The Measured Effectiveness of Blocking Asian Spam

fadden writes: "I recently started blocking IP addresses in China and Korea that were sending me spam. Instead of a blanket ban, I only blocked the subnets from which spam was being sent. After my first week of scanning and banning, I wrote up a report on the effectiveness of the blocks." In related news, SSKennel adds that: "The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed. It claims to have taken action against spammers who harvest email addresses and use them to send fraudulent spam." Shocker!

Fraudulent Spam?

[Lukano]

Is there any other kind?

Re:Fraudulent Spam?

[crossconnects]

no

Re:Fraudulent Spam?

[global_diffusion]

Some companies actually deliver brand name spam (fresh in the can!) over email.

Re:Fraudulent Spam?

[NASAKnight]

Yes

Re:Fraudulent Spam?

[doomdog]

Yes, there is a difference between regular spam and the fraudulent variety. Normal spam is sent by well known "bulk mailers" (as they call themselves, in a pitiful attempt to legitimize their business) on a contract-for-hire basis.

They send email directly from their own systems to your mailbox. They do not fake their headers, use open relays, hijacked proxies or root'ed boxes of other people to send out their messages. They generally have contracts with their ISPs to not cancel their connectivity as long as they have some type of proof, no matter how vague, that the mail *might* be considered opt-in (and as long as the complaints aren't too frequent. These people do listwash their own lists, if only to stop spamming people who actually complain about it, and also to show to their ISPs that they have an effective opt-out system. Their spam is annoying, but currently legal.

Fraudulent spam, on the other hand, is completely different. These are the people that hijack other people's machines to do the dirty work, rape open relays and consume all of their bandwidth during spam runs, actively probe for open relays and proxies, forge everything they can in the headers, study SpamAssassin and other filters in an attempt to craft messages that don't "look" like spam. These are the people that use their opt-out lists as a source of revenue (by selling the names to other spammers), and will frequently joe-job spam activists and others who complain too loudly and to the wrong people...

The first type of spammer sends out insurance offers, cell phones ads, inkjet ads and such. The second type sends out virus/trojan laden messages, porno by the bucketload, ads for illegal drugs, etc.

Both types of spam are annoying, but the "fraudulent" type is much more so because of its immoral content (and anyone who thinks that sending pornographic images to children isn't immoral should quietly remove themselves from the gene pool) and also because of the theft of services (bandwidth, hard drive space, etc.) from the relays and proxies that they abuse.

Re:Fraudulent Spam?

[devnulljapan]

It's legalese, "fraudulent" being defined as anything that's demonstrably false -- get-rich-quick etc. This leaves all the "non-fraudulent" enter-now-to-win and marketing crap perfectly legal (but no less annoying). As long as people keep biting and buying stuff marketed through spam, it's not going to stop. There's some useful info on the various legal resources to spam here. The definition differs continent to continent, country to country and state to state.

Re:Fraudulent Spam?

[EngMedic]

speaking of spamming, why don't you scroll up two comments to look at... wait... it's the same comment! twice! posted by the same person! ... both modded up >=3. why is one interesing and the other insightful?

Re:Fraudulent Spam?

[Frater+219]

Copy one
Copy two

Please do not spam Slashdot with multiple copies of the same posting. Excessive multi-posting is one of the classic Usenet definitions of spam, which now apparently applies here as well ....

Re:Fraudulent Spam?

[rhizome]

Both types of spam are annoying, but the "fraudulent" type is much more so because of its immoral content (and anyone who thinks that sending pornographic images to children isn't immoral should quietly remove themselves from the gene pool) and also because of the theft of services (bandwidth, hard drive space, etc.) from the relays and proxies that they abuse.

Well gee, Mr. Einstein. With the knowledge of the kinds of content common on the Internet, what business do you think children have being on the Internet at all? To accelerate any asocial tendencies? To prepare them for a future of porn and Everquest, you might as well give up on any filtering and/or complaining. Not that I like nasty spam, but really, reality is reality.

Re:Fraudulent Spam?

It bothers me more than I can say - that the whole spam debate has now been hijacked by spammers. I've even seen the DMA described as 'legitimate marketers'. God help us.

But even that isn't as disturbing as the fact that erstwhile
real spam-haters are accepting this redefinition of what spam is, and what is objectionable about it.

For me the issue is really very simple. There is speech by humans, meant for humans, and there is speech by machines, just trying to shout loud enough to make a human hear them, and one type really is worth more than the other. The Internet has become the scene of that great battle described in The Terminator, between robots and humans.

And currently the robots are winning.

Re:Fraudulent Spam?

Well gee, Mr. Einstein. With the knowledge of the kinds of content common on the Internet, what business do you think children have being on the Internet at all? To accelerate any asocial tendencies? To prepare them for a future of porn and Everquest, you might as well give up on any filtering and/or complaining.

Why give up on it? We don't accept rampant pornography in the "real" world, why should we accept it on the Internet? Frankly if some guy came knocking on my door trying to sell me penis pills or flipping through hard core pornography with my kid he'd be locked up. Why do you expect the Internet to be some vast wasteland of immorality? Why do you accept that the damage has already been done? I don't really care that porn and spam is readily available on the net, but what I do get sick of is being assaulted by it at every wrong intersection. Woops, put in whitehouse.com instead of whitehouse.gov.. now I'm staring at naked women instead of looking up that project for school. WTF? We need laws to clean up the code of conduct on the Internet to be at least as upstanding as the real world. No chances of pornography or violence around kids, etc.

Epiphany

[Masami+Eiri]

You mean, I shouldn't spam up those Yahoo chat rooms with my email address? Wow... who would have guessed... /sarcasm

A resounding DUH arrises from the competent computer users of the world.

Re:Epiphany

[RatBastard]

Quite a few people don't know this simple fact. And it's not because they're stupid, either.

One person's "common sense" is another person's "mystery of the unknown."

Re:Epiphany

[Moonshadow]

The thing is, most average uses don't know this. To their knowledge, the only way a spammer could get your address is for you to put it into a webform somewhere.

Most casual users probably don't even consider the possibility of their address being harvested from other places, such as chat rooms.

Re:Epiphany

[Psx29]

You should have seen what happened when I put a throw-away email address in my away message on irc. Suddenly I was getting 1000 messages a day...scary

Re:Epiphany

Definitely this problem will end e-mail communication.

Blocking and blocking and it will come the day every ISP will be blocked.

What about creating a list of "permitted" SMTP servers around the world?

Re:Epiphany

[zurab]

Most casual users probably don't even consider the possibility of their address being harvested from other places, such as chat rooms.

I don't believe this. They have to know. Common sense should tell anyone that if you give someone else your information, they will be able to record that information; doesn't matter if it's credit card number, e-mail address, social security number, or mother's maiden name. If they do know enough not to give out their mailing address, SSN, and mother's maiden name to complete strangers online, then they should treat their e-mail addresses no differently.

Now, you may say that giving out SSN is more dangerous than giving out e-mail, but mere knowledge of this fact by any user proves their awareness of their actions.

Re:Epiphany

[Moonshadow]

Perhaps deep down they know this, but they aren't consciously aware of it like geeks are. The mentality they approach a chatroom with is "I type, and once it scrolls off the screen, it's gone forever" whereas with a webform, they KNOW it's going into some database somewhere. The perceived threat is much lower in a chatroom, although the actual threat may be as high or higher than a webform.

Also, people tend to be a lot more paranoid about protecting their SSN, mailing address, etc than they are about their email. An email is a fairly disposable thing, and there is little threat perceived with it being public knowledge. A SSN or brick-and-mortar address is quite another thing.

Re:Epiphany

The person who posted this insult described himself quite nicely.

Re:Epiphany

[jonadab]

> Now, you may say that giving out SSN is more dangerous than giving
> out e-mail

*I* wouldn't say so. I give out my email address (everywhere: on
slashdot, on usenet, on my own website, ... everywhere), but I know
the fire I'm playing with and am prepared to deal with the deluge.
(I use Gnus, so filtering can be arbitrarily elaborate. Some day,
I'll set up my own mail server and do the filtering server-side with
SMTP rejects, as this guy has done... but for now the client-side
filtering is getting me by. Only about 80 messages got past my
filters so far since last night... and of course they all landed in
my inbox, where almost none of my legitimate mail ever goes, because
it gets sorted into various folders by subject and sender and by To:
field (mailing lists) and so on. Legitimate mail is much easier to
filter than spam. I get _way_ more legit mail than spam, and way
less of it lands in my inbox for manual sorting.

Re:Epiphany

"In one memorable day I got eight different variations of the Nigerian Scam e-mail"

He sounds quite sad. Perhaps he actually rather likes spam. He never mentioned missing any genuine emails by having too harsh a filter!

Government will announce next..

[Metallic+Matty]

that Canada is indeed just above us on a map.

Re:Government will announce next..

That is, if they can spend 5 million dollars on the task they will confirm that it is indeed true that Canada is directly north of the USA. Next, Canada will spend 100 million on exactly the same task, only in reverse.

Re:Government will announce next..

[Cyno01]

Really? When i was younger i had a puzzle map of the United States, it was a blue frame and you put the 50 state pieces into it. But it was just a blue frame, so i assumed it was water and the US was its own big island (alaska just sat there in the corner not connected to anything). Untill i got a globe when i was 8, i didn't know where canada or mexico was.

Re:Government will announce next..

[rodgerd]

You're way ahead of many of your countrymen having worked it out at 8.

Re:Government will announce next..

[Flakeloaf]

That is, if they can spend 5 million dollars on the task they will confirm that it is indeed true that Canada is directly north of the USA. Next, Canada will spend 100 million on exactly the same task, only in reverse.

Um, more like 200 million. Don't forget the study has to be done in both official languages.

Re:Government will announce next..

[StarOwl]

Isn't CDN200 million = USD 5 these days?

Re:Government will announce next..

[kmahan]

Better do it quick before the poles reverse

Re:Government will announce next..

[NoMoreNicksLeft]

Yes, but the joke is on us americans, all the same. When we spend 5 million, it's $5 million(US dollars). When they spend $200 million (canadian dollars), that is about the same amount that the average american family spends on groceries for a month.

Re:Government will announce next..

[Herkum01]

He is way ahead of his countrymen if he actually knows that New York City is separate from New York state. People would actually think "New York, New York" is just a lyric from a song instead of a valid address.

Re:Government will announce next..

[cheese_wallet]

good god, when are you guys going to quit harping on the new york city / state thing. I have never heard anyone refer to new york as a state in any conversation I've ever had in my life. It's been ambiguous a few times, but upon clarification it's always been the city.

Nobody except you and 2 other slashdotters, even residents of new york state, give two shits about the state. without new york city, it'd just be Maine with a different name.

Re:Government will announce next..

[Blingin'+AMD]

Is that 200 million Canadian or US dollars?

Re:Government will announce next..

"I have never heard anyone refer to new york as a state in any conversation I've ever had in my life."

Let's see. That narrows down to your mom and the fat guy next door. You really nailed me this time. I must admit that new york state does not exist.

Re:Government will announce next..

[Mr+Guy]

He didn't say it didn't EXIST. He said no one CARED.

Like Ohio, really.

Re:Government will announce next..

[operagost]

I'm sure that the Buffalo Bills, Syracuse Orangemen, and anyone eating spicy chicken wings right now would disagree with you!

I also tend to think that the words "Lake Placid" and "Niagara Falls" might be recognized by a few people.

Re:Government will announce next..

[IsoRashi]

New York, the state = "up-state New York"

Re:Government will announce next..

[Yo_mama]

Is that in US or Canadian Dollars?

Re:Government will announce next..

[AvitarX]

Ummmm, Buffolo where?, Syracuse where?

Ohh, if it's a commonly known city you don't need the state perhaps?

So New York would be the city. Buffolo would be the city. And if you mean the entire state you could clarify with New York state.

Kind of like how I have to clarify Delaware is a state:)

your entire post is a strong argument for calling NYC New York.

I'd say something

[Apreche]

about you know how shocking it is that revealing your e-mail address in a chat room will get you spammed. But I think the poster already kinda did that. /me ponders getting a job at the FTC telling them all sorts of things they don't know. Like how signing guest books with your real e-mail address will get you spammed, using AOL will get you spammed, using hotmail....

Re:I'd say something

[mudder]

Using Hotmail alone doesn't get you spammed. I've had a hotmail account for over a year now and haven't received more than 20 pieces of "unrequested" spam in total. I'm moderately careful with my email address, but it does get out there every so often. Also my email adress isn't terribly hard to guess (matt_allen_g....), and I don't have the Hotmail spam filter turned on. Maybe I'm lucky, but my experience does disprove the hypothesis that ALL hotmail accounts get spammed, simply due to the fact that they are hotmail accounts.

Re:I'd say something

[Bruce+Losis]

signing guest books with your real e-mail address will get you spammed, using AOL will get you spammed, using hotmail....

Makes it sound a bit like cancer doesn't it?

Re:I'd say something

[lucifuge31337]

Well, I'll have to say the my results have been entirely different.

I signed up for a hotmail account for an MSN passport. Never used the account, but, ans most know, the im client will report how many messages are in the box. It got up to 500 in less than 2 months before I started using trillian. So I winder where they got my address from?

Re:I'd say something

[Yo+Grark]

Wrongly Created hotmail address....free

Auto-checked by Trillian to keep it alive...free

Never Given it out.....free

# of Spam Received to date: 654

Finding out over 1/4 was from MSN...priceless.

Yo Grark

- Canadian Bred with American Buttering.

Re:I'd say something

[BillTheKatt]

Number of Slashdotters who believe in Larry Ellison's Next Great Idea (TM)...lots

Number of Slashdotters who whine and post conspiracy theories about Hotmail selling your address...lots

Number of Slashdotters who realise that SPAMMERs are not stupid and randomly try combinations of words and numbers (bob1@hotmail.com, bob2, bob3...)...Priceless

For everything else there is (as Homey D-Clown said) a C-O-N-spiracy

Re:I'd say something

Number of slashdotters who think they're funny but they're not...

Re:I'd say something

[Latent+IT]

Number of Slashdotters who realise that SPAMMERs are not stupid and randomly try combinations of words and numbers (bob1@hotmail.com, bob2, bob3...)...Priceless

Do you really think that if I register afsradoij294@hotmail.com that I won't get any spam? I'd bet you a large sum of money I'd get some in the first few days.

I guess I'll find out.

Re:I'd say something

[BillTheKatt]

I've got several hotmail addresses that have never received a single piece (other than from MS). Had them for months and years in some cases. Get Ad-Aware and check your system for spyware like Comet Cursor and other trash.

Re:I'd say something

Using Hotmail alone doesn't get you spammed. I've had a hotmail account for over a year now and haven't received more than 20 pieces of "unrequested" spam in total.

...so it DOES get you spammed then...?

Re:I'd say something

No, it makes it sound like you should let your ass heal for a while before you go ride a hard throbbing cock.

Re:I'd say something

[jonadab]

> Using Hotmail alone doesn't get you spammed.

That's interesting, considering Microsoft's privacy policy clearly
states that they may reveal your identifying information to select
business associates in order to provide value-added services, or
some such legalese for "we will sell your address".

Re:I'd say something

[Latent+IT]

Get Ad-Aware and check your system for spyware like Comet Cursor and other trash.

I had no idea Ad-Aware and Comet Cursor could both run on my Mandrake box. Thanks for the suggestion!

Re:I'd say something

That's interesting, considering Microsoft's privacy policy clearly states that they may reveal your identifying information to select business associates in order to provide value-added services, or some such legalese for "we will sell your address".

Ummm, you did choose to opt-out of that, yes? I created a "virgin" hotmail account, opted out of everything, no directory listing, nothing, and listed my residence as being New Guinea. It's been a couple of months.

Amount of spam == 0.

Re:I'd say something

[a7244270]

Number of Slashdotters who realise that SPAMMERs are not stupid and randomly try combinations of words and numbers (bob1@hotmail.com, bob2, bob3...)...Priceless

Actually, thats not true. I have an email that looks like this b4567@domain.com and I occasionally get spam that has in the CC: fields, b4566@domain.com, etc.

Yes Virginia, they do try random adresses....

Re:I'd say something

20 pieces of "unrequested" spam

Obvisously you did get spammed. Not much, admittedly, but you did.

Re:I'd say something

Well, you will now.

Re:I'd say something

[Latent+IT]

Well, you will now.

I thought of this. I actually registered a *different* completely random address. =p

Re:I'd say something

[Dr_Cornholio]

That's a load of crap. I don't know your particular situation, but I opened a hotmail account for the purpose of a valid email account for web forms (NYTimes, etc.). I didn't use it, tell anyone about it, even write it down on paper for at least a week. When I did go into it to update a few settings, there was spam galore. You can't try to tell me that you don't get spam from Hotmail.

BTW, I'm also savvy enough to opt out of any and all tick boxes on the registration page

Re:I'd say something

[jonadab]

> Ummm, you did choose to opt-out of that, yes?

When I read that part of the policy, I decided Microsoft could have
my identifying information when they pry it from my cold dead
keyboard. Whether they actually _exercise_ the privileges that EULA
gives them I don't intend to test, at least not with data I value.

I'm not a big privacy nut. Really, I'm not. I don't use encryption,
don't hide my email address (even on usenet), and have my physical
address on my website (and, IIRC, a phone number too). But I recall
distinctly that something I read in the EULA for Hotmail scared me,
and it had to do with how MS was going to redistribute the info
they were collecting.

I suppose I could have just signed up with _false_ information, but
on the other hand I could also just not use their service.

You're tax dollars at work

[bluesky74656]

Glad my tax dollars are helping fund these ground-breaking studies :)

Re:You're tax dollars at work

[FunkSoulBrother]

I am tax dollars at work?

Re:You're tax dollars at work

Maybe your tax dollars should have been spent on an education for you, fuckwad.

Blocking subnets? Use SPEWS.

[smnolde]

Subject says it all. I block so much spam by using spews.

How I block Korean spam

[Jim+the+Bad]

I just have KMail redirect all HTML formatted mail into the spam bucket. I check it once a day for the odd false positive - this is easy, as message titles in English stand out amoung all the Hangul ones. Only takes me a few seconds.

On the other hand, 15 or so spams a day (in a language I don't even understand) every day is a major waste of bandwidth, and as irritating as hell.

What can we do about this nusiance?

Re:How I block Korean spam

[Moonshadow]

The problem with this approach is that a lot of people on Windows platforms using Outlook/OE send HTML mail by default, even for a simple text message.

