan also rocked the news servers. I'm not sure how earthlink is handling things now post merger. I didn't hang around. :) At the time, were were number 2 in the world, and fighting spam very well. The "SPAMINATOR" product was very much loved by customers. I heard through the grapevine that it's basically a joke now, and doesn't work.
The most important thing any republican needs to know.
My mail gets processed by qmail, and it seems to automatically add X-Envelope-To: header lines, so you can see what address received the message.
Your mail server has to know who it is supposed to be delivering the mail to, and in most cases this is made available to mail filters in one form or another. Of course, if you're filtering it on the client side after it's been delivered to your mail box, you may be out of luck. (I've always been of the opinion that filtering should be on the server side, for this and other reasons, but people make do with what they can get.)
If idiotic pricks didn't ...
I'm dreaming of course.
Yes, you're dreaming.
About one in 100 (somewhere between 1 in 50 and one in 200) people in the general population is a psychopath. This is a (set of?) brain disfunction(s) that amounts to "no conscience". (Think "colorblind" but with respect to harm-to-others. But it's not known yet whether it's genetic, foetal insult, or what.) Additionally there are "sociopaths" - similar symptoms but as a result of training and social factors rather than an organic problem.
Some fraction of these people learn a moral, ethical, or legal code to compensate for their affliction. They can become honest, productive, and/or beneficial citizens. In some positions (such as political or military leadership or business administration) they can even excell, because their judgement about actions that will hurt other people is not as biased by immediate emotional concern. But many do not learn a code (or learn a defective one). From these come the bulk of the criminals, scam artists, tyrants, white-collar crooks, and so on.
In the absense of compensation a psychopath will be looking out solely for number one. It's not well correlated with intelligence - some are stupid, some very smart. A significant number will be able to handle spamming tools, and be willing to go for the immediate benefit to them (even if it's small), regardless of the damage to others or even long-term consequences.
Yes, Virgina, there ARE evil people.
Much of the social and legal institutions of all civilizations are dedicated to the problem of this small-but-effective population of psychopaths. In particular, legal systems exist to give them a set of rules to live by, a set of personal bad consequences for violating them (so acts that harm the law-abiding become bad for "number one"), and to remove from circulation those who just don't get it.
Short of genocide against psychopaths we will continue to have a plague of spammers for at least as long as people think there's money to be made (or fun to be had) and it won't get you busted.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
When I was in university and making web pages and stuff, I used to get tonnes of spam. When I posted to newsgroups I got tonnes of spam. However, these days, I just have two addresses... one for personal email, and the other for work email, and I rarely ever get spammed.
My personal email address is a yahoo account, and work email is provided from the company I work for. I give out my email addresses to friends and lots of contacts from work (and it's printed on my business cards).
I NEVER do these things:
-post to newsgroups with a real address,
-put my personal address on a website,
-give a real address when filling out surveys, etc. online
-sign up for newsletters
-give my email to anyone who asks over the phone ("Sorry, I don't have a computer, but yes, I'd like to order that CD-ROM drive")
-give my email address to Radio Shack
-enter my personal info into my browser
Basically, I just refuse to allow my email address to proliferate. If I do happen to get spammed, I just don't reply, and it tends to go away, but it's really rare anyway.
Of course, if I ran a website, I'd create a unique email address just for that purpose, and I'd expect to have the sh!t spammed out of it, but at least it would be separate from my real addresses.
"I have never let my schooling interfere with my education." - Mark Twain
Absolutely. Without pitting customers of ISPs against each other, i.e., the legitimate ones against the spammers, the ISPs will be happy to serve both. I'd suggest that if an ISP allows any spamming, block it -- wholesale. Either you have an agressive policy against SPAM or you lose your privilege to send mail to my servers. Your customers don't like it? Tough. Make your network spam-unfriendly.
The last thing the ISPs want is for their regular customers to be aware that they are allowing spammers to use their network. It's kind of like the phone company selling caller ID block to telemarketers and caller ID and privacy manager to residential customers. If the spam blacklists cause users to confront the reality that their ISP is knowingly hosting spammers or not bothering to monitor people sending out 10e+06 emails at a time, then they might just demand that their ISP get out of the spam business. Because unlike (most) telcos, ISPs don't have monopolies, and customers can switch.
if you run your own linux server, just edit /etc/alias with something like:
ebay: me
then save, and run "newaliases"
on the web form for ebay, then type in:
ebay@mydomain.net
What are we going to do tonight Brain?
It seems to me that most spam leverages flaws in the email protocol. The ability to spoof an email address and the lack of built-in and automatic digital signing both enable spam to flourish.
Perhaps its time to write a completely new email protocol that supports these features.
I don't think it's so much to ask that when an email header says its from joe_blow@yahoo.com that it really is from that address. I understand that this would cause anonymous email to be impossible, but it should be the recipient's choice as to whether they want to use an email protocol that allows spam and anonymous mail or not.
"Recent complaints about blocklists have come from companies and organizations, including British Telecom, the Libertarian Party and News.com publisher CNET Networks, among others."
btinternet is complaining about getting blocked because they don't bother to nuke their spammers. CNET doesn't verify e-mailed subscriptions, so just about anyone can sign someone else up.
Is it any wonder that they're complaining about being blocked?
"Well-researched" my ass.
Specialization is for insects. - R.A.H.
And to do that they have to use a valid return address, thus ending their SPAM operation quickly (see other threads about this).
What amazes me about the spam fight is how much it has led people to promote the idea of punishing the innocent in order to get at the guilty.
People who would have fought with vigour against punishing the innocent in other fields seem willing to give it up, in of all places, the free speech question of who can email whom.
Yikes. We are willing to let murderers go to make sure we don't punish the innocent. Yet for some reason spam makes people think it's OK to trample on the free speech rights of the innocent to get not a murderer, but a spammer. I hate spammers as much as anybody -- I get 120 per day -- but let's keep them in perspective.
The most common justification is the canard that it's not about speech it's about property. Problem is all use of the internet involves using somebody else's property. On the internet there is no speech without the use of other people's property, and thus no unsolicited communication without the unsolicited use of somebody else's property. This makes it very tough to solve by thinking of it as a property issue.
There are other, better methods that don't generate false positives or generate extremely few. I've written extensively on them.
Has it been over a year since you last donated to the Electronic Frontier Foundation