Slashdot Mirror

← Back to Stories (view on slashdot.org)

Collateral Damage in the Spam War

Posted by Hemos on from the when-defensive-measures-go-wrong dept.

MarkedMan writes "The link points to a well researched article on Spam lists and those innocently appended to them. I have seen this myself with MailWasher. A posting will come through as potential spam, with the the bounce already red-flagged, but it is actually from a legitimate source. Only happens once or twice a month but still cause for worry. " I've found that Spam Assassin has made life easier, but I still have to ban domains like yahoo.com, hotmail.com, mail.com - and *.ru and *.cn. I sort through the spam periodically, but the collateral damage is still there.

9 of 350 comments (clear)

  1. Network Solutions, One domain per user? by dada21 · · Score: 5, Insightful

    The only people I got spam from was from the e-mail address I used to register domain names with through netsol.

    I dumped that address (100 spams a day).

    What I've done is registered a domain name (say fatgeeks.com) and when I have to use my e-mail address at a website, I'll append the website to the user name, such as:

    dada_slashdot@fatgeeks.com

    or

    dada_msn@fatgeeks.com

    When spam appears, I kill off that user name (very easy to do in any POP3 e-mail program) and then go to the website that sold my address and yell.

    This helps track websites that "lie" about reselling your e-mail address.

    No spam. No collateral damage.

    1. Re:Network Solutions, One domain per user? by mjh · · Score: 5, Informative
      Depending on which MTA you're using, you can do this with address extensions too. Sendmail uses + as it's address extension, and postfix/qmail use - for address extensions. So for my email, for example, mark-foobar@hornclan.com will get delivered to the same mailbox as mark@hornclan.com. The MTA simply ingores everything after and including the extension delimiter.

      TMDA takes advantage of this sort of thing. So it does what you're talking about, but it also adds a cryptographic hash onto the extension to verify that you infact were the person who generated the extension. So my equivalant of what you're doing would be:

      mark-keyword-slashdot.abc123@hornclan.com
      mark-keyword-msn.a1b2c3@hornclan.com

      The generation of the hash depends on a secret 140bit key that only I know. Thus I can create these things whenever I want and use them without modification to my mailsetup and be confident that no one else can generate these things that will get into my mailbox.

      Other types of addresses that tmda generates:

      • Dated addresses - addresses that will work for a certain amount of time, and then expire. Great to use when posting to USENET, and as the default for all outgoing email.
      • Sender addresses - addresses that will work if used by a particular sender. Great for subscribing to mailing lists with.

      Anyway, I'm pretty pleased with TMDA, although, as I say in another post, it can impact one's ego.

      --
      Key to financial independence: Spend less than you earn. Save and invest the difference. Do it for a long time.
    2. Re:Network Solutions, One domain per user? by invenustus · · Score: 5, Interesting
      you are pretty narrow minded to think the crawlers haven't learned to look for *AT*DOT*
      That brings up one of the questions I've been pondering lately in regard to spam.

      Spammers always seem to be coming up with newer and better ways to thwart our attempts to avoid them. But do the people who go to such lengths to avoid spam EVER buy anything from spammers? EVER?

      I always hear "Spam works because people like your grandmother buy stuff from them, and if they get one sale, that makes it worthwhile." To which I respond, "My grandmother's alive?!" But crawling for *AT*DOT* isn't going to catch such un-tech-savvy people. Those people are going to leave their addresses unencrypted.

      So let me pose this question: has spam become less a means of advertising than an all-out war, with nothing at stake other than showing that you can beat the other side?
      --
      grep -ri 'should work' /usr/src/linux | wc -l
  2. SpamBouncer Spam Assassin by Binestar · · Score: 5, Informative

    I've been using spambouncer for quite a long time and I've found that it catches more spam than Spam Assassin does.

    As with any anti-spam measure you have to keep an eye on it when you set it up that everything is working and you aren't blocking legitimate mail. Any anti-spam software you use will either let some spam through, or catch legitimate mail. Add some procmail scripts to catch any mailing list mail you are on into thier folders, block To: Friend@Public.com and the like and you have a pretty robust system.

    I've also found that blocking messages with malformed headers helps alot on spam... For example, the following Procmail recipe blocks all messages that are HTML only without a charset, which is common on spam mailings, and has never caught a legitimate mail for me:


    * ^Content-type: text/html
    * ! html; charset=
    * ! from hotmail
    | ${FORMAIL} -A"X-Spammers: text/html only message"


    Your Milage May Vary

    --
    Do you Gentoo!?
  3. Banning .cn by JoeBuck · · Score: 5, Funny

    Q. How can the Chinese authorities get around the fact that the Great Firewall of China is doomed to be imperfect?

    A. Get all westerners to ban .cn as spam. Then Chinese dissidents will be unable to communicate with the outside world.

  4. If only domains told the truth... by dasmegabyte · · Score: 5, Insightful

    I've had a number of people complaining about spam email originating from our server. A quick look at these emails from somebody who knows "a little something" about email shows that the email was an almost guaranteed forgery...the mail servers that relayed the message had nothing to do with us, besides which the user does not exist on our servers and the domain they sent from belongs to developers I know wouldn't fool with this stuff.

    And yet, the damage has been done. These users don't trust me as a provider even when I explain how we lock down our server & prevent spam. They don't trust our domains, which means they block the ip -- an ip which may be mapped to 50 or more virtual sites. And all of this because our domain was the root of it all...a simple forgery that no email client really checks for validity because internet mail is designed to bounce anonymously from server to server. I've gotten spam that was "sent" from my own email address...which is silly, because why should I trust a company's services when they try to convince me _I'm_ marketing to myself?