A much more reliable appriach is the "pattern matching/scoring" technique a few pieces of software out there use. I've been using Spam Asassin for a while now, though (too lazy for a link :) ) and I have yet to see it a) tag a legit email as spam, or b) miss a spam message. If that sort of thing were installed on mail servers by default, then it may be possible to cut down spam drastically. Right now, my config just puts [SPAM] in the subject line - makes it easy enough to filter. Why can't ISPs do the same thing? I know that Spam Assassin is a bit resource hungry, and isn't practical for large scale operations, but surely something similar could be written that would accomplish the same thing with minimal resource drain.

Re:How I block Korean spam

The most effective way I've seen is to have your own domain and have all email sent to any alias under that domain to a single mailbox. Then, whenever you need to have something emailed to you, just use a different alias (preferably a descriptive one; for example, if you order something from amazon.com, you can use you-amazon@yourdomain.com). That way you can not only see where your email address was picked up, but also block all email coming to that particular alias. You'll also know who to bitch out.

Re:How I block Korean spam

[Iguanaphobic]

You'll also know who to bitch out.

I use addresses like amazon_spam@yourdomain.com

That way I can tell for SURE where it came from. Plus I filter based on _spam in the To: field.

Re:How I block Korean spam

[mangu]

...a lot of people on Windows platforms using Outlook/OE send HTML mail by default...

I wonder how easy it would be to set kmail to answer those emails with a "HTML format email rejected" message? Those who could get a clue would learn from this, all others I don't care about, anyhow...

Re:How I block Korean spam

[Moonshadow]

Well, if you're in a corporate setting or something, and you're working with some people from marketing on a writeup for your latest product, then it's quite a pain to get them to configure their clients for plaintext mail, and you waste a lot of time in the process.

HTML email isn't evil by itself, and isn't used exclusively by spammers, making the solution of filtering all HTML email a heavyhanded one at best.

Re:How I block Korean spam

[Binestar]

While it is true that just dropping HTML can cause issues, you can still capture alot of spam by filtering on HTML e-mail without a CHARSET.

:0 f
* ^Content-type: text/html
* ! html; charset=
* ! from hotmail
| ${FORMAIL} -A"X-Spammers: text/html only message"

The above has *NEVER* given me a false positive in over 9 months of use.

Also, I use 3 rules that block Fake Netscape/Hotmail/Yahoo e-mails. Basically, if the e-mail has a from address from either of those but isn't really from thier servers they get tossed as well.

# hotmail-specific
:0
* ^(From|Return-Path):.+@hotmail\.com
{
&nbs p; :0
* ^From: ".+" <[a-z0-9_.-]+@hotmail\.com>
* ^X-OriginalArrivalTime:
* ^X-Originating-IP: \[[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+]
* ^Received: from hotmail.com \(\/...
* $ ^Message-ID: <${MATCH}.+@hotmail\.com>
{ }

:0 Efhw
| formail -A "X-Spammers: fake hotmail"
}

# yahoo-specific
:0
* ^(From|Return-Path):.+@yahoo\.[a-z]+
{
&nb sp; :0
* ^Message-ID: <([0-9.]+\.qmail|[0-9]+\.[0-9A-Z]+)@\/[a-z0-9-]+\. yahoo\.[a-z.]+
* $ ^Received: from .+by $MATCH
{ }

:0 Efhw
| formail -A "X-Spammers: fake yahoo"
}

# netscape-specific
:0
* ^(From|Return-Path):.+@netscape\.
{
:0
* ^X-Mailer: Atlas
* ^Received: from +netscape.*MAILIN
* ^Return-Path: <\/[a-z0-9_.-]+@netscape\.[a-z.]+
* $ ^From:.*$MATCH
* $ ^Received: from $MATCH.*by [a-z0-9.-]+\.aol\.com
* ^Message-ID: <[a-z0-9]+\.[a-z0-9]+\.[a-z0-9]+@netscape\.[a-z.]+

:0 Efhw
| formail -A "X-Spammers: fake netscape"
}

Those 4 rules save me a big headache.

Re:How I block Korean spam

[mangu]

HTML email isn't evil by itself

Hmmm, beg to differ. Does your company enforce Lotus Notes 4.6 client?

Re:How I block Korean spam

[suwain_2]

What can we do about this nusiance? I don't get a lot of spam (yet?), but what I do get is almost ALWAYS in a foreign language, typically a 'non-Western' character set -- and, when viewed as plaintext, it essentially displays as random ASCII. I've always wanted to simply filter out anything that contained non-ASCII characters... or, at least, anything that declares itself to use a foreign character set. Not sure how possible this is, but if I can't even READ the spam, I have nooooo desire to receive it. It could, in theory, make a great way to filter it out, too?

Re:How I block Korean spam

[Moonshadow]

Negatory, but I can guess :)

I'm not saying it's perfect - text is certainly much more simple, and serves the purpose for just about everything you want to do. However, there are times that HTML has legitimate use, and it would be a shame to kill a feature just because it has the ability to be misused.

Re:How I block Korean spam

Sounds like you haven't been hit by a Rumplestilskin attack yet. (adam@, abe@, charlie@...)

Re:How I block Korean spam

[Ilgaz]

You don't need to block HTML mail. After I figured, Yahoo will do _nothing_ about enormious spam from hananet.net and kornet.net , I did a filter like (can't give all, too long)
If From contains "hanmail.net" (case sensitive)
then deliver to Trash
If From contains ".co.kr"
then deliver to Trash

(here comes the trick)

If Body contains "charset=KS_C_5601-1987"
then deliver to Trash
If Body contains "charset="ISO-2022-KR""
then deliver to Trash

(most funny is)

If Subject contains "!!!!"
then deliver to Trash

Yes, guess what? that 4 exclamation mark saves me from many spams! not a joke, they love 4 exclamation marks.

Let me tell you the amazing part, its a webmail filter, I can't do more, to block IP subnets, I need to root Yahoo :)) There are... 33 UNREAD mails on my Trashcan and I emptied it just a day ago!

I feedbacked to Yahoo and asked if they get any financial etc goods from those well known 2 damn companies... No reply. I kinda know them now. They are 2 huge ISP's, they are knowing the problem but they don't do anything about it.

If we lived in a good,ethical world, Yahoo pros knowing this thing would mail to them and those a$$holes wouldn't dare to ignore Yahoo giant as they do to us, end users. Like. "Close your port 25 for indivuals _now_ or we will block all the mails sent to our customers/users effective 1 week from now on". If I paid $25 for my mailbox, I'd still get that crap, can you believe?

Go to http://www.spamcop.net and check "top spammers", hanmail and kornet, always there!..

Re:How I block Korean spam

[Qrlx]

If you're in a corporate setting, then you should be installing Office from an Administrative Installation Point and have configured your install to override Outlook's default to send HTML, and changed it to Rich Text or Plain Text.

They can always go up to the menu bar and change it if they suddenly decide they need to send HTML emails.

By the way, I really, seriously, very strongly doubt that HTML mail format is necessary for your marketing group or whatever. I find it excpetionally unlikely that they are WRITING EMAIL IN HTML and that this is as core competency of your sales dogma. Most likely they are attaching files to email, which works fine with plain text.

HTML email actually IS evil. There's completely no point to it. And in fact it's part of the spam problem: Let's say a HTML email contains a ref to some JPG somewhere. You read the (spam) HTML email, your 'puter dowloads the JPG. Congratulations, now the spammer can check his web logs and determinie how many people got the message! If s/he's really crafty, you could even tell which recipients got it by cross-indexing the HTTP GET request with the virtual file name you've set up like 01010012001012712.jpg -> sucker1001@hotmail.com. Now you put that name on your "known good accounts" list and sell it.

Re:How I block Korean spam

I suppose you could just set a procmail rule that dumps any mail sent to aliases that don't start with "me_" (from me_amazon@mydomain.com) or don't match "me" specifically (in case i want me@mydomain.com to work as well) to /dev/null. That would remedy it pretty well.

Re:How I block Korean spam

[ceswiedler]

I used to use SpamAssassin. It did great except on Spanish spam. Its rules didn't have anything to cover Spanish. I switched to SpamProbe, which builds its own word list, and therefore does very well at even foreign-language spam.

Re:How I block Korean spam

[alansz]

I'll second the nomination of SpamAssassin. In the last 30 days, it tagged 427 messages to me as spam. No false positives, and probably about 30 or so false negatives (I use the standard threshold). I could probably tweak it to do even better.

Re:How I block Korean spam

Well, 30 out of 427 is 93% effective.

I can easily get that efficency with a few procmail recipes. The difficulty is getting 99% or 99.9%.

I managed to tweak my procmail recipes to achieve about 96% efficiency, which is better than spamassassin and uses way less computing power.

Re:How I block Korean spam

[jhunsake]

It just occurred to me to have Postfix (my mail server) deny anything that's not from *.amazon.com to amazon@mydomain.com. This way, they won't continue to spam me (it looks like the address doesn't exist). Of course the mail server should still log it, so I can see what bastard gave out the email.

Re:How I block Korean spam

September 11th, 2001: The most successful day for totalitarian government in American history.

WTF is this supposed to mean?!?

p.s. i'm not american, i'm canadian if you must ask.

p.p.s. i'm posting AC for obvious enough reasons, I should think...

Re:How I block Korean spam

"WTF is this supposed to mean?!?"

"Huh?" -- George W. Bush

"p.s. i'm not american, i'm canadian if you must ask."

I love beacon too!

"p.p.s. i'm posting AC for obvious enough reasons, I should think..."

What are these reasons? Inquiring minds want to know.

Re:How I block Korean spam

what the fuck are we supposed to do with this crap?

man procmailrc

Re:How I block Korean spam

Even better, have the img tag use http://www.spammersite.com/image.php?email=i_got_y ou_now_punk@ahhhahaha.com

Of course, I recommend Tiny Personal Firewall to filter out any nasty crap like this. If you happen to be on a Windows machine, that is.

Stops all manner of silly applications phoning home ...

Re:How I block Korean spam

[yog]

Here's how my .procmailrc filters mail that contains Asian or other unreadable characters:

# look for 4 upper ascii [probably Asian] characters in body
# this searches for characters excluding space through tilde and tab)
:0 B:
* [^ -~ ][^ -~ ][^ -~ ][^ -~ ]
${MAILDIR}/junk.mail

I found that this stopped all Chinese, Japanese, and Korean text mail. I guess folks who have to read such mail have to parse the content, which is more complicated.

I also block mail from countries that seem to originate lots of spam; my friends and colleagues are on a "white list" that gets checked first.

# discard mail from certain spam-happy countries (optional <>)
:0:
* ^From:.*cn[>]*$|\
^From:.*hk[>]*$|\
^From:.*kr[>]*$|\
^From:.*tw[>]*$
${MAILDIR}/junk.mail

I'm just a beginner with procmail but already it's made a huge difference. It doesn't "solve" the spam issue; actually spam will never go away until those 0.01% of recipients stop sending their money. Oh well; I hate government intervention, but I suspect that's the only way to truly solve this mess.

Re:How I block Korean spam

[Leigh13]

I use addresses like amazon_spam@yourdomain.com That way I can tell for SURE where itcame from. Plus I filter based on _spam in the To: field.

I thought of trying the same thing, but much of the spam I get doesn't have my address anywhere on it--it's all BCC. Of course, I have all messages without my name in the TO or CC moved to the junk mail folder anyway, but it still won't help me figure out who sold my name.

Re:How I block Korean spam

[Binestar]

Actually, I use spambouncer to filter my e-mail after I run the e-mail through my custom filters. I've been considering making my custom filters available for anyone to use, but I'm not sure anyone is interested. With most people going the way of SpamAssassin, procmail filters seem to be dying.

Mixing Spambouncer with a couple DNSBL's I'm down to about 1 spam message per *MONTH* in my inbox. Everything else gets filtered to my spam folder. When i do get that one e-mail in my inbox I just forward it to the maintainer of spambouncer and she adds another filter to catch the person who sent that one.

Re:How I block Korean spam

"'Huh?' -- George W. Bush"

I was asking (legitimately, duh) what implications the poster's sig, that Sept. 11 was a good day for totalian gov't in the U.S.A., had. I.E. in what way this date was good for totalitarian gov't in U.S.A.

"I love beacon too!"

Good for you, jackass. and it's bacon, not beacon, and only back bacon is nomenclaturally Canadian.

"What are these reasons? Inquiring minds want to know."

Okay, inquiring minds. 1) the question was tangential, it was only about a sig, and commenting w/ a user name might have been modded down. 2) Only a nut job would have this sig, I don't want this nut job stalking me or anything for questioning his politics. You know how it is (or do you?).

Re:How I block Korean spam

[Synflex]

ya, then the next thing you know you'll be receiving spams from "brute_force_spammer"@yourdomain.tld, great idea to get more spams. :)

Re:How I block Korean spam

[Grax]

In my experience Outlook/OE sends mail in multipart/mixed format with a text and an html portion under that.

My rule that catches html messages based on the content-type header of the email catches only messages that are spam or from certain hotmail users.

Re:How I block Korean spam

[chefmonkey]

Huh. I wouldn't be able to mail you, then.

See, I pay for the pop access to my yahoo mailbox, but (because their SMTP servers require some dodgy and usually broken authentication scheme) send my outgoing mail through my ISP's SMTP servers.

Sure, it's just one datapoint, but I bet dollars to donuts that, at some point, someone like me will try to send you a legit e-mail, and you'll toss it in the bit bucket. And maybe you'll even care about what they had to say.

My point is: technical solutions may look like they work on the surface, but the potential for false positives is, IMHO, completely unacceptable. Further, while they can block you from most of the symptoms, the underlying disease is still driving the cost of IP infrastructure up. Yes, you actually do end up paying more for your internet access because of this. As much as I hate to say "we need more laws", I think the only solution to this problem will ultimately involve legislation.

Re:How I block Korean spam

[Grax]

This method has drawbacks also. Recently some spammers have observed that my domain is configured this way and I have received some messages addressed in the form of asdkjfoaifweoi@example.com

It looks like I'll have to switch to a system where I add an alias to my account each time I give out my email address and remove it if it starts getting spammed.

Re:How I block Korean spam

[Binestar]

Unfortunately no anti-spam solution is perfect. I don't actually immediately delete those e-mails. They go into my spam folder, which about once a day or so I check and empty. So if it looks like something I'm expecting or doesn't look like spam I will open it to verify. If after verification I see that you are being trapped by one of my spam filters I whitelist your e-mail address.

I have quite a few people who send to me via the same method you describe and I just whitelist thier addresses.

One thing I would like to recommend is not to send those e-mails to /dev/null if you are worried about losing legitimate e-mail. Send it to a spam folder then do a quick scan manually to make sure only spam was caught.

The best software is only a poor second replacement for the human's ability to filter out spam.

Once you get a well worked ruleset for your spam filter they can start catching alot of spam while letting through the non-spam.

No solution is fool proof, they will always be making better and better fools.

Re:How I block Korean spam

[Sketch]

> but it still won't help me figure out who sold my name.

Yes it does. Even if there is a false or no to address, look at the mail headers, and your mail server should tell you what account it accepted the mail for. The last part of the first Received: line in the message is what you are looking for. Like below, if you bought something using the addres spamtrap1@mydomain.com, you might find...

Received: from somemailserver.com (somemailserver.com [1.2.3.4])
by mymailserver.com(8.11.4/8.11.4) with ESMTP id g01Iuqw01634
for <spamtrap1@mydomain.com>; Thu, 14 Nov 2002 13:58:57 -0500

(Funny, slashdot still makes you use &lt; for < when using plain text.)

Is it legal...

[McFly69]

Is it legal to take the email addresses from chat rooms and send non-fradualent email? I would assume so.

SPAM (TM), wonderful SPAM (TM)

[TheFlamingoKing]

No, no, you're doing it all wrong.

Proper Trademark Use Guidelines.

Please Do:

Always put the trademark SPAM in all capital letters.

Follow SPAM with "Luncheon Meat" or other descriptor. Remember, a trademark is a formal adjective and as such, should always be followed by a noun.

But

[Com2Kid]

I like getting all those pornographic e-mails of hot asian chicks!

*G*

Seriously though, one of my spam trap e-mail addresses gets tons of crud from Russia and from China. For a span of time I was getting a regular dose of pornographic e-mail from some asian country.

Asian Spam???????

[ksplatter]

I prefer Group Spam and Teen Spam with the occasional Anal Spam. To Be honest, I am kinda sick of the Asian Spam.

And AS for effectiveness! That stuff works all the TIME.

Re:Asian Spam???????

I like all prOn spam, especially in the corporate environment with nice looking secretaries. I use it for a conversation starter.. First I tell them to forward me a copy so I can look at the headers, hahaha Outlook and Exchange are not good at this once forwarded. I check it out for awhile, disble my antivirus software and login with some temp account or fire up the wireless and use the neighboring law firms access point and visit the web site for a while.. Then I make a visit to the user for further review and I stand over her as I am walking her through the Outlook rulez wizard (knowing damn well it's not going to work) trying to filter out the 10 new html laced 640x480 images of lesbian chicks with big nipples. I request that the user click on the porn link and see if the web site has an opt-out section or a complaints email address. I also tell them to mail back asking to remove themselves from the list just to be safe.. To show my support, I'll stop by a couple of days later and 'make sure' they have not recieved any more..

For the not so nice looking users I simply tell them not to reply, delete it and I'll go through the logs and filter it at the gateway..

Re:Asian Spam???????

You sound like a twisted perverted fuck.

Re:Asian Spam???????

[Mandi+Walls]

This week I got some shaved spam!

And sorority web cam initiation spam!

Oh yeah! Clicky clicky!!!

:P

Do they have a response email address?

[djkitsch]

I'd just like to know if it's still safe to post your email address on Usenet?

Re:Do they have a response email address?

Err, posting your email address on usenet is a sure fire way of picking up spam.

Start up a sneakemail.com account and find out..

Re:Do they have a response email address?

[djkitsch]

It was a joke. Surely no-one except the US Government is THAT dumb?

Re:Do they have a response email address?

[cioxx]

I'd just like to know if it's still safe to post your email address on Usenet?

Yes. Usenet is completely safe.

Re:Do they have a response email address?

[djkitsch]

Thanks. I'd be lost without it - where else am I going to get advice on the best mass-mailers?

Re:Do they have a response email address?

[Malicious]

Here's how to find out. [sarcasm] Reply to a spammer, and ask him if that's where he got your email address from! That way, you're sure to stop receiving spam! [/sarcasm]

Re:Do they have a response email address?

[djkitsch]

And if you ask them nicely, they'll probably remove you from their mailing list, too!

