Slashdot Mirror
The Measured Effectiveness of Blocking Asian Spam
fadden writes: "I recently started blocking IP addresses in China and Korea that were sending me spam. Instead of a blanket ban, I only blocked the subnets from which spam was being sent. After my first week of scanning and banning, I wrote up
a report on the effectiveness of the blocks." In related news, SSKennel adds that: "The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed. It claims to have taken action against spammers who harvest email addresses and use them to send fraudulent spam." Shocker!
Is there any other kind?
A resounding DUH arrises from the competent computer users of the world.
that Canada is indeed just above us on a map.
about you know how shocking it is that revealing your e-mail address in a chat room will get you spammed. But I think the poster already kinda did that. /me ponders getting a job at the FTC telling them all sorts of things they don't know. Like how signing guest books with your real e-mail address will get you spammed, using AOL will get you spammed, using hotmail....
The GeekNights podcast is going strong. Listen!
Glad my tax dollars are helping fund these ground-breaking studies :)
This page was generated by a Flock of Attack Kittens for you.
Subject says it all. I block so much spam by using spews.
On the other hand, 15 or so spams a day (in a language I don't even understand) every day is a major waste of bandwidth, and as irritating as hell.
What can we do about this nusiance?
-- And when Justice is gone, there is always... Force. --Laurie Anderson, "Oh Superman"
Proper Trademark Use Guidelines.
Please Do:
Always put the trademark SPAM in all capital letters.
Follow SPAM with "Luncheon Meat" or other descriptor. Remember, a trademark is a formal adjective and as such, should always be followed by a noun.
I prefer Group Spam and Teen Spam with the occasional Anal Spam. To Be honest, I am kinda sick of the Asian Spam.
And AS for effectiveness! That stuff works all the TIME.
I'd just like to know if it's still safe to post your email address on Usenet?
sig:- (wit >= sarcasm)
We've had to block a number of Korean & China-based IP's in recent months (especially during the Summer). In addition to blocking a number of temporary (PPPOE and such) IP's by domestic service providers, (read: Comcast), the foreign IP's seem to be more static, but also offer a higher quantity of spam. (Are a number of these just open relays?) Though, in our case, it's usually short-lived. Except for Klez, which is the devil.
Good point about the pig singing. While Comcast is extremely unhelpful (bordering on incompetent), foreign ISP's don't face any accountability. There's no decent legal recourse. So blocking the IP is the simplest route.
Has anyone else seen a significant amount of spam from Brazil? Where is the onslaught of OSS Bayesian filters?
Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety
I recently started blocking IP addresses in China
That's okay. They're used to it.
I once had an email that I didn't want.
Before I knew it, my mailbox was full
The emails were just a bunch of bull.
Why or why do I get this spam?
I don't even like the canned stuff,
Thats just a bunch of fluff.
I need to stop handing out my email.
Chat rooms are to common of a place,
to see my email all in lower case.
Please tell my why I receive spam.
Is it because I give it out?
Or how do the sites get it when I roam about?
O why, O why, do I receive so much spam?
I get about 10 spams a week now from Argentina. Normal spam is bad enough, but I can't even understand what it is they are supposed to be selling. How silly is that. For the life of me, I can't work out where they could have got my address from. I've never had anything at all to do with Argentina.
Bemused!
I started blocking off all Asian Pacific networks about 6 months ago. I wrote a quick Sendmail tutorial about it right here.
How well does this work? Extremely well. I've gone from receiving 20 pieces of SPAM a day to only 1 or 2 (which Spamassassin typically catches. I realize that this method won't work for everyone, but it has worked out quite well for me.
--It's Pimptastic!--
"The U.S. Federal Trade Commission has discovered (prepare to be amazed!) that revealing your email address in chat rooms can get you spammed. It claims to have taken action against spammers who harvest email addresses and use them to send fraudulent spam." Shocker! "
Revealing your email address on Slashdot can get you spammed. You may have noticed my sig says "Sig: I'm performing an experiment on the origination of SPAM, don't email me.". What I did was I set up a junkmail box and pointed my Slashdot email address at it. The only place this address has ever been made available is in my user address that is displayed whenever I comment. When this address is e-mailed, it automatically responds with "thanks for the unsolicited mail!" I don't read the messages unless somebody responds to it.