    What email needs is a set up like SSL -- a trusted third party to verify the validity of an email from a key generated by the sender when the receiver gets the mail. If the sender proves to be a spammer, the third party drops support...and charges a large fee for breaching a contract. We need this to occur without unwieldy programs (PGP) or user eductation...just some way to get a lock in the corner of a user's screen to let them know for a fact that user X sent message Y, and that if it was unwanted they have a recourse.

    This new "Secure mail" could become popular very quickly, as many companies that communicate solely over email could use the security that nobody can send an email as ceo@trustycorp.com without the server's permission. The key is ease...SSL may have its problems (certs kind of expensive, monopoly of cert providers due to reliance on deals with certain monopolistic browsers, slowwww responses) but it has become a mainstay of secure communications for people who understand it (unlike my wife, who despite a BS in chemical anthropology believes that submitting her credit card via SSL over WEP 802.11b means a guy with a ham radio can read her number, so she places orders via cordless phone instead). Mail hasn't significantly changed in ten years...maybe it's time for smail!

    --
    Hey freaks: now you're ju
  5. TMDA by infiniti99 · · Score: 5, Interesting

    (this is similar to a comment I posted to the other recent fax SPAM story. it has been expanded.)
    ------

    I highly recommend using TMDA on your mail server to defeat SPAM. It works by maintaining a whitelist of valid senders. If someone emails you and they are not in the whitelist, then they receive a confirmation request email. They must reply to it in order to be added to the whitelist (at which point, TMDA will deliver their original message, and allow all new ones to pass through). No having to report SPAMs, no worry of maintaining a never ending blacklist. No blocking of entire domains, no having to "sort through the spam periodically". TMDA does it all for you, putting a minor inconvenience on first-time senders.

    The end result is that I get no SPAM. Zero, zlich, nada, not one -- with no effort on my part.

    I believe there are other packages out there similar to TMDA that you may want to try. Regardless, I'm convinced that a whitelist-centric strategy is the way to beat SPAM.

    Note: You still must take into account mailinglists or other situations where you are going to receive mail from an unknown source that won't be able to process the confirm request (such as some online purchase confirmation), and this is where qmail aliases can come in handy. Ie, justin-linux, justin-sears, etc, and just throw them away if you ever get SPAM. TMDA even has some features to help with this, such as hash-generated addresses that self-destruct after a period of time.

    Still, for all other purposes you can keep your normal address. No need for SPAM armoring ever again :)

    -Justin

  6. Yes, you're dreaming. by Ungrounded+Lightning · · Score: 5, Interesting

    If idiotic pricks didn't ...

    I'm dreaming of course.

    Yes, you're dreaming.

    About one in 100 (somewhere between 1 in 50 and one in 200) people in the general population is a psychopath. This is a (set of?) brain disfunction(s) that amounts to "no conscience". (Think "colorblind" but with respect to harm-to-others. But it's not known yet whether it's genetic, foetal insult, or what.) Additionally there are "sociopaths" - similar symptoms but as a result of training and social factors rather than an organic problem.

    Some fraction of these people learn a moral, ethical, or legal code to compensate for their affliction. They can become honest, productive, and/or beneficial citizens. In some positions (such as political or military leadership or business administration) they can even excell, because their judgement about actions that will hurt other people is not as biased by immediate emotional concern. But many do not learn a code (or learn a defective one). From these come the bulk of the criminals, scam artists, tyrants, white-collar crooks, and so on.

    In the absense of compensation a psychopath will be looking out solely for number one. It's not well correlated with intelligence - some are stupid, some very smart. A significant number will be able to handle spamming tools, and be willing to go for the immediate benefit to them (even if it's small), regardless of the damage to others or even long-term consequences.

    Yes, Virgina, there ARE evil people.

    Much of the social and legal institutions of all civilizations are dedicated to the problem of this small-but-effective population of psychopaths. In particular, legal systems exist to give them a set of rules to live by, a set of personal bad consequences for violating them (so acts that harm the law-abiding become bad for "number one"), and to remove from circulation those who just don't get it.

    Short of genocide against psychopaths we will continue to have a plague of spammers for at least as long as people think there's money to be made (or fun to be had) and it won't get you busted.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  7. Collateral damage is a benefit by FearUncertaintyDoubt · · Score: 5, Interesting
    "Their philosophy appears to be that if innocent businesses and individuals on the periphery of spam-house blocklists are affected, then those innocents will have no other choice but to pressure their upstream provider to remove the spammers from their blocks, thereby solving the spam problem bit by a bit. Draconian, yes. Effective? Sure."

    Absolutely. Without pitting customers of ISPs against each other, i.e., the legitimate ones against the spammers, the ISPs will be happy to serve both. I'd suggest that if an ISP allows any spamming, block it -- wholesale. Either you have an agressive policy against SPAM or you lose your privilege to send mail to my servers. Your customers don't like it? Tough. Make your network spam-unfriendly.

    The last thing the ISPs want is for their regular customers to be aware that they are allowing spammers to use their network. It's kind of like the phone company selling caller ID block to telemarketers and caller ID and privacy manager to residential customers. If the spam blacklists cause users to confront the reality that their ISP is knowingly hosting spammers or not bothering to monitor people sending out 10e+06 emails at a time, then they might just demand that their ISP get out of the spam business. Because unlike (most) telcos, ISPs don't have monopolies, and customers can switch.