Yes, [sarcasm] again. Does everyone here think I'm dumb, or what?

Re:Do they have a response email address?

[JimmytheGeek]

I think so - according to this:

http://segfault.org/stories/3769269e-08996da0.ht ml

Re:Do they have a response email address?

No, but you can use mine...

laura@dataresourceconsulting.com

Re:Do they have a response email address?

Does everyone here think I'm dumb, or what?

No, just the people that read your posts.

blocking ip's isn't enough

[martums]

We've had to block a number of Korean & China-based IP's in recent months (especially during the Summer). In addition to blocking a number of temporary (PPPOE and such) IP's by domestic service providers, (read: Comcast), the foreign IP's seem to be more static, but also offer a higher quantity of spam. (Are a number of these just open relays?) Though, in our case, it's usually short-lived. Except for Klez, which is the devil.

Good point about the pig singing. While Comcast is extremely unhelpful (bordering on incompetent), foreign ISP's don't face any accountability. There's no decent legal recourse. So blocking the IP is the simplest route.

Has anyone else seen a significant amount of spam from Brazil? Where is the onslaught of OSS Bayesian filters?

Re:blocking ip's isn't enough

[jensend]

Where is the onslaught of OSS Bayesian filters?

At Sourceforge. (Where else would you expect it to be?) That includes Bogofilter, POPFile, and a whole bunch of less-active programs. Searching for 'bayes spam' (Sourceforge uses OR searching by default) ought to get you more projects than you really want to look at. Mozilla is also looking at getting a similar filter- see bug 163188 at bugzilla.mozilla.org.

Re:blocking ip's isn't enough

[spongman]

Spambayes is simply the best spam filter I've ever seen. It's not a 'release' quality product but it's filtering is the best I've seen. There's an excellent plugin for Outlook which monitors your inbox and places spam in a 'spam' folder or an 'unsure' folder depending on your settings and its classification of incoming messages. It also notices when you move messages into/out of these folders and re-trains its database accordingly.

I believe they also have a POP3 proxy and an SMTP proxy is on its way. The automation for these is not quite so refined, however.

Re:blocking ip's isn't enough

[Nintendork]

I have our firewall at work report all dropped packets to a syslog server. If the amount of messages exceeds a threshold in an hour, I get an alarm. I'm thinking about excluding TCP ports 1433 and 139 from being logging to reduce false alarms since they account for 90% of the suspicious activity.

Re:blocking ip's isn't enough

[karearea]

While there is no legal recourse to foreign ISPs (it's hard to get action started against US companies), equally there is little to be done about foreign spam either.

As I'm sure most non-foreigners are, I hate getting spam that says according to some US statute having a opt-out clause means that it isn't spam.

Hey if I've got a .co.nz or .com.au email address, I'm sure that must mean that the US laws can go where the sun don't shine. ... just a flamebaiting thought.

Re:blocking ip's isn't enough

[tangent3]

SpamAssassin now includes Bayesian filter which you can add to the many other rulesets. This is in the CVS 2.50 version though.

Re:blocking ip's isn't enough

[ninewands]

Quoth the poster:

Hey if I've got a .co.nz or .com.au email address, I'm sure that must mean that the US laws can go where the sun don't shine. ...

Not necessarily ... if you direct your adverts specifically to the US market and they transgress some anti-fraud statute there, both Oz and Kiwi-land both have extradition treaties that just MIGHT kick in to get you a rather lengthy stay in the Federal Hotel in some lovely destination such as Fort Leavenworth, Kansas.

Re:blocking ip's isn't enough

But well, it works only one way.

The fact that I live in European country where SPAM that is not opt-in is illegal, doesn't seem to stop many people from spamming my account, ... ;)

Re:blocking ip's isn't enough

[John+Percival]

I'll second that too. I just installed spambayes painlessly and it works great!

Re:blocking ip's isn't enough

[karearea]

Well actually I meant I'm the poor sucker (in NZ) on the end of some loser sending spam quoting US laws, which of course do not apply in NZ.

Although I'm sure that the US (at least the companies that run the US government - RIAA, MPAA, MS, various oil and weapons companies) would like to see that every country is a US state.

McDonalds, Pepsi, Britney Spears for everyone. Reminds me of a movie can't remember the name but there was a line onlong the theme of 'every gook want to be an american'

Piss off, there are better ways of life.

sigh

[3-State+Bit]

I recently started blocking IP addresses in China
That's okay. They're used to it.

Ode to spam

[I_am_Rambi]

I once had an email that I didn't want.
Before I knew it, my mailbox was full
The emails were just a bunch of bull.
Why or why do I get this spam?
I don't even like the canned stuff,
Thats just a bunch of fluff.
I need to stop handing out my email.
Chat rooms are to common of a place,
to see my email all in lower case.
Please tell my why I receive spam.
Is it because I give it out?
Or how do the sites get it when I roam about?
O why, O why, do I receive so much spam?

Re:Ode to spam

"to see my email all in lower case"

That was the gayest rhyme ever. You suck and should be smacked upside the head with a book of e.e. "suckass" cummings shit. love ~AC

What a discovery

[$0.02]

The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed. It claims to have taken action against spammers who harvest email addresses and use them to send fraudulent spam. Was Al Gore in that commission?

Argentinian Spam

[Macka]

I get about 10 spams a week now from Argentina. Normal spam is bad enough, but I can't even understand what it is they are supposed to be selling. How silly is that. For the life of me, I can't work out where they could have got my address from. I've never had anything at all to do with Argentina.

Bemused!

Re:Argentinian Spam

[nolife]

I probably still do but I don't see it anymore.
This has worked so far.. I don't expect to actually ever get legitimate from there. :0:
* ^(From|Cc):.*com\.ar /dev/null

Re:Argentinian Spam

[nolife]

Wow, I screwed that up..

:0:
* ^(From|Cc):.*com\.ar
/dev/null

Re:Argentinian Spam

[Genyin]

I get about 10 spams a week now from Argentina. Normal spam is bad enough, but I can't even understand what it is they are supposed to be selling. How silly is that. For the life of me, I can't work out where they could have got my address from. I've never had anything at all to do with Argentina.

Le tienen deseó siempre a propio un negocio del Internet? Usted puede funcionar un negocio acertado del Internet sobre 24 horas. Chasque aquí para más información: http://goatse.cx

Good God, man!

[ekrout]

I recently started blocking IP addresses in China and Korea that were sending me spam. Instead of a blanket ban, I only blocked the subnets...

Some friendly Asian folks give you free meat and the first thought that pops into your head is "let's ruin their sleep!"?

[I hereby donate the above to the "Bad Jokes Hall of Fame", if such a thing exists]

Oh...

[TheDanish]

...so it was a bad idea to take a common word, use it as an AOL email address, then post it on every message board, chat room and newsgroup I've ever used -- particularly pr0n ones? I never would have guessed.

Re:Oh...

Nope, nope, you stupid troll, you. You see, AOLers don't know how to use newsgroups, let alone slashdot accounts.

</hypocrite>

Dont you just love it when spammers get your name?

[autopr0n]

Fadden, your childhood family orgy

God these bastards are annoying...

Asian Pacific network

[TheFlu]

I started blocking off all Asian Pacific networks about 6 months ago. I wrote a quick Sendmail tutorial about it right here.

How well does this work? Extremely well. I've gone from receiving 20 pieces of SPAM a day to only 1 or 2 (which Spamassassin typically catches. I realize that this method won't work for everyone, but it has worked out quite well for me.

Re:Asian Pacific network

[1u3hr]

I started blocking off all Asian Pacific networks about 6 months ago

So that's why American ISPs ignore me when I complain about the spam they send to me in Hong Kong.

Re:Asian Pacific network

How typically American of you. What next? Block all South American and African networks? Oh, and what about all them Euro spammers? Pretty soon, the only email you'll get will be from yourself...

Seriously, the ONLY spam I get comes out of the 'States. Clean up your own yard before you go whining about your neighbours!

Re:Asian Pacific network

Pipe down. He's right. Plus, I get regular Grim's ping scans from korea, china, and france. It's the only port (21) I open and it's a constant flood. EVERY SINGLE email complaint has gone unchecked... while nearly every email to American ISP's and universities has resulted in a quick response.... do the math, junior.

Re:Asian Pacific network

[1u3hr]

while nearly every email to American ISP's and universities has resulted in a quick response

My point was that these smug assholes in filtering out Asia, also filter out my complaints about their spam. I've even had bounces because my mail, with a Yahoo return address, was sent via my Hong Kong ISP's SMTP. God knows how many other of my emails are just silently deleted because of this.

Re:Asian Pacific network

[nutbar]

I started blocking off all Asian Pacific networks about 6 months ago.

Yes! What a brilliant idea! Block of all of oceania while you're at it too - oh sorry, you ALREADY ARE. Why don't you block off europe too, that would be brilliant for reducing the amount of spam you get! Oh, and while you're at it block those dang south americans sending all that spam.

In case you couldn't tell what I was insinuating, anyone who follows your "brilliant idea" is block off all of Australia and New Zealand, countries not reknown for the amount of spam they produce. Your "ultra keen" viewpoint is quite frankly stupid and a burden to free speech and equal communications on the internet.

Re:Asian Pacific network

[jonadab]

> I've even had bounces because my mail, with a Yahoo return
> address, was sent via my Hong Kong ISP's SMTP

This is not surprising. Your Hong Kong ISP's SMTP server probably
fits the following profile:

* Resides in the APNIC block.
* A tracert from anywhere in the western hemisphere will
pass through southern California.
* The last router the tracert passes through in southern
CA (on the way to the SMTP server in question) will be
the last node on the route that can be looked up via
reverse DNS. Almost _nothing_ in APNIC provices reverse
domain lookup (i.e., in-addr.arpa). (Whereas, in the
the western world almost all IP addresses are reversible,
so you can at least look up who registered the domain.)
* Therefore, tracking down who controls the mail server
in question is highly impractical. You'd have to find
out who APNIC sublets the block to that contains the IP,
then find out who _that_ outfit (a highly-uncooperative
Asian backbone provider) sublets to, then find out
whether that ISP owns the mail server or is subletting
that part of the IP block further (and you are taking
their word for it), and so on. That way lies madness.
* A significant amount of spam is sent using that mail
server. Not by you, but by other customers of your
ISP, or perhaps by people who are using it as a relay,
if it's open to that.

In other words, it's not a good mail server to use for your
outgoing mail. I sympathize, because I imagine it's next to
impossible, living in your area, to find an ISP that will
provide you with an account on a decent mail server, and it
could be hard to justify the added expense of a separate
account on a mail server elsewhere.

Speaking of exposed email...

[Anonvmous+Coward]

"The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed. It claims to have taken action against spammers who harvest email addresses and use them to send fraudulent spam." Shocker! "

Revealing your email address on Slashdot can get you spammed. You may have noticed my sig says "Sig: I'm performing an experiment on the origination of SPAM, don't email me.". What I did was I set up a junkmail box and pointed my Slashdot email address at it. The only place this address has ever been made available is in my user address that is displayed whenever I comment. When this address is e-mailed, it automatically responds with "thanks for the unsolicited mail!" I don't read the messages unless somebody responds to it.

What prompted me to do this was the 'armor plate your email address' feature in my user settings here on Slashdot. It made me curious if having my e-mail address viewable in the comments I make would mean I'd recieve lots of Spam. My curiosity is satisfied: You can get a good deal of SPAM if you don't use the 'armor plating'.

You know what? They don't just look for e-mail addresses to send mail to. They also use the e-mail addresses as reply-to addresses. I found this out when I got an email from a guy who was puzzled by my auto-responder emailing him. It turns out that somebody sent a message to me and used his address as a reply-to address. Weird, Iddn't it? Fortunately he was very nice and we got that all settled, but it is a little disconcerting that the addresses are used in ways like that.

When I first started this experiment, I responded to the messages I got. I accused one guy of harvesting my address without really reading what the message said. Turns out, the guy ran a mailing list for local (to him) volunteer firefighters announcing a meeting. This wasn't the type of event that somebody would 'direct market'. Heh. Evidentally, somebody volunteered my user address only displayed on Slashdot to his list. How weird is that?

I am extremely curious if anybody has any insight into the motivations of people who'd use email addresses in these ways. I can understand somebody using my email addie as a reply to address, but I have no explanation for why somebody'd volunteer me for a volunteer firefighter's list.

Re:Speaking of exposed email...

[esobofh]

Easy.. it's funny as hell.. I just gave your email address to the jehovahs witness freaks that were at my door two minutes ago, enjoy the "awake" emails my friend.

Re:Speaking of exposed email...

[Anonvmous+Coward]

"I just gave your email address to the jehovahs witness freaks that were at my door two minutes ago, enjoy the "awake" emails my friend."

Sorry to burst your bubble, my friend. Check out this rather important quote from the post you replied to:

"When this address is e-mailed, it automatically responds with "thanks for the unsolicited mail!" I don't read the messages unless somebody responds to it."

I'll never see their messages, heh.

Re:Speaking of exposed email...

[fermion]

of course this is why confirmed opt-in is the only ethical means of gathering addresses. This, along with completely genuine headers, is going to be the only way to stop spam. The spammers, unlik physical bulk mailers, have no incentive to insure lists are accurate.

BTW, I thought it very funny that the WSJ, in an article mentioned earlier, allowed the spammer to say they never forged headers while, at the same time, they admitted they did forge the 'from' field.

Re:Speaking of exposed email...

[esobofh]

man, if that's all it took to stop them, we'd have been rid of them long ago... once they have your address YOUR #$%$@$%@!! :)

Re:Speaking of exposed email...

[SiliconEntity]

You know what? They don't just look for e-mail addresses to send mail to. They also use the e-mail addresses as reply-to addresses. I found this out when I got an email from a guy who was puzzled by my auto-responder emailing him. It turns out that somebody sent a message to me and used his address as a reply-to address.

This might be due to the Klez virus or a variant. It forges the From address in email, using a random address from the victim's address book. So if someone has Alice and Bob in their address book and they get infected, they may send mail to Alice that claims to be from Bob. Here's a Wired article with more information.

Re:Speaking of exposed email...

[Jucius+Maximus]

"What prompted me to do this was the 'armor plate your email address' feature in my user settings here on Slashdot. It made me curious if having my e-mail address viewable in the comments I make would mean I'd recieve lots of Spam. My curiosity is satisfied: You can get a good deal of SPAM if you don't use the 'armor plating'."

Agreed. This e-mail address attached to this article is my 'spam account' so I clean it out once a week, but I do actually read legitimate messages.

"When I first started this experiment, I responded to the messages I got. I accused one guy of harvesting my address without really reading what the message said."

Hehe, I make a point of responding to those Nigerian scammers. I tell them my name is James Kirk, phone number is 202-406-5850 and fax number is 202-406-5031. (Yes, the name was inspired by the haxial.org thing.) The zinger here is that those phone and fax numbers correspond to the US Secret Service Electronic Crimes branch!

I actually got a few of those scammers to phone the number. One guy was furious and demanded an apology. Another e-mailed me back and told me that the woman said there was no "James Kirk" there. I got at least 2 of them to fax their financial documents over there. Heh.

Re:Speaking of exposed email...

[Anonvmous+Coward]

"This might be due to the Klez virus or a variant. It forges the From address in email, using a random address from the victim's address book. "

You know, I thought about that. What puzzles me, though, is how they got a virus like that to watch web pages for email addresses. Have you heard of something like that? Nobody would have any reason to add that address to their address book.

Re:Speaking of exposed email...

[Tsuzuki]

I think one of the variants trawls your browser cache for e-mail addresses as well as your address book. This one stumped me for a while too, since two of my reasonably-well-guarded addresses receive a lot more virus mail than they do spam.

Re:Speaking of exposed email...

[buss_error]

What prompted me to do this was the 'armor plate your email address' feature in my user settings here on Slashdot. It made me curious if having my e-mail address viewable in the comments I make would mean I'd recieve lots of Spam. My curiosity is satisfied: You can get a good deal of SPAM if you don't use the 'armor plating'.

Even if you do use "armor plate", you still get spammed. My e-mail as above is getting spammed, and the only place it's ever used is on slashdot. Spammers are not stupid, they are lazy. When circumstances require, they take a smart pill and gain the required +IQ to complete their mission; spamming your box.

And yes, the IP blocks under my control all refuse e-mail from APNIC and RIPE. Deal. We are local and don't do business with folks overseas. You need to talk to us, you can get a Yahoo account.

Re:Speaking of exposed email...

[bakes]

You should also add in the phone number 202-622-5701 for your 'transport' division.

(If only ONE person gets this joke it will be worth it).

Re:Speaking of exposed email...

[0x7F]

My curiosity is satisfied: You can get a good deal of SPAM if you don't use the 'armor plating'.

I'm beginning to suspect that some spammers have defeated the armor plating. I changed my slashdot e-mail to this address two weeks ago. I've sent and received a couple of test messages from the account, but other than that, it's gone unused. I haven't even posted since I changed the address. Even with all that, I've still gotten two pieces of spam since the switch.

Of course, with an address like that, someone could have added it to a list as a joke. :-)

Re:Speaking of exposed email...

[Scooter]

I get about 100 SPAMS per day, with a breakdown of about 50% Asian, 40% USA, 5% "other", 5% "Good to pass on my solications on this sad but fine weather day, I am president of XXX in Nigeria, and [My father|mother|uncle died|was deported|fled the country becuase of a revolution|coup|shortage of cigarettes...] and I need to give you a ton of cash"

Anyway - I set up sendmail to reject stuff and send custom reject messages like "Not even the right continent you losers - now sod off!" or "too much spam from yahoo|hotmail|aol - entire domain blocked"

I got a couple of messages from idignant recipients too - outraged at my trying to sell them sex aids, penis enlergement kits and so on - hell I even get spam apparentley from myself!

One problem I have with using IP addresses, is that I don't have the luxury of a broadband connect (as I live in the sticks), so I use fetchmail to get my stuff from a POP3/IMAP server. The mail is then passed to my local sendmail MTA for local routing. Trouble is, the IP that sendmail gets is my ISP's IMAP server, so blocking 151.* doesn't work. Anyone got any thoughts on doing that?

I'm seriously considering making my email domain an "opt in" scheme - ie reject all mail unless the sender is on my list.

The company I work for is a massive global corporation - and we even get *internal* spam ffs - if I ever find that Charles Reid... Endless crud about car washing, charity fun runs, items for sale...

Re:Speaking of exposed email...

[Genom]

Esobofh - Currently drinking fresh mango juice.

Ahh...but are you shipwrecked and comatose? ;P

(apologies to those who miss the reference)

Re:Speaking of exposed email...