What prompted me to do this was the 'armor plate your email address' feature in my user settings here on Slashdot. It made me curious if having my e-mail address viewable in the comments I make would mean I'd recieve lots of Spam. My curiosity is satisfied: You can get a good deal of SPAM if you don't use the 'armor plating'.
You know what? They don't just look for e-mail addresses to send mail to. They also use the e-mail addresses as reply-to addresses. I found this out when I got an email from a guy who was puzzled by my auto-responder emailing him. It turns out that somebody sent a message to me and used his address as a reply-to address. Weird, Iddn't it? Fortunately he was very nice and we got that all settled, but it is a little disconcerting that the addresses are used in ways like that.
When I first started this experiment, I responded to the messages I got. I accused one guy of harvesting my address without really reading what the message said. Turns out, the guy ran a mailing list for local (to him) volunteer firefighters announcing a meeting. This wasn't the type of event that somebody would 'direct market'. Heh. Evidentally, somebody volunteered my user address only displayed on Slashdot to his list. How weird is that?
I am extremely curious if anybody has any insight into the motivations of people who'd use email addresses in these ways. I can understand somebody using my email addie as a reply to address, but I have no explanation for why somebody'd volunteer me for a volunteer firefighter's list.
If you're running Outlook 2000 or XP - Cloudmark is a nearly PERFECT solution to Spam - and IT'S FREE (for now, at least).
And probably lots of legit mail too, unless you have a tiny mail server. SPEWS is an awful choice for large commercial services, they subscribe to the "throw the baby our with the bathwater" theory. They are ever more clumsy and heavyhanded than ORBS was.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
I've invested significant money some years back in a domain name so that I could give my clients and friends an easy to remember, unique email address. I consider it a significant investment, because it looks good on a CV, business card, or letterhead, is easy to remember, and it cost me time and money to establish it.
However, a number of spam companies have picked up on my email addresses at that domain, and have distributed it on a number of those unpteen-million address CDs sold to other spammers. I recieve over 100 unsolicited emails a day. Now, I try to filter them with software filters, but due to the hit-and-miss nature of heuristic filters, legitimate mail is deleted on occasion.
The way I see it, my unique and expensive email address has been devalued by these spam companies, because the whole point of buying that domain name was so that I could use it publically. If I have to keep it a secret to avoid spammers, it is worthless! I can't even use it as an example while writing this article, because it would be picked up by yet more spammers.
I wonder why nobody has tried suing along these grounds. Think about it: If some company had invested time, money, and effort into setting up a toll-free hotline for their customers and/or clients, but had the service ruined by telemarketers jamming the system with 100x more junk calls than the real calls the company recieves, the next outgoing call would be to a lawyer!
Spam from asia is last on my list of annoying stuff, it's the 'viagra/mortgage/whatever' stuff from the good old US of A that is bothering me
MP3 Search Engine
The /. crowd always seems to be talking about how huge the Asian spam problem is. So as an experiment, I've been keeping my spam in a separate folder for a few months, and less than 3% of it is Asian in origin (counted by relay server used AND the spammer itself). Over 70% of it, originates in the USA, and are mostly USA cons/scams/pseudo-products etc (diplomas, anti-spam software, spam software, porn sites, "hot strock investment advice newsletters", "work at home", MLM etc, "lose weight", search engine 'promote your website' offers etc).
Why the discrepancy, am I just an outlier, or are slashdotters exaggerating the non-US-originating spam problem in relation to the US-originating spam problem?
Worse - How in the hell did they find out about my childhood family orgies?!?
----------------------------
Esobofh - Currently drinking fresh mango juice.
I do the exact same thing - blacklist $IP_ADDRESS/23.
My list is available at:
http://enthalpy.homelinux.org/spammers.txt
Oh Marge, anyone can miss Canada on a map, all tucked away down there.
--Homer
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
58. fadden 3000+ AUDIO Books on CD wrv
64. Information fadden
65. fadden this will help you look good and feel great
67. Money for fadden
What the hell is "fadden" ?
the best pr0n comes from asia.
...does it help to suggest that the spam in question is perhaps not originating from Asia, and is more the result of lax relays?
The spammers are outside of Asia, and simply target open relays where ever they find them.
The stats by the submitter show that most of not all the mail is in English. That should tell something about the true origin of the spam.
If the open relays were closed, the spammers would move to other hotbeds. Let's work to educate the admins in Asia, and force the spammers to back off using open relays.
I'd agree with you *if* most servers came with Chinese|Korean|Japanese|etc documentation.
That spam Siam
That spam Siam
I do not like that Siam spam!
With apologies to Theodore Geisel
I block China, Korea, and Nigeria country wide. I also use the SBL from spamhaus.org, plus I've added some personal "favorites". This doesn't catch all the spam, however. So on top of that I run everything through SpamAssassin. Anything with a score of over 15 goes into a spam account (I check it occassionally to make sure there are no false positives). Anything with a score of at least 7 is marked as possible spam but still delivered. Spam rarely gets through, but the system isn't perfect and I doubt if it ever will be.
-- Will program for bandwidth
I know that Spam Assassin is a bit resource hungry, and isn't practical for large scale operations
Au contraire, if you're clever about it, SpamAssassin works great in large-scale operations. In conjunction with MIMEDefang, people use SpamAssassin to scan a lot of mail -- over 1 million messages/day in two sites I know of.
I hate spews. spews is everything that is wrong with anti-spam work.
There is no way to get off of the SPEWS blacklist, and if they black your entire NSP for one of the NSP's customers... tough luck for you. You can post to a usenet group and beg, and they wont do anything other than tell you to break your legal contract and go elsewhere. 20 people will harass you, and you can't even know which one to listen to.
SPEWS can rot in hell. A properly configured SpamAssassin will block 98% of spam and have 0.01% false positives (I haven't gotten one false positive in a year, but I will someday).
SPEWS is NOT how one prevents spam. SPEWS is how one pisses off the people trying to mail them.
I can't stress enough how much I hate SPEWS and how much it should die.
Please, please don't support SPEWS. I beg you.
One person's "Duh!" is another person's "Huh?"/
This could work, though. There aren't really that many different spammers. If the FTC can find 20 of them a year, that should make a dent. If 20 a year were sent to jail for six months, the spam industry would probably start to shrink rapidly. This thing is winnable.
Since a few people are posting about anti-spam methods, I thought I'd go over my idea to counter spam. Currently I am not actually using this procedure, I have just been pondering it for awhile.
/dev/null. Ahh, a life of no spam!
First off, the core of this system relies on whitelist-confirmation. This means that first time senders are given an auto-response email which must be "confirmed" in order for their message to deliver. Once they have done this, they are whitelisted, and all email from them passes through. TMDA is what I use for this job. I leave my email address "unarmored", because no spam can get through. When I check my mail in KMail, there is no spam.
However, all is not perfect. After many many months of using TMDA, I still find myself sifting through the "pending" folder on my mail server, which keeps hold of all the mails from unconfirmed senders. I generally do this every couple of weeks, and there are often at least one or two legitimate emails that were never confirmed. There are many possible reasons: 1) they thought the confirmation request was spam, so they deleted it (either manually or through an anti-spam filter). 2) they don't like the idea of having to do a stupid confirm (although no one has actually brought this up to me yet). 3) Maybe they use a reply-to or something weird that trips up TMDA (perhaps fixable or not..)
Anyway, the point is that legit emails aren't 100% getting through. The next consideration then, is to use a word-filter (and who knows, maybe TMDA does this too), to see if legit mails can be detected by their content. Maybe this could be done using a bayesian (sp?) filter, as recently discussed here, or perhaps SpamAssassin. Emails detected as legit would be delivered directly, and the sender would be auto-whitelisted. Ambiguous emails would go through the usual whitelist-confirmation procedure. This way, the word-filter never actually throws email away. It gives the sender a second chance, by sending it through the whitelist system.