[Deven]

You know what? They don't just look for e-mail addresses to send mail to. They also use the e-mail addresses as reply-to addresses. I found this out when I got an email from a guy who was puzzled by my auto-responder emailing him. It turns out that somebody sent a message to me and used his address as a reply-to address. Weird, Iddn't it? Fortunately he was very nice and we got that all settled, but it is a little disconcerting that the addresses are used in ways like that.

That was me. Why didn't you respond to the last email I sent you?

Anyhow, I wasn't puzzled; I knew the junk mail you received had my address forged. I just find it annoying to be impersonated that way, and with your autoresponder, I figured you were paying more attention than most. So I decided to respond to your autoresponder so you'd know that it didn't really come from me.

I never really considered the virus aspect before; perhaps all the mail with my address forged is sent by Klez or another virus; I never tried to determine that. Still obnoxious, but somehow it seems less objectionable for a virus to forge my email address than having a spammer using my address fraudulently for commercial gain...

By personal policy, I refuse to obfuscate my email address, even on Slashdot. My primary email address really is and I refuse to hide it just because abuse of Internet email by spammers and virus code is so rampant. I've had this email address for 8.5 years now, and I've been using the Internet for 15 years. I'm just too damn stubborn to be cowed into hiding my email address after all these years. If someone wants to legitimately send me email, I want that to be possible, even if I've never heard of the person before. So I'll take the risk of getting spammed.

Of course, I do get tons of spam mail. I have it partly under control with filters, but mostly I just ignore it. I may well setup an autoresponder myself at some point -- I'll be more than happy to find a way to block spammers, as long as legitimate mail can still get through...

Re:Speaking of exposed email...

[Anonvmous+Coward]

"That was me. Why didn't you respond to the last email I sent you?"

Did you send one? Send it again?

I've had mail disappear a few times this month, I thought I fixed that. I'm sorry.

Re:Speaking of exposed email...

[legojenn]

I got a spam from Nigeria in my work address. I work in the federal government in a department that is part of the legal system of the country. I was intrigued as getting millions of dollars for a short-term investment seemed too good to be true. I replied asking for more information and if the people interested could meet me in Canada, preferably at my office as I am busy at night, but they didn't respond.

Go figure.

Re:Speaking of exposed email...

[jonadab]

JWs are easily dealt with. All you have to do is start quoting
John 1 for them in Greek and translating on the fly. They go away
quickly.

(For those who don't know Greek, the beginning of John 1 is a very
simple passages to translate, the equivalent in Greek of Dick and
Jane in English. But it reveals sizeable holes in JW doctrine that
are impossible to explain away except by misdirection. It also works
for Mormons. The first three verses are plenty; in a pinch, verse 1
alone will just about do. On the off chance they don't know who the
Word refers to (usually they do) you can point that out from verses
14-15 in English. They'll go away in short order, and the same ones
won't come back and bother you again.)

Just quoting John 1 in English won't do, because the JWs have their
own translation (and the Mormons their own interpretation) that
alters the meaning, and they've been taught answers for the passage
in English. But they are not taught answers for the Greek, so
they'll leave you alone.

Re:Speaking of exposed email...

[jonadab]

> This might be due to the Klez virus or a variant.

It's also standard spammer practice when advertising a website.
They don't need or want an email response in that case, so they
forge the From and Reply-To headers (and usually Return-Path
also) with one of several things:
1. A throwaway account (usually hotmail or Yahoo)
2. An arbitrary invalid address generated at random,
at least the username portion. (The domain may
be any valid domain, not necessarily with any
affiliation to the spammer.)
3. Any random valid address from the lists
4. An address generated from your address in some way.
For example, your username at a different domain,
or a different username at your domain, or your name
with numbers added at your domain, or somesuch.
5. Occasionally I see an address that's @localhost in one
of the headers.
Case 3 is the one the other poster was talking about, and it's not
hard to verify that they do this. (Proving it in court could be
tricky, but if you investigate a number of instances it's pretty
easy to be quite sure enough for everyday purposes.)

They often put something in the URL that uniquely IDs your address
so they know whether you visit the site in question, and that's
that. No need to get an email reply, so they just forge the headers
to make themselves harder to pin down. (You can always pin down who
owns the site from the DNS record (unless it's IP only and in APNIC
with no reverse lookup, aaarrgh), but you can't easily tell _who_
they hired to do the dirty work, especially when the SMTP server is
sitting inside APNIC with no reverse lookup and upstream providers
who aren't cooperative with antispam investigations.) Any response
they want to actually receive from you will come from the website, after you've verified that your address receives mail by going and
visiting the URL in question, with the unique token. (Often the
unique token is obviously visible when you scritinize the URL,
occasionally even as obvious as a question-mark followed by a
trivial munging of your address, sometimes slighty more devious
(a better munging) but still transparent to close scrutiny. I
suspect that sometimes it's more cleverly disguised, however, maybe
even embedded in the filename; those all-number filenames make me
suspicious...)

Re:Speaking of exposed email...

[esobofh]

Interesting, I'd go check that out right now had I not burnt all bibles I ever came across...

Seriously though, don't they also teach that yee shall be wary of false prophets? and they themselves have predicted the end of life on earth like 14 times or something and been wrong each time..?

Re:Speaking of exposed email...

[jonadab]

> Interesting, I'd go check that out right now had I not

Verse 1 says, approximately, "In the beginning there was the Word,
and the Word was with God, and the Word was God." (There are other
legitimate ways to translate the first clause. You can, for example,
say "In the beginning the Word was" or "In the beginning was the
Word", and be just as accurate. But the first clause is not what
bothers the JWs. "Word" can also be "Message", but again, this is
not the point of dispute. Either way, it's Jesus, for proof of
which see verses 14-15, "The Word became flesh and lived among us,
and we have viewed his glory, the glory of the one and only who
came from the Father... John testifies concerning him..." Not
even the JWs dispute that the Word in this passage is Jesus.)

Anyway... in the Greek, that last clause reads verbatim as "God
was the Word", except that because of where the article is put the
Word is the subject of the sentence. (Greek does not put the
subject first all the time as in English; we have to rearrange
the word order to put the subject first, because as your English
teacher taught you that's just how it has to be in English.) For
it to be translated "a god" as the JWs insist the Greek word order
would have to be reversed, among other things. If you try to
throw out the rules of basic grammar that cause it to be translated
"the Word was God", you mess up how the subject of a sentence is
indicated and recognised, and most of what is written in Greek
becomes incoherent. IOW, "was God" is the only reasonable way
it can be translated, and the greatest emphasis is on the word
God because it is first in the clause.

So any group that claims to believe the Bible but disagrees with
the deity of Christ -- including JWs, Mormons, and Islam -- have
issues with this passage. (Islam mostly gets around it by simply
saying that the Bible was mistaken or unclear and the Koran is
authoritative. JWs and Mormons try too hard to keep their "we
believe the Bible" stance, so the issue is more fatal for them.)

Re:Speaking of exposed email...

[Deven]

Okay, I just sent it again. This time, I also copied the response address that I used the first time (from the autoresponder message). Hopefully one or both will reach you!

Cloudmark - Outlook 2k/XP users

[exhilaration]

If you're running Outlook 2000 or XP - Cloudmark is a nearly PERFECT solution to Spam - and IT'S FREE (for now, at least).

Re:Cloudmark - Outlook 2k/XP users

[spongman]

I have noticed that many spammers are adding random crap to the end of their messages. This tactic is specifically designed to circumvent products like cloudmark. If you're running Outlook, try spambayes, it uses some pretty complicated statistics to determine whether or not an incoming message is spam, and it works surprisingly well. It requires a certain amount ofo technical knowledge to set up, though.

Re:Cloudmark - Outlook 2k/XP users

[MrEnigma]

While I agree that cloudmark and it's p2p attack on spam isn't the best, and a bayesian (spelling?) method may be a lot better.

I currently use Cloudmark, and since I own about 9 domains, and a few that catch a lot of different email addresses, I tend to get a lot of spam (well, only about 10 a day to the one account, about 30 to the catch all account), Cloudmark has caught every one except 1 I believe. For having a serious flaw, it works pretty good. I believe it takes a hash and then the hash of the emails are compared, so if the hash was loose enough, the random characters should not affect it. Then again I could be totally wrong in how it works.

Re:Cloudmark - Outlook 2k/XP users

[Stauf]

MailWasher is another one, I've been using it a month or so now, and its quite good.

It checks messages against a set of rules then allows you to bounce them, delete them, etc. before you download them off your mailserver.

Its good for people who get a low-med amount of spam (15-20 per day)

Re:Cloudmark - Outlook 2k/XP users

[RussGarrett]

I've found CloudMark to be quite ineffective, blocking quite a few opt-in lists, including for some odd reason the Netcraft monthly survey e-mail. I personally think that Spamassassin on the server is definitely the way to go.

Re:Cloudmark - Outlook 2k/XP users

If you're running Outlook 2000 or XP - deleting it is a nearly PERFECT solution to spam, viruses, and all sorts of other junk,

Re:hooray

They (the Asians) can fucking well learn to administrate an SMTP server like the rest of the world, if they want to be "brought together" with us. As things stand, they seem to have some culturally-ingrained sense of irresponsibility that ends up hosing the rest of us.

Re:Asian spam...

[Cyno01]

If ham is spiced pork, isn't spam redundant?(Spiced Ham(spiced pork))

More advice.

[DarkHelmet]

The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed.

In other, vital, important news

Sticking your finger in an electrical socket MAY cause electrocution.

Smoking MAY cause cancer.

That "woman" you were cybering with in that chat room where you gave out your email was a spammer.

She was an underage spammer, at that. (ha ha)

Re:Blocking subnets? Use SPEWS.

[EvilAlien]

And probably lots of legit mail too, unless you have a tiny mail server. SPEWS is an awful choice for large commercial services, they subscribe to the "throw the baby our with the bathwater" theory. They are ever more clumsy and heavyhanded than ORBS was.

Suing SPAM companies?

[bertok]

I've invested significant money some years back in a domain name so that I could give my clients and friends an easy to remember, unique email address. I consider it a significant investment, because it looks good on a CV, business card, or letterhead, is easy to remember, and it cost me time and money to establish it.

However, a number of spam companies have picked up on my email addresses at that domain, and have distributed it on a number of those unpteen-million address CDs sold to other spammers. I recieve over 100 unsolicited emails a day. Now, I try to filter them with software filters, but due to the hit-and-miss nature of heuristic filters, legitimate mail is deleted on occasion.

The way I see it, my unique and expensive email address has been devalued by these spam companies, because the whole point of buying that domain name was so that I could use it publically. If I have to keep it a secret to avoid spammers, it is worthless! I can't even use it as an example while writing this article, because it would be picked up by yet more spammers.

I wonder why nobody has tried suing along these grounds. Think about it: If some company had invested time, money, and effort into setting up a toll-free hotline for their customers and/or clients, but had the service ruined by telemarketers jamming the system with 100x more junk calls than the real calls the company recieves, the next outgoing call would be to a lawyer!

Re:Suing SPAM companies?

You need to be running Cloudmark or another Spamnet client. That'll fix 90% of the problem.

Re:Suing SPAM companies?

[RazzleDazzle]

This doesn't really make sense though. There is no legal requirements on the internet that says "people can't know your domain or e-mail without your permission" because that would be like saying "I am going to write notes on the wall of the bathroom in the gas station and only tell my family/friends about it and I can expect no one else to know about it."

OK it is a kinda lame anology but all I could come up with and I think it gets my point across. What you have on the internet is a matter of PUBLIC information. You have no expectation of ultimate privacy in this regard. If you find a trick that works (at least for a little while) then lucky you but this trick is not IMO (& IANAL) legal grounds for prosecution. If you want complete anonymity and pure privacy try not using the internet or setup some VPN and use a private mail server with access only by those whom you allow in the VPN.

Also, I get spam I don't like it either.

Re:Suing SPAM companies?

[Michael+Woodhams]

Inevitably, IANAL, but I'm going to express my uninformed opinion anyhow. (What else is /. for?)

I really don't think this will fly. Just because you've spent money on something, it doesn't mean that nobody else is allowed to do anything that will adversly affect your investment. You may just have made a bad investment.

E.g.: I buy an island and build a luxury resort specifically for celebrities to get away from paparazi. Once I open it, the paparazi start hanging out in boats off shore (a public area). I can't make them go away.

E.g. 2: I build a luxury apartment block next to an airport. I can't sue the airport to reduce noise just because I can't sell my apartments.

E.g. 3: I distribute movies on a medium that allows me to prevent people skipping the ads. Someone starts distributing programs that will play my movies while allowing the ads to be skipped. I can't sue them simply because this has an adverse effect on my advertising income.

E.g. 4: I spend lots of money building up a buggy-whip business...

O.K, looking back at this list, you *shouldn't* be able to sue in these cases.

Re:Suing SPAM companies?

[mlknowle]

True, you have been damaged, but it is hard to say that one particular spammer damaged your account. That is, your damage is caused by 100 spams a day - but if SpammerX is responsible for only 2 of them, he hasn't devalued you email ad. It is only the aggreate effect

Re:Suing SPAM companies?

OK, you can't sue for damages or expenses, but what about your right to privacy? Surely selling your personal/contact details without your permission must be illegal.

The Internet is NOT like a public toilet. It's NOT outside the jurisdiction of normal laws. Your email address SHOULD be just as much within your control as your telephone number or mail address, and just as much protected for privacy. Just because it can be harvested off websites, irc or newsgroups doesn't mean that it's legal or OK to do so.

Re:Suing SPAM companies?

No mod points today, but I think your point is one of the better ones in this spam discussion.

Your point is a very good one, but the "toll-free" analogy has a flaw: every toll-free phone call has a definable cost at a phone company level. Regardless of the wasted time in answering the phone and the blocking of legit ones, there's a definite and exact cost to the company for that phone call. The same applies for fax spam. In the case of email, the "billed" cost of each message is still fuzzy.

Re:Suing SPAM companies?

[MasterBlaster]

E.g. 2: I build a luxury apartment block next to an airport. I can't sue the airport to reduce noise just because I can't sell my apartments.

OK, this is slightly off topic but I just had to reply to this because it is BEING DONE ALL THE TIME. The problem isn't that they don't sell, it's that they do. This results in stupid actions like noise abatement procedures that are not exactly the same as what would be considered safe procedures, $5000 landing fees imposed by the local government and a multitude of other idiocy.

A developer gets some cheap farmland next to an airport that has been there for 50 years or more, builds houses and the airport ends up being shut down because of the noise complaints. I guess if I have an emergency I'll just land in your living room.

asia is *not* the problem...

[jacquesm]

Spam from asia is last on my list of annoying stuff, it's the 'viagra/mortgage/whatever' stuff from the good old US of A that is bothering me

Re:asia is *not* the problem...

.........right, yes. Except half the time they route through Asia, for a variety of reasons. If the crappy webmail service I have to use had the ability and I blocked chinanet.co.cn, I would literally get 80% less spam than I do now.

Re:asia is *not* the problem...

[Phroggy]

Spam from asia is last on my list of annoying stuff, it's the 'viagra/mortgage/whatever' stuff from the good old US of A that is bothering me

Spam originating in Asia isn't the problem, the problem is spam originating in the good old US of A that's relayed through misconfigured servers in Asia. Since most Americans never receive legitimate mail from those Asian countries, blocking all mail from their IPs means blocking American spam relayed through Asian mail servers.

Be optimistic!

[Dexter's+Laboratory]

I just told some people who complained about spam; "You gotta be optimistic about the load of spam you get every day. Just think 'oh well, at least it can't get any worse now'". Boy, are they in for a surprise!

How can I block American spam?

[error0x100]

The /. crowd always seems to be talking about how huge the Asian spam problem is. So as an experiment, I've been keeping my spam in a separate folder for a few months, and less than 3% of it is Asian in origin (counted by relay server used AND the spammer itself). Over 70% of it, originates in the USA, and are mostly USA cons/scams/pseudo-products etc (diplomas, anti-spam software, spam software, porn sites, "hot strock investment advice newsletters", "work at home", MLM etc, "lose weight", search engine 'promote your website' offers etc).

Why the discrepancy, am I just an outlier, or are slashdotters exaggerating the non-US-originating spam problem in relation to the US-originating spam problem?

Re:How can I block American spam?

[Moonshadow]

I don't get a lot of Asian spam, either. In fact, I haven't gotten an Asian spam for as long I remember.

Maybe I just post my email address in the wrong chatrooms.

Re:How can I block American spam?

[error0x100]

Perhaps it has a lot to do with where you 'leave' your email address. Much of my spam is addressed to email addresses that were almost certainly harvested off websites I maintained or have maintained (a company website and a personal website, both .com domains), or off websites (such as forums) which my email address ended up on. With some of it its obvious its been sold by a company that has my email address (I also tend to sometimes create very specific email addresses that I use only for registering at individual companies .. most of the companies, fortunately, seem to be well behaved). Chatrooms, I don't use.

Re:How can I block American spam?

[Moonshadow]

I'd agree with that. I run a few sites, and have my email out there in quite a few other places. I've had the account for a while, so it's gotten on quite a few spam lists, so I'm not as careful as I used to be with it - I've just perfected my spam-identification techiniqes :). Most of my spam probably comes from 3 or 4 individuals/companies, if I was guessing. It all follows a very similar format, but it comes in truckloads. 142 new messages today. 3 Legit. Thank goodness for filtering.

The bit about the chatroom was a joke. I don't really use 'em, either.

Re:How can I block American spam?

Close to 50% of the spam I receive is asian in origin.
This is after already completely blocking china and korea.

I don't give out that e-mail address, but it has been active for over five years.

Re:How can I block American spam?

[user+no.+590291]

Are you counting as "Asian in origin" those spams that originate from a throwaway American account, but point to a spamvertized site in red China?

Re:How can I block American spam?

[error0x100]

I count it as "Asian in origina" if ANYTHING on it is Asian (China, Korea, Taiwan etc) in any way, e.g. if it went through an Asian relay server, or if the company spamming me is Asian, or the source email address looks Asian (e.g. chinese or korean suffix) etc, or the referred to website looks Asian. The small bit of Asian spam I have gotten was very obviously from China, they were openly Chinese companies selling openly Chinese products.

Much of my spam is very clearly from the US, and almost all of it is decidedly non-Asian. For most of it, all servers listed in the headers are in the USA, the products or pseudo-products they are selling are being sold out of the USA, the websites being advertised are in the USA, and run by Americans. If its a "hot stock investment advice newsletter" its for a company in the USA. Usually any phone numbers listed are USA phone numbers. Prices are in US$, and in the case of cons like MLM and "work from home" its also usually in US$ (yes I know that doesn't mean anything by itself, but its usually accompanied by other indicators, such as addresses/phone numbers). The text of the email also often indicates that whatever they are marketing, they are marketing at Americans *only* (e.g. they mention/offer things that are only valid in the USA, e.g. things that relate to the American tax system or voting system or American politics, or various other elements of American social infrastructure, or places in the US).

I suppose I shouldn't spend so much time analyzing my spam, but it bugs me that the country that seems to be pointing the most fingers is also (at least in MY mailbox) by far the biggest culprit. Just wanted to know if other people's experiences are similar.

Re:How can I block American spam?

[error0x100]

In case anyones REALLY bored, here are a few examples:

• "Visit Moab Utah" - Southwest Travel Reservations in Nevada
• "Personal Alcohol Detector" from "Alcohol org Inc tel : (268)702-4503"
• "Get a professionally designed web page" (US phone numbers and addresses given)
• Some US-based link exchange systems
• "Invest Wisely" .. to qualify I need to "Be 21 years or older and a USA resident"
• "The lowest mortgage rates in America"
• "BIZ, .INFO, .COM for only $14.95" (although this one appears to have been relayed through an australian server)
• "Todd Johnson" of iGetNet, "Microsoft Terminates Keyword System"

Admittedly, a lot of it seems to repeatedly come from the same offenders.

One of the weirdest ones I've gotten was for some expensive used medical/hospital equipment. Can't seem to find it now.

Re:How can I block American spam?

[quantum+bit]

Guess you've never posted to a busy mailing list. My bugtraq-posting address gets a fair amount of spam, 99% of it comes from Korea. Almost time to change it to a new one and zap the DNS record :)

However, stuff that's been harvested by web-bots (my work address and webmaster@), gets mostly English-language spam.

I also get the occasional messages to the nonexistent sales@ or marketing@ addresses, and oddly enough, steve@ (no idea where that one came from).

Re:How can I block American spam?

there is no discrepancy the guy in the article admitted to having a web presence on china visited websites.

they are harvesting his email address from those sources, and probably think he is local to that continent or has affairs there.

his china spam problem is of his own creation. my USA spam problem is of my own creation.

Re:How can I block American spam?

i.e. RTFA

>>>>The trouble I've had is that, when the Chinese and Korean spammers harvest web pages for e-mail addresses, they get mine from a copy of my page in Asia and assume I'm local.

Re:How can I block American spam?

[Malc]

I would say more than 50% of my spam originates in hananet.net and kornet.net, according to Spamcop.net. I can't even read it. And that's only part of the east Asian crap I get. A lot of the time they don't even specify the correct language encoding.

Check out their statistics page: http://spamcop.net/spamstats.shtml

Re:How can I block American spam?

[user+no.+590291]

I haven't analyzed mine at all, let alone as rigorously as you have, but it seems like about half the spam in my Hotmail spamtrap account either comes from or points to web servers in China or Korea, and occasionally Russia.

Re:How can I block American spam?

[Grax]

Most of the messages to my bugtraq address concern Nigerians with lots of money that want to send it to me.

I should add it up sometime. I bet I'm getting close to $1 billion dollars that they have offered to deposit in my account. Sure they say I can keep a percentage but really why would I give them any of the money back after it was in my account.

Re:Dont you just love it when spammers get your na

[esobofh]

Worse - How in the hell did they find out about my childhood family orgies?!?

Me too...

[vandan]

I do the exact same thing - blacklist $IP_ADDRESS/23.
My list is available at:
http://enthalpy.homelinux.org/spammers.txt

SPEWS.ORG

[Cheese+Cracker]

Here's the link to SPEWS.ORG... just in case someone wants to read more about it. :)

Regular spam vs. Fraudulent spam

[doomdog]

Yes, there is a difference between regular spam and the fraudulent variety. Normal spam is sent by well known "bulk mailers" (as they call themselves, in a pitiful attempt to legitimize their business) on a contract-for-hire basis.

They send email directly from their own systems to your mailbox. They do not fake their headers, use open relays, hijacked proxies or root'ed boxes of other people to send out their messages. They generally have contracts with their ISPs to not cancel their connectivity as long as they have some type of proof, no matter how vague, that the mail *might* be considered opt-in (and as long as the complaints aren't too frequent. These people do listwash their own lists, if only to stop spamming people who actually complain about it, and also to show to their ISPs that they have an effective opt-out system. Their spam is annoying, but currently legal.

Fraudulent spam, on the other hand, is completely different. These are the people that hijack other people's machines to do the dirty work, rape open relays and consume all of their bandwidth during spam runs, actively probe for open relays and proxies, forge everything they can in the headers, study SpamAssassin and other filters in an attempt to craft messages that don't "look" like spam. These are the people that use their opt-out lists as a source of revenue (by selling the names to other spammers), and will frequently joe-job spam activists and others who complain too loudly and to the wrong people...

The first type of spammer sends out insurance offers, cell phones ads, inkjet ads and such. The second type sends out virus/trojan laden messages, porno by the bucketload, ads for illegal drugs, etc.

Both types of spam are annoying, but the "fraudulent" type is much more so because of its immoral content (and anyone who thinks that sending pornographic images to children isn't immoral should quietly remove themselves from the gene pool) and also because of the theft of services (bandwidth, hard drive space, etc.) from the relays and proxies that they abuse.

Re:Regular spam vs. Fraudulent spam

[fermion]

By your definition there is very little 'regular' spam. Almost every spam I get has a forged 'from'. Even if the return address is valid, it often has an obvious misleading name. As the earlier WSJ article suggested, spammers put in random names to confuse recipients, while still claiming not to forge headers.

Also, many states require ADV: in the title. Any commercial email that does not have ADV: should be considered fraudulent.

Re:Regular spam vs. Fraudulent spam

[doomdog]

In one sense, there is very little "regular" spam, if you only count the number of spammers involved. However, the spammers that don't forge their headers are involved in sending out an awful lot of spam. In fact, it's easier for them to be spammers because they don't have to constantly deal with their accounts being shut off, finding a new relay to abuse, etc.

I develop server-side spam filtering products (among other things), and I see a lot more spam than most people do :). I have lots of spam trap addresses floating around that let me know when a new spam campaign is starting... Just off the top of my head, I'd say that at least a quarter (and possibly a third) of the spam I see on a weekly basis comes from less than a dozen sources....

State regulations that require ADV in the subject are paper tigers -- they have no effect and for the most part, they're pretty worthless. However, they do give the bureaucrats something to point at when people complain about spam.

These regulations are unenforceable because they're ambiguous. How do you define where an email address is "located"?? Is it located where the owner of the address has a legal residence? Is it located wherever the POP3 server resides? Is it located anywhere the owner chooses to read their email? Furthermore, most states that have these ADV: laws don't have a statewide registry of email addresses. Without this, there's no way to filter out addresses in certain states.

Bad laws like this don't accomplish anything.

Sendmail Filter

[bobdole34]

Sendmail is pretty popular,
If I could cron download:
http://okean.com/sinokoreacidr.txt
and append it to my /etc/mail/access with "5.5.3 GOAWAY" at EOL instead of "Korea"/"China" at EOL, I would use it! I wish I could shell script better.

Please reply with an easy way to do this! It would help all!

Cheers!

obSimpsons

[sharkey]

Oh Marge, anyone can miss Canada on a map, all tucked away down there.
--Homer

Re:obSimpsons

[Metallic+Matty]

haha, perfect, I was just _waiting_ for someone to say that!

Mod Parent Up! =)

Re:Dont you just love it when spammers get your na

This complaint from Mr. AutoPr0n himself?

Re:hooray

Hmmm ... I didn't see the original poster use the phrase "greedy yellow bastards". Maybe I missed it??

And now that I think of it, dozens of "XXX HOT TEENS!!!" emails a day do make the world a better place!

Fadden?

[geekd]

58. fadden 3000+ AUDIO Books on CD wrv

64. Information fadden
65. fadden this will help you look good and feel great

67. Money for fadden



What the hell is "fadden" ?

Re:Fadden?

[geekd]

Doh! it's his name. I am a dumbass.

Re:Fadden?

[Phroggy]

What the hell is "fadden" ?

Some subject lines I've received (and reported via Spamcop), if this gives you any idea:

Good news for phroggy
Information phroggy
Money for phroggy
We open new site for you ! Phroggy !!!
phroggy, Online Pharmacy now offers Gen*ric V*agra for $5.00 per 100MG dose
Phroggy, we have new updates at Beauty Angels
Tired of being broke? phroggy

Re:Fadden?

[Echo5ive]

The hotmail spam I get is typical in that it contains a word similar to the name of my account. I guess they bulk mail a bunch of similar accounts in a row, with one of the accounts in the topic, trying to make it look like it's addressed personally to you.

Yeah, right. Unless I see my REAL name in the topic, it's spam.

damn

the best pr0n comes from asia.

USA SPAM

[gavinjolly]

Almost all my SPAM comes from USA. Should I block USA IPs?

Does anyone have a study covering the world and identifying the origin of SPAM. I think you would find most is from the good old USA.

Re:USA SPAM

[gavinjolly]

In regards to being a foreign bitch:

• I am a male
• I am over 16, are you?
• I am from New Zealand which is supporting the USA in the war on terrorism (Our troops are in Afghanistan)
• I can take part in a mature and reasoned discussion without lashing out in immature ways ( . .well this is /.)

As a very brave AC please respond and explain why it is okay to complain about SPAM from Asia and not SPAM from the USA? I look forward to your eloquent and explative free response.

Re:USA SPAM

[duffbeer703]

I am not the original poster, but I'd like to respond to your rant.

At one time I worked as a DBA at a small company where I also got to administer the email system. (Don't ask.)

Our customer service addresses would be bombarded with nearly 5,000 spams a day from various sources. In general, US, European, and Australian ISPs did an excellent job in shutting down spam sites. This stemmed the flow to about 2,500 spams per day.

Of these roughly 2/3 orginated from Korean, Chinese or Romanian servers, whose admins never on any occasion took any action against the spammers.

So I spoke to the network people and computer systems director and decided to filter most of the subnets where the spam originated from (probaly about 7,000 address ranges).

It was a decision I was relectant to make, but it needed to be done. Our company provided services to customers in the US, Canada, Mexico and Chile. We weren't going to lose any asian business.

Until the ISPs in these nations decide to be good net citizens, the rest of the internet community should blacklist them.

Just a note

[djupedal]

...does it help to suggest that the spam in question is perhaps not originating from Asia, and is more the result of lax relays?

The spammers are outside of Asia, and simply target open relays where ever they find them.

The stats by the submitter show that most of not all the mail is in English. That should tell something about the true origin of the spam.
If the open relays were closed, the spammers would move to other hotbeds. Let's work to educate the admins in Asia, and force the spammers to back off using open relays.

Re:Just a note

[Jester998]

For the most part, that is EXACTLY what is happening -- spammers are 'just' exploiting open relays in China and other asian countries, and working to educate the admins in Asia is a wonderful goal...

Unfortunately, it's been tried and has failed, numerous times. Email sent to admins in Asia is usually ignored (or perhaps misinterpreted?), and mailing their ISPs has no effect. When the whole 'craze' of blocking Chinese IPs started, there was a large controversy over the practice; many felt it immoral to blackhole a whole country, opting instead for education, but it was the experience of many admins that trying to educate or inform the Asian admins was a waste of time... much like trying to teach a pig to sing (It doesn't work, and annoys the pig). Hence the popularity of blacklisting Asian IPs.

Don't believe me? Try submitting some spam reports to Asian admins and their ISPs... let me know how it turns out... I warn you, however, that it's unpleasantly like bashing your head against a rough concrete wall.

Re:Just a note

[djupedal]

I live, work and travel in Asia. I speak Japanese, Korean and Chinese (I'm a native English speaker, from Calif). I don't send mail...I talk to them in person. My situation is unique, I agree. And it's not viable for everyone that may consider helping.

I'm trying for a pragmatic approach, and I would never suggest that simply sending an email or making a phone call would be helpful. The admins I talk to want to fix things, but until a focused effort is made to help them (docs in their languages, etc.), things won't change, I agree. Certainly complaining isn't going to help...and ignoring it isn't going to make it go away.

I'm working on it the best I can...one admin at a time :)

Re:Just a note

[Ilgaz]

Korean ISP's aren't that lame. I don't know about chinese but, koreans knows some stuff, they run on Apache web servers, FreeBSD with millions of customers. Nobody can tell me that they are so uneducated and they don't know how to block damn port 25.

People don't be naive, those ISPs are sure aware of the problem but they don't do anything about it. There are companies like Dreamwiz.com (no, they don't sell porn) which has been reported THOUSANDS of times. If it was an american company they would lose their domain name even! Conclusion: They make money over it too.

About the "immörality", I want a free ticket to Korea and punch that god damn ISP owner/boss/ceo/techical coordinator whatever from the face. Does it make me immoral or sort of a racist?

at end, I agree to you. I lived this thing, you won't understand it until you get thousands of unreadable mails to your yahoo account in use for 5 years and can do nothing about it. I wonder if it effects Yahoo and broadband kingdom Korea relationship??

Re:Just a note

[Skapare]

Most of the open relays in China are Exchange server. Documentation for Exchange server is available in Chinese (not sure which dialects), Korean, and Japanese. The problem is, most of the deployed servers in China (and probably Korea, too, but I didn't really check there) are versions prior to Exchange 5.5. And those older versions, while they do have some settings to supposedly turn off relaying, do not completely turn it off, and spammers know how to exploit the relay holes.

The cause of the problem is that virtually all of these servers are running pirated copies of Exchange (and probably of Windows, too). It sure seems that, on average, the Chinese people are less concerned about theft (be it of your mail server bandwidth, or of commercial software) than westerners (Americans and Europeans) on average. Eastern European countries also have some of this problem. This seems to be a pattern that poorer countries are where it happens. Places like India, South American and Africa have less of it, but I think that is probably because there is virtually no internet connectivity outside of the big cities (this is changing quickly now in India and parts of South America), and so the deployment of mail servers and spammable bandwidth just isn't there yet. Expect new waves of spam from India over the next year or two, and from Africa after that (Much of the Nigerian money export scams really are originating from Europe and USA, not all from Nigeria, but this kind of thing doesn't need lots of bandwidth anyway, since it often uses Chinese and Korean open relays, anyway).

This is actually a missed opportunity for the Linux community. Given there are distributions of Linux specifically designed for various Asian languages, we should work to further promote this deployment. Not only will it help the spam problem because of defaults that don't open relay and readily available native language documentation, but it also gets Linux installed in more places, in one form or another.

Re:Just a note

[djupedal]

I agree on all points....very well put, thanks.

While many small servers are running bootleg software, the big telcos, etc. tend to be current and legal. Spammers care not whether they use someone's home computer or some server sitting in a high rise....the result is the same, and they constantly probe for any soft spots.

I think the doc issue, however, is more with the follow-up advisories than the original package docs. Multilingual advisories and urgent notices trickle down and are usually targeted at English corporations and admins.

I'm also of the mind that Linux can help with the overall issue(s). I chat it up every chance I get.

Re:Just a note

[Koutarou]

Actually a lot of the proxies are also linux. For a rather long period of time TurboLinux came configured by default with a wide-open port-8080 proxy configured into its apache install.

Re:Just a note

[catman]

Do you read news.admin.net-abuse.email ?
There are a couple of posters there that would love to hear from you, for mutual benefit - like providing docs and other support for Asian admins who need it. Agreed that some places need to be blocked until the Sun goes out - but there's nothing like a freshly converted admin to help spread the word :-)

Re:Just a note

I bet your penis is very large because you can speak so many languages and you are from California.

Re:Just a note

[bpfinn]

Can I procure your services in order to translate my "Help me stop this spammer" and "Help me stop this hacker" email messages into Mandarin and Korean?

Re:Just a note

[Daniel_Staal]

I live, work and travel in Asia. I speak Japanese, Korean and Chinese (I'm a native English speaker, from Calif).

...

The admins I talk to want to fix things, but until a focused effort is made to help them (docs in their languages, etc.), things won't change, I agree.

...

I'm working on it the best I can...one admin at a time :)

While I applud your efforts, that's not the best you can do. There is better in your own comment: you can translate/write docs for them, in their language. Write a tutorial on how to properly secure mailservers in whatever language you think would best help, post it on the web and point people to it. (If you need webspace, ask around. I'd even do it, though my webserver is subpar.) Tell people to point others to it. The web is good at dissemenating info.

Re:Just a note

[fadden]

Actually, if you look at the statistics, 79% of the messages the caused me to add an entry to the block list were in an Asian language.

At this moment, the block list has 135 entries, of which 101 were added because of an Asian-language spam. The remaining 34 were almost all in English (one was in French). By that figure, we're down to 75% Asian, which is still terribly high.

Of course, I may not be typical, given that my e-mail address has appeared on sites hosted in different countries. Still, I can't accept the premise that all these sites in Korea are victims. Whether they're trying to spam Americans or just trying to spam at home, they're still sending out lots of spam, and I've seen precious little done to stop them over the course of many months.

Re:Just a note

[djupedal]

I'm trying to separate the issues....one is open relays and the other is spam sources.

Webster's defines 'victim' as a person subjected to circumstances beyond their control. I don't see Korean ISP's as being victims...they certainly have the same responsibility in the problem as their counterparts in any other part of the world. And we should also remember that it's not just the ISP's that need to take action.

I also don't think they sit around asking to be taken advantage of. The Korean govt. is on a crackdown. Once you're shut down, it takes a while to get back in the govt's graces. Spam is getting worse here for the locals at an alarming rate. The good guys have to take notice and step in, or we'll all come out on the short end.

I guess I'm confused why you built that top 67 list showing a clear English bias, when you can also show a 75% Asian dominance. Perhaps the top 67 is misleading or I just misunderstood. I do approve of your actions, in any case. Anything I can do to help support your efforts, please ask.

Re:Just a note

[fadden]

It's not a "top 67" list, it's just the list of the 67 messages that got through that day. I wanted people to be able to see a sample of what I was getting. (It's all well and good to claim a message is "in an Asian language", but if you haven't seen one before you might not know the difference between it and, say, the message in Russian in the same list.)

I think I see the confusion now. Most of the spam I get is English or another "European" language. This is not surprising, since most (about 2/3rds by the numbers on the page) of the spam is coming from places other than Asia. Of course, sometimes I get spam in Korean from sites in Germany or elsewhere.