This, I think, would solve the problem completely for me, as all of the legit mails that wind up unconfirmed would very much pass the legitimacy test (they mention a software project of mine, or something else very obvious). If this were in place, I could send my pending bin to
'Mail' in OS X has a built-in junk mail filter mechanism that learns first, then goes on automatic. Might want to consider it next time you're thinking of changing to a new OS :)
I have yet to see someone suggest a good approach to spam. I don't want to filter it, I want to block it. I want 100% accuracy too because the one odd ball that accidently gets blocked could be a big job for my company. Cause.org doesn't even list a suggested solution.
So far to combat it, I've removed email addresses from all my sites and replaced them with a contact form and when I do absolutely have to show an email I obfuscate it pretty well using a combination of character encoding and javascript's document.write. (Browsers still work fine.)
I also have a catchall so anytime I order something or fill out any other online form I use "the domain I'm browsing"@mydomain.com, that way if they give it out I can tell.
The thing that sucks is that the innocent average internet user doesn't realize that if THEY give my address out, companies will collect and sell MY information, thus I was opted in to their list without my knowledge or consent.
That stupid crushlink site and the smiley t-shirt were the worst. I quickly blocked them at my server in hopes that they would think I didn't exist.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
at work we block *msn.com *aol.com *.kr *.ru and several others basically blocking large sections of the planet... not only from the recieving address but also the server trying to relay to us.
we have no need to contact anyone in these sections of the planet, and we made the decision that no clients that use msn or aol need to email us. (yahoo and other are also on the list..)
Granted we are a business to business company.. we dont want to talk to consumers or anyone really outside of our state. It works great and cut down on spam dramatically as well as employees abusing the email for personal uses..
it's our servers, we can block *.* if we want to.
Do not look at laser with remaining good eye.
be good in a flamewar?
In the free world the media isn't government run; the government is media run.
I hate submitting complaints and never hearing back. I wish ISPs would let me know the status of my copmlaints against spammers.
Every major ISP has an abuse@ address and besides the auto-generated message, you'll never hear a peep about why the spammers are still up and running.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
Last time I bothered checking my spam-bucket, every single item of spam was from some scummy US outfit - at least the ones that had a real snail-mail address, or phone number.
Pity there's not enough bribesH^H^H^H^H^H^funds from concerned organisations to the governments to bring about some effort on the part of the authorities to track and fine/imprison the scumbags responsible.
If the spammers were sending out email with MP3 attachments of Britney's latest "hit", you can bet they'd be caught, sentenced and jailed within a week...
Code, Hardware, stuff like that.
Regards,
joe
P.S. Add your friends to the list also! You don't want them missing out too, do you?
I also have a catchall so anytime I order something or fill out any other online form I use "the domain I'm browsing"@mydomain.com, that way if they give it out I can tell.
I like to use the form me@"the domain I'm browsing".mydomain.com. That way if the address ever gets too inundated with spam, I can delete the DNS record for it and not even have to see the postmaster notifies for it. It also wastes a minumum of my bandwidth (1 DNS NACK packet vs. an entire SMTP conversation).
To include "ADV" in the e-mali headings.
In Korean, it translates into ±í, which you can just filter for. From the bottom of the article, the subject lines #40, 51, 34 all have those.
Too bad US doesn't have similar laws
In Soviet Russia, articles before post read *you*!
I am not the original poster, but I'd like to respond to your rant.
At one time I worked as a DBA at a small company where I also got to administer the email system. (Don't ask.)
Our customer service addresses would be bombarded with nearly 5,000 spams a day from various sources. In general, US, European, and Australian ISPs did an excellent job in shutting down spam sites. This stemmed the flow to about 2,500 spams per day.
Of these roughly 2/3 orginated from Korean, Chinese or Romanian servers, whose admins never on any occasion took any action against the spammers.
So I spoke to the network people and computer systems director and decided to filter most of the subnets where the spam originated from (probaly about 7,000 address ranges).
It was a decision I was relectant to make, but it needed to be done. Our company provided services to customers in the US, Canada, Mexico and Chile. We weren't going to lose any asian business.