To summarize:

- A significant percentage of my spam comes from Asia, but the majority does not.
- Of the spam coming from Asia, only a small percentage is in English. This runs counter to the "97% is American spammers using relays" argument some have presented.

Somebody else asked me whether China or Korea is the source of most of the spam. A quick glance at the block log suggests that most of it is coming from Korea. Curiously, a *lot* of spam, coming from many different sources, refers to URLs hosted by Chinese ISPs. I find that a lot of my URL-complaint messages on SpamCop are going to .cn addresses, for things like "www.generaledu.com" that don't sound Chinese or have anything but English on them. Not really relevant to mail blocking, but sort of interesting nonetheless.

Re:hooray

They too busy fucking like little yellow rabbits. Sucky fucky for $1 American GI!!!

Joe

[wideBlueSkies]

Me spam you long time. :)

Ummmm...

[Distinguished+Hero]

Is it just me, or did you just post the same thing twice within two minutes, and still managed to get modded up? Ironic that this should happen in a discussion about spam...

Re:Ummmm...

[doomdog]

Yes, I posted it twice. I wanted to respond to a particular post and didn't click on the right link :)... So, I went back and did it right the second time. I didn't think anyone would notice, because my posts are usually ignored by most people...

I'm not quite sure why I was allowed to post it again so quickly. Good Karma, I guess...

Procmail

I have a procmail filter that does this. Lameness filter won't let me post it.

Re:Dont you just love it when spammers get your na

[phorm]

+1 informative... apparently moderators DO have a good sense of humour sometimes *lol*

Re:hooray

[Jucius+Maximus]

"They (the Asians) can fucking well learn to administrate an SMTP server like the rest of the world, if they want to be "brought together" with us. As things stand, they seem to have some culturally-ingrained sense of irresponsibility that ends up hosing the rest of us."

I'd agree with you *if* most servers came with Chinese|Korean|Japanese|etc documentation.

Obligatory Literary Reference...

[Cap'n+Canuck]

That spam Siam
That spam Siam
I do not like that Siam spam!

With apologies to Theodore Geisel

Multiple blocks and filters are needed

[rossz]

I block China, Korea, and Nigeria country wide. I also use the SBL from spamhaus.org, plus I've added some personal "favorites". This doesn't catch all the spam, however. So on top of that I run everything through SpamAssassin. Anything with a score of over 15 goes into a spam account (I check it occassionally to make sure there are no false positives). Anything with a score of at least 7 is marked as possible spam but still delivered. Spam rarely gets through, but the system isn't perfect and I doubt if it ever will be.

Asian Spam

While I have been blocking offensive subnets for years I discovered a black hole list that is reasonably effective against Korean spam. It is korea.services.net. Of the 300 or so e-mails I get a day korea.services.net blocks about 20-50 spam emails. I still get 3-10 Korean spam samples a day though.

Large-scale SpamAssassin installations

[dskoll]

I know that Spam Assassin is a bit resource hungry, and isn't practical for large scale operations

Au contraire, if you're clever about it, SpamAssassin works great in large-scale operations. In conjunction with MIMEDefang, people use SpamAssassin to scan a lot of mail -- over 1 million messages/day in two sites I know of.

Re:Asian spam...

[Jeff+Archambeault]

If ham is spiced pork, isn't spam redundant? (Spiced Ham(spiced pork))

A Spork(tm?) is the spoon/fork that comes with KFC(TM) meals. Spam(TM) probably came first.

Re:Blocking subnets? Use SPEWS.

I hate spews. spews is everything that is wrong with anti-spam work.

There is no way to get off of the SPEWS blacklist, and if they black your entire NSP for one of the NSP's customers... tough luck for you. You can post to a usenet group and beg, and they wont do anything other than tell you to break your legal contract and go elsewhere. 20 people will harass you, and you can't even know which one to listen to.

SPEWS can rot in hell. A properly configured SpamAssassin will block 98% of spam and have 0.01% false positives (I haven't gotten one false positive in a year, but I will someday).

SPEWS is NOT how one prevents spam. SPEWS is how one pisses off the people trying to mail them.

I can't stress enough how much I hate SPEWS and how much it should die.

Please, please don't support SPEWS. I beg you.

misread title

i usually hate this type of comment, but i swear i really thought it said 'blocking asian sperm'

Or, to put it another way......

[Ride-My-Rocket]

One person's "Duh!" is another person's "Huh?"/

Here's my list: Azoogle.com is the worst!

Azoogle.com is the worst with summertimedeals.com coming in a close 2nd. Hope it helps. I got sick of all the spam and I didn't want to just filter it, I wanted to STOP it dead. So over time I started taking care of all the domains in my list.

Now when I do a grep "Access Denied" /var/log/mail I get a TON of azoogle.com entries. Summertimedeals.com is almost as bad.

I am surprised at the amount of spam that comes from Brazil as well.

Here my domains listed as REJECT in access
inet.it,nexgo.de,fan8.com,hinet.net,eagle- tungyung .com,rtm.net.my,interbusiness.it,foryou.com,welcom ing.com.tw,treasurehk.com,railnet.gov.in,www.bgts. co.in,lginternet.net,dgitc.net,webcom.com,trafficm agnet.net,kornet.net,mrsmiley.com,82222.com,chinan et.cn.net,pm0.net,quickinspirations.com,topica.com ,sandbox.com,smartautoresponder.com,alphanetmarket ing.com,greatest-specials.com,azoogle.com,temd.net ,rinc.joint.eu.org,summertimedeals.com,tilw.net,op mnet.net,petradistributors.com,mademesmile.com,vir tual-biz.net,targetoffers4you.com,uole.com,roving. com,direcpceu.com,loansizer.com,kemford.com,bigfoo t.com,goldenweblistings.com,lendingapps.com,transc entives.net,atomicdot1.com#TEST,erieri.com,aseeker .com,emailfactory.com,citiz.net,eshenbao.com,acpsy stems.com,optedforsavings.com,wowmail.com,naseej.c om,afdeaa.com,hottielatinas.com,firstpacificfundin g.biz,imailjunction.com,customer.iplannetworks.net ,etropicalcasino.com,daemonmail.net,newnamedns.com ,kr,cn,jp,br,ar,ph,se,my,pl,@wsntv1009.com,@alpham arketing.net

FTC targets Amazon, DoubleClick, Eli Lilly

[Animats]

Take a look at the companies the FTC is acting against. Some of them are big companies, and well-known spammers: Amazon and DoubleClick are notorious. Eli Lilly has been in trouble before for disclosing the names of Prozac users. The rest mostly seem to be small-timers.

This could work, though. There aren't really that many different spammers. If the FTC can find 20 of them a year, that should make a dent. If 20 a year were sent to jail for six months, the spam industry would probably start to shrink rapidly. This thing is winnable.

Ultimate Anti-SPAM plan

[infiniti99]

Since a few people are posting about anti-spam methods, I thought I'd go over my idea to counter spam. Currently I am not actually using this procedure, I have just been pondering it for awhile.

First off, the core of this system relies on whitelist-confirmation. This means that first time senders are given an auto-response email which must be "confirmed" in order for their message to deliver. Once they have done this, they are whitelisted, and all email from them passes through. TMDA is what I use for this job. I leave my email address "unarmored", because no spam can get through. When I check my mail in KMail, there is no spam.

However, all is not perfect. After many many months of using TMDA, I still find myself sifting through the "pending" folder on my mail server, which keeps hold of all the mails from unconfirmed senders. I generally do this every couple of weeks, and there are often at least one or two legitimate emails that were never confirmed. There are many possible reasons: 1) they thought the confirmation request was spam, so they deleted it (either manually or through an anti-spam filter). 2) they don't like the idea of having to do a stupid confirm (although no one has actually brought this up to me yet). 3) Maybe they use a reply-to or something weird that trips up TMDA (perhaps fixable or not..)

Anyway, the point is that legit emails aren't 100% getting through. The next consideration then, is to use a word-filter (and who knows, maybe TMDA does this too), to see if legit mails can be detected by their content. Maybe this could be done using a bayesian (sp?) filter, as recently discussed here, or perhaps SpamAssassin. Emails detected as legit would be delivered directly, and the sender would be auto-whitelisted. Ambiguous emails would go through the usual whitelist-confirmation procedure. This way, the word-filter never actually throws email away. It gives the sender a second chance, by sending it through the whitelist system.

This, I think, would solve the problem completely for me, as all of the legit mails that wind up unconfirmed would very much pass the legitimacy test (they mention a software project of mine, or something else very obvious). If this were in place, I could send my pending bin to /dev/null. Ahh, a life of no spam!

Re:Ultimate Anti-SPAM plan

[mjh]

The next consideration then, is to use a word-filter (and who knows, maybe TMDA does this too), to see if legit mails can be detected by their content. Maybe this could be done using a bayesian (sp?) filter, as recently discussed here, or perhaps SpamAssassin. Emails detected as legit would be delivered directly, and the sender would be auto-whitelisted. Ambiguous emails would go through the usual whitelist-confirmation procedure. This way, the word-filter never actually throws email away. It gives the sender a second chance, by sending it through the whitelist system.

That's an interesting concept. Personally, I use spamassassin in addition to TMDA. Anything that gets through spamassissin gets processed by TMDA. For what it's worth, spamassassin will autowhitelist addresses. After it's seen what it thinks are 3 legit emails from an address, it'll autowhitelist that address. I had to turn this feature off because way too many spams were getting autowhitelisted. And suddenly email that had previously been caught by spamassassin, was getting through because it was in the whitelist.

With TMDA, I also have the problem of the occasional legit email getting stuck in pending. But mostly from folks who don't send me that much email. And I've taken the stance that spam is too much of a hassle that if someone doesn't want to confirm my email, then what they had to say to me must not have been that important.

I try to soften this stance somewhat by the wording that I use in my custom confirmation requests. But ultimately, going from 200+ spams per day to zero is worth the occasional person thinking that I'm not paying attention.

$.02

Sendmail blocks

[Sandman1971]

This is on topic, I swear!

I've searched the net on how to do this, but I haven't been able to find anything. I'dlike to configure sendmail (and if it's not possible, then with procmail) to block any emails with a subject that does not contain any of the latin alphabet (a-z). That would cut off 50% of the spam I get (which comes from Asian countries). Anyone know if this is possible, and if so how?

Re:Sendmail blocks

[bmomjian]

I have a sendmail file that does this at the bottom of my spam article: http://candle.pha.pa.us/main/writings/spam

Obligatory OS X mail reminder

[djupedal]

'Mail' in OS X has a built-in junk mail filter mechanism that learns first, then goes on automatic. Might want to consider it next time you're thinking of changing to a new OS :)

Still no one has an answer, what do we do about it

[Mustang+Matt]

I have yet to see someone suggest a good approach to spam. I don't want to filter it, I want to block it. I want 100% accuracy too because the one odd ball that accidently gets blocked could be a big job for my company. Cause.org doesn't even list a suggested solution.

So far to combat it, I've removed email addresses from all my sites and replaced them with a contact form and when I do absolutely have to show an email I obfuscate it pretty well using a combination of character encoding and javascript's document.write. (Browsers still work fine.)

I also have a catchall so anytime I order something or fill out any other online form I use "the domain I'm browsing"@mydomain.com, that way if they give it out I can tell.

The thing that sucks is that the innocent average internet user doesn't realize that if THEY give my address out, companies will collect and sell MY information, thus I was opted in to their list without my knowledge or consent.

That stupid crushlink site and the smiley t-shirt were the worst. I quickly blocked them at my server in hopes that they would think I didn't exist.

Would this business model work?

An Intelligent way to end SPAM!

The Problem:

The current email marketing business model is broken, it costs spammers almost nothing and the end-user or ISPs everything. (Plus it's annoying as heck!)

The (simple) solution:

For End Users: Create a 100% accountable email marketing site that allows users to signup to receive marketing material in exchange for money.

For Businesses: Do a search before you buy into the system to see how many people are willing to accept marketing information based on the criteria you select.

More explanation:

For End Users:

1. $1,000.00 USD guarantee that companies will abide by OUR rules and your information will never be sold or given out.
2. 100% True Opt-in
3. Nobody EVER sees any information you've signed up with other than the marketing preferences you have specified.
4. You will receive a flat fee per email received.
5. AND/OR you can specify a charity to receive all or part of the per email income.
6. Opt-out 100% completely at any time and have your account deactivated or destroyed.
7. Preferences:
8. 
   
   1. Allow you to be very specific about the types of material you will receive.
   2. You can also specify the maximum number of emails you will receive in a month.
   3. Block specific companies from contacting you.
   
   

For Businesses:

1. $1,000.00 USD guarantee that every person that receives your marketing information explicitly signed up and was verified to receive it. (No pissed off customers!!!)
2. This WILL cost you more than the fly by night spammers charge.
3. You WILL reach a targetted audience.
4. Your advertisements will also be available from this site for a duration of time you specify up to 3 months.
5. All emails must be approved by us before being sent out. (No pornography or scam related material allowed.)
6. Nothing is sent out before payment is received. (This allows us to keep dishonest companies from signing up and not paying up.)
7. Users have the option to give you feedback on your advertisements.

(This is a patent free business model. If you like it, use it and make it better!)

we use a simple shotgun...

[Lumpy]

at work we block *msn.com *aol.com *.kr *.ru and several others basically blocking large sections of the planet... not only from the recieving address but also the server trying to relay to us.

we have no need to contact anyone in these sections of the planet, and we made the decision that no clients that use msn or aol need to email us. (yahoo and other are also on the list..)

Granted we are a business to business company.. we dont want to talk to consumers or anyone really outside of our state. It works great and cut down on spam dramatically as well as employees abusing the email for personal uses..

it's our servers, we can block *.* if we want to.

Re:we use a simple shotgun...

[binary+tr011]

t's our servers, we can block *.* if we want to.
I do this and I have found it to be extremely sucessful.
Since I did this I haven't got a single spam email.
It also stops annoying people who have my email address from contacting me.

Re:we use a simple shotgun...

Well DUH, anyone with more than a single brain cell knows they should do this already! Fuck you're smart.

Re:we use a simple shotgun...

wow you are not only stupid but you are also an ASSHOLE..

I like people like you, you never get hired because of your asshole attitude :-)

gimmie a hug asshole :-))

typo

maybe somebody signed up with their own email address which is very similar to yours but it was typed wrongly into the list?

Are we doing china's goverment a favour

[Revek]

For the most part the only trouble we have with other countrys are non democracy's. Those countrys depend on conflict to maintain order. We in the land of the Free (or do I mean fee) are not saints but the goverment is finally starting to make progress of a sort toward reducing some spam/Scams. Spam is not going anywhere the same rights that give us a right to grip about it gives them the right to do it. But by blocking off countrys like china we only serve to keep the population totaly isolated. You can communicate ideals and concepts such as feedom (Yes definatly the land of the fee) with out talking about politics.

Maybe they thought you'd

[myowntrueself]

be good in a flamewar?

Re:SHORTEST AND LONGEST BOOKS

[scmason]

You worked hard on this, didn't you? Well, good boy.

I wish ISPs would grow up and follow through

[Mustang+Matt]

I hate submitting complaints and never hearing back. I wish ISPs would let me know the status of my copmlaints against spammers.

Every major ISP has an abuse@ address and besides the auto-generated message, you'll never hear a peep about why the spammers are still up and running.

Almost all of it originates in the US!

[FyRE666]

Last time I bothered checking my spam-bucket, every single item of spam was from some scummy US outfit - at least the ones that had a real snail-mail address, or phone number.

Pity there's not enough bribesH^H^H^H^H^H^funds from concerned organisations to the governments to bring about some effort on the part of the authorities to track and fine/imprison the scumbags responsible.

If the spammers were sending out email with MP3 attachments of Britney's latest "hit", you can bet they'd be caught, sentenced and jailed within a week...

You know...

[RedBear]

ignorance and stupidity aren't the same thing. They may quite often go hand in hand, but calling people stupid because they have a lack of knowledge isn't the best way to win friends and influence people. There a lot of things any single person won't know, including you, (I can say this with certainty because the amount of knowledge in the universe is infinite), yet not all people are stupid. They're just ignorant. Teach them, don't call them stupid. Even if they are, it doesn't help anyone to continually tell them so.

Asia regrets omission and will make best effort

[trentfoley]

You get only 3% of your product promotion emails from Asia? We are very sorry. Aparently, you are not listed in our database. We are proud of the many great products that we offer to the world. It is an unfortunate mistake that your email address is not listed in our systems. Please send email to add2list@spam.com and we will correct this error.

Regards,
joe

P.S. Add your friends to the list also! You don't want them missing out too, do you?

Re:Asia regrets omission and will make best effort

[Jonny+290]

>You get only 3% of your product promotion emails
>from Asia? We are very sorry. Aparently, you are
>not listed in our database. We are proud of the
>many great products that we offer to the world.
>It is an unfortunate mistake that your email
>address is not listed in our systems. Please >send
>email to add2list@spam.com and we will correct
>this error.
>Regards,
>joe

me too
junk-mail@brightmail.com

SPAM blocking bandwidth

[Bruce+Losis]

Having problems with excessive SPAM blocking your bandwidth?

Add more fibre to your diet!

Re:Blocking subnets? Use SPEWS.

[Furry+Ice]

Hear hear! We've been bitten by these bastards, too. I can't believe anyone would actually promote such a terrible system.

Re:Still no one has an answer, what do we do about

[quantum+bit]

I also have a catchall so anytime I order something or fill out any other online form I use "the domain I'm browsing"@mydomain.com, that way if they give it out I can tell.

I like to use the form me@"the domain I'm browsing".mydomain.com. That way if the address ever gets too inundated with spam, I can delete the DNS record for it and not even have to see the postmaster notifies for it. It also wastes a minumum of my bandwidth (1 DNS NACK packet vs. an entire SMTP conversation).

Re:Spammers in Korea are required by law to

[dokebi]

To include "ADV" in the e-mali headings.
In Korean, it translates into ±í, which you can just filter for. From the bottom of the article, the subject lines #40, 51, 34 all have those.

Too bad US doesn't have similar laws

This reminds me of a story...

[barfarf]

One the technical guys at Exodus that was helping us out over at the datacenter once told me that because of a recurring spam problem, he had a customer ask him "if he could block all of the IP addresses in China"...

How do you guys get so much spam?

I seriously don't understand how people can say that they "get 100 spams a day". I'm sure you do, but where the hell did you put your email address to get that many??

I have a hotmail address, a university (public) address, a club email address (also public, online) and a "junk" email address, and I have only gotten about 10 spam on all accounts in the past two years.

I actually use those addresses as well, for registering for sites, etc. I don't have to use any spam filters at all. Maybe the problem is not so much with the spammers (although they really shouldn't be sending them in the first place!!) but maybe half of the problem are people freely giving away their email addresses and then wondering why they're recieving emails.

I'm not blaming the victim, by any means, but it seems like a good question.

My solution

[/dev/trash]

I use Sneakemail

Hotmail is usefull

[jsavage47hotmail.com]

Sometimes I just can't get out of registering for stuff online. I just use a hotmail account with the filters set to exclusive and give my POP3 email only to my friends.

Re:Hotmail is usefull

[bezza]

Exactly what I do. How many spam emails did I receive on my POP3 account last year?

1.

How many did I receive on my Hotmail account?

About 40/day.

I think it works well.

Re:Uh

Worthless moderation. This is funny.

A cure for HTML spam...

[aquarian]

A lof of spammers *do* use these HTML mail tricks. However, a lot of plain users send HTML mail, often without knowing it, because Microsoft mail programs send HTML by default. So if you want to read HTML mail safely, do this: block your network connection while opening it. You can unplug the cable, take the mail program "offline", hit the "stop" button on ZoneAlarm, whatever. This won't cause problems with legit HTML mail, because the HTML is usually just for fonts and stuff. But it keeps the spam messages from "phoning home" successfully to get their graphics.

Re:A cure for HTML spam...

It is even easier than that. Use Mozilla and configure it not to get the pictures...

Fool Proof Method to identify Asian spam

I've noticed that all Asian spam seems to have one or more of these key phrases:

* Penis Enlargement
* Bigger Package
* Man endowed with a 2" hammer
* Bigger Erector Set

It seems like small Penis size is a major concern to those living in Asia however, with such small penii it makes you wonder how they grew to 20% of the worlds population.

Ever wonder why Penis enlargement spam never originates from Africa? Africa seems to have too much money and some spammer there is wanting to transfer large sums to my bank account. All he needs is the routing number, think I should give it to him?

TMDA is a quick route to the roundfile for many

While I can appreciate that spam is a problem (I'm currently getting ~30-40 at home, another ~50 at work), TMDA is annoying. Particularly when sending mail to a list, with multiple TMDA users. No, I'm not going to auth all my listmail for you and your kith.

I also use a whitelist/blacklist system, but maintain this on my own workstation. It's almost entirely transparent to my correspondents (occasionally I'll miss a mail and may take a day or two to get back to someone). The tools I use (mutt, procmail, shell scripts) make it trivial to add an address to a whitelist or blacklist (!wl-add, !bl-add in mutt -- these being shell scripts I put together). The entire scheme is base on Lars Wizenius's procmail filters. In combination with spamassassin, the little spam that isn't captured by SA lands in my 'greylist' box. Repeat offenders (few, but extant) get blacklisted.

Works for me and no hassle for anyone I deal with.

Re:TMDA is a quick route to the roundfile for many

[Smoulderer]

If the list managers and TMDA users had things configured correctly, this wouldn't happen at all. Next time you get a TMDA auth request from a mailing list subscriber, point them to Tim Legant's Cookbook for using TMDA with mailing lists - also linked from The TMDA FAQ.

www.blackholes.us

[SlapAyoda]

www.blackholes.us allows you to select a dnsbl for any country or provider. For instance, you can use their verio.blackholes.us dnsbl or their korea.blackholes.us dnsbl. I use the korean, chinese, and taiwanese lists.

Re:Blocking subnets? Use SPEWS.

[walt-sjc]

While there are problems with SPEWS, spamassasin (which I also use) is locking the door after the cows got out. Spews (and other IP based blacklist) is about preventing spam from even getting to your server.

By sending spammers a "500" level error, some will actually remove you from their list. By accepting the mail (spamassasin) you basically confirm that the mail address is deliverable.

I don't personally use any spews like service, jut my own private blacklist which helps reduce the amount of crap that spamassasin has to go through.

I have found spamassasin to only be about 90% effective. If I crank up the settings, I start getting false positives on a regular basis.

hi slashdot crowd here are my main two emails

kc@webchat.org
mark@webchat.org

please use these if you would like to purchase my very expensive product!

http://freshmeat.net/projects/conferenceroom/?to pi c_id=24%2C27%2C22

I like to put my software on freshmeat, but its not really open source, it costs ONLY! $5,000.

This is not spam.

How to get down to 0.0014%...

...even if you've naively left your e-mail address listed as the owner contact for your domain for years like I did. A three-pronged approach:

1) IP-level blackholing of certain large subnets, as I like many others virtually never get any legitimate email from China or Korea, and many of the craftiest fake headers ride on brand new Chinese and Korean open relays. In case of emergency, people there can always use Yahoo or the likes - and I suspect many Chinese and Koreans who communicate with people abroad are already used to doing just that, as blackholing is becoming more and more widespread.

2) RBL's. I personally use bl.spamcop.net and relays.osirusoft.com. These catch 99.2% of "quasi-legitimate" spam, and about 65% of the open-relay spam not caught above.

3) Heuristic tagging via Spam Assassin/procmail/filters/etc as a last line of defense. I personally use a filter file that I edit pretty much every time a POS (piece of spam ;-) manages to sneak through.

This is obviously more aggressive than many people can afford to be, but it's a viable solution for someone with a low signal-to-noise ratio and a high irritability ratio.

Re:Blocking subnets? Use SPEWS.

[Dimensio]

The philosophy of SPEWS is that if an ISP is willing to tolerate spammers, then it's probably best if that ISP is punished, and not just the spammers. If an ISP's 'legit' customers suffer the ill effects of a blacklist, then they should petition their ISP to get rid of their spammers. If that doesn't work, they should move, and deprive the ISP of any legit customers. I don't have a problem with that. The CEOs of ISPs that openly tolerate spam (Qwest) should be shot, but until that is legal, there is SPEWS. An ISP harboring criminals deserves to go under.

Asian Spam blocking

[Facekhan]

I am all for blocking Asian Spammmers, my friend got on some kind of crazy list in Korean or Vietnamese and he can't even read it to find out if he can unsubscribe or if it is spam. He gets like 200 spams a day on an email address linked to his domain name that he pays for.

Re:Blocking subnets? Use SPEWS.

[Dimensio]

If SPEWS is blacklisting your ISP, it is because your ISP is tolerating the presence of spammers. Do you want to trust your connectivity to a company that openly tolerates criminal activity?

This works well for me

[laing]

A few months ago my spam level reached the point that made me do something about it. After looking carefully at all the headers, I concluded that about 80% of the junk (mostly from Asia) came from IP addresses with no reverse DNS database entry. (The IP did not resolve back into a hostname.) Just about all reputable mail exchangers have a reverse DNS entry. (The ones who don't are run by the clueless.)

I decided to use this to my advantage. You can too.

If your sendmail daemon uses the tcpwrappers library, you can create a /etc/hosts.deny
file with "sendmail: ALL" and a /etc/hosts.allow file with "sendmail: KNOWN". (Make sure "sendmail" equates to 25 in your /etc/services file.)

Doing the above will cause your mail exchanger to refuse incoming mail connections from any host with an unresolvable IP address. It will cut up to 80% of your spam.

For the clueless ISPs, you can add exceptions to your /etc/hosts.allow file. (e.g. "sendmail:66.187.232." will allow mail from RedHat.)

I wish more people would do this.

Re:This works well for me

Kinda sucks when your DNS server goes down, and your SMTP server starts rejecting all email. This happened to me a couple of days ago. Lost 5 hours worth of email for all users.

yea well measure this

vi /etc/mail/access .tw REJECT .kr REJECT .sg REJECT

Re:Blocking subnets? Use SPEWS.

Have you ever purchased a high speed internet connection, and I don't mean dsl. Sure, I'll consider moving in 3 years when my 5 year contract is up. High speed internet is sold with a multiyear contract normally. It isn't like canceling a dialup and switching over to something else by just changing the phone number you call.

I'ts working!

[Tablizer]

I did some math on my spam before and after. Now the average promised penis enlargement is 326% instead of the usual 509%

anti-spam???

[dincubus]

while black list and white listing can help.. especially with outside (i.e. non US based spammers) one of the most useful items i have found to work is the following piece of legislation. Title 47 USC 227 granted this citation usually applies to Fax spam.. it has been used, successfully in court, by a few people. and i have used it primarily in email exchanges with companies that are legit, such as mass emailers can be. thos i have smacked around with it most notably are realreply.com and a coupl eothers. i have even spoken on the phone to their legal dept. and basically said "stop the spam or i'll see you in court". lo and behold inside of three days i have gotten no more spam from them. no i have not used this on companies outside of the US namely because of the fact they don't or won't answer emails and i dont have the cash to make overseas phone calls

-1: wishes he were monty python, but is even lamer

[nt]

Asian spam?

[BrokenHalo]

I apologise in advance if the following comes across as flamebait, but in my experience, 97% of the spam I get (I live in Australia) originates from the USA. 1% originates from .kr, .tw and .jp, and 2% originates from .ru IPs.

I have been tempted at times to adopt a simple shotgun approach of blocking all US netblocks, except that a small proportion of my email from US domains is legit.

Re:Security Through Obscurity

[ninewands]

Yes, as long as the e-mail address you post is @127.0.0.1

Re:How I block Korean spam (Using Outlook Express)

Pretty simply way to delete most of the korean mail.

Create a rule that deletes messages that don't contain the word "the" in it.

It's improbable that an English-speaker would write an e-mail without the word "the" in it.

Re:Blocking subnets? Use SPEWS.

[Dimensio]

If your ISP is selling you services, and then acting in a way that causes the services to be less valuable, then that is their fault. ISPs know about SPEWS and they know the potential consequences of tolerating spammers. If they host spammers and their IP blocks get blacklisted, then any IP block that they sell to you is damaged goods. Again, your dispute is with your ISP, and I'd consider consulting a lawyer regarding your ISP's breach of contract.

Annoying Forwards

[leabre]

I've had an email address for about a year that was not once used for any reason at all. Never received, never sent. One day, I sent an email to a relative who had just got their email account and was excited to be on the web.

A month later, I got forwarded one of those "send this to x people and Bill Gates will send you $3,014 for each 3rd person... no really, it's true, just the other day I recevied my $10 million dollar check from ..."

I replied and told her never to do that again or she will be blocked and I'll never email her. I explained to her why she shouldn't do that. It's because someone somewhere along the line will get the 30 times forwarded message and will glean the 100's of emails that are a part of the message body from all the forwards and put you on a list.

Now, everyday I get 1 or 2 Univerity Diplomas emails, they just don't stop sending them, Every day Janna wants to know what I was doing last night, King Kong keeps wanting me to buy some Herbal Viagra alternatives, FBI snooper detection prevention software, and a chance to win a free 3 carot dimand after I send $2,000 to sponser some foundation... yeah... uh huh...

I'll tell you, those funnies you send and recieve everyday is a really good way.

The other way is to reply to a spam to be removed from a mailing list. In the same mail account, I replied to a few to be removed from the list and shortly after the volume of messages recived almost doubled. Now it's a useless email account that receives over 600 emails per week. It's sad because I've only sent and recieved less than 10 legitimate messages from that account in the past 5 years and this is what I get in return for it.

Bottom line:

* Warn your friends and family not to send
you forwarded email. Explain to them
that most of those messages are hoaxes,
anyway. Companies don't pay to you to blast
the Internet with messages.

* Second, don't reply to spams when you do
receive them or it will just confirm an
active account. I used to spoof returned
mail notices but those don't help any,
they also make it worse.

* Third, if you do recieve a mass-forward,
you're already at odds.

* Each time you sign up to a new web-site, read
the privacy statement. Usually, you're info
will be shared with a partner. Check that
partners privacy, because usually that partner
will share your info with a partner and so on.

Your email address is usually not kept secret
anymore. They make too much money by selling
to people. If they are European based, then
it might be more secure because of privacy
laws.

* Opt-out of those "important updates from the
company and their partners". This will just
generate more unwanted messages than you'll
care about. I've opted-in to some in the past
that were supposed to be monthy tech news
updates on important issues. Well, one day it
became daily. They changed their policy with
out notifying me.

* Most sites reserve the right to change their
privacy policies at-will and with no obligation
to notify you. They expect you to keep up
on this yourself. The best advice is to do
so. I've cancelled membership to some sites
because of this. My data is not theirs to
profit from while I profit nothing from it.

* Obvious names, such as "kitty@domain.com,
bmwlover@domain.com, studmuff@domain.com, etc"
are likely culprits. Sometimes they perform
dictionary based attacks on many domains and
it may just be your lucky number. What's
worse, is that they CC so all emails are there
and other spammers gather those emails and then
you are placed on another list.

* Anything else not mentioned. Keep in mind,
these are only spam "reduction" techniques. I
think it's very difficult and next to
impossible to not be spammed. Being aware of
certain actions that will trigger a result and
preventing those actions, will help greatly.

* If they leave a return address, sometimes you
can complain and have their account revoked.
This won't stop them, they'll open another
account and continue.

* Push for a law that allows the sponsor of the
spam to be sued for damages and inconveniences
rather than the sender. For example, I've
recived over 200 unvirsity diplomas messages
which all have the same phone number, but each
message is from a different sender. If we can
sue the owner of the phone number, than that
would go a great distance because it would
make people afraid to market in that mannor.

Well, hope this helps,
Leabre

Purchase Product X Or Else...

[leabre]

DeaR reCipieNT,

yOu haVE beeN GiVEN manY OppURtunItiES tO puRchASE proDuct X viA thE MILlioNS of emAilS YOu reCieVE eAch wEEk. You HAVe refuSED. We NOw HavE YoUR EmaiLS RansOM. If YOu FAil to puRChasE braND X by SundOWn FridAY usINg InterNET eXplorER 5.01 or HigHER WitH WindOWs 2000 SeCURity SETtings MimIMUm... You'LL neVeR SeE youR EmailS agAiN ;)). You ARe PRevEnTIng Us froM UsinG You As a StatiStIC. We HOPe YoU wiLL dO the riGhT ThinG.

The theory behind it

[SystematicPsycho]

Don't receive email and you won't receive spam (maybe in the mail still, "You may have already won!"). It's like those security experts who say "you want a safe network? switch the damn thing off", effective, but also useless.

What about management?

[Mustang+Matt]

So do you add another DNS record for every site you visit?

Seems like a big hassle on the management end.

Re:What about management?

No, use a wildcard MX.

*.foo.example.com IN MX 5 example.com.

When you give out addresses, give out company.foo.example.com. If they abuse it, define an explicit entry for it.

company.foo.example.com IN MX 5 blackhole.example.com.
blackhole.example.com IN A 127.0.0.1

That reduces the management hassle to the case when they sell you out, and lets you create anything you want up front.

Re:What about management?

[quantum+bit]

So do you add another DNS record for every site you visit?

No, just ones that demand an email address and that I care enough about to give a real one.

Seems like a big hassle on the management end.

I have some scripts that add the DNS record (Secure DDNS is your friend), create a folder on my IMAP server, and add an entry to my sieve script. It's just a single command to add a new domain, and all it's mail gets routed where it's supposed to...

Up-mod: +10, Vertebrate with Opposable Thumbs

Thank God somebody around this hellhole can read and write.

Koreans - they're so darned courteous

[K-Man]

If you look at the guy's subject header list, and change the encoding to EUC-KR, you can see that the subject of each Korean message identifies itself as spam. Look for this string (this page also in EUC-KR):

±í [ÎÆͱ] an advertisement; ad; an advert; [¾Ë] a notice; an announcement; [¼±Àü] advertising; publicity.

"Harvesting"

[discHead]

In cases like this, the appropriate term is not "harvesting"; it's "poaching."

Re:Blocking subnets? Use SPEWS.

[thrig]

If you run SpamAssassin after the MTA, sure, the cows are out. Better to run SpamAssassin integrated with your MTA if possible, which can be done with Exim, Sendmail, and possibly others. Doing spam checks at the MTA level also lets you look at the mail envelope data and similar that SA cannot check on.

Granted, you tend to have to run your own mail server to do this, but hey...

Well,...

[Blingin'+AMD]

Considering that a lot of people who complain about spam are too computer illiterate to do anything about it, (i.e. My Mum.) a statement from the FTC is a smart decision, since the computer illiterates (some, at least) will have access to that statement.

How about access control lists?

[leereyno]

Is there ANY reason to accept emails from asia in the first place? I don't know about you, but I don't know anyone in China, or Nigeria for that matter. I've got no qualms about dropping every single email that originates from outside the U.S.

That solution would work just fine for me, but what about people who actually do need to hear from others in 3rd world countries?

A possible solution to this problem that I've often considered is an access control list. Basically you would have two email boxes, an inner one, and an outer one. Everything would show up in your outer box and those emails coming from a known good source would be transferred to your inner box. This way an email from your mom would be passed through because her email address would be in your approved list, but an email from somewhere else would not be unless you added that person's email address to your list.

Most of us aren't getting a ton of legitimate emails from strangers. We use our emails to communicate with people we already know. This is why the access control list method would work. Combine this with a web filter that deletes porn spam, scam spam, and other obvious BS, and even our outer box would be relatively empty.

One thing that occurs to me is why haven't we heard to people launching DDOS attacks on spammers? Crackers are scum, but if they were to hose up a spammer or two I for one would not complain. Why attack amazon or yahoo when you can attack some jackass overseas and actually do the public a service?

Lee

Re:How about access control lists?

[Tim+C]

what about people who actually do need to hear from others in 3rd world countries?

Asia? Third-world? You do realise that Taiwan, Japan and Hong Kong are Asian countries, don't you? You know, those little backwater places that make most of the cool high-tech toys in the world? Hell, chances are a lot of the stuff in your PC is Taiwanese in origin, and Japan has stuff that you won't see in Europe or the US for years.

Re:How about access control lists?

[plover]

Funny, I thought I realised that Hong Kong was a city in China.

Silly me.

Address assingments in many small blocks :-(

It is a pity that the folks at APNIC scatter their address assignments so badly. How convenient would it be if large blocks of addresses would be assigned to countries like China and Korea so we could block them with a /8 or /12 or so.
Now you will need to block many small networks and still run the risk of blocking an innocent Australian corporation...

Not only a large part of all the spam comes from China and Korea, the same is true for the hacking (portscanning). I guess the system administrators and policy makers are just clueless there.

Re:Asian spam...

If you think KFC invented the spork, you must be really fat.

[moron alert] Re:Blocking subnets? Use SPEWS.