Until the ISPs in these nations decide to be good net citizens, the rest of the internet community should blacklist them.
Conformity is the jailer of freedom and enemy of growth. -JFK
A lof of spammers *do* use these HTML mail tricks. However, a lot of plain users send HTML mail, often without knowing it, because Microsoft mail programs send HTML by default. So if you want to read HTML mail safely, do this: block your network connection while opening it. You can unplug the cable, take the mail program "offline", hit the "stop" button on ZoneAlarm, whatever. This won't cause problems with legit HTML mail, because the HTML is usually just for fonts and stuff. But it keeps the spam messages from "phoning home" successfully to get their graphics.
While there are problems with SPEWS, spamassasin (which I also use) is locking the door after the cows got out. Spews (and other IP based blacklist) is about preventing spam from even getting to your server.
By sending spammers a "500" level error, some will actually remove you from their list. By accepting the mail (spamassasin) you basically confirm that the mail address is deliverable.
I don't personally use any spews like service, jut my own private blacklist which helps reduce the amount of crap that spamassasin has to go through.
I have found spamassasin to only be about 90% effective. If I crank up the settings, I start getting false positives on a regular basis.
...even if you've naively left your e-mail address listed as the owner contact for your domain for years like I did. A three-pronged approach:
;-) manages to sneak through.
1) IP-level blackholing of certain large subnets, as I like many others virtually never get any legitimate email from China or Korea, and many of the craftiest fake headers ride on brand new Chinese and Korean open relays. In case of emergency, people there can always use Yahoo or the likes - and I suspect many Chinese and Koreans who communicate with people abroad are already used to doing just that, as blackholing is becoming more and more widespread.
2) RBL's. I personally use bl.spamcop.net and relays.osirusoft.com. These catch 99.2% of "quasi-legitimate" spam, and about 65% of the open-relay spam not caught above.
3) Heuristic tagging via Spam Assassin/procmail/filters/etc as a last line of defense. I personally use a filter file that I edit pretty much every time a POS (piece of spam
This is obviously more aggressive than many people can afford to be, but it's a viable solution for someone with a low signal-to-noise ratio and a high irritability ratio.
The philosophy of SPEWS is that if an ISP is willing to tolerate spammers, then it's probably best if that ISP is punished, and not just the spammers. If an ISP's 'legit' customers suffer the ill effects of a blacklist, then they should petition their ISP to get rid of their spammers. If that doesn't work, they should move, and deprive the ISP of any legit customers. I don't have a problem with that. The CEOs of ISPs that openly tolerate spam (Qwest) should be shot, but until that is legal, there is SPEWS. An ISP harboring criminals deserves to go under.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
If SPEWS is blacklisting your ISP, it is because your ISP is tolerating the presence of spammers. Do you want to trust your connectivity to a company that openly tolerates criminal activity?
STOP MISUSING APOSTROPHES, YOU MORONS!!!
A few months ago my spam level reached the point that made me do something about it. After looking carefully at all the headers, I concluded that about 80% of the junk (mostly from Asia) came from IP addresses with no reverse DNS database entry. (The IP did not resolve back into a hostname.) Just about all reputable mail exchangers have a reverse DNS entry. (The ones who don't are run by the clueless.)
/etc/hosts.deny /etc/hosts.allow file with "sendmail: KNOWN". (Make sure "sendmail" equates to 25 in your /etc/services file.)
/etc/hosts.allow file. (e.g. "sendmail:66.187.232." will allow mail from RedHat.)
I decided to use this to my advantage. You can too.
If your sendmail daemon uses the tcpwrappers library, you can create a
file with "sendmail: ALL" and a
Doing the above will cause your mail exchanger to refuse incoming mail connections from any host with an unresolvable IP address. It will cut up to 80% of your spam.
For the clueless ISPs, you can add exceptions to your
I wish more people would do this.
I did some math on my spam before and after. Now the average promised penis enlargement is 326% instead of the usual 509%
Table-ized A.I.