The Anonymous Coward above me whined:

SPEWS can rot in hell. A properly configured SpamAssassin will block 98% of spam and have 0.01% false positives (I haven't gotten one false positive in a year, but I will someday).

SPEWS may rot in hell (will there be room with all the spammers down there?!) but until then, I'm sure they are glad a moron such as yourself is enjoying the benefits of using their system!

The SPEWS data is part of the DNSBL system that SpamAssassin uses, and is in fact given a nice, high, +2.730 "spam value." A "0.01% false positives" rate?! Does that not show that SPEWS is not the "black your entire NSP" (whatever that means in English) type list you're ranting about.

The moron added:

Please, please don't support SPEWS. I beg you.

Why? With your ringing endorsement I think we all must!

Re:Blocking subnets? Use SPEWS.

You can't?

Maybe because it works, blocks huge quantities of spam and blocks close to zero legit email?

You got "bitten"? Well, maybe you host on one of those sleazy spam supporting ISPs then? Why the hell would I want email from them OR you?

Re:Blocking subnets? Use SPEWS.

Get real. Several VERY "large commercial services" use SPEWS - mail.com, excite.com, SBC; you think they would be using it if it rejected masses of legitimate email?

Why do I hear the whine of a spammer, or poor peon who hosts on a spamhaus, in your rant?

Re:Spammers in Korea are required by law to

[Jim+the+Bad]

Mod parent up as informative!

I've just checked my spam bucket, and about 90% of the mails in there have "±í" in the subject line. Nice one, something new to filter on - thanks!

Re:How I block Korean spam (Using Outlook Express)

Hi Bob!

I'd really like to have diner with you tonight. Could you please pick me up at 1900?

See you tonight!

Jenny

Re:Still no one has an answer, what do we do about

[Paul+Sinnett]

I had an idea for automatically identifying spam - I don't know if anybody has tried it? What you do is seed newsgroups and IRC etc with a phony address. Then you check your mail vs the mail to the phony address. Any mail which goes to both is spam and can be automatically returned to the originating ISP with a complaint.

For Unix users

[Paul+Wright]

Cloudmark is the commercial end of Vipul's Razor, which you can get working on Unix.

For various reasons, I prefer the Distributed Checksum Clearinghouse (DCC) over Razor: I've written a HOWTO on getting the DCC working on a home Debian system (Exim/fetchmail). It catches a lot of spam.

"Canada is indeed just above [USA] on a map"

[I+am+Jack's+username]

Above? Are you sure?

Interesting Tactic... We Did It Too...

[CokoBWare]

Although we used the tactic for web-based attacks on our servers, our security manager has been dilligently block the subnets responsible for the attack... interestingly enough the majority from China, Korea, and Russia. We still get attacked, but progressively over the last year, most of the attacks have turned out to be North American domestic attacks. I guess hackers are gaining access to more domestic unprotected systems than ever before.

So a few words to all network security admins .... patch up the dang holes in your servers! ISPs... keep your SMPT servers safe from relaying...

Or as Nike says... Just Do It!

SpamCop.net

[DebianDog]

I have been doing various things for years to try and counter spam. I recently joined Spamcop.net and have blocked and reported over 195 pieces of spam since Nov 1st. What a blessing! I never guessed I was getting an average of 13+ spams a day.

All my POP account are forwarded though thier service and questionable mail is moved to 'Held Mail'. Once in 'Held' status you give them a quick check to be sure they are really spam (I can usually tell by the headers) and then it is a 1-click report to report them to thier ISP and relays. Addtional filters can be put on, but I have yet to have a need. I am VERY impressed!

If things do get though, the inital filters, you have multiple ways of reporting it from e-mail to cutting and pasting the headers and message. All this for less than $3 a month. Money well spent not to have to change my email address every few months.

Re:hooray

Wow, the moderators must be missing their "sarcasm" supplement today. *MY* comment was the deliberate flamebait, and it got modded up +1.

Hey!

[jotaeleemeese]

He clearly said he is happy with only US email.

One could easily infer that he would not know anything about those funny places you mentioned.

Re:Blocking subnets? Use SPEWS.

Do you want to trust your connectivity to a company that openly tolerates criminal activity?

The problem is that they block anyone - even hosting services that drop spammer's accounts as soon as they're notified.

I've used two different hosting services that get listed on spews ever so often even though they terminate spammers as soon as they are notified. THe other problem is that there is nowhere for them to notify anyone that they took corrective action. Spews also doesn't inform anyone that they've been put on their blacklist.

Re:Spammers in Korea are required by law to

[jonadab]

Nice. I'm already filtering ks_c stuff, but this catches some Korean
spam that slips through by using utf8 or just plain not specifying
a character set. Thanks!

Re:Blocking subnets? Use SPEWS.

[arkanes]

SPEWS blocks my IP, which is a cable modem dynamic IP. I have no idea if it's because my ISP doesn't crack down on spammers or what, but considering that it is (literally) my only choice for broadband, it's fairly annoying.

Bad method for images

As a bulk emailer, that's a very poor method for verifying opens. Most filters look for url's with parameters and tag it as possible spam. Thankfully, with well written email creation scripts combined with mod_rewrite I can get around that without a problem.

Now IP blocking is a different story. On all of our emails we have a working unsubscribe. No addresses are harvested and we verify everything we possibly can. I do feel dirty on occasion but then again, I've got a job.

Anonymous (for obvious reasons)

Re:Bad method for images

[Qrlx]

When you say "you feel dirty" how do you think you compare to those poor schmucks whose job was to incincerate all the bodies during the holocaust? Are their actions excusable because the alternative would have been death? Or are you less evil because your crime, though of your own volition, is comparatively so less heinous?

I used to work for the military, by the way. These days I hope I'm doing better work in the healthcare field. I am pretty sure that I have directly contributed to the death of at least one Iraqi radar technician.

People will do anything for money.

Re:Ultimate Anti-SPAM plan - another idea

[Weaselmancer]

I'll throw in my $.02 and add my idea in. Dunno if anyone has thought of this before.

How about a 180 degree approach? Say for instance you host a site, somewhere.com. And run a mail server there. So, you set up a honeypot account, innocent@somewhere.com and post it everywhere. IRC, public forums, all over your webpages.

Every spammer in the galaxy will spam that account. Use the metrics gathered to protect your other users at somewhere.com to block spam for them.

Example - if innocent receives an email with a header like "herbal viagra slk234ksj23jsd23" from "Amy Smith", erase all "herbal viagra *" messages from "Amy Smith" incoming that day.

Would be great to have on relays too. Seems like a good-ish idea to me.

Weaselmancer

Re:KUDOs to Moderators for "insightlessness"

[hafidhahullah]

As usual the hogwash and tuppenny conventional wisdom gets moderated up to "insightful" with no foundation. This comment, as well as the follow-up "me too" above are both incorrect. Most asian spam is written in a language such as "BIG-5 CHINESE" and will appear in your mailbox as either garbled SMTP or in Chinese characters. Same for Korean spam. They may be using open relays but the spam originates in Taiwan, Seoul, and Shanghai. Quite a lot originates in educational institutions, as messages from computer science students doing "testing." Most is from people trying to make their yen fortune working from free web-site hosted "home business" opportunities. There are thousands of them hosted on yahoo.tw, hinet, hitron, fetnet, giga.net, seed.net, tpts and tcts.net, hundreds of other ISPs that do free web hosting.

asian american who only speaks english anecdote

[Mark+Danger+Chen]

I also used to get a lot of spam, mostly from Taiwan. This was like 5 years ago. At the time I was sure they spammed me because of my last name. Around the same time, Sprint, AT&T, and any number of other phone companies telephoned and sent me mailers in Chinese. I was infuriated and frustrated because I can't read Chinese nor the weird crap that was coming through because pine wasn't decoding the messages anyway.

To counter all the spam, I researched blocking any messages that were not in English. Unfortunately, I couldn't do much since it was my college account and I was just using pine and I wouldn't exactly call myself technically great in unix. Eventually, I gave up and told my alma mater to delete my account. On my new accounts I've never gotten Asian spam!

To counter the phone calls, I asked my mom to tell me how to say "Please remove me from your phone list" in Mandarin. It was written on a notepad near our phone so everyone in the household (only I could understand spoken Mandarin) could tell the phone people. Unfortunately, the people they hire are less than intelligent (the stereotype of telemarketers outweighs the stereotype of Asians I guess), and as soon as it was clear you didn't speak Mandarin very well they just hung up, so we were never sure if we got them to take any action on their part. Eventually, we got rid of our land line and got a cell phone for home use. On our cell phone we've never gotten any solicitors, but we did once get a text message telling us to vote for American Idol (what the f*ck?!...bastards!).

As for the mailers, I don't know why but they stopped about 3 years ago...

What pissed me off the most about this was that I felt like I was getting more than my fair share of junk mail, spam, and phone solicitors simply because of my last name. I was angry that the greatest act of prejudice due to my ethnic heritage came from people of my ethnic heritage. And I was really, really exasperated at my parents who, I found out while staying with them for the holidays one year, actually liked getting the phone calls in Mandarin and would talk to the phone people as if they were relatives!

On a side note, I do also speak Spanish, but I doubt the spam I get in Spanish has anything to do with their knowledge of that.

mark

sometimes the isps do listen

[dickens]

I bawled some Hong Kong based guy out and reported him to his provider because I got some spam, and rarity of rarities, the return address wasn't spoofed.

It turns out a legit customer of his typoed his email address, using my domain instead of his similar domain.

I ended up appologizing to him and his provider..

Re:Blocking subnets? Use SPEWS.

[EvilAlien]

That sounds great in theory, except when you get unreasonable and difficult to deal with processes for addressing problems. Spam havens aren't the only ones slapped with the SPEWS ClueBat of Indescriminant Wacking.

SPAM sucks, we can all agree. Truly SPAM tolerant ISPs need to be educated, we can all agree to that too. I don't think SPEWS is particularly good at doing that effectively or respectfully.

Re:Blocking subnets? Use SPEWS.

[EvilAlien]

... because you are a Paranoid Coward. Its unfortunate that you need to try to discredit my point by associating it with the enemy.

I've seen SPEWS clumsiness in action. That isn't to say the ISPs involved could do their side of fighting SPAM a bit better. Nobody is perfect, my opinion based on observation of fact is that SPEWS is less perfect than I'm willing to tolerate as a solution for fighting spam.

"Opted In", my tail

[BillX]

If they're so legitimate, how do I keep ending up on their lists? (To hear it from them, I have opted in quite a lot.)

yahoo mail and spam

[Quixadhal]

Amusingly enough, my email address on yahoo gets incredible amounts of spam (about 100 a day last time I looked), and 90% of it is asian spam. This is despite their vaunted spam filter. Why? Simple... their spam filter lets anything through that it can't recognize as something to block... and it can't block non-US character set headers!

I've suggested to them several times that since it's obvious that my settings are to use the US-ASCII character set, they should block anything which has a character-set that doesn't match. Of course, I may as well suggest that a brick wall consider painting itself blue.

Considering that I'm connecting to the internet via an ISP in the US, would it be too much to ask that mail servers on this network reject messages where the FROM header is blank or contains characters outside the conventional norms for US ASCII? Put whatever you want in the body, but use a header that's decypherable at your destination!

How I block spam...

[rawg]

Here is how I do it. The program:

#!/bin/sh /sbin/iptables -F for n in `cat /root/drop_list`; do echo Dropping $n /sbin/iptables -A INPUT -s $n -p tcp --dport ! www -j DROP done

The list

209.236.61.0/24 217.0.0.0/8 64.239.128.0/18 134.215.215.0/24 80.0.0.0/8 63.219.177.0/24 64.83.123.0/24 199.243.150.0/24 61.0.0.0/8 200.0.0.0/8 220.0.0.0/8 210.0.0.0/7 218.0.0.0/8 212.107.32.238 213.36.80.91 213.130.63.232 216.247.126.0/24 216.247.126.0/24 200.174.97.0/24 200.23.39.21 202.0.0.0/7 209.61.181.245 65.203.110.0/24 208.51.248.12 66.126.56.210 209.225.55.0/24 216.250.97.8 128.8.182.4 203.238.133.122 195.208.16.151 207.202.64.58 198.41.3.60 66.150.40.0/24

Re:How I block spam...

[rawg]

Damm, that Preview button is too close to the Submit button. I didn't want to post it, I wanted to preview it.

want no more bukkake porn spam? no problem!

[zonker]

popfile removes the bad taste in your mailbox that spam leaves...

Where will you publish results?

[douglips]

Please let us know where we can find your results of this test. I'm intrigued.

Re:Blocking subnets? Use SPEWS.

[why-is-it]

ISPs know about SPEWS and they know the potential consequences of tolerating spammers. If they host spammers and their IP blocks get blacklisted, then any IP block that they sell to you is damaged goods.

I hate spam as much as anyone else here on slashdot. That said, I think you are really grasping at straws here. The SPEWS folks are doing more harm than good in their indiscriminate blocking. Hey - if they only blocked known dial subnets, that would be fine, but they don't do that - they block all known subnets registered to that ISP and there is no means to be removed from the list. I'm sorry, but that does not seem like an appropriate measure and I no longer use their list. It is wrong to assume that every ISP is a spamhaus.

Again, your dispute is with your ISP, and I'd consider consulting a lawyer regarding your ISP's breach of contract.

How does that make any sense? Due to the actions taken by some anonymous third party, I should sue my ISP for breach of contract? ISPs are just a conduit. I contracted for a pipe to the Internet, and my provider has given me that. I fail to see how they have breached that contract by giving me exactly what I paid for.

Please explain to me how a spurious lawsuit that is doomed to fail will fix anything?

answering machine spam in chinese

[theBOPfromH*LL]

Forget email! I've started getting answering machine messages left in chinese. I mean almost everyday for the last 2 months, when I get home I find a recorded message on my answering machine in what sounds like chinese. Same message every time. How do I block that?

Re:Blocking subnets? Use SPEWS.

[Dimensio]

If you contracted a pipe that has been blocked by a great number of sources because of your ISP's tolerance of spammers, then you could make an argument that they knowingly have hampered your services through their inaction.

Your ISP sold you connectivity with a reasonable expectation of functionality. If half of the internet is blocking that connectivity and it can be demonstrated that the blocking is being done because of your ISP's tolerance of criminals, blame your ISP. Complain to them, tell them that you won't pay for service that is less than adequate as a result of their actions.

Relays (was: Re:Just a note)

[MrDemeanour]

You can download Jackpot, a free relay honeypot written in Java, from my site.
Runs out-of-the-box, and provides hours of childish entertainment. It's easy to use on Windows,
unlike most honeypots, which are usually built on top of *n*x mailservers. In fact it doesn't work
(yet) on Linux.

(Anyone know why /. munged "[uk.net]" into my post? I couldn't get rid of it.)

Re:Blocking subnets? Use SPEWS.

[why-is-it]

If you contracted a pipe that has been blocked by a great number of sources because of your ISP's tolerance of spammers, then you could make an argument that they knowingly have hampered your services through their inaction

The pipe isn't blocked! There are a finite number of hosts that will not accept SMTP connections from certain subnets, but that's all. It is not as if the backbone routers blackhole all packets from that source or other ISPs will not exchange routes with that AS.

Your ISP sold you connectivity with a reasonable expectation of functionality. If half of the internet is blocking that connectivity and it can be demonstrated that the blocking is being done because of your ISP's tolerance of criminals, blame your ISP.

Give me a break! First off, sending spam is not a crime, although it should be, but I cannot imagine how it could be made so unless there were some trans-national body that could enforce such a law. Spammers are all liars and thieves, but no government seem to be able to make if a crime for them to steal my bandwidth. As for the rest of your rant, the number of mail servers who use any blackhole list (least of all SPEWS) is remarkably small and my original point still stands in that the ISP has not failed to provide what they were contracted to provide. Stop being a SPEWS apologist. If SPEWS would only put IP addresses in their list where SPAM originated from, or only had dial subnets in their list, it would be a good list. Instead, blackhole the entire ISP regardless of whether the ISP took any action to halt the Spammer's access - and the list admins won't remove an ISP from the list once it gets added. So spare me the sound and the fury and instead let us focus on a reasonable solution.

Re:Blocking subnets? Use SPEWS.

[Dimensio]

If SPEWS only put spammer IPs in their list, then ISPs would have no incentive to get rid of spammers, and ISPs would (as they have been observed doing) simply move spammers from one IP to another to avoid the blocks. Sometimes when you get a blocked IP it is because it used to belong to a spammer, but the ISP moved the spammer because that IP was blocked. In that case, the ISP was definitely selling damaged goods, because the reputation of that IP address was already sullied.

In any case, SPEWS has two levels of listing. The one where innocent third parties would be hit is typically on level 2, which is not recommended for anyone who does not want hardcore filtering with known collateral damage. SPEWS's level 1 listing typically will block the spammers but not the innocent third parties. If you're getting rejected, it's probably from a place using level 2 filtering.

Some spam tracking tools

[Black+Copter+Control]

Some time ago I put together some spam tracking tools: One is whoois it takes a URl peels off the http: and /path/ then does a whois lookup. If it recognizes a redirection it will follow (i.e. it will do lookups apnic and kornic, etc.)

The other is peelhead. Peelhead goes through a mail spool file and finds the IP of the machine which transmitted email to your MX host. You need to prime it with the hostnames/IPs of your box and macnines which accept email for you (e.g. your ISP and their secondary MX hosts) I found it useful for doing bulk statistics on the sources of spam. One common use would be:

peelhead Junk_Mail | sort | uniq -c

or:

peelhead Junk_Mail | sort | uniq -c | sort -nr | head -20

would give you a list of your top-20 spam sources

Re:Blocking subnets? Use SPEWS.

You said a dynamic IP?!

You'll find that a lot more than SPEWS blocks dynamic IPs. Use Optonline's mailserver or zap your connection and get another dynamic IP, but again, dynamic IPs are listed on several blocklists.

See if you can get a static one, if you don't spam, you'll be fine.

Last Post!

[alpg]

A priest asked: What is Fate, Master?
And the Master answered:
It is that which gives a beast of burden its reason for existence.
It is that which men in former times had to bear upon their backs.
It is that which has caused nations to build byways from City
to City upon which carts and coaches pass, and alongside which inns
have come to be built to stave off Hunger, Thirst and Weariness.
And that is Fate? said the priest.
Fate... I thought you said Freight, responded the Master.
That's all right, said the priest. I wanted to know
what Freight was too.
-- Kehlog Albran, "The Profit"

- this post brought to you by the Automated Last Post Generator...

Please Don't Say Asia

Japan is different from Korea and China.