Yes, as long as the e-mail address you post is @127.0.0.1
utter rubbish
If your ISP is selling you services, and then acting in a way that causes the services to be less valuable, then that is their fault. ISPs know about SPEWS and they know the potential consequences of tolerating spammers. If they host spammers and their IP blocks get blacklisted, then any IP block that they sell to you is damaged goods. Again, your dispute is with your ISP, and I'd consider consulting a lawyer regarding your ISP's breach of contract.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
I've had an email address for about a year that was not once used for any reason at all. Never received, never sent. One day, I sent an email to a relative who had just got their email account and was excited to be on the web.
..."
A month later, I got forwarded one of those "send this to x people and Bill Gates will send you $3,014 for each 3rd person... no really, it's true, just the other day I recevied my $10 million dollar check from
I replied and told her never to do that again or she will be blocked and I'll never email her. I explained to her why she shouldn't do that. It's because someone somewhere along the line will get the 30 times forwarded message and will glean the 100's of emails that are a part of the message body from all the forwards and put you on a list.
Now, everyday I get 1 or 2 Univerity Diplomas emails, they just don't stop sending them, Every day Janna wants to know what I was doing last night, King Kong keeps wanting me to buy some Herbal Viagra alternatives, FBI snooper detection prevention software, and a chance to win a free 3 carot dimand after I send $2,000 to sponser some foundation... yeah... uh huh...
I'll tell you, those funnies you send and recieve everyday is a really good way.
The other way is to reply to a spam to be removed from a mailing list. In the same mail account, I replied to a few to be removed from the list and shortly after the volume of messages recived almost doubled. Now it's a useless email account that receives over 600 emails per week. It's sad because I've only sent and recieved less than 10 legitimate messages from that account in the past 5 years and this is what I get in return for it.
Bottom line:
* Warn your friends and family not to send
you forwarded email. Explain to them
that most of those messages are hoaxes,
anyway. Companies don't pay to you to blast
the Internet with messages.
* Second, don't reply to spams when you do
receive them or it will just confirm an
active account. I used to spoof returned
mail notices but those don't help any,
they also make it worse.
* Third, if you do recieve a mass-forward,
you're already at odds.
* Each time you sign up to a new web-site, read
the privacy statement. Usually, you're info
will be shared with a partner. Check that
partners privacy, because usually that partner
will share your info with a partner and so on.
Your email address is usually not kept secret
anymore. They make too much money by selling
to people. If they are European based, then
it might be more secure because of privacy
laws.
* Opt-out of those "important updates from the
company and their partners". This will just
generate more unwanted messages than you'll
care about. I've opted-in to some in the past
that were supposed to be monthy tech news
updates on important issues. Well, one day it
became daily. They changed their policy with
out notifying me.
* Most sites reserve the right to change their
privacy policies at-will and with no obligation
to notify you. They expect you to keep up
on this yourself. The best advice is to do
so. I've cancelled membership to some sites
because of this. My data is not theirs to
profit from while I profit nothing from it.
* Obvious names, such as "kitty@domain.com,
bmwlover@domain.com, studmuff@domain.com, etc"
are likely culprits. Sometimes they perform
dictionary based attacks on many domains and
it may just be your lucky number. What's
worse, is that they CC so all emails are there
and other spammers gather those emails and then
you are placed on another list.
* Anything else not mentioned. Keep in mind,
these are only spam "reduction" techniques. I
think it's very difficult and next to
impossible to not be spammed. Being aware of
certain actions that will trigger a result and
preventing those actions, will help greatly.
* If they leave a return address, sometimes you
can complain and have their account revoked.
This won't stop them, they'll open another
account and continue.
* Push for a law that allows the sponsor of the
spam to be sued for damages and inconveniences
rather than the sender. For example, I've
recived over 200 unvirsity diplomas messages
which all have the same phone number, but each
message is from a different sender. If we can
sue the owner of the phone number, than that
would go a great distance because it would
make people afraid to market in that mannor.
Well, hope this helps,
Leabre
DeaR reCipieNT,
;)). You ARe PRevEnTIng Us froM UsinG You As a StatiStIC. We HOPe YoU wiLL dO the riGhT ThinG.
yOu haVE beeN GiVEN manY OppURtunItiES tO puRchASE proDuct X viA thE MILlioNS of emAilS YOu reCieVE eAch wEEk. You HAVe refuSED. We NOw HavE YoUR EmaiLS RansOM. If YOu FAil to puRChasE braND X by SundOWn FridAY usINg InterNET eXplorER 5.01 or HigHER WitH WindOWs 2000 SeCURity SETtings MimIMUm... You'LL neVeR SeE youR EmailS agAiN
So do you add another DNS record for every site you visit?
Seems like a big hassle on the management end.
The man who trades freedom for security does not deserve nor will he ever receive either. - Benjamin Franklin
---- "If we have to go on with these damned quantum jumps, then I'm sorry that I ever got involved" - Erwin Schrodinger
If you run SpamAssassin after the MTA, sure, the cows are out. Better to run SpamAssassin integrated with your MTA if possible, which can be done with Exim, Sendmail, and possibly others. Doing spam checks at the MTA level also lets you look at the mail envelope data and similar that SA cannot check on.
Granted, you tend to have to run your own mail server to do this, but hey...
Is there ANY reason to accept emails from asia in the first place? I don't know about you, but I don't know anyone in China, or Nigeria for that matter. I've got no qualms about dropping every single email that originates from outside the U.S.
That solution would work just fine for me, but what about people who actually do need to hear from others in 3rd world countries?
A possible solution to this problem that I've often considered is an access control list. Basically you would have two email boxes, an inner one, and an outer one. Everything would show up in your outer box and those emails coming from a known good source would be transferred to your inner box. This way an email from your mom would be passed through because her email address would be in your approved list, but an email from somewhere else would not be unless you added that person's email address to your list.
Most of us aren't getting a ton of legitimate emails from strangers. We use our emails to communicate with people we already know. This is why the access control list method would work. Combine this with a web filter that deletes porn spam, scam spam, and other obvious BS, and even our outer box would be relatively empty.
One thing that occurs to me is why haven't we heard to people launching DDOS attacks on spammers? Crackers are scum, but if they were to hose up a spammer or two I for one would not complain. Why attack amazon or yahoo when you can attack some jackass overseas and actually do the public a service?
Lee
Muslim community leaders warn of backlash from tomorrow morning's terrorist attack.
SPEWS blocks my IP, which is a cable modem dynamic IP. I have no idea if it's because my ISP doesn't crack down on spammers or what, but considering that it is (literally) my only choice for broadband, it's fairly annoying.
When you say "you feel dirty" how do you think you compare to those poor schmucks whose job was to incincerate all the bodies during the holocaust? Are their actions excusable because the alternative would have been death? Or are you less evil because your crime, though of your own volition, is comparatively so less heinous?
I used to work for the military, by the way. These days I hope I'm doing better work in the healthcare field. I am pretty sure that I have directly contributed to the death of at least one Iraqi radar technician.
People will do anything for money.
SPAM sucks, we can all agree. Truly SPAM tolerant ISPs need to be educated, we can all agree to that too. I don't think SPEWS is particularly good at doing that effectively or respectfully.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
I've seen SPEWS clumsiness in action. That isn't to say the ISPs involved could do their side of fighting SPAM a bit better. Nobody is perfect, my opinion based on observation of fact is that SPEWS is less perfect than I'm willing to tolerate as a solution for fighting spam.
perl -e 'print $i=pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'
Amusingly enough, my email address on yahoo gets incredible amounts of spam (about 100 a day last time I looked), and 90% of it is asian spam. This is despite their vaunted spam filter. Why? Simple... their spam filter lets anything through that it can't recognize as something to block... and it can't block non-US character set headers!
I've suggested to them several times that since it's obvious that my settings are to use the US-ASCII character set, they should block anything which has a character-set that doesn't match. Of course, I may as well suggest that a brick wall consider painting itself blue.
Considering that I'm connecting to the internet via an ISP in the US, would it be too much to ask that mail servers on this network reject messages where the FROM header is blank or contains characters outside the conventional norms for US ASCII? Put whatever you want in the body, but use a header that's decypherable at your destination!
ISPs know about SPEWS and they know the potential consequences of tolerating spammers. If they host spammers and their IP blocks get blacklisted, then any IP block that they sell to you is damaged goods.
I hate spam as much as anyone else here on slashdot. That said, I think you are really grasping at straws here. The SPEWS folks are doing more harm than good in their indiscriminate blocking. Hey - if they only blocked known dial subnets, that would be fine, but they don't do that - they block all known subnets registered to that ISP and there is no means to be removed from the list. I'm sorry, but that does not seem like an appropriate measure and I no longer use their list. It is wrong to assume that every ISP is a spamhaus.
Again, your dispute is with your ISP, and I'd consider consulting a lawyer regarding your ISP's breach of contract.
How does that make any sense? Due to the actions taken by some anonymous third party, I should sue my ISP for breach of contract? ISPs are just a conduit. I contracted for a pipe to the Internet, and my provider has given me that. I fail to see how they have breached that contract by giving me exactly what I paid for.
Please explain to me how a spurious lawsuit that is doomed to fail will fix anything?
*** Where are we going? And what's with this handbasket?
If you contracted a pipe that has been blocked by a great number of sources because of your ISP's tolerance of spammers, then you could make an argument that they knowingly have hampered your services through their inaction.
Your ISP sold you connectivity with a reasonable expectation of functionality. If half of the internet is blocking that connectivity and it can be demonstrated that the blocking is being done because of your ISP's tolerance of criminals, blame your ISP. Complain to them, tell them that you won't pay for service that is less than adequate as a result of their actions.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
If you contracted a pipe that has been blocked by a great number of sources because of your ISP's tolerance of spammers, then you could make an argument that they knowingly have hampered your services through their inaction
The pipe isn't blocked! There are a finite number of hosts that will not accept SMTP connections from certain subnets, but that's all. It is not as if the backbone routers blackhole all packets from that source or other ISPs will not exchange routes with that AS.
Your ISP sold you connectivity with a reasonable expectation of functionality. If half of the internet is blocking that connectivity and it can be demonstrated that the blocking is being done because of your ISP's tolerance of criminals, blame your ISP.
Give me a break! First off, sending spam is not a crime, although it should be, but I cannot imagine how it could be made so unless there were some trans-national body that could enforce such a law. Spammers are all liars and thieves, but no government seem to be able to make if a crime for them to steal my bandwidth. As for the rest of your rant, the number of mail servers who use any blackhole list (least of all SPEWS) is remarkably small and my original point still stands in that the ISP has not failed to provide what they were contracted to provide. Stop being a SPEWS apologist. If SPEWS would only put IP addresses in their list where SPAM originated from, or only had dial subnets in their list, it would be a good list. Instead, blackhole the entire ISP regardless of whether the ISP took any action to halt the Spammer's access - and the list admins won't remove an ISP from the list once it gets added. So spare me the sound and the fury and instead let us focus on a reasonable solution.
*** Where are we going? And what's with this handbasket?
If SPEWS only put spammer IPs in their list, then ISPs would have no incentive to get rid of spammers, and ISPs would (as they have been observed doing) simply move spammers from one IP to another to avoid the blocks. Sometimes when you get a blocked IP it is because it used to belong to a spammer, but the ISP moved the spammer because that IP was blocked. In that case, the ISP was definitely selling damaged goods, because the reputation of that IP address was already sullied.
In any case, SPEWS has two levels of listing. The one where innocent third parties would be hit is typically on level 2, which is not recommended for anyone who does not want hardcore filtering with known collateral damage. SPEWS's level 1 listing typically will block the spammers but not the innocent third parties. If you're getting rejected, it's probably from a place using level 2 filtering.
STOP MISUSING APOSTROPHES, YOU MORONS!!!
The other is peelhead. Peelhead goes through a mail spool file and finds the IP of the machine which transmitted email to your MX host. You need to prime it with the hostnames/IPs of your box and macnines which accept email for you (e.g. your ISP and their secondary MX hosts) I found it useful for doing bulk statistics on the sources of spam. One common use would be:
or:would give you a list of your top-20 spam sources
OS Software is like love: The best way to make it grow is to give it away.